Tor Browser 5.0.1 is released
A new release for the stable Tor Browser is available from the Tor Browser Project page and also from our distribution directory.
This release fixes a crash bug that caused Tor Browser to crash on certain sites (in particular, Google Maps and Tumblr). The crash bug was a NULL pointer dereference while handling blob URIs. The crash was not exploitable.
Here is the complete changelog since 5.0:
- All Platforms
- Bug 16771: Fix crash on some websites due to blob URIs
Comments
Please note that the comment area below has been archived.
Thanks. Youtube no longer
Thanks. Youtube no longer crashes.
Why go to youtube, by using
Why go to youtube, by using flash player you do compromise your location.
Youtube uses HTML5.
Youtube uses HTML5.
HTML5 is new technology,
HTML5 is new technology, "new" as compared to Adobe Flash. As such there may be countless of de-anonymizing bugs in HTML5.
The NSA is busy uncovering and exploiting bugs in HTML5 to their advantage.
Use HTML5 over Tor with extreme caution. You have been forewarned.
*sigh* look, HTML5 video
*sigh* look, HTML5 video does have some anonymity and especially fingerprinting concerns... however, it is part of the browser itself and therefore (in Firefox's case) open source. The problem in Flash is it isn't open source so we don't have a clue what it's doing.
Although Flash also doesn't use the browsers proxy settings and therefore deanonymizes you, while HTML5 uses the browsers settings because it is the browser.
*sigh* look, HTML5 video
*sigh* look, HTML5 video does have some anonymity and especially fingerprinting concerns... however, it is part of the browser itself and therefore (in Firefox's case) open source. The problem in Flash is it isn't open source so we don't have a clue what it's doing.
sigh..sigh..and..sigh
Are you suggesting that open source software is free of security vulnerabilities?
Please read the write-up "Shellshock proves open source's 'many eyes' can't see straight" (URL: http://www.infoworld.com/article/2689233/security/shellshock-proves-ope…)
I'm not saying it's free of
I'm not saying it's free of security vulnerabilities; I'm saying that you can audit it to check if it's doing something undesirable. You don't have to trust some corporation/person/government that the software they provide doesn't spy on you, you can check it yourself.
I'm not saying it's free of
I'm not saying it's free of security vulnerabilities; I'm saying that you can audit it to check if it's doing something undesirable.
Look here, my original post of August 19th is in response to a post of August 18th: "Why go to youtube, by using flash player you do compromise your location."
And your reply to mine is largely out of topic. In addition it may cause confusion in those who are not tech-savvy.
People who use Tor Browser Bundle are those who desire to remain anonymous on the internet and using HTML5 video may unmask them. They do not care much about whether HTML5 is open source or proprietary/closed source.
I hate when people say shit
I hate when people say shit like this. Of course you can check it yourself, but who has the proper expertise to even spot a backdoor or vulnerability? Better than closed source but still needs more professional eyes and caution.
i do not see any option
i do not see any option blocking htlm5
HTML5 video and audio are
HTML5 video and audio are click to play on any security setting above low. Just don't click them.
ok , thx for your answer ;
ok , thx for your answer ; it is the option AUDIO/VIDEO (htlm5) i was not sure.
Why cannot I get access to
Why cannot I get access to Tor over my old iPhone? It keeps telling me something like "sorry, you cannot download " blah blah blah. I still think someone set up a bogus rumor-net to get people to attempt to get into a system the govt ostensibly doesn't want them to gain access to. However I could give a rat's patootie what the CIA thinks I'm up to. I don't access child porn, I don't kill endangered animals but I am looking for the creepy face in the mask who speaks to me if I order illegal drugs.
Thanks, hopefully those
Thanks, hopefully those experiencing this issue will now upgrade from 4.5.3 to 5.01.
Kaspersky Warning Cannot
Kaspersky Warning
Cannot guarantee authenticity of the domain to which encrypted connection is established
application oracle vm virtualbox
url www.omwfe772jto3cmnltm2pguujg.com
reason invalid name of the certificate.either the name is not on the allowed list or was
explicitly excluded
issued to www.r3m3yaiegd.net
issued by www.qj33ncodj.com
valid from 6/14/2015 to 11/25/2015
certification path www.r3m3yaiegd.net
field value
version v3
serial number 00 0e fa 53 fd c6 fa 67 f7
singnature algorithm sha1rsa
signature hash algorithm sha1
issuer www.qj33ncodj.com
valid from Sunday, Jube 14, 2015 5:30:00 am
valid to wednesday, november25, 2015 5:29:59am
subject www.r3m3yaiegd.net
public key rsa(1024bits)
thumbprint algorithm sha1
thumbprint 0d 89 09 0d 36 a6 5e de c6 2a b1 63 40 67 9e 61 67 d4 58 2d
all the web sites in the
all the web sites in the warning like issued by and from and also the certification path.what about these sites?
My browser just sent my a
My browser just sent my a system notification of a pending update - please tell me, is my system knowing tor upgraded or is everything is downloaded and updated through tor+tor browser?
Tor browser has its own
Tor browser has its own auto-upgrade functionality since 5.0
Yes, but is everything done
Yes, but is everything done through Tor?
It's an important question
It's an important question and needs an answer. There is no way it could download the entire application in a few minutes of launching here...especially since the latest release has ballooned by another 30 or so MB (Mozilla's fault I guess). Unless it's just downloading a few patches and updated scripts. But I doubt it is, because it relies on Firefox's updater, right ?
It makes me think it's downloading in the clear. If it is it's a massive gaff.
We need some information.
The upgrade is downloaded
The upgrade is downloaded through Tor.
Firefox, and hence Tor Browser, supports incremental updates, so the size of the download depends on how much has changed between versions; for the upgrade from 5.0 to 5.0.1 the corresponding .incremental.mar (Mozilla archive) file is smaller than 500K.
See https://wiki.mozilla.org/Software_Update
You can see the .mar upgrade files here: https://oiyfgiixvl.tudasnich.de/torbrowser/5.0.1/
Do you also *need* to be
Do you also *need* to be spoon-fed the information? How about clicking the "Documentation" link and reading up yourself?
Yes, it's fetched over Tor. Yes, it downloads only a small delta (when updating consecutive releases, at least). And, at least on GNU/Linux, the package has certainly not "ballooned by another 30 or so MB" (maybe 9MB).
(I'm not a Tor developer btw.)
Thanks Tor developers for
Thanks Tor developers for the update.
However Bug 16775 still remains.
Hello Mike, I tested this
Hello Mike,
I tested this release yesterday.
YES ! Now it works like past time. :)
Same bug again: once the
Same bug again: once the "SocksListenAddress 0.0.0.0:9150" added into torrc , Tor Browser 5.0.1 will crashed at start, so as Tor Browser 5.0. I am a chinese user,so I cannot use whonix without "SocksListenAddress 0.0.0.0:9150".
Use "SocksListenAddress
Use "SocksListenAddress 127.0.0.1:9150"
It's worth noting that
It's worth noting that `SocksListenAddress` has been deprecated for quite a while, so the better thing to do is to alter the `SocksPort` entry.
> DEPRECATED: As of 0.2.3.x-alpha, you can now use multiple SOCKSPort
> entries, and provide addresses for SOCKSPort entries, so
> SOCKSListenAddress no longer has a purpose. For backward
> compatibility, SOCKSListenAddress is only allowed when SOCKSPort
> is just a port number.)
evidently still goofed
evidently still goofed up
4.5.3 shows 3 (three) installed fonts
5.0.1 shows 63 installed fonts
used http://ip-check.info/?lang=en
no changes made
anyway, thank you for updating :-)
Font Fingerprinting defense
Font Fingerprinting defense is still in alpha.
0 installed fonts with TBB
0 installed fonts with TBB 5.0
Have you ticked "forbid @font-face" in noscript?
5.0.1 strongest privacy
5.0.1 strongest privacy settings show no fonts, nothing = good
ok, as a work around,
ok, as a work around, set
browser.display.use_document_fonts from 1 to 0
that brings one down to 3 fonts displayed
Whenever i finish a
Whenever i finish a download, instead of opening the file tor browser crashes, deletes the shortcut and then malware is detected immediately after.
What anti-virus are you
What anti-virus are you using? It may be a false positive.
Zone alarm, never had any
Zone alarm, never had any problems until 5.0
It's a false positive. The
It's a false positive. The virus you've got is called Windows. Try Linux. better yet, use Tails.
strange, tried several
strange,
tried several attempts, but this blog seems to be closed for comments.
Thank you very much for a
Thank you very much for a speedy update. I did not ever use Tumbl or Google maps but the Linux version of 5.0 crashed repeatedly on Bruce Schneier's site (!) and usually crashed on almost any site within 5 minutes ... while the Windows version did not crash at all on the same sites. Version 5.0.1 now running for 20 minutes with 15 tabs open and all looks good. Again, thanks.
Hi. I'm from Iran and I'm
Hi. I'm from Iran and I'm using obfs4 as obfs3 has stopped working in Iran, but it's so slow I'm often faced with the "connection has timed out" message and can't open any web pages most of the time, even when I restart Tor.
Also whenever I use Google, it just says I appear to be a bot and keeps asking me to enter a scrambled number correctly, but it never accepts the number even though I enter it correctly every time. Could you please kindly look into it, especially the extremely slow speed problem? Thank you for your kind efforts.
There's not much to look
There's not much to look into regarding speed. The default obfs4 bridges service a lot of users, and are constantly overloaded. You may have better luck if you obtained different obfs4 bridges from BridgeDB.
I'm using Custom Bridges on
I'm using Custom Bridges on the Tor Browser in Tails. Can I have too many bridges or the more bridges the better? Tor Browser in Tails is supposed to use a different bridge each time I boot to Tails, isn't it?
For technical support on
For technical support on using Tails, you're advised to surf to https://tails.boum.org/support/tails-support/index.en.html and subscribe to the mailing list.
Thereafter, when your subscription is successful, you'll be able to post questions and hopefully someone from Tails will answer your questions.
The only way I get Google to
The only way I get Google to accept a captcha entry is to disable NoScript temporarily.
recatcha used to work
recatcha used to work without js. there was a copy and paste routine.
maybe you can look in the untrusted submenu of noscript menu to see the url that needs temporary noscript allow?
I'm sorry regarding my
I'm sorry regarding my previous comment I noticed the reason why obfs4 suddenly magically started to work was that Hotspot Shield was running in the background without my knowledge. As soon as I disabled it I was again unable to open any webpages. It seems like Iran's government is using a new kind of censorship. While I can connect to the Tor Network using obfs4 fairly fast and see the "Congratulations" web page, I haven't been able to open a single web page for the past few days no matter how many times I restart Tor. It's always "The Connection Has Timed Out". Could you please look into it?
Hard to look into it without
Hard to look into it without having a computer there, or knowing which bridges you use (if it's not the default, don't reply with them either). If they're throttling long lived connections again, that's the sort of behavior I'd expect, but I don't have a good solution to that for obfs4.
I'm sorry regarding my
I'm sorry regarding my previous comment I noticed the reason why obfs4 suddenly magically started to work was that Hotspot Shield was running in the background without my knowledge.
As I had cautioned you in my earlier post, I will caution you now for your sake.
Avoid Hotspot Shield at all costs as it has been working closely with the United States' National Security Agency. Your online activities may be closely monitored by it.
But again, being monitored by the NSA does not present the same risks to you compared to being monitored by the Iranian authorities. The NSA will not throw you into jail but the Iranian authorities will. One of my Iranian contacts who was vocal in his support of the American-led Iranian non-proliferation nuclear arms deal has just been given a seven year jail sentence. Do you want to be next?
Sometimes when you see
Sometimes when you see "connections is rimed out" means "it is impossible to open a connection for your security & safety" so , it is better to not have one.
Try another location/country from your vpn or another circuit/identity from tor..
*i do not like comment about vpn/nsa/interpol or good/bad people/country ; in fact, as soon as you live in a reverted republic (old monarchy) or a false democracy (European Union), every body can ask a sanction against someone else , no need to be in contract with a government or a military circle ...
I'm a bit confused. Today
I'm a bit confused. Today TorBrowser "informed" me that there's an update available and I should restart TB to apply it. In the 4.XXX Versions, on my startpage (about:tor) there always was this info "however, this browser is out of date" and then I used to update it manually. Since I prefer to do this manually, after today's update message, I checked the options to turn off the auto update (which I did not turn on). Then I recognized, that I can no longer change the settings. When I click the relevant box, no check mark appears. Is this a bug?
-----
I just realized, it is the same with ALL the options. It seems that when I click unto something, my changes apply but the "box" is not marked, no check mark visible..
sorry for my bad english, hope you get me
It's a recent bug. Lower the
It's a recent bug. Lower the slider in the "Privacy and Security Settings" to Medium-High (or lower) and restart the Tor Browser. You should be able to modify your settings after the restart. And then you can set that slider back to High.
thank you so much guys.
thank you so much guys. you're the best :)
regards
a fan from Iran
Could you please update the
Could you please update the alpha as well? The bug is still present there.
I got an update to 5.01
I got an update to 5.01 today my saved passwords are working but I can not find them. Options-Security-saved passwords-but the window is blank no saved sites and passwords...
Love the new updated # 5...
This is probably
This is probably https://bugs.torporject.org/16775 as well. We are working on a fix.
Oh, I'm so glad to hear that
Oh, I'm so glad to hear that you are working on it! I have the same problem and it is bothering me too much!
New browser is not working
New browser is not working with Yahoo fantasy baseball, Daily Fantasy Contests.
For some reason, all of the functionality on the screen fails to work as it did in the past. I am not sure if that is javascript errors or blocking or what.
But it was working fine on Monday. It no longer works today, after the update.
Any suggestions?
Could you give me some steps
Could you give me some steps to reproduce (URLs, etc.)? Are you using a customized Tor Browser or as it ships?
I am using TOR Browser as it
I am using TOR Browser as it ships; no modifications.
Here is the URL having the issues:
https://sports.yahoo.com/dailyfantasy
If you go to the middle "main" section titled "Daily Fantasy Sports Contests", the links in that section are not functioning, except for the "Enter Contest" button.
You should be able to click on "MLB" or "NFL" or "NBA", and it would take you to specific pages for just those leagues. Additionally, the slider button "Entry Fee" range from "$0 to $500" does not respond. You should be able to slide either end left or right to narrow your range.
Once you do click on "Enter Contest", you should be able to add players to roster by clicking on the "+" sign. However, nothing happens.
I tried disabling "No Script"; I unblocked "Pop Ups"; I clicked on just about everything in the Firefox browser "settings", but to no avail. So I'm not sure if this is a Firefox issue or a TOR issue.
But thank you for looking in to this and thank you for your time. I will definitely keep using this if you can resolve this issue.
I just extracted a fresh
I just extracted a fresh 5.0.1 and all the things above worked on my Linux box. Maybe this is a platform issue? What operating system are you using?
Windows 7 on a Dell Latitude
Windows 7 on a Dell Latitude 5440 w/ i5 processor. Windows is completely up-to-date.
Interesting. It seems indeed
Interesting. It seems indeed to be a Windows-only problem. I've opened https://bugs.torproject.org/16874 for further investigations. Thanks for reporting!
No, thank you for the
No, thank you for the follow-up and follow-through.
I hope you can get it resolved.
I went back to the archives
I went back to the archives and downloaded TOR 4.5. The Yahoo Daily Fantasy website works perfectly fine with 4.5. So it's got to be in TOR 5.0.1 for MS-Windows 64-bit installs.
I don't like this auto
I don't like this auto update thing, it removes user control. How can we disable it please ?
"Starting with this release,
"Starting with this release, Tor Browser will now also download and apply upgrades in the background, to ensure that users upgrade quicker and with less interaction. This behavior is governed by the about:config pref app.update.auto, but we do not recommend disabling it unless you really know what you're doing."
I wont be auto updating, as
I wont be auto updating, as you've trashed my working version.
highly pissed Anon
See the blog post for
See the blog post for version 5.0
Each time the start-up page
Each time the start-up page is the webpages last time I visited, it is set to show a blank page in my preferences
Where does TOR save it's
Where does TOR save it's downloaded Software update before installing it?
Thank you
Where does Tor browser save
Where does Tor browser save its download of software update before I restart it and it kills all my saved stuff please?
/Browser/updates directory,
/Browser/updates directory, IIUC.
That is an excellent
That is an excellent question. Plus I wonder if this whole thing was put together by the NSA to track weird or...I think the whole thing is a govt put on. It would be cool if it wasn't. Am I just perverse? I'm waiting for a spooky thing to happen.
Can I download on my Apple
Can I download on my Apple IPad? If so, how?
https://itunes.apple.com/us/a
https://itunes.apple.com/us/app/onion-browser/id519296448?mt=8
Thank you for your great
Thank you for your great work! Could you please tell me how to configure a fixed exitnode? I mean sometimes I need my IP address to show as in a specific country, how can I achieve that?
Go
Go here:
https://sedvblmbog.tudasnich.de/docs/faq.html.en#ChooseEntryExit
I'm not sure this is a
I'm not sure this is a use-case the Tor network is specifically supposed to serve. Also you would be hurting your anonymity. Also there's a difference between a fixed exit node and a fixed exit country. If you still want to do it, read the tor and torrc man pages.
hurting anonymity whats
hurting anonymity
whats wrong with choosing country nodes?!
After auto-update to 5.0.1,
After auto-update to 5.0.1, tor browser is giving the following error instead of opening:
XML Parsing Error: undefined entity
Location: chrome://browser/content/browser.xul
Line Number 1401, Column 11:
What operating system are
What operating system are you using? From which version did you auto-update? Is this reproducible? Older Tor Browser versions can be found on https://archive.torproject.org/tor-package-archive/torbrowser/.
I got the same error today...
I got the same error today...
In order to resolve this
In order to resolve this issue: delete (or stop using) the file "Start Tor Browser.exe" in the Tor Browser directory. This file was used to start past versions of the Tor Browser. Instead, use the shortcut "Start Tor Browser" (located in the same directory), which points to "\Browser\firefox.exe".
Suppose one sets the
Suppose one sets the security slider to High and then allows scripts for one page (not globally). In this scenario, what are the risks of compromising one's location?
Ha, that looks like a very
Ha, that looks like a very simple question eh? Well, I don't think the answer could ever be simple. You'll have to be more specific, I'm afraid.
If you use Tor Browser to stay anonymous, just disable all javascript/plugins/etc., period.
I'm unhappy to report that
I'm unhappy to report that no bookmarks were saved from the session which included the update to v5.0.1, and as a result I turned off the automatic update option.
Is this reproducible? If so,
Is this reproducible? If so, could you give us some steps to do so? Older Tor Browser versions can be found on https://archive.torproject.org/tor-package-archive/torbrowser/
Updating to Tor Browser
Updating to Tor Browser 5.0.1 using the "torbrowser-install-5.0.1_en-US.exe" installation file made all my bookmarks disappear. It seems that "bookmarks.html" was overwritten.
That is a different thing.
That is a different thing. The issue was that the auto-updater was supposed to overwrite bookmarks and other things. You don't use torbrowser-install-5.0.1_en-US.exe in this procedure.
Is Tor Browser actually
Is Tor Browser actually downloading its update over Tor ? It seemed to report its update had downloaded awfully quickly here after launching, and tor tends to be slow for me.
Please, I hope it is not downloading updates in the clearnet.
Can someone confirm ?
The update mechanism uses
The update mechanism uses Mozilla's custom MAR format for incremental upgrades. In this case, the size of the incremental upgrade file from 5.0 to 5.0.1 is between 400 and 500 KB, depending on your locale, so that would explain the quick download.
Can we get a Tor developer
Can we get a Tor developer to confirm this?
Yes, the updates are
Yes, the updates are downloaded over Tor.
i really miss
i really miss images-from-specific-site blocking feature (right click an image on any page, choose "View Image Info"). now pages are cluttered with images i dont wanna see and i have to resort to using adblock addon which requires more ram. i'm on atom netbook and ram is very limited. can tor browser use lighter browser like pale moon instead of boated firefox?
strangely enuf, the feature still exists in framed pages.
Site specific blocking can
Site specific blocking can be easily fingerprintable depending on implementation.
If you must, you can try NoScript's ABE.
This is a little off-topic,
This is a little off-topic, but here is an extensive list of DarkWeb sites. http://dcjtech.info/topic/darkweb-link-list/
IMO rubbish, spam, ads and
IMO rubbish, spam, ads and fraud links mixed with some useful links.
go away!
How do I fix exit nodes in
How do I fix exit nodes in this version?
Any help?
Please don't; you'll piss
Please don't; you'll piss off the exit node operator.
when click on shortcut,
when click on shortcut, receive the Firefox message
Couldn't load XPCOM.
Do you use an
Do you use an antivirus/firewall solution? If so, which one?
FYI: If no bugs other than
FYI: If no bugs other than the crash have been fixed I won't install it and stick to version 4.5 on OS X Mavericks.
I also don't like the auto update, could you please disable it by default.
I think the concept is that
I think the concept is that if you can't figure out how to disable the auto update even after instructions have been posted, you probably should be auto updating.
4.5 includes numerous vulnerabilities in the Firefox code. If you don't update, you're putting yourself at risk.
Sorry, but (1) every
Sorry, but (1) every application has vulnerabilities, so this does not convince me to update, because (2) I had posted a but report be email immediately after release of 5.0 indicating that it is not possible to see in the preferences whether an option in Tor Browser 5 is active or not. Other users have also reported this problem. Under these circumstances, using Tor Browser 5 is like a blind flight in the fog. It is just not possible to configure it. And, of course, I have disabled auto-update in my instance, but with a version with such major problems I won't ever use it. Please note that I am not in the business of testing software all day, but I am used to WORK PRODUCTIVELY with my computer. Sorry, for the direct language, but I am under the impression this has to be said quite clearly to get it across.
Guys, i'm not sure if this
Guys, i'm not sure if this is gonna be helpful, or could be able to fix those kind of issues..but ip-check. info, kinda gives you some kind of a solution for "fonts" issue, if you do modify, in about:config settings, the followingl line "browser.display.use_document_fonts" from "1" to "0", you'll find out that the test gives you green "Fonts" line, instead of red and all your visible fonts, will became just 3. If this is gonna be helpful, i'm just glad of stating the obvious =)
P.S Does anyone have an idea, why ip check gives orange"medium" rating of language now? Would be glad to here some fix options.
kinda gives you some kind of
kinda gives you some kind of a solution for "fonts" issue, if you do modify, in about:config settings, the followingl line "browser.display.use_document_fonts" from "1" to "0",
Thanks for your repeated suggestion on modifying the parameter browser.display.use_document_fonts = 0.
Shall we let Tor developers do their job? If they wish to include it in the next update, they will.
Probably not related, but I
Probably not related, but I just noticed this today when specifying exit nodes in switzerland {ch}:
"All routers are down or won't exit -- choosing a doomed exit at random"
Google gave some links to the same error message and interestingly the Torcc files posted there also had exitnodes in Switzerland.
Filtering/Censoring? Maybe Swiss is not so neutral after all???
Why do not coincide
Why do not coincide sha256sums
https://oiyfgiixvl.tudasnich.de/torbrowser/5.0.1/ (torbrowser-install-5.0.1_ru.exe 2015-08-17 13:05 42M)
https://oiyfgiixvl.tudasnich.de/torbrowser/5.0.1/sha256sums-unsigned-build… (e9e211a4864a089ba50fa38b48024d262e25fcdb0591a749a5f3cf4d23fd3961 torbrowser-install-5.0.1_ru.exe)
Good
Good signature
torbrowser-install-5.0.1_ru.exe + asc
sha 256 = 544d9e48035008cdcac873b88c0bfc0abd0b97cd237393
i do not know where you found "that" : sha256sums-unsigned-build.txt
sha 256 = e9e211a4864a089ba50fa38b48024d262e25fcdb0591a749a5f3cf4d23fd3961
it looks like a mistake maybe a sha 512
Why do not coincide
Why do not coincide sha256sums
https://oiyfgiixvl.tudasnich.de/torbrowser/5.0.1/ (torbrowser-install-5.0.1_ru.exe 2015-08-17 13:05 42M)
Instead of relying on sha256sums for verification, may I suggest you do the following:
1. Download Gpg4win using the URL: http://www.gpg4win.org/
2. Once you have Gpg4win installed, import Erinn Clark's signing key
3. Download the corresponding armored key of torbrowser-install-5.0.1_ru.exe which should be torbrowser-install-5.0.1_ru.exe.asc
4. Verify torbrowser-install-5.0.1_ru.exe using Gpg4win
Note: Gpg4win is FOSS (free open-source software). Per good practice, always scan your downloads with your preferred anti-virus/malware software before installing the former.
strange response when middle
strange response when middle click a link.
the tab of current web page has a favicon. when middle click a link, a vertical "smear" appears. the smear is something like a narrow version of the current page, narrowed to the width of the tab. most obvious are the favicon and the vertical scroll bar.
I clear the smear easily by clicking another browser tab and can return to the original tab. the smear i gone.
I middle-clicked a "reply" link on this ocewjwkdco.tudasnich.de page. the 'bug' did not occur.
this might be a firefox esr bug.
using vista 64 bit.
I am alone or anybode else
I am alone or anybode else experiencing tbb 5.0 /w disabled auto update no blinking onion icon with update?
Check for updates button shows 5.0.1 available.
Probably no blinking set due
Probably no blinking set due to it being an optional update.
No explicit security/privacy fixes to worry about..
I Can no longer use obfs3 as
I Can no longer use obfs3 as it allways time s out. obfs4 works.xp pro. Thanks 4 help.
I Can no longer use obfs3 as
I Can no longer use obfs3 as it allways time s out. obfs4 works.xp pro. Thanks 4 help.
Am I reading it right? You are still using Microsoft Windows XP Pro?
Microsoft has not been providing security updates for a long time for XP Pro at it has reached its product's end of life.
Please upgrade it to Microsoft Windows 10 if you insist on using Microsoft's products.
However I wish to take this opportunity to suggest that instead of using Microsoft Windows OS, in terms of security, you are better off using a Linux OS. You can start by installing Ubuntu if you have never used Linux before. Its community-support-style forum, https://askubuntu.com/, is one of the friendliest on the internet. Hundreds of Ubuntu experts are there to help beginners out.
I did the update to Tor last
I did the update to Tor last week on windows 7 and now it crashes trying to open. I gtet:
"XML Parsing Error: undefined entity
Location: chrome://browser/content/browser.xul
Line Number 1401, Column 11:"
I don't see it in windows programs, so how do you uninstall and reinstall?
Same question was posted
Same question was posted above, same answer here:
In order to resolve this issue: delete (or stop using) the file "Start Tor Browser.exe" in the Tor Browser directory. This file was used to start past versions of the Tor Browser. Instead, use the shortcut "Start Tor Browser" (located in the same directory), which points to "\Browser\firefox.exe".
Why map of TOR nodes work
Why map of TOR nodes work sometime but not all time? Use Wind XP pro
try linux
try linux
Use Wind XP pro Read the
Use Wind XP pro
Read the article "Windows XP support has ended" (URL: http://windows.microsoft.com/en-us/windows/end-support-help)
And also ask yourself honestly why you have chosen to use Tor and not Microsoft Internet Explorer, Apple's Safari, Google Chrome or Mozilla Firefox in the first place.
This not a sensible answer.
This not a sensible answer. Wind 7 8 and 10 are much worse security because they send back data that it is hard to stop. If TOR no longer good for XP we should be told.
This is not a sensible
This is not a sensible answer. Win 7/8/10 may be worse for privacy due to tracking/phone home concerns, but WIn 7/8/10 are more secure as they receive security fixes.
XP is no longer good for anything, assuming you want security.
Nope, preferred Windows OS
Nope, preferred Windows OS if you still get updates. Which you can if you do a little searching.
> If TOR no longer good for
> If TOR no longer good for XP we should be told.
Tor's security is only as good as the security of the user's system. I personally don't care if people continue to use ancient operating systems (and if they get compromised due to their choices).
It is worth noting that eventually support for pre-Vista Windows will be dropped (https://trac.torproject.org/projects/tor/ticket/11445), though there is no set timeline for this currently, and ironically I was one of the people arguing against it the last time it came up.
This not a sensible
This not a sensible answer.
Spot on. But have you asked yourself why I gave a nonsensical answer in the first place?
Wind 7 8 and 10 are much worse security because they send back data that it is hard to stop.
And in your opinion, Window XP Pro offers better security....how? How does it accomplish that knowing that Microsoft ended its technical support for Windows XP a few years ago?
If TOR no longer good for XP we should be told.
No, don't wait for Tor developers to tell you the answer. Be proactive.
As you seem to be one of the rare few to use or advocate the continued use of Windows XP (a discontinued Microsoft product) and if you deem anonymity and security to be important issues, why don't you ask Tor developers directly and post their answer here? Their contact information is listed on https://sedvblmbog.tudasnich.de/about/contact.html.en
Alternatively you can post your question to Tor StackExchange (URL: https://tor.stackexchange.com/)
Hi fellow XP-user, I'm as
Hi fellow XP-user,
I'm as well using using XP, dont like win 7/8/10 (bloated, costly etc)
BUT
I'm using it only to access some hardware better supported by win. And for a game now and then :) And while using it, my lan is completely cut off from internet by my firewall.
I have switched to linux (debian) with a dual boot setup.
And it was a good decision. Some learning at the beginning, but after all it's absolutely great and secure. No problem to get to get used to it if you can work with XP.
I wouldn't have a good feeling to do just one step into internet with XP.
Maybe this could be a way to go for you too?
Thank you for suggestion,
Thank you for suggestion, but I tried linux and most of my programs would not work with it. It is fine for those who can afford to buy all new programs but i can't.
The Government says that
The Government says that anyone who uses privacy tools or encryption tools are deemed terrorists. What the heck?
The Government says that
The Government says that anyone who uses privacy tools or encryption tools are deemed terrorists. What the heck?
WHICH government says that? The American? The British? The Iranian? The Chinese? The Russian?
Please quote your source(s) with URLs.
Is the answer above ? French
Is the answer above ?
French government consider that every piece about privacy must be violate to be sold.
Terrorism is something like a trademark , a licensed manipulation "see etats voyou".
Cryptographic art allow you to be far , obfuscated , from outlaws research (government).
Using privacy tools or encryption tools will help you to not be a prey.
I read that 4 000 000 of persons are using tor ; how many are using pgp ?
Every terrorist can give you few millions of dollars so you should find the name and the address of the users of this blog and sold them ( they have friends in USA,UK Iran, Asia and Russia).
Is the answer
Is the answer above?
No.
French government consider that every piece about privacy must be violate to be sold.
Terrorism is something like a trademark , a licensed manipulation "see etats voyou".
Cryptographic art allow you to be far , obfuscated , from outlaws research (government).
Using privacy tools or encryption tools will help you to not be a prey.
We are lost here due to the differences in language.
Could you re-post your above statements in your native language?
https://www.laquadrature.net/
https://www.laquadrature.net/en/instrumentalizing-fear-to-control-encry…
https://firstlook.org/theintercept/2015/03/17/whats-scarier-terrorism-g…
if it is true, (... using encryption tool are deemed terrorist..) ; banning encryption tool will decrease the value of your life , so they will buy more (slaves/information) with less money (yours) and sell it better : encryption tool are also a barrier against slavery ... and laundry money ... at the opposite that they claim.
if it is true, (... using
if it is true, (... using encryption tool are deemed terrorist..) ; banning encryption tool will decrease the value of your life......
Your latest response contradicts your earlier one: French government consider that every piece about privacy must be violate to be sold.
Are you trolling here?
Did you know that financial institutions in any part of the world need encryption tools to protect financial transactions? When you pay your purchases with your VISA/Mastercard/JCB/Discover credit cards, details of your cards and purchase information are transmitted to the relevant parties (eg. VISA, Mastercard, bank) using encryption?
In the US, when Americans transact with certain US government agencies, the relevant US government websites use encryption?
I can only conclude that you are a troll. Enough said. I shan't be wasting my time on you.
https://fr.wikipedia.org/wiki
https://fr.wikipedia.org/wiki/%C3%89tat_voyou
https://de.wikipedia.org/wiki/Schurkenstaat
https://en.wikipedia.org/wiki/Rogue_state
https://zh.wikipedia.org/wiki/%E6%B5%81%E6%B0%93%E5%9C%8B%E5%AE%B6
https://ja.wikipedia.org/wiki/%E3%81%AA%E3%82%89%E3%81%9A%E3%82%82%E3%8…
https://it.wikipedia.org/wiki/Stato_canaglia
https://ru.wikipedia.org/wiki/%D0%A1%D1%82%D1%80%D0%B0%D0%BD%D1%8B-%D0%…
https://uk.wikipedia.org/wiki/%D0%9A%D1%80%D0%B0%D1%97%D0%BD%D0%B8-%D1%…
strange, all these "translations" are different from one site to another.
The French government
The French government consider that every piece about privacy must be violated for be sold.
The Terrorism is something like a trademark , a licensed manipulation "see etats voyou".
The Cryptographic art allow you to be far , obfuscated , from outlaws (government).
The encryption tools help to not be a prey.
Es la respuesta más arriba?
El gobierno francés la posibilidad que cada pieza de la política de privacidad debe ser violado para ser vendidos.
El terrorismo es algo así como una marca comercial, una manipulación con licencia "etats voyou".
La criptografía arte le permiten ser mucho , ofuscado , de forajidos (el gobierno).
Las herramientas de cifrado ayuda a no ser una presa fácil.
هو الرد أعلاه ؟
الحكومة الفرنسية تعتبر أن كل قطعة عن خصوصية يجب أن تنتهك على بيعها.
الإرهاب هو شيء مثل علامة تجارية ، مرخص التلاعب " انظر الدول voyou".
الفن الترميز تسمح لك أن تكون ، غموض ، من الخارجين عن القانون (الحكومة).
أدوات التشفير مساعدة لا يكون ضحية.
是对上述问题的答案吗?
法国政府认为,每一件有关隐私的侵犯必须出售。
恐怖主义是一个商标,一个许可操纵“voyou又何其多”。
先进的加密使您能够进行到目前为止,变得模糊不清,从水浒传(政府)。
加密工具帮助不是猎物。
Is het antwoord dan?
De Franse regering ziet dat elk stuk over privacy moeten worden geschonden worden verkocht.
Het terrorisme is zoiets als een handelsmerk , een gediplomeerd manipulatie "etats voyou".
De Cryptografische art kunt u veel , echter , door bandieten (regering).
De codering tools helpen om niet te worden overheerst.
Ist die Antwort oben ?
Die französische Regierung berücksichtigen, dass jedes Stück über die Privatsphäre muss verletzt für verkauft werden.
Der Terrorismus ist so etwas wie eine Marke , eine lizenzierte Manipulation "siehe Etats voyou".
Die kryptografischen Kunst ermöglichen Ihnen zu weit , verschleiert , von Outlaws (Regierung).
Die Verschlüsselung Tools Hilfe nicht als Beute.
È la risposta qui sopra?
Il governo francese considera che ogni pezzo sulla privacy devono essere violati per essere venduti.
Il terrorismo è qualcosa di simile ad un marchio , una manipolazione licenza "etats voyou".
La tecnica crittografica consentono di essere lontano , offuscato , da fuorilegge (governo).
Gli strumenti di crittografia consentono di non essere una preda.
Este răspunsul de mai sus ?
Guvernul francez considera ca fiecare bucată trebuie să fie violate despre confidenţialitate pentru fi vândute.
Terorismul este ceva ca o marcă comercială , o manipulare licenţiate "vezi etats voyou".
Arta criptografică vă permit să fie departe , baza obfuscated , de haiduci (guvernului).
Instrumentele de criptare pentru a fi o prada.
Est la réponse ci-dessus ?
Le gouvernement français estiment que chaque morceau sur la vie privée doivent être violé pour être vendus.
Le terrorisme est quelque chose comme une marque , une manipulation sous licence "voir". voyou etats
L'art cryptographique vous permettent d'être loin , OBSCURCIE , de hors-la-loi (gouvernement).
Les outils de chiffrement aident à ne pas être une proie.
היא התשובה לעיל ?
ממשלת צרפת לשקול כי כל פיסה אודות פרטיות חייב להיות הפר עבור מכר.
את הטרור הוא משהו כמו סימן מסחרי , מניפולציה עם רישיון "ראה אטאט voyou".
את האמנות קריפטוגרפית מאפשרות לך להיות רחוק , מעורפל , החל נחשבים לפורעי חוק (הממשלה).
עזרה של כלי הצפנה כדי לא להיות טרף.
- Это ответ на выше ?
Правительство Франции считает, что каждый участок о конфиденциальности должны быть нарушены для продажи.
Терроризм - это товарный знак , лицензированный манипуляций "см. Этат voyou".
криптографического искусства позволяют быть далеко , скрытый , от преступников (правительство).
Шифрование средства помогают не быть жертвой.
Think about it...it is not
Think about it...it is not that hard. NSA & FBI & other agencies, of course! Just do a search and you will find out that using privacy, encryption, or Tor will put you on a terrorist list. This is confirmed and verified, so just deal with it.
I downloaded
I downloaded torbrowser-install-5.0.1_en-US.exe (for windows 8) three times on two machines having two versions of ubuntu and windows 8. Each time I check sha256, it does not match the hash in the unsigned build txt file. The ubuntu tor version I downloaded had the correct hash.
Is anyone else having a problem with the windows 8 sha256 hash not matching?
Each time I check sha256, it
Each time I check sha256, it does not match the hash in the unsigned build txt file. The ubuntu tor version I downloaded had the correct hash.
Is anyone else having a problem with the windows 8 sha256 hash not matching?
Below are the comments by gk posted on June 16th (URL: https://ocewjwkdco.tudasnich.de/blog/tor-browser-452-released#comments):
""As the name of the file implies this is the checksum of the *unsigned* .exe. Have you stripped the authenticode signature first, before comparing the SHA 256 sums? See: https://sedvblmbog.tudasnich.de/docs/verifying-signatures.html.en#BuildVerif…""
In addition the below comments taken from "How to verify signatures for packages" (URL: https://sedvblmbog.tudasnich.de/docs/verifying-signatures.html.en#BuildVerif…) are note-worthy:
""These "checksums" help you answer the question "Did I download this file correctly from whoever sent it to me?" They do a good job at making sure you didn't have any random errors in your download, but they don't help you figure out whether you were downloading it from the attacker.. The better question to answer is: "Is this file that I just downloaded the file that Tor intended me to get?"""
Am I the only one with
Am I the only one with German edition of TBB has problems with this:
- language is set to de,en-US;q=0.7,en;q=0.3, this is not the right thing according to ip-check.info.
Fingerprint-test at panopticlick.eff.org has
"...one in 4xxxx ([rounded]) browsers have the same fingerprint as yours."
Usually it has only a few hundreds instead of 40k.
I guess it's the same problem with the "language":
HTTP_ACCEPT Headers
bits of identifying information: 7.xx
one in x browsers have this value: 140.x
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 gzip, deflate de,en-US;q=0.7,en;q=0.3
Any workaround? Any fix? Any help? Ty
TBB just did a major Firefox
TBB just did a major Firefox update ESR31 -> ESR38. Before, the signature was the same for a LONG time. So just wait a bit, while more ESR38 users are being picked up.
It's similar with English, TBB 4.5.3 is 1/300; TBB 5.0 is 1/4000.
Thanks, let's wait and see.
Thanks, let's wait and see. Cheers
But this "de" in
But this "de" in "de,en-US;q=0.7,en;q=0.3" means German language so it looks to me that something is wrong cause it shouldnt be readable this de. Also http://ip-check.info recommends a signature without "de."
Can someone test? Which language version?
I can not find any
I can not find any information on the correct SHA256 for goal. Can someone tell me whether this is sha 256 korrket me?
Many thanks!
torbrowser-install-5.0.1_de.exe
sha256 = d5ea00a10dac354e0bd4b83510bb98e26ac00921790513a144f4ad43d8b85e97
Look at the answer to a
Look at the answer to a similar question above: you have to strip the authenticode signature first.
1° download your .exe and
1° download your .exe and .sig/.asc
2° open a terminal and type that
A°
cd downloads
*the folder where are the files .asc/.sig and tor.exe
B°
gpg --verify torbrowser-install-5.0.1_de.asc torbrowser-install-5.0.1_de.exe
*ID key is written (D40814E0 e.g.), copy it and paste it at the end of the next command.
C°
gpg --keyserver x-hkp://pool.sks-keyservers.net --recv-keys [ID key=8]
.*ID key is added.
D°
gpg --verify torbrowser-install-5.0.1_de.asc torbrowser-install-5.0.1_de.exe
*good signature
I can not find any
I can not find any information on the correct SHA256 for goal. Can someone tell me whether this is sha 256 korrket me?
No, don't verify your downloads using hashsums. Why? According to "How to verify signatures for packages" (URL: https://sedvblmbog.tudasnich.de/docs/verifying-signatures.html.en):
These "checksums" help you answer the question "Did I download this file correctly from whoever sent it to me?" They do a good job at making sure you didn't have any random errors in your download, but they don't help you figure out whether you were downloading it from the attacker. The better question to answer is: "Is this file that I just downloaded the file that Tor intended me to get?"
Read the section "Where do I get the signatures and the keys that made them?" and pay attention to the section "Windows" starting with the following lines:
You need to have GnuPG installed before you can verify signatures. Download it from http://gpg4win.org/download.html.
Once it's installed, use GnuPG to import the key that signed your package. Since GnuPG for Windows is a command-line tool, you will need to use cmd.exe..blah...blah
This pretends that
This pretends that downloading a crucial security file from an non-secure site to get security is perfectly sensible.
Please, at least discuss the workaround.
Hi i have a question
Hi i have a question
tor is for search but for what?
in first i am waiting my conexion is bad
I'd highly recommend the Tor
I'd highly recommend the Tor project consider switching to Pale Moon as a base for future versions of the Tor browser. Pale Moon is an Open Source fork of Mozilla/Firefox that is faster, lighter, and does not implement all the bloatware that is prone to vulnerabilities (Hello, Pocket, Reader+, Share, Telegram, etc). Also, Mozilla, in its infinite wisdom, has decided its going to deprecate XUL and XPCOM, which is essentially the very foundation of the browser. This will break virtually every extension in existence and be the end of customization. The future doesn't look good for FF.
on linux x64 with 5.01
on linux x64 with 5.01 torbundle verified
i opened vnbook before the connection to tor and the result is negative
log ; ******/2015 ****.
100 [WARN] Problem bootstrapping. Stuck at 80%: Connecting to the Tor network. (Connection refused; CONNECTREFUSED;count 10; recommendation warn; host
**********************************************
100 [WARN] 9 connections have failed:
100 [WARN] 9 connections died in state connect()ing with SSL state (No SSL object)
does it mean that my connection with openvpn (vpnbook) is not encrypted ?
does it mean that vpnbook does not allow a connection with tor ?
does it mean that vpnbook
does it mean that vpnbook does not allow a connection with tor?
Forget about vpnbook. It's one of the worst privacy-enhancing proxies ever.
ok , i thank you for your
ok , i thank you for your answer ; let's forget vpnbook ( i uninstall it now) but could you pls explain the reason why you think vpnbook is the worst privacy-enhancing proxies ?
usa spot ?
obsolete product ?
unsafe encryption ?.
informant admin ?
https://www.deepdotweb.com/20
https://www.deepdotweb.com/2014/07/08/is-your-vpn-legit-or-shit/
VPNBook is free but we presume monitored, either for marketing data, or for government, or both. Maybe it’s also a non-Tor pool for government to hide some activities, nobody is sure.
VPNbook is a Interpool-NSA-Private companies honeypot, DO NOT USE IT!
http://www.malwaretech.com/20
http://www.malwaretech.com/2015/08/creating-ultimate-tor-virtual-networ…
This is so good. Why hasn't this been brought up earlier by Tor Project?
This is so good. Why hasn't
This is so good. Why hasn't this been brought up earlier by Tor Project?
There's a much superior product that's been on the open-source market for quite some time now.
Surf to https://www.whonix.org/
windows tutorial for running
windows tutorial for running a malware test ; tor project recommend tail or tor bundle.
"One of the mechanisms that
"One of the mechanisms that an attacker may employ to figures out which relay is the first hop and which relay is the last hop of a client is by compromising the middle node. Once an attacker compromised the middle node, then she knows which hop is the first node and which hop is the last node the client is using, and now the attacker can compromise these hops to de-anonymise the client. The Guard is specially vulnerable now because it is stationary for weeks and months. If there were several middle nodes, then the attacker was not able to obtain this information from any of the middle nodes"
Why not 4 or more hops?
https://sedvblmbog.tudasnich.de/do
https://sedvblmbog.tudasnich.de/docs/faq.html.en#ChoosePathLength
"it increases load on the
"it increases load on the network!" ...
I think there is no shortage of middle nodes.
The nodes have become faster over the last years.
..."without providing any more security".
It does abate the attack vector described by the poster.
Please list the
Please list the countries/cities to avoid in the Nodes because of SIGINT surveillance and instruction for configuration.
Why there is no Security Level slider for this or this is not posted on main page?
Why nodes can be from the same country by default?
Why with New Tor Circuit for this Site the cookie stays the same?
I also have this problem of
I also have this problem of nodes always being the same at the top of the list and other times the map not working at all. Just checked with a friend who has also found this after checking the nodes list. Strange no response from the TOR developers.
1/2 off-topic but TAILS has
1/2 off-topic but TAILS has no simple open contact side.
Mail-list to complicated.
It has a 'stable' strange bug. Very reproducible in all versions of Tails i had.Tails only.
When i pull windows -bigger,small- the desktop is crashing.
Black fullscreen,sad smiley and:
"Oh no! Something has gone wrong.
A problem has occurred and the system can't recover.
Please log out and tray again.
|Log Out|"
System-messages from the desktop are visible.
It seems to be TBB and Vidalia.
Note to desktop crash bug in
Note to desktop crash bug in Tails.
I had sent this to the Tails developers with Whisperback.
May it helps.
Do you know any popular
Do you know any popular servers that could automatically generate padding from your tab?
Other popular solutions?
Problems mentioned in docs look pathetic.
my tor does not work i have
my tor does not work i have download it and installed step by step but when i hit the connect it stays in LOADING NETWORK STATUS and it does not load the whole way? /?? can some one pls help me
How come -> 2 versions of
How come -> 2 versions of 'https-everywhere' firefox add-on = v5.0.7 + v5.1.0,
despite restarting TBB 5.0.1 twice ?
It's called invasion of
It's called invasion of privacy!!!!!!!!!!!!!!!
I Used To Have A Lot Of
I Used To Have A Lot Of Respect For Tor. I Still Respect most of the coders , But After Reading Many Many Pages Like this one, Most of The Respect is Gone Out the window with the Water and the baby Also. No wonder Tor Cannot find a Director!
Do you think Tor has been
Do you think Tor has been compromised? Do you think Tor is in bed with the Government? I just hope not. I do not want to find out that all Tor users have been under monitoring by the military at the very end and everything was all smoke and mirrors.
I just hope Astoria and Hornet will come out faster or sooner so we can test out true and absolute privacy. I also hope that DarkMail comes out sooner so that our emails cannot be tracked anytime or anywhere.
I also have some good news for you Californians. All electronic data search requires a warrant now as of June 2015. Good luck to you Westerners out there!
All right. For those who
All right. For those who wanted to know who says you are a terrorist or extremist if you use encryption, privacy, or Tor? You guess it! Check out these articles to update your knowledge.
1) NSA Targets As “Extremists” Americans Who Simply Wish to Protect Themselves from Oppression @ http://www.washingtonsblog.com/2014/07/nsa-targets-extremists-people-tr…
2) Your Interest in Privacy Will Ensure You’re Targeted By The NSA @ http://www.makeuseof.com/tag/interest-privacy-will-ensure-youre-targete…
3) The NSA Thinks You Are an Extremist If You Care About Privacy @ http://securitywatch.pcmag.com/privacy/325273-the-nsa-thinks-you-are-an…
4) 25 More Ridiculous FBI Lists: You Might Be A Terrorist If . . . @ http://www.networkworld.com/article/2221637/microsoft-subnet/25-more-ri…
Enjoy!
the links are in http, not
the links are in http, not in https (tor must be set in https for preserving your privacy).
i do agree with you even if the arguments are not mine ( i should say that it is not an American idea and live in full nudity is also a consequence of gay & migrant movement ). The Government(s) _ (bankers !) _ do not need a people with an history, a culture or an identity ; only consumers are welcome so,the real population - 'genuine '- must disappear without trouble and in silence. It seems that this strategy does not work ... a criminal/terrorist/extremist is now someone who refuse to be outside of the society ; encryption tool is another manner to be a patriot, a citizen,
why tor browser seems only
why tor browser seems only connect to ip 66.228.44.204? when tried dld a torrent file was sent (torentname).exe file instead? something wrong or coincidence? btw is there a sha or md5 for the torbrowser?