Tor Browser 5.0.2 is released
A new release for the stable Tor Browser is available from the Tor Browser Project page and also from our distribution directory.
This release features important security updates to Firefox.
Additionally, we updated the NoScript version we ship and included a small fix for Unity and Gnome users on Linux.
Here is the complete changelog since 5.0.1:
- All Platforms
- Update Firefox to 38.2.1esr
- Update NoScript to 2.6.9.36
- Linux
- Bug 16860: Avoid duplicate icons on Unity and Gnome
Comments
Please note that the comment area below has been archived.
Thanks for the update, just
Thanks for the update, just updated!
I want to verify what's changed, what's downloaded before I update, how can I best do this?
it seems to crash on win7 on
it seems to crash on win7 on startup. i receive a "tor browser has stopped working" message together with an "appcrash" detailed report below. never happened with the previous version. crashes started to occur soon afer updating to 5.0.2. i've tried to uninstall (by simply deleting folders and icons) and reinstall but that did not fix the problem.
hope you can help, thanks
just in case: where could one download 5.0.1 version? is it safe to use it? i'd like to try at least if it works.
No it's not safe. There was
No it's not safe. There was a critical security issue in Firefox. Either it's already being exploited or it will be in the next few days.
always me, the guy who
always me, the guy who reported crashes of 5.0.2 under win7. installed 5.0.1 and everything is fine again. let us know...
German speaks
German speaks
Germans cannot speak anymore
Germans cannot speak anymore since their orthography got reformed some years back. His scrawl is called Kauderwelsch in german or gibberish in english.
To maintain guard-node
To maintain guard-node continuity when updating TBB via full download and replacement of the old-version folders, which old-version file(s) should be saved for re-use?
Thank you.
Browser/TorBrowser/Data/Tor/s
Browser/TorBrowser/Data/Tor/state
It seems to be
It seems to be Browser/TorBrowser/Data/Tor/state.
I've tested by moving the file to somewhere else, and tor generated a new one with different nodes. I then moved the old one back, and tor used the old nodes.
However I'm not sure how secure this is. You could also try moving the whole .../Data/Tor directory.
Most usefull for me is to
Most usefull for me is to export bookmarks and restore them via bookmarks menu.
Page Info → Security →
Page Info → Security → Technical details is empty for every https page
Yes, this is
Yes, this is https://bugs.torporject.org/16842 which we'll fix in the next release.
ERROR: Error verifying
ERROR: Error verifying signature.
ERROR: Not all signatures were verified.
What went wrong, and how do I set it to not thrash my bandwidth automatically downloading the full archive when the mar method fails?
As to the errors see
As to the errors see https://trac.torproject.org/projects/tor/ticket/13379#comment:50. We have two keys and if one signs the MAR files with the second one Tor Browser is complaining that the first one it expects is not there but then falling back to the second one (if the second one were not there either your update would fail).
You only get the incremental update if there are no substantial changes in your old Tor Browser, like a modified Torbutton or Tor Launcher or changes to your torrc file(s).
is someone be able to
is someone be able to clarify that : Tor + vpn or Vpn + tor ?
(i cannot add my vpn after tor but i can do it before).
thx.
As I understand it (and I am
As I understand it (and I am far from being an expert), VPN -> Tor is likely no worse, from a security perspective, than ISP -> Tor.
Tor -> VPN, on the other hand, introduces some real potential risks. In such a case, the VPN can be considered, in a sense, like an exit node. Under the default design of Tor, one is continually bounced between numerous different exit nodes, thereby greatly limiting the volume of any given Tor user's traffic that any one exit node can observe (and have the ability to tamper with). In contrast, when one connects to a VPN after Tor, ALL of one's traffic goes through the VPN-- a single entity and network point.
I used http://ip-check.info
I used http://ip-check.info website to test anonymity of the latest version of the Tor browser and the authentication field is marked red and it shows my unique ID to identify me. It says: "Your browser should not send any HTTP authentication data to third party sites". Will you please fix this immediately? Some other fields are marked orange.
If you click cancel when the
If you click cancel when the prompt comes up (like it tells you too,) you won't get a unique ID in the auth field.
Otherwise, some of the orange fields are simply an attempt to push you to use JonDonym as opposed to tor (like the HTTP Session field,) and others are out of date (Such as the Language field and Browser window field.)
Referrer and cookies are valid concerns, but they bring usability concerns as well.
on the highest privacy level
on the highest privacy level this shouldnt be. a new clean install in new directory can help. dont use other addons
Why is it that every first
Why is it that every first link is now a USA link 104.131.108.7? This link is always the same after attempting to change the tor circuit.
https://decvnxytmk.oedi.net/do
https://decvnxytmk.oedi.net/docs/faq.html.en#EntryGuards
Tor picks a Guard node and maintains it as the first hop for several months as this provides better anonymity versus certain attacks.
This question comes up often enough that there is also https://trac.torproject.org/projects/tor/ticket/16665 which deals with including this explanation as part of the user interface.
interesting, thank you for
interesting, thank you for the links !!
HORNET: High-speed Onion
HORNET: High-speed Onion Routing at the Network Layer
http://arxiv.org/abs/1507.05724
What do you think about HORNET? It claims to be much faster without hurting anonymity. Perhaps parts of HORNET could help the Tor network. And it claims to scale well.
Already talked about this.
Already talked about this. There is also Astoria Browser, and the newest is the Hornet Browser. I suggested to the Tor Team to work together to create a Tor/Astoria/Hornet overlay that will surpass any network possible and as an alternating script to safeguard privacy. I think Hornet will good for freedom lovers because it will allow you to go through any website without restriction. Yelp cannot be accessed through Tor, but Hornet will, hopefully.
Neither Astoria Browser nor
Neither Astoria Browser nor Hornet Browser exist; at the moment both Astoria and Hornet are simply clients, and neither of them have public releases.
The reason you can't access Yelp through tor is that Yelp has specifically decided to block tor. Unless Hornet specifically hides the fact that a request is coming from the Hornet network, there's no reason to believe they won't block Hornet as well. In order to do that, Hornet would need to somehow hide what IPs are used to exit the network, and doing so is a significant technical challenge (in addition to making legal challenges more difficult.)
HORNET uses IP-level routing
HORNET uses IP-level routing and Tor has an official response to IP routing that I read years ago somewhere on the web site.
HORNET more specifically is evaluated from a high level by an outsider as part of the Security Now podcast sn-518. Some quotations from Gibson:
"These guys asked the question, what if we upgraded, updated, had
second-generation routers? And of course, unfortunately, it'll never happen."
" what HORNET is, is an academic exercise in the idea of onion
routing at the IP level, not four layers up at the application level. And the idea is you
need minimal work per router, meaning that it's only doing symmetric crypto on the
packet."
"The problem is, if you have near real-time, then there's even more ability to do traffic pattern analysis. And they don't address that at all."
"what they've done is they've solved the performance problem."
"unfortunately, you know, we're not
even moving to IPv6, let alone adding dramatic protocol level crypto stuff into the packet management and switching of our routers. So nice idea, you know."
How do you access Yelp
How do you access Yelp through Tor? It still blocks it!
You complain (ineffectively)
You complain (ineffectively) to Yelp to stop blocking Tor. It's their prerogative to think that their business model depends on not allowing Privacy.
I am going to wait for
I am going to wait for Astoria and Hornet browsers then. They will bypass Yelp any day.
Yelp blocks tor by blocking
Yelp blocks tor by blocking access from tor exit nodes. Tor doesn't try to hide that a request is coming from the tor network because doing so is difficult if not impossible to do accurately with the present day infrastructure of the internet. This isn't something that can be resolved on tor's end.
If you don't mind potentially allowing more people to sniff your traffic, you can try proxying after tor; if you're using Tor Browser you can try something like a PHProxy server.
With all of that said, is there any reason why you have to use tor to access Yelp? Please remember that if you're logging into an account you previously accessed without tor, you are NOT ANONYMOUS or even pseudonymous.
Another option for accessing
Another option for accessing Yelp and other sites that block access to Tor is to use the Ixquick proxy. This can be done by entering the name of the site one wishes to access (in this case, "yelp") into the StartPage search engine and then clicking-on the "proxy" link for any of the results displayed from said site. (A "Proxy" link should be displayed with each and every result that StartPage returns.)
Reasons for wishing to use Tor for a site such as Yelp, could include any of the following.
1.) Not wanting to reveal one's current location.
2.) Wanting to avoid tracking/snooping of one's traffic and activity by one's ISP and/or advertising entities.
3.) There would always be the argument, advanced by many, that if one is going to use Tor for sensitive traffic, one should also make sure to use Tor for as much as everything else as possible-- no matter how mundane. Otherwise, one is effectively flagging their Tor traffic for special attention and scrutiny. This overlaps with the theory that the more routine/mundane/"innocent" traffic that one routes over Tor, the more padding is given to one's sensitive traffic; more hay in the stack, if you will.
(Both theories/arguments apply as well to encryption in general, including Full Disk Encryption (FDE).
Note, as well, that one does not have to log-in (or even have an account) in order to merely /view/ content on Yelp.
https://www.reddit.com/r/TORA
https://www.reddit.com/r/TORAstoria/comments/3ah27w/upcoming_release/
i do not know / i am not an expert but astoria seems a better solution for a near future.
https://thehackernews.com/2015/05/Astoria-tor-client.html
i do not understand how a vpn can compromise an anonymity (scam? manipulation?) ; it is written every where that it adds another security layer and on the other side it is written the opposite..
how many owner of vpn company/enterprise are working against their users ?
how many owner of vpn company/enterprise are giving money/resources/relays/etc. for tor project ?
hypocrisy or organization of crime made in usa/eu government ?
Is all that only marketing where users become a virtual merchandise ?
tor is tied with usa laws but it was never done for usa citizens/needs.
why every country cannot build their own personalized version of tor ?
are we used the same electronic component,the same code/program,the same hardware everywhere (build in the same enterprise)?
hornet or astoria does not solve the fact that victims are still the users.
Please list the
Please list the countries/cities to avoid in the Nodes because of SIGINT surveillance and instruction for configuration.
Why there is no Security Level slider for this or this is not posted on main page?
Why nodes can be from the same country by default?
Why with New Tor Circuit for this Site the cookie stays the same?
"I also have this problem of nodes always being the same at the top of the list and other times the map not working at all. Just checked with a friend who has also found this after checking the nodes list. Strange no response from the TOR developers."
1) What does listing cities
1) What does listing cities help here?
2) Because they are not selected based on country but based on capabilities (guard/exit/provided bandwidth etc.)
3) Because "Give me a new Tor circuit for this site" is just doing what it says: you get a new Tor circuit. If you want more, i.e. a New Identity, then use that option.
4) https://decvnxytmk.oedi.net/docs/faq.html.en#EntryGuards
5) This might be https://bugs.torproject.org/15493 which will be fixed in the next regular release.
still got 2 versions
still got 2 versions 'https-everywhere' (5.0.7+5.1.0 - both updated on 08/27/15!) addons on firefox. Leave as is ?
Deleting 5.0.7 sounds like a
Deleting 5.0.7 sounds like a good solution. The problem is caused by a change in the addon id that was necessary due to the new Mozilla extension signing requirement.
Do you know any popular
Do you know any popular servers that could automatically generate padding from your tab?
Other popular solutions?
Problems mentioned in docs look pathetic.
decvnxytmk.oedi.net blog.torpr
decvnxytmk.oedi.net
vbdvexcmqi.oedi.net
search.disconnect.me (or whatever the default search changes to next.)
May I ask any questions ? I
May I ask any questions ?
I want to use Tor Browser 5.0.2 + VPN GATE .
Can Tor Browser 5.0.2 connect to VPN GATE ?
VPN GATE use SOCKS 4 .
Does Tor Browser 5.0.2 support SOCKS 4 completely ??
Please tell me ...
http://www.vpngate.net/en/abo
http://www.vpngate.net/en/about_abuse.aspx
This VPN Gate? The "I can't tell if their privacy policy or their code is worse, because they're both totally Shit" VPN Gate?
Yes , it is . There are many
Yes , it is .
There are many sites which don't accept Tor Browser .
I want to use those sites through using Tor .
So , I needed VPN .
Free VPN is good . So , I thought to try to use VPN Gate .
VPN Gate has not good matters , but It's FREE ...
I heard Tor + VPN Gate is powerful .
There's other plenty 'free'
There's other plenty 'free' VPNs out there. The question you've got to ask is what they gain out of there service.
You've got to determine your threat model. Why are you using tor? For some uses, spying VPNs aren't a problem.
With that said, I wouldn't use Tor Browser with a VPN; if I'm visiting a website that I can't bypass with a PHProxy, I'd feel safer with a tor -> VPN connection in a whonix VM than Tor Browser.
Now , I'm thinking about
Now , I'm thinking about using whonix ...
If someone knows GOOD FREE VPNs , Please tell me the one .
I know HIDE me , Cyber Ghost , Tunnel Bear , Security KISS ...
Air VPN is very GOOD VPN with using Tor , But Air VPN is NOT FREE .
Cyber Ghost & Tunnel Bear don't have logs , so I like these ...
If someone knows the other GOOD FREE VPNs , Please tell me the one .
I agree with yawning. VPN
I agree with yawning.
VPN GATE is full of security holes. However you can use it as a decoy to fool your ISP or whichever evil regime is monitoring you. For example you can use VPN GATE to surf to Ashley Madison (the number #1 adultery site) and the evil regime that spies on you will get a kick out of reading your racy posts.
But for serious stuff such as whistleblowing on the activities of your evil regime, you should use Tor or some other anonymizing proxy.
Did you know that some of the people running VPN GATE are US intelligence officers who are based in Okinawa? Some of them are Japanese-Americans highly qualified in the field of signals intelligence?
* some of the people running
* some of the people running VPN GATE are US intelligence officers who are based in Okinawa? Some of them are Japanese-Americans highly qualified in the field of signals intelligence?
pls give us name; address, (highly qualified ...hm... few doubt ... well payed ; certainly)
how do they work , by team ,alone ? how many are they ? in the base ? it is a military project or a civil enterprise ? whom are they speaking to ?
details are welcome !
enjoy !
US intelligence officers who
US intelligence officers who are based in Okinawa ?
I didn't know such a thing ...
If it is true , it's so terrible ...
OK , I'll search other FREE VPN .
If someone knows GOOD FREE VPN , Please tell me the one .
Sites know all Tor exit
Sites know all Tor exit nodes anyway. Why send correct Referrers while using Tor and save all Cookies between automatically changed exit nodes? Usability concerns make Tor Browser less secure on any Security Level?
another TBB version?!
another TBB version?!
I can't get the installer to
I can't get the installer to open in windows vista. I download the 5.0.2 to my computer and when I click on it nothing happens.
Could there be a firewall in Windows that won't allow the application to open?
Check the files properties
Check the files properties and make sure it hasn't been blocked.
I can't get the 5.0.2 to
I can't get the 5.0.2 to install. I download the file, and click on it, nothing happens.
Could there be a Windows firewall preventing the application from running?
Windows Vista User.
Right-click on
Right-click on "torbrowser-install-5.0.2_en-US.exe", left click on Properties, then click on the Unblock button.
Tor Browser Bundle for
Tor Browser Bundle for Linux. In this version PLUGGABLE TRANSPORTS do NOT WORK. Even if you use working bridges, Tor cannot connect. Please, fix this.
Same here. Tried 9 obfs4
Same here. Tried 9 obfs4 bridges obtained from BridgeDB and none of them allowed me to connect to internet. These same 9 obfs4 bridges did allow me to connect to internet using Windows.
Odd. I use obfs4proxy fine
Odd. I use obfs4proxy fine on Linux (64 bit). You don't really provide enough information to be able to debug this further.
Using ExitNodes with bridges
Using ExitNodes with bridges make ExitNodes ignored without warning messages
no fix?
no fix?
Can a Tor developer tell me
Can a Tor developer tell me that that the new update system automatically checks all verification signatures?
It checks the signature of
It checks the signature of the update file, yes, and fails to update if that one is wrong.
The Tor Browser works well.
The Tor Browser works well. Many thanks for your efforts in fighting online censorship. Dreamsofspanking.com was recently forced by ATVOD to remove all of its videos and photos, due to new draconian UK porn laws - A reminder that censorship is dangerous and not acceptable.
censorship is dangerous,
censorship is dangerous, when a draconian law comes ; it is often because they cannot obtain all the market for themselves so they prohibit it for every one.
the new market will be open and under control of the mayors like it was 30 years ago.
I wonder what percentage of
I wonder what percentage of Tor users are individuals in the UK wishing to circumvent the laws that you characterize as "draconian".
www.theguardian.com › Arts
www.theguardian.com › Arts › Pornography
www.ukcolumn.org/article/atvod-major-risk-freedom-speech-internet
www.melonfarmers.co.uk/me_atvod.htm
Few millions of real persons are concerned whom members of Parliament obviously , it is also about regulating a market and prohibiting which should not be a "label" certified ... by their own industry.
In uk, an old law still exist since 300 years ; all suspicious behavior can be considered as a terrorist threat.
so, i really do not understand your sentence :
| I wonder what percentage of Tor users are individuals in the UK wishing to circumvent the laws that you characterize as "draconian".|
You should be better informed.
Clean install to USB, win
Clean install to USB, win vista 32 bit.
With security slider on high can't change any options under Tools>options.
So move slider to its lowest setting, still cant change options without exiting and restarting.
Exit and restart, change settings, leave slider on lowest settings, exit and restart - all settings have been saved. Move slider to highest settings, exit restart - settings now back on their defaults, ie all boxes are clear.
Are my settings being saved once the security slider is moved up to max ? For example if I clear the 'block cookies from sites' box when the slider is low are they still blocked when the slider is on max (on low the box is ticked, on high it's empty)
This is
This is https://bugs.torproject.org/16775 which will be fixed in the next regular release.
Am I doing the right things
Am I doing the right things ?
No Script>options>embeddings = all boxes ticked.
Tools>options>content, block pop up windows = ticked
Tools>options>privacy, tell sites not to track = unticked
Tools>options>privacy, tor browser will use custom settings
Tools>options>privacy, always use private browsing = ticked
Tools>options>privacy, accept cookies = unticked
Tools>options>privacy, third party cookies = never
Tools>options>privacy, clear history when closes = ticked
Tools>options>security, warn site add ons = ticked
Tools>options>security, block attack sites = ticked
Tools>options>security, block forgeries = ticked
Tools>options>advanced>data choices, health report = unticked
Tools>options>advanced>update, check but let me choose = ticked
Security slider set to maximum security.
Finally and probably the most important;
About:config in the address bar then
About:config>app.update.auto = set to FALSE
About:config>javascript.enabled = set to FALSE
Anything here that would weaken my privacy/anonimity, everythin looks good on ip-check.info. Thanks for any feedback.
Am I doing the right
Am I doing the right things?
You may be doing the right thing but as you personally customized the settings, your TBB might stand out easily to be tracked.
No you're not; changing the
No you're not; changing the default settings with make it easier to fingerprint you. Tor Browser is pretty secure "out of the box" and you get anonymity by looking exactly like every other Tor Browser user (to be using the security slider setting you use.) If you change that, you change your fingerprint.
By the way, you don't have to block the plugins in NoScript since TorBrowser is specifically engineered to not find the plugins by default.
>you don't have to block the
>you don't have to block the plugins in NoScript since TorBrowser is specifically engineered to not find the plugins by default.
What about the concept of layered security? Could such blocking via NoScript not be considered a backup defense, in the event that such blocking within TorBrowser somehow fails?
Am I doing the right things
Am I doing the right things ?
https everywhere > block all http request (recommended)
tor > high level (recommended)
noscript > advanced > checked clearclick/abe/xss (recommended)
Thanks for any feedback.
I'm pretty sure enabling
I'm pretty sure enabling NoScript ABE isn't recommended.
Then again, I don't think it'll effect your fingerprint unless you write additional rules. Of course, I don't think the default rules even do anything on TB given that access to LAN resources won't work anyways.
Why are you changing
Why are you changing HTTP-headers and default screen size? In this way you make distinguishable users of older versions of torbrowser. Now I use version 4.0.8 and ip-check.info detects difference from the current version.
torbrowser 5.0.2
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Accept-Language: en-US,en;q=0.5
Window size: 1000x775
torbrowser 4.0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Firefox/31.0
Accept-Language: en-us,en;q=0.5
Window size: 1000x800
While the first two can be corrected via about:config, the window size does not have such setting.
Even one different symbol completely changes the header signature (such as us -> US). It would be wise to stick to some settings and never change them.
Apart from the fact that
Apart from the fact that Firefox 31 based browsers do not get any security updates anymore it is probably not possible to pretend you are using a Firefox 38 based one while in fact using a Firefox 31 based one anyway. Thus never changing settings would not help.
OK, with enabled javascript
OK, with enabled javascript that may be right. But in case of the safest browsing with javascript disabled or the high security level (accordind to the slider), how sites can detect the firefox version? I think the only way is analyzing HTTP headers. Other properties, such as TCP stack and pipelining, are likely to be identical.
>Even one different symbol
>Even one different symbol completely changes the header signature (such as us -> US).
Can I change this manually? Or no good idea?
about:config ->
about:config -> general.useragent.override, inlt.accept_languages.
However after browser restart the option intl.accept_languages resets for some course. So you have either to change it after each start of browser or not change anything, otherwise you became trackable because of the unique HTTP header combination. Users of old versions still compose some crowd, which however far less populated than the crowd of the current version.
i think even if you
i think even if you fullscreen your TB(not f12 fullscreen) but just squared, it sitll do not show your monitor size, it shows the size without win.taskbar panel so it's still differs from your monitor..i might be not right with this, but, if anyone could say more it'be great
I do not know how, but
I do not know how, but ip-check.info test determines the browser window, which is different for old versions and the current one. If you maximize the window, then the values are the same according to your monitor resolution. But the best practice is to use default window size and not to maximize it. In such a way you belong to the biggest crowd of users the with the best anonymity.
_enabling NoScript ABE isn't
_enabling NoScript ABE isn't recommended.
Interesting point of view but i do not see any link or information from noscript or tor devs explaining clearly the advantages/inconvenient of enabling abe with tor bundle 5.0.2. with example(s)/scenari (e.g. chat / webmail).
NoScript ABE allows
NoScript ABE allows fine-grain control over what website resources are loaded. Unfortunately, that detailed level control is fingerprintable; it's the same reason TB disabled NoScript's block by domain functionality.
With that said, just enabling ABE doesn't gain you anything. TB and tor already protect you from the attack on LAN resources that the default rule provides you. Simply enabling ABE won't do anything except maybe use a minor amount of cpu/memory. Theoretically, TB could include a custom ABE rule list (which would reduce/remove the fingerprinting issue) but that pretty much steps into the adblocker arena which is a minefield.
Is it not an official
Is it not an official opinion ?
# With that said,...
What is the goal of noscript and its options ?
# NoScript ABE allows fine-grain control over what website resources are loaded. TB and tor already protect you.
# ABE is a very good choice. I read that according on the app you run it can protect you better.
When, why, how, ?
# TB could include a custom ABE rule list (which would reduce/remove the fingerprinting issue).
Does it work better with or without tor ?
# Like for another add-on (https everywhere e.g.), most of users are against learning the real purpose of the plugin and setting it correctly.
Is it better (fingerprint) to enable it or not ?
# enabling ABE doesn't gain you anything.
For what app i must activate it or not ?
# TB and tor already protect you from the attack on LAN resources that the default rule provides you.
# I agree that by default, all is fine except i need an official how-to and i did not find one,
Who have yet sent an email to tor or noscript site for obtaining an answer ?
who have received one ?
# enabling ABE doesn't gain you anything
# so where are the expert reviews ? on the tor site ? on the noscript site ?
# where are the how-to, the clear explanation , the discussion, the examples the feed-back, the test, why this option (useless-abe ?) is embedded in the Tor noscript add-on ?
# Is speaking about plugin embedded with Tor a taboo ?
# Who is responsible , Tor or Noscript dev ?
Can't maximize the tor
Can't maximize the tor browser window. after clicking on the maximize button, the window flickers a lot an then finally has a random size, sometimes ~100px width, sometimes ~6000px width(!). Using Windows 7 64bit.
Window size is
Window size is fingerprintable; Tor Browser is specifically designed to prevent maximization as a defense, but I've never had it end up at a random value afterward.
I cannot change Settings (I
I cannot change Settings (I also hate as all (many) sites are moving to the "new" win8+ feel--with regard to buttons). Should I update to 5.0.2a?
https://trac.torproject.org/p
https://trac.torproject.org/projects/tor/ticket/16985
More Tor developers please answer the questions.
Do you know good IXP?
what is the point of
what is the point of "torrc.orig.1" if its blank after TBB update?!
it doesnt contain the "previous" nor original torrc prior to update?!
Dear Torteam online update
Dear Torteam
online update of TBB:
method1
try parsing the torrc
find the custom variables/settings -save them
perform the update
restore the customization
method2
update TBB
don't overwrite ORIGINAL torrc
not difficult
highly pissed Anon
I'm testing Tor browser on a
I'm testing Tor browser on a notebook that connects to Internet using a cell phone network. About 60% of my data usage was Youtube videos viewed through Tor Browser. Somehow my ISP was able to profile my traffic and their tech support told me that more than half my usage had been "videos".
How is such profiling possible, if my access is through Tor Browser? I thought that all traffic went through an encrypted pipe, and no ISP should be able to inspect headers of packets inside that pipe?
https://askubuntu.com/questio
https://askubuntu.com/questions/233386/how-can-i-view-youtube-videos-in…
That posting 2.5 years out
That posting 2.5 years out of date. The world has moved on from flash video onto html5; html5 goes through the browser as opposed to flash. It shouldn't leak; if it does, that's a bug.
That's an interesting
That's an interesting question, admins should notice that..Tor isn't safe anymore??? How your isp was able to profile u? isp must see only the fact that you're using TB.
3 things are broken in TBB
3 things are broken in TBB 5.0.2:
-Technical Details(Crypto algorithm).Tools -> Page Info -> Security
-Tools -> Page Info -> Media
-Tools -> HTTPS Everywhere -> Enable / Disable Rules
Please fix that.Thank you.
I see that enabling ABE in
I see that enabling ABE in NoScript isn't recommended in the default TBB or there is no gain at all, but what about the ClearClick option?
It comes disabled by default as well.
ClearClick is eventually
ClearClick is eventually supposed to be enabled by default. It was enabled by default until a NoScript update caused ClearClick + Tor Browser to create ClearClick False Positives on some websites. At least that's how I read the explanation. I could be wrong.
Hi,the meek is
Hi,the meek is unavailable
Please fix it.
Hi, can you give us some
Hi, can you give us some more information? Where are you located (what country)? Do you use meek-google, meek-amazon, or meek-azure?
The best way to get a problem fixed is to make a bug tracker account and then create a new ticket (in component: meek).
https://trac.torproject.org/projects/tor/register
https://trac.torproject.org/projects/tor/newticket?component=meek
Please post the lists of
Please post the lists of identity fingerprints, country codes, and address patterns of nodes to avoid when building a circuit. Add the explanations if possible. For long lists using links to popular secure clearnet pastebin service is preferable.
um hello. first time
um hello. first time commenter, happy 2 year tor user (though i'm using an ie8 for this post for an unrelated reason, ok, i'm at the office and they still use XP here).
i understand that magnetic links do not work with the tor browser since like v3, not a problem. but i seem unable to download a torrent link and associate it with utorrent like i did on the previous version when using kicckass for public domain content. (nice save huh?) rather, torcache pops up and just hangs. is it a related v5.02 issue others have noticed or a kickass linking glitch w/torcache iyo?
thanks, very much for your time.
AllowDotExit, MapAddress
AllowDotExit, MapAddress does not work for me in Tor Browser 5.0.2.
Is it supposed to work in this version?
https://gitweb.torproject.org/torspec.git/tree/address-spec.txt:
"The .exit notation is disabled by default as of Tor 0.2.2.1-alpha, due
to potential application-level attacks."
Solved. Was due to
Solved. Was due to restrictive post-install configuration.
Hi, In the country I am in
Hi,
In the country I am in now, some connection works well with the old version Tor like 4.5 , but not the new version 5.0 or later. I've tried all kinds of connections like meek, obfs etc. all failed. I suspected it's caused by firewall. But after disabling firewall, it still failed. (This country is "famous" for its censorship. )
Please fix it. Thanks!
torbrowser 5.0.2 segfaults
torbrowser 5.0.2 segfaults http://www.kelownadailycourier.ca/news/article_ee8e9e8a-5cf2-11e5-a2e8-…
On which operating system?
On which operating system?
Please disable automatic
Please disable automatic update from earlier version. Some people here are on mobile internet and pay for every kilobyte transmitted.
I'm not sure which version I
I'm not sure which version I have but I updated a few weeks ago or a month ago, I think it was working recently but now it says can't load xpom. What's wrong?
Also how can I use tor to access where the majority of content on the page is animated, and why do some pages in tor make you go through some annoying repeating captcha?
The annoying captcha is
The annoying captcha is Cloudflare who host a large proportion of web servers and will force a captcha if you're coming from a known Tor exit node.
In the same way Google harass Tor users with captchas, in some cases indefinitely repeating the request with a new captcha even with correct answers entered.