Tor Browser 4.0.2 is released
A new release for the stable Tor Browser is available from the Tor Browser Project page and also from our distribution directory.
Tor Browser 4.0.2 is based on Firefox ESR 31.3.0, which features important security updates to Firefox. Additionally, it fixes a regression in third party cache isolation (tracking protection) that appeared in 4.0, and prevents JavaScript engine locale leaks. Moreover, we believe we have fixed all of the Windows crashes that were due to mingw-w64 compiler bugs. DirectShow is still disabled by default, though, to give the respective mingw-w64 patch another round of testing.
Here is the changelog since 4.0.1:
- All Platforms
- Update Firefox to 31.3.0esr
- Update NoScript to 2.6.9.5
- Update HTTPS Everywhere to 4.0.2
- Update Torbutton to 1.7.0.2
- Bug 13019: Synchronize locale spoofing pref with our Firefox patch
- Bug 13746: Properly link Torbutton UI to thirdparty pref.
- Bug 13742: Fix domain isolation for content cache and disk-enabled
browsing mode - Bug 5926: Prevent JS engine locale leaks (by setting the C library
locale) - Bug 13504: Remove unreliable/unreachable non-public bridges
- Bug 13435: Remove our custom POODLE fix (fixed by Mozilla in 31.3.0esr)
- Windows
- Bug 13443: Fix DirectShow-related crash with mingw patch.
- Bug 13558: Fix crash on Windows XP during download folder changing
- Bug 13594: Fix update failure for Windows XP users
This version, same as with
This version, same as with v4, graphics look unusual at the bottom of browser window, it doesn't refresh properly and keeps bits of previous windows, so looks like its going to crash (but doesn't). Shading for the tabs at top look weird too very blocky. Seems a bit better than previous version 4.0.
But worse with this version 4.0.2 is the fact the downloads view ctrl+J or from the menu, is now just still image, it doesn't update or show info until you refresh, ie just stays on minutes left, download speed, nothing is moving now, before on every version you would see the time changing and speed jumping about. Also if you add a shortcut for the download button to the window frame/toolbar it doesn't do anything. Doesn't show you the download section, minutes remaining nothing now.
Whats going on?
Download button on toolbar
Download button on toolbar now works properly and times and speeds move about after several closing and re-openings of tor. So thats good news.
The graphics still look weird though at the bottom with old graphics remaining on the lower prob 1cm of the window frame and the browser tabs having a bit of white to the left and right and a rectangle in the centre, so something possibly to do with shading, could this be some opengl graphics problem? Forgot to say before using win xp sp3.
Hi when I visit
Hi when I visit "https://plus.google.com/+youtube/posts/BUXfdWqu86Q" my TorBrowser freezes, my RAM fills completely and I have to kill the Browser.
Im running Debian stable 64Bit and testing 64Bit both Systems do have the same problem. (The Site opens perfectly well in Tails 1.2.1)
Works for me both with
Works for me both with 4.5-alpha-1 on a 32 bit Debian testing and with 4.0.2 on a 64bit Ubuntu Precise box. Not sure what is going on.
Why don't receive the
Why don't receive the Vidalia and expert bundles for Windows any updates any more? They are still at 0.2.4.23 which has been released months ago - stable is already at 0.2.5.10 and 0.2.4.23 is known to be buggy/slow with hidden services.
Vidalia is not maintained
Vidalia is not maintained anymore and the "expert bundles" can be found in the Tor Browser download directory nowadays: https://dist.torproject.org/torbrowser/4.0.2/tor-win32-tor-0.2.5.10.zip and https://dist.torproject.org/torbrowser/4.0.2/tor-win32-tor-0.2.5.10.zip…
I've downloaded TOR
I've downloaded TOR 0.2.5.10 and if I run tor.exe there is no output to the console.
How can I enable it again ?
Thanks.
There's a ticket for that
There's a ticket for that issue here: https://trac.torproject.org/projects/tor/ticket/13819.
Huge cpu load in windows7,
Huge cpu load in windows7, unusable.
what happened to the routing
what happened to the routing map on tor button?
It is available in the alpha
It is available in the alpha series and will be ready for the stable one in a couple of months.
The crashes are not fixed in
The crashes are not fixed in this 4.0.2 version. 4.0 was crashing from time to time, disabling direct draw slightly reduced crash rate. 4.0.1 was crashing so much that it was completely unusable. It crashed while displaying blank page. 4.0.2 also crashes for no apparent reason.
Please fix these crashes. It is most important to do than making more features. 4.0x series are unusable. 3.6x lineage that was rock stable. I dont want to return to 3.6 because of old Firefox security flaws susceptible to freedom hosting-style attacks.
Windows XP SP3, clean install, two different computers.
Sounds like you have some
Sounds like you have some AntiVirus/Firewall software interfering with Tor Browser. Contacting the vendor to get that fixed might be an option.
I have no realtime antivirus
I have no realtime antivirus or 3rd party firewall installed. ClamWin does not have real-time engine and using Windows XP built-in firewall. No other software can interfere with Tor Browser too. I suspect this is due to using different compiler than 3.6 series or Mozilla uses.
The error is
Faulting application firefox.exe, version 31.3.0.0, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.
Please fix this. Tor Browser crashes mostly at random and according to murphy law it crashes when most critical manipulations are done.
have there been any
have there been any additional changes since 4.0.1 not noted above, which impact the use of bridges other than obfs3? Asserting others in torrc seems to cause crashes on startup (and "missing profile" messages) whereas such problems did not occur for me in v4.0.1.
No. All the changes are
No. All the changes are mentioned in the above changelog.
I have Tor Browser 4.0.0
I have Tor Browser 4.0.0 running on Windows 8.1. When I download and run the full 4.0.2 installer, either a fresh install or an upgrade - I end up with a defective install. Running Tor gets "Couldn't load XPCOM". I can only recover the system by reinstalling 4.0.0.
i am also getting the same
i am also getting the same error msg not sure how to fix.
You might
You might like
https://www.torproject.org/docs/faq#XPCOMError
i am new to this Blog but
i am new to this Blog but looking at the about:config i saw something that was highlighted in bold that i never noticed before..under the JAVA category... " javascript.default_local ........ value = en-US
what is this ?
See the changelog above: we
See the changelog above: we spoof the locale for the JavaScript engine now. For instance trying to induce error messages while you are surfing makes them always en-US formatted now while that was not the case before. Bug 5926 has more information.
startpage starts to suck
startpage starts to suck massively!
----------------------------------------------------
As part of StartPage's ongoing mission to provide the best experience for our users, we occasionally need to confirm that you are a legitimate user. Completing the CAPTCHA below helps us reduce abuse and improve the quality of our services.
Thank you,
The StartPage Team
JavaScript appears to be disabled in your web browser. To complete the CAPTCHA, please enable JavaScript and reload the page.
Yep. Does for me too. Never
Yep.
Does for me too. Never has before.
Just select DuckDuckGo as
Just select DuckDuckGo as search engine in the drop-down box instead. They work flawlessly using Tor, and also provides high-quality search results.
I am using Windows 7
I am using Windows 7 64-bit.
I accepted the automatic update notification popup window, and it automatically updated Tor Browser from within Tor Browser. It appeared the update was successful, with no error messages.
Now, my desktop shortcut to start Tor Browser no longer works. When I went to the folder and clicked on the "Start Tor Browser" shortcut there, it still didn't work. Only when I went to the Firefox executable in the "updated" folder, did Tor Browser start.
Automatic updates shouldn't change how the program starts up.
Anyone got a clue?
Works for me. Do you have
Works for me. Do you have steps to reproduce your problem?
As I described, I simply
As I described, I simply said yes to the update, it did the update, reporting no errors, and it has broken the shortcuts, including its own. Vidalia also stopped working.
I tried to tweak the settings today, but have resorted to a clean install, just as I have always had to do in the past. So the automatic update feature appears to be buggy for me.
Vidalia is not being shipped
Vidalia is not being shipped anymore in Tor Browser. It has been gone long ago. Thus, not sure what kind of bundle you have been running at all.
When I originally tried to
When I originally tried to download Tor browser 4.0.2 from this website, my antivirus software, Trend Micro, said, "This file is not commonly downloaded and could harm your computer".
My antivirus software also said that this file "Does not have a valid signature".
My antivirus software attempted to block me from downloading Tor browser 4.0.2.
Also when I try to connect to the public Tor relay's two message's come up saying, "Unable to connect to Tor" and, "You do not have permission to use Tor".
I downloaded Tor browser 4.0.2 from this website, over the default https connection.
So my point is,
My antivirus software is falsely detecting that Tor browser 4.0.2 is a virus,
and,
I think that my ISP is blocking me connection's to the public Tor relay's.
I live in Australia and Tor is legal to use here, my ISP shouldn't be blocking me connection's to the public Tor relay's.
I have used Tor for years and have never had this bizarre problem.
So how can I get to use Tor bridge's to circumnavigate this blocking to the public Tor relay's?
The "You do not have
The "You do not have permission to use Tor" line sounds like some other application or part of your operating system -- it's not a message that Tor Browser would give you.
So I think it is still something wrong on your system, not censorship that your ISP is doing to you.
Any reason why in 3.6 if you
Any reason why in 3.6 if you closed an open tab a new tab opened. In 4.2 if you close an open tab the whole program shuts down. Anything different in settings that can fix that?
Thanks
This page now comes up when
This page now comes up when I try to do a StartPage search. This has never been the case before this update:
"As part of StartPage's ongoing mission to provide the best experience for our users, we occasionally need to confirm that you are a legitimate user. Completing the CAPTCHA below helps us reduce abuse and improve the quality of our services.
Thank you,
The StartPage Team
JavaScript appears to be disabled in your web browser. To complete the CAPTCHA, please enable JavaScript and reload the page."
Why is StartPage now requiring me to enable javascript in Tor Browser to do a search? I thought they were all about privacy?
Duckduckgo as a seach
Duckduckgo as a seach engine, also has an onion site: it apparently is more highly dedicated to privacy than other search engines like StartPage
Startpage/Ixquick has been
Startpage/Ixquick has been around for a long time and doing a great job protecting its users from tracking. There was a similar issue a while ago when TBB first defaulted to using them as the default search engine but they worked with Tor project reps to resolve it. Maybe they are getting a larger volume of traffic from the top exit nodes than they planned on and haven't adjusted their filter to keep up.
Because StartPage feeds off
Because StartPage feeds off it's users like a google leech. It's all about data mining with false promises of privacy hopes & dreams.
Let's see StartPage staff challenge me on this.
http://ip-check.info no
http://ip-check.info no longer works.
I put a shortcut to ipcheck.info in my bookmarks tool bar, and when I click on it it just spins and spins, and nothing happens. Then, if I click on the shortcut again, the opening window comes up. This behavior makes no sense.
Then, when I click on "Start Test!", is does absolutely nothing.
This is new behavior that only began on the 4.0.1 update, and continues in 4.0.2
ip-check.info works correctly in Firefox.
Works for me with a fresh
Works for me with a fresh 4.0.2 on a 64bit Ubuntu Precise.
"ip-check.info"? Last I
"ip-check.info"?
Last I checked, site was a plain, unencrypted, unauthenticated http; not httpS SSL/TLS.
That means when you visit the site, you are at the mercy of your exit node, which can tamper with and manipulate the content.
And yet people continue to take this "ip-check.info" seriously?
Am I missing something here?
why is mixed content (https
why is mixed content (https + http) allowed by default?
This is significantly less secure and isn't firefox's default with the used browser version for active content. So why go out of your way to reduce the security of tor?
Have a close read of
Have a close read of https://trac.torproject.org/projects/tor/ticket/8774. There you'll find the reasoning behind this decision.
- Mixed content I Agree, but
- Mixed content
I Agree, but it is Firefox default to allow this while it should not.
You can toggle this off in the about:config preference
security.mixed_content.block_display_content
By clicking on it from "false" to "true" you won't have the mixing http content anymore.
Meaning less images on the mixed content sites (you can't have everything )
- Simple Toggle button?
To me it would be ideal if there was a toggle button for that preference in (Tor)browsers, or NoScript, Torbutton or other addons like an Adblocker addon (such a pity that I can't make addons).
If people could and would not accept the mixed content 'thing' anymore when a browser offered them to do so, then maybe websites would change their bad security habits and users would be more secure.
- About security, SSLStrip MITM Attack
By the way, would an sslstrip attack work on an exitnode in mixed content cases?
And if so, could it be recognised by the user the same way; in the url bar by showing only a http connection instead of an https connection? (assumed you were planning to visit a https website and very sure expecting to have a https connection?).
But people usually maybe won't notice the difference missing visual security indicators that easy (even in case of possible visible social engineering like a moving extra generated fake lock-icon to the tab-icon space. "Look I see a lock-icon so I guess it's 'safe'!" ?).
In those cases it would be nice if people could consider in advance to switch off the mixed content (about:config preference) function and switch it on again when they think they need it.
Like using NoScript in strong security modus, only activating javascripts when you really really need them (the ' Very-"High"-custom Torbutton modus ' in Torbrowser 4.5 alpha).
- Change it yourself?
Anyway, so people who are concerned about security can manage this setting themselves in the about:config.
And if enough people are concerned about this and change this setting in 'refusing standard', you also won't be that more unique anymore.
Harrumph! The issue on my
Harrumph!
The issue on my XP not being allowed to designate an alternate download file has now been fixed. Well done. Imho it was always redundant anyway. Thank y'all very much!
For all XP sp3 32 bit users who haven't heard the good news.
DOS updates are available through to April 2019. Google "extend XP updates" for details. I've been using it successfully since June 2014. No issues at all. Regrettably, this don't apply to the 64 bit architecture.
Now all you bustards at Tor - GO HOME! You've done enough this year! It's the holiday season an' you should be kicking back in the sunshine.
Oooops, I forgot! You're going to be shoveling snow out of driveways instead. LOL
Actually, anybody who's
Actually, anybody who's anybody is descending on Hamburg this year for CCC.
See you there!
Detected viirus (AVG 2015)
Detected viirus (AVG 2015) and malware (Malwarebytes) either on Alpha 4.01 & 02
On my Windows 7
On my Windows 7 Enterprise-System Tor Browser 3.6.5 runs perfectly. Tor Browser 4.02 and Firefox run (as I can see in the Task Manager) but I can't work with it, because no windows appears.
GData blocks 4.0.2 due to
GData blocks 4.0.2 due to suspicious code. 4.0.1 is fine however.
Same for the Alpha
Sounds like another case
Sounds like another case of
https://www.torproject.org/docs/faq#VirusFalsePositives
?
With this newest version I
With this newest version I am unable to login to two separate TOR email services. With javascript disabled it worked fine on earlier versions.
http://mailtoralnhyol5v.onion capture not recognized
http://mail2tor2zyjdctd.onion passwords not accepted
Anyone else getting this?
For all XP sp3 32 AND 64 bit
For all XP sp3 32 AND 64 bit users who haven't heard the good news.
DOS updates are available through to April 2019. Google "extend XP updates" for details. I've been using it successfully since June 2014. No issues at all.
You would need to hunt around a bit on these sites to find the 64 bit tweak. Check the original blog for a link. It's there, I've seen it.
https://www.torproject.org/do
https://www.torproject.org/docs/faq#XPCOMError