Tor Browser 4.5-alpha-2 is released

The second alpha release of the 4.5 series is available from the extended downloads page and also from our distribution directory.

Tor Browser 4.5-alpha-2 is based on Firefox ESR 31.3.0, which features important security updates to Firefox. Additionally, it fixes a regression which caused third party authentication credentials to remain undeleted and contains smaller improvements to the circuit UI and the security slider.

Here is the changelog since 4.5-alpha-1:

  • All Platforms
    • Update Firefox to 31.3.0esr
    • Update NoScript to 2.6.9.5
    • Update HTTPS Everywhere to 5.0developement.1
    • Update Torbutton to 1.8.1.2
      • Bug 13672: Make circuit display optional
      • Bug 13671: Make bridges visible on circuit display
      • Bug 9387: Incorporate user feedback
      • Bug 13784: Remove third party authentication tokens
    • Bug 13435: Remove our custom POODLE fix (fixed by Mozilla in 31.3.0esr)
Anonymous

December 05, 2014

Permalink

In China, Tor Browser 4 could connected over meek-amazon or meek-azure.

But Tor Browser 4.5-alpha-1 and 2 both couldn't use meek.

please check it.

In China, Tor Browser 4 could connected over meek-amazon or meek-azure.

Would you like to get your Chinese friends to translate Tor Browser into Mandarin Chinese?

With the recent implementation of laws by the Chinese authorities to curtail the freedom of expression on the internet, there is an urgent need for Tor Browser and its help pages to be made available in Mandarin Chinese.

How much would it cost to get a translator to translate tor and all its documentation to Mandarin Chinese (or any other language)? I'm thinking about maybe sponsoring it, or if you want you can set up a kickstarter and crowdfund it.

How much would it cost to get a translator to translate tor and all its documentation to Mandarin Chinese (or any other language)?

That's very nice of you :)

The cost of hiring a translator or translators depends very much on the volume of work to be translated.

If you've an idea of the volume of documentation to be translated, I can point you to some websites that offer English-to-Chinese translation.

Anonymous

December 05, 2014

Permalink

how can i revert to the classic theme? it´d be a good idea to remove irrelevant and unnecessary features like developers tools, as well as trim the binary download size - up until version 3.6 tor browser´s like 20-30 mb download, now it´s 40-50 mb.

I want to know this too. It's really needed, the new Firefox interface is terrible, and it's not even customizable remotely near the old Firefox interface.

Why do the Mozilla developers insist on breaking what was fixed since Firefox 1.0?

Lack of toolbar customization and lack of add-on bar are the two serious problems. A third serious problem that the Mozilla developers broke many releases ago is double clicking the URL bar. It selects everything (like a triple click always should) rather than just a single word. It makes trying to cut off parts of the URL extremely difficult, it used to be easy by just double clicking and dragging.

It's not really the TBB devs fault I know. It would be great if these features could be brought back in the TBB fork.

Classic Theme Restorer can give you a somewhat decent GUI, may change your browser signature especially if you have javascript enabled but should otherwise be safe, certainly safer than not using tor.

As for proper double click behavior, go to about:config and change browser.urlbar.doubleClickSelectsAll to false.

Anonymous

December 05, 2014

Permalink

If you really want your user base to explode (expand unbelievably) you should support torrenting over tor. TAILS have made some pretty remarkable advances in this field https://labs.riseup.net/code/issues/5991 which will also bring more support and funding to the project. It will not harm the network in terms of speed and over load, because this user base expansion will also make more people set up more relays. What do you think?

What about Wikileaks' 401.6GB insurance (torrent) file they asked everyone to download? https://www.facebook.com/wikileaks/posts/561645433870573 we should totally download that from our own ips or "anonymous" and "military grade encryption"™ VPNs and proxies, right? Reasons to torrent anonymously aside, this is about growing the network to improve tor's anonymity index, it's not about torrenting per se, it's only about growing the network even more to comply with its design "anonymity through obscurity" and it's a great idea that is destined for success once implemented.

There are options for large file transfer through Tor that are NOT going to kill the network, like Bittorrent would. While there may be a small faction of Bitorrenter's using it for human rights matters, etc., the vast majority use if for porn and movies.

I won't support Tor by running a node if it gets taken over by 18 year old kids looking for porn and movies.

Isn't this the same as 'i don't want my 18(!!!) years old kids(!!!) knew anything about nsa spying' so tor need censoring content? How can it be anonymity but only for accessing government' approved content? Is it a PRopaganda mist?
As for your 'kids' they can quite well be used in SS(nsa/cia/fbi/etc) operations all over the world. Did you ask them if they wanted to be controlled/censored even by you?

Tor network isn't designed for torrenting, period. Maybe some day it will be big enough, but that day isn't not anywhere near today.

And the day Tor says "please, torrent over Tor" I will stop running a node.

Yes, and facebook and html5 aren't torrents.

I'm not a big fan of bulk transfers in general over Tor. And doing it via bittorrent is generally especially unwise:
https://blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea

But we have to accept that many web pages these days have a variety of types of content on them, and that's what people want to do with the web.

If you really want your user base to explode (expand unbelievably) you should support torrenting over tor.

NO, NO and NO.

On the contrary Tor developers should incorporate technology that's able to detect when a Tor user is using bittorrent over Tor and blacklist and kick out that Tor user out of the Tor network.

Stick to Tor's original goals: to provide a means for those living in oppressive regimes such as North Korea, Iran, China, Egypt, etc... to freely express their opinions. Also journalists living in those regimes ought to be able to freely do their jobs.

Supported ! The Torproject and developers community
should takeit to heart to put their acts in line with
their (stated) goals, lest theu be suspect of hypocrisy,
in turn giving rise to legal attacks against (safe) use of Tor
and perhaps to Tor's total prohibition.

So, NO help or support for torrents over Tor,
and in general privilege safety and privacy over speed
and throughput.

Do you mean to announce that tor network is really nsa-controlled machine for exclusive usage in "oppressive regimes such as North Korea, Iran, China, Egypt, etc..."? So quite rightfully it _should_ be illegal for use in any country which is not under nsa control as tool of foreign spy agencies.
Seems to me it's just another attempt to disjoint tor community. BTW, why do you believe nsa-controlled state is not an oppressive regime?

Actually, I really don't want to do anything that can detect certain protocols and change behavior based on them. That way means losing "common carrier" like status, and anyway it's just an unfriendly thing to do on what we'd like to be a network-neutral Internet.

That said, we *have* been investigating throttling people who use more than their fair share of bytes, not because doing so is evil, but because doing so harms other users. See
http://freehaven.net/anonbib/#throttling-sec12
for some designs, and
http://freehaven.net/anonbib/#pets13-how-low
for some attacks on these designs. As with many suggested changes in Tor, getting it right is still an open research area.

Let me also address your last point -- Tor's original goals were as a civil liberties tool for people in the west (America, Europe, etc) to not get stuck in corporate or government databases. The censorship-resistance came later. But as other commenters here point out, resisting surveillance in Egypt and resisting surveillance in Italy are just matters of degree these days.

Anonymous

December 06, 2014

Permalink

Hi,

I downloaded, verified and installed a copy of tor-browser-linux64-4.5-alpha-2_en-US and after clicking on the Test for Tor Network Settings found that the Atlas link produced a page with the animated icon followed after a while by an error message.

No Results found!

No Tor relays or bridges matched your query :(

Should this be expected in this Alpha at this stage of development?

Thanks.

Anonymous

December 06, 2014

Permalink

I know everything is encrypted except from the exit node to the final destination. I'm wondering, though, what, if any, anonymity concerns exist due to at least the user's Tor client knowing the entire circuit?

Would it be better if the client only chose the first node, the first node then would pick the second node, the second would choose the third (exit) node? No one node would then know the complete path. Today is seems, at least theoretically, that all nodes know, or could determine, the complete path.

Anonymous

December 06, 2014

Permalink

More crap being thrown at Tor; this time it is Wordpress doing the blocking:

"Lost?

Our server sentries tell us you should probably not be here. Maybe you are lost?

If you are sure this is the place you are trying to go, please contact us and we will be happy to help."

Contact address is http://en.support.wordpress.com/contact/

Anonymous

December 06, 2014

Permalink

PS everything works just fine with Wordpress when you disable Tor ;)

Cloudfare, Wordpress... next... things are not looking good for Tor.

Just as it becomes usable, accessible and is gaining popularity it is being blocked and frustrated at every turn.

Anonymous

December 06, 2014

Permalink

The circuit display feature in torbutton is great! But, two problems I noticed:
- you can't select text in it to copy to the clipboard
- hidden service circuits still show "internet" after the last hop, which seems wrong

How about making the relays in the list be links to Atlas?

And how about a "report bad exit" button where users could submit reports to bad-relays via a hidden service? Ideally the reports could even (with the user's consent) include a copy of the TLS certificate and/or HTTP response received.

> How about making the relays in the list be links to Atlas?

No, please don't do that. People are going to click their relays and hence expose which relays make up their circuit.

Anonymous

December 07, 2014

Permalink

StartPage is giving us this warning everytime I try to use it:"As part of StartPage's ongoing mission to provide the best experience for our users, we occasionally need to confirm that you are a legitimate user. Completing the CAPTCHA below helps us reduce abuse and improve the quality of our services.

Thank you,
The StartPage Team

JavaScript appears to be disabled in your web browser. To complete the CAPTCHA, please enable JavaScript and reload the page."

Time to ditch it as the default search engine I guess

just for joke try to use something like "...googlebot..." in user-agent string. they're going to be mad.
and not just using it by default but actively recommend against it through a pop-up message.

Anonymous

December 07, 2014

Permalink

why cant i see the country any more. I am not a techie. Can someone please help?

Anonymous

December 07, 2014

Permalink

Downloaded and installed this alpha with no problems. No complaints from my antivirus program ( BitDefender Free ). Thanks for fixing the bug that caused me to re-disable Javascript via NoScript, every time I chose "New Identity".