Tor Browser 6.0a2-hardened is released
A new hardened Tor Browser release is available. It can be found in the 6.0a2-hardened distribution directory and on the download page for hardened builds.
This release features important security updates to Firefox. Users on the security level "High" or "Medium-High" were not affected by the bugs in the Graphite font rendering library.
Additionally, we fixed a number of issues found with the release of Tor Browser 5.5, which already got addressed in Tor Browser 5.5.1, and we switched to a Debian Wheezy system for building the hardened series as well.
Note: There is no incremental update from 6.0a1-hardened available due to bug 17858. The internal updater should work, though, doing a complete update.
Here is the complete changelog since 6.0a1-hardened:
Tor Browser 6.0a2-hardened -- February 15 2016
Comments
Please note that the comment area below has been archived.
No windows version available
No windows version available to download?
No. For now it is only for
No. For now it is only for Linux 64bit systems.
Have any attempts been made
Have any attempts been made yet for a Win32 (or 64-bit Windows API) build?
Not yet.
Not yet.
Guess this means no OS X
Guess this means no OS X hardened version either.....
all these amazing
all these amazing improvements
blessings, praise, respect, magnaminity and sunshine and rainbows to all the team at Tor
I appreciate this has been asked before but I'm not completely clear:
This hardened version is a parallel release to the regular updates as it is still in beta
Are these two streams intended to coincide at some point - ie - is the
regular update going to incorporate all the hardened features?
There are no plans for this.
There are no plans for this. However, we plan to get the hardened series merged with the alpha one at some point in the future to not split our thin user group for the alpha series even further.
can anyone help: if I am
can anyone help:
if I am using Tor and Malwarebytes (with its real time background protection) suddenly informs me "malicious website blocked - tor.exe and an IP address" the internet connection then gets disabled
does this mean a malicious packet has been injected via a node?
or is this a ''false positive" that I understand can happen with virus and malware software, because of the way they function - when using tor and tails
It sounds more like
It sounds more like Malwarebytes has decided that the entry node is a malicious IP address. Who knows how they come to that conclusion.
i would enjoy a response to
i would enjoy a response to this query also as I experience the same phenomena - malware blocker running in the background whilst using Tor, randomly and suddenly telling me it 'has blocked the file - tor.exe' and wonder why or what it means
It does sound like yet
It does sound like yet another false positive:
https://decvnxytmk.oedi.net/docs/faq#VirusFalsePositives
Anonymity Online mejorar
Anonymity Online mejorar quitarles las fallas de seguridad y otras fallas
que no se congele
tor mejorar quitarle las fallas de seguridad y otras fallas
que no se congele
que se pueda instalar y desinstalar correctamente
mejorar compatibilidad
ligero navegador
y ligero en todo los demas
privacidad mejorada no graba historial y descargas y ip
http://www.msn.com/en-us/mone
http://www.msn.com/en-us/money/technology/google-android-smartphones-hi…
Read the entire article, it's like WTF? o_0
The only thing
The only thing groundbreaking in that article is the way SMS is used as an exploit. Everything else has been going on for years.
Harder
Harder
I think servers can still
I think servers can still determine your identity, no? Even if a browser is used with randomization, doesn't the server still register your hardware?
server can only get what you
server can only get what you send. tor effectivelly hides your protocol stack only tcp data information is passing through unmodified. that is why js is very dangerous in the first place. it is just the same as if you install any wild programme and ask if it can detect your hardware and use yout tor tbb module.
suppose there is such programme (say to simplify av) wich "legally" frequently connect to the "home". av at time 1 receive command to dl new euristic module. this module scan running processes and check for listenning tcp ports. when it gets tor process and port it connects to this port and sends collected info immitating your browser connection. at time 2 it deletes itself.
btw microsoft was catched red handed several years before with regular updates.
Without Flash or Java they
Without Flash or Java they can't get detailed info; Javascript allows some but can be disabled, and CSS only can be used for fingerprinting if you don't use a standard browser window size.
no
no
Dear Arma/ GK/ Tor
Dear Arma/ GK/ Tor Admin
how do you feel about the suggestions, in the Snowden files, that HTTPS is broken?
I don't think that https,
I don't think that https, properly implemented and properly used, is broken.
But I do think that the certificate authority mess with websites these days is really bad news for users.
Why do Tor even publish the
Why do Tor even publish the IP addresses of Tor exit routers. Is this supposed to be 'gentlemanly' conduct or something? Time to take the gloves off and play the scurrilous "Clownfare" at their own game. Why make it easy for them?
Mostly because it wouldn't
Mostly because it wouldn't actually work:
https://decvnxytmk.oedi.net/docs/faq#HideExits
Sorry to put this in here.
Sorry to put this in here. Norwegian exit tor1multisec (193.90.12.86) appears to have relayed a certificate for https://archive.org/ which pops up an unrecognized certificate issuer warning. The unrecognized GoDaddy certificate authority is installed in TorBrowser with its default permissions. Using another exit the certificate for archive.org was accepted.
Can you let the bad-relays
Can you let the bad-relays list know?
https://vbdvexcmqi.oedi.net/blog/how-report-bad-relays
Thanks!
It seems there is a movement
It seems there is a movement to make things more mainstream for Tor. I don't necessarily believe that is a good or bad thing yet. What compromises would the project make to be accepted that way?
Have you heard anything why
Have you heard anything why Tweetdeck is banning Tor users? Has been for weeks. Twitter owns tweetdeck.
thanks for another great
thanks for another great release! in particular, i'm grateful that the team has kept pace with firefox patch/update schedules
Is it safe to run TOR as a
Is it safe to run TOR as a relay in windows XP?
Heh? At 2016? XP? Aren't you
Heh? At 2016? XP? Aren't you serious?
At least XP wouldn't be
At least XP wouldn't be affected by Windows10 spy updates. Why not go back to Win95 for that matter. lol
Why wouldn't it? XP is the
Why wouldn't it?
XP is the only Windows one can lock down all the leaky ports by turning off processes and do some registry changes...
i believe it should be winxp
i believe it should be winxp pro x64 and dont forget to block all unnecessary ports. but of course there are better service oses anyway.
How safe would it be using
How safe would it be using userstyles.org on TBB?
why i can't maximize window
why i can't maximize window on windows 10?
It is not recommended to do
It is not recommended to do so.
i cant open tor why?
i cant open tor
why?
If I run the Tor Browser in
If I run the Tor Browser in a VM, am I providing any services, including relays?
Or am I just getting the benefits of TOR, but contributing nothing?
Is there a way to build the
Is there a way to build the hardened version from the source code?
"NoScript Tracker is a basic
"NoScript Tracker is a basic tracker that makes use of iframes and the Refresh HTTP header to measure how long users spend on web pages. It is ideal for getting basic usage statistics on the Tor network, where JavaScript is not an option for most users."
https://bitbucket.org/ElijahKaytor/noscript-tracker/src/master