Tor is released

by nickm | December 11, 2015

Here comes another stable release!

Tor version fixes a major bug in entry guard selection, as well as a minor bug in hidden service reliability. (For more information on the guard bug, see Roger's preliminary analysis.
You can download the source from the usual place on the website. Packages should be up within a few days.

Changes in version - 2015-12-10

  • Major bugfixes (guard selection):
    • Actually look at the Guard flag when selecting a new directory guard. When we implemented the directory guard design, we accidentally started treating all relays as if they have the Guard flag during guard selection, leading to weaker anonymity and worse performance. Fixes bug 17772; bugfix on Discovered by Mohsen Imani.
  • Minor features (geoip):
    • Update geoip and geoip6 to the December 1 2015 Maxmind GeoLite2 Country database.
  • Minor bugfixes (compilation):
    • When checking for net/pfvar.h, include netinet/in.h if possible. This fixes transparent proxy detection on OpenBSD. Fixes bug 17551; bugfix on Patch from "rubiate".
    • Fix a compilation warning with Clang 3.6: Do not check the presence of an address which can never be NULL. Fixes bug 17781.
  • Minor bugfixes (correctness):
    • When displaying an IPv6 exit policy, include the mask bits correctly even when the number is greater than 31. Fixes bug 16056; bugfix on Patch from "gturner".
    • The wrong list was used when looking up expired intro points in a rend service object, causing what we think could be reachability issues for hidden services, and triggering a BUG log. Fixes bug 16702; bugfix on
    • Fix undefined behavior in the tor_cert_checksig function. Fixes bug 17722; bugfix on


Please note that the comment area below has been archived.

December 11, 2015




BUPT former president Bin-Xing Fang et al., Published "anonymous communication systems unobservability measure" in the "Computer Research and Development" (PDF), reported that they can observe traffic patterns Tor confuse widget will identify it. In order to avoid deep packet inspection, the researchers developed a protocol obfuscation tool, Tor anonymity network developed transport layer protocols confuse plug-ins include obfsprox (obfsproxy3 and obfsproxy4), meek and fte like. Researchers from Tor official website to download software, transport traffic soon after some research found that confusion Tor plugin vulnerable time analysis attacks. They found that, meek, bridges and HTTPS traffic packets inside the interval basically the same, but the meek packets in 0.5 seconds, has a near significant jitter, because the meek client in order to maintain a long connection with the cloud platform automatically when they are free to send a heartbeat packet, heartbeat packets are randomly between 0.1 seconds to 5 seconds to select a value. They also observed the other two data modes: bridge mode packet size are concentrated in the vicinity of 600B, reasons and Tor packet design related; under meek mode client-service packet size at around 200B, server to client end around 400B.

Please tor developers and other interested parties Bin Xing rogue plug-flow characteristics of the confusion of research !!

translated by https google translate

December 11, 2015


The research paper referred to by the OP's post above in Mandarin Chinese has been referenced by an earlier post here:

The official name of the research paper in English is "Towards measuring unobservability in anonymous communication systems", Journal of Computer Research and Development, 2015, 52(10): 2373-2381.

The PDF version can be downloaded from: The file size is about 6861 KB.

Thanks, we have seen that paper. It doesn't mean that the censors in China have the capability to do the kind of traffic analysis they describe (yet), but it's something for us to keep in mind for the future. obfs4 and ScrambleSuit in fact are already capable of obfuscating their traffic patterns, but the capability hasn't been turned on yet because it hasn't been needed.

Another recent paper along these lines is "Seeing through Network-Protocol Obfuscation". They built detectors for various pluggable transports, but what I like the most about it is they paid attention to false positives.

December 12, 2015


Meanwhile for 90% of Tor users (windows) we are stuck at tor-win32-

Let's hope Shari Steele's first job is to organise how the Tor team release new versions.

In China you can use meek-amazon, meek-azure, or a custom obfs4 bridge from or

meek-amazon and meek-azure are slow, because they are too expensive to run at their full capacity. But you can make it fast by running your own copy on a CDN. Here are some guides for doing it:

December 12, 2015


It is stable. Update your relay asap.

Downloadpage however may still declare diffrent.

December 12, 2015


For over a month, I've had the same entry guard; however a few days ago I began to experience connection problems, and I saw that it switched to a different guard node; then today it changed to another one.

I vaguely remember something about you guys changing the behavior, making the first hop become more static, so this changing of entry guard nodes worried me.

* Is this related to what should fix?

* Until a stable release, should I assume that I am vulnerable?

Thanks nickm

There are some different scenarios where your Tor-Browser will switch to a different guard node. Thats not bad at all; Reducing the rotation-turns is just a allover plus for Tor-anonymity. Dont worry at that point. You sould not assuse that youre vulnerable.

Indeed, cloudflare is very bad for Tor, on the cloudflare blog you can read the following lie: CloudFlare does not actively block visitors who use the Tor network. Why? Due to the behaviour of some individuals using the Tor network...
I don't even try to solve the impossible captchas.
The only thing cloudflare cares about is money.

December 14, 2015


Hello, can someone please help me - I have a simple question. I've been getting a lot of "One more step Please complete the security check to access" pages lately, as have many others from what I read.

Will the captcha give me real IP away, if I enter it?

Would be really grateful.


It means the site you've been visited runs by "Cloudflare"

Cloudflare has been blocked TOR IPs so you can't reach that site.

You have to enable your cookie and javascript to bypass Captcha. It's a great security risk.

December 15, 2015


Well it's Tuesday and still no windows version :(

Come on Shari Steele, please get these guys in line and organise timely and simultaneous releases for all OS's.

The last 2 releases have been premature or partially released. This lack of preparedness makes Tor look unprofessional :(

We all love Tor, please make it look professional.

December 17, 2015


Boykott cloudflake by using another proxie like and other free webpoxies (make a macro for adding the proxie-url)

(-) https may not work in some cases.

Hope that helps.

March 29, 2016



May 23, 2016


can anyone explain how in the world can the same (version-wise) I downloaded on various dates (dec 2015 vs may 2016) from here, i.e. the official tor site, contain different binaries? sha1 dec 2015: 049D664E1CBEBD078928760564B70D86016B2C39, sha1 may 2016: 5A52C71714CD6747CD99B451B5A3400F174A96C3. wtf?

My guess would be library updates (e.g. openssl).

Both of those "windows expert bundles" were built deterministically, as part of the Tor Browser build. So you can repeat the process for each of them, using the libraries available at the time.

(If you want a windows binary that doesn't change, you should fetch the official source tarball, and build it yourself.)