Tor Browser 3.6.6 is released
The sixth pointfix release of the 3.6 series is available from the Tor Browser Project page and also from our distribution directory.
This release features important security updates to Firefox.
Here is the complete changelog for 3.6.6:
- All Platforms
- Update Tor to tor-0.2.4.24
- Update Firefox to 24.8.1esr
- Update NoScript to 2.6.8.42
- Update HTTPS Everywhere to 4.0.1
- Bug 12998: Prevent intermediate certs from being written to disk
- Update Torbutton to 1.6.12.3
- Bug 13091: Use "Tor Browser" everywhere
- Bug 10804: Workaround fix for some cases of startup hang
- Linux
- Bug 9150: Make RPATH unavailable on Tor binary.
The list of frequently encountered known issues is also available in our bug tracker.
Comments
Please note that the comment area below has been archived.
Expert bundle is not
Expert bundle is not uploaded yet. What are the differences between the expert bundle tor binary and browser tor binary? The latter is smaller in size. Can/should I replace the current one from the browser bundle?
I'm asking this question
I'm asking this question here because I can't find anywhere else to ask, and I'm just tearing my hair out. I'm new to the deep web, I have the Tor browser bundle, and I disabled all the settings just like http://tutorneunixbasq6.onion/guide/tbb.html recommended. Whenever I try to set up an e-mail account, anywhere, the Captcha will not validate me. I know how to type; I've tried dozens of times; I've tried every e-mail service (I'd like to use MailTor). I've tried "Temporarily allow this page" in case that was the problem. I have no idea what's wrong, and without e-mail, I can't join any forum to ask for help with e-mail! Can someone please help me? Thanks.
I like to use
I like to use https://www.safe-mail.net with Tor, but there are others too. Try going there and setting Interface to Fast, then creating an account.
Did you know that Qualys SSL
Did you know that Qualys SSL Labs gives safe-mail.net an "F" for its SSL implementation? Why would anyone use such a service and expect privacy?
https://www.ssllabs.com/ssltest/analyze.html?d=safe-mail.net
Properly implementing
Properly implementing end-to-end encryption on the parts of BOTH parties emailing each other should be the first concern-- regardless of provider.
Quality of SSL/TLS implementation is a legitimate concern but nonetheless a secondary one here.
make a cookie exception to
make a cookie exception to the .onion sites only (not all).
You should be careful when
You should be careful when changing settings from the default torbrowser settings. While the NoScript issue is frequently debated and there's valid points on both sides, the changes in about:config suggested on that page are probably a bad idea given it makes browser fingerprinting easier.
I doubt it, considering that
I doubt it, considering that they cannot see your settings. Adding add-ons, now THAT is an issue because of the bass-ackwards way that Firefox and it's derivatives allow sites to poll Firefox for what plugins and add-ons you are running.
Also I recommend
Also I recommend mail.yandex.com which is a safe choice in my opinion.
Just what do you mean by
Just what do you mean by "safe"?
End-to-end encryption (such as via PGP/GPG or S/MIME) is the only way to attain any reasonable level of privacy in email. (Beware about subject lines, headers, etc., though)
hi i am trying to also get
hi i am trying to also get help im new to this and would like to know what i could/should delete/avoid on my device it is currently slow long scripts etc. i would only use this software and methods if i could get some guidance pls, donations waiting please help :(
Thanks for the fast
Thanks for the fast action.
Why not update tor to Tor-0.2.5.x?
Well, although it is almost
Well, although it is almost stable there is no 0.2.5.x release declared stable yet. Thus, we shipped the current 0.2.4.24. The alpha bundles already contain the 0.2.5.x series and the next stable Tor Browser will contain it as well. Stay tuned.
Can I delete cookies yet?
Can I delete cookies yet?
Sure. One easy way to do it
Sure. One easy way to do it is clicking on "New Identity" which gives you a fresh browser session. Deleting cookies via the browser UI is still not possible, though, due to an underlying Mozilla bug. See: https://bugs.torproject.org/10353
obviously not a complaint
obviously not a complaint for the TBB team, but this flaw has existed upstream in Firefox now for a weirdly, suspiciously long time...
along with their "we're
along with their "we're committed to your privacy" page ironically loading google analytics, mozilla's privacy-hostile actions are much more revealing than their marketing.
the sheer length of time this continues to go unpatched compared to, say, their prioritization of visual UI improvements is astonishing.
Reminds me of how sites like
Reminds me of how sites like Ars Technica have all this content favorable toward-- if not actually championing-- Snowden, Assange, Tor, Tails, and even HTTPS (yes, explicitly), yet... still serve pages on unencrypted HTTP!
Such irony and even hypocrisy.
FWIW Ars Technica replied to
FWIW Ars Technica replied to the same point raised on their site, saying that they make httpS available but only as an upgrade for paid subscribers.
The whole Ars Technica site
The whole Ars Technica site is available for paid subscribers? Or only certain pages, such as for login and account management?
Also, can a paid subscriber be anonymous?
I can only agree with above
I can only agree with above anons.
Just in case anyone doesn't know what we're talking about, here's the links:
https://bugzilla.mozilla.org/show_bug.cgi?id=864150
unsolved since 2013-04-21 (more than a year!)
https://bugzilla.mozilla.org/show_bug.cgi?id=823941
unsolved since 2012-12-21 (more than one and a half years!!)
https://bugzilla.mozilla.org/show_bug.cgi?id=777620
unsolved since 2012-07-25 (more than two years!!! what the fuck!?!?)
Trying to stay polite, I'd say that the Mozilla team seriously has the wrong priorities here... (I mean..!?!? what the..!?!?!?!?!?!? arghhhhhhhh!?!?!?!?!?!?!?!?!?!?!?!?!?!?)
remember when "mozilla is
remember when "mozilla is under attack for protecting your privacy" all over the news? and it then turned out to be a paid publicity by mozilla before they added numerous anti-privacy features into firefox like third party cookies enabled by default, just to name an example. Mozilla is by far the worst between major internet players, because they claim to be having your privacy's back all while they do the opposite, at least google doesn't hide the fact they're spying on everyone and invading our privacy, all the while people actually trust mozilla because they told them so... sickening..
Please, that's NOT a
Please, that's NOT a solution to the question asked!
New Identity is about as useful as tits on a bull for most users! We'll those that care about using a FAST Tor route that is.
I find it very annoying that you all REFUSE to add back that feature from Vadalia: NEW NYM!
It's like you want to make TBB so effing slow that people won't use it.
The question asked was ways
The question asked was ways to delete cookies, and a new identity is the easiest way to do so. The Cookie UI interface is broken in the firefox upstream. If torbrowser does make a patch it will probably be broken whenever Mozilla fixes the issue. Besides, single cookie deletion is NOT a good practice for anonymous browsing. Clearing everything makes it much harder to connect identities.
Concerning the routing feature, changing so that you went through faster relays was never the point of that feature in Vidalia, it was so that you could either seem like a different user or avoid broken relays. Torbrowser's New Identity feature works just as well and some of tor's improvements themselves have helped against broken relays.
Concerning Torbrowser being slow: you've got to accept that a slowdown is required for anonymity. With that said, tor is much faster these days than it was ten years ago. I remember trying it in its early days; it was painful. If you want tor to be faster, think about running a relay and donating some fast bandwidth.
"Single cookie deletion is
"Single cookie deletion is NOT a good practice for anonymous browsing"
Utter nonsense.
"Torbrowser's New Identity feature works just as well (as vidalia's)"
More utter nonsense. With Vidalia you can generate a new ID without closing your browser and losing all your session credentials. With the new incarnation of TBB you lose everything each time you generate a new ID. Luckily Vidalia still works with TBB.
And whose idea was it to rename TBB from "tbb-firefox.exe" to just "firefox.exe"? Yet another ignorant maneuver.
Anyway, until the cookie problem is fixed the new TBB is simply unusable.
"New Identity is about as
"New Identity is about as useful as tits on a bull for most users!
Alas that metaphor has lost considerable meaning, in this age of gender ambiguity, "transgender" quackery and the like.
Is this bug any threat to
Is this bug any threat to Linux/ Unix servers running Tor relays?
http://www.maximumpc.com/linux_bash_bug_poses_security_threat_gets_comp…
TorBrowser 3.6.6 for OS X
TorBrowser 3.6.6 for OS X will not display technical details of TLS connections. To reproduce, click on the padlock in the URL field of an HTTPS site. Choose "More information" and click on the "Security" tab. The "Technical Details" field, which would normally display the cipher suite in use, is blank.
you may want to consider
you may want to consider using the CipherFox Add-On for this purpose
In general it's a bad idea
In general it's a bad idea to add addons to torbrowser. If nothing else they can make browser fingerprinting easier.
"If nothing else they can
"If nothing else they can make browser fingerprinting easier."
That's at best...
How odd. This works on Linux
How odd. This works on Linux at least. I've filed https://bugs.torproject.org/13254, thanks. Did that work with earlier Tor Browser versions on OS X?
Yes, the technical details
Yes, the technical details of secure connections were displayed as expected in Firefox in TorBrowser 3.6.5 and earlier.
I've noticed a similar,
I've noticed a similar, though clearly far less problematic, change with the GNU/Linux version of this release of TBB (3.6.6):
After clicking on the padlock icon, clicking on "More Information" now takes one to the "General" tab. Previously, it was the "Security" tab.
Issue also affects Windows
Issue also affects Windows version
This also happens with Tor
This also happens with Tor Browser 3.6.6 under W7. The Technical Details field is either blank or doesn't display the cipher suite.
Maybe this is related to Bug 12998: Prevent intermediate certs from being written to disk. Does Firefox not find the certs, because they are not written to disk?
What are 'intermediate certs' exactly? Certs of Tor or certs of websites?
When disabling "Always use
When disabling "Always use private browsing mode", I cannot permanently store an exception for a HTTPS certificate... This worked flawlessly and would be very useful to work again, since you can store trusted certificates and avoid suspicious "Man in the middle attack" certificates - which I encountered couple of times.
When did it work? Do you
When did it work? Do you have steps to reproduce?
Sure, in 3.6.4 it worked
Sure, in 3.6.4 it worked fine.
Now:
1. set privacy to custom settings - disable "Always use private browsing mode"
2. browser requires you to restart
3. go to a site that has a custom certificate
4. if "Permanently store this exception" is checked, then "Confirm security exception" button does nothing
5. if "Permanently store this exception" is NOT checked, you can "Confirm security exception" though you have to check each time if the certificate is not spoofed
"disable "Always use private
"disable "Always use private browsing mode""
How advisable is this, though?
Any repercussions?
Any possible
Any possible workarounds?
Thanks...
Being able to "permanently"
Being able to "permanently" (not really permanently but across sessions, until one manually deletes) store exceptions for self-signed certs and the like (after one verifies a fingerprint that one has authenticated to at least some degree) would indeed be most welcome.
Congrats on keeping the time
Congrats on keeping the time between a Firefox release & a new TBB release to a minimum!
Why doesn't TBB on Linux
Why doesn't TBB on Linux play nice with sudo setenforce 1?
1st, I know what I do
1st, I know what I do ;)
This version does not save passwords anymore? The saved-password list in the preferencences is empty and the key3.db seems not to be read. It's the same with a alpha releases. Why? How to fix is?
Why is tor in the vidalia bundle not updated to this tor version?
Your password problems are
Your password problems are due to the fix for https://bugs.torproject.org/12998. That means disabling this pref and restarting should solve your problem. We might want to consider binding this pref to the private browsing mode which would allow both the intended (avoiding disk leaks) and your usecase.
Thanks. It works fine.
Thanks. It works fine.
I'm having trouble to
I'm having trouble to install this version;
You need to be much more
You need to be much more specific.
And you should probably try one of the actual support channels.
I'm a total newbie to TOR
I'm a total newbie to TOR and all things to do with computers outwith using the internet for email, social media, etc., but trying hard to get to grips with privacy etc.
When I try to activate the HTML 5 player on youtube to watch videos I have to disable noscript or else it won't work. Is this ok to do? Or, is there any way around the problem? If you can help, please reply like you are talking to a 5 year old :)
Don't disable any addon,
Don't disable any addon, especially noscript. do you mean you have to enab;le scripts before using the html5 player?
Sorry, yes. It seems I have
Sorry, yes. It seems I have to "allow on this page" before the html 5 player will work. Is this ok to do? Thanks.
whether it is "ok" to enable
whether it is "ok" to enable JavaScript (the button "Temporarily allow all this page") really depends on you and your privacy needs.
do you feel comfortable with youtube knowing about your screen size, screen resolution, system font size, TorBrowser's window size, and (if your TorBrowser is maximized to cover most of your screen) details about your desktop theme (i.e. how thick is your window borders, taskbar size, etc.), among other info?
if yes, then you can go on and enable JS.
but keep in mind that above mentioned info can be used to fingerprint (and track) you, even if you delete cookies. and remember that youtube (as being a google product) will share this info with the NSA, and (probably) with any other institutions that pay enough / make enough pressure...
after all, you'll have to make lots of little decisions between privacy and usability.
not using youtube at all means less usability, but certainly more privacy.
keep in mind that youtube is by far not the only video-sharing service, and there are several other options to use that don't require JS.
...vote with your feet!
Thank you for that reply.
Thank you for that reply. Very informative. I'm devoting some time to try and educate myself and information like you have provided is very helpful.
This may be another privacy/usability dichotomy but, is there any way to distinguish which sites you can "trust"? For the average person I'd imagine I'm not alone in not knowing the above info RE. youtube.
By default, NoScript is set
By default, NoScript is set to allow scripts globally in Tor Browser. This isn't the same as actually disabling NoScript entirely but many people don't seem to realize this.
You definitely should not need to disable NoScript entirely for HTML5 videos on YouTube (or any other site, for that matter) to play.
""By default, NoScript is
""By default, NoScript is set to allow scripts globally in Tor Browser.""
...which is not recommended!
Personally, I recommend to create two separate installations of TorBrowser (i.e. extract/install twice to two different locations), and then to use one browser with JavaScript enabled, and one browser with JavaScript disabled.
You'll have to set environment variables "TOR_SOCKS_PORT" and "TOR_CONTROL_PORT" along with corresponding configuration items in "torrc", and it might take a little bit of trying until you find your way around.
However once it is done, this setup allows simultaneous use of two TorBrowsers (with different settings), and personally I use the one without JS whenever possible, yet allowing me to quickly "enable" JS (by switching to the other browser) whenever some site refuses to work without.
The reasoning behind this setup is that I want to avoid being fingerprinted through the combination of sites that I've allowed JavaScript, which might be possible if one makes extensive use of the "Temporarily allow all this page" button.
What do you mean by two
What do you mean by two different locations exactly?
I am having this problem
I am having this problem since 3.6.4 and it still persists with 3.6.6. I already posted a comment on the release notes page for 3.6.4 - if I try to download the browser bundle any browser will crash. I have EMET enabled on that system for all browsers on it (ff, ie, chrome). I tried with another system not EMET enabled, that worked. Now for the new release all browsers again kept crashing, then I disabled EMET specifically for one of the browsers and downloaded with this one - OK fine. So it is one of the EMET protection functions (don't know which of them yet) which for some strange reason stumbles upon something in the binary. Some combination of bytes that EMET interprets as malicious and hence stops the process. It ain't really a bug of TOR I think, just a strange and possibly rare interaction. But I felt it might be useful for you to know.
Best regards
Maybe you can report it to
Maybe you can report it to the EMET people as a false positive that they should investigate?
now that i have this updated
now that i have this updated TBB it wont work. it worked before the update and now when i try to open tor it says "couldn't load XPCOM." anyone you help?
Your "Webroot SecureAnywhere
Your "Webroot SecureAnywhere Antivirus" software is at fault:
https://sedvblmbog.tudasnich.de/docs/faq#XPCOMError
AVG detects tor browser
AVG detects tor browser 3.6.6 as a virus after the las update form AVG today.
I downloaded it from https://sedvblmbog.tudasnich.de/download/download-easy.html.en
What should I do?
It's a false positive given
It's a false positive given the youth of the executable. Try again in a few days.
"It's a false positive given
"It's a false positive given the youth of the executable."
Youth is such a wonderful thing. It's a crime to waste it on false antivirus positives.
Perhaps you have a setting
Perhaps you have a setting on your antivirus software that causes it to flag any software that it hasn't seen many other users run? That's usually what's wrong with new releases.
Oh, and you should also be wondering about the wisdom and safety of all of the users letting the antivirus company paw through their systems in order to be able to draw conclusions like "many of our users haven't run that binary before". But I guess that's a different discussion.
Ditto all of arma's
Ditto all of arma's comment.
Let me add that the process of placing trust in any given download from the Tor Project is essentially a two-part one that should be completely independent of any third-party antivirus program or the like.
First, you need to decide whether or not to trust Tor Browser (or any other offering from the Tor Project)-- assuming, of course, that you will be getting the authentic download. Then, if you decide to trust a given piece of software from the Tor Project, you need to authenticate your download of said software in order to have some reasonable degree of certainty that you are actually getting the intended, legitimate file(s) and not a trojan.
Me too. AVG rated the threat
Me too. AVG rated the threat as high, and quarantined the TBB firefox.exe.
Not a great confidence builder.
How did this "AVG" company
How did this "AVG" company tricky you into being confident in the decisions its program makes?
I totally agree with the "not a great confidence builder" conclusion, but I agree on the "why am I listening to this program" side. which maybe isn't the same as you. :)
I can only re-iterate that
I can only re-iterate that users should at least *try* to use a GNU/Linux distro (e.g. Ubuntu).
These projects try really hard to make GNU/Linux easy for everyone, and objections about it being too difficult come mostly from people who haven't even tried it.
Why I'm saying this: GNU/Linux distros come with out-of-the-box security and don't need dedicated antivirus software (just as any sane operating system should be).
Well, frequently they
Well, frequently they provide antivirus/anti-malware packages which is somewhat different but raises the point that GNU/Linux distros require some (albeit limited) technical knowledge to set up securely.
With that said, Windows has gotten better over the years. I feel safe on my one Windows box without any third party antivirus program. Many complaints about the insecurity of vanilla Windows either have to do with older versions (going back to XP if not earlier,) and poor user behavior (running executables downloaded from the web, etc.) That's not to say I'm suggesting Windows as a secure environment, but against the sorts of threats that antivirus programs are designed to defend against aren't really weak points for a user that goes out of his/her way to use safe habits.
Of course, computer users don't always have a choice on whether or not to install an antivirus program; work or school networks frequently require them.
I have to use too many
I have to use too many programs that only run on Windows, and I can't run out and buy a second computer. So Windows it is, for better or worse.
Just FYI: One need not have
Just FYI: One need not have more than one computer in order to use more than one operating system (OS). Dual-booting, virtual machines (VMs), live environments (CD or USB) and installations to USB drives, are all options that allow one to run multiple OSs on the same hardware.
You could use a Virtual
You could use a Virtual Machine to test if the programs you need will run in GNU/Linux with wine
Another....... funny
Another....... funny thing:
On sites with HTTPS i don't see Technical Details about used
Crypto.
??
Same here
Same here
Have you tried manually
Have you tried manually clicking-on the "Security" tab?
In previous releases, this would display automatically after clicking-on "More information". This changed for some reason with this release.
This is
This is https://bugs.torproject.org/13254.
Why is
Why is device.sensors.enabled set to true?
When i update from prev
When i update from prev version, my saved site passwords are gone. The key3.db File is there and the same like in the prev version.
Yeah, but it was probably
Yeah, but it was probably overwritten by the installer. Make a copy next time?
same problem , and i can't
same problem , and i can't use master password anymore !!
As said above this is
As said above this is probably due to the fix for https://bugs.torproject.org/12998. Disabling this preference and restarting should solve your issue.
I update the TBB to 3.6.6.
I update the TBB to 3.6.6. It wasn't authentic when I checked the signatures. I got rid of that bundle and went to the official Tor Project page to get the 3.6.6 and now that one wont verify either. What is going on? Any one else have these and if so, what do I have to do now to properly handle this ?
Are you sure you are
Are you sure you are actually downloading from torproject.org ?
First, check the URL carefully.
If the problem persists, try downloading from a different system (you could try a live environment first, booted by CD/DVD or USB). If this gets you a download that outputs "Good Signature" then your system was most likely compromised (somewhere at the software level).
If, however, the file you download while booted into a live environment doesn't verify either, then you need to suspect a problem with your Internet connection and/or compromised hardware as the culprit. Troubleshoot accordingly, by trying a different Internet connection and different hardware, respectively.
Also, you wrote, " I got rid
Also, you wrote,
" I got rid of that bundle and went to the official Tor Project page to get the 3.6.6",
which makes me wonder: Where had you downloaded that first "bundle" from?
If it was from anywhere else than torproject.org (or, perhaps, an official, trusted mirror, if any exist)... then you probably should no longer trust the entire system that accessed whatever suspicious site it was that you downloaded something that purported to be the Tor Browser from.
You need to "flatten and rebuild", as the saying is.
After making sure your critical data is backed-up, you should completely wipe* the disk containing the OS installation that was used to access the dodgy site (and Lord knows how many other such sites...) and then start from scratch, with a fresh, clean install of your (authenticated) OS of choice.
*One-pass of zeroes should be quite sufficient to delete any data (and nasties) beyond recovery. Though, if you intend to encrypt the drive (which, of course, you probably should), you might want to do one pass of psuedo-random data ( such as /dev/urandom) instead (will take much longer but will supposedly make cracking the encryption considerably more difficult).
Also, are you certain that
Also, are you certain that the signature and TBB file you have match? If you haven't already, examine closely to make sure they do. (Same platform, language and architecture, i.e., 32- or 64-bit.)
I had this problem too on
I had this problem too on windows 7 32bit with the downloaded bundle from the main page https://sedvblmbog.tudasnich.de/download/download-easy.html.en but when I downloaded the bundle + sig from the distribution directory https://sedvblmbog.tudasnich.de/dist/torbrowser/3.6.6/ it verified.
to arma: Could the bundle from the main page be compromised?
I just fetched the signature
I just fetched the signature and the windows 3.6.6 from the download-easy page, and the signature matched just fine.
I assume it's user error on your part in some way, but I can't guess what way. :(
is there another Tor blog
is there another Tor blog that is more active?
I submitted a question hours ago and it's not even posted yet? A lot can happen in 6 hours...
There is no other blog. In
There is no other blog. In fact, there is barely this one, if you consider comments. Sometimes I pay attention to it and approve the small number of actual comments amongst the large number of spam comments. Sometimes I write code instead.
You might enjoy the thread on the www-team list about migrating to a new blog that is easier to maintain.
Thanks arma, both efforts
Thanks arma, both efforts are appreciated!
"the small number of actual
"the small number of actual comments amongst the large number of spam comments."
I don't question that the number of actual comments are small in proportion to the spam. But in their own right, the number of comments that appear here hardly seems "small".
First copy text, then new
First copy text, then new Identify. Now you can't paste the text. Is this a feature or a bug? And if it's a feature, why? Thanks.
It clears the clipboard.
It clears the clipboard.
With new identity tor
With new identity tor browser restarts. On closing tor browser it deletes copied data. It is not a bug, it is a security feature. You can use vidalia to get a new identity without restarting the complete browser.
"You can use vidalia to get
"You can use vidalia to get a new identity without restarting the complete browser."
Note that according to the official Tails documentation, the only way of being sure of obtaining a completely new identity is to shutdown and restart Tails.
Could this also be said for Tor Browser?
Restarting TorBrowser is the
Restarting TorBrowser is the proper way to get a new identity.
However, restarting Tails would be analogous to re-installing TorBrowser; the latter should not be necessary.
Is clicking on "New
Is clicking on "New Identity" in TorButton considered "restarting TorBrowser" in this context?
Or did you mean to manually close all open windows of TorBrowser and then start it up again?
Tor Browser 3.6.6 updated
Tor Browser 3.6.6 updated NoScript to 2.6.8.42 by itself.
Indeed, "Update addons
Indeed, "Update addons automatically" is checked.
Is this supposed to be?
I assume it is a bug. My
I assume it is a bug.
My reasoning: The TorBrowser as a hole doesn't update automagically, but merely informs the user about updates. This leads the user to believe it'd be a project-wide policy not to auto-update (which is the right thing to do by the way; please refer to the "uplink" feature in "I, Robot" (Will Smith) for the details).
I honestly can't imagine that TBB developers want to have such inconsistent behaviour (no auto-update for browser versus auto-update for add-ons) in their project.
So, feel free to be the first one to file the bug report!
Such is how it would seem to
Such is how it would seem to me as well.
Now the question is: How much concern is warranted over this behavior of TorBrowser, i.e., automatically updating addons?
Is some immediate action on the part of the Tor Project warranted?
TorBrowser doesn't update
TorBrowser doesn't update automatically because automatic updating like Firefox isn't a trivial feature to write for the number of programmers Tor has. There was a time TBB didn't even check if there was a new version like it does now even though that is significantly less work.
While updating automatically does allow for certain attacks (and assumes that the Tor developers will remain trustworthy,) for the vast majority of users it significantly reduces the amount of time after an update is published that it gets deployed on their machine.
Yes, and the Tor Browser
Yes, and the Tor Browser updater is coming in the 4.x series.
Can someone from the TBB
Can someone from the TBB developers confirm that autoupdate add-ons is wrong please?
my version of no script is now 2.6.8.43. i deactivated autoupdate, i guess reinstall TBB is the right thing?! thanks
I like to let my fixed IP in
I like to let my fixed IP in tor version 3.66.
need 1 ip is clear that it is not mine but that is FIXED in BRAZIL .
I can not in this version .
need 1 ip is clear that it is not mine but that is FIXED in BRAZIL .
I can not in this version .
the game I play I can not ta turning the changing world of IP that almost denounces me ..
there help me please ..
Sounds like you want to get
Sounds like you want to get one of those VPN providers or something that offer that service. Their anonymity promises are snakeoil, but I imagine if they promise to route you through Brazil they probably do.
>"Their anonymity promises
>"Their anonymity promises are snakeoil"
Why?
Because they keep logs. I'm
Because they keep logs. I'm not sure of Brazilian Law, but usually all it takes is one court order for them to have to hand them over.
Sync freezes on 366. if I
Sync freezes on 366. if I use the "replace local" option in the advances options box I can't close the dialog box. If I check the "merge" radio button, the dialog box closes but no action is performed when I try to go on. It worked fine as of 365. Thanks.
Seems to be a bug. For now
Seems to be a bug. For now the solution is to enter about:config, find the preference security.nocertdb and change it to false. Then you have to close and restart the Tor Browser and you should be able to sync.
thank you! Is this change
thank you! Is this change safe or is it better I wait for next tor release?
Can you disguise the
Can you disguise the "TorBrowser" title? As anyone can become suspicious when they see that instead of a standard "Firefox" title. Making us vulnerable to prying eyes!
No thanks. Cover the title
No thanks. Cover the title with physical tape if you must.
I want no mistake about which browser I am using.
Unfortunately, Firefox's
Unfortunately, Firefox's legal team would have a problem with that. If you modify the firefox source (which Torbrowser does,) you can't legally use Firefox trademarks (like the name, logo, etc.)
Media tab no longer shows up
Media tab no longer shows up under Page Info
Hello, I would also like to
Hello, I would also like to ask this question.
@devs: There is not anymore an easy way to check the content (images, scripts etc.) of a page. Maybe with the debug tools. But there is no overview as far as I know.
Is this due to security reasons? And is it possible to enable the tab in About:config or so?
That happens to me too
That happens to me too
Unable to change Master
Unable to change Master Password.
Same here "Change Master
Same here "Change Master password" button is greyed out and when I try to add a password I get "unable to change password" popup...
Which version of OpenSSL
Which version of OpenSSL this TOR release uses?
1.0.1.9
1.0.1.9
Yeah :D
Yeah :D
Just wondering, are there
Just wondering, are there any plans to release binary diffs in the future?
Considering all the work that goes into deterministic builds, all that minimization of so much extraneous data sounds (to a layman) like it could be tight.
Hi All, I can not login to
Hi All,
I can not login to badoo.com
Even with the link in the registration email not working.
Any ideas?
Thank you
I've noticed an issue on
I've noticed an issue on Comcast and I was wondering if anyone else has. When going to totally legal and legit sites using Comcast lately (last 3 days about), unless I use obsf3, the sites keep on timing out and Firefox keeps on refusing to go to the websites.
I thought that this was an issue with the TOR Browser until enabling that and then it was like "What the hell is Comcast doing?"
Have an unusual error
Have an unusual error here.Quite by accident,may not.
Using Tor years with Debian on some computers.All fine,no problems.Almost with javascript off.
With releasing Tor Browser 3.6.6 i installed it on a nearly new computer with windows.
Windows was working fine -before this.
Surfing some time with javascript on then shutting down windows.
Next try to start computer was a surprise.
HDD is "ill".Boot is running moments before uefi-bios starts HDD.Then comp hangs+no other device can boot+no entry in bios.HDD seems very healthy(S.M.A.R.T,manufacturer test software). Windows repair disc cannot repair and cannot find installed Windows.
When pull sata plug from HDD i can enter bios and boot normally,windows from HDD too.With sata plug in machine it's hanging.
I've never had any strange error especially like this.
Would really appreciate some
Would really appreciate some instructions for setting up and running Vidalia with TBB 3.6.6. It worked perfectly with the previous version of TBB, but now it asks for a password, and if I hit the reset button in vidalia, then vidalia works, but TBB doesn't.
I suspect there is a difference in port settings between Vidalia and TBB 3.6.6. Where are the ports used by TBB documented?
Also, my AVG antivirus keeps alerting on this version of TBB, but has never done so on previous versions. Makes me nervous.
I don't think that there are
I don't think that there are any changes between 3.6.6 and 3.6.5 that should effect Vidalia; of course Tor Browser no longer supports Vidalia and using Vidalia with Tor Browser might end up with undesired behavior.
Also, what's the exact complaint by your antivirus? Modern antivirus software uses several different techniques to identify potential threats, some of which produce false positives. It doesn't help that there are some individuals that use tor for nefarious purposes possibly getting it added to some malware lists.
3.6.6 is terribly slow at
3.6.6 is terribly slow at loading web pages. Please make available the 3.6.5 version for download
So, you want to subject
So, you want to subject yourself to numerous known vulns?
No, I want to be able to
No, I want to be able to actually use the browser
3.6.5 shouldn't be any
3.6.5 shouldn't be any faster than 3.6.6 unless it's related to firefox itself; are you sure it isn't either server side or some other change with your computer? I haven't noticed any differences.
If you downgrade, you're potentially opening yourself up to more bugs that could be used to identify you.
This version breaks the find
This version breaks the find (ctrl + F) feature in TorBrowser for me, Windows 7. Can anyone confirm?
Me here. Never mind. It's
Me here. Never mind. It's working today in TorBrowser. Weird.
Is there an updated version
Is there an updated version of "http://tutorneunixbasq6.onion/guide/tbb.html " somewhere? The page seems to be down
The 3.6.6 (GNU/Linux 64-bit)
The 3.6.6 (GNU/Linux 64-bit) version takes a very long time to connect to the network and then equally long times to load websites, which makes this version completely unusable. Can you please allow the download of version 3.6.5?
Is there a reason why the
Is there a reason why the use of master password is disabled or is this a bug?
I am giving Tor 24
I am giving Tor 24 hours....! To fix all bugs...! other wise i will access ...it is a take over...!
Otherwise you'll what --
Otherwise you'll what -- help us?