Tor Browser 3.6.3 is released

The third pointfix release of the 3.6 series is available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

Here is the complete changelog:

  • All Platforms
    • Update Firefox to 24.7.0esr
    • Update obfsproxy to 0.2.12
    • Update FTE to 0.2.17
    • Update NoScript to 2.6.8.33
    • Update HTTPS Everywhere to 3.5.3
    • Bug 12673: Update FTE bridges
    • Update Torbutton to 1.6.11.0
      • Bug 12221: Remove obsolete Javascript components from the toggle era
      • Bug 10819: Bind new third party isolation pref to Torbutton security UI
      • Bug 9268: Fix some window resizing corner cases with DPI and taskbar size.
  • Linux:
    • Bug 11102: Set Window Class to "Tor Browser" to aid in Desktop navigation
    • Bug 12249: Don't create PT debug files anymore

The list of frequently encountered known issues is also available in our bug tracker.

PETER

July 30, 2014

Permalink

Please tell us where to report bugs or error messages. Thanks.

Below is an error message when I was using TBB 3.6.3:

[quote]

(firefox:3299): Gtk-CRITICAL **: IA__gtk_clipboard_set_with_data: assertion `targets != NULL' failed

[end quote]

Was someone trying to hack into my internet connection when I was using TBB 3.6.3?

PETER

July 31, 2014

Permalink

For me, 3.6.3 simply does work only when opened first time. After that it will not open anymore.

For the second time or later, the browser toolbar show up, but the actual browser won't.

Looks like others having same issue. Tested on three different OS X Mevericks laptops.

Please, fix this.

That happens sometimes here too , OSX Torbrowsers 3.6.1/3.6.2/3.6.3

(and some other strange behavior, I'll take that for a separated 2nd post here)

1) Possible solutions
What has helped me (could be coincidence) in pre Mavericks OS X's and what you could try :

Option A) Mozilla function : Safe boot modus / Quit / Normal boot

Steps:
* Force Quit the Application with "ctrl" + mouse Click, choose "Force Quit"
yes, your application dock will be even frozen for 10 or 20 seconds, had that problem as well with certain firefox versions some time ago, just wait a moment.
* When the dock is responding again, restart the Torbrowser with the "Alt" key pressed (safe boot browser start) and close down the application again (you cannot browse in safe modus anyway, it's just to hopefully clean all the left caches that maybe are causing a problem. Standard Firefox solution)
* Normal restart the Torbrowser
* Try to restart it again and see if it's still working (usually works for me, if not I'll go to/use myself this tweak option C)

Option B)
* Easy easy way, reinstall the Torbrowser bundle

Option C) Tweak - Reset the given 3 or 4 start connections of the Torbrowser bundle

It's a found out 'Tweak' way and a bit faster way throw away some files from the package contents, new ones will be given in place, no harm done.
Just found out by having some experiments with the browser, it did work for me all de OS X 3.6 versions.
Please developer give me your opinion if you think there are better ways.

Steps:
* Go to the TorBrowser bundle
* "Ctrl" mouse click on the application an choose "show package contents" from the little menu
* Open the "Data" folder (not "Contents", "Docs", or "Tor")
* Open "Tor" folder
* Select the following files "cached*certs", "cached*microdesc*consensus",
"cached*microdescs", "cached*microdescs.new" and throw them away ("cmd" key and "backspace key" or just drag them to the throw away basket (and empty the basket! A lot of people don't empty it, that doesn't make sense, to me)).
The files are usually already on alphabetical order and easyli to select. I for me usually always clean/throw away the "State" file away too.
* Close the windows and startup the browser again, you even could consider first taking a "Safe boot" and then a normal boot.

Again, this works for me, if the developers have another thought about this, and I can imagine there must be better solutions someway somehow, please let me know.
Hopefully it'll work for you.

PETER

July 31, 2014

Permalink

Using Tor Browser 3.6.3-Linux, all seems to work, but more slow.
(Ubuntu 12 with Lubuntu. All updates current.)
thankyou for the whole damn system/discussion.
Questions:
Do you update software through 'automatic updates'?
2 days in a row i have the following pending updates:
* anonymizing overlay network for TCP tor (size 1.1 MB).
* GeoIP database for TOR tor-geoipdb (Size 816 kB)
Are these part of the tor browser?
if okay, please point me to info.
btw: i can NOT have any other software but the browser bundle.
Do i need to remove anything?

Does my mac address still show?
Is there a way of changing it on every request or even every new tab?

thankyou for your time

The Tor Browser is not updated through automatic updates yet. But that feature is coming: https://bugs.torproject.org/4234.

The updates you see are not part of the Tor Browser but part of the tor you get via your Ubuntu. You should install those updates.

You don't need to remove anything although I have to admit that I don't understand your question pretty well.

Your MAC address is not touched by tor/Tor Browser. That said it is not visible outside of your local network either. I.e. nobody on the Internet should be able to see it but an attacker in your local network (e.g. at home) is still able to.

PETER

July 31, 2014

Permalink

Half off-topic but there is no simple open request for TAILS questions:

If i want a custom additional torrc setting,is it safe to inject this with
Vidalia-->Settings-->Advanced-->Edit current torrc ?
Delete all in this torrc window and set my additional setting(custom exit or something else) only. Is this overriding all TAILS special config(BAD) or inject this a additional command only(SAFE)??
Please no discussion additional setting is useful or not.

PETER

August 05, 2014

Permalink

it is strange! after some 'totally off' days with blocking TOR servers in Iran, now my 3.6.2 version starts to work fine but my 3.6.3 still doesn't work. is it normal?! and also, is it safe to use that version?
thanks a lot TOR guys :)

PETER

August 06, 2014

Permalink

Arm says that tor in tor broswer bundle is 0.2.4.22 and thus obsolete. Also, it behaves weirdly with firefox sync: it syncs bookmarks almost instantly and takes about a minute to sync history, but add-ons almost don't sync up (not all of them do, anyway).

You have configured your Tor in your Tor Browser to be a relay I guess? If so, arm is right that 0.2.4.22 is obsolete -- it is no longer recommended for relays, since we want relay operators to upgrade to 0.2.4.23.

If your Tor is just a client, perhaps arm is mistakenly reading the recommended relay versions, and it's an arm bug?

As for the firefox sync weirdness, you should gather more details and file a ticket if you can identify what's wrong.

PETER

August 08, 2014

Permalink

I posted a comment yesterday, but for some reason it's not showing here... I read that some people were experiencing the same problem I had right after downloading Tor: the conection progress bar gets stuck and it doesn't conclude the connection. In my case, I ran tor by terminal and found a message which told me my clock was delayed and in order to connect I had to adjust it to the UTC time. So, after fixing it, Tor connected ok. Even if your clock is OK, maybe running TBB in the terminal can give you a clue about what is happening.

I am a beginner user, but I think it would be better if TBB showed these messages that appear on prompt in the GUI too.

PETER

August 08, 2014

Permalink

I am having problem connecting to any .onion pages. Tor connects and I can go to like lets say google.com or any regular website. But any .onion I am trying to go to is not working. And I have changed nothing since I connected last. Is anyone else having this ?. I even tried to connect from a diff cpu same problem

PETER

August 11, 2014

Permalink

Can't get 3.6.3 to connect to anything on Mavericks - currently 10.9.4. It loads OK and according to my LittleSnitch there is apparently some brief two-way communication as the initial page displays, but then nada, zero, zip., can't navigate to any webpages, and no network activity shows in LS...makes no difference if the Mac's firewall is activated or not, it just sits there like a lump. Seems I had the same problem with all versions since the release of Mavericks. The only way I can use Tor at all is by dragging the old version (with vidalia control panel) back out of the trash.

----UPDATE: It was my SOPHOS antivirus. There are two "web protection" options, if either of them is enabled for some reason Torbrowser doesn't even seem to communicate with the socks proxy.

PETER

August 14, 2014

Permalink

2nd contribution OS X questions as 'promised' by Anonymous August 1st, 2014

'Other open questions regarding the Torbrowser pre config & Addon functions' :

1) Why is the NoScript function after installing the Torbrowser bundle practically (or almost fully) disabled?
Shouldn't be there an explicit warning for that on the download page; "Want Tor to really work?"

I am under the impression that not all users / people realize that that is not a safe manner of using the Tor browser because they actually accept a lot of javascripts that could be dangerous for there computer (viruses&malware) or their privacy.

(Or) Why not at least activate NoScript in advance, with sone very special attention to the "Embeddings" (& Appearance) section.
Embeddings section; why not mark them 'all' in advance, or at least maybe the first 12 options + "ask confirmation.." ?
Seems necessary an good for privacy and your computer health/security, wouldn't it be fare more better having possibly a bit to strict browser policies then the other way around?

An other option could be a 'little visual screenshots manual' with advised privacy/security settings somewhere on the site.
Because NoScript is for most people a pretty tough/difficult addon to understand and configure, which could leave to people leaving the settings completely untouched (with unused necessary functionality the addon doesn't actually have a good reason anymore to be there, while it has actually essential necessary functionality).

2) Firefox has a lot of hidden functions. A lot of them you could consider as unwanted functionality because it can affect you privacy for example.
People who are aware of that change these settings in the about:config preferences of the browser.

I see, some (even maybe a lot more) about:config prefs/settings in The Torbrowser bundle unchanged. Wouldn't it a good idea too have a good look at all those settings for optimizing privacy (dom-settings for example to start with, reconsidering standard available search-engines?, and so on).

3) Certificate management/validation.

The standard available option "When an OCSP server connection fails, threat the certificate as invalid" is not activated.
Why not?

The SSL observatory function under HTTPS Everywhere has the unchecked option "Use the Observatory" with two functions.
Why is it unchecked?

When activating the Observatory the first option "Check certificates using To for anonymity (requires Tor)" is not really an option because you just can't activate it.
Why is that?

The other option "Check certificates even if Tor is not available" is given as the standard option.
To me that seems a bit odd from privacy reasons, but/and would it even work? The browser needs the Tor network, you can't browse without it so why is the option actually there?

4) Question for other users, is it just me or do other people have this too?
When starting the Torbrowser it will first shortly open a little torbutton pane/window, then the main browser window, and then the Torbutton window in the back is vanishing.

Sometimes the Torbutton window is completely Black before it is vanishing. ??
Sometimes after booting with the black Torbutton window/pane there is also a visual red cross-mark in de Torbutton itself, giving a warning about a not established Tor connection.
Do others have the black Torbutton window too, and if, what does that mean?

5) OS X release 3.6.3 Tor Button is/was not warning (yet/so far) for the new available release 3.6.4.
Is/was that a Bug?
Hopefully it is working again in 3.6.4 to warn users for the update after that.

6) Las but not least (after all this questions ;-)
thank you again for the good work on this browser.

The 3.6.4 TorBrowser version seems stable on OS X and even a bit faster/more responsive,
it's working fine so far.