Tor Browser 4.5 is released

The Tor Browser Team is proud to announce the first stable release in the 4.5 series. This release is available from the Tor Browser Project page and also from our distribution directory.

The 4.5 series provides significant usability, security, and privacy enhancements over the 4.0 series. Because these changes are significant, we will be delaying the automatic update of 4.0 users to the 4.5 series for one week.

Usability Improvements


On the usability front, we've improved the application launch experience for both Windows and Linux users. During install, Windows users are now given the choice to add Tor Browser to the Start Menu/Applications view, which should make it easier to find and launch. This choice is on by default, but can be disabled, and only affects the creation of shortcuts - the actual Tor Browser is still self-contained as a portable app folder. On the Linux side, users now start Tor Browser through a new wrapper that enables launching from the File Manager, the Desktop, or the Applications menu. The same wrapper can also be used from the command line.

We've also simplified the Tor menu (the green onion) and the associated configuration windows. The menu now provides information about the current Tor Circuit in use for a page, and also provides an option to request a new Tor Circuit for a site. Tor Browser is also much better at handling Tor Circuits in general: while a site remains in active use, all associated requests will continue to be performed over the same Tor Circuit. This means that sites should no longer suddenly change languages, behaviors, or log you out while you are using them.


Figure 1: The new Tor Onion Menu


Security Improvements


On the security front, the most exciting news is the new Security Slider. The Security Slider provides user-friendly vulnerability surface reduction - as the security level is increased, browser features that were shown to have a high historical vulnerability count in the iSec Partners hardening study are progressively disabled. This feature is available from the Tor onion menu's "Privacy and Security Settings" choice.


Figure 2: The new Security Slider

Our Windows packages are now signed with a hardware signing token graciously donated by DigiCert. This means that Windows users should no longer be prompted about Tor Browser coming from an unknown source. Additionally, our automatic updates are now individually signed with an offline signing key. In both cases, these signatures can be reproducibly removed, so that builders can continue to verify that the packages they produce match the official build binaries.

The 4.5 series also features a rewrite of the obfs2, obfs3, and ScrambleSuit transports in GoLang, as well as the introduction of the new obfs4 transport. The obfs4 transport provides additional DPI and probing resistance features which prevent automated scanning for Tor bridges. As long as they are not discovered via other mechanisms, fresh obfs4 bridge addresses will work in China today. Additionally, barring new attacks, private obfs4 addresses should continue to work indefinitely.


Privacy Improvements


On the privacy front, the 4.5 series improves on our pre-existing first party isolation implementation to prevent third party tracking. First party isolation provides the property that third party advertisements, like buttons, and "mashup" content that is included on one site will only know about your activity on that site, and will not be able to match it to your activity while you are on any other site. In other words, with first party isolation, Facebook, Twitter, and Google+ can't track you around the entire web using their infamous like buttons.

Specifically, in the 4.5 release, we now ensure that blob: URIs are scoped to the URL bar domain that created them, and the SharedWorker API has been disabled to prevent cross-site and third party communication. We also now make full use of Tor's circuit isolation to ensure that all requests for any third party content included by a site travel down the same Tor Circuit. This isolation also ensures that requests to the same third party site actually use separate Tor Circuits when the URL bar domain is different. This request isolation is enforced even when long-lived "HTTP Keep-Alive" connections are used.

We have also improved our resolution and locale fingerprinting defenses, and we now disable the device sensor and video statistics APIs.

New Search Provider


Our default search provider has also been changed to Disconnect. Disconnect provides private Google search results to Tor users without Captchas or bans.

Full Changelogs


Here is the complete list of changes in the 4.5 series since 4.0:

  • All Platforms
    • Update Tor to 0.2.6.7 with additional patches:
      • Bug 15482: Reset timestamp_dirty each time a SOCKSAuth circuit is used
    • Update NoScript to 2.6.9.22
    • Update HTTPS-Everywhere to 5.0.3
      • Bug 15689: Resume building HTTPS-Everywhere from git tags
    • Update meek to 0.17
    • Include obfs4proxy 0.0.5
      • Use obfs4proxy for obfs2, obfs3, obfs4, and ScrambleSuit bridges
    • Pluggable Transport Dependency Updates:
      • Bug 15265: Switch go.net repo to golang.org/x/net
      • Bug 15448: Use golang 1.4.2 for meek and obs4proxy
    • Update Tor Launcher to 0.2.7.4. Changes since 0.2.7.0.2 in 4.0.8:
      • Bug 11879: Stop bootstrap if Cancel or Open Settings is clicked
      • Bug 13271: Display Bridge Configuration wizard pane before Proxy pane
      • Bug 13576: Don't strip "bridge" from the middle of bridge lines
      • Bug 13983: Directory search path fix for Tor Messanger+TorBirdy
      • Bug 14122: Hide logo if TOR_HIDE_BROWSER_LOGO set
      • Bug 14336: Fix navigation button display issues on some wizard panes
      • Bug 15657: Display the host:port of any connection faiures in bootstrap
      • Bug 15704: Do not enable network if wizard is opened
    • Update Torbutton to 1.9.2.2. Changes since 1.7.0.2 in 4.0.8:
      • Bug 3455: Use SOCKS user+pass to isolate all requests from the same url domain
      • Bug 5698: Use "Tor Browser" branding in "About Tor Browser" dialog
      • Bug 7255: Warn users about maximizing windows
      • Bug 8400: Prompt for restart if disk records are enabled/disabled.
      • Bug 8641: Create browser UI to indicate current tab's Tor circuit IPs
        • (Many Circuit UI issues were fixed during 4.5; see release changelogs for those).
        • Bug 13651: Prevent circuit-status related UI hang.
        • Bug 13666: Various circuit status UI fixes
        • Bug 13671: Make bridges visible on circuit display
        • Bug 13672: Make circuit display optional
        • Bug 13881: Localize strings for tor circuit display
        • Bug 13882: Fix display of bridges after bridge settings have been changed
        • Bugs 13891+15207: Fix exceptions/errors in circuit display with bridges
        • Bug 14324: Show HS circuit in Tor circuit display
        • Bug 14866: Show correct circuit when more than one exists for a given domain
        • Bug 14937: Show meek and flashproxy bridges in tor circuit display
        • Bug 15086: Handle RTL text in Tor circuit display
        • Bug 15472: Make node text black in circuit status UI
        • Bug 15510: Close Tor Circuit UI control port connections on New Identity

        -->

    • Bug 9387: Security Slider 1.0
      • Include descriptions and tooltip hints for security levels
      • Notify users that the security slider exists
      • Make use of new SVG, jar, and MathML prefs
    • Bug 9442: Add New Circuit button to Torbutton menu
    • Bug 9906: Warn users before closing all windows and performing new identity.
    • Bug 10216: Add a pref to disable the local tor control port test
    • Bug 10280: Strings and pref for preventing plugin initialization.
    • Bug 11175: Remove "About Torbutton" from onion menu.
    • Bug 11236: Don't set omnibox order in Torbutton (to prevent translation)
    • Bug 11449: Fix new identity error if NoScript is not enabled
    • Bug 13019: Change locale spoofing pref to boolean
    • Bug 13079: Option to skip control port verification
    • Bug 13406: Stop directing users to download-easy.html.en on update
    • Bug 13650: Clip initial window height to 1000px
    • Bugs 13751+13900: Remove SafeCache cache isolation code in favor of C++ patch
    • Bug 13766: Set a 10 minute circuit lifespan for non-content requests
    • Bug 13835: Option to change default Tor Browser homepage
    • Bug 13998: Handle changes in NoScript 2.6.9.8+
    • Bug 14100: Option to hide NetworkSettings menuitem
    • Bug 14392: Don't steal input focus in about:tor search box
    • Bug 14429: Provide automatic window resizing, but disable for now
    • Bug 14448: Restore Torbutton menu operation on non-English localizations
    • Bug 14490: Use Disconnect search in about:tor search box
    • Bug 14630: Hide Torbutton's proxy settings tab.
    • Bug 14631: Improve profile access error msgs (strings for translation).
    • Bugs 14632+15334: Display Cookie Protections only if disk records are enabled
    • Bug 15085: Fix about:tor RTL text alignment problems
    • Bug 15460: Ensure FTP urls use content-window circuit isolation
    • Bug 15502: Wipe blob: URIs on New Identity
    • Bug 15533: Restore default security level when restoring defaults
    • Bug 15562: Bind SharedWorkers to thirdparty pref
  • Bug 3455: Patch Firefox SOCKS and proxy filters to allow user+pass isolation
  • Bug 4100: Raise HTTP Keep-Alive back to 115 second default
  • Bug 5698: Fix branding in "About Torbrowser" window
  • Bug 10280: Don't load any plugins into the address space by default
  • Bug 11236: Fix omnibox order for non-English builds
    • Also remove Amazon, eBay and bing; add Youtube and Twitter
  • Bug 11955: Backport HTTPS Certificate Pinning patches from Firefox 32
  • Bug 12430: Provide a preference to disable remote jar: urls
  • Bugs 12827+15794: Create preference to disable SVG images (for security slider)
  • Bug 13019: Prevent Javascript from leaking system locale
  • Bug 13379: Sign our MAR update files
  • Bug 13439: No canvas prompt for content callers
  • Bug 13548: Create preference to disable MathML (for security slider)
  • Bug 13586: Make meek use TLS session tickets (to look like stock Firefox).
  • Bug 13684: Backport Mozilla bug #1066190 (pinning issue fixed in Firefox 33)
  • Bug 13788: Fix broken meek in 4.5-alpha series
  • Bug 13875: Spoof window.devicePixelRatio to avoid DPI fingerprinting
  • Bug 13900: Remove 3rd party HTTP auth tokens via Firefox patch
  • Bug 14392: Make about:tor hide itself from the URL bar
  • Bug 14490: Make Disconnect the default omnibox search engine
  • Bug 14631: Improve startup error messages for filesystem permissions issues
  • Bugs 14716+13254: Fix issues with HTTP Auth usage and TLS connection info display
  • Bug 14937: Hard-code meek and flashproxy node fingerprints
  • Bug 15029: Don't prompt to include missing plugins
  • Bug 15406: Only include addons in incremental updates if they actually update
  • Bug 15411: Remove old (and unused) cacheDomain cache isolation mechanism
  • Bug 15502: Isolate blob: URI scope to URL domain; block WebWorker access
  • Bug 15562: Disable Javascript SharedWorkers due to third party tracking
  • Bug 15757: Disable Mozilla video statistics API extensions
  • Bug 15758: Disable Device Sensor APIs

  • Linux

    • Bug 12468: Only print/write log messages if launched with --debug
    • Bug 13375: Create a hybrid GUI/desktop/shell launcher wrapper
    • Bug 13717: Make sure we use the bash shell on Linux
    • Bug 15672: Provide desktop app registration+unregistration for Linux
    • Bug 15747: Improve start-tor-browser argument handling

  • Windows

    • Bug 3861: Begin signing Tor Browser for Windows the Windows way
    • Bug 10761: Fix instances of shutdown crashes
    • Bug 13169: Don't use /dev/random on Windows for SSP
    • Bug 14688: Create shortcuts to desktop and start menu by default (optional)
    • Bug 15201: Disable 'runas Administrator' codepaths in updater
    • Bug 15539: Make installer exe signatures reproducibly removable

  • Mac

    • Bug 10138: Switch to 64bit builds for MacOS

    Here is the list of changes since the last 4.5 alpha (4.5a5):

    • All Platforms
      • Update Tor to 0.2.6.7 with additional patches:
        • Bug 15482: Reset timestamp_dirty each time a SOCKSAuth circuit is used
      • Update NoScript to 2.6.9.22
      • Update HTTPS-Everywhere to 5.0.3
        • Bug 15689: Resume building HTTPS-Everywhere from git tags
      • Update meek to 0.17
      • Update obfs4proxy to 0.0.5
      • Update Tor Launcher to 0.2.7.4
        • Bug 15704: Do not enable network if wizard is opened
        • Bug 11879: Stop bootstrap if Cancel or Open Settings is clicked
        • Bug 13576: Don't strip "bridge" from the middle of bridge lines
        • Bug 15657: Display the host:port of any connection faiures in bootstrap
      • Update Torbutton to 1.9.2.2
        • Bug 15562: Bind SharedWorkers to thirdparty pref
        • Bug 15533: Restore default security level when restoring defaults
        • Bug 15510: Close Tor Circuit UI control port connections on New Identity
        • Bug 15472: Make node text black in circuit status UI
        • Bug 15502: Wipe blob URIs on New Identity
        • Bug 15795: Some security slider prefs do not trigger custom checkbox
        • Bug 14429: Disable automatic window resizing for now
      • Bug 4100: Raise HTTP Keep-Alive back to 115 second default
      • Bug 13875: Spoof window.devicePixelRatio to avoid DPI fingerprinting
      • Bug 15411: Remove old (and unused) cacheDomain cache isolation mechanism
      • Bugs 14716+13254: Fix issues with HTTP Auth usage and TLS connection info display
      • Bug 15502: Isolate blob URI scope to URL domain; block WebWorker access
      • Bug 15794: Crash on some pages with SVG images if SVG is disabled
      • Bug 15562: Disable Javascript SharedWorkers due to third party tracking
      • Bug 15757: Disable Mozilla video statistics API extensions
      • Bug 15758: Disable Device Sensor APIs
    • Linux
      • Bug 15747: Improve start-tor-browser argument handling
      • Bug 15672: Provide desktop app registration+unregistration for Linux
    • Windows
      • Bug 15539: Make installer exe signatures reproducibly removable
      • Bug 10761: Fix instances of shutdown crashes

    Post update 4/28/2015: Provide screenshots of the Tor Onion menu and Security Slider.
    Post update 4/28/2015: Add section headers.

  • Snowden's Son in Law

    May 04, 2015

    Permalink

    What is the status on using Enhanced Mitigation Experience Toolkit? Is it safe to use with TBB on Windows? I know it's created by Microsoft and it's closed source so what are the possible negatives as well as positives from using this?

    Snowden's Son in Law

    May 04, 2015

    Permalink

    Is it safe to keep browser and form history when using TBB? Are there any problems associated with doing this?

    Snowden's Son in Law

    May 04, 2015

    Permalink

    It seems Adblock Edge is gonna get discontinued in June. Is it ok to use µBlock, its successor or no?

    Snowden's Son in Law

    May 04, 2015

    Permalink

    Would enabling bridges in TBB add more security/anonymity to the browser or is it worse than default connection settings?

    Snowden's Son in Law

    May 04, 2015

    Permalink

    Super release 4.5! One question: how would changing TBB's user agent to a default firefox/chrome affect anonymity/fingerprinting?

    Snowden's Son in Law

    May 04, 2015

    Permalink

    When can we expect an automatic upgrade from 4.08 to 4.5, and is it safe to use 4.0.8?

    Snowden's Son in Law

    May 05, 2015

    Permalink

    Thanks for your excellent work, I really appreciate the Tor Browser and the work you do. There is too much censorship in England - blocking of sites due to copyright, surveillance, and draconian porn laws.

    Snowden's Son in Law

    May 05, 2015

    Permalink

    Strange behavior : Cross browser remembering page search info

    I already noticed for a while (some versions) that search keywords are not cleaned. The keywords you can type below if you search for certain words in a webpage.

    If you choose a new identity or even close the browser and startup again, if you open the search (page) window you'll see that old keyword again.
    That could maybe compromise your local privacy a bit (depending on the keyword).
    Then I was slightly wondering if a script on a website even could read one way or another that keyword as well. Because if you don't clean that field you'll take that information with you to every website you visit, leaving some sort of a track behind you (if website owners managed to read that information that keyword or even phrase Torbrowser is storing).

    It's even getting better (worse) now because I discovered that it even goes further then that. Just had the strange experience that the keyword could not be erased anymore, it just came back, could only replace it by something else but not leave the search field empty anymore, and to my surprise finally that it even showed up in another normal Firefox browser where I also could not clean that same keyword appearing again!
    If a keyword even can sho up in a normal Firefox version, then it maybe could really directly compromise your identity if a website could read that information (yes, you should visit the same page with a normal browser and sometimes with Torbrowser, but maybe some people do in some cases?).

    Okay (not), I took another fresh Torbrowser installer and installed a fresh Torbrowser on my desktop. Opened it, looked for the keyword field and there was the same last word I typed in the old Torbrowser/Firefox browser again.
    Took another fresh Firefox, the same word was there also again.

    Tried it with other non-mozilla browsers, no keywords given.
    Went to another user account, opened a Firefox browser, no keyword.
    So it was a user account related and mozilla browser related problem.

    Now, this behavior of not cleaning a keyword and even taking it with it to a normal Firefox browser and not being able to clean the search word (a dot, number or even an empty hit of the space bar) is in my opinion a bit alarming.
    I think that means that some persistent information is/or was stored outside Torbrowser (why?), somewhere in a related mozilla directory where it does not get/or cannot be cleaned and is eventually used by every mozilla browser you open in that account.

    I did have to do a serious system (caches etc.) clean up in safe boot modus to get rid of this persistent keyword storage problem since I did not know exactly where to look for cleaning this behavior.
    (For the humorous people, it wasn't a special word, just a normal search on a normal page, no malware expected overthere. Browsers startup in safe modus did not help either).

    Do other users have seen or experienced this kind of behavior of persitenly remembering the page search word as well?

    Torbrowser version I was using 4.5 on a Mac.
    Remembering the keyword after renewal or browser restart was already there in older Torbrowser versions. Cross browser remembering looks like new behavior.

    Thanks for the attention.

    Snowden's Son in Law

    May 06, 2015

    Permalink

    It's been a week, but the auto-updater doesn't seem to be working.

    Running Tor Browser 4.0.8 on Windows, using the updater in Help -> About Tor Browser shows "Tor Browser is up to date" even though it's not.

    I could just download the binaries, but I thought this was worth pointing out.

    Snowden's Son in Law

    May 07, 2015

    Permalink

    I use http://file2hd.com/ to download videos from Youtube over TOR.

    With up to and including TOR 4.0.8 everything worked fine. After entering the URL, clicking "I have read and agree to the Terms of Service" and marking "Movies" as the files I wanted I would see (for example):

    http://youtube.com/Peter Pop feat Lora Singuri in doi - Low Quality 240p [File2HD.com].mp4
    http://youtube.com/Peter Pop feat Lora Singuri in doi - Low Quality 240p [File2HD.com].flv
    http://youtube.com/Peter Pop feat Lora Singuri in doi - Standard Quality 360p [File2HD.com].mp4
    http://youtube.com/Peter Pop feat Lora Singuri in doi - HD 720p [File2HD.com].mp4

    I would then click on the file quality I wanted and the download would start.

    However, with 4.5, I still get up to choosing the file quality I want but after clicking on the file the next screen is again the Start screen: asking me to enter the URL, click on " I have read and……." and chose ,for example, Movies. The file I have just chosen does not download. If I fill the details again, the file still does not download, I am sent back to the Start screen again.

    Please help.

    Thanks

    PS thanks for an otherwise excellent piece of work.

    Snowden's Son in Law

    May 07, 2015

    Permalink

    What security slider position equals the default setting of 4.0.8?

    Snowden's Son in Law

    May 07, 2015

    Permalink

    so on 4.0.8 what was the security level? I am not sure where to have the slider? I mean should I have it at the highest setting when going to onion sites etc, was 4.0.8 technically set on high or low?

    Snowden's Son in Law

    May 08, 2015

    Permalink

    Why is TBB "secure" window size when it is used as default? Why not set window size default for all TBB users as full screen, would that not give the same amount of privacy from being fingerprinted?

    Snowden's Son in Law

    May 08, 2015

    Permalink

    Yesterday I came across a plugin called "Disable Plugin & Mimetype Enumeration " which hides your plugins/mimetype from sites. Is this already implemented into TBB or is it okay to just to use this addon?

    Snowden's Son in Law

    May 08, 2015

    Permalink

    Is there a bug regarding DNS lookup?

    I have reported above a message (via Vidalia) re a connection made to 127.0.0.1:443.

    Today I am getting reports of such connections, not to 127.0.0.1 but to 19X.X6.2X4.21X.

    On github (https://github.com/ethans/switchy/issues/455) someone reported the same thing a few days ago.

    The final remark from github is:
    This is very dangerous because DNS lookup is being done through ISP which is what TOR is informing me of when DNS lookup should be done through TOR

    Could GK please respond as a matter of urgency?

    Thanks

    Have you tried logging in? You can either make an account (this is the recommended way if you want to hear about progress on your ticket), or use the cypherpunks account listed on the front page of the wiki.

    Arma thanks.

    I have tried to create an account, via TOR, but I just keep getting the response that the page thinks my submission is Spam.

    I then try to fill in the Captcha but I never get it right. Even using a magnifying glass to try to 'guess' what the letters are in the captcha, I fail every time.

    I can understand the need to guard against spam, but is it necessary to make the captchas so difficult to understand?

    Snowden's Son in Law

    May 09, 2015

    Permalink

    Why does Tor only use 3 relays as opposed to 4, 5 or more? Which one would provide more anonymity?

    Snowden's Son in Law

    May 10, 2015

    Permalink

    Can someone explain why i´m connecting to the same exact Ip/node every time use tor browser?(the first of 3 ip´s) It has not changed since i downloaded it a couple of days ago.
    What if this node is computerized?
    I thought the point of Tor was to connect to different nodes every time.

    Snowden's Son in Law

    May 10, 2015

    Permalink

    Certificate management/validation (repeated question)

    1) The standard available option "When an OCSP server connection fails, threat the certificate as invalid" is not activated.
    Why not?

    2) What could be the reason that if you do activate this OCSP check, that one can experience getting more and more error pages like 'secure connection failed'.
    It really seems to increase last several months. A lot of times even directly after startup Torbrowser and trying to connect to a secure webpage.
    Does this seem to point at the possible questionable 'quality' of the exit node?

    3) Since the beginning of the Alpha version of the 4.5 Torbrowser I did see on a regular basis this mysterious middle node "?? 104.236.37.219" . It seems the only one that's giving this question mark message.
    Did you notice/know? What's up with this node?

    Snowden's Son in Law

    May 11, 2015

    Permalink

    Hello, when i activate menu-bar with "view/toolbars --> menue bar and bookmarks - can someone read or track this changing?

    think windosize wont change. can someone tell me plesse

    thx 2016

    Snowden's Son in Law

    May 11, 2015

    Permalink

    4.5 will not install on my Windows XP. When I download 4.5 it reaches 34.1 MB and hangs there until Tor Browser asks Zone Alarm for internet access (something I already permitted). When I give it the permission it already had, the download finishes at 34.1 MB though the file is supposed to be 34.2 MB.

    When I try to install it it does nothing.

    "will be prompted to update automatically by their Tor Browser, while users of the stable 4.0.8 will receive the same prompt in about a week’s time"

    I have not received this prompt.

    Snowden's Son in Law

    May 12, 2015

    Permalink

    WHAT ARE CONCERNED TOR USERS SUPPOSED TO DO.

    I have had no response from arma or gk about what may be a bug in the dns lookup of 4.5, so I registered at trac.tor.

    I submitted a report but it was rejected as possible spam, probably because I submitted it over TOR!!!

    The way to get the system to believe that it is not spam was to 'try' to fill out the indecipherable captcha that I have complained about above.

    I tried but, as reported above, I failed.

    What am I supposed to do?

    Snowden's Son in Law

    May 12, 2015

    Permalink

    DNS look-up

    Regarding my recent post on this.

    I have just found an old Tor item from 2012:
    https://blog.torproject.org/category/tags/dns-bypass

    The solution given is:
    To fix this dns leak/security hole, follow these steps:

    Type “about:config” (without the quotes) into the Firefox URL bar. Press Enter.
    Type “websocket” (again, without the quotes) into the search bar that appears below "about:config".
    Double-click on “network.websocket.enabled”. That line should now show “false” in the ‘Value’ column.

    I have just gone into about:config and have found “network.websocket.enabled”. Should this be set to 'false'.

    For the sake of users, could Arma or GK please respond? As I have said, if the trac captures were not so difficult to understand, I would submit a bug report.

    Thank you

    Snowden's Son in Law

    May 13, 2015

    Permalink

    ^Are you the same guy who wrote the following?
    "Is there a bug regarding DNS lookup?

    I have reported above a message (via Vidalia) re a connection made to 127.0.0.1:443.

    Today I am getting reports of such connections, not to 127.0.0.1 but to 19X.X6.2X4.21X."

    "WHAT ARE CONCERNED TOR USERS SUPPOSED TO DO."

    ALL TOR USERS AFAIK aren't supposed to use the outdated & non supported Vidalia anymore.

    Snowden's Son in Law

    May 17, 2015

    Permalink

    A thousand thanks to mikeperry and the other devs for all their work!

    My experience using the Tor Browser version included in Tails 1.4 has so far been inconsistent and confusing, for reasons which are unknown to me and quite possibly independent of the significant improvements in the new browser. My problems seemed to cease when I stopped using the privacy slider and manually reverted to my old (wrong) way of using the browser, among a few other changes, but I am cautiously optimistic that eventually I'll e able to use the slider without experiencing ill effects.

    > Are you the same guy who wrote the following?

    No.

    > ALL TOR USERS AFAIK aren't supposed to use the outdated & non supported Vidalia anymore.

    That can't be right, since Vidalia is used in Tails 1.4. If I am wrong, say so because then I must have a bad PGP key, a bad detached sig, and a bad iso image.

    Snowden's Son in Law

    June 09, 2015

    Permalink

    hi guys,

    i have error in my tor browser

    Tor failed to establish a Tor network connection.

    Establishing an encrypted directory connection failed (done - 0.0.1.0:1).
    09/06/2015 10:45:46 a.m..198 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
    09/06/2015 10:45:48 a.m..164 [NOTICE] Opening Socks listener on 127.0.0.1:9150
    09/06/2015 10:45:50 a.m..101 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150
    09/06/2015 10:45:50 a.m..101 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
    09/06/2015 10:45:50 a.m..101 [NOTICE] Closing old Socks listener on 127.0.0.1:9150
    09/06/2015 10:45:51 a.m..286 [NOTICE] Opening Socks listener on 127.0.0.1:9150
    09/06/2015 10:45:52 a.m..418 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150
    09/06/2015 10:45:52 a.m..418 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
    09/06/2015 10:45:52 a.m..418 [NOTICE] Closing old Socks listener on 127.0.0.1:9150
    09/06/2015 10:45:56 a.m..740 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
    09/06/2015 10:45:56 a.m..741 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
    09/06/2015 10:45:56 a.m..741 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
    09/06/2015 10:45:56 a.m..741 [NOTICE] Opening Socks listener on 127.0.0.1:9150
    09/06/2015 10:45:58 a.m..153 [NOTICE] Bootstrapped 5%: Connecting to directory server
    09/06/2015 10:45:58 a.m..163 [NOTICE] Bootstrapped 10%: Finishing handshake with directory server
    09/06/2015 10:45:59 a.m..729 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150
    09/06/2015 10:45:59 a.m..729 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
    09/06/2015 10:45:59 a.m..730 [NOTICE] Closing old Socks listener on 127.0.0.1:9150
    09/06/2015 10:45:59 a.m..730 [WARN] Problem bootstrapping. Stuck at 10%: Finishing handshake with directory server. (DONE; DONE; count 1; recommendation warn; host 4D6C0DF6DEC9398A4DEF07084F3CD395A96DD2AD at 0.0.1.0:1)
    09/06/2015 10:45:59 a.m..730 [WARN] 1 connections have failed:
    09/06/2015 10:45:59 a.m..730 [WARN] 1 connections died in state handshaking (TLS) with SSL state SSLv2/v3 read server hello A in HANDSHAKE

    he was working properly but derrepente began to show me the error, and try to change the providded bridges in flashproxy, fte,fte-ipv6, meek amazon meek azure, meek google, obfs3 (recommended), obfs4 and scramblesuit but none run,

    if any of you could assist me it would be greatly appreciated, my mail if you have any tutorial to solve this failure is steven341992@hotmail.com

    thank you very much

    Snowden's Son in Law

    July 07, 2015

    Permalink

    i like the new version.

    thank you for developing tor!