Tor Browser 7.0.2 is released
Tor Browser 7.0.2 is now available from the Tor Browser Project page and also from our distribution directory.
This release features an important security update to Tor.
We are updating Tor to version 0.3.0.9, fixing a path selection bug that would allow a client to use a guard that was in the same network family as a chosen exit relay. This release also updates HTTPS-Everywhere to 5.2.19.
Here is the full changelog since 7.0.1:
- All Platforms
- Update Tor to 0.3.0.9, fixing bug #22753
- Update HTTPS-Everywhere to 5.2.19
Comments
Please note that the comment area below has been archived.
with this update, tor…
with this update, tor browser is no longer connecting to onion sites (times out). i am using sierra 10.12.5. should i downgrade to tor browser 7.0.1?
I guess the onion site in…
I guess the onion site in question is down temporarily? Looking over the changes in tor 0.3.0.9 I cannot see one that would be causing this behavior.
Здравструйте, Уважаемые…
Здравструйте, Уважаемые Администраторы и менеджеры! Я не очень хорошо знаю Английский язык, более 20 лет живу в России. Вы не могли бы по-русски написать мне, правильно ли я подключился к сети Tor ? Нужно ли выполнить еще какие=то действия? Могу ли я пользоваться почтой анонимно и как это делается?
С Уважением Александр.
Александр, наберите в…
Александр, наберите в поисковике браузера под тором "мой IP" и сразу поймете, правильно ли Вы подключились.
Александр, люди, не знающие…
Александр, люди, не знающие английский слишком похожи на сотрудников Роскомнадзора. Помощи не получишь. Учи язык международного общения и вливайся в международное сообщество. Может тогда и желание работать на РКН отпадёт.
I experienced (for the first…
I experienced (for the first time) difficulty to connect to Tor 'network'. I then try to configure it with the 'option' of if my isp is blocking Tor network,
and then I could connect very fast.
How is Tor (Tor Browser)…
How is Tor (Tor Browser) working in China now?? It seems Tor faces the most serious problems with China and the Great Firewall, so I'm wondering how that is going on now: can people from within China use Tor now, how difficult to use Tor from China,...?
As far as I know, people in…
As far as I know, people in China can use Tor with a meek bridge.
Thank you, pastly :)…
Thank you, pastly :)
I was being attracted so much by the information flow regarding "the Sino-Tor war over the Great Firewall"; I hope people from within China will be able to pass the obstacle(s). It sounds like they (the PRC Gov) did put huge efforts to block the people from using Tor (that struggle must cost them a huge amount of money and resources). I still want to dig in that war. xD
Every human being should…
Every human being should have the right o all the benefits of technology such as using Tor because of the apparent costs. Open all channels...Ready to Recieve
could you explain "meek…
could you explain "meek bridge" ? thanks?
Bridges:…
Bridges:
https://sedvblmbog.tudasnich.de/docs/bridges
meek is a pluggable transport that some bridges use.
yes,we can,but with a lot of…
yes,we can,but with a lot of connecting problem,and the speed is not good at all(for my instance,about 20-200k downloading speed over my 30M fiber broadband)
most pages need to be refreshed 2-3 times until it can fully loaded.
all Chinese ISP block Tor,if you are lucky enough,you can use obfs4 and link to tor network,but if you are not,seems you triggered something in GFW,then you cannot connect to tor for a while.meek also may work,but in a much lower possibility.and if you havn't use tor for a few days,you may need to manually add a new bridge...
sorry for my poor english,and thanks for all tor guys,you guys are awesome
Tunnel Tor through Freegate …
Tunnel Tor through Freegate (127.0.0.1:8580) is faster than OBFS bridges, but from this version Tbb 7.02 127.0.0.1:8580 becomes unusable, why?
Could you share your setup…
Could you share your setup so we can try to reproduce your problem? Which operating system are you using? Do you get any error messages?
Hello Tor Browser folks!…
Hello Tor Browser folks! Will there be an alpha release as well with the fix? Thanks.
I believe there will be. I…
I believe there will be. I saw them on the tbb-dev list working on new builds.
Why is the entry relay is…
Why is the entry relay is always the same? (same IP) even after I click on "new Tor Circuit for this site".
That's by design. It's fine…
That's by design. It's fine. It's safer that way.
https://sedvblmbog.tudasnich.de/docs/faq.html.en#EntryGuards
The OP hints at a common …
The OP hints at a common (and perfectly natural) misconception about keeping Tor circuits as hard as possible to deanonymize, one which I notice has come up here several times in the past few months. It would be nice to work towards keeping visible at sedvblmbog.tudasnich.de an up-to-date FAQ with short authoritative answers to the most frequently *recently* asked questions which have recently arisen in discussions with users here and in other help venues, written for ordinary users rather than for sophisticated techgeeks or other developers.
The community team (https:/…
The community team (https://trac.torproject.org/projects/tor/wiki/org/teams/CommunityTeam) is currently working on the Tor Project support portal, which will serve this function. Currently we are compiling content on the wiki at https://trac.torproject.org/projects/tor/wiki/org/teams/CommunityTeam/S…, however we plan to migrate this to a proper support page in the near future.
About those weekly chats: …
About those weekly chats:
I know Tor Messenger is only beta, but the irony is that if you junked OFTC and used a chat room at Calyx Institute (for example), the weekly chats would be accessible to Tor Messenger users without endangering themselves by offering money and contact information. That would mean that more Tor users could participate. And you'd be able to explore large scale use of OTR chats, etc. And you could invite tech reporters to join the discussion, giving Tor users a chance to interact directly with reporters. Of course USIC would show up to, hence the need for strong anonymity.
Tor Messenger may be only beta, but it is the *only* chat I can use.
+100!!!…
+100!!!
Wonderful post!
I've tired to explain Tor folks that they should provide anonymous access to their chats!
Tor Messenger needs more love!
Glad to see someone out…
Glad to see someone out there agrees with me!
I think Tor Messenger is without doubt one of the most promising projects from the Tor team. If it ever gets an impressive security audit and goes into "production", I think it could be the "killer ap" ordinary people all over the world so badly need--- even if they don't yet realize that they need it!
Tor Messenger supports not…
Tor Messenger supports not just XMPP but also IRC, you a free to use TM to connect to #tor. #tor-project etc on the OFTC network.
How would I get an account…
How would I get an account anonymously?
Provide detail please.
I started TOR and was told…
I started TOR and was told its out of date and clicked to update. So I just loaded the update and now I cant get TOR to start at all? Any help gratefully received
What happens when you try to…
What happens when you try to start Tor Browser? Do you get an error message?
I dont get any thing show on…
I dont get any thing show on screen at all. No error messages or anything. In Task manager in background tasks, it shows for a few seconds and uses up to 7% CPU but then just stops?
I guess you are on Windows?…
I guess you are on Windows? If so, which version? Do you have some antivirus/firewall software installed? If so, which? Could you uninstall it and check whether that solves your problem? Disabling it is often not enough.
Thanks for the suggestion…
Thanks for the suggestion. Its Windows 10, but I have upopdated TOR on many ocassions without any problems at all. The file downloads cleanly and seems to install OK, but just does not run. I have ever had an issue with either my antivirus or firewall previously. I have tried removing TOR and going back to 7.0.1, but now no difference?
Do you have maybe Trusteer…
Do you have maybe Trusteer installed on your machine?
Some users reported problems when it is installed on their machine:
https://trac.torproject.org/projects/tor/ticket/22615
Boklm, Thanks for the…
Boklm, Thanks for the suggestion. I do have Trusteer installed but have not had any problems at all with either that or with TOR until I did the update to 7.0.2. I cant seem to uinstall TOR using the usual windows methods, but have deleted the TOR directory and reloaded 7.0.1 but no joy there. I then deleted the TOR folder again and downloaded 6.5 and that installs and runs OK, but of course with all the known problems up to 7.0.2!
Thanks for the help and suggestions
Jon
I have the same problem
I have the same problem
I had the same problem, but…
I had the same problem, but I know now that it is because I have
a private firewall in Windows, so when you disable this firewall I had no problems
anymore by downloading the new version.
Can I use TOR browser also in Linux; if so how to install?
bgr…
bgr
Many thanks, I shall try that when I have time.
Just get the respective…
Just get the respective Linux bundle from our website, extract it and change to the tor-browser_YOURLOCALE directory. Then either click on the Tor Browser setup or start it via command line
./start-tor-browser.desktop
Why does Tor sometimes…
Why does Tor sometimes connect to the same entry node twice at the same time?
Are you seeing the same…
Are you seeing the same first node on multiple websites? That's by design. It's fine. It's safer that way.
https://sedvblmbog.tudasnich.de/docs/faq.html.en#EntryGuards
"Are you seeing the same…
"Are you seeing the same first node on multiple websites?"
Sorry, that's not what I meant.
When I use netstat (in Linux) I often see the same entry node connected to, twice. Not in the browser, I know about that and it's natural, but instead from my PC to the same entry node IP, but twice, two connections open. Now why would that be?
Intriguing!…
Intriguing!
What Tor version? If it's a recent one, and this is repeatable behavior, we want to know.
In particular, Tor 0.3.1.1-alpha has some fixes to reduce the chance of this situation happening, so it would be especially useful to know if you see these issues before 0.3.1.x but not after it.
7.0.2 is not perfect &…
7.0.2 is not perfect & sometime i wonder who is lying or corrupted ... no comment.
about:config
https://www.wordfence.com/blog/2017/04/chrome-firefox-unicode-phishing/
April 14, 2017
Firefox Phishing Attack Uses Domains Identical to Known Safe Sites
Do a search for ‘punycode’ without quotes.
You should see a parameter titled: network.IDN_show_punycode
Change the value from false to true.
It removes the “open with” option from the download dialog
Hands up! I’m not really sure why this is considered a vulnerability, but it is! To turn this feature on:
browser.download.forbid_open_with
Double-click anywhere on the parameter to change it to true.
*and of course for tor_sandbox :
*Toggle the following two preferences so that their value becomes true:
*extensions.torlauncher.control_port_use_ipc
*extensions.torlauncher.socks_port_use_ipc
*you must install bubblewrap on debian.
This seems to be a reliable…
This seems to be a reliable source:
https://nakedsecurity.sophos.com/2017/04/19/phishing-with-punycode-when…
Phishing with ‘punycode’ – when foreign letters spell English words
19 Apr 2017
Paul Ducklin
From about:config in Tor Browser (in Tails 3.0.1, so should agree with TB 7.0.2):
network.IDN_show_punycode;false
So I agree this would seem to be a problem, unless someone knowledgeable has tested TB 7.0.2 against punycode redirection schemes and confirmed it is not vulnerable, and understands why the attacks fail (if they do fail).
Assuming the TB teram really did miss a vuln, however, I think you might be too harsh on them-- anyone who has tried to plow through the about:config options will have some sense of the frightful complexity of Firefox (or another major browser). What matter is not that they (mebbe) missed a hole but how quickly they fix it.
> *and of course for tor…
> *and of course for tor_sandbox :
Which is a separate download all together, but ok.
> *Toggle the following two preferences so that their value becomes true:
> *extensions.torlauncher.control_port_use_ipc
> *extensions.torlauncher.socks_port_use_ipc
Unneeded with the bubblewrap based sandbox, and instead will break everything.
Totally worthless for the standard Tor Browser because there is no policy enforcement of "Only use AF_LOCAL" sockets, and adding any enforcement will result in a browser that can't load pages due to a Firefox bug (See #22794).
> *you must install bubblewrap on debian.
Will do nothing for standard Tor Browser, but yes, that is required for the real sandboxed Tor Browser.
many thanks for all the team
many thanks for all the team
Since the update I haven't…
Since the update I haven't been able to get Tor to launch
What OS? Do you have…
What OS? Do you have antivirus installed?
If Windows and you don't have antivirus installed, can you look at the following ticket and see if you can help out? Maybe it is related?
https://trac.torproject.org/projects/tor/ticket/20890#comment:3
It is very rare that I do…
It is very rare that I do this but while I had a few tabs open on 7.01 I decided to switch to off-line so I can open a non-secure connection with a different browser. Push come to shove, I left it idle for 30' and came back. The bugger had updated itself over tor and was asking me to restart WHILE IT WAS OFFLINE.
No good. If off-line does not mean off-line I recommend you take the mozilla button off or disable it altogether. I know it is better to shut-it-off and kill the tor daemon, but then why is there an offline button.
I strongly believe that simultaneous connections to tor and non-tor is a security weakness that I try to avoid.
Meanwhile, about 5 versions back I had written in the old blog about the "about" button/window staying on while the rest of the browser would shut-down and restart for a new tor circuit. A window is a window, whether browsing or displaying the about information. I was told then it was a bug meant to be looked at. It is still the same, isn't it?
AND, to top it all off, now we need to enable scripts to leave a comment?
> I strongly believe that…
> I strongly believe that simultaneous connections to tor and non-tor is a security weakness that I try to avoid.
I agree, and I am pretty sure TP will too.
> now we need to enable scripts to leave a comment?
Before trying the "new blog" I was afraid that would be the case, but it seems not to be. I have been able to post with javascript disabled. However, after hitting the post button, I have to hit the "new identity" button because otherwise TB will try to endlessly reload. This is awkward and probably somewhat dangerous (because it seems like it could perhaps make it too easy for an adversary with too much net presence to deanonymize and barrel bomb me) but it has not prevented me from commenting.
Another way would be to use a dedicated Tails session (boot from a live DVD burned from a verified ISO image) for each visit in which you anticipate trying to make even one post, to visit only ocewjwkdco.tudasnich.de during the Tails session, and to leave javascript enabled in TB (security level medium in the slider). I don't recommend changing the security slider during a browsing session, because I have observed that this appears to lead to many suggestions of unanticipated and possibly dangerous behavior by the complicated (TP, Mozilla, OS) software systems involved. But this method would possibly also be too easily spotted by too many bad guys.
The safest way, as always, alas, is silence.
At least until TP acquires sufficient resources to devote adequate effort to make blogging here reasonably safe for wary endangered Tor users.
Until then people who feel less endangered can try to speak for those who are more endangered.
> The safest way, as always,…
> The safest way, as always, alas, is silence. (lol)
if the safest way is silence you should avoid all tor & foss projects and to be involved or to feel concerned :
avoid tor & tor-sandbox
avoid onion
avoid tutanota
avoid otr & tox
avoid cryptocat
avoid ricochet
avoid onionshare
avoid pgp
avoid codecrypt
avoid onepad
avoid sks
avoid 443
avoid dns
avoid openvpn
avoid linux
avoid english
avoid walk on the right side
avoid all anonymous comments
avoid privacy & dignity
avoid to be a human being
> The safest way, as always, alas, is silence. (lol)
Hi, death,…
Hi, death,
I think we are actually saying the same thing: being on the Internet is dangerous, but necessary for life, so life is dangerous, but instinct demands that we try to prolong life, so... huzzah tor and all those other nice things you mentioned!
Some years ago a poster requested in this blog that Debian developers introduce quantum-cryptanalysis resistant crypto, and codecrypt (confusingly, man codecrypt doesn't give a man page, but the utility is ccr and man ccr gives a man page) tries to work toward that need. However, I wish it had more extensive documentation.
Keep the good stuff coming, please, FOSS people!
https://github.com/exaexa…
https://github.com/exaexa/codecrypt
it needs an audit (like most foss).
it needs practice and i have not found a site for that but pgp has several which this one :
https://www.reddit.com/r/GPGpractice/
or this one working only in pgp
https://keybase.io/tlikonen
eff is preparing a new guide :
https://www.eff.org/secure-messaging-scorecard
foss :
https://privacytoolsio.github.io/privacytools.io/
Never trust any company with your privacy, always encrypt (especially if you suspect some of them working on the bad side e.g protonmail).
> it needs an audit (like…
> it needs an audit (like most foss).
And much better documentation (like too much FOSS).
But I don't want to sound harsh: at least some individuals out there are trying to help.
Still, it seems clear that what we need a concerted global cooperative effort to develop, code, audit, and promote post-quantum crypto. Such concerted cooperative efforts to make something everyone needs happen is best done by governments, but we have the special problem that all the world's governments now seem to hate anything which empowers citizens, such as strong crypto.
Describing the problem is easy; fixing it will not be. But fix it we must, somehow.
> https://www.eff.org/secure-messaging-scorecard
Very cool! I hope they at least mention Tor Messenger, maybe even urge readers to consider a donation to Tor Project.
My guess is that the…
My guess is that the download happened right before you moved to offline mode. I just tested it with 7.0.1 and moved immediately into offline mode after start-up. The download of the update and all network requests got blocked for me.
The about-window-issue is still open, yes, see: https://trac.torproject.org/projects/tor/ticket/10952
since the update i cannot…
since the update i cannot connect to any onion sites, the connection just times out, however all other sites are fine... any info or help/advice?
In order of likelihood, my…
In order of likelihood, my guesses are:
A) The onion sites you're trying are all down. Try http://duskgytldkxiuqc6.onion/ or https://www.facebookcorewwwi.onion/
B) Your time or date or timezone on your computer are set wrong.
C) You messed with your Tor Browser configuration a bunch and you broke the proxy settings or some other piece of the config.
Let us know which one it is. :)
I notice that Debian 9.0…
I notice that Debian 9.0 installer is more aggressive about making everyone use NTP (Network Time Protocol) than Debian 8.0. Years ago users were warned that NTP is hopeless insecure. I hope that is no longer the case!
> Your time or date or timezone on your computer are set wrong.
Quick question about that: what is the approximate time scale where clock offsets can interfere with using onion services?
Another issue with strangely set system clocks is presumably that this can assist the bad guys in deanonymizing us.
And why i can't set time -hh…
And why i can't set time -hh:mm:ss- manually without using NTP?
thanks for update !!…
thanks for update !!
i checked with http://ip-check.info/
with highest setting there are two points that the site mark bad:
- Authentication: unique ID
- Cache (E-Tags): unique ID
Is this ok so or what should I do?
thanks !!
both can read an
go into About:config and…
go into About:config and turn off memory cache to disable the -Cache(E-Tags) Unique ID's
as far as the Authentication unique ID. there is no way to do so in firefox/tor. (so the only way you can safely get a new Authentication ID is to restart Tor each time you want to revisit a site you already previously visited.
We believe those are false…
We believe those are false positives which the test can't detect right now. We contacted the ip-check developers and they are working on a fix.
thx !!
thx !!
Cannot change listen and…
Cannot change listen and control ports using the TORRC file.
I tried switching ports to 9250 and 9251 however in Process Explorer it shows TOR listening on 9250, 9251 and the default 9150, 9151.
Also, I tried setting the SOCKS port in the browser network tab to 9250 and it crashes on startup.
I figured out why TOR…
I figured out why TOR crashes if you change the ports, there are invalid characters in the commandline, but I don't know how they get there.
If you change TORRC to use SocksPort 9250 and ControlPort 9251, you end up with this commandline:
+__ControlPort 9251 +__SocksPort
for some reason the Tor Browser adds those two plus signs which causes Tor.exe to crash. If you copy the entire commandline to a windows batch file and remove those plus signs, Tor starts and listens on the custom ports.
Could you get us a log file…
Could you get us a log file containing debug output so we can investigate the crash further? You could add a log entry to your
torrc
file likeLog path\to\your\logfile\name
. Or you could overwrite thetor.exe
file in your bundle with the one from the expert bundle (https://archive.torproject.org/tor-package-archive/torbrowser/7.0.2/tor… for the current one). And starting Tor Browser afterwards should give you a console with tor log messages.Sorry for the late reply…
Sorry for the late reply...
The crash still happens with TBB 7.0.11 and when adding the LOG option to torrc, no log is generated. Also, replacing TOR.exe with the one from the expert bundle doesn't help. The debug window closes almost immediately.
How does your torrcfile look…
How does your
torrc
file look like after you added the log option?Question for arma or another…
Question for arma or another knowledgeable Tor employee:
I used Debian 9.0 (stretch). I have installed Debian-tor to use apt-transport-tor so that I can access the repos using the onion mirrors, in hope of improving security (both anonymity and integrity) of sofware updates, as per
https://ocewjwkdco.tudasnich.de/blog/tor-heart-apt-transport-tor-and-debian…
The configuration file is in /etc/tor/torrc and it seems that the default configuration might not be optimal for apt-transport-tor. (I can use Tor Browser for web-browsing, which has its own tor engine and configuration.)
What is the safest configuration for users of apt-transport-tor?
I think the default torrc…
I think the default torrc that you get with the Tor deb should be fine for use with apt-transport-tor.
(There are indeed power users out there on the Internet who make guides about all the knobs that you should turn. Every time you turn a knob you risk standing out a bit more. That's why we try to make the defaults good enough for most people.)
Thanks much for the prompt…
Thanks much for the prompt and authoritative answer to my question!
I try to always keep in mind the tradeoff between maximing anonmyity (e.g. by using the default settings) and attempting to minimize vulnerabilties to the latest known attacks. This always involves difficult choices made on the basis of too little or too unreliable information, yet the choices must be made, so...
BTW, I accept that while Tor people know much much more than I do, anyone can be wrong, a risk which I also accept, because I know you are doing the best you can under difficult circumstances.
tails fails to start tor…
tails fails to start tor after update to 3.0.1
log says:
/var/lib/tor has wrong permissions
config file can not be read
I Want 64BITS Version! :(
I Want 64BITS Version! :(
Make it! ;)
Make it! ;)
I'm asking for Tor E-mail…
I'm asking for Tor E-mail Client, please, make one I can recommend to freedom people.
TorBirdy is an extension for…
TorBirdy is an extension for Mozilla Thunderbird that configures it to make connections over the Tor network: https://trac.torproject.org/projects/tor/wiki/torbirdy
But no anonymous remailers…
But no anonymous remailers are involved, correct? So that you still need to obtain an email account from an ISP, presumably using your real identity at some point? (Note that ecash is typically not anonymous when your adversaries include the governments of SY, RU, US, etc.)
Without an [desktop-based]…
Without an [desktop-based] email client (Thunderbird, Torbirdy,...) you can still use email in a safe way with https: by using the web-based email client of "quite trustable" providers like gmail (typing, sending, reading,... doing everything on the browsers, not on the desktop-based clients.
By using gmail that way (right on the browsers, not on desktop-based client), your LOCAL ISP will have no way to eavesdrop your email communication. Google themselves and NSA, however, may still be able to read your messages , so to cut through Google+NSA noise, use GPG to encrypt important information in the emails, only use plain text for unimportant information.
By using the two tactics (https emails like gmail and GPG to encrypt important information), all the third-parties (your local ISP, international ISP, NSA,...) will have ZERO chance to read your messages. Quite a bit more sophisticated, and require your partner to have to use GPG too, but using email will become "able" and safe for you.
gmail is not at all…
gmail is not at all recommended : avoid _ tutanota could be a better option e.g.
Hello!…
Hello!
How to make Tor traffic look like multiple file downloads over HTTP/XHR (not HTTPS)?
Will it ever be implemented?
Hi!! Can a dev pls hlp me…
Hi!! Can a dev pls hlp me out? how u use bitcoin core with tor??? before you had vidalia... now u only have tor browser... how can u use just tor without open tor browser... so you can activate tor and bitcoin core to run over tor... u have to open ur tor browser at same time?
I wanna know this too!
I wanna know this too!
https://www.eff.org…
https://www.eff.org/deeplinks/2017/06/be-prepared-summer-security-camp
Be Prepared: Summer Security Camp
Aaron Jue
20 Jun 2017
> EFF has just launched the Summer Security Camp, a two-week membership drive that challenges people everywhere to gather ‘round the online rights movement and prepare for the privacy and free speech challenges in their paths.
Fuck this download!!! its…
Fuck this download!!! its fucking everything up for me. I can't log on to a certain site and never had a problem until this shitty update!!!! I HATE THIS SHIT, I'M LOSING STUPID MULAH!!!!!
How can I use Roboform?
How can I use Roboform?
Thank you for your work…
Thank you for your work. Russia needs TOR very much under Putin
Anyone has more information…
Anyone has more information regarding Bogatov, like a potential release or so?? Any update?
I also would welcome an…
I also would welcome an update.
YouTube is still not…
YouTube is still not displaying properly (flashing when content overlaps).
I opened a ticket for that…
I opened a ticket for that to track the issue down and fix it: https://trac.torproject.org/projects/tor/ticket/22868. Thanks for reporting.
While update....there is…
While update....there is DETECTED:EE:Malwr.Heru.Graftor.369260
Why??????????????????????????????
thank you for this apple
thank you for this apple
As so many questions in this…
As so many questions in this blog from understandably confused newbies constantly demonstrate, even experienced Tor Browser users often don't know things they need to know in order to use Tor (or their indeed their PC/laptop) in less dangerous ways, given the threat environment facing Debian+Tor users.
I appeal again to the Debian Project/Tor Project team which (thank you!!) authored the "Tor at the Heart" post popularizing the onion service mirrors for Debian to do more to help Debian users avoid making potentially harmful errors.
Example: can you publish an updated version of the original post
https://ocewjwkdco.tudasnich.de/blog/tor-heart-apt-transport-tor-and-debian…
(and thanks for posting that!), taking account of the fact that the new Debian stable is stretch, and also of the fact that at some point contrib and non-free were quietly added to the onion mirrors (and thanks for doing that, it was badly needed!), please?
Example: can you publish a tutorial on how to use nftables (the replacement for iptables in Debian stretch)
https://wiki.nftables.org/wiki-nftables/index.php/Main_Page
to set up a personal firewall on our PC/laptop which
o plays nice with DHCP (for talking to a SOHO wired router),
o same for other common SOHO or internet cafe usage scenarios,
o doesn't inadvertently block other necessary and legitimate actions,
o plays nice with Debian-tor (for using apt-transport-tor),
o plays nice with Tor Browser (installed from the latest Tor Browser Bundle, so with its own stand-along Tor client),
please?
If you don't publish timely HOWTOs, your users will go the internet for advice, where they will find all manner of
o misinformation ("a fresh Debian install is firewalled by default"),
o terribly bad advice ("Debian users don't need firewalls"),
o dangerously inappropriate/outdated information (my search engine "helpfully" pointed at ten year old HOWTOs on using ipchains to set up a firewall for a LAN).
The likely result: not just suboptimal solutions to security problems, but dangerous "solutions" which solve nothing but create even more vulnerabilities for ordinary Tor users.
Please "Help wanted", ask to…
Please "Help wanted", ask to the appropriate blog/mailing-list :
https://lists.debian.org/debian-user/2017/07/maillist.html
https://wiki.debian.org/nftables
you could also contact a lug.
https://www.lifewire.com/soho-routers-and-networks-explained-3971344 (updated july 06 2017)
https://www.examcollection.com/certification-training/a-plus-how-to-sec…
# Debian users do not make 'potentially harmful errors' and do not follow dangerously inappropriate/outdated information.
take a look here for a better help :
https://sparkylinux.org/
or choose another distrib ,)
#time , patience & be involved needed
Thanks.
Maybe a better link:…
Maybe a better link:
https://wiki.debian.org/nftables
Your browser does not seem…
Your browser does not seem to support HTML5 WebAudio
I've noticed recently that…
I've noticed recently that my entry relays for all my connections were from the same nation, only one that nation.
I read about https://sedvblmbog.tudasnich.de/docs/faq.html.en#EntryGuards, but I think it would be troublesome if my entry guards were from only one country all the time. This didn't happen before (my entry relays had been from various nations). Are there some things wrong with that??
(I use obsf4 bridges, and I have just changed to use a very few bridges I saved before to change the nation of my entry relays).
when I go to gmail.com it…
when I go to gmail.com it takes me to "https://accounts.google.com/signin/v2/identifier?service=mail&passive=t…"
Preventing me from creating a new gmail account. How can that be overcome?
I used to create gmail…
I used to create gmail accounts on Tor Browser. One thing I noticed is that they (Google) match our GeoIP nation with our phone number country code: when these don't match, they won't allow us to create an account.
I can't recall how I overcome this, but it's possible. However, they (Google) seemed to figure out where I'm really from (which country/nation) when they finally allowed me to create the accounts (can't recall this exactly; that was quite some time ago)!
https://support.mozilla.org…
https://support.mozilla.org/en-US/kb/restore-default-smart-bookmarks-fo…
Recently Bookmarked not worked
First of all a big thank you…
First of all a big thank you to the Tor team for all their hard work.
Second, Mozilla decided to use Google Analytics on the about:addons page as a means to track the user's addon selection behavior.
See here https://twitter.com/NicolasPetton/status/884694176515936256 and here https://bugzilla.mozilla.org/show_bug.cgi?id=1302552#c1
I think this is absolutely underhanded and in case of Tor goes against everything you are trying to accomplish.
Maybe you could remove this in the upcoming releases since you are already heavily altering the FF code?
(Not a Tor Browser dev)…
(Not a Tor Browser dev)
Users shouldn't be installing additional addons anyway. So all Tor Browser users should look the same. So there shouldn't be any issue.
> Users shouldn't be…
> Users shouldn't be installing additional addons anyway.
Doesn't stop a lot of people from doing unwise things.
> So all Tor Browser users should look the same.
To a highly intrusive metrics package?
> So there shouldn't be any issue.
As a matter of principle, having analytics running in an `about:` page without being explicitly opt-in is scummy behavior at best.
Someone went and filed:…
Someone went and filed: https://trac.torproject.org/projects/tor/ticket/22900
I went and filed/fixed: https://trac.torproject.org/projects/tor/ticket/22899
> Maybe you could remove this in the upcoming releases since you are already heavily altering the FF code?
This is hard, because it's server side behavior. For what it's worth git master of the Linux sandbox now "solves" this by totally breaking the `about:addons` "Get Addons" pane unless users explicitly (and unwisely) choose to allow Tor Browser to write to the extensions directory.
Wow, absolutely appalling,…
Wow, absolutely appalling, Mozilla (and Google). Good catch by the OP in the cited discussion.
Yawning, thanks for taking prompt action to stop this.
update.test was appeared…
update.test was appeared then has been deleted.
is it normal or an intrusion ?
What do you mean?
What do you mean?
Tor browser cannot be…
Tor browser cannot be downloaded and installed from the Ubuntu store because of validation error. Is the best way to install Ubuntu torbrowser still from your site?
> Tor browser cannot be…
> Tor browser cannot be downloaded and installed from the Ubuntu store because of validation error.
That sounds like the following very common issue. https://github.com/micahflee/torbrowser-launcher/issues/263
Note: tor-browser-launcher isn't maintained by the Tor Project, but it does seem to be a pretty good program. All it does is download the latest Tor Browser from torproject.org and install it for you.
> Is the best way to install Ubuntu torbrowser still from your site?
Yes.
Version 7.0.2 - Linux (64…
Version 7.0.2 - Linux (64-Bit) at the startup the proxy settings are failed to build the connection.
Could you give us some log…
Could you give us some log output by starting it with
./start-tor-browser.desktop --debug
from a terminal?Is Orbot and Orfox still…
Is Orbot and Orfox still being supported?
Yes. And I heard there…
Yes. And I heard there should be a new Orfox release out soon.
Hi,…
Hi,
With the recent update on Tor, i noticed sites that used to be secure are now unsecure. Is there a setting i am missing?
Thanks
Do you have an example? Are…
Do you have an example? Are you talking about .onion sites? If so, see https://trac.torproject.org/projects/tor/ticket/21321 for some discussion. Yes, switching to Firefox 52 ESR brought these changes into Tor Browser.
Since this update, Tor…
Since this update, Tor browser fails to launch on Windows 10. The Status window appears saying that it's connecting, and within a couple seconds, Windows reports that Tor Browser has stopped working. Deleting my custom torrc file seemed to help to actually get to the stage where the browser opens, but even so, tabs crash within seconds and display the tab has crashed message.
Do you have an antivirus…
Do you have an antivirus/firewall software installed? If so, please uninstall it (disabling is often not enough) and check whether that fixes your issue. We have a bunch of reports matching yours of users having Trusteer products installed and the problem in this case is that Trusteer software is interfering with Tor Browser, crashing it.
Never heard of Trusteer and…
Never heard of Trusteer and it's not installed. I have Comodo Firewall 10.0.1.6209, Malwarebytes 3.1.2 and Eset AV 10.0.390.0 installed. Tor Browser has functioned as expected with these products installed up until now. I tried disabling them, but no difference. The hassle of uninstalling them to test is too much for me. Is there something in particular that Trusteer is doing/modifying that you know is causing this?
Could you try whitelisting…
Could you try whitelisting Tor Browser's firefox.exe and tor.exe in your firewall/antimaleware tools somehow?
What they do depends on the actual tool being used. Most of them are scanning and analyzing traffic in order to look for patterns they deem malicious. Others are injecting own code into the Tor Browser related processes often causing crashes.
Unfortunately, whitelisting…
Unfortunately, whitelisting Firefox/Tor or disabling the softwares made no difference. With every attempt to launch, Tor browser would crash as usual, sometimes offering to start in Safe Mode. I also tried renaming my torrc file again so Tor browser would create a new one, it too seemed to make no difference, so I reverted that change.
After having re-enabled the system protection and removed whitelists, I was attempting again and thought to try and get the Tor Status window's Open Settings button to press before it would normally crash and I succeeded. I then proceeded to click Configure and run through that wizard. After completing it, Tor browser opened and stayed open. Having closed and reopened Tor Browser many times now, it seems fixed. No more crashing, connecting every time.
Seems I spoke too soon. The…
Seems I spoke too soon. The browser is still crashing, but spamming the Open Settings button to get the Configure wizard option seems a pretty reliable way to actually get Tor browser to launch without it instantly crashing. I type my response via Tor right now, though the Firefox tabs still crash fairly often, but it's at least somewhat usable.
Ugh, sorry to hear. Do…
Ugh, sorry to hear. Do things change if you set
browser.tabs.remote.autostart.2
tofalse
(assuming it is notfalse
already) and doing a browser restart?No change.
No change.
Things seem to be fixed now…
Things seem to be fixed now. Not sure if it was the recent update to Tor that fixed it or a change to whichever software was conflicting.
Ver 7.02 works fine on my…
Ver 7.02 works fine on my Win 7 X64 but on exit I get the “Stopped working” sign.
Any advice?.
I guess you are not in…
I guess you are not in private browsing mode anymore? (on
about:preferences#privacy
always use private browsing mode is unchecked?) If s, then this is https://trac.torproject.org/projects/tor/ticket/22581.Am I able to change my…
Am I able to change my identity in TBB 7.0.2 and if so, how? Thanks in advance for any feedback!
Sure. After starting Tor…
Sure. After starting Tor Browser click on the green onion which is next to the URL bar (left side) then choose
New Identity
. Or just pressCtrl
+Shift
+U
.Ver 7 requires the use of…
Ver 7 requires the use of pulseaudio, which is not usable on my system. Perhaps this is the time to consider another browser for Tor-Browser? In order for me to use Tor-Browser I have to stay with an insecure 6.5 version, if I wish to have audio. The fact that the auto-update choice is "not-a-choice" does not help the situation, but that is
a bug that was not found and therefore did not get fixed. I have had to resort to editing the update ini files, and setting the sticky bit, on order to stop the auto-updating.
Hmm... pulseaudio has always…
Hmm... pulseaudio has always seemed to me to be rather dangerous. At least on Debian systems it uses /dev/shm (shared memory) and as far as I can tell from the developer's blogs, it records everything by default, and one has to trust in systemd if one wants to disable it.
I notice that Tails 3.0.1 does not appear to run pulseaudio by default, which may or may not reflect similar security concerns from the Tails Project.
An audio daemon using shared…
An audio daemon using shared memory by default for IPC is entirely unsurprising. If it bothers you that much, it's optional, though it will come at a performance/latency hit.
> enable-shm= Enable data transfer via POSIX or memfd shared memory. Takes a boolean argument, defaults to yes. The --disable-shm command line argument takes precedence.
>
> enable-memfd=. Enable memfd shared memory. Takes a boolean argument, defaults to yes.
Since 7.0 was release, every…
Since 7.0 was release, every saved image gets downloaded twice. Every time I click an image thumbnail to open it in a new tab, it downloads the image and displays it. Fine and good. But starting with 7.0 if I choose to save the image while it's still open inside the tab, it downloads the file again again rather than just copying it from the local cache like it used to. This is a big deal for people like myself with very small data plans. Is this a bug or new feature? I'm seriously considering rolling back to a previous version. PLZ FIX.
Chances are high that this…
Chances are high that this is due to https://trac.torproject.org/projects/tor/ticket/22343. We'll have a fix for it in the next alpha release to test and if that goes well, we backport it to the stable series.
gostaria de saber como faço…
I would like to know how to run Tor on the newest version of Adobe Flash Player (26.0.0.137). Because I need the newest version to play
thank…
thank sooooooooooooooooooooooooooooooooooooooooooooooooooooo
I downloaded tor 7.0.2 …
I downloaded tor 7.0.2 (linux x32) and i can't connect to the tor network. It freezes at 'establishing a tor circuit' but when i launch old version 7.0.1 everything is ok. What's wrong? How to solve this issue?
Hm. There are no big changes…
Hm. There are no big changes between 7.0.1 and 7.0.2 (mainly a new tor got added containing security fixes). Could you show us the debug output you get when launching Tor Browser from the command line with
./start-tor-browser.desktop --debug
?my tor has problems loading…
my tor has problems loading URL sites, is this caused by an older version of tor being run when there is newer?
Hard to say. What version…
Hard to say. What version are you running? And do you have some sites that are working but others that aren't? If so, could you give us an example of sites that you don't get loaded?
I can't use Tor at all. No…
I can't use Tor at all. No matter what site I try to access, I get the "Bad Gateway 502" message. I'm open to suggestion. What do I do? My internet connection is Comcast Broadband, I'm using Windows Firewall and Avast Free AV. Do I have to tell Windows Firewall to allow Tor to connect to the Internet? I didn't have to do that with Firefox, Chrome, or Windows Internet Explorer.
Anyone having a similar…
Anyone having a similar issue: https://ocewjwkdco.tudasnich.de/comment/269900#comment-269900 has a solution.
the website https://www…
the website https://www.tnext.ca/ shows as an insecure connection.
Yes, that's because the…
Yes, that's because the issuer of the certificate is unknown to your browser (and this happens in my Tor Browser as well).
First of all, nice upgrade…
First of all, nice upgrade of the blog layout and design. However this light/white background makes my eyes hurt.
is there any way to make background dark?
Ok, let's get down to business! this is no big issue really but i still find it kinda annoying.
everytime i do pick (new identity) the window restarts on opposite side of the screen of where it was when was restarted. for example if it was on the right side it will jump to the left side and other way around.
why this sudden change? and is there a way to keep it still? lol
I have update to 7.0.2 on…
I have update to 7.0.2 on MacOS 10.5 and now Tor browser not open anymore...
IF I get it correclty, if I…
If I get it correctly, if I watch a playlist on youtube, the path streams will change after each videos ? Which would explain why sometimes the first video is perfect and the next one is a hell beacuse of bad relays.
Can someone confirm please, thanks
> If I get it correctly, if…
> If I get it correctly, if I watch a playlist on youtube, the path streams will change after each videos ?
It's fixed by top level domain (eg: "youtube.com"), so the behavior you describe would be a severe bug.
None of 7.0.1, 7.0.2 nor 7…
None of 7.0.1, 7.0.2 nor 7.5a2 (all en-US) launches on my Windows 10 system.
Thanks for all you do.
That looks like you have…
That looks like you have some Trusteer product installed that is interfering with Tor Browser. Unfortunately, there is currently no better solution than to uninstall that one in order to get Tor Browser running.
You should link to bugs in…
You should link to bugs in the browser's changelog tab.
Yes, we think so too. See:…
Yes, we think so too. See: https://trac.torproject.org/projects/tor/ticket/18227.
I wanna join the deep web
I wanna join the deep web
when looking at twit ter it…
when looking at twit ter it switches to mobile version always in tor browser. it is awful
tor browser always switches…
tor browser always switches to mobile. version instead of regular twi tter web page. browsing it is awful. other web browser stays in regular version
Which version and locale of…
Which version and locale of Tor Browser are you using? And which operating system are you on?
7.0.2, windows. what is…
7.0.2, Windows. What is locale?
The language of the browser…
The language of the user interface of Tor Browser.
English
English
This update is very bad. It…
This update is very bad. It demands Mac OS 10.9. My machine can't use 10.9!
Please give me a version which works on Mac OS 10.6.8
Unfortunately, that's not…
Unfortunately, that's not possible as the minimum requirements for Firefox ESR 52 are OS X 10.9.
Hello, I have a problem with…
Hello, I have a problem with update. The last update that was installed is 7.0.0, 7.0.1 and 7.0.2 ask me to reset tor-browser for update but after reset update not installed and ask restart again and again. I have with firefox the same problem now, windows 10 x64 Home. How can I resolve this problem?
Have you checked whether you…
Have you checked whether you have enough free disk space to perform the update?
After the update, HTTPS…
After the update, HTTPS Everywhere was gone.
Also, after browsing and exiting and restarting Tor Browser, there were some strange URLs in the address bar, that I didn't type. I had to re-install Tor Browser to get rid of them.
Hm. Do you remember what…
Hm. Do you remember what kind of URLs that were?
They had something like …
They had something like "track_id" in them.
There were a couple of days between those two events. I can't remember what happened first.
Any news on this?…
Any news on this?
The latest update of HTTPS Everywhere, 2017.8.15, caused problems too: the icon was moved from the menu to the toolbar and the extension was broken. Re-installing HTTPS Everywhere did NOT solve this.
Can an underlying cause affect other Tor Browser functionality?
Also, when typing "https" in the address bar, I sometimes get an ordinary HTTP connection, without any warning. Is this normal?
Thanks for the 7.02 update!…
Thanks for the 7.02 update!
One minor point: I have noticed HTML marquees (scrolling text) don't work in this one.
Check at http://goftesh.com
Thanks. I filed https://trac…
Thanks. I filed https://trac.torproject.org/projects/tor/ticket/23142. Seems to be a pretty old bug...
Some followup feedback. I've…
Some followup feedback. I've noticed no matter what i try my (javascript/ajax-based) chat room does not load with Tor. It loads with all the other browsers I have tried, including Opera thru VPN
the site is at www.goftesh.com
thanks you!
Thanks for this report. I…
Thanks for this report. I opened https://trac.torproject.org/projects/tor/ticket/23141. Unfortunately, there is not much we can do as Cloudflare is causing this. It is sitting between you and the website and denying the chat loading due to a bug in their system. We are currently trying to get hold on a Cloudflare engineer helping us with that but it is not easy it seems.
Edit: Oh, if you are indeed the admin then this should be fixable on your end as you are supposed to be in control of the Cloudflare settings you apply to your site. Let us know how it goes.
Hi TOR people, I was…
Hi TOR people, I was wondering if I cant run a TOR relay with the latest TAILS 3.0.1 Live usb key???
And if so, how to configure it?
Thanks a lot.
Is it normal to not be able…
Is it normal to not be able to almost never be able to use www.google.com through TOR browser? I can get through maybe 1 in 20 tries.
when we tried it here said …
when we tried it here said "unusual traffic" or showed an error and said that's all they know. It is because they don't believe in privacy.