Tor Browser 5.5a2 is released
A new release for the alpha Tor Browser is available for download in the 5.5a2 distribution directory and on the alpha download page.
This release features important security updates to Firefox.
Additionally, we included the crash bug fix that was already available in the stable series and a small fix for Unity and Gnome users on Linux. Also, we updated the NoScript version we ship.
Here is the complete changelog since 5.5a1:
- All Platforms
- Update Firefox to 38.2.1esr
- Update NoScript to 2.6.9.36
- Bug 16771: Fix crash on some websites due to blob URIs
- Linux
- Bug 16860: Avoid duplicate icons on Unity and Gnome
Comments
Please note that the comment area below has been archived.
https://dist.torproject.org/t
https://dist.torproject.org/torbrowser/5.5a2/
This link above returns "404 Not Found".
What's happening?
Might be some mirror issue.
Might be some mirror issue. It is working for me now.
5.5a2 claims to be out of
5.5a2 claims to be out of date but is current. I tried updating from the About box and with a fresh download - no difference. The caution symbol on the onion blinks but no updates are found. Harmless but weird.
Updated yesterday to 5.5a2,
Updated yesterday to 5.5a2, but today Tor Button says TBB is not up-to-date.
Changing "extensions.torbutton.updateNeeded" to false fixed this problem for me.
It's working with me the new
It's working with me the new updates, thanks.
TIP AND TRICKS: The fastest
TIP AND TRICKS: The fastest way for the 10 minutes configuring-and-run a non-exit relay only, for Win32/64 users
Download the TOR Expert Bundle (Windows 8, 7, Vista, XP, 2000, 2003 Server, ME, and Windows 98SE). Contains just Tor and nothing else. You'll need to configure Tor and all of your applications manually. This installer must be run as Administrator.
Download link:
https://www.torproject.org/download/download
Create the folder TorRelay and put there all the TOR applications.
C:\TorRelay
C:\TorRelay\Data
C:\TorRelay\Data\Tor
geoip
geoip6
torrc to-be-created
C:\TorRelay\Tor
tor.exe
libeay32.dll
libevent-2-0-5.dll
libevent_core-2-0-5.dll
libevent_extra-2-0-5.dll
libgcc_s_sjlj-1.dll
libssp-0.dll
ssleay32.dll
zlib1.dll
TORrelay.cmd to-be-created
Run this command in a CMD window to obtain the HashedControlPassword to protect the torrc file from attackers:
tor.exe --hash-password PASSWORD | more
Create the relay torrc file and put this file in C:\TorRelay\Data\Tor:
Create the TORrelay.cmd and put this file in C:\TorRelay\Tor:
Open the ports 9001, 9030, 9050, 9151 in your firewall and forward these ports if you are behind a router to allow to be accessed from the Internet.
If you have a private IP, make your router DHCP 192.168.xxx.xxx IP static:
- Open the Local Area Connection Status -> Properties
- Internet Protocol (TCP/IP) -> Properties
- Check the Use the following IP address and put there the IP Address, Subnet Mask and the Default Gateway from the Local Area Connection Support.
Hit the TORrelay.cmd and that's all folks!
Check your log file created in C:\TorRelay\Tor for these notice to ensure that everything is OK:
Now checking whether ORPort xxx.xxx.xxx.xxx:9001 and DirPort xxx.xxx.xxx.xxx:9030 are reachable... (this may take up to 20 minutes -- look for log messages indicating success)
Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor.
Self-testing indicates your DirPort is reachable from the outside. Excellent.
Check periodically your non-exit relay (your-relay-name) health at:
https://atlas.torproject.org/#search/
https://consensus-health.torproject.org/consensus-health.html
When you want to stop your non-exit relay end the process tor.exe from Task Manager.
The indicator is not much of
The indicator is not much of a problem showing a false out of date but when the actual 5.5.a3 comes out we have to keep an eye for it so we can try the update then. I suspect they forgot to change the code so the a2 still thinks it's a1.
No we did not. Is it still
No we did not. Is it still an issue for you?
I didn't notice the
I didn't notice the response. No problem, it only appeared as out of date on that first day, Now 5.5a2 seems current.
Thanks
/torbrowser/5.5a2/ Not
/torbrowser/5.5a2/
Not available in all mirrors
Since TB v5 my Settings page
Since TB v5 my Settings page is broken; the options are shown, but I can't choose anything, and no checkmarks are visible. This is weird (and not secure). In the regular Firefox this is not a problem.
Yes, this is probably
Yes, this is probably https://bugs.torproject.org/16775 assuming you have set the security slider level to "High". It will be fixed in the next regular release.
All the RSA keys (906 bytes)
All the RSA keys (906 bytes) will be replaced by Ed25519 keys (96 bytes)?
Are these keys more secure? I run a relay server powered by tor.exe v0.2.7.2-alpha and I saw 4 new Ed25519 keys in my keys folder.
Regards,
TORques
From
From http://ed25519.cr.yp.to/
High security level. This system has a 2^128 security target; breaking it has similar difficulty to breaking NIST P-256, RSA with ~3000-bit keys, strong 128-bit block ciphers, etc. The best attacks known actually cost more than 2^140 bit operations on average, and degrade quadratically in success probability as the number of bit operations drops.
The existing RSA keys are 1024 bit, so yes, assuming the Ed25519 math is correct (likely), there is an increase in security. Comparing the actual key size directly is a mistake since the underlying algorithms are radically different (EdDSA vs RSA).
Do you consider adding the
Do you consider adding the ability to add a proxy in the circuit after the exit node for circumventing Tor blocks?
I download 5.1and 5.5a many
I download 5.1and 5.5a many times during lask week,but Software double-click does not open
from yesterday 4.8 cannot cannot connect bridges too.
china beijing,windows xp sp3, administrator account or system account
win 7 new install gets run
win 7 new install gets run firefox app error after install "the instruction at referenced memory at 0x4dea4fb. the memory could not be written." using administrator mode....regular mode just disappears from task mgr. after 30s. Thanks!
Can anyone help me to start
Can anyone help me to start using Tor and onion?
I'd like to have it on my iPad
I don't know if they are
I don't know if they are available on iOS, but you might look for the Orbot and Orweb apps in the App Store.
By to way, should
By to way, should beacon.enabled to be false on about:config ?
Now it is true.
Or is this handled on NoScript ?
How to bring back or turn on
How to bring back or turn on short info about https connection technical details in TBB(linux)? In regular fox all works ok ( for example info about this site appear: Connection encrypted TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 128 bit keys, TLS 1.2). but under TBB cannt find this info.
This is a bug in Tor Browser
This is a bug in Tor Browser and will be fixed in the next release. See: https://bugs.torproject.org/16842
Would it be possible to have
Would it be possible to have a javascript observatory and stricter CSP (Content Security Policy) and implement it for the Tor Browser?
A javascript observatory should work similar to EFF's SSL observatory, it should observe javascript and check if it is an exploit or XSS code and block it, instead of the allow all or nothing from domain X approach used by NoScript. NoScript XSS filter is flawed. NoScript offers no protection against a trusted domain X that get hacked and javascript exploit code injected. This has be done several times before by the FBI, but other hackers could repeat this of course.
Tor Browser only implements a very limited set of Content Security Policy, it does not allow blocking XSS and other malicious javascripts using Content Security Policy rules like script-src 'none'.
i do not activate eff
i do not activate eff observatory and i do not think it should be a good idea to have one for JavaScript ...
noscript is a very good add-on.
I should have prefered an embedded calomel but it does not seem possible (anyway a grey lock is yet with firefox).
If a trust domain is hacked (you do not need a hacker or an unknown enterprise for that) ; it is more often because a lot of person are agree than it is easy to do it : compromised means exactly that.
ev is the best counter measure if that i read is right.
(banking_trusted domain = in the usa, all or almost are monitored by the nsa (it is their job to protect their investment) so your account too ; none respect of your privacy or laws are protecting your funds., in eu, all or almost are the propriety of the bank (it is their job to protect their transactions) so your account too ; none privacy or laws are protecting your funds. A trusted domain is based on a chain of trust : it is the reason why most of foreigners/strangers/tourists/refugees choose their own national bank -Jew bank, Portuguese bank etc.- according their origin.
the term 'bank' is an example of course.)
I do not think that a very strict policy set in tor could stop that.
if a site is broken/compromised/hacked you should write an email to the admin.
if an add-on is not as good as your wish you should write to the dev.
i did it several time and ,sometimes, i had a very good response from them.
tor is not a certified (inter)national trust of web ; there are another organizations for that but maybe will become it for the hidden services.
*it is only an opinion, nothing serious.
@yawning - if a bridge was
@yawning - if a bridge was to change from a bridge to regular node, would Tor Browser know that it has changed and notify user or will users be still using it under the false impression that it is still a bridge?
How do I use browser via
How do I use browser via iPad?
Mempo Project Install Tor,
Mempo Project
Install Tor, configure with proper options:
As root, configure this and restart tor.
In file /etc/tor/torrc find line with "SockPort" (or add it) and add there following options so it will read as:
SocksPort 9050 IsolateClientAddr IsolateSOCKSAuth IsolateClientProtocol IsolateDestPort IsolateDestAddr
This is very important, otherwise same Tor circuit is re-used even for different programs and servers making it much easier to correlate your various activities!
TEST: To test if that works, open few "what is my IP" pages and verify if they show different IP each usually
does it mean that tor bundle (from tor site) is not configured with proper options yet ?
All Tor users! You are all
All Tor users! You are all terrorists now! By the way, everyone needs to get the plug in add on BLUR and DISCONNECT! They block trackers and various other intrusive entries! Also, make sure you get PEERBLOCK to block even more intrusive entities!
Don't follow this; you'll
Don't follow this; you'll make yourself more fingerprintable and possibly open up additional attack vectors.
Tor Browser 5.5 a1& a2 can't
Tor Browser 5.5 a1& a2 can't display Chinese word on my OS X v10.10.5
It seems as Firefox can't recognize the NotoSansCJKsc-Regular.otf
The other 30 NotoSans*.ttf can list in Firefox‘s about:preferences#content
Do you see any Chinese
Do you see any Chinese characters anywhere? Or do you see unrendered unicode boxes everywhere? Is there a particular web page where Chinese characters aren't working?
The Firefox‘s menu is
The Firefox‘s menu is correct.
Both he dialog box and all of the chinese web pages display unicode boxes.
There will never be privacy
There will never be privacy or safety because...
“The Department of Homeland Security got in touch with our Police Department,” Fleming told Propublica.
Taken back by the reaction from the city, the library chose to shut down the relay after “local police and city officials discussed how Tor could be exploited by criminals.”
“Right now we’re on pause,” Fleming said. “We really weren’t anticipating that there would be any controversy at all.”
Despite Tor relays being completely legal and the Tor network itself being regularly utilized by whistleblowers, journalists and the privacy-conscious, many law enforcement agencies continue to express disdain over the technology’s strong encryption.
When is Astoria or Hornet
When is Astoria or Hornet coming out?
@tor https://www.torproject.o
@tor
https://www.torproject.org/docs/verifying-signatures.html.en
It is not in hkps ; could you update your doc ?
(# why not a link to rise up / gpg / .pem ? # parcimonie dev site looks busy/unsafe )
thx.
Does the NOSQUINT plug-ing
Does the NOSQUINT plug-ing affect Tor's security and privacy? I choose options to have black background and white text.
hi in my country(iran),
hi
in my country(iran), these are organization that filtered tor browser!
they do supply internet only via "Kerio Control VPN Client" tool.
this strategy is smartly because tor do not able connect from inside of kerio!
please help us!
this means a lion fight a lion! and we can not connect to free internet via tor browser.
http://www.engadget.com/2014/
http://www.engadget.com/2014/11/18/tor-browser-vulnerability/
Tor is vulnerable like no other...
http://www.nytimes.com/2015/0
http://www.nytimes.com/2015/08/16/us/politics/att-helped-nsa-spy-on-an-…
AT&T Helped U.S. Spy on Internet on a Vast Scale
my no script setting was
my no script setting was modified :
yesterday * advanced>https>recommended with Tor
today * never
Is it a malfunction, a bug , a hack,an attack, a warning ?
From/against noscript, Tor, a webmail, an app, ?
Is it happened yet to you ?
pls do not censured this message, thx.
Dear the Tor Project
Dear the Tor Project Team:
Please switch back to Startpage as the default search engine.
Sincerly, Anonymous.
i agree : startpage #Dear
i agree : startpage
#Dear the Tor Project Team:Please switch back to Startpage as the default search engine.Sincerly.