Tor Browser 4.0.2 is released
A new release for the stable Tor Browser is available from the Tor Browser Project page and also from our distribution directory.
Tor Browser 4.0.2 is based on Firefox ESR 31.3.0, which features important security updates to Firefox. Additionally, it fixes a regression in third party cache isolation (tracking protection) that appeared in 4.0, and prevents JavaScript engine locale leaks. Moreover, we believe we have fixed all of the Windows crashes that were due to mingw-w64 compiler bugs. DirectShow is still disabled by default, though, to give the respective mingw-w64 patch another round of testing.
Here is the changelog since 4.0.1:
- All Platforms
- Update Firefox to 31.3.0esr
- Update NoScript to 2.6.9.5
- Update HTTPS Everywhere to 4.0.2
- Update Torbutton to 1.7.0.2
- Bug 13019: Synchronize locale spoofing pref with our Firefox patch
- Bug 13746: Properly link Torbutton UI to thirdparty pref.
- Bug 13742: Fix domain isolation for content cache and disk-enabled
browsing mode - Bug 5926: Prevent JS engine locale leaks (by setting the C library
locale) - Bug 13504: Remove unreliable/unreachable non-public bridges
- Bug 13435: Remove our custom POODLE fix (fixed by Mozilla in 31.3.0esr)
- Windows
- Bug 13443: Fix DirectShow-related crash with mingw patch.
- Bug 13558: Fix crash on Windows XP during download folder changing
- Bug 13594: Fix update failure for Windows XP users
Comments
Please note that the comment area below has been archived.
As a release version this
As a release version this rightly triggered an autoupdate alert for me. The autoupdater is however seriously broken, This time, in addition to the warning (correctly or incorrectly, cannot tell) that my user profile is missing, I am inundated with additional messages that indicate TBB cannot start because it is executing multiple firefox.exe instances, and I'm fatally looped on each try.
Not sure what is going on,
Not sure what is going on, honestly, as I have never seen this behavior. It might be the best to start over with a fresh new bundle and check whether the update to the next Tor Browser version behaves the same which might indicate that there is indeed a bug that is not detected yet.
The new update did block
The new update did block everything on my PC. I could not open Tor anymore. Something is wrong with this update. I had to delete it. After I took it of my PC everything worked fine again.
The Autoupdate functionality
The Autoupdate functionality is seriously borked. Even though it is supposed to be an option, I have just been downloading the TBB bundle and doing the old 'manual upgrade' route because of the horror stories I have read on the internet.
An auto-updating secure browser sounds good in theory but in practice, considering the number of locations where people might put it? It just does not work.
which one should we use ?
which one should we use ? Tor Browser 4.5-alpha or Tor Browser 4.0.2 ? i mean which on is more safe?
alpha means testing, i.e.
alpha means testing, i.e. not stable, likely to have more bugs.
So go with 4.0.2 unless you want to help test the next TBB.
Great update to the browser.
Great update to the browser. Wondering however why the TBB Bundle was live for hours before this blog entry appeared.
I don't know actually.
I don't know actually. Looking at my chat log there is just one hour delay between updating the website and getting the updater related pieces sorted out + getting this blog post live.
Here's to hoping for the
Here's to hoping for the best. Thanks for making the world a bit more private. Tired of living in fucking big brother without getting paid for it, atleast :)
Now, now, is that any way to
Now, now, is that any way to talk of our noble and benign corporate masters?
Not only do they provide sub-par service for bloated prices, not only do they snoop and spy on your every click and keystroke, but then they turn around and sell all that data to the highest bidder.
How could anyone not be grateful?
I downloaded TBB 4.0.2 from:
I downloaded TBB 4.0.2 from: https://decvnxytmk.oedi.net/download/download-easy.html.en. Next, I clicked on torbrowser-install-4.0.2_en-US.exe with Tor Browser 4.0.1 open on Win 8.1 desktop. I got a message that TBB 4.0.2 install would perform "update". Next got a message inside progress box: "Connecting to Update Server". I canceled the progress box, deleted 4.0.1 TBB and ran 4.0.2 install again and installation seems to have worked correctly. I did not note exact wording of "Update feature" so my comments are from my recollection. I could not find any Tor Browser documentation that ver 4.0.2 would perform an "update" rather than a full install and under what conditions and why would TBB install connect to "Update Server" if .exe file contains complete install. Please document this function so others will not be surprised.
The update is happening
The update is happening within Tor Browser. You don't have to download a brand new version. To trigger an update manually click on the "hambuger" button (menu button), then the question mark on the bottom and then "About Tor Browser".
Updated but not synced with
Updated but not synced with available Firefox ESR 31.3.0 functions
- "Page Info" (function)
"Security" info tab, "Media" info tab ("Feeds" info tab) still missing.
All the former and present Firefox ESR versions have these info tabs present (when relevant on webpages).
But Tor did just deleted it several browser versions ago.
Does security really matter or not (anymore)?
Why don't we get an satisfying answer to this or is this crucial info-functionality placed back the way it is in the Firefox ESR?
What is the (info & Security) deal here?
This is a bug which we need
This is a bug which we need to fix: https://bugs.torproject.org/13254. Help is wanted!
Thank you for answering,
Thank you for answering, but
This ticket, as already stated earlier by people, is not complete!
"Media" tab is another important tab that is missing (yes also important in security / privacy check matters) and the "Feeds" tab as well .
These tabs are also broken (deleted) since Torbrowser version 3.6.6., quite a while now.
So, 4 issues on 3 tabs ; "Media", "Feeds", "Security" .
Would it be possible to add this to this ticket or make a new one for Media and Feeds as well?
Thank you in advance GK
These tabs are part of the
These tabs are part of the pageinfo dialog and thus covered by the ticket, I think.
What about "View Cookies" on
What about "View Cookies" on that "Security" tab always showing an empty list? Is there supposed to be another place to check what cookies are set, or is this part of ticket #13254, or another bug altogether?
With the cumulative total of
With the cumulative total of time and effort put into managing firefox it seems that a small lightweight browser with basic capabilities (at first), would eventually allow for more effort to be direct toward the main goal...anonymity and security. Look at orweb, from my understanding there is only one developer with maybe a few volunteer bug hunters at the forefront. The TBB team with all of it's new experience could design an ugly but usable browser with security and anonymity in mind. Having to patch, rewrite, and audit code every single tedious time a new version of ESR arrives must fucking suck. It likely isn't fun and probably feels like a chore. It's sad that the talented dev's working on the TBB use precious time to work non such a monotonous task. For all we know, one or some could have solved a portion of the critical issues tor faces within that time. The tor button was a perfect example of this. Micromanagement leads to exhaustion and eventual loss of interest. As it is the TBB must be maintained but please consider slowly and very carefully building a barebones browser in parallel. Coded to be modular so that members from this expanding community could add the features they desire (initially features like flash, java, pdf, etc). Only audits would then occur on your end or the team itself could write un-convoluted airtight code. I believe experience in the cutting edge of security and anti-surveillance has granted some of the team this ability.
Cheers!
I'm using TAILS 1.2.1, which
I'm using TAILS 1.2.1, which comes with Tor Browser 4.0.2, right now. "Page Info" shows me three 'tabs': "General", "Permissions" and "Security". I vaguely remember a "Media" tab, now I see it mentioned, but neither that nor "Feeds" appears. I can confirm that the "Technical Details" heading at bottom of "Security" has nothing below.
What bothers me though is cookies. Tor Browser always claims none are stored and "View Cookies" always shows an empty list. I can't believe that there are always no cookies set, and I would really like to check them. It seems to have been the case certainly for TAILS 1.2, and maybe earlier.
Is there supposed to be another way to check cookies? Or, is cookie blindness part of ticket #13254?
The NSA will help..!
The NSA will help..!
Does this fix the
Does this fix the no-Javascript browser kill which has been scourging the wilds of .onion-land?
(Works on Linux; Javascript not required.)
What?! Please post more
What?! Please post more details, so some experts can analyze this. Even if this is bug was fixed, if there is something crashing the previous TBB on multiple onion sites it would be good to know what it is!
Important request at
Important request at torproject.org
Since Torbrowser is also part of Tails, Tails is part of torproject.org and there is no place to comment on Tails;
please, could someone from the Torproject please ask or tell the Tails developers to make their downloads available over httpS instead of http ?
I just can't believe that such an important (and big, thus long) download is offered over a plain insecure http connection.
(a download of 20/30/.. minutes makes at least 1 or 2 changes of exitnodes, so you cannot 'manage' your download by looking for a 'trustworthy' exitnode to download with because they're changing during the download anyway to another you don't know or maybe is less trustworthy in your opinion).
Wasn't there some recent news about adding malware to downloads on some exitnodes?
Isn't there a general global policy or idea about security within (https)torproject.org about security that all the people from different projects could, should follow ?
Would it be possible to offer all downloads (and all information) from torproject.org via https ?
Thank you very much in advance
The insecure Tails Link : http://dl.amnesia.boum.org/tails/stable/tails-i386-1.2.1/tails-i386-1.2…
As the Tails website itself
As the Tails website itself points out, HTTPS "still leaves open the possibility of a man-in-the-middle attack even when your browser is trusting an HTTPS connection."[0]
Don't trust the CA cartel. If you value security, you MUST verify[1] your Tails download with PGP! Do you check PGP signatures on your downloads from https://utuhewzcso.oedi.net/? If not, you are opening yourself to attack by anybody who can break into the server and/or coerce a CA to issue a fake certificate. Repeat, do NOT rely on HTTPS only to protect your downloads; this is horrible security posture.
Also, this information is totally incorrect: "a download of 20/30/.. minutes makes at least 1 or 2 changes of exitnodes," Read the Tor docs and src again. An unbroken connection does NOT hop between exit nodes (handoff of the circuit between middle nodes is long proposed, but would not affect exit nodes and is not implemented anyway). It is for this reason, connections to certain ports use nodes marked with the "Stable" flag.
Also, it is not correct that "Tails is part of torproject.org" as the poster asserts.
(As an aside, it may be a good idea to provide Tails downloads via HTTPS for reasons of defense in depth, and toward the greater good of encrypting the entire Web. However, this may also provide a false sense of security... as shown by the post to which this replies.)
I post this, to deter/debunk bad security advice and incorrect information. But it is off-topic; please do not continue here. The Tails release post itself says, "For support and feedback, visit the Support section on the Tails website."[2] If they wanted comments on Torblog, they would enable comments here (duh).
[0] https://tails.boum.org/doc/about/warning/index.en.html#man-in-the-middle
[1] https://tails.boum.org/download/index.en.html#index3h1
[2] https://vbdvexcmqi.oedi.net/blog/tails-121-out
Yes check the sigs, and
Yes check the sigs, and ensure you use the authentic signing key.
I agree, tails should have
I agree, tails should have an onion available so that all this MITM stuff isnt a threat. Tails should also not open up to tails website with javascript enabled (as it is by default) as a compromise of tails server with malicious js targeted for tails OS could compromise alot of users rather easily.
But then again tails devs have been warned for years now that non-persistent guard nodes is a very dangerous security issue, one that they refuse to address, at least for its persistence users.
1) this anonymous hacker
1) this anonymous hacker totally agrees with you that Tails' default download locations should be HTTPS.
2) I thought there was a ticket about this in the tails issue tracker, but I couldn't find it. I did find this, though: https://labs.riseup.net/code/issues/7161 :/ I do recall that the reason for not having HTTPS mirrors is that they want to use round-robin DNS to balance between mirrors and obviously that wouldn't work with TLS (distributing the private key to mirror operators would sort of defeat the purpose). Wrong decision, imho.
3) the tor project does maintain an HTTPS mirror of the tails website, including the latest ISO and signature, here: https://archive.torproject.org/amnesia.boum.org/tails/stable/
4) in their defense, tails does at least provide file hashes and GPG signatures over HTTPS, though this is difficult or impossible to use safely on a fresh windows system (downloading GPG4win over HTTP -> sad panda)
4) you're mistaken about exit nodes changing during a download. streams cannot migrate to a new circuit in tor's current design. So, any single HTTP(S) download will use the same exit for the duration.
5) choosing a "trustworthy" exit node is easier said than done. internet is a hostile place.
For what it's worth: Since
For what it's worth:
Since Tails isn't distributing the large iso-files themselves (maybe because that would be too expensive), HTTPS won't provide much if any security. The mirrors can be malicious either way. SHA256 or GPG must be used. That neither SHA256 or GPG is available on Windows by default is a recognized problem. The Tails developers are planning to implement or review a Firefox addon which can be used to check SHA256 sums (there is a ticket about it). This should work for users regardless of operating system, but isn't realized yet.
An https link for
An https link for downloading the Tails would be great.
Only Tails ! Tails is really
Only Tails !
Tails is really good . Tor works on Tails better and Faster .
Generally i think tor works on Linux smoothly
Great. I had problems with
Great.
I had problems with 4.0.1 and it kept crashing all the time which was annoying.
I hope 4.0.2 does not crash like the previous one.
I believe all the way up to
I believe all the way up to version 3.6 no problems had existed for connectivity to websites. Every release after that has been trouble.
Something must've been taken out of the code or weakened?
Can we please address this cloudfare issue??? Every other site flags Tor now? It is obvious that when you advertise the browser as Tor... it isn't a common browser name and it is known for obfuscating.
Why don't you spoof the name of the browser as well so it doesn't stick out when a website notices that it isn't a common browser so it blends in with the others?
Every one knows what Tor is suppose to be about. Instead of advertising it to all of the global adversaries can you look into more unique ways to hide the fingerprints? That is something that should've been taken care of long ago...Thanks
The TBB actually advertises
The TBB actually advertises itself to websites as a standard release of Firefox running on Windows 7 (regardless of the OS you're using). Cloudflare recently started detecting Tor exit nodes based on their IP addresses, something that's always been possible and that the TBB can't do anything to avoid. The only thing that's changed here is Cloudflare's policies.
On Windows 7 64 bit,
On Windows 7 64 bit, updating Tor Browser 4.0.1 to 4.0.2 using torbrowser-install-4.0.2_en-US.exe installer it seems that Torbutton is not updatetd to 1.7.0.2: both the "Add-ons Manager" and the "About Torbutton" still report version 1.7.0.1.
Also doing a "Check for updates" from the "Add-ons Manager" does not update Torbutton.
I had to use "Install Add-on From File" from the "Add-ons Manager" and select \Browser\TorBrowser\Data\Browser\profile.default\extensions\torbutton@torproject.org.xpi in order to properly update Torbutton to 1.7.0.2 version.
You don't need to update to
You don't need to update to a new version with a while new bundle. The update happens now within your browser (see my above answer on where to click). That said downloading a fresh 4.0.2 en-US Windows Tor Browser gives me a Torbutton 1.7.0.2.
I did not have much
I did not have much confidence in the proper functioning of the new update method... I'll try next time.
However in the Tor Browser
However in the Tor Browser 4.0 release announcement, mikeperry
wrote: "Please also be aware that the security of the updater depends on the specific CA that issued the decvnxytmk.oedi.net HTTPS certificate (Digicert), and so it still must be activated manually through the Help ("?") "about browser" menu option. Very soon, we will support both strong HTTPS site-specific certificate pinning (ticket #11955) and update package signatures (ticket #13379). Until then, we do not recommend using this updater if you need stronger security and normally verify GPG signatures."
So my uncertainty using the in-browser updater!
Please recommend some
Please recommend some *.onion websites.
I think this is considered
I think this is considered the starting point into .onion-land today,
(click Onion Directory for a somewhat complete list of .onions):
https://ahmia.fi/search/
Troll: Arma smacked you
Troll: Arma smacked you down on the last blog. Stay down.
The TBB 4.0.2 release I
The TBB 4.0.2 release I downloaded appears to be signed by Erinn Clark as previously, except I thought she no longer worked for the Tor Project.
Is this correct?
This is correct. We hoped to
This is correct. We hoped to get the new key up for this release already but that did not happen, alas. But I am confident we get the switch done by the next one. https://bugs.torproject.org/13407 is the bug for the issue for what it is worth.
Causing havoc with AVG.
Causing havoc with AVG.
Download doesn't complete
Download doesn't complete properly in OS X Yosemite (10.10.1). Firefox .part file loads to about 600KB and then no more downloading takes place.
Hmm... interesting. Does
Hmm... interesting. Does that happen with older versions too? See: https://archive.torproject.org/tor-package-archive/torbrowser/
When is Gettor going to be
When is Gettor going to be updated to TBB 4.02?
Есть ли
Есть ли какой-нибудь способ использовать meek-google в Tails OS?
When running the Tor
When running the Tor Installer for 4.0.2 on Windows 8.1 - as either an update to existing folder OR as a fresh install - all attempts to execute Tor Browser get the infamous "Couldn't load XPCOM".
Running Tor Installer for 4.0.0 is the only way I could get back.
Any thoughts on how to get 4.0.2 installed? Is there some shared component being saved to the file system outside of the target install folder?
This was a familiar error
This was a familiar error message. Which antivirus software was it that caused this now again? Anyway, disabling the antivirus software was enough to make Tor Browser work again, if it is the same problem.
I encounter the same error
I encounter the same error installing 4.0.2 under Windows 8.1, and I do not have any antivirus installed.
https://decvnxytmk.oedi.net/do
https://decvnxytmk.oedi.net/docs/faq#XPCOMError
This version, same as with
This version, same as with v4, graphics look unusual at the bottom of browser window, it doesn't refresh properly and keeps bits of previous windows, so looks like its going to crash (but doesn't). Shading for the tabs at top look weird too very blocky. Seems a bit better than previous version 4.0.
But worse with this version 4.0.2 is the fact the downloads view ctrl+J or from the menu, is now just still image, it doesn't update or show info until you refresh, ie just stays on minutes left, download speed, nothing is moving now, before on every version you would see the time changing and speed jumping about. Also if you add a shortcut for the download button to the window frame/toolbar it doesn't do anything. Doesn't show you the download section, minutes remaining nothing now.
Whats going on?
Download button on toolbar
Download button on toolbar now works properly and times and speeds move about after several closing and re-openings of tor. So thats good news.
The graphics still look weird though at the bottom with old graphics remaining on the lower prob 1cm of the window frame and the browser tabs having a bit of white to the left and right and a rectangle in the centre, so something possibly to do with shading, could this be some opengl graphics problem? Forgot to say before using win xp sp3.
Hi when I visit
Hi when I visit "https://plus.google.com/+youtube/posts/BUXfdWqu86Q" my TorBrowser freezes, my RAM fills completely and I have to kill the Browser.
Im running Debian stable 64Bit and testing 64Bit both Systems do have the same problem. (The Site opens perfectly well in Tails 1.2.1)
Works for me both with
Works for me both with 4.5-alpha-1 on a 32 bit Debian testing and with 4.0.2 on a 64bit Ubuntu Precise box. Not sure what is going on.
Why don't receive the
Why don't receive the Vidalia and expert bundles for Windows any updates any more? They are still at 0.2.4.23 which has been released months ago - stable is already at 0.2.5.10 and 0.2.4.23 is known to be buggy/slow with hidden services.
Vidalia is not maintained
Vidalia is not maintained anymore and the "expert bundles" can be found in the Tor Browser download directory nowadays: https://utuhewzcso.oedi.net/torbrowser/4.0.2/tor-win32-tor-0.2.5.10.zip and https://utuhewzcso.oedi.net/torbrowser/4.0.2/tor-win32-tor-0.2.5.10.zip…
I've downloaded TOR
I've downloaded TOR 0.2.5.10 and if I run tor.exe there is no output to the console.
How can I enable it again ?
Thanks.
There's a ticket for that
There's a ticket for that issue here: https://trac.torproject.org/projects/tor/ticket/13819.
Huge cpu load in windows7,
Huge cpu load in windows7, unusable.
what happened to the routing
what happened to the routing map on tor button?
It is available in the alpha
It is available in the alpha series and will be ready for the stable one in a couple of months.
The crashes are not fixed in
The crashes are not fixed in this 4.0.2 version. 4.0 was crashing from time to time, disabling direct draw slightly reduced crash rate. 4.0.1 was crashing so much that it was completely unusable. It crashed while displaying blank page. 4.0.2 also crashes for no apparent reason.
Please fix these crashes. It is most important to do than making more features. 4.0x series are unusable. 3.6x lineage that was rock stable. I dont want to return to 3.6 because of old Firefox security flaws susceptible to freedom hosting-style attacks.
Windows XP SP3, clean install, two different computers.
Sounds like you have some
Sounds like you have some AntiVirus/Firewall software interfering with Tor Browser. Contacting the vendor to get that fixed might be an option.
I have no realtime antivirus
I have no realtime antivirus or 3rd party firewall installed. ClamWin does not have real-time engine and using Windows XP built-in firewall. No other software can interfere with Tor Browser too. I suspect this is due to using different compiler than 3.6 series or Mozilla uses.
The error is
Faulting application firefox.exe, version 31.3.0.0, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.
Please fix this. Tor Browser crashes mostly at random and according to murphy law it crashes when most critical manipulations are done.
have there been any
have there been any additional changes since 4.0.1 not noted above, which impact the use of bridges other than obfs3? Asserting others in torrc seems to cause crashes on startup (and "missing profile" messages) whereas such problems did not occur for me in v4.0.1.
No. All the changes are
No. All the changes are mentioned in the above changelog.
I have Tor Browser 4.0.0
I have Tor Browser 4.0.0 running on Windows 8.1. When I download and run the full 4.0.2 installer, either a fresh install or an upgrade - I end up with a defective install. Running Tor gets "Couldn't load XPCOM". I can only recover the system by reinstalling 4.0.0.
i am also getting the same
i am also getting the same error msg not sure how to fix.
You might
You might like
https://decvnxytmk.oedi.net/docs/faq#XPCOMError
i am new to this Blog but
i am new to this Blog but looking at the about:config i saw something that was highlighted in bold that i never noticed before..under the JAVA category... " javascript.default_local ........ value = en-US
what is this ?
See the changelog above: we
See the changelog above: we spoof the locale for the JavaScript engine now. For instance trying to induce error messages while you are surfing makes them always en-US formatted now while that was not the case before. Bug 5926 has more information.
startpage starts to suck
startpage starts to suck massively!
----------------------------------------------------
As part of StartPage's ongoing mission to provide the best experience for our users, we occasionally need to confirm that you are a legitimate user. Completing the CAPTCHA below helps us reduce abuse and improve the quality of our services.
Thank you,
The StartPage Team
JavaScript appears to be disabled in your web browser. To complete the CAPTCHA, please enable JavaScript and reload the page.
Yep. Does for me too. Never
Yep.
Does for me too. Never has before.
Just select DuckDuckGo as
Just select DuckDuckGo as search engine in the drop-down box instead. They work flawlessly using Tor, and also provides high-quality search results.
I am using Windows 7
I am using Windows 7 64-bit.
I accepted the automatic update notification popup window, and it automatically updated Tor Browser from within Tor Browser. It appeared the update was successful, with no error messages.
Now, my desktop shortcut to start Tor Browser no longer works. When I went to the folder and clicked on the "Start Tor Browser" shortcut there, it still didn't work. Only when I went to the Firefox executable in the "updated" folder, did Tor Browser start.
Automatic updates shouldn't change how the program starts up.
Anyone got a clue?
Works for me. Do you have
Works for me. Do you have steps to reproduce your problem?
As I described, I simply
As I described, I simply said yes to the update, it did the update, reporting no errors, and it has broken the shortcuts, including its own. Vidalia also stopped working.
I tried to tweak the settings today, but have resorted to a clean install, just as I have always had to do in the past. So the automatic update feature appears to be buggy for me.
Vidalia is not being shipped
Vidalia is not being shipped anymore in Tor Browser. It has been gone long ago. Thus, not sure what kind of bundle you have been running at all.
When I originally tried to
When I originally tried to download Tor browser 4.0.2 from this website, my antivirus software, Trend Micro, said, "This file is not commonly downloaded and could harm your computer".
My antivirus software also said that this file "Does not have a valid signature".
My antivirus software attempted to block me from downloading Tor browser 4.0.2.
Also when I try to connect to the public Tor relay's two message's come up saying, "Unable to connect to Tor" and, "You do not have permission to use Tor".
I downloaded Tor browser 4.0.2 from this website, over the default https connection.
So my point is,
My antivirus software is falsely detecting that Tor browser 4.0.2 is a virus,
and,
I think that my ISP is blocking me connection's to the public Tor relay's.
I live in Australia and Tor is legal to use here, my ISP shouldn't be blocking me connection's to the public Tor relay's.
I have used Tor for years and have never had this bizarre problem.
So how can I get to use Tor bridge's to circumnavigate this blocking to the public Tor relay's?
The "You do not have
The "You do not have permission to use Tor" line sounds like some other application or part of your operating system -- it's not a message that Tor Browser would give you.
So I think it is still something wrong on your system, not censorship that your ISP is doing to you.
Any reason why in 3.6 if you
Any reason why in 3.6 if you closed an open tab a new tab opened. In 4.2 if you close an open tab the whole program shuts down. Anything different in settings that can fix that?
Thanks
This page now comes up when
This page now comes up when I try to do a StartPage search. This has never been the case before this update:
"As part of StartPage's ongoing mission to provide the best experience for our users, we occasionally need to confirm that you are a legitimate user. Completing the CAPTCHA below helps us reduce abuse and improve the quality of our services.
Thank you,
The StartPage Team
JavaScript appears to be disabled in your web browser. To complete the CAPTCHA, please enable JavaScript and reload the page."
Why is StartPage now requiring me to enable javascript in Tor Browser to do a search? I thought they were all about privacy?
Duckduckgo as a seach
Duckduckgo as a seach engine, also has an onion site: it apparently is more highly dedicated to privacy than other search engines like StartPage
Startpage/Ixquick has been
Startpage/Ixquick has been around for a long time and doing a great job protecting its users from tracking. There was a similar issue a while ago when TBB first defaulted to using them as the default search engine but they worked with Tor project reps to resolve it. Maybe they are getting a larger volume of traffic from the top exit nodes than they planned on and haven't adjusted their filter to keep up.
Because StartPage feeds off
Because StartPage feeds off it's users like a google leech. It's all about data mining with false promises of privacy hopes & dreams.
Let's see StartPage staff challenge me on this.
http://ip-check.info no
http://ip-check.info no longer works.
I put a shortcut to ipcheck.info in my bookmarks tool bar, and when I click on it it just spins and spins, and nothing happens. Then, if I click on the shortcut again, the opening window comes up. This behavior makes no sense.
Then, when I click on "Start Test!", is does absolutely nothing.
This is new behavior that only began on the 4.0.1 update, and continues in 4.0.2
ip-check.info works correctly in Firefox.
Works for me with a fresh
Works for me with a fresh 4.0.2 on a 64bit Ubuntu Precise.
"ip-check.info"? Last I
"ip-check.info"?
Last I checked, site was a plain, unencrypted, unauthenticated http; not httpS SSL/TLS.
That means when you visit the site, you are at the mercy of your exit node, which can tamper with and manipulate the content.
And yet people continue to take this "ip-check.info" seriously?
Am I missing something here?
why is mixed content (https
why is mixed content (https + http) allowed by default?
This is significantly less secure and isn't firefox's default with the used browser version for active content. So why go out of your way to reduce the security of tor?
Have a close read of
Have a close read of https://trac.torproject.org/projects/tor/ticket/8774. There you'll find the reasoning behind this decision.
- Mixed content I Agree, but
- Mixed content
I Agree, but it is Firefox default to allow this while it should not.
You can toggle this off in the about:config preference
security.mixed_content.block_display_content
By clicking on it from "false" to "true" you won't have the mixing http content anymore.
Meaning less images on the mixed content sites (you can't have everything )
- Simple Toggle button?
To me it would be ideal if there was a toggle button for that preference in (Tor)browsers, or NoScript, Torbutton or other addons like an Adblocker addon (such a pity that I can't make addons).
If people could and would not accept the mixed content 'thing' anymore when a browser offered them to do so, then maybe websites would change their bad security habits and users would be more secure.
- About security, SSLStrip MITM Attack
By the way, would an sslstrip attack work on an exitnode in mixed content cases?
And if so, could it be recognised by the user the same way; in the url bar by showing only a http connection instead of an https connection? (assumed you were planning to visit a https website and very sure expecting to have a https connection?).
But people usually maybe won't notice the difference missing visual security indicators that easy (even in case of possible visible social engineering like a moving extra generated fake lock-icon to the tab-icon space. "Look I see a lock-icon so I guess it's 'safe'!" ?).
In those cases it would be nice if people could consider in advance to switch off the mixed content (about:config preference) function and switch it on again when they think they need it.
Like using NoScript in strong security modus, only activating javascripts when you really really need them (the ' Very-"High"-custom Torbutton modus ' in Torbrowser 4.5 alpha).
- Change it yourself?
Anyway, so people who are concerned about security can manage this setting themselves in the about:config.
And if enough people are concerned about this and change this setting in 'refusing standard', you also won't be that more unique anymore.
Harrumph! The issue on my
Harrumph!
The issue on my XP not being allowed to designate an alternate download file has now been fixed. Well done. Imho it was always redundant anyway. Thank y'all very much!
For all XP sp3 32 bit users who haven't heard the good news.
DOS updates are available through to April 2019. Google "extend XP updates" for details. I've been using it successfully since June 2014. No issues at all. Regrettably, this don't apply to the 64 bit architecture.
Now all you bustards at Tor - GO HOME! You've done enough this year! It's the holiday season an' you should be kicking back in the sunshine.
Oooops, I forgot! You're going to be shoveling snow out of driveways instead. LOL
Actually, anybody who's
Actually, anybody who's anybody is descending on Hamburg this year for CCC.
See you there!
Detected viirus (AVG 2015)
Detected viirus (AVG 2015) and malware (Malwarebytes) either on Alpha 4.01 & 02
On my Windows 7
On my Windows 7 Enterprise-System Tor Browser 3.6.5 runs perfectly. Tor Browser 4.02 and Firefox run (as I can see in the Task Manager) but I can't work with it, because no windows appears.
GData blocks 4.0.2 due to
GData blocks 4.0.2 due to suspicious code. 4.0.1 is fine however.
Same for the Alpha
Sounds like another case
Sounds like another case of
https://decvnxytmk.oedi.net/docs/faq#VirusFalsePositives
?
With this newest version I
With this newest version I am unable to login to two separate TOR email services. With javascript disabled it worked fine on earlier versions.
http://mailtoralnhyol5v.onion capture not recognized
http://mail2tor2zyjdctd.onion passwords not accepted
Anyone else getting this?
For all XP sp3 32 AND 64 bit
For all XP sp3 32 AND 64 bit users who haven't heard the good news.
DOS updates are available through to April 2019. Google "extend XP updates" for details. I've been using it successfully since June 2014. No issues at all.
You would need to hunt around a bit on these sites to find the 64 bit tweak. Check the original blog for a link. It's there, I've seen it.
Great! Now, if only I could
Great!
Now, if only I could find a way to get updates for my beloved Commodore 64...
The most recent iteration of
The most recent iteration of FF takes around 15 seconds to load onto my screen.
TBB 4.0.2 takes around 10 seconds longer.
TBB is no longer the clunky and slow app which it was 8 or so years ago.
So why would I still need FF as a poor substitute for IE8? To my tiny mind FF has just too many tracking and monitoring devices for my "overhead" costs.
Just remember to keep a fresh copy of Favourites/Bookmarks handy for importing into the latest TBB version and you're done.
I get lots of random crashes
I get lots of random crashes since 4.0.1 on XP. Seems Firefox sucks more and more, maybe get rid of it and use a better browser?
No worries at all with the Expert Bundle. Tor+Privoxy FTW! :-)
The new version of TOR
The new version of TOR browser is nearly unusable on my XP SP3 installation, so I've been forced to revert to 3.6.6. The tab bar colors are all messed up, and mouse wheel scrolling isn't working at all, on any pages or menus. Also, I can't even see the about:config menu, because it's been changed to use fixed colors instead of the OS colors, which don't play nice with the dark windows theme I'm using.
I attribute most of these problems to the shitty Australis UI, and they aren't fixed even after installing CTR, so I give up. I've spent too much time trying to fix it already. Can the TOR project please consider an alternative browser base like Pale Moon? I won't be updating as long as Mozilla is bent on pushing such a buggy, crippled UI.
according to
according to http://ip-check.info/?lang=en dom.storage.enabled is enabled and this is a problem. the site recommend it to change to false.
is it a wrong setting of 4.0.2? will you fix it in the next update? ty
Can somebody from Tor-Team
Can somebody from Tor-Team check this? Looks like a serious problem! Thanks.
Wouldn't it be better to
Wouldn't it be better to just add an http-proxy interface to the Tor client? Maybe with simple header rewriting to unify the user-agent and such. Should be easy enough to do, right? Any browser could be used then without worrying about DNS-leaks from socks. Bundling such a monster browser as Firefox is hard enough, let alone making it secure. It's not a big step from a crash to an exploit and we have seen how users were deanonymized on Freedom Hosting. It's no good when everyone is using the same browser. Some diversity would protect us better from attacks.
The fixes in Tor Browser go
The fixes in Tor Browser go way beyond dns leaks. See
https://decvnxytmk.oedi.net/projects/torbrowser/design/
That's surely great, but
That's surely great, but what does it help when Firefox crashes all the time? A better browser with a lean and safe code base is needed here, not a mainstream jack of all trades browser that is not built with anonymity and security in mind from the start.
Don't get me wrong, Tor developers do a great job in getting this monster secure, but Tor would benefit a lot more if they didn't have to fight with the browser so much and could concentrate on the core more. Maybe Firefox developers want to work together with Tor and not just pump out new features? Maybe fork and gut it out? I know there's not really another browser that would be suitable.
Ok, there is still Tails of course. Brings its own OS with the browser.
Complexity is the enemy of
Complexity is the enemy of security. Bundling a whole browser must be a nightmare already as it is.
obfsproxy.exe and
obfsproxy.exe and fteproxy.exe unable to run on windows 8.1 x64:
fteproxy.exe :
Traceback (most recent call last):
File "fteproxy", line 14, in
File "fteproxy\__init__.pyc", line 13, in
File "fteproxy\record_layer.pyc", line 6, in
File "fte\encoder.pyc", line 11, in
File "fte\dfa.pyc", line 6, in
File "fte\cDFA.pyc", line 12, in
File "fte\cDFA.pyc", line 10, in __load
ImportError: DLL load failed: The specified module could not be found.
obfsproxy.exe:
Traceback (most recent call last):
File "obfsproxy", line 15, in
File "obfsproxy\pyobfsproxy.pyc", line 12, in
File "obfsproxy\network\launch_transport.pyc", line 2, in
File "obfsproxy\transports\transports.pyc", line 6, in
File "obfsproxy\transports\scramblesuit\scramblesuit.pyc", line 20, in
File "obfsproxy\transports\scramblesuit\mycrypto.pyc", line 9, in
File "Crypto\Hash\HMAC.pyc", line 66, in
File "Crypto\Util\strxor.pyc", line 12, in
File "Crypto\Util\strxor.pyc", line 10, in __load
ImportError: DLL load failed: Invalid access to memory location.
When I right click a link
When I right click a link that has a binary file (e.g., PDF file) and select the "Save Link As" option, sometimes I get a "Download External File Type" dialog, and other times this dialog is being bypassed and I just get a file name and directory selection "Save As" dialog. How do I force always getting the Download External File Type dialog, for any file type?
The link and information on
The link and information on the download page, supposedly requesting Tor Version 4.0.2, leads nowhere. In https://utuhewzcso.oedi.net/torbrowser version 4.0.3 is available.