New Tor Browser Bundles (updated for Linux again)

The Tor Browser Bundles have all been updated to the latest Firefox 11.0 as well as a number of bugfixes. Because of a very slow uplink, not all of the Mac OS X 64-bit bundles are available yet, but all of the 32-bit bundles are up, and the Farsi (sig) and English (sig) versions of the 64-bit bundles are also available.

https://www.torproject.org/download

Tor Browser Bundle (2.2.35-9), Linux only

  • Fix launch script to prevent Vidalia from running in debug mode all the time (closes: #5417)

Tor Browser Bundle (2.2.35-8)

  • Update Firefox to 11.0
  • Update OpenSSL to 1.0.0h
  • Update NoScript to 2.3.4
  • Update HTTPS Everywhere to 2.0.1
  • Always build to with warnings enabled (closes: #4470)
  • Disable HTTPS Everywhere SSL Observatory screen (closes: #5300)

Windows

  • Remove tor-resolve from the Windows bundle (closes: #5403)

Mac OS X

  • Give OS X users below 10.5 an incompatibility message (closes: #4356)
  • Linux

    • Don't attempt to load the default KDE 4 theme from Vidalia, because that fails when the Qt versions don't match (closes: #5214)
    Anonymous

    March 17, 2012

    Permalink

    I downloaded this bundle for GNU/Linux, and the check page still says I'm using an outdated version. I know I didn't start the wrong bundle, Help > About says Firefox 11.

    version 2.2.35-8 -----********** possible TROJAN ALERT ************__________-- MALWAREBYTES FLAGGED THIS DISTRO'S TOR.EXE AS A TROJAN VIRUS -- WHEN TOR.EXE (THIS SPECIFIC DISTRO FILE) IS RUN THROUGH AT VIRUSTOTAL DOT COMS SITE IT SHOWED NEGATIVE FOR ALL 43 SCANNERS EXCEPT FOR BYTEHERO WHICH IDENTIFIES THIS AS Trojan-Downloader.win32.Agent.bmzd

    SO 1 POSITIVE OF 43 AND POSITIVE AS TROJAN BY MALWAREBYTES

    THIS MAY BE SOMETHING THAT IS NEWLY IDENTIFIED OR

    THESE MAY BE FALSE POSITIVES....BUT THERE MAY BE A COMPROMISED DISTRO BEING SENT OUT -- FILES WERE TAKEN DIRECTLY FROM TORPROJECTS WEBSITE (I.E. HERE) -- 2ND DOWNLOAD DONE DAYS APART RESULTED IN THE SAME VIRUS SCAN RESULTS

    Anonymous

    March 18, 2012

    Permalink

    Two small issues:

    1. The 64 bit linux version generates a multimegabyte "vidalia-debug-log" file
    2. check.torproject.org reports "There is a security update available for the Tor Browser Bundle." with this bundle

    Anonymous

    March 18, 2012

    Permalink

    check.torproject.org doesn't notice the outdates tor-browser-2.2.35-8 browser bundle for windows.

    Anonymous

    March 18, 2012

    Permalink

    What QTlibs are required for the Linux version?

    I've run the Linux Tor Browser Bundle on gtk2 only boxes without Qt[libs] and while there are a few errors in the terminal, Vidalia displays fine and functions well, and Tor too.

    What's the deal with Qt? Is it really required?

    Anonymous

    March 18, 2012

    Permalink

    Yay for linking bug numbers to ticket URLs, it's much easier now to see details of what's fixed.

    Anonymous

    March 18, 2012

    Permalink

    In version 2.2.35-7.1, when we were disconnected from the Tor network, the green onion icon disappeared from the task bar and we didn't notice it immediately while surfing and it was hours after that did we only noticed it. Can the Tor team introduce some kind of alert when we are abruptly disconnected from the Tor network, for whatever reasons, so that our anonymity would not be compromised?

    Thanks.........

    Anonymous

    March 18, 2012

    Permalink

    Previous version of TBB/Linux (Seb's release) as of today would hit the Tor Check page and not notify of an update...

    Then...

    Updated TBB/Linux to 2.2.35-8 and the Tor Check page says there is a security update and directs me to the download page for TBB/WINDOWS with no other platforms listed.

    Windows?

    WTF is this?!

    Has someone mucked up something internally with this release?

    The torbutton changes the browser's user-agent header to that of Firefox on Windows, so the download page thinks that you are on Windows. Instead of downloading the update through Tor, perhaps use your direct connection? The download will almost certainly be faster. (Unless you could get in trouble for downloading and running Tor)

    The download page has a "view all downloads" link.

    Anonymous

    March 18, 2012

    Permalink

    This TBB/Linux version works, but at the end of the extraction of the files, it said this following the last file extracted (geoip):

    tar: short read

    verified the file w/ gpg prior to extraction, what is this message I've never seen before with TBB version extraction?

    Anonymous

    March 18, 2012

    Permalink

    So did you change the firefox logo again? Orange is a bad color, wish you replace with the previous one :(

    Is that any worse than the automatic bookmark backups and "browser.sessionstore.resume_from_crash" _enabled_ by default?

    (The latter saves the URLs for whatever windows and tabs you open, in order to be resume them in the event of a crash.)

    Anonymous

    March 18, 2012

    Permalink

    why every time i try to "save as" a file pop up the "load external content" alert? Is downloading files by tor bundle not safe?
    P.S. i use linux 32bit tor bundle with archlinux + kde

    Thanks for help and for your work.

    Downloading the files is safe, opening them may not be. For example, opening certain files (manually or automatically by preview generators) may trigger a request to the internet without going through Tor. Examples include media files embedding external content from internet, and of course executables.

    "why every time i try to "save as" a file pop up the "load external content" alert?"

    I wish the developers would include a preconfigured for Tor download manager, or some option in Vidalia to download with wget properly configured. It would make it much easier than right click saving and seeing this popup window instead of a download box. The popup says to download vs. loading content in browser but this popup comes up when you're often trying to do just that -- download content and not view it within FF! Please include a properly configured Tor enabled download manager addon or script! Thank you.

    Anonymous

    March 18, 2012

    Permalink

    Mac browser bundle won't open on OS 10.5.8 either. Click on "TorBrowser_en-US", the icon appears in the Dock, bounces once, and shuts down. I was running the TorBrowser just fine before. I saw a message saying there was a security update so I downloaded it and replaced my old TorBrowser. Now I have nothing. Why won't someone help us Mac people? (And don't say "get a PC" That's unhelpful and insulting.)

    Its still doing this, we all still require help, plz somebody

    Anonymous

    March 28, 2012

    In reply to by Anonymous (not verified)

    Permalink

    How can anyone know there is nothing unsafe in this file?

    WARNING TO ALL: Never download any Tor product from any unknown source.

    Anonymous

    March 18, 2012

    Permalink

    My country block all the tor servers and bridges,so i must use https proxy to link to the tor net.
    But https proxy bandwidth is small,it made tor very slowly.I think the tor better to use more than one proxy.

    In the config file,if i set tor like this:
    HTTPSProxy 1.1.1.1:8080
    HTTPSProxy 1.1.1.2:8080
    HTTPSProxy 1.1.1.3:8080
    HTTPSProxy 1.1.1.4:8080
    HTTPSProxy 1.1.1.5:8080

    Tor only link to the https proxy 1.1.1.5, and never use other proxy server,although other proxy server is ready.

    So i think if tor use more than one proxy server at the same time,tor can be faster.

    Thanks.

    Anonymous

    March 18, 2012

    Permalink

    Regarding the previous version 2.2.35-7.1 and the icon disappearing from the taskbar it seems that vidalia crashing was the cause. I have seen it happen before but looking at the connections in my firewall they were still going through tor.exe but this is still a little disconcerting, When this happened I would close tor.exe in the task manager than reconnect. Which leads me to another issue which is possibly a bigger problem or maybe not I don't know it happened with the previous version (2.2.35-7.1) last month (but never before all the time i used tor) I got a popup from my firewall saying tbb-firefox.exe is trying to receive a connection from the internet I cant remember on what port but I blocked it than closed tor. What is scary is users of Windows XP built in firewall does not even see what it is blocking, so they wont know if this does happen. I dont know if my ip was revealed or if someone was just trying to connect to a certain port that tbb-firefox happened to use. Thanks for any answers in advance

    Anonymous

    March 18, 2012

    Permalink

    Hi Tor project!

    Please update Obfsproxy Tor Browser Bundle to Firefox 11!

    Thanks.

    Anonymous

    March 19, 2012

    Permalink

    I am unable to download the latest TBB for OSX Intel using the link above. Every time I click on the download link on the download page I get the message "Not found on this server". I have tried several times with the same result. Any assistance would be appreciated. Thanks.

    Anonymous

    March 19, 2012

    Permalink

    Hi, Erin.
    Blogpost states "all 32bit versions are uploaded", however for more than 24 hours, clicking the link to download 32bit version for OSX doesn't work:

    ---

    Not Found

    The requested URL /dist/torbrowser/osx/TorBrowser-2.2.35-8-dev-osx-i386-en-US.zip was not found on this server.
    Apache Server at www.torproject.org Port 443

    ---

    So, what's the deal?

    Anonymous

    March 19, 2012

    Permalink

    "There is an EVIL bug"

    Thank you for the warning. I expected something like this to happen, given the last slip up with a mistake in FF versions. This, "error", if you wish to call it such, shouldn't have happened. Again, this is a lack of testing.

    I hope no one in Iran, China, or other freedom starved regions were screwed because of this.

    I hope a fix is released and quickly.

    These mistakes should be posted in the Tor announcements mailing list (no announcements at all since Dec/11 is pathetic) and on the blog.

    It would help Tor users even more if you were to actually create web forums for discussions (but I doubt you will, we've only been asking for this for years!) where you could sticky-pin these types of mistakes and communicate better with the broad range of users.

    A large number of people will never use a bug tracker, and/or never use mailing lists. They are simpler minded people or too busy, this is where web based discussion forums come in. Users should not have to scramble to unofficial .onion forums which are up one day and down the next and which may (and have in the past!) contain malicious posts/threads to target the user's browser and/or Tor itself.

    With errors like this, perhaps you should let Mickey Mouse sign the future Linux release bundles with his fictional GPG key. He couldn't do any worse.

    I've also noticed FF crashing more often since the last few releases.

    I guess it's time for us Linux bundle users to run W.I.N.E. and the Windows version of the bundle on Linux so we know we are not getting borked with some new fantastic bug or lack of oversight like this again.

    But will this post be approved for others to see, or swept under the rug like one previous post about a similar issue.

    Now I'm looking forward to the next release, not for use, but just to see what type of bug(s) it may contain. THANKS!

    Anonymous

    March 19, 2012

    Permalink

    Anyone wants to download 32bit OS X version? Download links in this blogpost and also on Tor Download Page are 404'ed. You can get your working copy here: https://www.torproject.org/dist/torbrowser/osx/TorBrowser-2.2.35-8-osx-…

    ---

    Boy, there is still that old problem with Vidalia not running under OS X 10.5.8, which persists since TBB 2.2.35-6 was released.
    If is Vidalia wrongly compiled, why not to compile it again, the same way as it used to be until TBB 2.2.35-5?

    Guys who are making node.js actually got to the same trouble (error message) before, and they eventually fixed it: https://github.com/joyent/node/issues/910

    1. <br />
    2. Compiling without libssl on leopard still gave me the same error. ("dyld ... 0x80000022, Trace/BPT trap" )</p>
    3. <p>Apparently it will compile, but not produce a working executable without setting some environment variables (found on <a href="http://canonical.org/~kragen/compiling-node-on-macos.html" rel="nofollow">http://canonical.org/~kragen/compiling-node-on-macos.html</a>) :</p>
    4. <p>ISYSROOT="-isysroot /Developer/SDKs/MacOSX10.5.sdk"<br />
    5. export LINKFLAGS=$ISYSROOT CXXFLAGS=$ISYSROOT CFLAGS=$ISYSROOT</p>
    6. <p>./configure --without-ssl<br />
    7. make<br />
    8. ...<br />
    9. compiling succeeded and i was able to successfully run node on mac osx 10.5.8<br />

    Thanks for checking it out, Erinn

    Anonymous

    March 20, 2012

    Permalink

    OS X 64-bit version is failing verification. I have re-downloaded a couple times.

    Anonymous

    March 20, 2012

    Permalink

    I downloaded tor-browser-2.2.35-8_en-US on Win7 32bit and Symantec Endpoint Protection deletes it. I did not have this problem with previous releases.
    Is there any security problem or this is just a false detection?

    Anonymous

    March 20, 2012

    Permalink

    I have used TBB for OSX for a wile now. All of the sudden it dosnt work anymore. I tried to download it again and when I do Vidallia just opens then closes. Did I change a setting can someone help me?

    Anonymous

    March 21, 2012

    Permalink

    Why there is no announcement on the blog, that a new version of tbb (tor-browser-gnu-linux-i686-2.2.35-9-dev-en-US) was released?

    Anonymous

    March 21, 2012

    Permalink

    Broken Mac OS X link? Just go to https://www.torproject.org/dist/torbrowser/osx/ and choose the download there (basically looks the same, except without the "dev" part in the link).
    Or don't, because it still doesn't run on 10.5 anyway.

    Can we at least have an old version for download, the last that still worked on 10.5? I believe it's 2.2.35-5?

    Anonymous

    March 22, 2012

    Permalink

    I tried to find information about this elsewhere but wasn't able to:
    I noticed that in the default preferences for Firefox in the TBB that the Do Not Track header is not checked. Should it be checked (or is it okay for me to check this option), or does that somehow hinder the anonymity or security of Tor?

    That option makes no difference since Tor already prevents tracking more efficiently. Checking it would reduce your anonymity set, since a header not usually sent by Tor users now would be sent from your browser.