New Tor Browser Bundles (updated for Linux again)

by erinn | March 18, 2012

The Tor Browser Bundles have all been updated to the latest Firefox 11.0 as well as a number of bugfixes. Because of a very slow uplink, not all of the Mac OS X 64-bit bundles are available yet, but all of the 32-bit bundles are up, and the Farsi (sig) and English (sig) versions of the 64-bit bundles are also available.

https://sedvblmbog.tudasnich.de/download

Tor Browser Bundle (2.2.35-9), Linux only

  • Fix launch script to prevent Vidalia from running in debug mode all the time (closes: #5417)

Tor Browser Bundle (2.2.35-8)

  • Update Firefox to 11.0
  • Update OpenSSL to 1.0.0h
  • Update NoScript to 2.3.4
  • Update HTTPS Everywhere to 2.0.1
  • Always build to with warnings enabled (closes: #4470)
  • Disable HTTPS Everywhere SSL Observatory screen (closes: #5300)

Windows

  • Remove tor-resolve from the Windows bundle (closes: #5403)

Mac OS X

  • Give OS X users below 10.5 an incompatibility message (closes: #4356)
  • Linux

    • Don't attempt to load the default KDE 4 theme from Vidalia, because that fails when the Qt versions don't match (closes: #5214)

    Comments

    Please note that the comment area below has been archived.

    March 17, 2012

    Permalink

    I downloaded this bundle for GNU/Linux, and the check page still says I'm using an outdated version. I know I didn't start the wrong bundle, Help > About says Firefox 11.

    version 2.2.35-8 -----********** possible TROJAN ALERT ************__________-- MALWAREBYTES FLAGGED THIS DISTRO'S TOR.EXE AS A TROJAN VIRUS -- WHEN TOR.EXE (THIS SPECIFIC DISTRO FILE) IS RUN THROUGH AT VIRUSTOTAL DOT COMS SITE IT SHOWED NEGATIVE FOR ALL 43 SCANNERS EXCEPT FOR BYTEHERO WHICH IDENTIFIES THIS AS Trojan-Downloader.win32.Agent.bmzd

    SO 1 POSITIVE OF 43 AND POSITIVE AS TROJAN BY MALWAREBYTES

    THIS MAY BE SOMETHING THAT IS NEWLY IDENTIFIED OR

    THESE MAY BE FALSE POSITIVES....BUT THERE MAY BE A COMPROMISED DISTRO BEING SENT OUT -- FILES WERE TAKEN DIRECTLY FROM TORPROJECTS WEBSITE (I.E. HERE) -- 2ND DOWNLOAD DONE DAYS APART RESULTED IN THE SAME VIRUS SCAN RESULTS

    March 18, 2012

    Permalink

    Two small issues:

    1. The 64 bit linux version generates a multimegabyte "vidalia-debug-log" file
    2. check.torproject.org reports "There is a security update available for the Tor Browser Bundle." with this bundle

    March 31, 2012

    In reply to phobos

    Permalink

    How does one 'open a bug'? I recently updated the TOR bundle to the current package and now TOR no longer works (spinning beach ball). I'm running MAC OS 10.6.8.

    Thanks!

    March 18, 2012

    Permalink

    What QTlibs are required for the Linux version?

    I've run the Linux Tor Browser Bundle on gtk2 only boxes without Qt[libs] and while there are a few errors in the terminal, Vidalia displays fine and functions well, and Tor too.

    What's the deal with Qt? Is it really required?

    March 18, 2012

    Permalink

    Yay for linking bug numbers to ticket URLs, it's much easier now to see details of what's fixed.

    March 18, 2012

    Permalink

    In version 2.2.35-7.1, when we were disconnected from the Tor network, the green onion icon disappeared from the task bar and we didn't notice it immediately while surfing and it was hours after that did we only noticed it. Can the Tor team introduce some kind of alert when we are abruptly disconnected from the Tor network, for whatever reasons, so that our anonymity would not be compromised?

    Thanks.........

    March 18, 2012

    Permalink

    Previous version of TBB/Linux (Seb's release) as of today would hit the Tor Check page and not notify of an update...

    Then...

    Updated TBB/Linux to 2.2.35-8 and the Tor Check page says there is a security update and directs me to the download page for TBB/WINDOWS with no other platforms listed.

    Windows?

    WTF is this?!

    Has someone mucked up something internally with this release?

    The torbutton changes the browser's user-agent header to that of Firefox on Windows, so the download page thinks that you are on Windows. Instead of downloading the update through Tor, perhaps use your direct connection? The download will almost certainly be faster. (Unless you could get in trouble for downloading and running Tor)

    The download page has a "view all downloads" link.

    March 18, 2012

    Permalink

    This TBB/Linux version works, but at the end of the extraction of the files, it said this following the last file extracted (geoip):

    tar: short read

    verified the file w/ gpg prior to extraction, what is this message I've never seen before with TBB version extraction?

    March 18, 2012

    Permalink

    So did you change the firefox logo again? Orange is a bad color, wish you replace with the previous one :(

    Is that any worse than the automatic bookmark backups and "browser.sessionstore.resume_from_crash" _enabled_ by default?

    (The latter saves the URLs for whatever windows and tabs you open, in order to be resume them in the event of a crash.)

    March 18, 2012

    Permalink

    why every time i try to "save as" a file pop up the "load external content" alert? Is downloading files by tor bundle not safe?
    P.S. i use linux 32bit tor bundle with archlinux + kde

    Thanks for help and for your work.

    Downloading the files is safe, opening them may not be. For example, opening certain files (manually or automatically by preview generators) may trigger a request to the internet without going through Tor. Examples include media files embedding external content from internet, and of course executables.

    "why every time i try to "save as" a file pop up the "load external content" alert?"

    I wish the developers would include a preconfigured for Tor download manager, or some option in Vidalia to download with wget properly configured. It would make it much easier than right click saving and seeing this popup window instead of a download box. The popup says to download vs. loading content in browser but this popup comes up when you're often trying to do just that -- download content and not view it within FF! Please include a properly configured Tor enabled download manager addon or script! Thank you.

    March 18, 2012

    Permalink

    Mac browser bundle won't open on OS 10.5.8 either. Click on "TorBrowser_en-US", the icon appears in the Dock, bounces once, and shuts down. I was running the TorBrowser just fine before. I saw a message saying there was a security update so I downloaded it and replaced my old TorBrowser. Now I have nothing. Why won't someone help us Mac people? (And don't say "get a PC" That's unhelpful and insulting.)

    Its still doing this, we all still require help, plz somebody

    March 28, 2012

    In reply to by Anonymous (not verified)

    Permalink

    How can anyone know there is nothing unsafe in this file?

    WARNING TO ALL: Never download any Tor product from any unknown source.

    March 18, 2012

    Permalink

    My country block all the tor servers and bridges,so i must use https proxy to link to the tor net.
    But https proxy bandwidth is small,it made tor very slowly.I think the tor better to use more than one proxy.

    In the config file,if i set tor like this:
    HTTPSProxy 1.1.1.1:8080
    HTTPSProxy 1.1.1.2:8080
    HTTPSProxy 1.1.1.3:8080
    HTTPSProxy 1.1.1.4:8080
    HTTPSProxy 1.1.1.5:8080

    Tor only link to the https proxy 1.1.1.5, and never use other proxy server,although other proxy server is ready.

    So i think if tor use more than one proxy server at the same time,tor can be faster.

    Thanks.

    March 18, 2012

    Permalink

    Regarding the previous version 2.2.35-7.1 and the icon disappearing from the taskbar it seems that vidalia crashing was the cause. I have seen it happen before but looking at the connections in my firewall they were still going through tor.exe but this is still a little disconcerting, When this happened I would close tor.exe in the task manager than reconnect. Which leads me to another issue which is possibly a bigger problem or maybe not I don't know it happened with the previous version (2.2.35-7.1) last month (but never before all the time i used tor) I got a popup from my firewall saying tbb-firefox.exe is trying to receive a connection from the internet I cant remember on what port but I blocked it than closed tor. What is scary is users of Windows XP built in firewall does not even see what it is blocking, so they wont know if this does happen. I dont know if my ip was revealed or if someone was just trying to connect to a certain port that tbb-firefox happened to use. Thanks for any answers in advance

    March 18, 2012

    Permalink

    Hi Tor project!

    Please update Obfsproxy Tor Browser Bundle to Firefox 11!

    Thanks.

    March 19, 2012

    Permalink

    I am unable to download the latest TBB for OSX Intel using the link above. Every time I click on the download link on the download page I get the message "Not found on this server". I have tried several times with the same result. Any assistance would be appreciated. Thanks.

    March 19, 2012

    Permalink

    Hi, Erin.
    Blogpost states "all 32bit versions are uploaded", however for more than 24 hours, clicking the link to download 32bit version for OSX doesn't work:

    ---

    Not Found

    The requested URL /dist/torbrowser/osx/TorBrowser-2.2.35-8-dev-osx-i386-en-US.zip was not found on this server.
    Apache Server at sedvblmbog.tudasnich.de Port 443

    ---

    So, what's the deal?

    March 19, 2012

    Permalink

    "There is an EVIL bug"

    Thank you for the warning. I expected something like this to happen, given the last slip up with a mistake in FF versions. This, "error", if you wish to call it such, shouldn't have happened. Again, this is a lack of testing.

    I hope no one in Iran, China, or other freedom starved regions were screwed because of this.

    I hope a fix is released and quickly.

    These mistakes should be posted in the Tor announcements mailing list (no announcements at all since Dec/11 is pathetic) and on the blog.

    It would help Tor users even more if you were to actually create web forums for discussions (but I doubt you will, we've only been asking for this for years!) where you could sticky-pin these types of mistakes and communicate better with the broad range of users.

    A large number of people will never use a bug tracker, and/or never use mailing lists. They are simpler minded people or too busy, this is where web based discussion forums come in. Users should not have to scramble to unofficial .onion forums which are up one day and down the next and which may (and have in the past!) contain malicious posts/threads to target the user's browser and/or Tor itself.

    With errors like this, perhaps you should let Mickey Mouse sign the future Linux release bundles with his fictional GPG key. He couldn't do any worse.

    I've also noticed FF crashing more often since the last few releases.

    I guess it's time for us Linux bundle users to run W.I.N.E. and the Windows version of the bundle on Linux so we know we are not getting borked with some new fantastic bug or lack of oversight like this again.

    But will this post be approved for others to see, or swept under the rug like one previous post about a similar issue.

    Now I'm looking forward to the next release, not for use, but just to see what type of bug(s) it may contain. THANKS!

    March 19, 2012

    Permalink

    Anyone wants to download 32bit OS X version? Download links in this blogpost and also on Tor Download Page are 404'ed. You can get your working copy here: https://sedvblmbog.tudasnich.de/dist/torbrowser/osx/TorBrowser-2.2.35-8-osx-…

    ---

    Boy, there is still that old problem with Vidalia not running under OS X 10.5.8, which persists since TBB 2.2.35-6 was released.
    If is Vidalia wrongly compiled, why not to compile it again, the same way as it used to be until TBB 2.2.35-5?

    Guys who are making node.js actually got to the same trouble (error message) before, and they eventually fixed it: https://github.com/joyent/node/issues/910

    1. <br />
    2. Compiling without libssl on leopard still gave me the same error. ("dyld ... 0x80000022, Trace/BPT trap" )</p>
    3. <p>Apparently it will compile, but not produce a working executable without setting some environment variables (found on <a href="http://canonical.org/~kragen/compiling-node-on-macos.html" rel="nofollow">http://canonical.org/~kragen/compiling-node-on-macos.html</a>) :</p>
    4. <p>ISYSROOT="-isysroot /Developer/SDKs/MacOSX10.5.sdk"<br />
    5. export LINKFLAGS=$ISYSROOT CXXFLAGS=$ISYSROOT CFLAGS=$ISYSROOT</p>
    6. <p>./configure --without-ssl<br />
    7. make<br />
    8. ...<br />
    9. compiling succeeded and i was able to successfully run node on mac osx 10.5.8<br />

    Thanks for checking it out, Erinn

    March 20, 2012

    Permalink

    OS X 64-bit version is failing verification. I have re-downloaded a couple times.

    March 20, 2012

    Permalink

    I downloaded tor-browser-2.2.35-8_en-US on Win7 32bit and Symantec Endpoint Protection deletes it. I did not have this problem with previous releases.
    Is there any security problem or this is just a false detection?

    March 20, 2012

    Permalink

    I have used TBB for OSX for a wile now. All of the sudden it dosnt work anymore. I tried to download it again and when I do Vidallia just opens then closes. Did I change a setting can someone help me?

    March 21, 2012

    Permalink

    Why there is no announcement on the blog, that a new version of tbb (tor-browser-gnu-linux-i686-2.2.35-9-dev-en-US) was released?

    March 21, 2012

    Permalink

    Broken Mac OS X link? Just go to https://sedvblmbog.tudasnich.de/dist/torbrowser/osx/ and choose the download there (basically looks the same, except without the "dev" part in the link).
    Or don't, because it still doesn't run on 10.5 anyway.

    Can we at least have an old version for download, the last that still worked on 10.5? I believe it's 2.2.35-5?

    March 22, 2012

    Permalink

    I tried to find information about this elsewhere but wasn't able to:
    I noticed that in the default preferences for Firefox in the TBB that the Do Not Track header is not checked. Should it be checked (or is it okay for me to check this option), or does that somehow hinder the anonymity or security of Tor?

    That option makes no difference since Tor already prevents tracking more efficiently. Checking it would reduce your anonymity set, since a header not usually sent by Tor users now would be sent from your browser.

    March 22, 2012

    Permalink

    OS X 64-bit fails verification. I re-downloaded it four times. Should I ignore it?

    March 22, 2012

    Permalink

    Ok so I found out the latest version of to dose not work on OSX 10.5.8. I manged to find an older version of tor, but it is an Arabic version of 0.2.2.35-5. Can anybody help me find an English version TBB OSX 0.2.2.35-5? Thanks!!!

    March 22, 2012

    Permalink

    OS X 32 bit version still does not run under OS 10.5.8. Clicking on the Tor icon does nothing.

    March 23, 2012

    Permalink

    Bad signature using Mac OS X 64-bit *asc and *zip files. I re-downloaded half a dozen times. Please solve this.

    March 23, 2012

    Permalink

    This new bundle doesn't work on 10.5.8 OS X. I don't even get any sort of bouncing icon! This needs to be fixed...

    In the time being I am happy to have had an older working copy of the Tor Bundle, and as the post above states it seems to be a Vidalia problem. I have posted the old Vidalia part of the package and it seems to work okay with the new bundle. Keeping everything else the same you can replace the Vidalia only in the new package until this is fixed.

    http://www.qfpost.com/file/d?g=u3DGc2AMB (Don't know how long the link will last!)

    This is completely clean and go ahead and run virus scan and check the source all you like, guaranteed clean!

    On your new tor bundle app, right click and open package contents. Then Contents/MacOS. Replace that Vidialia. Can't guarantee this will fix anything, just fix this bundle!!

    March 28, 2012

    Permalink

    I cannot import the signing keys.

    Keep getting this:

    1. gpg --keyserver x-hkp://pool.sks-keyservers.net --recv-keys 0x140C961B<br />
    2. gpg: requesting key 140C961B from hkp server pool.sks-keyservers.net<br />
    3. gpg: keyserver timed out<br />
    4. gpg: keyserver receive failed: keyserver error

    Same when I try Erinn's key.

    Update to above post:

    After trying many times without success, it finally occurred to me that the problem may be one of my firewalls (either my router's or my local software firewall). Sure enough, after disabling my router firewall, I was able to connect to the key server.

    March 29, 2012

    Permalink

    How to verify tor-obfsproxy-browser-bundle-2.3.12-3-linux-32bit?

    March 31, 2012

    Permalink

    Tor is about security. Proprietary software isn't. Please stop supporting Windows and Mac. What an absurd waste of time/energy/money! Time/energy/money that you need badly to properly develop Tor.

    April 02, 2012

    Permalink

    I noticed that every time I upgraded Vidalia it became alittle more buggier. I first began using Vidalia a couple of years back and now Vidalia no longer works with current release on Mc OS 10.6.8. Wishing I had an older copy from a safe source.

    April 11, 2012

    Permalink

    The Bundle won't open on my Mac OS 10.5.8
    Terminal says

    "Launching Tor Browser Bundle for OS X in /Applications/TorBrowser_en-US.app/
    LSOpenFromURLSpec() failed with error -10810 for the file /Applications/TorBrowser_en-US.app//Contents/MacOS/Vidalia.app.
    logout"

    April 12, 2012

    Permalink

    1.) Add-ons manager in Firefox says
    "NoScript will be updated after you restart Firefox"

    How can this be when under preferences "Never check for updates" is checked?!

    Could it be because I inadvertently started TBB before closing my local instance of Firefox? (in Ubuntu 10.04.4)

    2.) I cannot run TBB from ANY *live* environment, only an installed system. I've tried several different live USBs and more or less the same thing happens everytime, with all: The "Starting TBB" graphic gets stuck at just around "loading network status" or the like and never goes farther.

    What gives?

    3.) "New Identity" should NOT be the FIRST selection under the big green Vidalia icon in the navigation toolbar-- it's too easy to accidentally hit it and lose everything you were working on.

    Thank you as always for all the work you put into the Tor project.

    4.) I hope you will establish a forum soon...

    I appreciate your offering support by email and telephone. I am rather surprised and perplexed, however, that you would offer such direct, one-to-one support while apparently not offering a public support forum. I cannot imagine how this can be cost-effective for you. Surely, you must receive many repeat questions. If people were directed to a forum and at least strongly encouraged-- if not actually _required_-- to search for answers to their questions before making a new post, it would no doubt save you much unnecessary time and effort. Additionally, in a forum, contributing members of the public would invariably at least sometimes answer questions accurately, and then you could simply post to corroborate and verify their answers.

    Surely, you must have considered these points by now.

    April 21, 2012

    Permalink

    I download the last version of tor browser (2.2.35-8),, but I face problem when adding bridges??

    H recive the following massege

    "Vidalia was not able to applay your network settings to Tor
    Unacceptable option value:Bridge line did not parse,see logs for detail"

    What is the solution ???

    Thank you

    April 22, 2012

    Permalink

    Hello, in Windows7 is it normal that when the Tor Browser bundle starts, automatically starts also the process "CONHOST.EXE" ?

    As far as I know, conhost.exe is related to the command prompt so I don't understand what Tor has to do with this process.

    Thanks

    May 03, 2012

    Permalink

    I download the last version of tor browser (2.2.35-8),, but I face problem when adding bridges??

    H recive the following massege

    "Vidalia was not able to applay your network settings to Tor
    Unacceptable option value:Bridge line did not parse,see logs for detail"

    What is the solution ???

    Thank you