Tor Browser 4.5-alpha-2 is released

The second alpha release of the 4.5 series is available from the extended downloads page and also from our distribution directory.

Tor Browser 4.5-alpha-2 is based on Firefox ESR 31.3.0, which features important security updates to Firefox. Additionally, it fixes a regression which caused third party authentication credentials to remain undeleted and contains smaller improvements to the circuit UI and the security slider.

Here is the changelog since 4.5-alpha-1:

All Platforms
- Update Firefox to 31.3.0esr
- Update NoScript to 2.6.9.5
- Update HTTPS Everywhere to 5.0developement.1
- Update Torbutton to 1.8.1.2
  - Bug 13672: Make circuit display optional
  - Bug 13671: Make bridges visible on circuit display
  - Bug 9387: Incorporate user feedback
  - Bug 13784: Remove third party authentication tokens
- Bug 13435: Remove our custom POODLE fix (fixed by Mozilla in 31.3.0esr)

Problems downloading TBB exe

Problems downloading TBB exe file with seamonkey.
The Download window says blocked!

It's any strange shit with "stricttransportsecurity" the browser says.
Where is the misconfiguration?

Is there a good reason that

Is there a good reason that the Tor Browser auto-updater has to make a copy of the entire browser, user profile included, into an "updated" folder just to update? It makes it very easy to run out of space if you have a larger user profile.

I think the answer is

I think the answer is "that's how the Firefox updater works".

I noticed that

I noticed that HTTPSProxyAuthenticator username and password are still in clear plain text in torrc. This is a serious security issue in my view: it allows anybody with access to the file (e.g. through a backup or an old disk) to get the identity and network credentials of the tor user (esp. in corporate or controlled environments). Thanks if somebody could fix this issue somehow or at least try to reduce the risk: maybe (i) adding an option not to save network access credentials (ii) a password protected startup process or, ideally, (iii) the possibility to choose a pw protected profile to run tor. Thanks!

I suggest you open a ticket

I suggest you open a ticket on https://bugs.torproject.org/ and be prepared to help write the feature the way you want it.

That said, doesn't the httpsproxyauthenticator go out on the network unencrypted too? So it's not like these things are actually very secret.

I just downloaded Tor and

I just downloaded Tor and nothing else.
Is it safe to use Tor with Internet Explorer 11?

Very much

Very much no.

https://www.torproject.org/docs/faq#TBBOtherBrowser

Request: Allow copying if IP

Request:

Allow copying if IP addresses of the nodes in use from the Torbutton flyout thingy.

Another day, more

Another day, more propaganda, this time targeting "users of of the 'dark net'" i.e. Tor... the 'dark net' the place where all those 'paedophiles' lurk. "It's outrageous, why aren't the Government doing something about this and blocking this Tor or whatever is is called from accessing the internet?" Why is it all so predictable? All so reminiscent of when the Pirate Bay first started appearing on the pages of the BBC: "Pirate who? Never heard of them. But wow, this 'file-sharing' sounds so cool, must give it a try... you get all sorts of 'free' stuff like movies, music and software you say".... and look where the Pirate Bay is now - offline! Now we have moved onto: "Onion who? Never heard of them. But wow, this 'anonymity' sound so cool must give it a try... you can get up to all sorts of 'illegal' stuff and not get caught you say?"

From the BBC: http://www.bbc.co.uk/news/uk-30426164 .. always worth keeping an eye on.... ;)

From the BBC article: "The

From the BBC article: "The joint unit will tackle people who are using increasingly sophisticated encryption techniques and the so-called "dark-net" to hide their true identities and trade child abuse images and videos."

Probably means GCHQ has

Probably means GCHQ has already set up numerous fake nodes or is about to. Probably watching exit traffic and tracing it back to origin.
We need a new TOR that can't be broken by super computers.

I know we keep going back

I know we keep going back and forth about this, but setting up your own relays to attack Tor is only one of a wide variety of ways to attack, and it's probably not the most effective or most efficient. Other approaches include watching relays that are set up by other honest people (less risk, less hassle, easy to do if you've already put surveillance gear in place) and compromising the browser of users who visit a given site.

I really hope this is the

I really hope this is the next release (which is due in about a month?!) or you at least backport some of it.

Also is TorBrowser fully portable?if so on all operating systems?

No, it will still take some

No, it will still take some months before we can call it a stable release. E.g. signing the update files is missing in 4.5-alpha-2 and we need at least two further releases to test that. And there will be no backport of features either.

Yes, Tor Browser aims at being fully portable. You should be able to run it on Windows/OS X/Linux.

virus error in this

virus error in this version
please fix this

http://www.imageupload.co.uk/images/2014/12/13/Tor_45.jpg

Looks like

Looks like https://www.torproject.org/docs/faq#VirusFalsePositives

Could you please provide

Could you please provide some documentation explaining what the ominous security slider actually does? My apologies if this has already been explained but I could not find anything about it.

Also, is there a way to revert NoScript to its original state so we have the ability to enable/disable sub-elements of a page again?
I know this came with v4.0 and I understand it has been done to make browsing easier for inexperienced users, but can't we have a choice? This all-or-nothing approach seems a bit drastic to me.