Tor 0.2.1.20 Released

Tor 0.2.1.20 fixes a crash bug when you're accessing many hidden services
at once, prepares for more performance improvements, and fixes a bunch
of smaller bugs.

The Windows and OS X bundles also include a more recent Vidalia, and
switch from Privoxy to Polipo.

The OS X installers are now drag and drop. It's best to un-install
Tor/Vidalia and then install this new bundle, rather than upgrade. If
you want to upgrade, you'll need to update the paths for Tor and Polipo
in the Vidalia Settings window.

https://www.torproject.org/easy-download

Changes in version 0.2.1.20 - 2009-10-15
o Major bugfixes:

- Send circuit or stream sendme cells when our window has decreased
by 100 cells, not when it has decreased by 101 cells. Bug uncovered
by Karsten when testing the "reduce circuit window" performance
patch. Bugfix on the 54th commit on Tor -- from July 2002,
before the release of Tor 0.0.0. This is the new winner of the
oldest-bug prize.
- Fix a remotely triggerable memory leak when a consensus document
contains more than one signature from the same voter. Bugfix on
0.2.0.3-alpha.
- Avoid segfault in rare cases when finishing an introduction circuit
as a client and finding out that we don't have an introduction key
for it. Fixes bug 1073. Reported by Aaron Swartz.

o Major features:

- Tor now reads the "circwindow" parameter out of the consensus,
and uses that value for its circuit package window rather than the
default of 1000 cells. Begins the implementation of proposal 168.

o New directory authorities:

- Set up urras (run by Jacob Appelbaum) as the seventh v3 directory
authority.
- Move moria1 and tonga to alternate IP addresses.

o Minor bugfixes:

- Fix a signed/unsigned compile warning in 0.2.1.19.
- Fix possible segmentation fault on directory authorities. Bugfix on
0.2.1.14-rc.
- Fix an extremely rare infinite recursion bug that could occur if
we tried to log a message after shutting down the log subsystem.
Found by Matt Edman. Bugfix on 0.2.0.16-alpha.
- Fix an obscure bug where hidden services on 64-bit big-endian
systems might mis-read the timestamp in v3 introduce cells, and
refuse to connect back to the client. Discovered by "rotor".
Bugfix on 0.2.1.6-alpha.
- We were triggering a CLOCK_SKEW controller status event whenever
we connect via the v2 connection protocol to any relay that has
a wrong clock. Instead, we should only inform the controller when
it's a trusted authority that claims our clock is wrong. Bugfix
on 0.2.0.20-rc; starts to fix bug 1074. Reported by SwissTorExit.
- We were telling the controller about CHECKING_REACHABILITY and
REACHABILITY_FAILED status events whenever we launch a testing
circuit or notice that one has failed. Instead, only tell the
controller when we want to inform the user of overall success or
overall failure. Bugfix on 0.1.2.6-alpha. Fixes bug 1075. Reported
by SwissTorExit.
- Don't warn when we're using a circuit that ends with a node
excluded in ExcludeExitNodes, but the circuit is not used to access
the outside world. This should help fix bug 1090. Bugfix on
0.2.1.6-alpha.
- Work around a small memory leak in some versions of OpenSSL that
stopped the memory used by the hostname TLS extension from being
freed.

o Minor features:

- Add a "getinfo status/accepted-server-descriptor" controller
command, which is the recommended way for controllers to learn
whether our server descriptor has been successfully received by at
least on directory authority. Un-recommend good-server-descriptor
getinfo and status events until we have a better design for them.

i

November 13, 2009

Permalink

Hello guys,

I am really happy that Tor 0.2.1.20 are released as stable, now it will interesting to see the new performance of the network since the new "circuit windows" are implemented :)

I recommend to everyone to upgrade your client ...

Well done Torproject :P

Best Regards

SwissTorExit

i

November 13, 2009

Permalink

FAIL. Polipo does not allow downloads of files bigger than 30 megabytes. Back to the drawing board.

i

November 13, 2009

Permalink

I liked Privoxy. The log window was helpful.

Your captcha here is ridiculous...

yeah, the captcha is ridiculous, my bot can't parse it to spam the blog so I can get paid and not eat three week old rice. please drop the captcha

i

November 13, 2009

Permalink

Yeah Privoxy rocks!! Simple conf, for better anonymity:
{ \
+change-x-forwarded-for{block} \
+client-header-filter{hide-tor-exit-notation} \
+crunch-if-none-match \
+hide-if-modified-since{-60} \
+hide-from-header{block} \
+hide-referrer{conditional-block} \
+hide-user-agent{Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5} \
+limit-connect{1-} \
+overwrite-last-modified{randomize} \
+set-image-blocker{pattern} \
}
/

i

November 13, 2009

Permalink

I had to uninstall polwhatever and go back to privoxy from the previous package. I wasted an hour on it. Changing two ports in it configuration renders it a dead duck. It listens on them but doesn't forward to tor. Maybe the ports are hardcoded in the binary? I disabled firewall, ran Wireshark, nothing going on.

i

November 14, 2009

Permalink

hello,

About polipo, i have the same problem, if i load a few pages in same time, it hang on or really slow..

From privoxy 3.0.13 , i never have performance problem, no more timeout or like early, no more message thatŝ it can't open a page.
I don't see any advantage with polipo actually. Anyway all must free to use what there like :)

Actually i don't like the idea of polipo as preferred proxy for Tor since privoxy are more quick and don't do problem..

It will interesting to really compare both product but only from recent version and see if polipo are really better. All my tests put privoxy up the list ;)

Best regards

i

November 14, 2009

Permalink

The reason why Privoxy was used wasn't anonymity?
Developers please give a statetment why it is save not to use Privoxy any more.
(Or add Privoxy back again)

If it's just performance what you want, simply don't use Tor! ;-)

privoxy and polipo have nothing to do with anonymity, merely work arounds to broken firefox socks layer,http://archives.seul.org/or/talk/Aug-2009/msg00188.html

Andrew has stated at least THREE TIMES that if firefox socks wasn't broken, tor wouldn't ship polipo or privoxy. firefox memory cache works just fine, including polipo and privoxy are KLUDGES to FIREFOX'S CRAPPY CODE.

maybe chrome is better, or maybe chrome is laden with google spyware

Good to see that open source is just like closed source. Bugs as old as time are left in with nobody to fix them. lol... Although, I guess those with some programming skillz should send in a patch because Mozilla sure as hell ain't gonna fix it.

Some people have submitted patches over the years. Mozilla hasn't included them or accepted the patches for various reasons. If we start to compile our own firefox, then we'll include the socks layer patches. However, maintaining our own version of firefox isn't a task we can take on right now.

Well, that blows. Somebody is fixing your buggy software for free and they reject the offer? Unless the code sucks, I see no reason why they would do this. Better yet, if they don't like the submitted fixes, why don't they just fix it themselves? Sends a bad message that they don't care about security. Well, I kinda figure that since they allowed some addons to install without user intervention...

i

November 14, 2009

Permalink

How about an option to do away with the "basic" tab in the new Vidalia?

I'm getting multiple time errors such as this.

"Your Computer's Clock is Potentially Incorrect - Tor has determined that your computer's clock may be set to 1865 seconds in the past compared to the source "DIRSERV:81.169.183.122:9001".

I update with pool.ntp.org so I think it's DIRSERV that has the problem, not me.

i

November 15, 2009

Permalink

Whatever you have done to TOR you have broken it. I installed the new version with Polipo and let it run for several hours and it never connected to TOR. I replaced the cache files with the ones from my old installation and it finally connected. But I could not reach any hidden services other than the core.onion. Half the time it could not find an exit node. I uninstalled and reinstalled the older version with Privoxy and it connected with no problem

Ever since the release, even the older version of TOR has problems finding hidden services, and exit nodes. Plus it is slow to the point of useless now. My guess is that it's because you moved the directory/rendezvous servers, but I'm not a programmer so that's just a guess.

I realize that it's free, but some of us have come to depend on it, and now are in a bind because it doesn't work any more.

I've used TOR for many years now, and for the first time I'm very disappointed in it.

i

November 15, 2009

In reply to by Strider (not verified)

Permalink

perhaps you missed "It's best to un-install
Tor/Vidalia and then install this new bundle, rather than upgrade. If
you want to upgrade, you'll need to update the paths for Tor and Polipo
in the Vidalia Settings window."

We make Tor. I don't know what is TOR. Our testing of the network from various clients shows Tor is getting faster with each release of 0.2.1.x and 0.2.2.x-alpha. Perhaps you had a poor circuit.

And for the record, I do 99.9% of my internet access through Tor, so I get to experience anything going wrong firsthand.

If you disable the proxy, and simply went through browser to Tor directly, do you still have the same problems?

i

December 13, 2009

In reply to by Strider (not verified)

Permalink

I have the exact same issue. I've tried it on 2 Mac computers, one running 10.4 and one 10.5. I drop the package in after doing a full uninstall (even deleted .tor from my home folder), and I get absolutely nothing going on.

Also, the Tor Firefox plugin doesn't seem to know about polipo's new port, which I guess has changed to 8123?

i

November 15, 2009

Permalink

The issue where our computers time may be off is shown to be known with the program's auto announcement of it. I have never found my computer's time to be off so what does the problem tell the layman to do?

What do I do and when does the announced possible tor will not work happen?

Thanks for what you do.

If your computer's time is correct, it's possible one of the relays has incorrect time and is causing the error to show up. If you know your time is correct, ignore the warning.

Please define better.

privoxy and polipo serve two different purposes. As someone else commented, if firefox socks layer worked correctly, we wouldn't need a proxy at all.

i

November 20, 2009

Permalink

I've installed 0.2.1.20 cleanly on a brand new laptop.
What bothers me is kind of strange behavior which I never experienced with the earlier versions.
All the routs start with only 2 nodes. When you changed route, the nodes stayed the same.
If I excluded these nodes and re-started Tor, the same picture could be observed with other two: routes changed but the entry guards are stay the same.
Somehow, if I wiped out Tor cache (C:\Documents and Settings\%username%\Application Data\Tor\ or C:\Users\%username%\AppData\Roaming\Tor\), it's reinitialized normally.
What is it? Why 0.2.1.20 works such differently than previous version?

i

November 20, 2009

Permalink

I thought the new Tor bundle was broken since I could no longer connect after installing it. It turned out that the problem were the bridges. I had to many bridges (7 out of 10 total) that were unreachable. After I removed the unreachable bridges, Tor worked again.
So, before you add a bridge, better do a ping before.

i

November 24, 2009

Permalink

Hello,

I installed the latest stable Vidalia bundle on mac os 10.6.2,
Tor starts but Torbutton's test fails.

polipo is listening on port 8123, so i did replace 8118 by 8123 in Torbutton prefs, to no avail. Does it ring a bell ?

Same... uninstalled the old version, verified that no files existed from the old version, installed new version clean. Torbutton test fails, torproject test page says I'm not using TOR, cannot reach any hidden services. whatsmyipaddress.com shows that my ip address is changing, so it appears that traffic is going through the TOR network.

Phobos, is this a known issue? Is this a config option that we need to change? Is it just me? Come on you guys, help us!

i

November 26, 2009

In reply to by Anonymous (not verified)

Permalink

(I'm the OP)

This reply covered my problem:

I had leftovers from a previous version. Maybe it's important not to forget to remove ~/.tor and ~/.vidalia

Ugh, I'm having the same problems. I've removed those directories, the .app, and even did a find / -name '*Tor*' and find / -name 'tor*' (plus the same for privoxy) to get rid of the cruft. The drop-in application bundle still isn't working for me at all.

i

November 27, 2009

Permalink

This might not be the place for this, but I can't exclude nodes with ExcludeNodes or ExcludeExitNodes in torrc. My tor just won't do what it's told.
This comes up in the vidalia message log:

[Warning] Requested exit node x is in ExcludeNodes or ExcludeExitNodes.. Using anyway.

I think I've seen other ppl with this problem too. Do you know what causes this and are you doing something about it?

That is certainly not an exclusive 0.2.1.20 issue. I remain on 0.2.1.19 for now and experience this using ExcludeExitNodes. I believe it to go back much further (forever maybe). I suspect that there is logic that Tor will only honor this request if enough nodes exists outside the excluded zones for it to carry on its normal business. Having said that, it +appears+ to me that the result is some prioritization, i.e., fewer nodes in the excluded zones utilized than without the argument, but that could be wishful thinking. If nothing else, it gives me an easy to read list in the message log showing me which nodes that I have tried to exclude are used, and that could ultimately have some value.

i

November 28, 2009

Permalink

I had downloaded and installed Tor Windows bundles before but the bundles always ran slower than Tor and Privoxy unbundled ( on my computer ). I uninstalled Tor ver.19 and downloaded and installed ver.20 but kept my Privoxy ver.12. No problems with Tor ver.20 with Privoxy ver.12, actually seems to run slightly faster than Tor ver.19. Privoxy hasn't had a new stable version since ver.12. Versions .13,.14 and .15 have all been betas. I have no complaints with Privoxy, but makes me wonder why so many betas and no new stable version? I run Tor on Win XP Pro. sp 3, using Firefox 3.5.5 and K-Meleon 1.5.3.

I downloaded TOR, the bundled version with Polipo, which I then uninstalled Polipo and installed Privoxy v 3.0.15. on Windows Server 2008 Enterprise edition. TOR starts and is successful creating a circuit. Firefox 3.5 page shows TOR as enabled, but when I check my TOR configuration at www.check.torproject.org, it reads: " You Are Not Using TOR". When I test the settings in the options of the TOR button I get " Local HTTP Proxy is unreachable. Is Polipo running properly? " I have Privoxy specified to start when TOR starts with the application directory path in the Vidalia interface settings. I've tried everything that I won't attempt to publish here and still no luck. What am I missing here?
Any feedback is greatly appreciated!

Here are the ingredients : Privoxy v3.0.15, TOR 0.2.1.21 and FireFox 3.5.6 being configured on Windows. Has anyone tried this recipe and if so, what addtl' spices are required to make this cook?
Are these ingredients any good or do I need to go back to the supermarket.

i

November 29, 2009

Permalink

Can someone from the development team explain in technical terms why the proxy server (Privoxy or anyother) is/was needed to be used with tor? I remember it had something to do with the DNS request leaks, correct? Is it still a problem? If other than Firefox browser is used, let's say Opera, is it still necessary to use proxy server (Privoxy, Polipo, etc.) to maintain true anonymity? Sorry, I could not find the definitive answer in the documentation.

An http proxy is not needed between a web browser and Tor for functionality. It's there to work around bugs in the Firefox SOCKS layer. In modern firefox 3.0 and newer, there is an option called "network.proxy.socks_remote_dns" that is set by torbutton. This forces dns lookups over the configured socks proxy server, which with torbutton, is Tor.

Other apps may leak dns requests, these can be captured by setting a DNSPort or iptables tricks, or using a proxy between the app and tor.

Polipo and Privoxy can be used to work around the hardcoded timeouts in the firefox socks layers. If you don't use firefox, then feel free to configure your browser to talk directly to tor as a socks 5 proxy. Just test to see if the browser leaks dns requests.

i

November 30, 2009

Permalink

Is the socks layer problem particular to only Firefox? Or is it a problem with any browser that uses the Gecko Runtime Engine ( Seamonkey, K-Meleon, Flock, Camino, Lunascape, etc. )?