Tor Browser Bundle 1.1.12 released
Updated Tor Browser and Tor IM Browser bundles are released. The updated bundles can be found at https://sedvblmbog.tudasnich.de/torbrowser/
The changes from 1.1.11 are:
- Update OpenSSL to 0.9.8k
- Update Tor to 0.2.1.14-rc
Also fixes a bug where Chinese (zh_CN) translations weren't being used in Vidalia, see http://archives.seul.org/or/cvs/Apr-2009/msg00001.html for details.
Tor Browser and Tor IM Browser Bundles are also known as the "Zero Install Client" for Windows.
Comments
Please note that the comment area below has been archived.
Installed and now FF and IE do not work...
Hey guys,
I am having a really weird issue now since I installed the latest stable win32 version of the tor bundle on my windows vista laptop. IE and FF will not connect to any page, although I can connect via Google Chrome. This problem persists no matter if the software is running or not. I am totally at a loss as to what is going on, is there anything you can think of? I have turned the windows firewall on and off, that does not help. I have uninstalled/reinstalled the tor bundle and that did not help either.
Any help will be appreciated
re: ff and ie do not work...
Did you setup "Internet Options" to use localhost:9050 per chance?
Does vidalia start up and successfully connect to the rest of the network and give you a green onion in the system tray?
hey Tsadik i think u didnt
hey Tsadik i think u didnt install properly or u dont know how 2 install . it is working 4 me perfectly without any problems. iam also using windows vista in my laptop.I think u bette try it once again or check the instructions which is shown in the above posted link. By the way phobosthanx 4 updating new tbb bundle. Keep it going dont stop.
Verifying Signatures
I have downloaded the zero install and plain install bundles for Windows (XP) and tried to verify the signature of Andrew using GnuPG and receive a BAD verification warning. Near as I can figure, the only difference appears to be the fact that the key installed from the server has a date of "Created: 7/16/2003" while on your site it says "pub 1024D/31B0974B 2003-07-17", a one day mismatch. Would that cause the Bad verification warning?.
Re: signatures
No, that should not cause a bad signature warning. Are you sure you have the full bundle? I've noticed people seem to get 90% of the download sometimes, this will fail the signature check.
Are you using gpg in the Windows command prompt or via cygwin?
Feel free to open a bug, for I'm very interested in how this is occurring. https://bugs.torproject.org/
I've heard from two people in China their signatures always read as bad, even when the sha1 files match.
I'm glad people are checking gpg signatures!
Program to check sha1 signatures with
Where do one find a program to check these signatures with.
re: Program to check sha1 signatures with
look for "openssl"
Vidalia uses too much memory
Vidalias memory footprint is always increasing and something needs to be done. Qt is probably the problem. Can you make the map and graph into dlls that can be deleted if they are the cause?
re: Vidalia memory usage
Vidalia's memory usage is generally due the bulk data structures it keeps for geoip location, active circuits, and then the map in Qt.
We welcome help in reducing memory usage without a similar reduction in functionality.
Where is latest Vidalia source for browser bundle?
https://sedvblmbog.tudasnich.de/dist/vidalia-bundles/ only has 1.6
re: vidalia source
https://sedvblmbog.tudasnich.de/vidalia/dist/vidalia-0.1.12.tar.gz
OperaTor bundle
Hi all.
I'm a long time Opera user and I've come accross this neat bundle called OperaTor.
It uses Polipo as a web proxy.
I wonder if it hides my browsing habbits from the network admin.
Supposedly it does, but then my concern is those sites with javascript induced popup windows.
Anyone know if enabling javascript in your browser will void anomimity?
Thanx a bunch.
Yes it will unless you use
Yes it will unless you use Firefox with Torbutton.
JavaScript is always dangerous.
JavaScript can be dangerous in a few different ways:
* Poor JavaScript implementations often allow buffer overflow attacks. An advanced attacker might exploit these vulnerabilities to install spyware on your computer. The spyware can then compromise your anonymity.
* Dangerous things like Java and Flash are often wrapped in JavaScript. If you enable JavaScript, you will have to ensure these things are blocked separately.
* JavaScript will volunteer a wide variety of information about you, including your screen size, that will make you much less anonymous. This is potentially fixable, if JavaScript could be told to fake this information, but the above two problems remain. Fortunately the information disclosed in this way does not include your IP address.
The Torbutton FAQ says it protects you against scripts that continue running when you switch between using Tor and direct connection, not from all that.
JavaScript is really dangerous, but if you really need it, at least only enable it for specific websites (for Firefox you may use NoScript, built-in solutions exist for Konqueror and, I believe, Opera), and, if you are not using Torbutton, be careful about switching off Tor.
torbutton does try to
torbutton does try to protect against that
noscript is not safe for use with tor
Does Torbutton protect against buffer overflows?
JavaScript is not safe, period. NoScript is just a form of risk management. If I surf with JavaScript disabled, there may be once in a while a site I really need to use which requires me to use JavaScript. If I determine that my need of the feature is greater than my need for security and I believe the website is trustworthy, I may enable JavaScript only for that website using NoScript.
The JavaScript problem I am really most concerned about is buffer overflows or other vulnerabilities that might allow arbitrary code execution.
However, the Torbutton design document does not mention "buffer overflow" anywhere.
https://sedvblmbog.tudasnich.de/torbutton/design/
run the browser in a sandbox
run the browser in a sandbox
Is that true? Why is the tor
Is that true?
Why is the tor using only very few different circuits and most time all of the same country?
How do I exclude countries completely?
How to exclude Countrys
Some of the NSA spynodes(nixnix....) is known to "hijack" circuits witch leeds to you end up using them very often.
First you have to be running the development version series = alpha(A) or Release Candidate(RC)
if you want to use countrycodes(like this:
Excludenodes {US}, {CA},{BR},{AR}
for example), you do need a file named geoIP, after installing you should have it in your tor directory here:
C:\Documents and Settings\{username}\Application Data\Tor\
If Vidalia somehow "forgot" to install the file you can find it here:
http://git.torproject.org/checkout/tor/master/src/config/geoip
You would then need version 0.2.1.6A-0.2.1.15RC
If you want to block the country by using IP adresses instead like this:
ExcludeNodes 1.0.0.0/8,2.1.0.0/16,4.111.111.111/32.....
You would then need version 0.2.1.3A-0.2.1.15RC
If you have a good IPlist this is safer than using the countrycode option, because they have some errors(don't know if this is on purpose or not) in there list here and they don't block new IPranges given to a country which you can do by using your own IPlist.
By the way (admin) where is the download for version 0.2.1.3A can't find it anymore?
And why do you force people to use cookies to post ?
explain to me how you
explain to me how you determined these are NSA spynodes? If they're bad nodes modifying traffic, we can block them at the directory authorities. If the NSA/CIA/FSB/etc named a node "fluffy bunny of love" would you think it's ok?
NSA nodes: nixnix,bettyboop.......
"explain to me how you determined these are NSA spynodes?"
If you haven't figured this out yourself yet, i will have to leave you in the dark here, my information on that is classified.
"If they're bad nodes modifying traffic, we can block them at the directory authorities."
If you for example use a torrc file that doesn't give any node an advantage in the selecting process, let tor create let's say 100 000 000 circuits, record all created circuits, compare the likelihood for each node being chosen in each position with what it's "true" likelihood should have been according to tor's chosingpatern during the time the sample circuits were made taken into account the time each nodes been up during this test time and there respective exit configurations.
If it's statistically certain that a node is chosen to often then this would confirm its "hijacking" the circuits/circuitbuildingprocess and giving itself an advantage.
In the case of nixnix it has been confirmed to do so, and by that giving the NSA(who controlls this node) an higher percentage of the Tor traffic to monitor.
Im sorry to say so but you have no way to stop them, they just start up more nodes(witch people know even less about) in other country's if you start blocking there US nodes. You certainly must know that they uses foreign nodes too.
"If the NSA/CIA/FSB/etc named a node "fluffy bunny of love" would you think it's ok?"
Of course not, it doesen't matter what the GRU/NSA/... is calling there nodes.
lets take the famous bettyboop node(IP Address: 149.9.0.27), just because it's named bettyboop doesn't make it any less of an NSA node. It's still controlled by them no matter what they name it.
Every node that is not controlled by me or people that i personally know & trust has the potential of being a "bad node".
re: NSA nodes: nixnix,bettyboop.......
" Every node that is not controlled by me or people that i personally know & trust has the potential of being a "bad node". "
Well, clearly you should run a lot more nodes.
re: OperaTor
Very little is known about OperaTor. It appears to be Opera and Tor combined into a bundle with Polipo for http proxy caching. However, it's unknown if the software is modified in any way. At last check, there were no instructions for how to build your own OperaTor bundle from source packages or code.
I've read about a new open
I've read about a new open source browser that will be released at Defcon 2009 by xerobank guys. They claim it will be more secure than firefox, and users will be immune to many side channel attacks.
They also will release a DeAnonymizer that perform side channel attack, defeating all anonymity networks.
What do you think?
re: defcon2009
I think it's great marketing and grandiose claims. We look forward to the details.
Vidalia crashes constantly.
Vidalia crashes constantly. It will barely get a Tor connection up before the app disappears and I get an error from Windows saying that it crashed.
re: Vidalia crashes constantly.
What does the log say? Does Windows give you a reason for the crash? Lots more details are needed.
Vidalia crashes on exit
Using lates tor bundle with FireFox for Win. When FF exits Vidalia crashes with exception in QtCore4.dll
Tried replacing Vidalia with latest release (0.2.0) and Qt DLLs with 4.5.1. Still the same.
Vidalia is dangerous, it can
Vidalia is dangerous, it can easily be crashed by fuzzing.
re: dangerous vidalia
Well, feel free to submit the bugs.
about tor relay
Hi there.
I'd like to set up a tor relay.Unfortunately I'm behind a firewall.I can make any outbound connections so I can connect to the tor network without a problem.Is there any way to open ports for the upcoming connections?
re: about tor relay
Well, if you can't control the firewall, unlikely. If it allows upnp, then possibly you can do it via vidalia.
Got Problem
Last Friday, my tor was not work. The error messages are
May 11 18:29:09.968 [notice] Tor v0.2.0.34 (r18423). This is experimental softwa
re. Do not rely on it for strong anonymity. (Running on Windows XP Service Pack
3 [workstation] {terminal services, single user})
May 11 18:29:10.015 [notice] Configuration file "C:\Documents and Settings\presario\Application Data\tor\torrc" not present, using reasonable defaults.
May 11 18:29:10.015 [notice] Initialized libevent version 1.4.9-stable using met
hod win32. Good.
May 11 18:29:10.015 [notice] Opening Socks listener on 127.0.0.1:9050
May 11 18:29:10.343 [notice] No current certificate known for authority moria1;
launching request.
May 11 18:29:10.343 [notice] No current certificate known for authority tor26; l
aunching request.
May 11 18:29:10.343 [notice] No current certificate known for authority dizum; l
aunching request.
May 11 18:29:10.343 [notice] No current certificate known for authority ides; la
unching request.
May 11 18:29:10.343 [notice] No current certificate known for authority gabelmoo
; launching request.
May 11 18:29:10.343 [notice] No current certificate known for authority dannenbe
rg; launching request.
May 11 18:29:10.359 [notice] I learned some more directory information, but not
enough to build a circuit: We have no network-status consensus.
May 11 18:29:10.359 [notice] No current certificate known for authority moria1;
launching request.
May 11 18:29:10.359 [notice] No current certificate known for authority tor26; l
aunching request.
May 11 18:29:10.359 [notice] No current certificate known for authority dizum; l
aunching request.
May 11 18:29:10.359 [notice] No current certificate known for authority ides; la
unching request.
May 11 18:29:10.359 [notice] No current certificate known for authority gabelmoo
; launching request.
May 11 18:29:10.359 [notice] No current certificate known for authority dannenbe
rg; launching request.
Please, someone can help me. Thank you very much.
I have the same problem...
I have the same problem... :( Any luck resolving this issue?
tor wont work
So ever since I got Vista I havent been able to get tor to work. My college has a filter and stuff so sometimes even only certain programs will work. But Tor had worked fine b4 that. In the allowed ports after i checked the box named my firewall only lets me connect to certain ports, 80,443. But this is what it says in the message log.
May 13 10:17:02.022 [Notice] No current certificate known for authority moria1; launching request.
May 13 10:17:02.023 [Notice] No current certificate known for authority tor26; launching request.
May 13 10:17:02.023 [Notice] No current certificate known for authority dizum; launching request.
May 13 10:17:02.023 [Notice] No current certificate known for authority ides; launching request.
May 13 10:17:02.023 [Notice] No current certificate known for authority gabelmoo; launching request.
May 13 10:17:02.023 [Notice] No current certificate known for authority dannenberg; launching request.
May 13 10:19:03.029 [Notice] No current certificate known for authority moria1; launching request.
May 13 10:19:03.029 [Notice] No current certificate known for authority tor26; launching request.
May 13 10:19:03.029 [Notice] No current certificate known for authority dizum; launching request.
May 13 10:19:03.029 [Notice] No current certificate known for authority ides; launching request.
May 13 10:19:03.029 [Notice] No current certificate known for authority gabelmoo; launching request.
May 13 10:19:03.029 [Notice] No current certificate known for authority dannenberg; launching request.
May 13 10:24:08.029 [Notice] No current certificate known for authority moria1; launching request.
May 13 10:24:08.029 [Notice] No current certificate known for authority tor26; launching request.
May 13 10:24:08.030 [Notice] No current certificate known for authority dizum; launching request.
May 13 10:24:08.030 [Notice] No current certificate known for authority ides; launching request.
May 13 10:24:08.030 [Notice] No current certificate known for authority gabelmoo; launching request.
May 13 10:24:08.030 [Notice] No current certificate known for authority dannenberg; launching request.
I have the same problem...
I have the same problem... :( Any luck resolving this issue?
re: tor wont work
It sounds like you can't get a connection to the directory authorities at all. Perhaps you need to configure bridges.
Many people have tor working in Vista, so it's generally not Vista per se.
How does the TOR return journey work?
I understand how the outgoing TOR connection works and is anonymous etc etc etc. What I would like some help understanding is how the return journey is anonymous.
Once the exit node has the response how does it get it back to the initial user in an anonymous way? The documentation i have read says that each node encrypts it with (presumably with its private key) and then sends it back along the same path. When it reaches the originating node they decrypt the lot and get the data out. I am sure there is something wrong in my undersatanding because anyone could decrypt the return data by churning through all the public keys for the known routers. Once someone has done this the last layer to be removed is the originator.
Any help would be much appreciated as this has stumped me and my friends for a while.
thanks for any help!
re: How does the TOR return journey work?
It's a TCP connection, so the return path is the same as the forward path, through the same circuit. It's highly unlikely anyone is going to decrypt the ephemeral keys before the circuit expires.
Reading through https://sedvblmbog.tudasnich.de/documentation.html.en#DesignDoc may better explain how this works.
No current certificate known... problem
Hey guys I've had tor working properly for a while. Then recently I have got this error.
May 13 18:36:38.302 [Notice] No current certificate known for authority dizum; launching request.
May 13 18:36:38.302 [Notice] No current certificate known for authority ides; launching request.
May 13 18:36:38.302 [Notice] No current certificate known for authority gabelmoo; launching request.
etc....
Any ideas on how to fix this??
SSVICHOSST.EXE
downloaded tor-opera from http://www.aplusproxy.com/opera.html
into XP pro version 2002 service pack 2
unzipped and clicked the "run" Batch file.
got this message: screen shot image at :
http://img38.imageshack.us/img38/8568/torerror.jpg
repeated the dwnload and same thing.
re: SSVICHOSST.EXE
We know nothing about operaTor. It's closed source, and no one has completed a security analysis of what it contains. It may be Tor, it may be a modified Tor, it might be something else. No one seems to know about it, so users beware.
bad exit node nixnix,bettyboop ect... NSA
Hello,
To help to not use the nsa node, i block the rang with "iplist" for linux or PG2 for windows and create a list of banned exit node, so only a few time i am connected to there...
The last version 0.2.1.15 rc 1-1 help really to use exit with more different node it's appeare..
my best
PeerGuardian 2 only blocks entrynode
Yes using PG2(PeerGuardia 2) and creating a blocklist blocking the iprange 149.9.0.0-149.9.255.255 would stop tor from using the NSA nodes in that range(149.9.X.X) from becoming an entrynode, but there are ways to go around PG2 so you should also block that range in your firewall.
To block them from becoming middlenode or exitnode you have to block them in your torrc
If your using version 0.2.1.3A or later use IP's
Excluenodes 149.9.0.0/16
If your using older 0.2.1.2A or earlier or the stable 0.2.0.34 series you have to use fingerprints of nicknames (nixnix,bettyboop....)
Excludenodes nixnix,bettyboop, .........
block exitnode
Thanks for your tip, that's why sometime it was able to connect to them with PG2, so i have write the command to block it...
Are Excluenodes 149.9.0.0/16 enough to block all rang from NSA?
I have another question, almost 20 node are blacklisted, need i accept it or just stay blocked?
In all case are enough other node and seem to be gouv ip, 66.....
I will be happy too when peoples know about the security of jondofox..
My best
why im not getting any relay traffic
im keen to be a volunteer but i monitored the bandwidth - theres nothing at all.
i enabled relay traffic for the network, there no relays channeled to me.
am i really being protected?i tracked my IP with the tor running but my IP is still the same always. should it change? are my packets being channeled throughout relays?
sorry if my question seemed obvious but i would like to know more.
re: why im not getting any relay traffic
Are you seeing a log file entry that states your ORPort and/or DirPort are reachable from the Tor network? If not, that's why your node isn't online.
Vidalia crashes almost immediately
I don't know a lot about computers so please have some patience with me. My problem is this: I start the tor browser bundle from my USB flash drive, everything works fine for a few seconds, then Vidalia shuts down. I can still use Tor and firefox, but I can't use the Vidalia start panel or change my IP anymore and so on. I can't even close tor when I'm done. I'm using a public computer if that matters. Is there a way to fix this?
I have another question too: when I go to showmyip.com/torstatus, I get the message that I'm not connected to the Tor network, but I have a new IP address. Is that something to worry about and if it is, what can I do about it?
Any help would be very appreciated.
Want to enable java and flash
I really want to enable java and flash while still using this great tool. is there a way around?
tor project opera debian
hi, is it possible to get tor project for opera in debian ?
re opera
You can install tor in debian, and then point opera socks5 at tor and see if that works.
How remove browser bundle??
Sorry if this is a stupid request but I'm new with computers and I need help. I downloaded the browser bundle and would now like to remove it. There's no uninstall right? The problem is my web browsing is so slow now. I followed the intstruction on the tor site and went to speedtest.net and it says I'm in Russia when I'm actually in the Philippines.
pls what and how can i solve
pls what and how can i solve the problem I 'm expressing with tor browser it works today and fail tomorrow pls help me out thanks.
Hey guys, Please what should
Hey guys, Please what should I do? I just observe that Tor refuses to connect on my Windows 7, but when I use the same settings and configurations ofeither of Windows Vista or XP, it'll connect and browse. I later re-installed the Windows 7 and it worked just once and refuses to work again (with the same settings/configurations) Please what else could be wrong? What else should I do?
Thanks in advance for your response and advices.
hello,can i use only usa ip
hello,can i use only usa ip adress alone?and how
See
See https://sedvblmbog.tudasnich.de/faq#ChooseEntryExit