New Tor Browser Bundles

by erinn | June 12, 2012

The Tor Browser Bundles have been updated with a bunch of new software: Tor 0.2.2.37, Vidalia 0.2.19, and we have switched to using Firefox's long-term stable release (10.0.5esr).

https://decvnxytmk.oedi.net/download

Tor Browser Bundle (2.2.37-1)

  • Update Tor to 0.2.2.37
  • Switch Firefox to 10.0.5esr, since we will be tracking the extended stable releases for TBB stable versions
  • Update Vidalia to 0.2.19
  • Update Torbutton to 1.4.6
  • Update NoScript to 2.4.4

Comments

Please note that the comment area below has been archived.

June 12, 2012

Permalink

having trouble using the "save link as" property in this version and previous ones too

When u click on a link to a file, tor browser(firefox) warns you that its not tor safe and you should save the file to view it later. but when right clicking and choosing "save link as..." same warning window comes up.so there's no way to save files to drive using this browser

bug?

June 16, 2012

In reply to arma

Permalink

arma I'm experiencing this too... just so you know..and looks like I'm not alone. It's the same bug on all my machines which run WinXp, WinVista and Win7. All versions of TBB have been doing this

"having trouble using the "save link as" property in this version and previous ones too" "When u click on a link to a file, tor browser(firefox) warns you that its not tor safe and you should save the file to view it later. but when right clicking and choosing "save link as..." same warning window comes up.so there's no way to save files to drive using this browser"

This happens to me too. It has been happening for many versions (Linux) of TBB. There is a work around but it's maddening:

Right click and choose save link as, and it will show the tor button warning message keep one finger hovering over the ESC key and hit ESC. Right click the save link as again and repeat aborting the tor button message and right clicking save link as until you eventually receive a download directory window. Sometimes this will happen in a few tries and the stupid tor button warning message doesn't appear instead you can download! Other times you must try over and over until you receive a local download location.

This is a bug which frustrates a lot of people. Google this bug and you'll locate other users complaining about this bug. Tor button is fantastic but this warning message should never pop up when save as is right clicked.

It's disappointing the TBB does not include a download manager like Uget, which supports proxies is not a browser plugin is included in the Debian repos and functions well from both the command line and as a GUI. Inclusion of Uget would make downloading files through TBB much smoother.

Instead I'm guessing the torbutton error is deliberate to discourage users from downloading files through TBB unless they are learned users whom have downloaded Uget and set it up for themselves or use command line tools like wget or curl.

Please include Uget in a future TBB release.

If not please add instructions on proxy-ing/tor-ifying Uget in the Tor Wiki.

Were there an official Tor discussion forum instead of users paddling around up one day and down the next hidden .onion forums, these issues would be worked out more quickly.

I am using the newest Tor Browser Bundle (2.2.37-1) on Win7.

when I go to local.com, i see my local weather (major Us city.).

that is weird because wtfismyip is showing I am using tor and geographical location is Germany, I am not in Germany that means I am using Tor.

Anyone else?
thanks

i think that's because tbb headers contains en-US.

so, for example, if i'm french and i'm using tor in France and i go to local.com i can see Us weather as local weather.

This means that that site doesnt use geoip to personalize the page. It simply use the "Accepted-Language" and/or "User-Agent" headers.

Accepted-Language, i suppose, is set to en-US. and User-Agent contains the string "en-US"

simple . So there's nothing strange.

when i save pages, Firefox produces error messages, and download manager list is empty. but the pages and other files (when choose "complete" save option) are saved to disk.
so, you could try ignoring the warnings, and save the file.

I usually just copy the text link and paste it in notepad or something for later, when I am not using Tor. Is this safe?
Also, with this version, I just downloaded 2 or 3 days ago, Vidalia sticks at "Establishing Encrypted connection" for way too long. It was working at first, until Monday in the wee early hours, without any issues.
In Debug it says my version is obsolete??? Like I said I just downloaded it...Has the Tor network been affected by that nasty bit of Malware, or was the last Executive Order too much and the Tor network is pwned by Uncle Sam?

PLEASE HELP ME ; I've SPENT 10 HOURS TRYING TO FIGURE THIS OUT!!!!!

I'm trying to watch the bbc iplayer programs from the USA. I followed a video I found on youtube, downloading the 64 bit version of Tor for my Mac Pro. Everything works in respect to the special Browser, and connecting to IP addresses for nations other than GB. HOWEVER, when I try the "Edit current torrc", I keep getting a
Error at line 3: "" message. THIS IS WHAT I AM INPUTTING INTO THE EDIT CURRENT TORRC text editor:

EndNodes {GB}
StictNodes 1

# If non-zero, try to write to disk less frequently than we would otherwise.
AvoidDiskWrites 1
# Store working data, state, keys, and caches here.
DataDirectory ../../Contents/Resources/Data/Tor
GeoIPFile ../../Contents/Resources/Data/Tor/geoip
# Where to send logging messages. Format is minSeverity[-maxSeverity]
# (stderr|stdout|syslog|file FILENAME).
Log notice stdout
# Bind to this address to listen to connections from SOCKS-speaking
# applications.
SocksPort auto
SocksListenAddress 127.0.0.1
ControlPort auto

WHY AM I GETTING THIS MESSAGE????? I FOLLOWED THE FOLLOWING VIDEO BTW : http://www.youtube.com/watch?v=63BwVLE2TtM

BBC iPlayer all around the world with TOR (MAC)

THANKS!!!!!

BBC iplayer used to work until I updated to TBB 2.2.39 32bit version for my Mac. I re-visited steps in this you tube video ie adding "ExitNodes {GB}, StrictNodes 1" in the config file and then "disabling plugins during usage" setting in the TOR browser settings, but seems like something is not quite right.

I don't get the NoScript pop-up asking to temporarily allow x-shockwave-flash Object in the bbc iplayer site when selecting a video...instead the first time round i get indication of blocked objects, which i have tried to temporary allow but that doesn't fix it either. Do I have to modify any settings in the NoScript settings e.g. add bbc etc urls to the whitelist? I get standard BBC iplayer message saying "Currently BBC iPlayer TV programmes are available to play in the UK only..."

I have deleted and re-installed TBB following all steps several times, but no joy...any idea what I am doing wrong?

Thanks

June 12, 2012

Permalink

Great, thank you! Signature files don't seem to be available for the newest Mac OS X versions. Will they be soon?

June 13, 2012

Permalink

Never saw this before but now when starting I get: "Vidalia was unable to start the configured web browser"

June 13, 2012

Permalink

You have selected an older version of Firefox, but the newer version corrects some security bugs. Is it a risk for security?

I guess we'll see how Mozilla handles it. If they handle it poorly, we can always change back.

That said, I think you underestimate the amount of work involved in assessing and fixing the privacy disasters that Mozilla puts into each new release. If you had a choice between running ESR and running the second-to-latest Mozilla release, which would you choose?

June 13, 2012

Permalink

Vidalia bundle Windows installer says that Tor button version is 1.4.5, but really installs 1.4.6.

June 13, 2012

Permalink

I have just installed 2.2.37.1 and, when checking anonymity with ip-check.info, I see that both Signature and User Agent show as Medium (orange). This also happened with 2.2.36.1.
With the version prior to 2.2.36.1 they both showed as Good (green). Cannot the latest version be modified so that these two elements show as green again?

Thanks

i use the jondo firefox browser and the ip check shows the same information as the tor browser except it's in green w/ the jondo brwoser. i also have the refer blocked and it shows in orange w/ tor but gren w/ jondo browser. point is, i wouldn't worry about it too much as long as ur not showing the browser unique id or cach info. scary about that, our browsers have unique id's that can be used to track us even with all the other stuff turned off. cool link to ip-check glad i came across this posting.

It's because ip.check.inf is for the joDonym configuration and it differs from Tor

But i don't know what think the Tor's dev about that

Because we can make manualy recommended changes but is it the good thing to do???

June 13, 2012

Permalink

switching to extended support releases? horrible. It is already 3 major version behind. There have been major internal speed, stability and security enhancements in that time. this also puts tbb at risk for incomptability with newer extensions. is the tor team too lazy to keep up with mozilla's rapid release cycle? when will you be updating the 'unstable' tbb since you state this change is only for the stable branch.

June 13, 2012

Permalink

Sorry, Vidalia bundle for Windows installs Tor button 1.4.5. But why it wasn't updated to 1.4.6?

June 13, 2012

Permalink

Any attempt at editing and saving the torrc file via Vidalias' interface:

Settings-->Advanced-->Edit current torrc-->OK

fails with the popup message:

Error at line 1: ""

This happens even without editing the file.

June 13, 2012

Permalink

Works from install until I reboot. Then tor does not start and get "Vidalia detected that the Tor software exited unexpectedly."
Log shows: [Error] We couldn't read a descriptor that is supposedly mmaped in our cache. Is another process running in our data directory? Exiting.

Reinstall works again until reboot. Disabled Firewall and AV software but same. :(

Exciting.

Is this the Vidalia bundle (trying to start at boot), or the Tor Browser Bundle?

Are you sure you don't have two Tor bundles trying to start?

June 13, 2012

Permalink

I can not change torrc file. I get "error at line 1" when I try to SAVE settings-advanced-torrc and even I don't touch anything just try save and no chance. I wanted to write there excludenodes blabla but even if I don't write anything, I can't save it. here is screenshot of problem: http://i47.tinypic.com/19pp3s.jpg
torbridges are included by settings-network-my isp block.... I didn't write manually IP of bridges in torrc.

June 13, 2012

Permalink

Thank you for the switch to FF10.

But this is what startpage is telling me when I try to search:

> We have recently received a large number of searches coming from your computer or others on your local network in a very short time frame. In order to protect our service against automated "screen scraping" software programs, your access to Startpage's search has been paused for approximately one hour.

> If you were using Startpage normally, we apologize for the inconvenience and will be able to lift this pause if you phone us at (212) 447-1100 (USA). Alternately, if you were operating a "screen scraping" program, you may phone us to work out an arrangement. You can also contact us at: autoquery @ startpage.com

I never had anything like that with DuckDuckGo. Is it possible to switch the default. Using a search engine with issues like that would mean people will have to chose something from the list. And that is going to be a known and recognisable brand like Bing or Google.

I asked phobos, and he said "I emailed startpage, filled out their form, and left a voicemail. Their turn."

I expect we'll move on from Startpage to something else if they're unhelpful here.

June 13, 2012

Permalink

I checked http://ip-check.info with TBB and it's shows the Tor exit IP address and then shows me my location as my city which is right...something is wrong

June 13, 2012

In reply to arma

Permalink

The Tor exit IP address shows in Germany although the location part shows my city...normal ?

June 13, 2012

Permalink

With this release, https://panopticlick.eff.org reports

Within our dataset of several million visitors, only one in 6k browsers have the same fingerprint as yours.

Strange, this has changed from 4xx to 6xxx!

June 13, 2012

Permalink

Has the privacy bug in tor browsers been fixed yet?

Look at Ragnar's comment here:
https://vbdvexcmqi.oedi.net/blog/toggle-or-not-toggle-end-torbutton

The TOR browsers have been set up to do an unsettling thing on startup: Not only do they automatically (and unavoidably) go to a web site at startup (the torproject page saying that "Tor's working"), it does so with NoScript set to "allow all scripts globally".

How can this not be seen as a major problem for anyone who's serious about privacy? For TOR to be taken seriously, this forced "site visit" with scripting deliberately turned ON has to be eliminated.

So I repeat my question: Have the very latest Tor browser bundles 1) removed the mandatory URL visit and 2) set NoScript by default to "Deny all scripts globally"?

Please advise.

We use the url visit to pull down a list of currently recommended versions, and locally compare the current version with that list to see if we should tell the user to upgrade.

Tell us a way to use javascript to deanonymize the user? Currently we leave it on for usability (there are already enough people saying Tor is hard to use).

You're welcome to reconfigure noscript to disable scripts for you. It'll sure make the web less fun.

June 14, 2012

In reply to arma

Permalink

"For TOR to be taken seriously, this forced "site visit" with scripting deliberately turned ON has to be eliminated."

I agree. I hope it is fixed and soon.

How?

The Tor developers could make it so the browser loads a local page upon first run, providing the option of loading the tor check page or not. a local value could be saved. if Yes, it checks once, if No, it never checks. Or, a happy medium: check X amount of times in X amount of hours/days/weeks.

Another issue is usability. As a user, I want control over my TBB when it begins, runs, and ends. This control is taken from me and everyone else using TBB by this forced action on start-up. What's next? The slippery slope begins with such small steps.

"(there are already enough people saying Tor is hard to use)"

You can disable this automatic checking and inform the user they may visit the link for checks by clicking the Home icon. That wouldn't be difficult. if they cannot click an icon in their web browser maybe they shouldn't be using the TBB? Maybe they shouldn't be using a computer, either. Possible privacy/security vulns should not exist in the realm of possibility because some people are stupid.

Boo hoo! John Doe can't use Google, the included help files, or other documentation because they're just too lazy and want to mash buttons with their caveman forehead. It might be cute to feed animals at the zoo, but on the net there is plenty of information for the low brows to ingest themselves.

Maybe someone can post a reply and tell us how we can prevent TBB hitting the tor check page on start-up, before we have the chance to properly configure NoScript?

June 14, 2012

In reply to arma

Permalink

1) Your own TOR project people (not to mention every other technically savvy person in the privacy sphere) are the ones who have told us that allowing javascript during TOR usage can deanonymize a TOR user. I.e., this has been common knowledge for YEARS.

The idea that you force a version check in order to help the user rings hollow when you ship the tor browser to newbies with NoScript essentially turned off. (Setting NoScript to allow all scripts is substantially the same as turning it off.) Naive users (and even many veterans) will begin browsing without realizing that NoScript isn't denying scripting, which is a massive betrayal of users' privacy direct from torproject, the ones who profess to be competent and trustworthy and earnest in their desire to champion and protect privacy.

You say: "You're welcome to reconfigure noscript to disable scripts for you. It'll sure make the web less fun." I don't understand. That's the PURPOSE of NoScript. To turn scripting off until it's absolutely needed for a particular page or site. That's the reason you include it, presumably, in the tor browser, right? Because scripting IS an issue and needs to be turned off. Of course the web is "more fun" with scripting promiscuously turned on. We're all here because privacy and security take precedence over "fun", and that means turning scripting OFF until necessary, and even then, only temporarily.

2) You say to change the NoScript preferences myself. I would have liked to, but there is no way to change them BEFORE the tor browser does its suspicious forced connection to the web for the first time. Right? Could you tell us how to set our own NoScript and other browser settings before Tor forcibly connects to your web page? For example, is there a settings file somewhere within the tor browser package that will let me delete your forced URL before I actually run tor browser?

3) The TOR browser forces every user to connect to your web page every time it runs. For those who, for security reasons, operate using a freshly unzipped copy of tor browser for each internet session, this forced page visit is, so far as I can tell, unalterable until after it happens the first time. I.e., until it's too late. Again, is there a way to alter the NoScript settings WITHIN THE PACKAGE so that when I run it freshly unzipped before browsing, the settings are my own from the get go?
Thanks.

June 14, 2012

In reply to arma

Permalink

>You're welcome to reconfigure noscript to disable scripts for you. It'll sure make the web less fun.

Do you actually browse with scripts enabled by default on the same system that you keep sensitive data on/ perform critical tasks with?

June 15, 2012

In reply to arma

Permalink

I have privacy concerns as well about automatically directing users to the Tor Check Page every time Tor is started. While I cannot say specifically how it could be exploited, it creates a vulnerability someone could make use of if determined enough. The suggestion by one commentator of asking the user at the beginning of each Tor session whether he wants to visit the Tor Check Page is a good one, in my opinion.

As for NoScript, the bottom line is for something as complicated as computers, the user has to have a certain amount of technical knowledge to browse the web with privacy. There really is no way of getting around it, although it probably would be helpful to notify the user Javascript by default is turned on at the beginning of the Tor session.

This has been poorly handled, so far as I can see. At some point, the decision was made to _enable javascript universally without telling the end users_! This is in direct contradiction to the previously stated wisdom (on the Tor website) that Javascript can leak your IP address.
By making this change unannounced (so far as I can tell) the devs have, frankly, caused a good number of users (including myself) to be suddenly scared shitless when they've noticed that NoScript is allowing _all scripts_!
We need an official response regarding this change, along with an explanation as to the u-turn on the risks of Javascript.
NB: just to clarify - I'll actually be quite pleased if Javascript can now be used safely. But this should _not_ have been a stealth change.

When did we make the change? Javascript has always been enabled in the Tor Browser Bundle.

Are you confusing Java with Javascript? I bet you're not, but I bet a lot of people are.

Or perhaps you are surprised by the appearance of Noscript, since the javascript settings in TBB hadn't been clear before then?

It is the case that enabling Javascript exposes a larger surface area for bugs (and some of the privacy-related Firefox bugs lately have involved Javascript). But lots of things in Firefox have a large surface area.

Can you point to the places where we said that all Tor users should turn off Javascript? I remember, many many years ago, there were discussions where we were trying to figure out how dangerous it could be. Then Mike came along and expanded Torbutton to tackle Javascript risks (among many other issues).

You might like https://decvnxytmk.oedi.net/torbutton/en/design/ and https://decvnxytmk.oedi.net/projects/torbrowser/design/

And finally, I totally agree with you that we ought to be doing a better job of explaining how to be safe on the web with Tor. I wish we had enough time to both make it good and also explain it well (and as a bonus, package it well too). In the mean time I'll point you to the above two URLs.

June 26, 2012

In reply to arma

Permalink

I must confess to being unable to find any information on the Tor website regarding the security risks of Javascript. I know this weakens my argument. However, if I am mistaken, then I'm not alone: Anonymous poster from June 14th above also is quite strongly of the impression that Javascript was until recently "persona non grata" for security-conscioius users:
"Your own TOR project people (not to mention every other technically savvy person in the privacy sphere) are the ones who have told us that allowing javascript during TOR usage can deanonymize a TOR user. I.e., this has been common knowledge for YEARS."
I'm confident that warnings against using Javascript came from your very own website, at least in my case - I'm no network guru, and this is not a conclusion I'd have reached by myself.
"perhaps you are surprised by the appearance of Noscript"
No, I was aware of it before its inclusion in TBB, and am confident it used to be set by default to disable all scripts. I can even recall one time when I tentatively set it to accept scripts on a particular site temporarily. I don't use Firefox or any of its variants in any other context, so I'm not confusing browsers.
"I wish we had enough time to both make it good and also explain it well"
I of course fully understand you're not exactly suffering from a surplus of labour :) It's not my intention to judge, only to raise my concerns at an (IMO) unexpected and possibly-unwise change.

June 26, 2012

In reply to arma

Permalink

This is a follow-up to a comment already in moderation, posted several minutes ago. From https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ:
"[A]ctive content, such as Java, Javascript, […] are binary applications. […] [W]e recommend disabling these technologies in your browser to improve the situation."
I understand that there's now a disclaimer at the top of that page. However, it only claims that the content of the page may be "be old, incorrect, or obsolete." There's also no indication as to when that diclaimer appeared.

You have to define slow. It's slower than your normal browsing experience, that's expected. Your traffic runs through 3 different Tor relays. The relays you get are an important factor to your performance.

Consider that all relays are run by volunteers, so that bandwidth might be not as high as it would be for a server. The hardware might be a factor, too.

Also consider that Tor is pretty popular and has many users. The average performance shouldn't be too bad. Please keep using it.

June 13, 2012

Permalink

I have the current tbb. I've used tbb before on an xp machine and had no problems. I recently got a 7 machine and now no .onion sites work. Clearweb works just fine. What am i doing wrong?

June 14, 2012

Permalink

"Switch Firefox to 10.0.5esr, since we will be tracking the extended stable releases for TBB stable versions"

This could be good, bad, or a mixture of both. I ask the maintainers of TBB to read this:

... Why Ubuntu is not using the Firefox ESR ...
http://www.chriscoulson.me.uk/blog/?p=111

Sections include:

Arguments against the ESR
- Over time, Firefox ESR will become less secure than Firefox
- The risk of introducing bugs is greater with Firefox ESR

I think the main reason is because covering all the bases to make sure the bundle is operational and safe for everyone, with very little manpower to go over things, is very difficult, so using ESR gives them a greater chance to work on proactive problems instead of constantly keeping up with a new release every 5 minutes, along with putting it with vidalia and Tor...

I think they might agree that a perfectly implemented current release of firefox, vs ESR, might be the absolute best scenario, but that isn't the actual scenario... the real scenario is comparing ESR, where they have to deal with minimal changes and can focus on new issues, to frequent current releases which might be at risk of being improperly implemented plus sucking up more of their precious time and energy.

I'm not a dev though, just a user.

What you write certainly _sounds_ reasonable but I (and many other TBB users) simply don't have the expertise to properly evaluate and judge such arguments. (i.e., to judge which of the two options, overall, presents the lesser evil.)

June 14, 2012

Permalink

This doesn't run on OSX Mountain Lion developer preview. The code signing information is invalid.

June 14, 2012

Permalink

tor is the best thing happened to me !
so what is with this bs? probably im too stupid/lazy to figure this out.
pc-s running a quite stripped down w7, everything is fcking portable, been quite stable for a while, dont remember the timeline exactly, but like a week ago or so tor browser bundle pissed me off - earlier i could somehow set my start/homepage to something different from that freakin "YOU ARE USING TOR", and although this is a very importan security issue, like i have read from the blog recently - the screen shit- like i said i somehow managed to show my start/homepage something different from that crap, i managed somehow to start TBB in a almost maximized screen resolution, but all the good/bad things must come to an end and there i am figuring out what the fck happened, who has the power to alter my portable installation?
oh, and the other question also - why is this tor bs startin up so slow? this is the fckin slowest shit on my pc, and i mean there only the browser startin time. tldr i quess ;)

June 14, 2012

Permalink

hi just upgraded to the new tor 37.1

looks like all major websites are blocking Tor:
Google , startpage, Amazon, sears,

I tried to click "use new identity" but nothing changed, even cleaning cookies.

Just curious, why would you use Tor for a site like Sears(.com)?

Unless you only interested in browsing it anonymously-- since any purchase would necessarily reveal your actual i.d.

Actually, I guess there could be cases where one could reveal their i.d. but not their actual location.

June 15, 2012

Permalink

Anyone tried this latest TBB on any of the OSX Mountain Lion developer previews ? if yes, can you give feedback here please

June 15, 2012

Permalink

I'm sorry if this is completely irrelevant to what you were talking about, but you seem to know a lot about "Tor" and "Vidalia".
My question is: How do you download adobe flash player for the Tor browser? I've tried doing it, and well it says that it downloads and everything, but a new tab randomly opens in GOOGLE CHROME, saying "Thank you for downloading Adobe Flash Player...". So I guess it downloads for Google Chrome, and not for Tor. And so then I try to use adobe flash player on Tor to see a video for example, and it still doesn't let me, because it wasn't downloaded for Tor. It was downloaded for google chrome or something. Do you think you can help me with this?

just an average joe answering here :) from my experience, i have flash installed, but tor is not officially reckognizing it, so if you also have flash installed, just ignore the browsers warning messages. just keep trying :) of course here i could already imagine all the webmasters and whoever already lol'd, but i saw some youtube vids after messing around with noscript and something else. after all i came to a conclusion that watching vids is not a life&death situation, so it could be cut off easily.
and that life&death shit (i mean like the journalism from hell etc&whatever) i lately discovered (again) the wonderful world of gifs.

June 16, 2012

Permalink

I've got the same problem with 'error at line 1' message shown. Can't even save torrc file.

June 16, 2012

Permalink

arma can you please go to this post:
https://vbdvexcmqi.oedi.net/blog/new-tor-browser-bundles-windows#commen…
- look at your comment from June03:

Arma:
"https://gitweb.torproject.org/torbrowser.git/blob/refs/heads/maint-2.2:… is the patch that does what you suggest. It's already applied. I just asked several users to test, and it works for them.

What Windows are you using? Which TBB version is it? Can you go to about:config in your normal (system) Firefox profile and search for 'torbrowser' and let us know if there's anything there (and if so, speculate about why it's there)?"

I responded to your comment but you haven't responded back can you please do so? I still have this bug with new version

June 16, 2012

Permalink

I find that TBB often crashes when I close the browser (about 50% of the time), pointing to an error in qtcore4.dll. This had happened with previous versions too. Is there any way to fix this? I'm using XP SP 3. Great software otherwise - thanks for your hard work!

Recently I uninstalled Avast Antivirus, Comodo Firewall and Windows Defender (all free versions). I then installed Microsoft Security Essentials and switched on the Windows XP Firewall. After doing this, I no longer get the error when closing down the browser in TBB.

June 16, 2012

Permalink

after the latest release, like someone here already mentioned - startpage.com refuses to cooperate and suggests to get a new identity. it seems quite reasonable from them to ask it, because lately my attention was caught by that ip number which is displayed on the home or "start" page which informs about your tor status etc. it's like almost (or even more than) half the browser bundle starts will give you a ip of 31.172.30.X. this is too weird i think.

i have this bug too.
it happens 90% of the times .
I tried using the Tor of the torproject repositories and also TBB.
the problem persists

31.172.30.2 is chaoscomputerclub, a DE (Germany) exit node. It could be because it is a "fast" router. Or maybe they are hackers or something.

June 16, 2012

Permalink

I just downloaded the new browser bundle for linux 32bit, using ubuntu 12.04. Vidalia starts just fine and connects to the tor network, but firefox doesn't start. The connection is just fine, so it seems a bit weird (and very annoying since I can't start it manually). Does anyone else have this problem?

Vidalia connects, 'but firefox doesn't start'

yes, i do rarely get this, like just now for this session, but not with linux - i'm using OSX.6.8 SnowLeopard (64-bit), with Vidalia 0.2.17, Tor 0.2.2.35(git), Torbutton 1.4.6, and Qt4.8.1 ... Vidalia runs thru her startup and tells me i'm connected to the network, but Tor's nowhere around - tonite the TBB wouldn't open tho MsgLog said the network was 'running', but i didn't get the 'connected' confirmation ... thru Vidalia i did a StopTor, then had Vidalia Exit, and restarted the TBB from the Applications folder (usually i have Vidalia start everything from the Dock but she was having problems, and TBB had fallen off the Dock twice) ... after restarting, everything worked as expected, even with the 'connected' confirm in MsgLog/Basic - tho TorBrowser does NOT open to the check page (i go there manually each time) - maybe i should share my version with some of the folks who don't want to see the check page? ;)

2) i think an Option switch or checkbox might be a good way for those who don't want to go to 'check' page - i prefer TO go, and i return to that page after changing ID to confirm that it has been changed (and occasionally check out what country i'm in - when adverts are in German, that answers THAT question)

3) i've dwnldd 37-1 but haven't installed yet after reading about the strange hassles folks are having with it

4) right up there in Vidalia's MessageLog, the very first line we see EVERY time reminds that this is 'experimental software' ... hard for me to believe, but some folks posting here write disparagingly of the software AND the devs, apparently forgetting that users are participating in an experiment that costs them nothing (save the occasional bouts of frustration, and i've surely had them, too! :) ... if we don't have the patience, if we don't want to help get the TBB to its full (and awesome) Potential, maybe we should just return to a naked FireFox and cease the badmouthing?

5) i was shocked to see that NoScript's 'Allow scripts globally' (wch i'd been using ~1yr before learning about Tor) was CHECKED by Tor, and i immediately UNchecked that box the first time i saw it ... after becoming more familiar and comfortable with the TBB, i decided to try it checked to see the difference ... that didn't last long, and i'm now excluding scripts, and will continue to do so - yes, there's stuff i don't get to see, but i glommed onto Tor for security/privacy/anonymity, not 'fun' ... Tor's taught me a lot about max safe browsing, and i've been using my own computers since the early '90s ... we each set our own priorities

6) re: torrc - it says right at the top that any changes made WON'T be Saved, so shouldn't be a surprise!

you TorProject folks are wonderful, thankyou SO very much for your efforts, yr global altruism, and for putting up with even the impatient ones among us! ;-)

right up there in Vidalia's MessageLog, the very first line we see EVERY time reminds that this is 'experimental software'

And yet... how many people, realistically, ever open the message log and see that warning?

Shouldn't it be placed in more conspicuous places, such as on the download page itself? I have searched said page
( find no mention of the software itself being "experimental"

I enclosed the first paragraph above with the html tags:

but it appears they were totally ignored.

Yet, the html tags got swallowed-up!

Go figure.

Yes I had that problem with Centos: vidalia starts but browser never does. At the same time I had a : Qt error which complained about authentication failure. Today I tried ubuntu (10.04 LTS) and the Qt error is:"Qt: Session management error: None of the authentication protocols specified are supported". But low and behold the browser is up. I am using it right now.
The new L

I found using google this to be a known problem Tickets 5465 5261. I should have found these within torproject.org. How?

Basically the problem normally is harmless, if it doesnt stop the browser, that is. But it indicates Vidalia is trying to make a connections that it shouldnt.

The new L

I have mostly used Knoppix 6.2 (based on Debian) and never seen this problem. Perhaps that is what I should be worried about. Under Knoppix Vidalia succeeds making its unwanted connections. And does what?

Ticket 5261 is the most recent piece of information when I search the "Qt: Session management error" in Wiki Milestones and Tickets and rrandom says:

"It would be very bad if any part of TBB actually succeeded in talking to an X session manager. Can TBB-Vidalia ever connect to a session manager? Can TBB-Firefox ever connect to a session manager?"

The answer to these questions is found in Ticket 5465. Mainly:
It appears that Vidalia/Qt attempts to connect to a session manager iff the SESSION_MANAGER environment variable is set. RelativeLink.sh should unset that variable.

(Hopefully unsetting that variable will also keep Firefox from trying to talk to a session manager.)

It appears that Vidalia/Qt will be unable to connect to the session manager even if it attempts to, because the user's $HOME/.ICEauthority file is not present in the TBB directory. The GNOME 2 session manager did not log a message in $HOME/.xsession-errors when Vidalia failed to connect to it; hopefully other session managers won't log authentication errors either, but we shouldn't count on that.

I have a similar problem.

I start Tor fine using the browser bundle, but immediately a message pops up saying "Your firefox profile is missing or inaccessible". If I click the 'okay' button, the torbutton closes, and my connection is cut. I'm running tor in my school, and for this reason I can't connect firefox to an alternate web router. I can't find anyone else who shares this problem.

I was able to run Tor from a different computer on the school's network this past week, so maybe this is fixed, but I severely doubt it. Do you know what I could try?

June 16, 2012

Permalink

Anonymous from Syria
issues with Tor Browser Bundle for 64-Bit Mac
Version 2.2.37-1 - OS X (64-Bit)
couldn't establish any connecting it is said that (connecting to relay directory) and stay in that status I re install 2.2.36 instead is there is any solution

June 18, 2012

Permalink

Anonymous Kitten
Can anyone help me, I just got ubuntu latest 12.04 LTS and cannot get Tor project to run at all, I get this error after I extract and click on Start Tor . exe
---
Tor Browser Bundle
Vidalia exited abnormally. Exit code: 127.
----

What does this mean? These instructions don't help me https://media.torproject.org/video/torbrowser-docs/How-to-download-and-…

How can I get Tor? I'm kinda new to linux, so please give me noob instructions... :S

1. Go to Tors official homepage: https://decvnxytmk.oedi.net/
2. Click on the big purple "Download Tor" button
3. Scroll down to "Tor Browser Bundle for Linux"
4. Click the orange download button there, and save the file to somewhere you will find it later

5. Open your home folder and browse to where you saved the file: "tor-browser-gnu-linux-i686-2.2.37-1-dev-en-US.tar.gz"
6. Extract the file by right clicking it and choosing "Extract here"
7. Go into the extracted folder and double click on "start-tor-browser"
8. Select "Run" in the dialog that pops up

If it still doesn't work, ask for help again.

Well you can as next step:
Copy your computers Error message into a Search at tor or Google. Very likely somebody has posted a bit of info on the problem.

This is where i am. I've done all the things you written but firefox never starts.
And if i open it the regular way its not going thru Tor.

What to do?

June 18, 2012

Permalink

clicking new identity causes tor browser to disappear than reappear Is this normal? I know just a few versions ago it used to always close any open tabs but the window did not behave like this

June 19, 2012

Permalink

Hello, i use win7 and vidalia keeps crashing when it tries to connect to tor, i have searched the net and tried several solutions, seems like the vidalia configfile is something wrong with, i tried moving it and it did'nt crash as fast as before, but it hangs(freezes so i cant even check the info lines on whats wrong) , i can start tor manually and i makes the bootstraps and cicuits, but i cant connect via tor anyhow i configure my firefox and torbutton.

June 20, 2012

Permalink

can you tor guys please open a forum this week before sunday 24th June at noon?

look at how confusing all this discussing on a blog is.

please open a forum

the "privacy" or security of the forum doesn't matter.. let people post anonymously (without having to register a user) and just have the posts be moderated (just like on this blog) so a mod has to approve it before it appears on the forum. most people using the forum will be using tor anyway so the privacy is protected. you can even put a big warning message on the forum that says: "only post to this forum using tor bundle. if you don't, we can't guarantee your privacy"

it's so simple. please do it. phpBB is a good choice.

I also wish there were a forum and am baffled that there isn't.

But what of is the significance of,
"this week before sunday 24th June at noon?"

What is it about that date in particular?

If I have understood the situation correctly, the security problems isn't for the users privacy, but the fact that servers running phpBB (and similar forum software) is easily and often hacked. Hacking a server running on the torproject.org domain puts all of the Tor projects infrastructure at risk, and even if the forum is running on a completely other network, the hacker will try to distribute virus through the forum by using known exploits on web browsers.

I may be wrong though.

Can a tor dev please confirm this? is it true that having a forum on the torproject.org domain puts the entire site at risk for hackers and virus?

if so, why not create forum on another domain and server? like torprojectforum.org - then link to that site from torproject.org .the forum would be on a completely separate server and domain. good idea right?

I agree. I was surprised to find out that the tor project has no official forums. it's sometimes discussed on linux forums but there's no real interaction with any of the tor devs as far as i know on any forum.

wake up tor! make us a forum!

We're awake. We've known about the forum idea for a year or so now. Over the past year, we've been having growing pains from taking on many new projects and scaling up the number of developers. So we've been hesitant to stretch ourselves even thinner.

We're getting ourselves into a position where we can run it safely (both from our perspective and our users' perspective) and usefully.

I just added https://decvnxytmk.oedi.net/docs/faq#Forum to make it clearer.

June 24, 2012

In reply to arma

Permalink

And yet, you not only offer one-to-one support via email but even via TELEPHONE (!).

I can't be the only one to wonder how you can find this cost-effective.

As linked in this thread already, please read the trac ticket. 99% of the tor devs use email as their primary means of interaction. We've had attempts at web forums in the past and they go no where because it's filled with people who are not tor devs.

You can see the entire span of opinions in the trac ticket. There is no plan for tor to host a general web forum.

There is a plan to host a Q&A style forum so people can find their answers via web than on our faqs and mailing lists.

June 24, 2012

In reply to phobos

Permalink

"There is no plan for tor to host a general web forum."

That sounds quite different from the statement,
"We're getting ourselves into a position where we can run it safely", said by arma in the previous post.

"There is a plan to host a Q&A style forum"

What, exactly, is the difference?

I don't think any of the many posters here asking for a forum mean one for general chit-chat or anything other than support for any of the products put out by the Tor Project.

"our faqs and mailing lists."

Why not at least link to these prominently on the home page of the blog, with a note that the blog is not for support?

June 20, 2012

Permalink

Hi, the page at
https://decvnxytmk.oedi.net/docs/verifying-signatures.html.en
does not make clear the proper, full command for verifying the signature using GNU/Linux, which I am nearly certain is as follows:

gpg --verify tor-browser-gnu-linux-i686-2.2.37-1-dev-en-US.tar.gz.asc tor-browser-gnu-linux-i686-2.2.37-1-dev-en-US.tar.gz

Specifically, you do not make it clear that the name of the tar.gz file must follow the the name of the .asc file, as shown above.

June 24, 2012

In reply to phobos

Permalink

I stand corrected.

(Note that both files must be in the same directory when verifying.)

What threw me off is the verification methods for TAILS as well as Ubuntu, both of which include an additional file name in the command.

TAILS:
https://tails.boum.org/download/index.en.html#index3h1

gpg --verify tails-i386-0.12.iso.pgp tails-i386-0.12.iso

Ubuntu:
https://help.ubuntu.com/community/VerifyIsoHowto

The ISOs are not themselves signed. Rather, each TXT checksum file comes with a corresponding signature file that ends in ".gpg", and the instructions are to verify the TXT file with the command:

gpg --verify MD5SUMS.gpg MD5SUMS

I wonder why Ubuntu does it that way and not with the more direct that Tor Project and TAILS use.

June 20, 2012

Permalink

This website will check if your ip address is leaking through flash and java, or your dns is leaking through java.

http://aboutyourip.info/

so far tor doesn't seem to leak any ip addresses even when i have flash and java turned on.

let me know if your tor is leaking?

June 20, 2012

Permalink

The latest TBB will not launch the browser for me, after Vidalia starting up.
I'm running freebsd on x86.
There's no errors on startup or Vidalia debug-log, maybe a bug with the browser? Here is the output when i try to launch firefox from within the App dir.:

./firefox-bin
XPCOMGlueLoad error for file /yard/tor-browser_en-US/App/Firefox/libxpcom.so:
libxul.so: cannot open shared object file: No such file or directory
Couldn't load XPCOM.

Both the .so files are very much present and carry the same perms as all others.
Anyone see the same problem as i am? Any help would be much appreciated.

I just had this exact same problem in x86_64 linux and was scratching my head for awhile about it. And then I noticed I was using the x86 bundle, not the x86_64 one. I downloaded the one for my correct architecture and it totally works. Hope this helps.

June 20, 2012

Permalink

This whole discussion about firefox, Javascript and what else? has me saddened so much :

It's been justly reminded that the Torproject has limited resources. I wish they concentrated again on Tor itself - the network protocols, client and server software - and less (not at all, indeed) on the browser - which is none of their business IMHO.

Provide a robust Tor, do provide help and advice for client software configuration (including but not-limited-to : browsers) but PLEASE stop losing time and energy with Torbrowser and nonsensical bundles. Back to fundamentals !

thanks

--
N

It is not possible to configure any browser to be secure through Tor, that's why they provide the Tor Browser, a patched version of Firefox. Especially people without advanced technical knowledge is also in need of Tor, and because of their incompetence they would run faulty/dangerous configuration if they had to reconfigure their software themselves, a problem that Tor Browser solves.

We could do that. But then our advice would be "do not use Tor with browsers". That advice doesn't sound fun (or likely to be followed).

We started the application-level scrubbing work when we realized that basically all our users were using browsers unsafely.

November 05, 2012

In reply to arma

Permalink

As a professional programmer, I know enough to know that computer security is almost a separate field. Thanks for providing the browser bundle so that at least that can be done with reasonable safety.

BTW, I just patched the start-tor-browser script to unset SESSION_MANAGER and the startup message disappeared with no other apparent effects.

June 20, 2012

Permalink

Hello
I am new to Tor , and I just downloaded the Tor Browser from this site
When I first installed it, it worked what seemed like ok < I guess

a new browser opened in Firefox every time I opened it, and said WELCOME TO TOR
or something like that

Now that never happens anymore
the VIDALIA CONTROL PANEL OPENS

but thats all
no browser opens in firefox

What could I be doing wrong?
I tried to uninstall but I cannot even find the program in my installed programs list
its not Vidalia, its not Tor Browser I have no idea what to do at this point

You said nothing about your platform, not even the operating system. But you could:

To find the "tor installation" search for a directory tor-browser-*. Just delete it and I believe its all gone. But before uninstalling. Try to run, from that same directory:
start-tor-browser
again and see if there is a Qt error.
If so you have a known bug. I found it in Centos and got no browser. In ubuntu also, but there I have a browser. it seems not to exist in Debian.

June 20, 2012

Permalink

Hello I just downloaded Tor from this site

when I first installed it, the Vidalia CONTROL PANEL opened and a new browser window opened in Firefox

Now all that happens is the Control panel opens
no firefox browsing window. so I really cannot even browse

What might be the problem?

June 20, 2012

Permalink

"PLEASE stop losing time and energy with Torbrowser and nonsensical bundles"

So, I take it you are of the opinion that anyone for whom configuring Tor/Vidalia manually presents too much of a challenge, is someone who has no business using Tor in the first place?

Because the TBB enables many people to use Tor with at least some degree of relative safety that would be unrealistic -- if not impossible-- for them to achieve without TBB.

June 20, 2012

Permalink

Since I've been using this release of TBB, it seems like I've been getting the following IP (or at least a very similar one) more often than not:

31.172.30.1

Is this cause for suspicion?

Same question here. Additionally, I just clicked through "new identity" three times and got the SAME IP.

Anyone who knows what they're talking about want to comment? Thanks!

June 22, 2012

Permalink

Yes,

I agree: Keep up your good work with the Tor Browser. It is part and parcel of what you do. It is certainly not @none of their business'.

Thanks for all the work that has gone into Tor.

June 22, 2012

Permalink

Tor is not working on the latest Vidalia bundle for Mac PPC. Getting this error:

"Vidalia was unable to start the configured proxy server."

Polipo appears to be missing from the package.

Please fix!

June 22, 2012

Permalink

Until this Version 2.2.37-1, I have had no problems using the Vidalia Bundle for Mac PowerPC. Today, I downloaded the latest stable version and I get an error message, "Vidalia was unable to start the configured proxy server." Polipo appears to be missing from the bundle.

Please check.

June 23, 2012

Permalink

The URL http://aboutyourip.info/ mentioned above is in russian!!! I do not understand russian. Is there a url for the english version?

What I would like to know is if there is a site which publishes a list all firefox add-ons which are dangerous when added to the TBB.

Thank you.

June 23, 2012

Permalink

For the last few days, everytime I have checked via the Traceroute of ip-check.info, the first and second IPs connected to have ALWAYS been the same.

This strikes me as unusual and, therefore, possibly, suspicious.

Comments please.

This is very similar to the above comment:

"Since I've been using this release of TBB, it seems like I've been getting the following IP (or at least a very similar one) more often than not:

31.172.30.1

Is this cause for suspicion?"

I hope someone in the know will reply.

#cause for suspicion?#

I would say no.Its a german hackerclub with a big line.
But they seem to have a strange filter behaviour if you use an unusual useragent

June 24, 2012

Permalink

about:config browser.download.manager.scanWhenDone is true.

that means someone (third) is scanning my files for virus?

June 24, 2012

Permalink

Do Not Install The Proprietary Ghostery FF Addon!

Ghostery's true background (Score:3, Interesting)

"Seems like a lot of people are praising Ghostery, which leads me to believe that you haven't heard the backstory.

Evidon, which makes Ghostery, is an advertising company. They were originally named Better Advertising, Inc., but changed their name for obvious PR reasons. Despite the name change, let's be clear on one thing: their goal still is building better advertising, not protecting consumer privacy. Evidon bought Ghostery, an independent privacy tool that had a good reputation. They took a tool that was originally for watching the trackers online, something people saw as a legitimate privacy tool, and users were understandably concerned. The company said they were just using Ghostery for research. Turns out they had relationships with a bunch of ad companies and were compiling data from which sites you visited when you were using Ghostery, what trackers were on those sites, what ads they were, etc., and building a database to monetize.

When confronted about it, they made their tracking opt-in and called it GhostRank, which is how it exists today. They took an open-source type tool, bought it, turned it from something that’s actually protecting people from the ad industry, to something where the users are actually providing data to the advertisers to make it easier to track them. This is a fundamental conflict of interest.

To sum up: Ghostery makes its money from selling supposedly de-indentified user data about sites visited and ads encountered to marketers and advertisers. You get less privacy, they get more money. That's an inverse relationship. Better Advertising/Evidon continually plays up the story that people should just download Ghostery to help them hide from advertisers. Their motivation to promote it, however, isn't for better privacy; it's because they hope that you'll opt in to GhostRank and send you a bunch of information. They named their company Better Advertising for a reason: their incentive is better advertising, not better privacy."

- http://yro.slashdot.org/comments.pl?sid=2931443&cid=40412193

June 25, 2012

Permalink

I have problem with Tor Browser Bundle for 64-Bit Mac and i386
Version 2.2.37-1 - OS X
couldn't establish any connecting it is said that (connecting to relay directory) and stay in that status I re install 2.2.36 instead is there is any solution I am Anonymous from Syria

June 26, 2012

Permalink

Not working for almost 3 days
Tor failed to log in the network
"problem bootstrapping. Stuck at 10%"

June 28, 2012

Permalink

I am trying to post on a certain "typepad" blog. My posts are not appearing. I keep on clicking on "use a new identity" still it disappears. For a while everything worked. Is it possible to set up typepad to block all users who use TorBrowser?.

June 28, 2012

Permalink

I am unable to use Disqus.

At Engadget and PCMag the comments will load, but I cannot login either with Disqus, Yahoo or OpenID.

At Wired.com the comments will not load at all.

Stock TBB for Windows (7) with 3rd party cookies enabled. Otherwise no change from how it downloads from the Tor site.

June 28, 2012

Permalink

can anyone help me with this problem? has been happening for one day whilst it used to work fine...I can connect ot most other onion addresses.

this is what it says

Unable to connect
Firefox can't establish a connection to the server at silkroadvb5piz3r.onion.

The site could be temporarily unavailable or too busy. Try again in a few
moments.
If you are unable to load any pages, check your computer's network
connection.
If your computer or network is protected by a firewall or proxy, make sure
that TorBrowser is permitted to access the Web.

help if possible!

June 29, 2012

Permalink

Since updating to the latest Windows 7 and Linux bundles I'm continually getting time warnings and hang at 25%, sometimes 50+%. It will even connect fine for a bit then I'll lose all connections and be unable to connect again.

At other times it works great, usually early in the morning.

This is happening on two different systems that also dual boot and have the correct date/time set and tweaks applied in Windows to allow GMT/UTC. Linix has been set from command line a few times including "date 06291455 UTC".

Running "Aptosid/Debian" Sid. Update once a week or as needed. Used to use Privoxy and Tor packages without issue as well. Removed them all and started just using the bundles to ensure security and no conflicts.

All old/unused packages removed including folders and config files.

Use UFW with only a few email holes 53, 443 and 80 open. Ensured Vidalia is set for 443 and 80.

Set up a new laptop with just the Linux bundle same issues. In all cases installing the latest Iceweasel/firefox with only NoScript and Requestpolicy added and everything locked down works fine.

This has been going on for about a week. I see others noting the last 3 days.

Location is Ontario, Canada.

Bugs or OS issues? Trick for time I'm missing? ID-10-7?

June 30, 2012

Permalink

When I post a comment online using TBB especially in countries where such a comment can lead to a knock on one's door at 2 am in the morning, there is always this question in my mind: "Did any necessary connection(s) go to its destination bypassing Tor network thereby revealing my true IP?" I am an average user of TBB and I do not know how to install and use softwares like Wireshark to monitor traffic to and from my computer. I wonder if TBB should warn the user that in the background connection(s) will be established outside the Tor network with the option to proceed or not.

Also, I am sure many TBB users add more add-ons to the ones TBB is shipped with. Can a very experienced user of TBB suggest which ones can further enhance one's anonymity and privacy. Thank you.

If you want to keep your anonymity and privacy, don't install or remove any add-ons. Just adding an add-on makes fingerprinting easier and reduces your anonymity set. Adding more add-ons is NOT recommended.

As long as you are running/using the latest version of TBB, you can feel fairly confident that all connections are made through Tor in all cases. There are other users that knows software like Wireshark and Tor internals that tests TBB heavily for just this kind of leaks, and they are treated very seriously.

July 01, 2012

Permalink

I have some stupid newbie problems with extracting Tor Browser Bundle on Ubuntu. I used to use Tor on XP, but since Roger says that it's not secure to run Tor on proprietary OS, I switched to Ubuntu. So, when I click "start Tor browser", Vidalia isn't running - I just have text document. Ubuntu is 32-bit, not 64-bit, so I don't know where is the problem. I've watched video tutorial, but it didn't help, because there is an option there when you can choose among "display its contents" (Or something like that), and just "run it", but I don't have such option, it is only opened as a text document. Sorry for stupid questions, I'm very new to Ubuntu and I'm not a programmer.

*And sorry for off-topic

Sounds like Nautilus (Ubuntu's native file manager) is set to automatically *display*-- and not *run* -- executable files.

Open Nautilus (which you can do by simply opening your home folder or going to "places" > "computer"). Find "preferences" under the tabs at the top (should be under "Edit" but I can't recall with certainty and I don't have access to Nautilus at the moment). Then look for and select the option of always asking whether to run or display executable files.

July 01, 2012

Permalink

I have downloaded the Torbrowser, and although it seems to work just fine, my problem is that i had no idea that it would make Mozilla Firefox and Internet Explorer completely unusable. I know that all the BS on the site says using other browsers is not recommended, but doesn't seem to say "will not work". Both Mozilla and IE say they cannot connect to internet. I want to know either how to fix this (what setting did Tor change that screwed up my other browsers?) or i need to know how to entirely rid myself of this tor headache!

July 02, 2012

Permalink

Since this version, every time TBB starts, IP is 31.172.30.1 or very similar.

What gives?

31.172.30.1 is chaoscomputerclub in DE (Germany), a country infamous for seizing Tor servers and home of JAP (which comes with in-built "crime detection") So, yeah, you can trust it!

July 03, 2012

Permalink

A friend of mine (who is now afraid to use tor) was asking me about a possible vulnerability. He said he got a alert in his firewall saying that vidilia is trying to receive a connection from the internet on port 1032. I did not know how to answer his question (about whether it was a vulnerability in the software or something else) so i am posting it here Any help or ideals would be appreciated

July 06, 2012

Permalink

Would I be able to create another mirror of The Tor Project? Or are the others available already sufficient?

July 06, 2012

Permalink

Hi. Recently I updated my ArchLinux and now I can`t start firefox in TBB. /var/log/messages.log is full of "firefox[5141]: segfault at 7f3fe7204dc8 ip 00007f3e822368a3 sp 00007ffffa69ce20 error 4 in ld-2.16.so[7f3e8222b000+21000]" and similar. Normal ff is working good and I have no other problems with anything :-/

July 07, 2012

Permalink

Tring to launch tor browser and getting a message saying it read the FOXFIRE file or it is corrupted. Do I need to lauch tor for an existing browser or a just start tor

You just start tor, and it will start the tor browser. If you get an error, try to download tor browser bundle again. Maybe it got corrupted while downloading.

July 08, 2012

Permalink

Why can't I uninstall TOR? It's no where to be found in the uninstall feature in windows.
There is also no uninstall software with this bundle. I don't want to use TOR with browser but with other software.

July 08, 2012

Permalink

We need an official Tor discussion forum.

I didn't see this issue mentioned in Roger's *latest* notes post, so for now, mature adults should visit and post at one or both of these unofficial tor discussion forums, these tinyurl's will take you to:

** HackBB:
http://www.tinyurl.com/hackbbonion

** Onion Forum 2.0
http://www.tinyurl.com/onionforum2

Each tinyurl link will take you to a hidden service discussion forum. Tor is required to visit these links, even though they appear to be on the open web, they will lead you to .onion sites.

I know the Tor developers can do better, but how many years are we to wait?

Caution: some topics may be disturbing. You should be eighteen years or older. I recommend you disable images in your browser when viewing these two forums[1] and only enabling them if you are posting a message, but still be careful! Disable javascript and cookies, too.

If you prefer to visit the hidden services directly, bypassing the tinyurl service:

HackBB: (directly)
http://clsvtzwzdgzkjda7.onion/

Onion Forum 2.0: (directly)
http://65bgvta7yos3sce5.onion/

The tinyurl links are provided as a simple means of memorizing the hidden services via a link shortening service (tinyurl.com).

[1]: Because any content can be posted! Think 4chan, for example. onionforum2 doesn't appear to be heavily moderated so be aware and take precautions.

July 08, 2012

Permalink

like others I consistently get allocated IP address 31.172.30.1 (or .2, .3) using TBB. Haven't seen anyone reply with a reason so far. Has anyone looked into this?

July 09, 2012

Permalink

Looked at the configuration.
Maybe set dom.server-events.enabled to false?

July 09, 2012

Permalink

the Bloody Secret:

1) the only Tor or TBB releases fit for use are Stable releases.

2) the unending (some recent sanity w/FF10.05) hunger of T´project ops to üpgrade¨ everything, esp Firefox, is nuts. If a military EW specialist did this he would be shot. REVERT to safe, stable FF3++ versions, keep patching Tor and Vidalia w/o requiring distro pkg upgrades beyond Lenny, Hardy or Lucid (the last of the stable and useful Linuxes). Make it simple and stable only---MINUS the horseshit Extensions, Plug-ins, add-ons ~NoScript and all the rest, except for lovely Torbutton. All of these forced-add Extensions decrease security by opening endless avenues of attack, not to mention their config-prefs are dangerous. The monster Firefox has become is utterly loaded with unneeded junk and phone-home nonsense--just open all the .js and jar files and look at the shit being imposed on the user. Torproject, your work IS appreciated greatly but you seem to be going the way of the collaborator. I hope I am being a fool in thinking this.

Finally, the unnecessary and seemingly pointless bloat of a potentially tight system leave me puzzled. As does the million$ you have confirmed taking from the Feds. And, now, you require me to allow you to install cookies on my box in order to post my opinion here. Time to reflect, Jimbob.

1.) Plugins? What plugins?

I do not recall TBB ever coming with plugins.

2.) Could you kindly explain your complete dismissal of the many protections that NoScript claims to offer? (and is widely recognized as offering)

Do you have an alternative to suggest/propose for protection against all of the various exploits that NoScript protects against?

I don't know enough to comment on the rest of your post.

1. We tell the world this. -stable is for usage. -alpha is for testing.

2. Tor browser is based on firefox. When mozilla forces updates and fixes security and privacy bugs, we update to fix them for torbrowser.

2a. We don't ship 'horseshit' extensions. We ship a config designed to protect anonymity. Rather than rewrite noscript for the functionality we want, we use the actual noscript.

2b. There are no plugins shipped with tor browser. what plugins do you see?

2c. Firefox is huge, yes, Most of the size is due to xul library (libxul.so at 24 MB) and vidalia's libqt (libQtGui.so.4 at 12 MB).

2d. please detail what 'phones home'? we disable most of it unless it goes over tor directly.

2e. please submit patches to torbrowser which address your concerns.

July 10, 2012

Permalink

I have been a Tor user for about a year, and like many others would love to be able to use the browser bundle intermittently, while leaving a relay or bridge running continuously. Others have documented the difficulties of not being able to close the browser, or vidalia, in a tbb without tor.exe itself closing, which is frustrating if you are trying to run a relay.

However, I come here today to leave feedback on another difficulty I encountered today.
I had read here that it was possible to run 2 instances of vidalia relay or bridge, and a tbb if they were located in different directories. I consider myself experienced at tor, so I went to try it out. I unzipped a fresh copy of the latest Tbb into a separate partition in my WinXP dual-nic, while a vidalia relay ran elsewhere. I started vidalia first, and set a different control port from the relay. Then I see vidalia is trying to hijack the already running relay. After starting and stopping vidalia a few times, looking at the vidalia config, etc. I finally get the 2nd vidalia running.

However the 2nd tor won't start properly.
Even editing firefox pref.js> torbutton.custom.socks_port 9065, network.proxy.socks_port 9065, vidalia.conf, etc. tor won't start properly. The socks listener port is the problem. In order to run a 2nd instance, I have to edit my torrc before I can change the socks listener port, because tor.exe defaults to 9050, which the first instance is already using. This will be beyond some users, and actually took me about 15 minutes of parsing every possible .ini or .conf in the Tbb package to realize.

So, the TLDR is that the socks listener port is inaccessible from anywhere in vidalia, and you can't edit a torrc in vidalia that isn't running. If you make the Socks port configurable in Vidalia, a smart user can change that port before Tor.exe rushes headlong toward it's built-in default of 9050 and crashes relentlessly.
Running a 2nd instance of a Tor bundle would be easy at that point. Open Vidalia, set the control, dir, OR, and socks ports, and off you go. My apologies for the wall of text, but I hope maybe this will help you improve your Tor bundles.

I would also be remiss if I didn't say "Thank You!!" for all the hard work you do. As the totalitarian regime(s) grow around the world and at home, what you do is priceless and dare I say, even lifesaving. Thank you, thank you, thank you.

July 10, 2012

Permalink

i've just tried to download the latest release mentioned to me today when i booted Tor. now, Tor browser doesn't work. instead i get this error: Vidalia can't find out how to talk to Tor because it can't access this file: /port.conf

i've deleted all things Tor off my computer for now and will try back in a little while when hopefully things are a bit more stable.

running slightly older verion of OS X - 10.5.8 and firefox 13.0.1 on 64bit macbook

ta!

July 11, 2012

Permalink

strange thing: it now crashes in a few seconds/minutes on my debian wheezy

July 13, 2012

Permalink

Hi,

I'm working with MAC OS X Leopard 10.5.8 PowerPC (it still works fine!).

My Standartbrowser is TenFourFox v. 10.0.5 and so I'm surfing with the addon Torbutton 1.4.6 and the Vidalia-Bundle v. 0.2.2.37-0.2.19.

Because there is no TTB-Release for Mac-PowerPCs, so I could't try these apps on my PPC-Mac.

Yesterday I tried the (new) browser Aurora v. 15.0.a2 for PPC-Mac and specially for 10.5.8, but it don't works with Torbutton 1.4.6.

Do you have an idea what to do?

July 13, 2012

Permalink

I need help configuring getright to wither use Tor's built in proxy or setting up Polipo for tor (I tried the config file on the site's FAQ) and setting up getright to use Polipo. If I set getright to 127.0.0.1 and the 9050 port it just sits trying to connect to the file it tries to download. If I setup for Polipo it tells me the host can not be found. I never had problems with getright until polipo was taken out of the bundle. Can anyone either help me get getright working, help me get another download manager working, or point me to the last tor bundel download that had polipo as it's default proxy?

July 13, 2012

Permalink

Feedback on the Vidalia Bridge Bundle 2.2.37-2.19.

Clean install on a clean windows xp install, so I know there was no leftover cruft.
[Warning] Failed to open GEOIP file D:\Documents and Settings\W\Application Data\tor\geoip.

Problem is, the default bundle install put the tor (data) folder and the geoip at D:\Documents and Settings\W\LOCAL SETTINGS\Application Data\tor\geoip.

July 15, 2012

Permalink

I receive a "keyserver timed out" message when attempting to verify the gpg signature. Is anyone else experiencing this?

Perhaps you mean when attempting to import the key?

If so, it may be your firewall (hardware, software or both). I had to temporarily disable my router firewall in order to import the signing key from Tor Project.

July 15, 2012

Permalink

Polipo has been pulled from the Vidalia bundle. Cannot get tor to work without it. So WTF are we supposed to do?

July 21, 2012

Permalink

could someone explain the situation when most of the sites visited, do not allow/provide (page) back and forward functionality of the browser, but sometimes some sites still allows/provides them ???

July 25, 2012

Permalink

my office uses a proxy to see what we browse etc. thats when i got exttremely interested in Tails. i had a few questions abt Tails OS use-

1. we are told NOT to open attachments from email while using Tor, but to save them and view later... Question- what program can we download attachments with and am i supposed to view the downloads after i close Tor?

2. how can i work with a document in Tails, then transfer somewhere to use with Win XP? for one thing, the extension is not recognised by Win.

3. when starting up Tails, the second option says FAILSAFE.. Question- which option am i supposed to highlight? what exactly is failsafe?

4. i am unable to get Tails working on my office computer even though i changed the boot order to USB first. it just won't start. the computer was purchased in 2004 maybe. Question- any suggestions?

5. using Pidgin chat program, if i chat with a gmail or facebook contact, is my conversation encrypted even if my contact is using the normal gtalk interface, for example, or do we both need to be using Pidgin with the OTR?

6. how do i configure Claws to work with gmail?? i followed someone's walkthrough online but doesn't work. i can't find a user manual on Tails anywhere either.

thanks for any help provided!

July 25, 2012

Permalink

I'm using the Tor Browser Bundle 2.2.35-12 in china and downloading the 2.2.37-1 version.

What if some government agents - like the china communist party also run Tor and retrieve all the Tor bridge URLs. They can then block those bridge URLs one by one? Does Tor have solution for this?

July 25, 2012

Permalink

Thanks Tor people.
Can we perform TorBrowser upgrade through its menu: Help / About TorBrowser .

July 27, 2012

In reply to arma

Permalink

>The best way to upgrade is just to fetch the new one.

Umm....wasn't the last TBB release on June 12th?

(and is it not the case that the vulnerabilities for the version of Firefox in said release have been known for some time now?)

July 26, 2012

Permalink

i'm having the same errors "error at line 1" or "error at line 3" can't edit torrc files.. this is such a pain because i need to change my IP

July 29, 2012

Permalink

Just got this and am not seeing the Tor Enabled words in the bottom-right of the browser once it opens. However, I am seeing that my IP has changed, so that's right. Just wondering if this version should have the Tor Enabled down and what might be wrong. Thanks for any info!

August 10, 2012

Permalink

This blog is important; the matter is something that not a lot of people are talking intelligently about. I’m really happy that I stumbled across this in my search for something relating to it.

August 22, 2012

Permalink

Hmmm... as I can't use download managers with the new browser bundle versions for some reason, I'd like to know if downloading with the actual browser is safe and anonymous?

I mean if I just click at the file and download it with the browser, is my anonymity still intact?

August 25, 2012

Permalink

I am using a ibook G4 with a ppc processor..
I have installed the vidalia browser bundle, but cannot open .onion sites, whats up?

August 28, 2012

Permalink

For some reason whenever I try to edit the current torcc file, I get an "error at line 3" message. Based on some earlier posts I read in this thread, I got the idea that it was just a bug with commented lines, but after deleting all the commented lines, I get the message: "Transition not allowed: While Tor is running, changing data directory is not allowed".

Any ideas? I closed the browser and tried again, but it still didn't work.
Btw I'm running OSX 10.6.8 on a 2011 mbp

September 12, 2012

Permalink

You people are all wasting your time...Tor does NOT work and here's proof...

Fresh install of Windows XP SP2...FireFox 15.1 installed...No add-ons no nothing just a clean install of FireFox and Windows...OK?

So I was reading an article on some Yahoo webpage, and I decided I wanted to comment on it. I signed into my anonymous email address registered with fake info and location set as 90120.

By the comment box of the article there was a little check box with "show your location" and surprise surprise it knew my real location, the exact city I live in...

On top of this search results still returns local relevant results. I search for "Board of Elections" and it returned the board of election of my county....

TOR IS BS AND A WASTE OF TIME, YOU HAVE BEEN WARNED !!!!

September 21, 2012

Permalink

I have not read all your comments (so do not know if you have found the solution) but also gave me error in line 1: ""
is not a limitation or a security .. it's just an error due to wrong position of the text.
the text should be placed at the end of the file "torrc but in my case (I had to use just ip Polish), enter the text in" DirReqStatistics 0 "and" GeoIPFile. \ Data \ Tor \ geoip "!

I had to add this command:
ExcludeNodes

here's how I've configured:

# This file was generated by Tor, if you edit it, comments will not be preserved
# The old torrc file was renamed to torrc.orig.1 or similar, and Tor will ignore it

AvoidDiskWrites 1
ControlPort 9 ***
DataDirectory C :/ Users / *** / Desktop / Tor Browser / Data / Tor
DirReqStatistics 0
ExcludeNodes
GeoIPFile. \ Data \ Tor \ geoip
Log notice stdout
SocksListenAddress *****

asterisks obviously there are .. for my privacy I had to hide my information. P.S. those fields you fill in automatically.

You can also edit your torrc adding text to the end
select
select "apply only selected" in the lower right
and will be filled in automatically
that this will work

September 27, 2012

Permalink

Hi
How do i download adobe flash player for the Tor browser?!
i wanna watch some videos witch they need flash player & not working

October 05, 2012

Permalink

I have followed http://www.youtube.com/watch?v=63BwVLE2TtM to set up TBB to access BBC iplayer.

BBC iplayer used to work until I updated to TBB 2.2.39 32bit version for my Mac OSX 10.6.8. I re-visited steps in this you tube video (ie ExitNode {GB}, StrictNodes 1) in the config file and then "disabling plugins during usage" setting in the TOR browser settings, but seems like something is not quite right.

I don't get the NoScript pop-up asking to temporarily allow x-shockwave-flash Object in BBC iplayer site when I select a video...instead I get standard message "Currently BBC iPlayer TV programmes are available to play in the UK only..." The first time round with this latest bundle, I get some objects blocked...I have tried to Allow these temporarily too but does not fix it.

I have deleted and re-installed following all steps, I have tried this with New Identity, cleared any cookies, private browsing, etc but no joy whatsoever...any idea what I am doing wrong? Is there anything I need to modify in the Browser or NoScript settings?

Thanks

October 16, 2012

Permalink

Must say, I find it beyond offensive that TBB's firefox cannot be downloaded as a stand alone (or even easily separated out of the f'ing bundle) for those of us who keep Tor running 24/7 as a relay and don't want/can't afford the overhead of another Tor instance, another vidalia instance and the browser on top of it all.

For people who claim to care about their users...you've sure done a lot recently to reduce our options and remind us that you do not care about low-resources users.