Tor Browser 4.0.4 is released

A new release for the stable Tor Browser is available from the Tor Browser Project page and also from our distribution directory.

Note: The individual bundles of the stable series are signed by one of the subkeys of the Tor Browser Developers signing key from now on, too. You can find its fingerprint on the Signing Keys page. It is:

pub 4096R/0x4E2C6E8793298290 2014-12-15
Key fingerprint = EF6E 286D DA85 EA2A 4BA7
DE68 4E2C 6E87 9329 8290

Tor Browser 4.0.4 is based on Firefox ESR 31.5.0, which features important security updates to Firefox. Additionally, it contains updates to NoScript, HTTPS-Everywhere, and OpenSSL (none of the OpenSSL advisories since OpenSSL 1.0.1i have affected Tor, but we decided to update to the latest 1.0.1 release anyway).

Here is the changelog since 4.0.3:

All Platforms
- Update Firefox to 31.5.0esr
- Update OpenSSL to 1.0.1l
- Update NoScript to 2.6.9.15
- Update HTTPS-Everywhere to 4.0.3
- Bug 14203: Prevent meek from displaying an extra update notification
- Bug 14849: Remove new NoScript menu option to make permissions permanent
- Bug 14851: Set NoScript pref to disable permanent permissions

Thank You! I solved the

Thank You! I solved the problem by restarting Win. Simply quitting and restarting Tor didn't work; restarting Win worked and Tor automatically updated at first launch.

Is it possible to connect to

Is it possible to connect to my private web server https://nnn..nn.onion:mm/ which have certificate (v1) issued by my family's private ca?
First try was unsuccessful as tor browser refuses to accept ca certificate(v1). Any hope to return this beast to my control?

If we decided to use Bitcoin

If we decided to use Bitcoin through tor, which one is safer (provided we use TAILS): blockchain or electrum?

Electrum is not optimal because you could be connecting to the tor network through a malicious exit node. You can use an .onion electrum server in order to prevent this from happening but most of these do not work and it is not clear whether if you find one that works it could be malicious itself. Bear in mind that, unless you use the -1 option through the command line interface, it will connect to other clearnet servers other than the specified .onion address and it is very difficult to be able to connect through any onion server when you use this -1 option. Moreover, with its default configuration, electrum not only connects to clearnet servers but it may also connect to servers that do not use SSL/TLS. In short, the main drawback is that electrum might be vulnerable to the kind of attack described in Ivan Pustogarov's paper.

Blockchain.info should be safer in this regard if you use the https://blockchainbdgpzk.onion address. However, you need to allow javascript or you won't be able to create a wallet. Does allowing javascript pose a deanonymization risk even if you use the tor browser within TAIL's safe context?

WTF torproject! No Vidalia?

WTF torproject! No Vidalia? WTF!

Adoro usar o tor.

previous versions of TOR ran

previous versions of TOR ran fine. Updated to 4.0.4 and I get the 'Couldn't load XPCOM' message and nothing starts!

same thing happened here.

same thing happened here. you have to delete it and install it again. there is nothing else you could do. make sure to follow this websites instructions, because if you use apt get, it may look like tor and act like tor,but it might just not be tor at all.

i would love to volunteer here, but i can't find the time! i wanna fix you so badly! hahaha you guys could simplify your explanations on how to get things done here... i mean, we have to spend sooooo much time searching around for information on why does a website keep blocking me even after i have set the bridges and what other steps i ought to take to make sure i am not being tracked... you wrote something, but to a beginner it means nothing. who's with me? :p

Is Torproject Blog going to

Is Torproject Blog going to discuss the U.S. "net- neutrality" fiasco?

There are no plans for that

There are no plans for that yet, as far as I can tell.

Does also someone else note

Does also someone else note massively connection problems with this version of TOR the last few days? Often, files of a website (images, js, css or html) seems not to be loaded and the page must be refreshed several times until it is correctly rendered. And it seems not to be a problem of one ore two bad exit nodes. Problem with my ISP, the TOR network or the TB bundle? Could this be a new kind of statistical attack?

Is there a doc somewhere on

Is there a doc somewhere on how to set up a local network TOR proxy you can point 1 or more local network TBB 4.0.x clients at?

I'm basically looking to have a Linux box on the local network that will always be the entry guard (1st hop) for all local network hosts running TBB 4.0.x, and it will also be a public relay so our local network's client traffic gets mixed in with public traffic being relayed through our proxy.

I had more or less followed this document in the past with the 2.5.x series of TBB on the clients and a Fedora linux box running polipo and tor (0.2.3.25) as a relay.

https://trac.torproject.org/projects/tor/wiki/doc/CentralizedTorServer

but things started breaking with newer versions of TBB coming out -- it got to where the clients could never complete the setup -- such as not being able to pull a directory or just never getting a circuit going.

Or, if anybody knows of anything offhand that I should just do differently while otherwise following the doc referenced above please let me know.

It's entirely possible that I'm overcomplicating the setup on the client side. Or maybe the tor version I was running on the Linux tor/polipo proxy box was not compatible with the newer proxy modules etc. of newer TBB releases?

I could probably figure it out if I had a good overall illustration of how the clients and local proxy config should work together with newer versions. Just can't find anything like that.

Thanks in advance. I'm not asking anyone to do all the work for me, just a nudge in the right direction or reference to some more current docs. Every time I look for docs along these lines I find the same old docs I followed in the past that no longer work, or older docs that didn't work for me the first time either (they were obsolete).

I am noticing that a lot of

I am noticing that a lot of images on Tumblr are refusing to load for the last few weeks. They are transitioning to Edgecastcdn.net for some of their images, and those are the ones that are blocked. Typical response from edgecastcdn is "Server Denied". Not sure if that is 4.0.4 specific or if it affects entire Tor network. Other browsers using static IP work fine on same images.

its been mor then a year

its been mor then a year that i havent used tor and non of mthe old sites i knew doesn't work can anybody help me with that?