Tor Browser 4.5-alpha-2 is released
The second alpha release of the 4.5 series is available from the extended downloads page and also from our distribution directory.
Tor Browser 4.5-alpha-2 is based on Firefox ESR 31.3.0, which features important security updates to Firefox. Additionally, it fixes a regression which caused third party authentication credentials to remain undeleted and contains smaller improvements to the circuit UI and the security slider.
Here is the changelog since 4.5-alpha-1:
- All Platforms
- Update Firefox to 31.3.0esr
- Update NoScript to 2.6.9.5
- Update HTTPS Everywhere to 5.0developement.1
- Update Torbutton to 1.8.1.2
- Bug 13672: Make circuit display optional
- Bug 13671: Make bridges visible on circuit display
- Bug 9387: Incorporate user feedback
- Bug 13784: Remove third party authentication tokens
- Bug 13435: Remove our custom POODLE fix (fixed by Mozilla in 31.3.0esr)
Comments
Please note that the comment area below has been archived.
In China, Tor Browser 4
In China, Tor Browser 4 could connected over meek-amazon or meek-azure.
But Tor Browser 4.5-alpha-1 and 2 both couldn't use meek.
please check it.
meek-amazon and meek-azure
meek-amazon and meek-azure still work in China, but there is a bug in the 4.5-alpha series. Please see: https://trac.torproject.org/projects/tor/ticket/13788.
For now, you have to use the non-alpha release if you want to use meek: https://decvnxytmk.oedi.net/download/download-easy.html.
In China, Tor Browser 4
In China, Tor Browser 4 could connected over meek-amazon or meek-azure.
Would you like to get your Chinese friends to translate Tor Browser into Mandarin Chinese?
With the recent implementation of laws by the Chinese authorities to curtail the freedom of expression on the internet, there is an urgent need for Tor Browser and its help pages to be made available in Mandarin Chinese.
How much would it cost to
How much would it cost to get a translator to translate tor and all its documentation to Mandarin Chinese (or any other language)? I'm thinking about maybe sponsoring it, or if you want you can set up a kickstarter and crowdfund it.
How much would it cost to
How much would it cost to get a translator to translate tor and all its documentation to Mandarin Chinese (or any other language)?
That's very nice of you :)
The cost of hiring a translator or translators depends very much on the volume of work to be translated.
If you've an idea of the volume of documentation to be translated, I can point you to some websites that offer English-to-Chinese translation.
how can i revert to the
how can i revert to the classic theme? it´d be a good idea to remove irrelevant and unnecessary features like developers tools, as well as trim the binary download size - up until version 3.6 tor browser´s like 20-30 mb download, now it´s 40-50 mb.
I want to know this too.
I want to know this too. It's really needed, the new Firefox interface is terrible, and it's not even customizable remotely near the old Firefox interface.
Why do the Mozilla developers insist on breaking what was fixed since Firefox 1.0?
Lack of toolbar customization and lack of add-on bar are the two serious problems. A third serious problem that the Mozilla developers broke many releases ago is double clicking the URL bar. It selects everything (like a triple click always should) rather than just a single word. It makes trying to cut off parts of the URL extremely difficult, it used to be easy by just double clicking and dragging.
It's not really the TBB devs fault I know. It would be great if these features could be brought back in the TBB fork.
Classic Theme Restorer can
Classic Theme Restorer can give you a somewhat decent GUI, may change your browser signature especially if you have javascript enabled but should otherwise be safe, certainly safer than not using tor.
As for proper double click behavior, go to about:config and change browser.urlbar.doubleClickSelectsAll to false.
works well ! but i wonder
works well !
but i wonder alpha version is as safe as stable version?
No, it is a testing version.
No, it is a testing version. If you're not testing tor and in urgent need of a new feature stick to the stables.
If you really want your user
If you really want your user base to explode (expand unbelievably) you should support torrenting over tor. TAILS have made some pretty remarkable advances in this field https://labs.riseup.net/code/issues/5991 which will also bring more support and funding to the project. It will not harm the network in terms of speed and over load, because this user base expansion will also make more people set up more relays. What do you think?
I think people can get their
I think people can get their porn and pirated movies with VPNs... and NOT muck up the Tor network.
What about Wikileaks'
What about Wikileaks' 401.6GB insurance (torrent) file they asked everyone to download? https://www.facebook.com/wikileaks/posts/561645433870573 we should totally download that from our own ips or "anonymous" and "military grade encryption"™ VPNs and proxies, right? Reasons to torrent anonymously aside, this is about growing the network to improve tor's anonymity index, it's not about torrenting per se, it's only about growing the network even more to comply with its design "anonymity through obscurity" and it's a great idea that is destined for success once implemented.
There are options for large
There are options for large file transfer through Tor that are NOT going to kill the network, like Bittorrent would. While there may be a small faction of Bitorrenter's using it for human rights matters, etc., the vast majority use if for porn and movies.
I won't support Tor by running a node if it gets taken over by 18 year old kids looking for porn and movies.
Isn't this the same as 'i
Isn't this the same as 'i don't want my 18(!!!) years old kids(!!!) knew anything about nsa spying' so tor need censoring content? How can it be anonymity but only for accessing government' approved content? Is it a PRopaganda mist?
As for your 'kids' they can quite well be used in SS(nsa/cia/fbi/etc) operations all over the world. Did you ask them if they wanted to be controlled/censored even by you?
Tor network isn't designed
Tor network isn't designed for torrenting, period. Maybe some day it will be big enough, but that day isn't not anywhere near today.
And the day Tor says "please, torrent over Tor" I will stop running a node.
Yes indeed. Heck, the
Yes indeed. Heck, the Internet isn't designed for torrenting either (and it can't handle it well either).
furthermore get your
furthermore get your facebook shit and your html5 stuff out of tor network..
Now now. People want to use
Now now. People want to use the Internet for all sorts of things. Who are we to stop them, so long as they don't harm our use too much?
They WILL harm the network,
They WILL harm the network, you dolt. That's the WHOLE POINT!
Torrents are mostly pirated movies, WAREZ, games, and porn. Fact.
Yes, and facebook and html5
Yes, and facebook and html5 aren't torrents.
I'm not a big fan of bulk transfers in general over Tor. And doing it via bittorrent is generally especially unwise:
https://vbdvexcmqi.oedi.net/blog/bittorrent-over-tor-isnt-good-idea
But we have to accept that many web pages these days have a variety of types of content on them, and that's what people want to do with the web.
If you really want your user
If you really want your user base to explode (expand unbelievably) you should support torrenting over tor.
NO, NO and NO.
On the contrary Tor developers should incorporate technology that's able to detect when a Tor user is using bittorrent over Tor and blacklist and kick out that Tor user out of the Tor network.
Stick to Tor's original goals: to provide a means for those living in oppressive regimes such as North Korea, Iran, China, Egypt, etc... to freely express their opinions. Also journalists living in those regimes ought to be able to freely do their jobs.
Supported ! The Torproject
Supported ! The Torproject and developers community
should takeit to heart to put their acts in line with
their (stated) goals, lest theu be suspect of hypocrisy,
in turn giving rise to legal attacks against (safe) use of Tor
and perhaps to Tor's total prohibition.
So, NO help or support for torrents over Tor,
and in general privilege safety and privacy over speed
and throughput.
Do you mean to announce that
Do you mean to announce that tor network is really nsa-controlled machine for exclusive usage in "oppressive regimes such as North Korea, Iran, China, Egypt, etc..."? So quite rightfully it _should_ be illegal for use in any country which is not under nsa control as tool of foreign spy agencies.
Seems to me it's just another attempt to disjoint tor community. BTW, why do you believe nsa-controlled state is not an oppressive regime?
Actually, I really don't
Actually, I really don't want to do anything that can detect certain protocols and change behavior based on them. That way means losing "common carrier" like status, and anyway it's just an unfriendly thing to do on what we'd like to be a network-neutral Internet.
That said, we *have* been investigating throttling people who use more than their fair share of bytes, not because doing so is evil, but because doing so harms other users. See
http://freehaven.net/anonbib/#throttling-sec12
for some designs, and
http://freehaven.net/anonbib/#pets13-how-low
for some attacks on these designs. As with many suggested changes in Tor, getting it right is still an open research area.
Let me also address your last point -- Tor's original goals were as a civil liberties tool for people in the west (America, Europe, etc) to not get stuck in corporate or government databases. The censorship-resistance came later. But as other commenters here point out, resisting surveillance in Egypt and resisting surveillance in Italy are just matters of degree these days.
do not forget repressive
do not forget repressive regimes like the US government! The freedom of expression is not so great with your government profiling you too.
Hi, I downloaded, verified
Hi,
I downloaded, verified and installed a copy of tor-browser-linux64-4.5-alpha-2_en-US and after clicking on the Test for Tor Network Settings found that the Atlas link produced a page with the animated icon followed after a while by an error message.
No Results found!
No Tor relays or bridges matched your query :(
Should this be expected in this Alpha at this stage of development?
Thanks.
https://lists.torproject.org/
https://lists.torproject.org/pipermail/tor-talk/2014-December/035857.ht…
Many thanks for your pointer
Many thanks for your pointer to that reading list.
Thanks, now works as
Thanks, now works as expected.
Well,I still can`t edit any
Well,I still can`t edit any cert in Tor Browser
I know everything is
I know everything is encrypted except from the exit node to the final destination. I'm wondering, though, what, if any, anonymity concerns exist due to at least the user's Tor client knowing the entire circuit?
In general I think that's a
In general I think that's a good thing rather than a concern. *Something* has to pick the path, and if it's not the client, that sounds even scarier to me.
Would it be better if the
Would it be better if the client only chose the first node, the first node then would pick the second node, the second would choose the third (exit) node? No one node would then know the complete path. Today is seems, at least theoretically, that all nodes know, or could determine, the complete path.
https://decvnxytmk.oedi.net/do
https://decvnxytmk.oedi.net/docs/faq#LetTheNetworkPickThePath
In your design, if the first hop is evil, then you lose from there.
Thank you for the link.
Thank you for the link.
i notice there is no windows
i notice there is no windows tor only version 2.5.10 available*. is it deprecated?
is it save to use the tor.exe from tor browser bundle indstead? Thanks.
* https://utuhewzcso.oedi.net/win32/
Yes, feel free to use the
Yes, feel free to use the tor.exe from the Tor Browser.
In fact, there's a new Windows expert bundle: see e.g.
https://utuhewzcso.oedi.net/torbrowser/4.5-alpha-2/tor-win32-0.2.6.1-al…
Problem is, it's generated fresh every Tor Browser release, so we haven't figured out how to link reliably to it from the Tor download page.
More crap being thrown at
More crap being thrown at Tor; this time it is Wordpress doing the blocking:
"Lost?
Our server sentries tell us you should probably not be here. Maybe you are lost?
If you are sure this is the place you are trying to go, please contact us and we will be happy to help."
Contact address is http://en.support.wordpress.com/contact/
Are there any alternatives?
Are there any alternatives?
PS everything works just
PS everything works just fine with Wordpress when you disable Tor ;)
Cloudfare, Wordpress... next... things are not looking good for Tor.
Just as it becomes usable, accessible and is gaining popularity it is being blocked and frustrated at every turn.
The circuit display feature
The circuit display feature in torbutton is great! But, two problems I noticed:
- you can't select text in it to copy to the clipboard
- hidden service circuits still show "internet" after the last hop, which seems wrong
How about making the relays in the list be links to Atlas?
And how about a "report bad exit" button where users could submit reports to bad-relays via a hidden service? Ideally the reports could even (with the user's consent) include a copy of the TLS certificate and/or HTTP response received.
> How about making the
> How about making the relays in the list be links to Atlas?
No, please don't do that. People are going to click their relays and hence expose which relays make up their circuit.
StartPage is giving us this
StartPage is giving us this warning everytime I try to use it:"As part of StartPage's ongoing mission to provide the best experience for our users, we occasionally need to confirm that you are a legitimate user. Completing the CAPTCHA below helps us reduce abuse and improve the quality of our services.
Thank you,
The StartPage Team
JavaScript appears to be disabled in your web browser. To complete the CAPTCHA, please enable JavaScript and reload the page."
Time to ditch it as the default search engine I guess
just for joke try to use
just for joke try to use something like "...googlebot..." in user-agent string. they're going to be mad.
and not just using it by default but actively recommend against it through a pop-up message.
"Browser: Mozilla/5.0
"Browser: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" will get you behind all sorts of 'paywalls".... :D
why cant i see the country
why cant i see the country any more. I am not a techie. Can someone please help?
If you provide more details,
If you provide more details, maybe. How can I reproduce your problem?
Maybe he refers to the fact
Maybe he refers to the fact that the Tor circuit is not displayed for every tab.
Downloaded and installed
Downloaded and installed this alpha with no problems. No complaints from my antivirus program ( BitDefender Free ). Thanks for fixing the bug that caused me to re-disable Javascript via NoScript, every time I chose "New Identity".
Problems downloading TBB exe
Problems downloading TBB exe file with seamonkey.
The Download window says blocked!
It's any strange shit with "stricttransportsecurity" the browser says.
Where is the misconfiguration?
Is there a good reason that
Is there a good reason that the Tor Browser auto-updater has to make a copy of the entire browser, user profile included, into an "updated" folder just to update? It makes it very easy to run out of space if you have a larger user profile.
I think the answer is
I think the answer is "that's how the Firefox updater works".
I noticed that
I noticed that HTTPSProxyAuthenticator username and password are still in clear plain text in torrc. This is a serious security issue in my view: it allows anybody with access to the file (e.g. through a backup or an old disk) to get the identity and network credentials of the tor user (esp. in corporate or controlled environments). Thanks if somebody could fix this issue somehow or at least try to reduce the risk: maybe (i) adding an option not to save network access credentials (ii) a password protected startup process or, ideally, (iii) the possibility to choose a pw protected profile to run tor. Thanks!
I suggest you open a ticket
I suggest you open a ticket on https://bugs.torproject.org/ and be prepared to help write the feature the way you want it.
That said, doesn't the httpsproxyauthenticator go out on the network unencrypted too? So it's not like these things are actually very secret.
I just downloaded Tor and
I just downloaded Tor and nothing else.
Is it safe to use Tor with Internet Explorer 11?
Very much
Very much no.
https://decvnxytmk.oedi.net/docs/faq#TBBOtherBrowser
Request: Allow copying if IP
Request:
Allow copying if IP addresses of the nodes in use from the Torbutton flyout thingy.
Another day, more
Another day, more propaganda, this time targeting "users of of the 'dark net'" i.e. Tor... the 'dark net' the place where all those 'paedophiles' lurk. "It's outrageous, why aren't the Government doing something about this and blocking this Tor or whatever is is called from accessing the internet?" Why is it all so predictable? All so reminiscent of when the Pirate Bay first started appearing on the pages of the BBC: "Pirate who? Never heard of them. But wow, this 'file-sharing' sounds so cool, must give it a try... you get all sorts of 'free' stuff like movies, music and software you say".... and look where the Pirate Bay is now - offline! Now we have moved onto: "Onion who? Never heard of them. But wow, this 'anonymity' sound so cool must give it a try... you can get up to all sorts of 'illegal' stuff and not get caught you say?"
From the BBC: http://www.bbc.co.uk/news/uk-30426164 .. always worth keeping an eye on.... ;)
From the BBC article: "The
From the BBC article: "The joint unit will tackle people who are using increasingly sophisticated encryption techniques and the so-called "dark-net" to hide their true identities and trade child abuse images and videos."
Probably means GCHQ has
Probably means GCHQ has already set up numerous fake nodes or is about to. Probably watching exit traffic and tracing it back to origin.
We need a new TOR that can't be broken by super computers.
I know we keep going back
I know we keep going back and forth about this, but setting up your own relays to attack Tor is only one of a wide variety of ways to attack, and it's probably not the most effective or most efficient. Other approaches include watching relays that are set up by other honest people (less risk, less hassle, easy to do if you've already put surveillance gear in place) and compromising the browser of users who visit a given site.
I really hope this is the
I really hope this is the next release (which is due in about a month?!) or you at least backport some of it.
Also is TorBrowser fully portable?if so on all operating systems?
No, it will still take some
No, it will still take some months before we can call it a stable release. E.g. signing the update files is missing in 4.5-alpha-2 and we need at least two further releases to test that. And there will be no backport of features either.
Yes, Tor Browser aims at being fully portable. You should be able to run it on Windows/OS X/Linux.
virus error in this
virus error in this version
please fix this
http://www.imageupload.co.uk/images/2014/12/13/Tor_45.jpg
Looks like
Looks like https://decvnxytmk.oedi.net/docs/faq#VirusFalsePositives
Could you please provide
Could you please provide some documentation explaining what the ominous security slider actually does? My apologies if this has already been explained but I could not find anything about it.
Also, is there a way to revert NoScript to its original state so we have the ability to enable/disable sub-elements of a page again?
I know this came with v4.0 and I understand it has been done to make browsing easier for inexperienced users, but can't we have a choice? This all-or-nothing approach seems a bit drastic to me.
Make a BSD version
Make a BSD version
Consideration : Remove
Consideration : Remove Google as Search engine
It Seems Google has now blacklisted all Tor exitnode ip's, search
seemed definitely stopped working.
Trying to use Google as a search engine (sometimes you have to) nowadays results in a never ending captcha process without any progress!
I understand it has been
I understand it has been done to make browsing easier for inexperienced users, but can't we have a choice? This all-or-nothing approach seems a bit drastic to me.Baahubali torrent