Tor Browser 4.0.5 is released
A new release for the stable Tor Browser is available from the Tor Browser Project page and also from our distribution directory.
Tor Browser 4.0.5 is based on Firefox ESR 31.5.3, which features important security updates to Firefox. Additionally, it contains updates to Tor and NoScript.
Note to Tor Browser alpha users: There won't be a corresponding alpha release based on Firefox ESR 31.5.3 this time as we are currently in the midst of preparing releases based on ESR 31.6.0. Alpha users that can't wait another week are strongly recommended to use the Tor Browser 4.0.5 meanwhile.
Here is the changelog since 4.0.4:
- All Platforms
- Update Firefox to 31.5.3esr
- Update Tor 0.2.5.11
- Update NoScript to 2.6.9.19
Comments
Please note that the comment area below has been archived.
gracias por su aporte
gracias por su aporte
where is the onion program
where is the onion program which allows you to view the connections made by tor? when windows downloads tor its only the browser?
You're asking about Vidalia
You're asking about Vidalia I guess?
http://tor.stackexchange.com/questions/1075/what-happened-to-vidalia
Same problem was with
Same problem was with 4.0.4
AVG flagged 4.0.5 as an unknown threat, and killed the exe file
AVG is really bad, if you
AVG is really bad, if you feel like you need to use commercial antivirus try Avira (there's free version too).
thanks so much ! i love
thanks so much !
i love Alpha version more than stable .coz i am able to see tor circuite.it's very useful
How/where are you able to
How/where are you able to see the circuit in the browser? One of the TBB devs showed me this feature on their computer months ago but thought it still wasn't released yet because I don't have it in 4.5a4 on Linux (Tor Button 1.8.1.3). I want this feature!!
It is in the alpha series
It is in the alpha series available. Make sure you are not on a local website (like about:tor) and click on the green onion. Then you should see the circuit for the website you have open. If that does not work, please give steps to reproduce your issue.
Tor circuit is not available
Tor circuit is not available at all! it just available while using some Transports(obf3,obf4,fte..) at least for as i said
The steps to reproduce are
The steps to reproduce are here: https://trac.torproject.org/projects/tor/ticket/12745
I don't know if this issue affects the automatic upgrader, but it certainly still affects Tor Browser Launcher (which remains the only way to install Tor Browser on Debian/Ubuntu that doesn't involve a terminal, which average humans shouldn't need to be asked to do) as well as the manual-upgrade method (which many reasonable people still use because the built-in upgrader apparently doesn't very GPG sigs yet).
I get the feeling that the importance of TBL is not appreciated by the core TBB devs; if so, you should really come to a cryptoparty sometime and see what happens when novice linux users attempt to install TBB without TBL.
As I said in another reply
As I said in another reply which is still in the moderation queue, I am still affected by trac ticket #12745 (which I filed 8 months ago). But after just following the steps I posted on that ticket to get the latest Tor Button (moving me from 1.8.1.3 to 1.9.0.0), and also after trying again with a completely fresh 4.5a4, I still don't have the circuit display. I've never seen it on my computer. I'm running debian wheezy.
My apologies! It turns out I
My apologies!
It turns out I wasn't seeing the circuit display because I set the TOR_CONTROL_PORT, TOR_CONTROL_PASSWD, TOR_SKIP_LAUNCH, TOR_SOCKS_HOST, and TOR_SOCKS_PORT environment variables to use my system tor. I am seeing the circuit display now if I let TBB launch its own tor.
Ticket #12745 (upgrading by untarring the new release over the old one, as Tor Browser Launcher does, results in using an old version of the Tor Button extension) still remains a reproducible issue, though.
I had the same problem, the
I had the same problem, the solution was that my system tor needed to be updated to 2.6 for this feature to work
After installing (Windows 7)
After installing (Windows 7) an starting Tor Browser 4.0.5 I often get "tor.exe is damaged". The only stable version on my Windows 7 enterprise is Tor Browser 3.5.6.
Thank you again for all your
Thank you again for all your hard work.
Unfortunately with the 4.0.5 update my Gmail inbox has rendered a mess. Messages in the inbox view are now taking up 3 times as much space and a normal message usually does on the screen.
Not sure if this is a TBB problem or a GMail one but thought I'd mention it in case anyone else has the same issue.
Shouldn't
Shouldn't https://sedvblmbog.tudasnich.de/projects/torbrowser/RecommendedTBBVersions stop recommending 4.5a4 since it has critical bugs?
(I wonder what happens to TBB's new upgrader when all recommended versions are older than the current one. I'm pretty sure torbrowser-launcher (an old version of which accidentally upgraded to the alpha due to it having "a" instead of "alpha" in its version string) isn't going to be happy; i'm working on submitting a patch to it to allow it to switch between stable and testing releases).
Good question. We are
Good question. We are basically about to start building a new alpha based on 31.6.0 and decided that a warning on the blog is enough for now. Not ideal but we have nothing better for this one week gap. Regarding the auto-updater: It is not bound to the RecommendedTBBVersions. If you don't have a recommended version (e.g. a nightly) then your green onion starts flashing but there is no (other) (update) hint.
Hi. Can't post
Hi. Can't post here:
forums.hardwarezone.com.sg
Did the forum banned tor?
Works for me.
Works for me.
are you using any special
are you using any special settings?
try with and without obfs3, can't log in...
This might be unrelated to
This might be unrelated to your problem.
httpseverywhere trouble in tbb 4.0.5 is described in https://support.mozilla.org/en-US/questions/970533 "The connection has timed out" -- solved by disabling site rule.
The site is ((should i declare site, or this a secret?)) is noscript friendly. I load page from https bookmark and far as i know, site always loads as https. Perhaps the page loads some urls that cause cause the trouble.
I had not visited the site for many (6?) months, so the trouble may not be new in recent tbb or httpseverywhere.
Trusting the tor project
Trusting the tor project blindly (foolish) I updated to the new bundle but ... all my whitelist options and bookmarks were gone! So I guess I'll have to start all over again. Can't this issue be solved any other way? Also I notice that when I open a new tab to start a new search on the start page field, the field is not empty but keeps the intended search of the previous tab. All in all minor issues considering the great job the Tor broser and Tor Project does, thank you!!
Did that happen while using
Did that happen while using the built-in updater? If so, could you give us steps to reproduce this behavior?
As for the search bar
As for the search bar behaviour, the Searchload Options add-on might be a good sollution; works for me.
https://addons.mozilla.org/en-us/firefox/addon/searchload-options/
yeah, i've gotten in the
yeah, i've gotten in the habit of always backing up my noscript prefs and bookmarks before installing a new version.
it has the added bonus of serving as a regular back-up, in case anything happens (for example accidentally deleting a bookmark).
i don't whitelist any noscript domains, as that could have some impact on anonymity.
You can backup your
You can backup your bookmarks. Bookmarks - Show all bookmarks - then click on Backup button. Anyone know about whitelist though?
as of only months ago, and
as of only months ago, and for many years preceding. noscript's domains and afaik all settings have been in firefox' prefs.js
Thanks for the quickly
Thanks for the quickly updated release.
One question, will a future update include updated OpenSSL libraries (updates released on the 19th of March) to resolve any issues that affect Tor? Thank you.
It will eventually but the
It will eventually but the bugs found are not urgent in the context of Tor. Thus, it might happen that the update is taking a bit.
Sounds good. Thanks again.
Sounds good. Thanks again.
do any other linux users
do any other linux users have the issue where the initial connection dialog (ie connect or censored) once you press connect and the connection initialization window causes alt-tab to stop working. Only for the duration of the existence of that window? am using Fedora 21.
Works for me on an Ubuntu
Works for me on an Ubuntu 12.04.
Are you going to provide a
Are you going to provide a feature to force new identity for all upcoming connections?
No.
No.
Downloaded 4.05 bundle today
Downloaded 4.05 bundle today on Macbook Pro using OS X Yosemite. Prior version of Tor worked fine but now browser opens only to start page. When a search is attempted, I receive a gray box Saying "unable to find the proxy server" and "Firefox is configured to use a proxy server that can't be found."
I opened Preferences, Advanced, Network, Settings. I tried each of the Proxy options to no avail. (The manual configuration boxes are empty, so no surprise there.)
Also, what happened to my Bridges? I don't even find anywhere to add bridges anymore.
Any advice?
gpg: Signature made Mon 23
Subkey fingerprint is nowhere to be found at
https://sedvblmbog.tudasnich.de/docs/signing-keys.html.en
It is. I just found it
It is. I just found it there.
EDIT: sub 4096R/0x2E1AC68ED40814E0 2014-12-15. I see what you mean. There is actually https://bugs.torproject.org/15253 which I'll fix in the coming days.
I used the auto-updater to
I used the auto-updater to update from Tor Browser 4.0.4 to 4.0.5 with Linux 32bit on Debian Wheezy. After auto-updating I click the 'restart' button. Tor restarts and then the configuration window comes up asking me if I want to connect directly to Tor or use a bridge.
4.0.4 was configured to use the meek-google bridge. I don't click on any configure buttons and Tor 4.0.5 gets to 100% connection status and connects to meek-google bridge automatically, but Tor web browser doesn't launch and the configure window just sits there blocking Tor web browser from launching.
So I close the configure window, which disconnects Tor. Then relaunch Tor, but this time the configure window doesn't come up and the Tor web browser launches when the connection status gets to 100%. A window pops up saying "Tor has been successfully updated."
Sorry to post this here. I know I'm supposed to use a bug report.
I added your comment to
I added your comment to ticket #13247.
I have noticed this with a
I have noticed this with a lot of SSL/TLS websites, they accept either SSL 3.0 or the RC4 cipher. Why do some SSL/TLS websites accept SSL 3.0 or RC4 when SSL 3.0 is unsecure and when RC4 is also unsecure?
I'm glad torproject.org does not accept SSL 3.0 and RC4.
Anyone else experiencing
Anyone else experiencing massive problems with CloudFlare ever since the 4.0.5 update? It has always been very very annoying, but now there's an infinite CAPTCHA loop which cannot be overcome anymore at all :/
My longer comment got blown
My longer comment got blown out when i looked away...
So short reply is:
use google cache. google blocks tor, but google cache does not.
1. find on web or create a google cache bookmarklet
or my choice:
2. create a "Quicksearch" keyword search bookmark for google cache
create title that indicates is Quicksearch type bookmark. i add % symbol and place Quicksearches in a separate folder.
this is url of my google cache bookmark:
https://webcache.googleusercontent.com/search?q=cache:%s
create a keyword that you will remember as is not a real word.
usage: move cursor to beginning of url in adderssbar. enter your keyword and a space character. press Enter key (or click goto button)
btw, quicksearch is not keyword search. the latter can be privacy hazard. To avoid hazard, i disable the pref
keyword.enabled
Can confirm. You can solve a
Can confirm. You can solve a capture x times and it always back to a new capture.
First: Thank you for TB!!
First: Thank you for TB!! Great and good work!
Unfortunately, browsing the web with your latest TOR-Browser I can't solve any captchas anymore! Neither UL.to nor share-online.biz ... you name it....
So downloads became impossible since yesterday :-(
Does anybody else experience the same?
Yeah I have same problem
Yeah I have same problem with captchas I cant see the pictures needed to solve captchas when using Tor Browser.
I still cannot edit the
I still cannot edit the certificates in Tor browser,please fix it as soon as possible!
One more thing: why not consider to delete CNNIC Root in default?
http://googleonlinesecurity.blogspot.com/2015/03/maintaining-digital-ce…
"On Friday, March 20th, we became aware of unauthorized digital certificates for several Google domains. The certificates were issued by an intermediate certificate authority apparently held by a company called MCS Holdings. This intermediate certificate was issued by CNNIC "
CNNIC belongs to Chinese government,and China is a totalitarian country.CNNIC Root and other Chinese certificate cannot be trusted by anyone!
i believe disabling 'edit
i believe disabling 'edit certificates' in tb are made for purpose. it makes more difficult for you to have your own decision whom you trust and strictly bind you to decisions made by browser designers. and they are controlled by ceo. and ceo follows recomendations from fascist governments.
btw why chinese ca is less trusted then us ca while us is a police state? will you feel more comfortable if google certificate was issued by some nsa affiliate and such https site is placed at your internet provider? for now who controls ca controls internet security.
funny, google.nsa talk about 'unauthorized digital' certificates. in real any certificate is legal for browser/windows if it is signed by trusted ca. so you are forced trust all those secretly updated root cas in your browser/windows bundle.
Cloudflare captcha's aren't
Cloudflare captcha's aren't checked properly it seems.
Stuck in endless loop.
Clean install 4.0.5.
Please sort out the GPG
Please sort out the GPG signatures. My download of TBB 4.0.5 have this accompanied signature that gives me this result:
Signed on 2015-03-23 13:40 with unknown certificate 0xBA1EE421BBB45263180E1FC72E1AC68ED40814E0.
This appears not to be a valid subkey of any known signing keys (and there are too many of them already) of tor project. For me it looks like attack.
That one is valid and
That one is valid and mentioned as sub 4096R/0x2E1AC68ED40814E0 2014-12-15 on the signing key page.
It came down to a bug in
It came down to a bug in Kleopatra that is shipped with Gpg4Win 2.2.3. GPA works fine and verifies the signature properly and also shows the right subkeys.
from today i cant acces
from today i cant acces marketglory.com by tor browser.Cloud flare repeats infinetly.Is this site blocked for tor users?
cloudflare captcha worked
cloudflare captcha worked fine before update 4.0.5 now i enter the text and it just refreshes the screen with a new captcha. why did you break cloudflare captcha?
is anyone else not able to
is anyone else not able to open after updating? Getting #11999 error forcing try again, but when you click try again, it flashes back to error screen.
What do you mean with #11999
What do you mean with #11999 error?
Starting with 4.0.4, Tor
Starting with 4.0.4, Tor Browser is having problems downloading some images from posts on Tumblr. This may be related to Tumblr moving some of this content out into a content development network on edgecast.net.
From any browser on a static IP, the photos will download. From any node on the Tor Network, the photos will give errors that the server refuses to download with AccessDenied.
Here is a photo of a famous singer that is in a Tumblr post and it gives a server AccessDenied from every Tor Node I could test, but works from every static IP I tested:
https://gs1.wac.edgecastcdn.net/8019B6/data.tumblr.com/15166cf2c8442ce5…
Is the Tor Network being specifically blocked? Is there any workaround for this?
I got access denied from a
I got access denied from a clearnet dynamic IP.
Yes I use Tumler and have
Yes I use Tumler and have the same problem in 4.04. A few photos show but most don't. It may be they are using more JS scripts than before as of course that is disabled in TOR, or at least it is by anyone with any sense!! Similar problems on flickr if JS is not enabled.
The Tumblr photo links are
The Tumblr photo links are broken with or without Javascript.
It appears to be a problem. Can Tor Team investigate?
What's coming out next week?
What's coming out next week? A new Tor Browser alpha?
Yes, plus a new stable both
Yes, plus a new stable both based on ESR 31.6.0.
I d/l'd the Tor Brower
I d/l'd the Tor Brower Bundle Update to update from 4.0.4 to 4.0.5 but it won't update. I keep getting an error box which says:
"The update could not be installed. Please make sure there are no other copies of Firefox running on your computer, and then restart Firefox to try again."
But I don't have any other copies of Firefox running. I've tried numerous times but keep getting the same error. Any help would be appreciated.
Thanks.
BTW, I have Windows 7
Hmm... Where did you put
Hmm... Where did you put your 4.0.4? Do you have write access there?
Your reply prompted me to
Your reply prompted me to move 4.0.4 back to where I d/l'd the 4.0.5 bundle and it installed fine.
Thanks!
The the built-in updater
The the built-in updater broke my tbb install after restarting tbb.
it failed to start properly.
Debian 8 x64.
Which error do you get? How
Which error do you get? How can I reproduce your problem?
Hello there, I'm having a
Hello there, I'm having a problem but I don't know if my IP censored it or not. I didn't have problems last night until 12-12:30AM (North America Eastern time). The tor browser just wasn't responding (loading pictures on tumblr and other sites) so I changed the identity but when I did that I was signed out. I tried to connect again but the loading bar always stops at "Loading Network Status" and never goes past that stage. Is this IP censorship or is there something going on with the Tor network?
Just checking that you all
Just checking that you all over at tor are keeping the deployment of "Stingray" in your sights.
http://www.extremetech.com/mobile/184597-stingray-the-fake-cell-phone-t…
Now, the ability to track and locate my whereabouts isn't important to me.
But "stingray is a false cell phone tower that can force phones in a geographical area to connect to it. Once these devices connect, the stingray can be used to either hone in on the target’s location or, with some models, actually eavesdrop on conversations, text messages, and web browser activity."
Please tell me you're ahead of the curve - and likely to stay there...
PLEASE HELP The past few TBB
PLEASE HELP
The past few TBB issues have the spelling-checker disabled and I can find no way to reverse this.
My regular Mozilla browser, with the same settings, isn't similarly afflicted. And I can't accept I'm the only person with this complaint. It's a serious security issue. Imagine being able to identify others simply through their consistently repeated spelling errors?
I have posted here on this topic before but there was a distinct lack of any response.
Do your good deed for 2015 - it's not to late...
TIA
Which version did work for
Which version did work for you? Do you have dictionaries installed in your Tor Browser? What did you try to enable spell-checking?
@ GK As I wrote above, my FF
@ GK
As I wrote above, my FF settings and TBB settings Tools/Options/Advanced/General settings are identical.
As are both Options/Content settings except for, ooops, "Allow pages to choose their own fonts" - disabled on FF but enabled on TBB.
Now my font colour stays black instead of blue, as I'd prefer and TBB 4.0.6 - just downloaded - now has an active spell check. Why would this setting - or rather - should this setting influence spell check?
I started this post with FF, copied it, downloaded and installed TBB 4.0.6 over 4.0.5 - that's a first - and then re-posted this using 4.0.6.
Usually, I delete the old browser - CCleaner then cleans the Registry - and then install the new 'un for my own security reasons. Never mind. I'll do it properly when I sign off here.
So I'm up and running again. But I'm still mystified.
Thank you for your interest. Any further insights would be welcome...
@ GK Me again. I've now
@ GK
Me again.
I've now installed 4.0.6 matching, as far as possible, my Mozilla browser which functions perfectly on regular sites - spell checker included.
The TBB spell checker works on this site but not on regular sites and not on tor sites. That previous "ooops" nonsense is just that. Sorry!
The only major difference I can find between the two browsers is that FF Options/Content/Advanced/Fonts has a Latin fonts designation while TBB ditto has a Western fonts designation. ??
Please let me have your opinion on this matter. Thank you for your patience...
Still no response to this
Still no response to this security issue? LOL I'm also curious and I've thus also been waiting for some sort of clarity on this spell check matter from Tor.
Me again... Here's another
Me again...
Here's another take on "stingray" fyi.
http://www.nytimes.com/2015/03/16/business/a-police-gadget-tracks-phone…
I'm alarmed!
In response to the
In response to the above:
"Such data “from all wireless devices in the immediate area of the F.B.I. device [cell site simulater] that subscribe to a particular provider may be incidentally recorded, including those of innocent, nontarget devices.”"
Wow, now I know why people in the U.S. are so paranoid, their government wants to know EVERYTHING about them, to use it against them should the opportunity arise. "it's in the name of Homeland Security!" they say, but then what constitutes protecting "homeland security"? If someone were to whistleblow, say like something about 9/11, the government could label this as a "threat" to homeland security and take these measures so long as it protects their interests. I don't know why there aren't public protests against this kind of stuff.
This is what I am getting
This is what I am getting when trying to download tor on torproject website for tor browser 4.0. 6?? am typing in https://sedvblmbog.tudasnich.de
Not Found
The requested URL /torbrowser/4.0.6/torbrowser-install-4.0.6_en-US.exe was not found on this server.
Apache Server at oiyfgiixvl.tudasnich.de Port 443
I deleted my old tor 4.0.5
I deleted my old tor 4.0.5 seeing that on this tor website that 4.0.6 is out and got that apache message and 404 error..now stuck without tor! this is the message I got again, plus I cannot dwnload tor at all...so what is going on?
Not Found
The requested URL /torbrowser/4.0.6/torbrowser-install-4.0.6_en-US.exe was not found on this server.
Apache Server at oiyfgiixvl.tudasnich.de Port 443
Thank you for fixing the
Thank you for fixing the problem. I was able to download the new version 4.0.6! love tor great work!
Right -- it was a temporary
Right -- it was a temporary problem while we uploaded 4.0.6.
I've opened
https://trac.torproject.org/projects/tor/ticket/15530
so we have fewer of those problems in the future. Thanks!
using 4.5a5 (based on
using 4.5a5 (based on Mozilla Firefox 31.6.0, one site always gets Access Denied" no matter how many times I get "New Identity".
http://www.foxnews.com/ yields an:
---------------------------------
Access Denied
You don't have permission to access "http://www.foxnews.com/404error/" on this server.
Reference #18.16bd7a5c.1429010305.6ee5f69
----------------------------------
odd that. There have been many favorable, or at least neutral, articles on FN re Tor.
Last year ther was no problem. I don't recall exactly when it became impossible.
For the last couple of days,
For the last couple of days, i cannot get past google captcha screen. I enter the parameters but it asks for another captcha over and over...so annoying...Why did you try to fix something that already works?
TOR works for me when i
TOR works for me when i first tried it ilove tor
Cloudflare Captcha appears
Cloudflare Captcha appears for me e.g. on 4chan, and it;s the hardest type to solve. I got quite good at solving them and occasionally I get one which I am sure was correctly entered, but I am **ALWAYS** without fail given another Captcha. I did screw with TOR's about:config to set lots of options to false, and I note the latest versions of Tor have some change to NoScript ClearClick (which was giving an issue with Tor + Captcha) but this hasn;t helped me.
About 1/3 of the internet is unusable to me.
It's ok when i can use a startpage proxy at the end of Tor to get there, but with just Tor, it gves me ENDLESS Captchas.
Any ideas??
Anyone Else?