Tor Browser 5.5.5 is released

by boklm | April 26, 2016

Tor Browser 5.5.5 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This release updates Firefox to 38.8.0esr. Additionally, we bump NoScript to version and HTTPS-Everywhere to 5.1.6.

Moreover, we don't advertise our help desk anymore as we are currently restructuring our user support.

Here is the full changelog since 5.5.4:

Tor Browser 5.5.5 -- April 26 2016

  • All Platforms
    • Update Firefox to 38.8.0esr
    • Update Tor Launcher to
      • Bug 10534: Don't advertise the help desk directly anymore
      • Translation updates
    • Update HTTPS-Everywhere to 5.1.6
    • Update NoScript to
    • Bug 18726: Add new default obfs4 bridge (GreenBelt)


Please note that the comment area below has been archived.

April 26, 2016


Is there a reason why customers cannot shop online at Wal-mart through Tor? If it's a tech issue, please repair.

It is not a tech issue Wal-mart and other online shopping companies are intentional blocking Tor and other anonymity services to prevent criminals from using stolen credit cards anonymously.

I understand that they are preventing anonymous use of credit cards,
but I think the OP meant "shopping" as just window shopping without being tracked.
obviously when it comes to using your credit card. that page should be deanonymized,

May 02, 2016

In reply to dcf


YES dcf
Once in a blue moon, you can get to Walmart by using "New tor cicuit for this site" but very rarely.

where do we submit all the URLs?

April 26, 2016


Thanks to ALL you.. on behalf of TorBrowserestrs :)

Next is not a bug.. but a suggestion,

if possible to include an On/Off Icon (to be per-configured) [for privacy and security settings]

so, instead of:
1-Clicking pull-down-menu of the green Tor icon, Then
2-Selecting privacy and security settings, Then
3-Selcting (temporarily) LOW sec-Level, Then
4-pressing OK..
That's in order (for example) to watch a quick video clip ..

and will go after all above 1-2-3-4 steps AGAIN to "undo" the LOW to be Mid-LOW .. and back&forth again&again for similar instances ..

That's why thought of above suggestion for a near-by icon to the green one.. (side-by-side)

ON- (Green color led) means:
privacy and security set to (ANY level above LOW)
Or set according to what has been chosen under (Tor green icon)

OFF- (Red color led) means:
privacy and security set to (LOW level)

While per-configuration may include some of the following:

Auto-Off: to select how many minutes to AUTO turn the icon to OFF (Green)

for myself i'd mostly chose 3 minutes,
when i forget to click! it will Auto-Off by itself
Hope u all like my contribution,

Thanks Again, Bye for Now..

forgot to mention that the suggested NEW side-by-side icon is a click-able one..

click once- goes Red to view videos
click again- goes Green..

or leave it to auto-off
(according to what time was set in per-configuration)

Thanks anyway buddy,

if you mean 1-2-3-4 "trip"! will, that's quite long, need to find a motel in the middle, to get rest for 2 days :)

but if you mean to say the miss-spilled (TiP) .. I'd then second thanking you again..

if Tor..Divz, would make the TiP,
i'll then move the 'Great'Green (Tor enabled) icon under the so-called "hamburger Menu" .. and will keep instead of it the On-Off (Red-Green) icon.. so that the privacy will turn (or Auto-Turn) to my own-default & will NEVER be FORGOTTEN after watching any video clip :)

Best RGDS: idea-Maker

First of all, even at the low setting you're still sending your traffic through tor, and Tor Browser still has some additional safety features over vanilla Firefox. Making it seem like you're turning something off as opposed to down will just increase the confusion.
In addition to all of that, I don't think that's a good way to browse the web. While I agree that the security slider could use some changes, I don't believe your suggestion which implies that the amount of time you have security set to low makes a difference. What matters is the sites you visit while the security slider is set to low. It only takes one visit to launch a browser javascript exploit.
Besides, you can still technically play video with the slider set to high. It's click to play and certain sites don't work (i.e. Youtube,) but video can still play. The sites in question do not play video without javascript enabled, so this is a wider issue than Tor Browser and should also be addressed with the sites in question.
Also, concerning Youtube in particular: Youtube is owned by Google and thus actually one of the more dangerous sites to set to Low in terms of privacy. Downloading the video (if possible) and playing it through a local video player might be a better option than viewing it on Youtube itself.

I'm not sure why you think this is a bad way to use the Tor Browser.
Sure, it takes just one visit to launch an exploit. But if on 95% of the sites that I visit, I can do without javascript and on 5% I can't, am I not safer lowering the security slider only when visiting those 5%?

I also think it would be great to convince popular sites (like Youtube) not to require the use of javascript. But we live in the real world and simply pointing the finger realistically doesn't help anyone much.

I'm also unsure whether downloading a youtube video through some dedicated, torified application would be more secure, since it's obviously detectable and you're distinguishing yourself from the crowd. (Same problems over and over again)

Actually, in order to watch youtube you don't have to disable all protections, you only need to do 3 things when the security slider is set to max:
1. Enable audio/video in noscript.
2. Enable in about:config.
3. Add and to the whitelist in noscript

This way, you only expose yourself to javascript and svg security risks in and which are operated by google and you stay protected from all other known browser attack vectors. Obviously, from a privacy angle this settings could make your browser fingerprint unique in the eyes of google should they bother to fully collect and analyze every ancillary aspect of your browsing behaviour.

You could claim however that if you only use low security settings after taking a new identity and then browsing only and after you finish you set the security slider back to max and starting a new session, then perhaps the slightly larger attack surface you give google is not worth the privacy sacrifice you make by choosing a rare browser fingerprint. But that depents perhaps on your threat model. For example, to the best of my knowledge google has never used it's servers to actively attack users in any circumstances, though it is possible of course that it was done against terrorists with a NSL. On the other hand google is widely known of passively collecting huge amounts of information about its' user base from commercial reasons.

So the conclusion is that perhaps unless you are a very high target, then you should be more afraid of google passively collecting information than of it actually trying to hack into your device. And in that case, your method of watching youtube might be better than mine, as long as you make sure you never visit any other non google site when you're in low security settings.

I'm glad you brought up the browser fingerprint. I've had concern about that since reading an article proving users can usually be completely uniquely identified with only a browser fingerprint. I had no idea I was broadcasting so much detailed information. I'm wondering why no one has built a spoof for this that would truncate the point point point release versions of add-ons, etc,, substitute a standard list of fonts, etc. Do you know anything about this? I'm not technically savvy enough about browsers to know at what level this information is being snatched and sent and if that could be hijacked for us.

April 26, 2016


Autoupdate hosed my installation this time. Cannot start browser; instead I get a "Can't load FXCOM" dialog, that does nothing but close.

Perhaps your antivirus quarantined a component. In a previous release Panda Antivirus did that to me, thinking some part of Tor was bad news. A false positive. I have now set Panda to ask me whether to do this or not so I have a chance to exclude things that are not a threat that it makes a mistake with, such as Tor.

A search of this problem suggested that those using "WebRoot" software need to allow certain .dll files through the identity protection filter. In my case, after updating Tor and Firefox, i allowed the file "nss3.dll" and Tor browser ran as normal. Hope this helps!

April 26, 2016



April 26, 2016


tor seems sort of faster past this update. don't see why that would be, but I'm pleased either way.

April 26, 2016


Hi Tor crew I know this isn't the best place but:

programs like f.lux and twilight which filter blue light from the screen
after sunset to preserve melatonin production in the brain: Such programs ask and rely upon ones location to finetune the sunrise/sunset times

If one is using Tor at the time the program seeks/sets/relates to/ ones location information, this could leak? As both Tor, and the program, are communicating data related to 'what is appearing on the screen right now''

Run linux and install redshift, run "redshift -L longitude:langitude -t 6500:1000" in a terminal. Program is open source so probably no leaks.

April 26, 2016


Hacking Team CEO claims they can now break Tor:

No longer will his clients have to bait a Tor user in order to circumvent the anonymity software — as Morocco did with the Scandal file it sent to Mamfakinch. Now, Vincenzetti boasts, his software can “break” Tor. “I can put a box in this room which will decode all your encrypted traffic on the fly,” he tells me. “Logins, passwords, locations, real user name, real site names…. It’s black magic.”

This kind of decryption would not only transform law enforcement, but also threaten to destroy the protection that private citizens, namely political dissidents, have come to expect online. Jeff Moss, a security analyst and founder of the Def Con hacker conference, is dubious of Vincenzetti’s claim — but if true, he says, it would be “a severity 10” bug that the Tor community would have to race to fix.

Quoted from…

“I can put a box in this room which will decode all your encrypted traffic on the fly,” he tells me. “Logins, passwords, locations, real user name, real site names…. It’s black magic.”

Says the CEO who 'got-his-ass-hacked' - PWNED big time - because he couldn't secure his own networks:

"The hack itself was executed using a common weakness: first, an embedded device within the network was found with a known zero-day weakness. From there, the hacker was able to get into an unencrypted backup and find the passwords for a Domain Admin server, which basically gave him the keys to the kingdom."

Note sysadmins at Hacking Team were using passwords like (not kidding): "P4ssword", so let's take dirtbag's word with a grain of salt.


Chaining Tor with VPNs, bridges and solid O/S arrangements like Qubes Whonix will give anybody far greater security, since one can isolate browsing sessions to VMs and d*ickfaces like Vincezetti can possibly discover your 'real IP address' correlates to an OpenVPN entry point, at best. Further, run of the mill attackers will have some job breaking out of unpriveleged AppVM domains in Qubes with read-only access to the filesystem template on which it is based, and nothing else.

The main point of that blog entry you referred to is that you shouldn't open random attachments - a classic way to get infected.

Tor's primary weakness probably remains the end-end correlation that suggests you may be Tor user X. If your stuff is that critical e.g. political dissident, use TAILS instead from USB on random computers that can't point to a home address i.e. so they can't just sit at the suspected area of the network they think you are using and do the math looking at in-out flows.

Just be aware that every USB memory or flash card has a unique hardware ID, don't ever use the same USB in your own machine for every day use as Windows, at least since XP, stores all ID's at least in the registry and may be sent as some "usefull telemetry" data back to the HQ.

Without verification, it will remain a claim. However, if this is true, would using a VPN service prevent this? Or would it also be decrypted on the fly?

@ Tor people: a million thanks for all your work, please keep it up, and please take care!

About Hacking Team: however you assess the level of threat HT poses to human rights activists who use Tor, one thing is certain: David Vincenzetti is gunning for Tor.

On the bright side, to repeat a rare and welcome bit of good news: the Italian government, goaded by the UN and EU human rights people, recently cracked down on HT, and even revoked many of the company's most lucrative export licenses. And as the FP article noted, several key employees quit in disgust upon discovering (thanks to Citizen Labs and other sources) how evil is Hacking Team's clientèle. Also, as the FP article noted, a deal with the Saudi government to buy HT fell through. So HT is quite possibly in serious financial straits. That would be beneficial for the world.

> “I can put a box in this room which will decode all your encrypted traffic on the fly,” he tells me. “Logins, passwords, locations, real user name, real site names…. It’s black magic.”

I agree with those who express skepticism of this evil-spyware marketing claim from an extremely disreputable company, but we should be careful not to underestimate our enemies. Divincenzetti has always been very dangerous to free people everywhere, and the highly successful intrusion by Phineas Phisher has only made him angry. Unfortunately, I do not find it so implausible that HT has acquired new and nastier government clients attracted by the evil reputation of this company. So TP should remain vigilant, as I am sure you would regardless of comments posted in this blog.

The Foreign Policy article is excellent, and anyone interested in learning more about who uses Tor and what kind of organizations want to spy on people who use Tor should read it.

April 26, 2016


By hitting download on the tor browser project page there is this warning: Fehler: Gesicherte Verbindung fehlgeschlagen SSL_ERROR_BAD_MAC_READ This is on Firefox 46

April 26, 2016



April 26, 2016


Good job . thanks

we can't receive Tor bridges in iran . this message is received please check it :

This is the mail system at host

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

I don't know a good answer for your question but hope someone else can help.

I believe that Tor Project is currently reorganizing its "help desk" to assist people who need help obtaining bridges or who are having other problems using Tor.

Tor Project has less than ten employees, I believe, so they are all very overworked, but the help desk functions are mostly done by a world-wide network of volunteers.

April 27, 2016


Is there an update for the iPhone, if so, download URL please. Thanks for the work and team work involved in bringing us back to reality!

Read above comment that starts with:
"On April 26th, 2016 Anonymous said: Thanks to ALL you.."

You'll then -may- find a solution by yourself ;)

ps. for a quick-find.. it's 1 of the longest comment written :)

You could download the videos with some of the add-ons, and it's possible to start looking at a video already when downloading, so you can stop/pause downloading to see if you like the video imediately, and then continue download the whole video.
Also, it is possible to use VLC player to stream youtube videos through tor browser bu setting the network proxy configuration to use the TBB 9150/1 ports, the only limit is that VLC can only play max 720p videos, but on the other hand VLC is extremely light on the CPU resources in comparison to HTML5 videos and Flash. I for one am not so sure I wouldn't even like to watch Youtube videos with the TBB, the reason is that the new browsers MSE/EME and DRM capability may reveal hardware ID's of your computer, it's a bombshell.

April 27, 2016


Sorry, 1/2 off-topic but i have/there is a little really big problem:

If anybody is using TAILS without USB, he,she has a
non-persistent, non-editable state file! And the Tails team say it's not urgent:
"Due in about 20 months (12/31/2017)
Roadmap for 2017"
Persistence preset: Tor state
At the and of 2017 .........speechless and helpless.

An essential security mechanism of Tor is unimportant? Why?

April 27, 2016


Tor Browser 5.5.5 have malware? My 360 TS antivirus said that there is malware and I cannot install new version.
Pls check.
Thanks and best regards

Either your lying, your antivirus downloaded a false-flag signature,or your tor bundle was switched with a malicious one. I think you may have been compromised.

April 27, 2016


Cloudflare problems?

After updating I can no longer access websites protected by cloudflare: usually I only needed to solve a couple of captcha puzzle sets, but now I keep getting more and more of them, even after correctly solving all of them, I keep getting the "Multiple correct solutions required, please solve more" message.

Is it just me?

April 27, 2016

In reply to boklm


Uhm, you're right; the problem lasted for some hours, and now it's gone.
So, not related to the Tor update. Sorry for overreacting too fast :)

cloudflare is the absolute worst. that gives me an idea i may start working on soon - an anti-cloudflare tbb extension that adds a bridge to 'non-tor' VPN endpoints

like using vpn over tor, but easier to set up for less technical users

cloudflare is the dumbest tech ever happened to the whole era of computers, that which may makes think the origin of human is a 'Monkey" might be 99.9% true :)

there are Zillion smarter ways to breakdown a suspicious "DoS streams".. that will be founded by our grand sons, at that time when they will look back to us saying: Shame on you :))

however, myself, when want just-to-read and the dumb cloudflare appears then will not solve any damn puzzle, will just drop the link into

RGDS: idea-Maker

Please don't; allowing Tor exit nodes to be known is intentional. Using techniques to mask that tor use, especially on the large scale, will in the long run make it harder to convince site admins to allow tor.
Also, it doesn't tend to take Cloudflare a long time to block IP's with "suspicious activity," and so it probably won't take long for them to block your VPN, leaving you with increased attack surface with no actual benefit.

That bothers me too... anyone know what info the goog's getting when they serve up a captcha? (Will they know what site you're trying to visit, or just that cloudflare wants someone at X ip to solve a million captchas?)

April 27, 2016



April 27, 2016

In reply to by Anonymous (not verified)



April 27, 2016


I seem to have a bug, that happens for some time now. Happens everytime Tor Browser Bundle finds an update, while my normal Firefox Browser is still open. When restarting TBB for the update to install, it says:

"The update could not be installed. Please make sure there are no other copies of Firefox running on your computer, and then restart Firefox to try again."

I closed normal Firefox and tried to update again, but the same message appears. Only way to install new TBB version is to install the new Bundle version from new. I haven't tried to restart the pc yet though. Maybe that could help.

It's still running in the background.Try opening task manager,wait a few minutes (3-5 min), if you still see it on task manager, kill the process. Doing this however, may result in data loss/corruption. Only kill it if you have nothing to lose.

Sorry, i should have said that i closed the process in the task-manager. So it is not running anymore. But it wouldn't work nevertheless. Maybe it is another process that is correlated with the normal Firefox Browser that is preventing the TBB to update. But i can't find out.

April 27, 2016


OS X 10.10.5

Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team.

Restarting Tor will not close your browser tabs.

April 27, 2016



April 27, 2016


Подскажите, почему при просмотре видео на ютуб, если во ремя просмотра выйти на домашнюю страницу "about:tor", показывает что TOR отключен.

April 27, 2016


Thnx for helping us to brows anonymously. Could you please enable Bangla font in Tor. It will be great help.

If its already enable please inform the procedure to enable Bangla font.

What operating system do you use? What web site doesn't work for you?

It is working for me, for example
Screenshot of using Tor Browser 5.5 on Windows 7

You can help fix the problem by filing a bug report. First go to and make an account, then go to to make a new ticket.

Here is some previous discussion on this issue: We were not able to help because they did not tell us what web site doesn't work.

April 27, 2016



I typed "Tor" on the search line of Yahoo and downloaded Tor. I got a message that I was connected and was invited to check out a website which yielded an address.

I keep seeing references to a "Tor Bundle". Did I receive everything when I downloaded Tor as described? I believe the version I have is

Is the next step to go to an .onion site to try Tor out?

Because of what is taking place in America, and around the world, I feel some pressure to become proficient with Tor as soon as possible as I will have some training to do. Any internet references for initiates would be greatly appreciated.

Thank you for your time and assistance.

Col. Randall Smith, KF5YMT/AAR6KQ, Commander
C.D. Nationwide Emergency Communications Network

> I typed "Tor" on the search line of Yahoo and downloaded Tor.

I hope you mean: in more detail,

1. using your usual web browser, you surfed to

2. you downloaded the appropriate TBB (Tor Browser Bundle) tarball

3. you have gpg or pgp installed on your computer

4. you used gpg or pgp to "import" the TBB team's signing key

5. you used gpg or pgp to verify the downloaded tarball

6. you uncompressed and unpacked the tarball on your computer

7. you used the provided start script in the TBB directory to start Tor Browser

(most things seem complicated when you describe them in detail, but all these steps are really important in this context)

> I got a message that I was connected and was invited to check out a website which yielded an address.

I hope that address was You should see an icon in the "url pane" which you can click on to see some information about the https certificate confirming (if all goes well) that you are connected to the genuine website. This site provides a quick check that you are in fact surfing using the Tor network.

Cryptography serves several essential purposes:

o authentication (you need to confirm you are at the genuine website and not some phishing site)

o data integrity (you need to confirm the tarball was not maliciously modified on its way from to your computer

o privacy (if you send an email you probably don't want anyone with access to the sending or receiving mail server to read it--- unencrypted email is like a postcard you tack up on some public bulletin board for everyone to read)

> I keep seeing references to a "Tor Bundle". Did I receive everything when I downloaded Tor as described? I believe the version I have is

5.5.5 probably. TBB includes everything you need to surf using Tor Browser, which is configured to use a Tor client, so your websurfing is anonymized using "Tor circuits"

your_computer <==> entry_node <==> relay <==> exit_node <--> destination_website

where the last connection is unencrypted if the website does not use https.

(DNS lookups are done by the exit node--- if you know what this means, you can see this is essential to provide websurfing anonymity. Tor nodes are operated by a worldwide volunteer network of private citizens in dozens of countries around the world.)

> Is the next step to go to an .onion site to try Tor out?

Once you have started TBB you can surf on the ordinary internet just like you would with Firefox.

(Tor Browser is based on the open source version of Firefox, which is called Iceweasel.)

And if you know an onion address you want to visit, you can just type that (carefully) into the url pane and Tor Browser will get you to that onion site.

Two concepts which are easily confused:

o onion sites (sometimes called "the Dark Net")

o files which are accessible via Internet owing to a misconfiguration, but which were probably intended to be kept private (more properly called "the Deep Net")

Onion sites are just websites, except that they are protected by additional layers of anonymity using Tor infrastructure. The difference from "the public internet" is that the publisher of an onion site is also anonymous.

> Because of what is taking place in America

Check out

(compilation of Snowden leaked documents with links to news articles describing the significance of each document)

(compilation of government documents, for example from the US military, which are in some sense publicly available but which you probably wont see discussed in "mainstream" news media)

(nice overview of current USG surveillance methods known to be widely used against ordinary citizens, from the ACLU)

> and around the world,

(terrific source of authoritative information on state-sponsored malware, focusing on that used by governments other than FVEY but nonetheless invaluable to US persons too) (more perspective on what is happening around the world)

This should also be of interest:…

These are all ordinary websites (the publishers are not anonymous), but in the current situation it would perhaps be unsafe to visit them while not using Tor.

Notice that you can use Tor Browser to download files from sites like using your browser just like you would with firefox.

Also, if you type in an abbreviated url like, Tor Browser will connect using the https protocol, so the last link (from Tor exit node to destination website) is also encrypted.

Further, Tor uses perfect forward secrecy, which means that adversaries cannot decrypt all your past browsing at some website simply by (for example) forcing the website operator to hand over their https certificate or encryption keys.

Tor Browser also comes with NoScript so it provides a lot of additional protections against cross-site compromises. If you are a newbie, it is probably wise to avoid doing anything like installing additional "add-ons" or fiddling with any configurations. Tor Browser protects you from many things, but by no means from every hazard, so you still need to be careful when using Tor Browser. Tor Browser does several things like enabling file downloads in addition to websurfing, but it does not provide chat or email. The Tor Project is developing a chat system called Tor Messenger which from the user perspective works much like the Tor Browser: you can download it as a tar ball, verify the signature, unpack it and start it using a provided script.

For even more security/anonymity while surfing the Internet, see an allied project, the Tails Project, which has some nice documentation including this essential reading:

April 27, 2016

Permalink says

Your SSL client is Improvable.

Session Ticket Support

Improvable Session tickets are not supported in your client. Without them, services will have a harder time making your client's connections fast. Generally, clients with ephemeral key support get this for free.

Looks to be a speed problem but wanted to check, any concern here???

April 30, 2016

In reply to dcf


On a pron site with javascript on -for searching.isn't working.blocking tor?- security.enable_tls_session_tickets suddely was on.
Don't ask, i don't know why.

April 27, 2016


All right everyone. Everyone get the SpyShelter Software here:

Tell me that Firefox.exe or Tor does not keep trying to record your typing keystrokes! What is going on? Is it my computer or Tor? Or, is it Firefox?!

I'm not entirely sure what exactly the program does, but Firefox does record keystrokes; otherwise you wouldn't be able to type anything into the address bar/search box/page textboxes (or use any keyboard shortcuts.)
With that said, I'm not entirely sure I trust SpyShelter to not spy on me either.

Almost every standard (crappy) Windows app tries to get direct keyboard access for hotkey support (from ancient times). You can easily block it without worries.

April 27, 2016



April 28, 2016



it worked fine since more than 24Hrs,

but it suddenly crashed few minutes ago,

that doesn't happen -frequently- with any previous updates/upgrades..

copied this from crash report,
will notify u if it'll crash again (hope it'll not)

ps. if it's not so necessary to show this details,
then plz don't show it, but it's up to U..
Application Version:
Application Timestamp: 00000000
Fault Module Name: xul.dll
Fault Module Version:
Fault Module Timestamp: 00000000
Exception Code: c0000005
Exception Offset: 020db758
OS Version: 6.1.7601.
Locale ID: 1033
Additional Information 1: 0a9e
Additional Information 2: 0a9e372d3b4ad19135b953a78882e789
Additional Information 3: 0a9e
Additional Information 4: 0a9e372d3b4ad19135b953a78882e789
aka: idea-Maker :)

Do you remember what you were doing, or which website you were visiting before the crash? And if so, can you try to do the same thing, or visit the same website again to see if the crash is reproducible?

April 28, 2016

In reply to boklm


Hi boklm..

1- Sorry for this late reply..

2- Yes, According to crashed> (session Manager).. and after visiting same links again ..there seem to be no suspicion to crash it..

3- What's suspected to crash it, might be the updating of add-ons,

After upgrading TBB, found about 5 add-ons that must be updated (uBlock Origin, Tweak network, Page Zoom, Open link in current, Memory fox Next..) and other 2 add-ons (that are originally disabled) ..So, i guess it crashed -due to- temporarily unstable "new" update of that add-ons.. that happened right after upgrading the TBB itself..

Now everything seem to be stable and back to normal,
Will comment back if it crash in the next 3 days,
Otherwise, consider it [SOLVED] :)

Thanks for your kind consideration..

in this current page, did you notice my idea of the ON/OFF icon to -temporarily- watch videos! is it doable?

Thanks again

lol at "why you haven't". Is that a question or are you informing us/them? anyway, I didn't visit the link because I'm lazy; if you're referring to the memory leak issue with Firefox, then that's Mozilla's fault. They don't care about addressing that problem, because you can quit and restart the application. I don't find that to be an acceptable solution but whatever.

Thanks for this link.

@ Roger &c: is the official TP statement to Daily Dot available in full?

Some of us have warned for years that USG is likely to try to insert moles into the Tor Project. Was Matt Edman the first such uncovered, or was he "turned" during or after his employment at TP?

April 28, 2016


I've been using Tor browser on x64 Windows for 2 years and I've noticed a change recently. Last week I accidentally maximized the "Save As" dialogue box and now every time I'd save something it takes up the whole screen. It doesn't bother me too much, but here's where it gets strange. eEen after deleting and reinstalling Tor Browser, that setting remains every time.

Is that normal? It sure doesn't seem normal, isn't Tor Browser completely erased including all settings when you delete it?

April 28, 2016


It would be nice if the TB team helped with troubleshooting what ifs here:

gpg: requesting key 93298290 from hkp server
gpgkeys: HTTP fetch error 7:
gpg: DBG: armor-keys-failed (KEY 0x4E2C6E8793298290 BEGIN
) ->0
gpg: DBG: armor-keys-failed (KEY 0x4E2C6E8793298290 FAILED 9
) ->9
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: keyserver communications error: keyserver unreachable
gpg: keyserver communications error: public key not found
gpg: keyserver receive failed: public key not found

And here:

gpg: can't open signed data `/Users/OSX/Downloads/TorBrowser-5.5.5-osx64_en-US.dmg'
gpg: can't hash datafile: file open error

Key verification was fine but I already imported it in the past ):

Clearly a pgp issue but this can be avoided with better documentation.

April 28, 2016


Waiting for Tor Project person to explain how the 'snowflake' pluggable transport differs in operation from all the other pluggable transports.

Put 'snowflake pluggable transport' in the Tor Browser search bar and select Several links will be shown that will give more information about snowflake.

Don't panic--- the situation is bad, but probably not that bad.

For a well-informed overview of current surveillance techniques likely to be encountered by ordinary persons (focusing on US persons), see

which is from the ACLU.

Search for "NSA primary documents" and "ANT catalog" to read some leaked NSA/GCHQ documents describing in considerable detail the kind of highly sophisticated electronic espionage/"effects" methods used by the USG and its closest allies.

Tor can't help defend you against everything mentioned in the website, much less the techniques described in the ANT catalog, but it is much better than nothing, and probably will suffice to keep many people safe while doing things like reading uncensored news online.

See for authoritative information on internet surveillance techniques and state-sponsored malware used by various governments (focusing on non-FVEY but still very useful for people who live in USA, UK, Canada, Australia, New Zealand).

That's FUD and complete bullshit. Tell that to any security expert and they will laugh at you. It's really not hard to reverse engineer software, even something as complex as Windows, or something as ubiquitous in the IoT as VXWorks, to look for things such as keystroke software or backdoors. It's true that backdoors have been found, but it's total FUD to say that everything has keystroke software and backdoors. All you are doing is trying to convince people that there is nothing they can do to protect themselves, which makes them give up, which is the exact opposite of what they need to do to stay safe.

Exactly! Thank you for debunking the dangerous suggestion (which no doubt is encouraged by our many adversaries) that "privacy is dead; everyone should just give up" [sic].

April 29, 2016



April 29, 2016


Where is the "Start Tor Browser" link? Firefox.exe gives a "couldn't load XPCOM" message.

Did you run the install executable after downloading the bundle? orif you did then look in the folder where it's located and copy or 'create shortcut' to wherever you normally have it.

April 29, 2016


A big thumbs up to the TOR team, wherever and whoever you are. Great service and such a useful tool.

April 29, 2016


Mac OS automatic upgrade?
Should TOR browser automatically update to the next version when a new version appears? This is occurring on my Yosemite Mac after a new version is apparent and the TOR browser is closed and reopened. It automatically opens to the new version without me installing.

It is applying the update in the background to avoid dealing with the update during the next start-up (which costs time). So, everything is fine.

April 29, 2016


howsmyssl says

Your SSL client is Improvable.

Session Ticket Support

Improvable Session tickets are not supported in your client. Without them, services will have a harder time making your client's connections fast. Generally, clients with ephemeral key support get this for free.

It's not so easy to just "make Tor faster".

In my experience, websurfing using Tor Browser is not noticeably slower than ordinary websurfing, but downloading enormous files or watching videos may be slower.

Over time, as the Tor network continues to grow and improve, speed will probably increase.

April 30, 2016


What are the best, simplist ways to learn to use Tor please?

Have a Mac new last August 2015, already corrupted. Someone added something to the innards of the computer to make accessing it from away, easy. When I am on, usu
ally for hours, someone else is on too.

am only journalist, need privacy, for that may need a new, untouched Mac

> What are the best, simplist ways to learn to use Tor please?

Did you download the latest Tor Browser Bundle (TBB) from

Once you know how to start Tor Browser, this should provide everything you need to surf the Internet using Tor Browser, so you may not need to learn very much to use Tor to surf.

Tor Project is also developing Tor Messenger, which provides anonymized chat, which should help to keep in touch with other journalists, sources, etc., but this is still being tested so you probably shouldn't use it quite yet to contact your sources.

> Have a Mac new last August 2015, already corrupted. Someone added something to the innards of the computer to make accessing it from away, easy.

Did you find a hardware keylogger, or are you just suspicious?

> When I am on, usually for hours, someone else is on too.

You should try to contact these amazing people: They may be able to help you find out what is going on. Also, human rights organizations may be able to help you obtain training for at risk journalists in your country or a neighboring country (if you can travel).

Good luck, try to stay safe, but above all, keep doing journalism!

May 02, 2016


The two most popular privacy-enhancing applications which use Perfect Forward Secrecy are WhatsApp (as of about one month ago) and Tor. Now comes this news:…
WhatsApp, Used by 100 Million Brazilians, Was Shut Down Nationwide Today by a Single Judge
Glenn Greenwald, Andrew Fishman
2 May 2016

> A BRAZILIAN STATE JUDGE ordered mobile phone operators to block nationwide the extremely popular WhatsApp chat service for 72 hours, a move that will have widespread international reverberations for the increasingly contentious debate over encryption and online privacy. The ruling, issued on April 26, became public today when it was served on mobile service providers. It took effect at 2 p.m. local time (1 p.m. ET); as of that time, people in Brazil who tried to use the service could not connect, nor could they send or receive any messages. Failure to comply will subject the service providers to a fine of 500,000 reals per day ($142,000 per day).
> ...
> It is stunning to watch a single judge instantly shut down a primary means of online communication for the world’s fifth-largest country. The two security experts in the NYT wrote of the first WhatsApp shutdown: “The judge’s action was reckless and represents a potentially longer-term threat to the freedoms of Brazilians.” But there is no question that is just a sign of what is to come for countries far from Brazil: There will undoubtedly be similar battles in numerous countries around the world over what rights companies have to offer privacy protections to their users.

To repeat the warning some Tor users have been issuing for months: today they came for WhatsApp, in Brazil. Tommorrow they will come for Tor, in the USA.

We are all in great danger, and we need to put our heads together and decide how we will react to a similar judicial order shutting down TP.

I hope Sheri and Roger are very busy reaching out to the news media, trying to correct the dangerous and misleading ant-Tor propaganda being peddled by our enemies in the USG and in other governments around the world.

> reaching out to the news media, trying to correct the dangerous and misleading ant-Tor propaganda being peddled by our enemies in the USG and in other governments around the world.

We're about five years too late, and the news media have been vocal in their condemnation of privacy technology. The news is firmly against us, as are the vast majority of people around the world. Just about everyone thinks it's completely reasonable to outlaw encryption for personal communication.

This just highlights the problems with centralized communication software.... wonder what it'll take to get soemthing like telehash popular.

May 02, 2016


The USG has essentially offered the tech industry this choice: either we will enact legislation which makes strong encryption illegal, or we will enact legislation making it even easier for even more agencies to engage in secret state-sponsored hacking.

In particular some of us have warned for years about the implications for Tor users of a proposed change in Rule 41 of the Federal RCP, which is set to become law without any action being taken by the US Congress:…
Rule 41 would make it easier for the government to carry out hacks
ACLU: Rule 41 fix has "insufficient privacy protections, transparency, or oversight."
Cyrus Farivar
29 Apr 2016

> Privacy activists and at least one senator are up in arms over a proposed change to a section of the Federal Rule of Criminal Procedure that would allow any magistrate judge to issue warrants authorizing government-sanctioned hacking anywhere in the country.
> If the proposal does go forward, it would mark a notable expansion of judicial power to sign off on "remote access" of criminal suspects’ computers. As Ars has reported previously, for more than two years now, the Department of Justice has pushed to change Rule 41 in the name of being able to thwart online criminal behavior enabled by
tools like Tor.
> On Thursday, the Supreme Court passed the proposed change to Rule 41 and sent it to Congress on Thursday, which will have until December 1 to modify, reject, or defer the proposal. If the House of Representatives and Senate do not pass a resolution in favor by simple majority, the revisions will become law that same day.
> ...
> For now, Sen. Ron Wyden (D-Oregon) appears to be the only legislator to have spoken out against the revision.
> "These amendments will have significant consequences for Americans’ privacy and the scope of the government’s powers to conduct remote surveillance and searches of electronic devices," he said in a Thursday statement. "I plan to introduce legislation to reverse these amendments shortly, and to request details on the opaque process for the authorization and use of hacking techniques by the government."
> "Such a monumental change in the law should not be snuck by Congress under the guise of a procedural rule," Neema Singh Guliani, an attorney with the American Civil Liberties Union, said in a statement sent to Ars.
> "The change proposed would expose Americans, including victims of crimes, to government hacking with insufficient privacy protections, transparency, or oversight. Congress should reject the proposed changes to Rule 41, and instead demand answers from the government about their current hacking practices."
> ...

May 06, 2016


I´m trying to run Tor 5.5.5 on MacOs 10.11.4 and it
chrshes right away after running it and press the

R-installing and so on doesn´t take any effect.

So Tor is just unuseable.....

May 07, 2016


is 8chan down or is the last upgrade of Tor stopping it from loading??
Im getting a 504 error... just wondering cuz since I upgraded, 8 chan wont load...

May 09, 2016


How much additional programming would be required to use existing public blogs to communicate information, images, apps, etc., by hiding the private data in ordinary presentations? I believe it is already being done with font scripts and high def scrambled images that look innocent to otherwise ordinary users. It should be possible to hide the entire library of congress in a 2 hour home movie. (Hypothetically) The only way to block the equivalent of SSB (ham radio communications jargon for Single Side Band combined with CW {unmodulated radio frequency}) would be to shut down the entire internet or to ask publishers to explain the meaning of each and every word, sentence, and punctuation.
I imagine that, even the threat of doing this could bring down a government rather quickly.

Are you talking about steganography?

If so, governments are well aware of the proliferation of schemes such as steghide (available in Debian repositories if you want to try it) which can hide a short message (not the LOC or movies) in innocuous nontext files having certain formats such as gif images. They are funding research on attacking steganography software because they fear that political dissidents might exchange short messages without being noticed by the Surveillance State, not because they are worried about people hiding LOC books in movies.

One flaw in such schemes is that if the adversary has a copy of the unmodified file (such as a snapshot from some public blog), a comparison will reveal the presence of the a hidden message, thus compromising the point of steganography (to hide the fact that any message is being communicated at all).

To avoid this, it is best to use as "cover" files which are not known or easily recreated in their original form to any adversary. For example, if you generate a pretty fractal image using randomly chosen parameters, you should not choose a program which writes the parameters in the generated image! (Apparently university students who develop fractal generating programs for school projects are often threatened by USG agents who want to ensure that their program overtly or covertly writes the parameters into the generated image, because university projects sometimes evolve into open source projects used in the real world.)

May 10, 2016


I have heard that PSAs targeting Tor users with the warning "you are not anonymous" are airing in US and Canada. Does anyone have more information about what corporation is producing these PSAs?

Maybe ugly Elsevier doesn't want information to be free?


May 11, 2016


Thank you to everybody who makes Tor!
You are all awesome!

Tor makes me feel like there is good people on the internet who really care and believe in true democracy and real freedom for everybody in the World!

Thank you everyone!

May 11, 2016


Many Tor users have expressed the fear that FBI will begin "interviewing", serving subpoenas upon (possibly using NSL's accompanied by eternal gag orders), arresting, or outright "disappearing" TP employees and volunteers. Consequently, we have urged TP to consider relocating lead developers and other key Tor people to safer locations in other countries, such as Germany, Norway, or Iceland.

And now comes evidence that FBI is attempting to intimidate Tor employees who are preparing to emigrate (not necessarily because of our fears about the poor prospects for TP in Comey's America!):
FBI Harassing Core Tor Developer, Demanding She Meet With Them, But Refusing To Explain Why
from the not-cool-fbi dept
5 May 2016

> Isis Agora Lovecruft is a lead software developer for Tor and has worked on Tor for many years, as well as on a variety of other security and encryption products, including Open Whisper Systems and the LEAP Encryption Access Project. And, apparently, the FBI would really like to talk to her, but won't tell her (or her lawyer) exactly why.…
Tor developer Isis Agora Lovecruft publicly accuses the FBI of harassment
Jason Murdock
6 May 2016

> [The harassment] reportedly started with a house visit from the FBI and escalated to the threat of a federal subpoena. For one member of the Tor Project's core development team, named Isis Agora Lovecruft, the past six months have been characterized by stress, confusion and underhand threats at the hands of US law enforcement. Now, she has publicly accused the agency of harassment.
FBI Harassment
Sunday, 01 May 2016
By isis agora lovecruft

> [Special Agent Kevin Porter, FBI Atlanta field office, on the phone with her lawyer:] "We… uh… have some documents we’d like her opinion on."

And if she declines to be interviewed?

> ... "We have teams in Los Angeles, San Francisco, Chicago, New York, and Atlanta keeping an eye out for her."

> [Special Agent Mark Burrnett, FBI LA Field Office, on the phone with her laywer:] "are you the point of contact for serving a subpoena? She’s not the target of investigation, but, uh… we uh… need her to clear up her involvement or… uh… potential involvement in a matter.”

In her blog post, Isis asked:

> Is this really how the United States has decided to treat American tech workers? Am I just the forerunner in a larger campaign by the FBI to personally go after developers of encryption software which annoys them?

Intimidation and threats: standard tactics straight from their "suasion" playbook.

FBI probably wants many things from Isis, but one thing they are almost certainly trying to do is to identify a key Tor person they think they can bully into becoming a secret informant inside TP, or even into allowing FBI to abuse their signing key in order to perform such criminal actions as serving malware to ordinary citizens which has been disguised as LEAP or some other good thing which people need in order to live free.

The interview might begin with a misleading suggestion that the agents are trying to *protect* the employee from some (possibly exaggerated or even entirely imaginary) threat, e.g. they might claim to have information that a third party (e.g. the Russian government) is planning to harm the subject. It might continue with a discursive discussion intended to elicit information about the subject's character, motivations, and personal weaknesses.

When agents step out of the room where the subject is detained, it is likely that they are conferring not only with each other about their next moves, but with a psychologist consultant who is building a model of the subject's psychological vulnerabilities, and counseling the agents on how to exploit them.

After some time, there might be a rapid fire sequence of sudden shifts in the questioning, which is intended to confuse and disorient the subject.

Specific suasion techniques often employed (probably ineffective with Tor Project employees, but the G-men might fall back upon these out of ingrained habit) include these:

o appeals to pride in technical accomplishments ("your unique skills could be put to better use serving your country") or to a desire to change the world ("you could have enormous influence on future policy decisions by the US government"),

o vague (and false) promises of personal financial benefit should the employee cooperate,

o attempts to shock the employee into "flipping", by presenting horrifying graphic imagery of the aftermath of a terrorist bombing, or especially objectionable pron,

o vague insinuations of a criminal case or other unpleasantness (such as an IRS audit or ruinous civil lawsuit) which can be made to "disappear" if the employee agrees to become an FBI mole,

o explicit dire threats, such as the promise that if the employee refuses to become a mole, "you will die in an isolation cell in the Supermax prison in Colorado".

It would not be a bad idea for TP to offer its key employees a seminar in the old-fashioned Reid technique, the "Big Man" technique (favored by RCMP), the techniques taught to US Army interrogators at Fort Huachuca, accounts from former Gitmo detainees of their own interrogations, etc.

It is also important to know that representatives from other government agencies (such as CIA, NSA, NCIS, USAF) might well sit in, and may even misrepresent themselves as FBI agents. This ought to be illegal, but in matters of Tor, it is likely that the US government recognizes no rules it is bound to obey.

The interrogators will be trying to trick you into saying something they can exploit to bring further pressure to bear upon you, but it is important to remember that at some points they will probably make their own mistakes, for example by making a damaging admission, or by revealing their own psychological weaknesses, frustrations, motivations, or accidentally hinting at what they ultimately hope to accomplish by "turning" you, incarcerating you, torturing you, whatever.

FBI is an extremely dangerous rogue agency, and it will only become more vicious as time goes on.

It is important to recognize that the next US President will effectively be chosen by FBI. Despite disclaimers from the Clinton campaign, there is a very real possibility that Ms. Clinton (not just her closest aides) will be indicted. If that happens, Trump will almost certainly be elected, which may result in succession by some of the more anti-fascist states. If it doesn't, Clinton will almost certainly have cut some secret deal with Comey in order to avoid prosecution, basically making her FBI's woman in the White House. Scary times.

A million thanks to the Tor developers and volunteers for all your hard work and dedication!

I hope everyone at Tor Project is aware of these developments:

Comey claims encryption is a necessary requirement for terrorism (implying that if all non-government encryption is banned, all non-government terrorism will cease):…
Encryption is “essential tradecraft” of terrorists, FBI director says
Comey also says cops may not police well out of fear of being in a viral video.
David Kravets
12 May 2016

Mozilla (maker of Firefox) demands that FBI disclose the bugs exploited by its NIT (Tor targeting malware):…
Advance Disclosure Needed to Keep Users Secure
Denelle Dixon-Thayer
11 May 2016

Comey responds by promising to intensify FBI's war on software providers such as Tor Project (the assault on Isis suggests that Tor Project is on the short list for receiving an NSL any day now--- is TP prepared to fight this?--- or even for state-sponsored burglaries--- are TP locations physically secured? maybe Google can help?):…
FBI director warns that feds will bring more encryption-related cases
Meanwhile, WhatsApp's end-to-end encryption continues to frustrate FBI, too.
Cyrus Farivar
11 May 2016

May 12, 2016


hello. i am living in margav a village in mazandaran in in iran. my old 50 years. and director tv. please free help and support and connect me for all site and all web page by tor browser for 5 week'. then i buy this v p n . good day

Hi, I hope someone will post a link to the Farsi version of website.

You should only download the most recent TorBrowser Bundle (TBB) from this site ( You should be able to use a version in your language. To use Tor from inside Iran, you will probably need to use bridges (see the Tor FAQ at this website). Tor is not a VPN and it is free for everyone to use (you don't need to pay anyone). You should avoid mentioning specific information about yourself ("I am living in Margav, a village in Mazandaran, Iran. My age is 50 years") when using Tor for anonymity.

Someone recently said that Tor Project is currently reorganizing their help desk. I hope this is completed very soon.

Please keep trying to obtain and use Tor, it's great!

May 12, 2016


is there a way to login to the gmail account without verifying because when i try to use youtube and logging into gmail account using tor browser to post any comment i am directed to the page "Verify its you" which i dont want

May 17, 2016


Keep getting "Timeout" on majority of sites i try to visit. Tor going downhill pretty fast...Every update it just keeps getting worse...It was great while it lasted :(

May 17, 2016


Feature request: instead of forcing us to hack the location of the exit node into a configuration file, which is time consuming, error prone, and extremely OBSCURE, how about creating an explicit interface in the GUI to let us configure exit nodes?

You already have this in ORBOT.

We don't build Orbot. That is done by the Guardian Project. And, no, I am not convinced that we want to expose a GUI option for that. This might endanger your anonymity and, if enough people are messing with their exit node, it might affect all the other Tor users that don't use it as well. At a minimum more research is needed on the impact of this proposed feature I think.

May 18, 2016



May 20, 2016



May 20, 2016


5.5.5 does not work over the best OS,windows 7.

5.5.5 is “Couldn't load XPCOM” version.

It is just the sound of a fail installation bell ringing.

5.5.4 without adding FireFox is working.

I recommend Tor users using StartPage for search engine with 5.5.4.

I ask Tor to stop updating available new version automatically.

Because,5.5.4 is available for working.

May 22, 2016


I'm having trouble opening the newest version of Tor on my Mac. The last download worked fine, but now it won't run, either. The message I get is that there are "no mountable files" to add to the Applications folder, which tells me that the download is actually coming in corrupted. Maybe a compatibility issue? Any help is appreciated.

May 23, 2016



May 24, 2016


This version(5.5.5) is very slow.The previous version was too fast.
I wish I did not upgrade to the new version.

May 25, 2016


what dose overlap mean i have a URL from someone who told me to overlap it to TOR.


Thank you

May 26, 2016



May 26, 2016



May 27, 2016


Why can't I get rid of that bloody Duck duck go? It's a pain in the derriere and takes me to everywhere I don't wish to go!
Absolute rubbish and drags down the TOR experience. I have to keep downloading versions prior to 5.5.5 until it suddenly upgrades again. AAAAARRRRRGGGGHH!!!!!

May 28, 2016


Runing Mac OS Yoemite when I perform search in the firefox search bar(top right) it redirectss from diconnect serch to duckuck GO. I m using trnport type meek-amzon

May 29, 2016


I am using yosemite OS and when I perform search in the top right hand corner which should use disconnect search the TOR browser redirects me to duckduck go search. Even if I remove duckduck go search from the search options it still redirect me to duckuck go