Tor Browser 4.0.2 is released

A new release for the stable Tor Browser is available from the Tor Browser Project page and also from our distribution directory.

Tor Browser 4.0.2 is based on Firefox ESR 31.3.0, which features important security updates to Firefox. Additionally, it fixes a regression in third party cache isolation (tracking protection) that appeared in 4.0, and prevents JavaScript engine locale leaks. Moreover, we believe we have fixed all of the Windows crashes that were due to mingw-w64 compiler bugs. DirectShow is still disabled by default, though, to give the respective mingw-w64 patch another round of testing.

Here is the changelog since 4.0.1:

All Platforms
- Update Firefox to 31.3.0esr
- Update NoScript to 2.6.9.5
- Update HTTPS Everywhere to 4.0.2
- Update Torbutton to 1.7.0.2
  - Bug 13019: Synchronize locale spoofing pref with our Firefox patch
  - Bug 13746: Properly link Torbutton UI to thirdparty pref.
- Bug 13742: Fix domain isolation for content cache and disk-enabled
  browsing mode
- Bug 5926: Prevent JS engine locale leaks (by setting the C library
  locale)
- Bug 13504: Remove unreliable/unreachable non-public bridges
- Bug 13435: Remove our custom POODLE fix (fixed by Mozilla in 31.3.0esr)
Windows
- Bug 13443: Fix DirectShow-related crash with mingw patch.
- Bug 13558: Fix crash on Windows XP during download folder changing
- Bug 13594: Fix update failure for Windows XP users

Great! Now, if only I could

Great!

Now, if only I could find a way to get updates for my beloved Commodore 64...

The most recent iteration of

The most recent iteration of FF takes around 15 seconds to load onto my screen.

TBB 4.0.2 takes around 10 seconds longer.

TBB is no longer the clunky and slow app which it was 8 or so years ago.

So why would I still need FF as a poor substitute for IE8? To my tiny mind FF has just too many tracking and monitoring devices for my "overhead" costs.

Just remember to keep a fresh copy of Favourites/Bookmarks handy for importing into the latest TBB version and you're done.

I get lots of random crashes

I get lots of random crashes since 4.0.1 on XP. Seems Firefox sucks more and more, maybe get rid of it and use a better browser?

No worries at all with the Expert Bundle. Tor+Privoxy FTW! :-)

The new version of TOR

The new version of TOR browser is nearly unusable on my XP SP3 installation, so I've been forced to revert to 3.6.6. The tab bar colors are all messed up, and mouse wheel scrolling isn't working at all, on any pages or menus. Also, I can't even see the about:config menu, because it's been changed to use fixed colors instead of the OS colors, which don't play nice with the dark windows theme I'm using.

I attribute most of these problems to the shitty Australis UI, and they aren't fixed even after installing CTR, so I give up. I've spent too much time trying to fix it already. Can the TOR project please consider an alternative browser base like Pale Moon? I won't be updating as long as Mozilla is bent on pushing such a buggy, crippled UI.

according to

according to http://ip-check.info/?lang=en dom.storage.enabled is enabled and this is a problem. the site recommend it to change to false.

is it a wrong setting of 4.0.2? will you fix it in the next update? ty

Can somebody from Tor-Team

Can somebody from Tor-Team check this? Looks like a serious problem! Thanks.

Wouldn't it be better to

Wouldn't it be better to just add an http-proxy interface to the Tor client? Maybe with simple header rewriting to unify the user-agent and such. Should be easy enough to do, right? Any browser could be used then without worrying about DNS-leaks from socks. Bundling such a monster browser as Firefox is hard enough, let alone making it secure. It's not a big step from a crash to an exploit and we have seen how users were deanonymized on Freedom Hosting. It's no good when everyone is using the same browser. Some diversity would protect us better from attacks.

The fixes in Tor Browser go

The fixes in Tor Browser go way beyond dns leaks. See
https://www.torproject.org/projects/torbrowser/design/

That's surely great, but

That's surely great, but what does it help when Firefox crashes all the time? A better browser with a lean and safe code base is needed here, not a mainstream jack of all trades browser that is not built with anonymity and security in mind from the start.

Don't get me wrong, Tor developers do a great job in getting this monster secure, but Tor would benefit a lot more if they didn't have to fight with the browser so much and could concentrate on the core more. Maybe Firefox developers want to work together with Tor and not just pump out new features? Maybe fork and gut it out? I know there's not really another browser that would be suitable.

Ok, there is still Tails of course. Brings its own OS with the browser.

Complexity is the enemy of

Complexity is the enemy of security. Bundling a whole browser must be a nightmare already as it is.

obfsproxy.exe and

obfsproxy.exe and fteproxy.exe unable to run on windows 8.1 x64:

fteproxy.exe :
Traceback (most recent call last):
File "fteproxy", line 14, in
File "fteproxy\__init__.pyc", line 13, in
File "fteproxy\record_layer.pyc", line 6, in
File "fte\encoder.pyc", line 11, in
File "fte\dfa.pyc", line 6, in
File "fte\cDFA.pyc", line 12, in
File "fte\cDFA.pyc", line 10, in __load
ImportError: DLL load failed: The specified module could not be found.

obfsproxy.exe:
Traceback (most recent call last):
File "obfsproxy", line 15, in
File "obfsproxy\pyobfsproxy.pyc", line 12, in
File "obfsproxy\network\launch_transport.pyc", line 2, in
File "obfsproxy\transports\transports.pyc", line 6, in
File "obfsproxy\transports\scramblesuit\scramblesuit.pyc", line 20, in
File "obfsproxy\transports\scramblesuit\mycrypto.pyc", line 9, in
File "Crypto\Hash\HMAC.pyc", line 66, in
File "Crypto\Util\strxor.pyc", line 12, in
File "Crypto\Util\strxor.pyc", line 10, in __load
ImportError: DLL load failed: Invalid access to memory location.

When I right click a link

When I right click a link that has a binary file (e.g., PDF file) and select the "Save Link As" option, sometimes I get a "Download External File Type" dialog, and other times this dialog is being bypassed and I just get a file name and directory selection "Save As" dialog. How do I force always getting the Download External File Type dialog, for any file type?

The link and information on

The link and information on the download page, supposedly requesting Tor Version 4.0.2, leads nowhere. In https://dist.torproject.org/torbrowser version 4.0.3 is available.