Tor Browser 4.0.4 is released

by mikeperry | February 26, 2015

A new release for the stable Tor Browser is available from the Tor Browser Project page and also from our distribution directory.

Note: The individual bundles of the stable series are signed by one of the subkeys of the Tor Browser Developers signing key from now on, too. You can find its fingerprint on the Signing Keys page. It is:

pub 4096R/0x4E2C6E8793298290 2014-12-15
Key fingerprint = EF6E 286D DA85 EA2A 4BA7
DE68 4E2C 6E87 9329 8290

Tor Browser 4.0.4 is based on Firefox ESR 31.5.0, which features important security updates to Firefox. Additionally, it contains updates to NoScript, HTTPS-Everywhere, and OpenSSL (none of the OpenSSL advisories since OpenSSL 1.0.1i have affected Tor, but we decided to update to the latest 1.0.1 release anyway).

Here is the changelog since 4.0.3:

  • All Platforms
    • Update Firefox to 31.5.0esr
    • Update OpenSSL to 1.0.1l
    • Update NoScript to 2.6.9.15
    • Update HTTPS-Everywhere to 4.0.3
    • Bug 14203: Prevent meek from displaying an extra update notification
    • Bug 14849: Remove new NoScript menu option to make permissions permanent
    • Bug 14851: Set NoScript pref to disable permanent permissions

Comments

Please note that the comment area below has been archived.

February 25, 2015

Permalink

AVG just flagged 4.0.4 as an unknown threat, and killed the exe file. I have had no issues with TOR until the newest update. Is anyone else having that issue?

same problem ... disabled AVG ... installed 4.0.4 ... scanned TOR directory with MS Security Essentials ... found no issue ... reactivated AVG ... scanned TOR directory with AVG ...no issues. TOR works fine so far.

only when I attempted to connect to the tor network. :P
I also noticed when you try and set ExitNodes {AU} It no longer works. (causes tor to crash and can't open) Had to re-install tor >_> Anyone who is having that problem let me know :P

Have you found a solution for this? I used to change the ExitNodes in torrc with the previous versions, but can't find a way to access the geo blocked content with the 4.0.4 version.

February 25, 2015

Permalink

Thanks for another great release! The team has been doing an excellent job of closing the gap between TBB updates and Firefox updates.

February 25, 2015

Permalink

Hi,

I can't find the public key corresponding to the .asc files given for the english linux64 TOR browser packages here: https://decvnxytmk.oedi.net/projects/torbrowser.html.en#downloads

I get the following:
$ gpg tor-browser-linux64-4.0.4_en-US.tar.xz.asc
gpg: Signature made Wed 25 Feb 2015 07:55:16 GMT using RSA key ID F65C2036
gpg: Can't check signature: public key not found

And F65C2036 also does not seem to be listed here:
https://decvnxytmk.oedi.net/docs/signing-keys.html.en

Key retrieval also fails:
$ gpg --keyserver keys.gnupg.net --recv F65C2036
gpg: requesting key F65C2036 from hkp server keys.gnupg.net
gpgkeys: key F65C2036 can't be retrieved
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

All my previous TOR downloads used to be signed with key RSA key ID 63FEE659 by Erinn Clark.

For the benefit of Tor users, could Tor developers confirm whether pool.sks-keyservers.net is reliable, meaning, it doesn't host fake and modified keys uploaded by the NSA, GCHQ or other government surveillance agencies.

AFAIK any modification of a key results in a change of its fingerprint and a key server can't change anything about it, thus presence of modified keys on the key server is irrelevant (until GPG itself is definitely broken).

look at the very bottom of https://decvnxytmk.oedi.net/docs/signing-keys.html.en, sub #2:

  1. pub 4096R/0x4E2C6E8793298290 2014-12-15<br />
  2. Key fingerprint = EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290<br />
  3. uid Tor Browser Developers (signing key) <<a href="mailto:torbrowser@torproject.org" rel="nofollow">torbrowser@torproject.org</a>><br />
  4. sub 4096R/0x2E1AC68ED40814E0 2014-12-15<br />
  5. sub 4096R/0x7017ADCE<strong>F65C2036</strong> 2014-12-15<br />
  6. sub 4096R/0x2D000988589839A3 2014-12-15

Thanks to all who replied. I managed to get the key in the end using:
gpg --keyserver x-hkp://pool.sks-keyservers.net --recv-keys 0x4E2C6E8793298290

In case other people get this error:
gpg: requesting key 93298290 from hkp server pool.sks-keyservers.net
gpgkeys: key 4E2C6E8793298290 can't be retrieved
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

Check first that you do not have any special proxy setup like me. ;)
I could never import the key from a terminal and then tried via the KGpg GUI and it worked. It turns out I forgot to unset the http_proxy/https_proxy variables in bash after a recent setup change.

Quote: All my previous TOR downloads used to be signed with key RSA key ID 63FEE659 by Erinn Clark.

I'm wondering about it too.

Has Erinn Clark crossed over to the Dark Side to work for the NSA? I was told that NSA pays about US$70,000 to US$100,000 per MONTH for top talents.

Well, I am no GPG expert, but it seems that Erinn Clark signed the new key 0x4E2C6E8793298290 with her old one 63FEE659:

$ gpg --list-sigs 0x4E2C6E8793298290
pub 4096R/93298290 2014-12-15
uid Tor Browser Developers (signing key)
sig 63FEE659 2015-01-13 Erinn Clark
sig 4B7C3223 2014-12-15 [User ID not found]
sig 3 93298290 2014-12-15 Tor Browser Developers (signing key)
sub 4096R/F65C2036 2014-12-15
sig 93298290 2014-12-15 Tor Browser Developers (signing key)
sub 4096R/D40814E0 2014-12-15
sig 93298290 2014-12-15 Tor Browser Developers (signing key)
sub 4096R/589839A3 2014-12-15
sig 93298290 2014-12-15 Tor Browser Developers (signing key)

Also, for those worried about the validity of pool.sks-keyservers.net, hkp://keys.gnupg.net also works to get the key.
But from what I know about public keyservers, that's just because they all exchange keys together. And anyone can submit keys there anyway.

I guess the best would be to meet the developers and do some keysigning...

Anyway, the new TOR browser 4.0.4 works as expected for me.

Yes! Same problem here. This is just not how it's supposed to go. I also expected this to be signed by Erinn Clark with one of the following key IDs:

91FCD12F
63FEE659

I see a post here that tries to explain this:
https://vbdvexcmqi.oedi.net/blog/tor-browser-404-released

I would like for this message/blog post to be signed by Erinn Clark's key but what I do find instead is mostly ok.

Go to the pgp.mit.edu server and enter the ID specified on that page (0x4E2C6E8793298290) You will see a key associated with Tor Browser Developers (signing key) and you will see that it is signed by 63FEE659 a.k.a. erinn@debian.org.

So I trust this new file and will use it.

February 26, 2015

In reply to gk

Permalink

Met too.

February 25, 2015

Permalink

While I was using Tor Browser 4.0.4, I visited an HTTP website.
Within a few seconds of me visiting the HTTP website, I saw words and images on the website being removed and changed. While I was on the HTTP website, I got a message saying, "Hello Tor user, Tor stinks and is not anonymous anymore".
When I left the HTTP website, everything went back to normal, and I haven't visited a website that doesn't use HTTPS/SSL since.
Was someone conducting a Man In The Middle Attack on me while I was visiting that HTTP website?

February 25, 2015

Permalink

My Mac version has modified date of 1999 and create date of 2000 -- it's also about 24k smaller. ??? What's this about ???

February 25, 2015

Permalink

Getting AVG unknown threat for versions 4.0.4 and 4.5a4

Previous versions were ok

AVG version is 2015.0.5645

Virus database version is 4299/9181

Running win 7 ultimate 64bit

February 25, 2015

Permalink

How to verify the Tor Browser after updating from Tor Browser itself, as I am very worried about anything without verification.

That is tricky. Your best bet is to not use the built-in updater until the 4.5 alpha series is the new stable one. There the update files are signed by one of the Tor Browser developers and the Tor Browser is refusing any unsigned/wrongly signed updates.

February 26, 2015

In reply to gk

Permalink

Sorry I have updated TBB from 4.03 to 4.04 using built-in, why they allow us to update without secure?

We believe it is secure enough to allow updates via the in-browser updater. If you think your update files should be signed please try the current alpha series where this feature already landed.

February 28, 2015

In reply to gk

Permalink

Got really insecure when that auto-updater first
came up and told that 4.0.4 was out.

that's kinda risky since people can't check the
original keys and compare them before installation.

however, could you guys please name the releases
more specific just as in the blog? to be able to see
when it's an alpha/stable version in to see in the update
manager and not just the number of version, like this time (4.0.4).

the less information aviable, the more people will get insecure.
will there be any keys aviable in the next versions of update-manager?

The alpha has an "a" in its version scheme, like "4.5a4". So, you can differentiate between both series pretty easily. That said, yes, the current alpha is supposed to be the next stable in 6 weeks and will have the singed MAR files feature implemented.

February 26, 2015

In reply to gk

Permalink

Does that mean Tor Browser internal updater doesn't verify the new files for updating? Can I have manually verifiation?

There is no verification (like checking a GPG signature) in the current stable series available: We just pin the cert that governs the download of the metadata and then check whether the SHA512 sum of the downloaded MAR file matches.

Yes, you can manually verify that. Check the MAR file of your OS/locale combination in the sha256sums file you can find in https://utuhewzcso.oedi.net/torbrowser/4.0.4/ according to the advanced part of our verification documentation: https://decvnxytmk.oedi.net/docs/verifying-signatures.html.en. Then install that MAR file manually following the Mozilla documentation: https://wiki.mozilla.org/Software_Update:Manually_Installing_a_MAR_file

February 27, 2015

In reply to gk

Permalink

No one can find 2 different files with same SHA512 sum, so why it isn't secure enough, cert? If that should I enable update automatically in Tor browser add-ons manager?

For Windows, download and extract the Tor Browser exe file, use WinMerge to compare this folder with your older browser folder, all files should be identical with the older browser having extra files due to being used.

February 25, 2015

Permalink

How do I force the browser to use US IP addresses only? I did it in the previous version, but now it's not working. Any help would be great! Thank you.

February 25, 2015

Permalink

With all due respect, the new "Forbid making permissions permanent in NoScript" has broken the "Allow Javascript on this site!" functionality. There are some websites that people like myself would like to allow scripts for permanently because they are trusted websites.

Is there anyway to turn off this regression (in my mind)?

February 26, 2015

Permalink

I have downloaded tor-browser-linux64-4.0.4_en-US.tar.xz. I have also read the page on who signs what packages. There seem to be a couple of anomalies. The primary key fingerprint suggests that there is no problem. The subkey fingerprint doesn't appear to match anything on the page about who signs what. Additionally the date on which the signature was made shows as 25 Feb, not a date in January as appears in the blog. Have I misunderstood something? Is the date of creation of the signature the date on which the package was signed (in which case 25 Feb sounds right) or is it meant to be the date on which the Fingerprint was created, in which something doesn't match.

More generally, I'd appreciate knowing whether it is possible (i.e., I'm not asking whether it is the case here) that a primary key fingerprint could be non-fraudlent at the same time as a subkey fingerprint was wrong? I guess I don't understand how primary key and sub-key relate to one another.

The output from gpg for the verification check is ...

Veryifying the file tor-browser-linux64-4.0.4_en-US.tar.xz
... using signature file tor-browser-linux64-4.0.4_en-US.tar.xz.asc
gpg: Signature made Wed 25 Feb 2015 18:55:16 AEDT
gpg: using RSA key 7017ADCEF65C2036
gpg: Good signature from "Tor Browser Developers (signing key) "
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
Subkey fingerprint: 5242 013F 02AF C851 B1C7 36B8 7017 ADCE F65C 2036

February 26, 2015

Permalink

I don't really mean to be pedantic, but being a newcomer to TOR I want to make sure that everything is as it should be.

I followed your instructions on verifying the signatures (https://decvnxytmk.oedi.net/docs/verifying-signatures.html.en
but got a few variations to what you say.

You say:
gpg: Signature made Tue 24 Jan 2015 09:29:09 AM CET using RSA key ID D40814E0
I got
gpg: Signature made 02/25/15 07:55:56 GMT Standard Time using RSA key ID F65C203
I understand that the date and time will be the time I make my enquiry (will they?), and I assume there is no problem here (is there?) BUT the RSA key ID is different from what you say.

Also, you say:
Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
I got
Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
Subkey fingerprint: 5242 013F 02AF C851 B1C7 36B8 7017 ADCE F65C 2036

I take it that this is OK as well and there is no problem getting a 'subkey fingerprint' as well but I would just like to make sure.

Thanks for your clarification.

February 26, 2015

Permalink

Yeah I'm also having that problem with exitnodes... When I edit the torrc file.
ExitNodes {AU}

It just causes tor to crash on the tor startup... Had to delete then re-install ._.

February 26, 2015

Permalink

I log-in my google plus page normally by using Tor Browser. However,I cannot use hangouts in google plus ,it says "please sign in to chat with your friends",and I tried so many times to sign in, but still failed yet. Why?

February 26, 2015

Permalink

Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
Yup fine

but...

Subkey fingerprint: 5242 013F 02AF C851 B1C7 36B8 7017 ADCE F65C 2036

Is this the correct subkey fingerprint? Why not just also list the subkeys here and make it simple?

Verifying the top-level key automatically verifies the subkeys because the sub-key IDs are in the top-level key. It's way easier to verify 1 key regardless of OS is way simpler than people trying to find the correct one.

The problem is, that on the blog was mentioned one particular subkey that wasn't actually used. The release is signed with other (AFAIK) valid, but nowhere published subkey - that's confusing for users - for example using Kleopatra graphical interface for verification gives a result like the subkey was entirely invalid (because the main key doesn't contain it). The used subkey should be at least uploaded to a key server.

February 26, 2015

Permalink

WARNING !!!!!!!!!!!!
Possible backdor in Windows 10. After installing Tor, I recognise severeal unauthorised comunications of windows application via unknow servers. One came from Windows email client, and another one was comming from some windows update application. Anti-Virus software recognised also one trojan and one virus app which were installed when I was not in front of PC.
Before Tor installing everything was perfectly fine. I don't download any files after tor instalation and I use tor only in couple of standard sites.
I'm not expert but I suspect that Tor activity is strictly monitored and agencies have backdors is MS systems...
Sorry for my English...

February 27, 2015

In reply to by Anonymous (not verified)

Permalink

Go to https://tails.boum.org/ and download and use Tails. Tails is based on Debian, a Linux distribution. You won't have to worry about backdoors in MS systems 'cause Tails does not use Microsoft.

February 27, 2015

In reply to by Anonymous (not verified)

Permalink

WARNING !!!!!!!!!!!!
Possible bullshit alert!

because censoring the tor project blog would be the most ridiculously hypocritical thing i could think of. Also, shockingly, a lot of vulnerabilities are found by end users, if this turned out to be right you wouldn't be so judgmental

March 02, 2015

In reply to by Anonymous (not verified)

Permalink

Try to not use Windows directly connected to the Internet. It is a private closed source commercial OS controlled by company close to infamous agencies. In extremal situation it is better to install VirtualBox and use Tails.

February 26, 2015

Permalink

I have problem:

Error: platform version 31.5.0 is not compatible with
minVersion >=31.4.0
maxVersion<=31.4.0

What does it mean and how can i fix it?

Interesting. Could you give us some details hoe you get to this error? Like th operating system you are using which previous Tor Browser version etc. in order to get that reproduced?

Well, for some reason you can't use the built-in updater to get an up-to-date Tor Browser. It seems you have to get a new one via https://decvnxytmk.oedi.net/download/download-easy.html.en

February 26, 2015

Permalink

hi is chat step safe with tor?i tried chat step with tor but i cannot join or create a room bcz the buttons are unresponsive.

also i get a untrustworthy site message .

February 28, 2015

Permalink

I had a few problems on the alpha releases, not the last one though.
there was several sites that i couldn't visit, videos was blocked on
every site. and videos on youtube for example was slow as hell,
stoped and started every 3 second, damn annoying.

however are now able to visit these sites again, are also able to
watch videos on other sites. if there is anything to point finger at
it is the loading of videos, doesn't matter if you wait or not since
the videos doesn't seem to load at all, they are stuck at the same
time lap as when you paused the video, so when you start running
it again it continue to stop, load, stop, load. this is not the case
everytime. if you find a good connection that allows videos to play
like the should, it's ok for a while, but after some time the connection
is interrupting it again.

so my only problem now seem to be videos. but that seem to be
the only case, everything else seem to work proparly and good.
so thank you guys for a great job!

keep it up!

February 28, 2015

Permalink

Instead of this mess about verifying keys (how many people around the world can meet physically the Tor staff members ?)

WHY don't you simply give us a MD5 hash from each original file (not possibly modified by bad guys) ????

So it would be easy to know if we have DL the original file or not...

February 28, 2015

Permalink

When collecting information on Tor Browser usage, how do you determine if a standalone Tor Browser is used or a Tor Browser included with Tails is used?

February 28, 2015

Permalink

The key for Tor Browser Developers (signing key) could use some more signatures from Tor project people. That way, those of us who have met in person and confirmed keys can have slightly enhanced assurance levels, intead of entirely chaining through their signatures on Erinn's key.

March 01, 2015

Permalink

Off Topic re Facebook's onion access 'portal'. Why is it that if you set up a profile through this portal and enter NO identifying information especially geo-location Facebook will ask you for the 'city in which you live'; one of these options WILL be your city and the other two two will be in close proximity (to where the first 'hop' on your ISP routing resides). Are Facebook using JavaScript or some other technique to uncover IP addresses. Have a creepy feeling that this Facebook onion portal is not as 'anonymous' as we are led to believe.

March 01, 2015

Permalink

Incidentally, the Facebook onion 'portal' is complete and utter crap; it does nothing but constantly re-load the page; ah well, back to non-Tor access to Facebook... ;)

March 01, 2015

Permalink

My 'anonymous' onion Facebook is now asking where I work; one of the option is a specific place just a few hundred metres away. How does Facebook manage this tracking stuff? Anyone know?

March 01, 2015

Permalink

So it verified that this new version of TOR has been hacked and hijacked by big brother. I'm switching over to Freenet and I2p.
Last best version of Tor was 4.0.3.

Similar to what happened with Truecrypt 7.1a
Sad.

March 01, 2015

Permalink

Why would I be seeing [ .../dev/?_escaped_fragment_=... ] on some http and onion sites? Could it be something I changed in NoScript? I'm not a developer and from my extremely limited understanding it has something to do with crawling.

March 01, 2015

Permalink

I've been having an issue with 4.0.3, and now it's continued with the new release as well; It's not an issue with the build, but trouble I'm experiencing on my end.
Everything runs as expected the 1st time during installation; However when I close TBB and attempt to re-start it later, I'm unable to connect and receive an (win64) error message that includes:

Problem Event Name: APPCRASH

Fault Module Name: d2d1.dll

This started after I was having memory (leak?) issues and I tried to see if it could be resolved in about:memory, but I ended up screwing something up which started the issue with 'd2d1.dll'. I'm not sure why it would affect that specific .dll in the system folder, but I'm an idiot so I donno.

If d2d1.dll is corrupted, could I replace it and expect everything to work fine again?
And if so, could you recommend a reputable resource, as I never made a back-up disc or set a restore point.

Any help would be greatly appreciated...

So, this happens with a clean, new Tor Browser? Are "gfx.direct2d.disabled" and "layers.acceleration.disabled" set to "true"? (You can see this in the about:config)

March 27, 2015

In reply to gk

Permalink

I'm so sorry for not responding sooner, gk. I swear I checked every few minutes for days but didn't see my comment posted and grew increasingly frustrated since I had to repeatedly re-install Tor Browser. I gave up hope and have been begrudgingly re-installing TBB every other day :) .
I was searching the tubes through ddg and was surprised to find someone had the same problem. After clicking the link I wound up right back where I started a month ago. lol. I just saw your comment so I'm going to take your advice and report back.

Thanks again. Fingers Crossed!

March 27, 2015

In reply to gk

Permalink

Thank You Jeebus!!!

gk, You are the Best! It worked perfectly!

"gfx.direct2d.disabled" and "Layers.acceleration.disabled" were both set to "false." They were in bold in about:config, so I don't know how or when the change occurred, but yeah these were after clean installs. after installing, everything worked as expected when prompted to 'run tor browser', but after closing and re-starting Tor Browser, tor.exe wouldn't connect.

I'm curious as to what could have caused the modification to these specific application settings, since it's nearly identical to my firefox configuration?

anyway,

I just wanted to thank you again, gk. I feel guilty about bugging you guys with something every release, but you and arma always help out with any issues I have.

Thank You!!!

March 02, 2015

Permalink

I have an impossible to update for "unknown reason". Where can I check for a log file to understand what went wrong? Thanks.

March 05, 2015

In reply to gk

Permalink

Thank You! I solved the problem by restarting Win. Simply quitting and restarting Tor didn't work; restarting Win worked and Tor automatically updated at first launch.

March 02, 2015

Permalink

Is it possible to connect to my private web server https://nnn..nn.onion:mm/ which have certificate (v1) issued by my family's private ca?
First try was unsuccessful as tor browser refuses to accept ca certificate(v1). Any hope to return this beast to my control?

March 03, 2015

Permalink

If we decided to use Bitcoin through tor, which one is safer (provided we use TAILS): blockchain or electrum?

Electrum is not optimal because you could be connecting to the tor network through a malicious exit node. You can use an .onion electrum server in order to prevent this from happening but most of these do not work and it is not clear whether if you find one that works it could be malicious itself. Bear in mind that, unless you use the -1 option through the command line interface, it will connect to other clearnet servers other than the specified .onion address and it is very difficult to be able to connect through any onion server when you use this -1 option. Moreover, with its default configuration, electrum not only connects to clearnet servers but it may also connect to servers that do not use SSL/TLS. In short, the main drawback is that electrum might be vulnerable to the kind of attack described in Ivan Pustogarov's paper.

Blockchain.info should be safer in this regard if you use the https://blockchainbdgpzk.onion address. However, you need to allow javascript or you won't be able to create a wallet. Does allowing javascript pose a deanonymization risk even if you use the tor browser within TAIL's safe context?

March 04, 2015

Permalink

previous versions of TOR ran fine. Updated to 4.0.4 and I get the 'Couldn't load XPCOM' message and nothing starts!

same thing happened here. you have to delete it and install it again. there is nothing else you could do. make sure to follow this websites instructions, because if you use apt get, it may look like tor and act like tor,but it might just not be tor at all.

i would love to volunteer here, but i can't find the time! i wanna fix you so badly! hahaha you guys could simplify your explanations on how to get things done here... i mean, we have to spend sooooo much time searching around for information on why does a website keep blocking me even after i have set the bridges and what other steps i ought to take to make sure i am not being tracked... you wrote something, but to a beginner it means nothing. who's with me? :p

March 10, 2015

Permalink

Does also someone else note massively connection problems with this version of TOR the last few days? Often, files of a website (images, js, css or html) seems not to be loaded and the page must be refreshed several times until it is correctly rendered. And it seems not to be a problem of one ore two bad exit nodes. Problem with my ISP, the TOR network or the TB bundle? Could this be a new kind of statistical attack?

March 15, 2015

Permalink

Is there a doc somewhere on how to set up a local network TOR proxy you can point 1 or more local network TBB 4.0.x clients at?

I'm basically looking to have a Linux box on the local network that will always be the entry guard (1st hop) for all local network hosts running TBB 4.0.x, and it will also be a public relay so our local network's client traffic gets mixed in with public traffic being relayed through our proxy.

I had more or less followed this document in the past with the 2.5.x series of TBB on the clients and a Fedora linux box running polipo and tor (0.2.3.25) as a relay.

https://trac.torproject.org/projects/tor/wiki/doc/CentralizedTorServer

but things started breaking with newer versions of TBB coming out -- it got to where the clients could never complete the setup -- such as not being able to pull a directory or just never getting a circuit going.

Or, if anybody knows of anything offhand that I should just do differently while otherwise following the doc referenced above please let me know.

It's entirely possible that I'm overcomplicating the setup on the client side. Or maybe the tor version I was running on the Linux tor/polipo proxy box was not compatible with the newer proxy modules etc. of newer TBB releases?

I could probably figure it out if I had a good overall illustration of how the clients and local proxy config should work together with newer versions. Just can't find anything like that.

Thanks in advance. I'm not asking anyone to do all the work for me, just a nudge in the right direction or reference to some more current docs. Every time I look for docs along these lines I find the same old docs I followed in the past that no longer work, or older docs that didn't work for me the first time either (they were obsolete).

March 21, 2015

Permalink

I am noticing that a lot of images on Tumblr are refusing to load for the last few weeks. They are transitioning to Edgecastcdn.net for some of their images, and those are the ones that are blocked. Typical response from edgecastcdn is "Server Denied". Not sure if that is 4.0.4 specific or if it affects entire Tor network. Other browsers using static IP work fine on same images.

April 24, 2015

Permalink

its been mor then a year that i havent used tor and non of mthe old sites i knew doesn't work can anybody help me with that?