Tor Browser Bundle 3.5 is released
Update 12/20: Test builds of Pluggable Transport bundles are now available. See inline and see the FAQ link for more details.
The 2.x stable series of the Tor Browser Bundle has officially been deprecated, and all users are encouraged to upgrade to the 3.5 series.
Packages are now available from the Tor download page as well as the Tor Package archive.
For now, the Pluggable Transports-capable TBB is still a separate package, maintained by David Fifield. Download them here: https://people.torproject.org/~dcf/pt-bundle/3.5-pt20131217/. We hope to have combined packages available in a beta soon.
For people already using TBB 3.5rc1, the changes are not substantial, and are included below.
However, for users of TBB 2.x and 3.0, this release includes important security updates to Firefox. All users are strongly encouraged to update immediately, as we will not be making further releases in the 2.x or 3.0 series.
In terms of user-facing changes from TBB 2.x, the 3.x series primarily features the replacement of Vidalia with a Firefox-based Tor controller called Tor Launcher. This has resulted in a vast decrease in startup times, and a vast increase in usability. We have also begun work on an FAQ page to handle common questions arising from this transition -- where Vidalia went, how to disable JavaScript, how to check signatures, etc.
The complete changelog for the 3.x series describes the changes since 2.x.
The set of changes since the 3.5rc1 release is:
- All Platforms
- Update Tor to 0.2.4.19
- Update Tor Launcher to 0.2.4.2
- Bug 10382: Fix a Tor Launcher hang on TBB exit
- Update Torbutton to 1.6.5.2
- Misc: Switch update download URL back to download-easy
Comments
Please note that the comment area below has been archived.
Still no freebsd support -
Still no freebsd support - useless
Still no Openbsd support -
Still no Openbsd support - useless
Still no source tarball -
Still no source tarball - useless.
It's not built from a source
It's not built from a source tarball. See
https://ocewjwkdco.tudasnich.de/blog/deterministic-builds-part-two-technica…
and then see the "Where is the source code for the bundle?" line in the FAQ linked above.
Well, linux binary should
Well, linux binary should work fine with new enough glibc and glib/gtk. Here's a port against CentOS 6 libs. One important difference with stock TBB is it stores mutable Data (firefox profile, tor cache/settings) under /tmp by default while everything else is installed under read-only directory. The data is, of course, removed upon port deinstall.
https://trillian.chruetertee.ch/freebsd-gecko/browser/trunk/www/linux-t…
You should be more concerned
You should be more concerned at why Mike Perry (we all know who he works for and runs 16 TOR exit nodes for) has taken away the ability to see who you are connected to. Don't forget that UK GCHQ run their own private TOR network that sucks in traffic to analyse it.
(Newtons Cradle it is known as). Take away the ability to see what a person is connected to, switch on JAVA and SCRIPTS by default and you fall straight in to the hands of GCHQ and NSA.
No doubt they have some new exploits and needed the help of Mike Perry again. He helped them last time when Freedom Hosting was attacked. He made sure NSA could infect people by not enabling ScriptBlock and by switching JAVA on ready. Most users trusted the TOR project.
I suspect that the TOR Project are now assisting the NSA and GCHQ. They have been forced to - otherwise TOR traffic will be stopped. It is a great shame they are not honest with their users who fund them (apart from NSA sponsorship).
I guess there will always be
I guess there will always be people with conspiracy theories trying to rip the privacy community apart.
And the sad part is that there *are* conspiracies out there, and we all need help fighting them and providing tools to let people stay safe despite the massive government (and heck, corporate too) surveillance.
(To briefly respond: Mike doesn't run 16 exits, see https://sedvblmbog.tudasnich.de/docs/faq#TBBJavaScriptEnabled which I wrote (not Mike), and see the FAQ entries linked above for how to hook up a standalone Vidalia to your TBB 3.5 if you want to see your circuits, and for how to disable JavaScript in TBB 3.5.)
Well... yes, as long as
Well... yes, as long as there are MASSIVE numbers of docs like Snowden released, there will be "theorists." If it's actually happened / still happening, is it still just a "theory?"
The other thing that gives a great # of "experts" pause, is Tor Project's LONG standing relationship w/ U.S. armed forces. Taking large sums from them. Sure, many say, "But it's open source & anyone, anywhere can examine it."
That's absolutely true. It's also true (for human nature), that the adages are true, "Perception is reality," & "You're judged by the company you keep." People running for public office don't pal around w/ known crime bosses.
From "thinking" private users' perspective of anonymity & security , it has & always will be a stupid, stupid idea to take large sums from "one of the enemy." It MAY be that funding from other sources is hard to find, but it's still STUPID.
No one can really expect NOT to raise suspicion when organizations take large sums from (one of) the very groups that it's trying to help users avoid.
It's also true that every time we find out some new gov't (or private) agency's previously unimaginable capability, we're surprised! Why? Are we really that short on memory? I guess so.
I totally agree with you
I totally agree with you about the perception thing, and that's why we need to be extra sure to be transparent and communicate well. Also, I'd love to get some more funding so we can make our government funding sources a smaller fraction of our budget. Along those lines, also see my statements in our 30c3 talk today (video coming soon if it's not out already):
http://events.ccc.de/congress/2013/Fahrplan/events/5423.html
But let me draw a distinction between your quite reasonable (and reasonably presented) concern, and the ad hominem rant of the earlier post.
oh noes, "snowden" is part
oh noes, "snowden" is part of the conspiracy.
"MASSIVE numbers of docs"
oh noes, Anonymous is part of the conspiracy.
oh noes, "I" am part of the conspiracy.
Block javascript off by
Block javascript off by default and turn "Temporarily allow" on by default and we can talk.
I don't know what you guys are thinking, but nobody who uses Tor wants to load Google analytics javascript by default, or all the other billion javascripts by default for that matter, this should be a no brainer.
Dude, exactly why do you
Dude, exactly why do you believe the Tor staff is above reproach? Why do you have this savior mentality regarding the Tor staff?
You think they can't be bought? You think government isn't interested in buying them? You can see what government has been doing.
Do you honestly believe that they have not already tried to find ways of cracking the anonymity of such a wide-spread and popular anonymous network of internet users?
My point is, you sitting here bashing people as conspiracy nuts for simply stating their concerns and opinions regarding the integrity of an anonymous internet network makes you sound like you have a stake in people simply dismissing him as a conspiracy nut.
You have a reason to say what you say, then state it. You continue to resort to bashing those you don't want people to agree with, and you become the person suspected of lying. Well, I suppose to anyone who's liberal, the bashing thing works rather well, but still, anyone serious about anonymity, you need to give the respect they deserve and don't be bashing people. You need to give reason to refute their claims, not simply call them a conspiracy nut. It's easy to label someone, and rather childish in the face of something as serious as government's overreaching eyes. Give reason or just shut your mouth because you obviously have nothing real to say.
How can we verify *you* are
How can we verify *you* are not bought. At some point paranoia must take a break, and we must trust someone. Otherwise we're forever trapped in full-time paranoia.
Tor is trustworthy because it's Free Software - where many people looks carefully at how it works. I trust this web-of-trust.
You can always read the logs
You can always read the logs manually. I know it sucks hopefully they will fix the issues as the previous versions were much more sane by default
thank you for the warning,
thank you for the warning, what can we do? How can we avoid those nodes?
I used to defend the tor
I used to defend the tor proejct but frankly this release is a bit questionable. they offer the ARM package and even support it on the home page but to actually run it with TBB is "unsupported" by the project. Once again taking JS lightly, etc etc. I think i'll donate bandwidth to Hyperboria instead :(
If somebody wrote up
If somebody wrote up instructions for hooking up arm to TBB, then people could do it. I bet it would be pretty easy -- the main issue would probably be changing the controlport, and making sure that arm knows how to do cookie authentication for the controlport.
Maybe the small changes would be made even easier by making a 'standalone arm' bundle or something like the standalone VIdalia bundle? Or maybe people who want to use arm are willing to edit text files? I'm not sure.
Shouldn't we be more
Shouldn't we be more concerned that he creates the Tor Browser? Also he is responsible for the path bias. And shouldn't we blame the developers of Firefox that created the security hole in the first place. They probably got paid by Google and they got paid by the NSA (National Security[?] Agency) or the NASA (North American Spy Agency).
Please let us hear even more entertaining conspiracy theories. (Well, you better don't)
I was unaware that the Tor Browser ships with Java and that Java would also be enabled, but you might have an answer on how that can happen.
Beside that you still can add Vidalia back to the Tor Browser, even though Vidalia is a bit buggy.
Instead of ranting, improve
Instead of ranting, improve the Tor settings.
Go to www.ip-check.info, check your settings and see your exit relay. After changing a few settings I get two orange markings that are "http session" and "window size" the rest is green - as private as it gets with Tor.
If you know a different or better website to check, please add it.
Is ip-check.info still not
Is ip-check.info still not SSL/TLS (HTTPS)?
Exit nodes can mess with any non-authenticated page.
Of course "IP check" could
Of course "IP check" could be also written by the NSA to pretend that you are looking very anon....
If you want vidalia back
If you want vidalia back check this page:
https://sourceforge.net/projects/protorbundle
Well, I guess you could do
Well, I guess you could do that, but using "honest bob's tor bundles" probably isn't wise.
Better answer is to do what it says in the FAQ:
https://sedvblmbog.tudasnich.de/docs/faq#WhereDidVidaliaGo
Yes, FreeBSD should be
Yes, FreeBSD should be supported. I run it on notebook after it was found that Linux has its random number generator backdoored (fixed in kernel 3.13). NSA is more productive that i ever expected.
We'd love to have some
We'd love to have some FreeBSD enthusiasts making sure TBB works and continues working on FreeBSD.
"Linux has its random number
"Linux has its random number generator backdoored"
Citation needed.
I bet it will run on
I bet it will run on KfreeBSD, with experimental in your sources list, with apt-get build-dep tor, then apt-get -b source tor, then dpkg -i *.deb
Anyone can make
Anyone can make PageInfo-Security GUI window in Torbrowser/Firefox more informative?Exact used crypto alrorithm.Like in Seamonkey -Mozilla,too.
Firefox/torbrowser GUI is going more and more the Microsoft 'dont use your brain'Mickey Mouse way.
Mozilla Company seems to have to much money.........
After update massive arrow
After update massive arrow still points to there is update. confusing
Hopefully should be resolved
Hopefully should be resolved now?
I imagine you upgraded quicker than the https://check.torproject.org/RecommendedTBBVersions file expected.
I am having a hard time
I am having a hard time figuring out how to dictate what exit nodes to use in this new version (the mac one specifically). Vidalia had previously been helpful in not only locating the server names for specific countries and the supposed strength of the signals, but also in implementing those strict exit nodes. Will there be directions available soon to solve this issue?
Going through the comments
Going through the comments on this and other blog entries, I'm noticing a lack of answers to questions the above type of problem. Under the FAQ for 3.5, it states that one can access the torrc file via: "the TBB directory under Data/Tor/Torrc". Unfortunately (unless these are hidden files), such a path cannot be found for the MacOS version, which I would've thought to have been: MacintoshHD/Library/ApplicationSupport under which one would find a directory for TBB.
Should I assume the lack of an application support folder is due to the absence of a standard installation process? This seems to be supported by the fact that the only searchable trace of TBB is the unzipped application. This then still makes the editable torrc file essentially non existent on a MacOS.
Even if the torrc file can indeed be accessed, the navigation of the new online replacement for Vidalia's "View the Network", Atlas, is not quite helpful either. Will there be a function to search by country code and not just name of specific servers? The problem seems to be when one needs to exit through a specific country: if your current exit nodes don't correspond to the correct country, or the ones you have accessed are down or working at minimum efficiency, there is no clear way to research new nodes with the right specifications.
Will someone from TorProject please lend some insight to the issue?
You are right that helping
You are right that helping people select their exit country isn't high on our (already overly long) priority list. Maybe you want to help make it easier or make some better documentation for folks who want it? Thanks!
Please can we not litter OS
Please can we not litter OS X with billions of trace files all over the system. Please keep ALL TBB contained to /Applications/TorBrowser_en-US/. Lets not go back to the old days of data all over the place in /var /private /etc and so on.
OS X already came out the worst in a study of any system in leaving traces of Tor:
Can we keep torrc files within the bundle:
/Applications/TorBrowser_en-US/
Please open tickets with
Please open tickets with issues, and ideally submit patches too?
yes. support the use of arm
yes. support the use of arm with TBB. done.
Sounds great. Make it
Sounds great. Make it happen! This is a community with plenty of room for more people to make things happen. If you're thinking of this as "those Tor people who make and support Tor" and "us users who just use it", you're looking at it wrong.
See https://ocewjwkdco.tudasnich.de/blog/tor-browser-bundle-35-released#comment… for more thoughts.
[Edit: arm -i 9151 will do it]
Last I checked, tinkering
Last I checked, tinkering with exit node selection was explicitly warned against.
I can't seem to find the
I can't seem to find the 64-bit versions for OSX and Windows... but neither were they in the set of files for rc1. I can understand if building them takes time, and they might show up later. Or is the policy to not make them anymore (though I could not find anything indicating that - what did I miss)? If so, what is recommended for users of 64-bit systems? Stick with 2.4, or run the 32bit version 3?
You should run the 32-bit
You should run the 32-bit version of 3.5 for now. I've been doing some work on 64-bit Windows, and I am confident we will begin doing 64-bit OSX bundles again, but I can't give you a timeframe.
ok cool! that is a great
ok cool! that is a great news. Thanks for all the good work you guys are doing!! It is important in you don't know how many ways.
Is a 64-bit version for Mac
Is a 64-bit version for Mac in the works?
(Yes, see thread directly
(Yes, see thread directly above)
Hi could you guys make the
Hi could you guys make the rc tbb downloads easier to find? thanks
TBB 3.5 is now the default
TBB 3.5 is now the default download, so it should be much easier to find now. Let us know if we missed any places!
I'm frustrated about what's
I'm frustrated about what's happened to Vidalia. I find it useful and informative and I certainly don't want to be without it. Tor Launcher refused to let me start Firefox at all until I let it connect to Tor, which I didn't want to do because (1) I wanted to examine it more before letting it connect, and (2) I use Tor separately of Firefox and didn't need Tor Launcher trying to start a second copy. So I deleted Tor Launcher from Firefox and downloaded Vidalia and found the standalone Vidalia bundle is missing libgcc_s_dw2-1.dll and mingwm10.dll, so it doesn't run at all. I had to get those DLLs from an older TBB. It does work fine now though.
In terms of startup times, the only reason Vidalia is slow is because in the GUI it redraws the list of nodes for every node it adds to it (O(n²) complexity!). If it added all the nodes and then redrew it once it would start more quickly and wouldn't periodically stall single-CPU systems every time it decides to refresh the list in the background.
Don't get me wrong: I'm really ever so grateful for Tor, but some things could use improvement.
I'm so sorry about the
I'm so sorry about the missing libraries -- I've uploaded fixed bundles.
I'm having same problem with
I'm having same problem with with mac 3.5: NO Vidalia support!
WTF is going on? No mention of it anywhere!
Not upgrading until I get Vidaila support!
Someone should tell Tomás
Someone should tell Tomás Touceda about the redraw issue.
Well, you could, but he was
Well, you could, but he was really just a friendly fellow helping out while Vidalia was unmaintained.
You could as well say that somebody should tell Matt Edman (the original Vidalia author) about it. Alas, he too has long since decided that maintaining a Qt app was no fun. Vidalia has been unmaintained for years now.
Perhaps you (yes, you) want to pick it up? :)
Glad you got it working. Re
Glad you got it working.
Re startup times, the other big change in TBB 3.5 is that the homepage is a local file (about:tor), so 1) it comes up immediately, and 2) loading the homepage isn't racing the rest of your directory bootstrap info to use the network at the same time (making Tor seem even slower than it will be once the bootstrapping is finished).
We can do this change because Tor launcher does its own version check in the background, so we no longer need to send users to an external website (which is a bad idea for other reasons).
I installed V3.5 a few days
I installed V3.5 a few days ago, and it worked fine until today. Beginning today it brings up the start page, then tells me, "Firefox is configured to use a proxy server that is refusing connections." Without Vidalia we have no tools at all to evaluate something like this.
For the record, I turned off Windows firewall and checked to make sure the Tor Browser was still configured to use the socks 5 proxy on port 9150. It is. I shut down Tor Browser and started up a regular copy of Firefox and everything was working fine.
I can't say that having Vidalia would have allowed me to easily find and fix the problem, but I would have had some idea of what had been going on during the bootup, and I would have had to log to refer to. Was the Tor network down Saturday evening?
Something else I noticed is that a misspelled URL will launch TB off to a search engine. I haven't found a way to disable this behavior.
And yet another question is why the new TBB comes configured to automatically check for search engine updates. It also places a search engine textbox next to the URL bar. I would think that it would be better to disable address line searches. I know that at least google says they don't use those for tracking people, but they certainly could if they wanted to. I always customize those away.
Thanks for an overall great product!
Jerry
"a misspelled URL will
"a misspelled URL will launch TB off to a search engine."
My guess is that this was the behavior of a DNS provider, such as OpenDNS, that your node at the time happened to be using.
The other (and decidedly more sinister) possibility I can think of is that you were the victim of a MITM attack.
"And yet another question is
"And yet another question is why the new TBB comes configured to automatically check for search engine updates."
Funny, mine doesn't.
Give us a bundle with
Give us a bundle with Vidalia back, or a tutorial about how to bring it back...
Right now what I had to do is to download both 2.x and this 3.5 and just merge the
newer TorBrowser to the old package
The TBB 3.5 FAQ, linked
The TBB 3.5 FAQ, linked above, tells you how to fetch a standalone Vidalia and run it with your TBB 3.5.
(Unless you're on OS X, in which case, either sit tight and be patient, or help us make it work.)
The TBB 3.5 FAQ, linked
The TBB 3.5 FAQ, linked above, tells you how to fetch a standalone Vidalia and run it with your TBB 3.5."
The FAQ linked above says nothing about how to get TBB 3.5 _working_ with Vidalia.
For Windows, if you follow the instructions and run "Start Vidalia.exe", then Vidalia will not connect since it can find tor. So, after adding the path to tor in the settings, Vidalia starts tor and sets up a connection. But Firefox from TBB 3.5 refuses to use that connection. So, what do I do next?
(Nor does the FAQ mention that you need to disable the new Tor Firefox Add-on to be able to start the TBB 3.5 bundle when running Vidalia.)
Yeah, don't do it that way.
Yeah, don't do it that way. Let TBB start, and then after that run Vidalia. Your Vidalia should try to connect to Tor's control port, realize that it needs to authenticate, and do so.
At least, that's how it works on Linux. Hopefully it does the same on Windows.
thanks, but sadly that
thanks, but sadly that doesn't work.
Sooner or later there is a solution.
thanks again.
Seems to work for most of
Seems to work for most of the other folks here. Perhaps some Windows user has some tips on what this person might be doing wrong?
How can we ensure if the TBB
How can we ensure if the TBB is really connected to 3 nodes? Sometimes the previous bundles used to connect to one node and I had to change the identity by closing the circuit to ensure that 3 nodes are really working.
A) You're welcome to hook up
A) You're welcome to hook up a Vidalia to your TBB 3.5. See the FAQ linked above for directions.
B) You are confused about how Tor works. Tor does indeed create one-hop circuits sometimes, to do directory fetches in a way that they benefit from encryption. But your Tor does not use those one-hop circuits for attaching actual streams. In short, this sounds like another case where if you'd left it alone it would have been safer.
Thank you for putting
Thank you for putting together a stand-alone Vidalia. Sure, it means that I have to run TBB 3.5 and then run the Start Vidalia thing as well, but that is not a major annoyance.
It will even allow me to 'refresh my identity' using Vidalia, which was the biggest annoyance with TBB 3.5, the fact that getting a new identity closed the browser totally and then reopened it.
Great! In the future
Great!
In the future hopefully we'll have some of the more key features of Vidalia built in to Tor launcher, such as triggering a newnym without closing all tabs, and being able to see what relays are in your circuits.
One way to save having to
One way to save having to start Vidalia up is to 'fix' the 'New Identity' button in TorButton to work the way people who actually use it think it should work. Pretty simple.
Go to the 'Data\Browser\profile.default\extensions' directory.
Rename 'torbutton@torproject.org.xpi' to 'torbutton@torproject.org.zip'.
Unzip this file in the extensions directory. Using the file name as the directory name might be necessary for this to work. Your zip program will probably do this automatically.
Go to the 'torbutton@torproject.org\chrome\content' directory.
Open the 'torbutton.js' file, and search for 'function torbutton_do_new_identity()'. A '{' follows this text. Add the text '/*' after the '{'.
Search for 'torbutton_log(3, "New Identity: Sending NEWNYM");'. Add the text '*/' just prior to this text.
Search for 'torbutton_log(3, "Ending any remaining private browsing sessions.");'. Add the text '/*' just prior to this text.
A little bit further on in the file there will be the text '// Close the current window for added safety' then 'window.close();' Add the text '*/' just after 'window.close();'.
Save the file and launch the TBB. You're done.
Suggest using Notepad++ rather than Windows Notepad for this, as it makes it a lot easier to see what you're doing.. but even without using Notepad++ it's just a couple minutes work all up.
Bring the old format back as
Bring the old format back as I want to ensure that all nodes are working properly.
Thanks.
See the first question in
See the first question in the TBB 3.5 FAQ linked above.
is there any way to check
is there any way to check bandwidth used when as there was on Vidalia? It was useful and pleasant to check how much I sent and how much i received.
See the first question in
See the first question in the TBB 3.5 FAQ linked above.
Now that Vidalia is gone, is
Now that Vidalia is gone, is there any graphical way to configure relaying? I saw the TorLauncher in add-ons but it has no "Preferences".
You've got three
You've got three options.
First, if you're on Linux, you can install the system Tor package (e.g. apt-get install tor) and then set it up to be a relay. You can then use TBB independent of that.
Second, if you're on Windows, you can fetch the separate "Vidalia relay bundle" from the download page and then use that (again you can use TBB independent of it).
Third, you can either hook your Vidalia up to TBB (as described in the FAQ above) or edit your torrc file directly. This option is pretty klunky right now, e.g.
https://trac.torproject.org/projects/tor/ticket/10449
but I'm hoping it will become an easy option in the future.
Thanks!
QUOTE: "First, if you're on
QUOTE:
"First, if you're on Linux, you can install the system Tor package (e.g. apt-get install tor) and then set it up to be a relay. You can then use TBB independent of that."
Pretty please with a cherry on top provide a 'step by step' tutorial for that for us newb Linux converts :)
https://sedvblmbog.tudasnich.de/do
https://sedvblmbog.tudasnich.de/docs/tor-relay-debian (works on Ubuntu too)
If you have further questions, I suggest either asking on irc ( https://sedvblmbog.tudasnich.de/about/contact#irc ) or asking for specific help on the tor-relays list ( https://sedvblmbog.tudasnich.de/docs/documentation#MailingLists ).
Thanks for wanting to run a relay!
Actually, the better answer
Actually, the better answer is probably to point you at the FAQ:
https://trac.torproject.org/projects/tor/wiki/doc/TorBrowserBundle3FAQ#…
I want to start only
I want to start only TorBrowser, without Tor. I alredy have to running on my machine. How do I do that?
https://trac.torproject.org/p
https://trac.torproject.org/projects/tor/ticket/6009#comment:14
extensions.torlauncher.start_tor=false in about:config
thank you tor devs.
thank you tor devs.
Advice to those launching
Advice to those launching the Start Tor Browser.exe of TBB 3.5 FINAL for the first time.
You will have to wait at least 10 minutes for the loading of the relay circuits, something that never happened with TBB 2.x series.
At first I thought TBB 3.5 FINAL was still buggy and was about to revert to using TBB tor-browser-2.3.25-15_en-US.exe when after about 10 minutes, the former launched successfully.
Now whenever I launched TBB 3.5 FINAL, it starts up way faster than tor-browser-2.3.25-15_en-US.exe ever did.
Thanks to Tor developers for this software. We users certainly hope that it will provide greater anonymity and be more robust than the deprecated software.
Actually, it's not supposed
Actually, it's not supposed to take 10 minutes. I assume you had a hiccup on one of your directory fetching circuits or something. Sorry for the troubles.
You could try blowing away your current TBB and unpacking a new one, and see how the second attempt fares?
Mine does this every time.
Mine does this every time. It doesn't seem to be creating any data in my data directory either. What is it supposed to be doing and why doesn't it save the result?
Did you unpack your Tor
Did you unpack your Tor Browser into a directory that you don't have write permissions for?
Suggestion to Tor developers
Suggestion to Tor developers of TBB 3.5 and above series
Could you please state clearly on the appropriate web pages who sign(s) the TBB bundle?
For TBB 2.x series, it was stated clearly that Erinn was the only signer.
As for TBB 3.5 and above series, who is the signer? Is it still Erinn?
Erinn still signs the .asc
Erinn still signs the .asc files that you're used to checking.
But there's actually a smarter way to check the signatures as of TBB 3.5, which resists a few subtle attacks that probably don't matter currently but might matter in the future.
See the "How do I verify the download (sha256sums.txt)?" question in the FAQ linked above.
"Manage cookie protection"
"Manage cookie protection" don't work (windows version). How can I see and delete cookies? In old version all cookies was there and I saw them.
Confirmed. Keep an eye on
Confirmed. Keep an eye on (or help with! :)
https://trac.torproject.org/projects/tor/ticket/10353
Hi all I want to link
Hi all I want to link Vidalia to the new 3.5 TBB, I downloaded & extracted the stand alone package to a seperate folder, now how/where do I put the start script in so the open and are linked, I want map and abillity to new ID without browser refresh ass I use many tabs, Thanks
Step one, start TBB. Step
Step one, start TBB. Step two, start your Vidalia.
Sounds fishy to me, for some
Sounds fishy to me, for some reason they want you to run the browser naked first, easier for the browser to phone home through some backdoor bypassing tor maybe?
Sorry, but the idea doesn't
Sorry, but the idea doesn't fit with the facts. Vidalia isn't some magic thing that lets you check whether your browser is making connections that bypass Tor. You can use some other tool for that (and you should!), whether you are attaching a Vidalia to your TBB or not.
bring back vidalia this is
bring back vidalia this is total bullshit version
why dosint the browser start
why dosint the browser start trough vidalialia like it used when i use it to start 3.5 trough that standalone bundle , it greenlights but no browser
Step one, start TBB. Step
Step one, start TBB. Step two, start your Vidalia.
The startup time
The startup time improvements in 3.5 are massive but there is some work to do. In TBB 2.3.x I used Vidalia to reconfigure and run as a Relay. Now TBB by default is running as Client-Only that is less secure (IMHO because it does not obfuscate the traffic I generate by mixing it into relay traffic). I also want to torrify other apps such as Bitcoin. I know about editing Torcc but I want to do it "in proper way".
Vidalia Standalone Bundle is not a real solution. TBB 3.5 uses cookie as control port auth, Vidalia wants to use random password. The Vidalia also now throws out uncensored .onion addresses in it's log claiming it is not supported.
I think I will need to run Vidalia Relay Bundle for all my other apps together with TBB for browsing. If they don't attempt to interfere with each others instance.
The new Tor is great with
The new Tor is great with its fast circuits. The rest is meh as usual.
Give me Vidalia or give me death!
(I know about the FAQ but I had to say that.)
* With all due respect:
* With all due respect: Without Vevida it really sucks *
- Unable to see network connections. or if any connections are established in the first place.
- Unable to instantly check to which countries or nodes you are connected.
- Firefox’s preferences content is dramatically reduced until pretty unusable.
I’m losing my trust rapidly. What are you doing?
From now on Tor is for kids and foolish people only?
Download page says: "This
Download page says: "This package requires no installation. Just extract it and run." but I get an .exe file that I must install. If I extract and try to run I always get an error message. What am I doing wrong?
You say "This package
You say "This package requires no installation. Just extract it and run." but download is an .exe ...wft?
I opened
I opened https://trac.torproject.org/projects/tor/ticket/10452 for the issue -- please help!
Using the 63 Bit Linux
Using the 63 Bit Linux version...I go into settings and cannot locate where to disable JAVA...option is gone in this new release...
Yep.
Yep. https://trac.torproject.org/projects/tor/wiki/doc/TorBrowserBundle3FAQ#…
Please try not to confuse
Please try not to confuse Java*Script* with Java.
Thanks.
The censored users - MUST
The censored users
- MUST see the Tor circuits,
- MAKE SURE the excluded country nodes are not in the circuits, and
- SEE the Tor ststus/error messages.
Without Vidalia this is all taken away. Do you suppose now we need to blindly trust everything and always? Or we need to dig in the files to return Vidalia manually?
OK, Vidalia is bad (per mentioned above FAQ), but please develop a modern informative substitute. Come on.
It's in the works -- faster
It's in the works -- faster if you help.
In the mean time, feel free to use the standalone Vidalia workaround.
Thank you for all your hard
Thank you for all your hard work.
FYI-- GET INFO tells me that I have downloaded Tor Browser Bundle 1.0, copyright 2010 instead of the 32-bit Mac version of 3.5, copyright 2013. Assume it was a labeling oversight.
Looks like
Looks like https://trac.torproject.org/projects/tor/ticket/10444
With 3.5 the message "Tor
With 3.5 the message "Tor unexpectedly exited" appears when adding to torrc
SocksPort 127.0.0.1:9999
Or any address and port.
Also, TorBrowser crashes on exit when setting in options
"Show my windows and tabs..."
And when re-opened, it of course does not set the window size properly if the size has been altered before closing. Is this intended behaviour?
For the SocksPort part, that
For the SocksPort part, that looks like https://trac.torproject.org/projects/tor/ticket/10447
If you can repeat the Tor Browser crash, please open a ticket about it at bugs.torproject.org. Thanks!
Javascript is enabled by
Javascript is enabled by default.
Quote: "We configure NoScript to allow JavaScript by default in the Tor Browser Bundle because many websites will not work with JavaScript disabled."
Okay fine, what happened to the option to shut it off, its not longer under content.
Wtf is going on?
Alas, Mozilla decided to
Alas, Mozilla decided to remove that option in Firefox 24. Here's the recommended fix:
https://trac.torproject.org/projects/tor/wiki/doc/TorBrowserBundle3FAQ#…
Why is there no longer an
Why is there no longer an option and no mention of the removal of enabling/disabling javascript from FF options? Also, "allow scripts globally" is enabled by default in noscript.
https://trac.torproject.org/p
https://trac.torproject.org/projects/tor/wiki/doc/TorBrowserBundle3FAQ#…
https://sedvblmbog.tudasnich.de/docs/faq#TBBJavaScriptEnabled
Just like to say thanks for
Just like to say thanks for the new bundles - in particular the stand alone Vidalia. I too had a few problems with the two missing dlls but I managed to locate them in the previous Tor bundle and put them in my System32 folder.
Now everything works fine.
Thanks again.
Tor Browser
Tor Browser 3.5-MacOS
Javascript is on by default, with no obvious way to it turn off.
Why has the option been removed from preferences, and where has it been moved to?
Also, may I please have a link to *correct* article(s) on Javascript and cookies when using tor. There is much to much conflicting information out there.
https://trac.torproject.org/p
https://trac.torproject.org/projects/tor/wiki/doc/TorBrowserBundle3FAQ#…
is the short answer.
As for correct articles, the story is alas complex and changing.
I recommend
https://sedvblmbog.tudasnich.de/projects/torbrowser/design/
and
https://sedvblmbog.tudasnich.de/torbutton/en/design/
as good reading.
In all the previous TBB
In all the previous TBB versions Javascript needed to be manually disabled.
I'm no techie so I ask Is Javascript now permanently disabled in TBB 3.5 - otherwise how would I go about doing this please.
TIA
https://trac.torproject.org/p
https://trac.torproject.org/projects/tor/wiki/doc/TorBrowserBundle3FAQ#…
TBB-3.5 not started without
TBB-3.5 not started without tor from TBB. To use transparent torification with Linux system tor, first remove tor-browser_en-US/Data/Browser/profile.default/extensions/tor-launcher@torproject.org.xpi,
then go to Torbutton preferences and select "Transparent Torification (Requires custom transproxy or Tor router)". Press OK and restart TBB.
How do you turn off
How do you turn off Javascript in tor browser and why is it on by default? I have heard many bad things about Java. please advise
https://trac.torproject.org/p
https://trac.torproject.org/projects/tor/wiki/doc/TorBrowserBundle3FAQ#…
Also, be sure not to confuse Java (generally a really bad idea) with JavaScript (not a particularly good idea either, but sure does break a lot of websites if you disable it).
It is more accurate to state
It is more accurate to state that many websites break themselves by relying on javascript, and expecting visitors to enable js to fix the defective website.
Proper website design requires testing the site then adding frills such as js later.
that is correct
that is correct
vidalia is more user
vidalia is more user friendly that new tor launcher
the new version might be
the new version might be good for pro. users but i'm afraid it's not user friendly and isn't easy to me to set it up! i have no idea abt the information it wants me to enter! setting proxies?! is my isp open for tor servers or not?! are you kidding? how could a non-professional user could know these? i hope "tor" could be as helpful as always again :)
Please help us make it
Please help us make it easier.
What make you click 'configure' rather than 'connect' on the opening page?
you are absolutely right
you are absolutely right man! I've gone to the wrong direction. today i tried again and i must correct what i said yesterday (in the comment above) and apologize for that of course :)
the new Tor software is really great! faster and lighter than older ones and i have nothing to say but thank you "Tor" guys for making a way for us to connect to the web securely; specially in Iran that you have no idea about the largeness of its filtering system formed by the gov.!
How to disable javascript in
How to disable javascript in TBB 3.5?
https://trac.torproject.org/p
https://trac.torproject.org/projects/tor/wiki/doc/TorBrowserBundle3FAQ#…
This new version doesn't
This new version doesn't start and always tells me Firefox is already running, but I don't even have Firefox installed.....
Fun. What version, what OS,
Fun. What version, what OS, how are you installing it, etc?
Well, the 3.5 Version of
Well, the 3.5 Version of Tor.
I'm using Windows 8 and installed it normally into program files.
I'm starting the Tor exe then and get this weird error message.
Any Windows 8 users have any
Any Windows 8 users have any hints here?
I have seen this behavior
I have seen this behavior with firefox in other versions and other platforms (when firefox is closed ten reopen attempted. It seems firefox doesn't always close cleanly. Check task manager and close any instances of firefox and try launching again. In Linux the "kilall firefox" command always does the trick.
Yeah, but I don't have FF
Yeah, but I don't have FF installed. xD
Well, but I feel stupid know. I got around the problem by just opening Tor as an administrator. I only didn't thought of that because the error was me directing in a totally different direction.
Ah ha. I bet if you unpack
Ah ha. I bet if you unpack TBB into some directory that you have permissions to, you won't have to run it as administrator. (Doing that seems wiser all-around.)
Why is there no safe,
Why is there no safe, separate, zip file to extract and run apart from my regular installation? I'm not going to run an installer, I want everything separate and with no changes applied to my main machine!
Actually, the installer just
Actually, the installer just sticks stuff in a self-contained directory, just like unzip did.
I've opened https://trac.torproject.org/projects/tor/ticket/10452 as a central point of discussion on making things clearer. Please help!
WTF ? We've gone back to
WTF ? We've gone back to days of installers ?????
How does TBB 3.5 install on OS X? It's not gonna ask me for username/password is it ? It used to be just a zip you unpacked then a file you dragged to /Applications/
Do you know what ? I really think a lot of bad design decisions have been made with 3.5, they are just plucked out of thin air and undermine trust in the product. And trust is critical here. You can't make this kind of software just from the point of what works for devs mechanically, and I wonder anyone is learning this by now.
No, the OS X one is still
No, the OS X one is still just a zip file.
We only added the installer for Windows users, because they were the ones we consistently saw unpacking it wrong.
Why is the new Tor asking
Why is the new Tor asking for a file in my user folder called "geoip6"?
Sounds like
Sounds like https://trac.torproject.org/projects/tor/ticket/10425
why the new bundle exe file
why the new bundle exe file and not a zip file ?
See above discussion
See above discussion pointing to https://trac.torproject.org/projects/tor/ticket/10452
Thanks!
"But smart users don't
"But smart users don't *know* that that's all it's doing. We should a) make it clearer in the installer text itself that TBB remains self-contained in just the directory they specify, and b) make it clearer on the download webpage when they're fetching it."
smart users don't want to be infected by some shit by exit-node (fake exe)
Well, this is why you must
Well, this is why you must check the signature on the thing you download, whether that thing is a zip or an exe.
If you're worried about getting a fake Tor bundle, and you're happy with a zip file but not happy with an exe installer, but inside the zip file is an exe file that you'll happily run... you're doing it wrong.
All of that said, checking signatures in Windows is horrible. Maybe somebody here will write up some better instructions on how to do it more easily?
To make it easier for the
To make it easier for the NSA to inject virus into the exe files some (not all) people download.
New version is bad. Can't
New version is bad. Can't use it to log into ebay. Downloads don't show in download tabs.
I don't know about the ebay
I don't know about the ebay part (works for me? ebay is blocking logins from some Tor exits?), but the second issue is because this is Firefox 24 not Firefox 17. Firefox 17 is unmaintained now. Sorry you're railroaded into a newer browser, but Mozilla hasn't left people much choice.
Where is the option to
Where is the option to disable javascript on the windows version? It is not in the same spot in the options menu that is normally is, and I can't find it. Someone pls respond.
https://trac.torproject.org/p
https://trac.torproject.org/projects/tor/wiki/doc/TorBrowserBundle3FAQ#…
And when NoScript fails to
And when NoScript fails to block JS due to some bug in it, an exploit will gladly run on targetted system.
Yep. I just added an extra
Yep. I just added an extra note to https://trac.torproject.org/projects/tor/wiki/doc/TorBrowserBundle3FAQ#… suggesting disabling it via about:config too.
what is "about:config" ?? I
what is "about:config" ?? I cannot find that anywhere.
http://kb.mozillazine.org/Abo
http://kb.mozillazine.org/About:config
(in the future, try your favorite search engine)
Which is most likely the
Which is most likely the address bar. Which answers the question immediately. Heck even the start page of TBB 3.5 is about:tor
"And when NoScript fails to
"And when NoScript fails to block JS due to some bug in it"
How likely is that to happen? Has it ever?
Meanwhile, JavaScript is but one attack surface out of MANY others.
Minor issue but it was a
Minor issue but it was a nasty surprise when the new identity button closed down all my tabs and restarted the browser instead of just fetching a new identity as it used to. At least a warning before it does that should be there. It's not easy to recover things on a browser that does not and should not recover history, forms etc. Let's not make this worse. Is the restart absolutely necessary? Thanks for the great work so far.
https://trac.torproject.org/p
https://trac.torproject.org/projects/tor/wiki/doc/TorBrowserBundle3FAQ#…
How do I manually disable
How do I manually disable javascript in the FF browser? I see a thing for Java, but not JS?
https://trac.torproject.org/p
https://trac.torproject.org/projects/tor/wiki/doc/TorBrowserBundle3FAQ#…
I don't know how to set up
I don't know how to set up my relay without vidalia.
Why isn't there a simple
Why isn't there a simple package without installer available? All the descriptions still say "just unzip", which is clearly wrong since you need to run an .exe now.
I
I opened
https://trac.torproject.org/projects/tor/ticket/10452
and
https://trac.torproject.org/projects/tor/ticket/10454
for the two pieces. Thanks!
When i install this 3.5
When i install this 3.5 version, all the files in the folder are dated 1999
is this normal?
Yes, it's normal. I added a
Yes, it's normal.
I added a FAQ entry for it:
https://trac.torproject.org/projects/tor/wiki/doc/TorBrowserBundle3FAQ#…
What happened to the content
What happened to the content tab in FF? There is no javascript enable button thing there anymore. How do we reliably disable JS in the browser?
https://trac.torproject.org/p
https://trac.torproject.org/projects/tor/wiki/doc/TorBrowserBundle3FAQ#…
Don't have the 'new
Don't have the 'new identity' button that's on Vidalia.
For some reason, download progress doesn't show on firefox.
Only good about this is the startup speed. Very fast!
There actually is a 'new
There actually is a 'new identity' -- click on the green onion in the browser, near the address bar.
*But*! You may be surprised by its behavior. See
https://trac.torproject.org/projects/tor/wiki/doc/TorBrowserBundle3FAQ#…
wheres vidalia ?
wheres vidalia ?
https://trac.torproject.org/p
https://trac.torproject.org/projects/tor/wiki/doc/TorBrowserBundle3FAQ#…
Where have you been? Read
Where have you been?
Read TFB(log)P(ost)
I still cannot find where to
I still cannot find where to disable JAVA????
TBB disables plugins like
TBB disables plugins like Java automatically.
*But*, I assume you are confusing Java and JavaScript. They are different things.
You might like
https://trac.torproject.org/projects/tor/wiki/doc/TorBrowserBundle3FAQ#…
What happened to Load images
What happened to Load images automatically and Enable JavaScript options in Edit > Content? May I disable JavaScript thru about:config?
I'm too very interested to
I'm too very interested to find the answer!
WTF? It's most important options and no info about how to handle this through the config file or menu interface! Maybe NSA/CIA pressured you to delete this options???
If you want your conspiracy
If you want your conspiracy theory, you should wonder if NSA/CIA pressured Mozilla to delete the options from Firefox. That's just how the new Firefox is, and TBB contains to be based on Firefox because it's still the best browser for us to be able to fix all the privacy issues in:
https://sedvblmbog.tudasnich.de/docs/faq#TBBOtherBrowser
I found the solution! You
I found the solution!
You need to go about:config, find "permissions.default.image" and change the value from 1 to 2.
TorButton > Cookie
TorButton > Cookie protections not working, no cookies there (Linux 32 and 64 bit tested, Win/Mac not tested).
Modifications on TBB:
start-tor-browser.sh: add "export TOR_SKIP_LAUNCH=1"
TorButton > Preferences > Socks Proxy to 127.0.0.1:9050; No proxy for 127.0.0.1, 192.168.0.0/24
NoScript > Disable Scripts Globally
Bookmarks > Show All > Restore ...
https://trac.torproject.org/p
https://trac.torproject.org/projects/tor/ticket/10353 might be what you're looking for?
How to disable javascript
How to disable javascript now? There's no option anymore in "content". How to get rid of tab bar?
And is it now right way to put proxy in "preferences" 'cause there is no vidalia anymore? Generally have to say that I don't like these changes.
https://trac.torproject.org/p
https://trac.torproject.org/projects/tor/wiki/doc/TorBrowserBundle3FAQ#…
A lot of the changes you don't like may well be from Firefox 24 vs Firefox 17 (which is now unmaintained).
For configuring the browser's proxy settings, click on the green onion and select "preferences" (which brings you to the browser proxy settings page).
For configuring Tor's proxy settings (e.g. if you need to go through a proxy to reach the Internet), click on the green onion and select "open network settings".
how to disable javascript in
how to disable javascript in this version?
Two questions for the new
Two questions for the new TBB:
- how to disable Javascript in Firefox? The option is not there anymore.
- how to set Tor as a non-exit relay without Vidalia?
Thanks.
downloaded torbrowser 3.5
downloaded torbrowser 3.5 for mac today but it does not work. cant connect to any webpage at all. never had such problems with any tor package before in years and have not changed any other spec on my mac running latest build mavericks.switching back to previous tor-vidalia package works as always. whats wrong here with 3.5 ?
with vidalia no more i cant even start to figure out where to start getting tor 3.5 working....
The same thing is happening
The same thing is happening to me! It lets me access the public web, and only a very limited amount of .onion sites -- basically only hidden wiki or torsearch sites. How can I fix this?
I'm having the same problem.
I'm having the same problem. TBB 3.5 on latest OS X does not connect to any websites. I opened a bug ticket. Hopefully we OS X users get some love from the Tor community.
I have a problem with a new
I have a problem with a new versions of TOR browser last few months.
It seems that there is some problem with the CPU priority now with tabs.
With old versions ( In the first half of this year ) when tab was downloading a new site - other tabs was run smoothly - they work with no brakes and lags .
But in a last 3 or 4 month new TOR browser versions have a nasty habit - when some page is downloading other tabs are lagging and works very slow.
Сan you fix so that other tabs don't slowing down when one tab opening or refreshing something?
PLEASE!
p.s. sorry for my terrible english, i hope you can understand me and get optimal performance browser back to normal.
I use Tor with other
I use Tor with other applications. I have been utilizing TBB to initiate the tor connection. With the new bundle closing firefox now closes the tor connection. Where can I find a stand-alone tor application for Linux.
If you're on Debian or
If you're on Debian or Ubuntu, apt-get install tor
See also
https://sedvblmbog.tudasnich.de/download/download-unix.html.en
But be sure to use TBB when you want to browse over Tor:
https://sedvblmbog.tudasnich.de/docs/faq#TBBOtherBrowser
Can you bring back the
Can you bring back the control panel, please?, and there's a big problem when getting some new identity: all of my tabs are erased and we have to start from zero.
Thanks for this awesome and useful service!
Kind regards.
https://trac.torproject.org/p
https://trac.torproject.org/projects/tor/wiki/doc/TorBrowserBundle3FAQ#…
and
https://trac.torproject.org/projects/tor/wiki/doc/TorBrowserBundle3FAQ#…
Thanks!
The sha256sums.txt was not
The sha256sums.txt was not on the download page but it is in the archive.
Great point. I've
Great point. I've opened
https://trac.torproject.org/projects/tor/ticket/10455
Thanks.
Where is the documentation
Where is the documentation for running Arm? It looks like it will provide some of the functionality/information I'm used to seeing in Vidalia. I cannot find any documentation or tutorial about how to use it.
https://www.atagar.com/arm/do
https://www.atagar.com/arm/download.php
Your main challenge will be hooking it up to the control port, with the control port authentication, that Tor Launcher configured Tor to use.
If you pick a control port of 9151, it might just work, if it knows how to do cookie authentication.
That said, be sure you've looked at https://trac.torproject.org/projects/tor/wiki/doc/TorBrowserBundle3FAQ#…
Thank you for the response.
Thank you for the response. However, I'm looking for general documentation about how to configure and use it. I've switched to using the daemon.
Once you've installed the
Once you've installed the tor-arm deb, look in /usr/share/doc/tor-arm/ for e.g. the README.
If you still have questions I suggest catching atagar on irc -- he's often happy to help, even though he's mostly moved on to working on Stem.
The close all tabs
The close all tabs functionality is a very inconvenient feature. Scrubbing application level data is a great idea but losing the tabs introduces other problems like having to store the urls and half-completed e-mail texts on temporary files elsewhere. Huge problem for people running the tor bundle from encrypted containers. It's also a huge pain in the rear to do that often, it introduces unneeded reloads of pages which might provide some extra traffic analysis data and it also increases bandwidth usage on the tor network.
That may also be related to a bug which makes dictionaries unusable on some sites which wasn't present in the previous version.
Yep -- see the tickets
Yep -- see the tickets linked from https://trac.torproject.org/projects/tor/wiki/doc/TorBrowserBundle3FAQ#…
As for the dictionaries issue... maybe that's a Firefox 24 issue? Or maybe it's a Tor Browser patches issue? Or maybe those sites started blocking Tor exits between then and now? You should maybe file a ticket (bugs.torproject.org).
Where is Vidalia!? There
Where is Vidalia!?
There isent a control panel anymore why!?
You dont have the worldmap with a transparent view of the connections anymore.
This version hides something in the inner core.
Sorry but the new version is bullcrap!
https://trac.torproject.org/p
https://trac.torproject.org/projects/tor/wiki/doc/TorBrowserBundle3FAQ#…
At that link it says: "Where
At that link it says:
"Where did the world map (Vidalia) go?
Vidalia has been replaced with Tor Launcher, which is a Firefox extension that provides similar functionality. Unfortunately, circuit status reporting is still missing, but we are working on providing it. "
My strong suggestion and humble request is that you provide it again very, very soon because without allowing users ther transparency to physically see the built circuits, userrs will feel nothing but suspicious of torproject having been pawned by the evil NSA deamons who seek to destroy the liberty of billions....
Keep reading the FAQ entry,
Keep reading the FAQ entry, so you get to the part where there's a workaround that lets you hook up Vidalia to TBB 3.5.
Idea about new install
Idea about new install package (I mean Nullsoft Install System) - IT'S VERY VERY BAD IDEA. Not portable - S**K. Please make 7z.
P.S. Sorry for my bad English.
I've opened the general
I've opened the general issue as https://trac.torproject.org/projects/tor/ticket/10452
Please help with making a solution that you'll be happy with!
I'm using Tor 3.5 Windows
I'm using Tor 3.5 Windows version.
I can't get the Tor browser settings to work as they should, it won't save any cookies at all or if it does I can't view them (I see that part has already been mentioned) but also if I set the Tor browser options to Use custom settings for history and then also set Accept third-party cookies to "Never" it won't save the setting, it just resets back to never remember History the next time I check the setting, *After saying that I now can't get it to save the setting back to "Never remember history" so I don't know what's going on with it.
For the cookie issue, see
For the cookie issue, see https://trac.torproject.org/projects/tor/ticket/10353
I just checked perfomance of
I just checked perfomance of TOR browser on XP with two different versions of TOR browser
2.3.25-13 - work smoothly and fast
3.5 - work laggy, heavy load of processor
Why new TOR browser now works so badly ?
I wonder if this is related
I wonder if this is related to https://trac.torproject.org/projects/tor/ticket/9084 -- we disabled a few hardware performance features on XP because it was causing crashes.
Windows XP? Isn't support
Windows XP?
Isn't support ending very soon?
Hope you are prepared.
The new bundle is very
The new bundle is very snappy. Thanks. :)
As someone who is not a
As someone who is not a techie, this new version is a nightmare. I deleted the old tor browser on my computer when told there was an updated version (I run fedora) and downloaded the new one. When I open Tor Browser, it instantly says "Tor unexpectedly exited" and I know no way to fix this. I cannot re-install the old packages. Now I have no way to be anonymous online without spending hours banging my head against a screen and probably failing anyway because I am not literate in the technical conversations taking place here. I essentially have no way to use tor now. This is so frustrating.
Are you running some Tor
Are you running some Tor thing already?
Are you sure you picked 32-bit vs 64-bit correctly?
This was happening to me
This was happening to me too... but I realized I'd quit the old browser but still had Vidalia open. As soon as I quit everything else, it worked fine.
I have the same problem.
I have the same problem. Using a live USB running Precise Puppy v5.4 on a 32 bit PC I was very comfortable installing the frequent Tor updates over the last couple of years. This v3.5 downloads ok, but says "Tor unexpectedly exited" when you try to start it. I am not a techie and cannot fix this, or find an answer on the web. Any ideas anyone?
I upgraded to Precise Puppy
I upgraded to Precise Puppy v5.7.1 and the problem went away.
why everytiime i download
why everytiime i download the version 3.5 i am getting the tor but when i check the application to start it say made in 1999 or its old as fuck someone help me out here i have been trying to get this update for a couple of days now
The timestamp is fine. See
The timestamp is fine. See https://trac.torproject.org/projects/tor/wiki/doc/TorBrowserBundle3FAQ#…
Old versions
Old versions here:
https://archive.torproject.org/tor-package-archive/torbrowser/
September or october...
Feel free to use older
Feel free to use older bundles if you really want to, but be sure to consider the lesson from
https://lists.torproject.org/pipermail/tor-announce/2013-August/000089…
when considering running an unmaintained version of Firefox.
This just in... The release
This just in...
The release of Tor 3.5 (aka New Coke, Windows 8, etc.) has many users baffled where the Vidalia control panel as gone. Many users seem blind-sighted (aka struck by surprise from an unexpected direction). With all the confusion and frustration being expressed by it's user base, it waits to be seen if the developers will be soon releasing a Classic Tor or Tor Blue version within the coming weeks.
More news at 11...
Well, maybe you like the
Well, maybe you like the Vidalia standalone bundle?
Or maybe you would like to help maintain a bundle you prefer better, starting with fixing the growing set of bugs in Vidalia, which has alas been unmaintained for years?
Also, it's "blind-sided", not blind-sighted -- but let me take this opportunity to tell everybody to read Peter Watts's great book "Blindsight". :)
HA!. this guy!
HA!. this guy!
Vidalia Control Panel can
Vidalia Control Panel can still be manually loaded AFTER connection is established with Tor 3.5.
Download Vidalia Standalone from:
https://people.torproject.org/~erinn/vidalia-standalone-bundles/
The Tor Project has replaced Vidalia with a Firefox Plugin known as TorLauncher. A major reason being cited is because Tor loads faster this way, and indeed it does seem to. I still like Vidalia and still use it to view my Network Map, Tor bandwidth, to switch relay services on/off, and change other settings.
The new version seems also
The new version seems also to make trouble on sites with crappy old/weak TLS logins. Maybe an issue of FF or its cookie handling??? TBB Refuses connection without warnings or errors. So what are the options if you want to use a login on these particular sites? Using the old version of TBB with support of "bad cryptography" or using the new TBB with no cryptography (using unsecured http login)? Bruce Schneier has his personal opinion about this topic.
More details needed. Maybe
More details needed. Maybe this is an issue with Firefox 24 vs Firefox 17?
It seems to be more like a
It seems to be more like a problem with cookie handling in private mode. After unchecking the Torbutton options "Don't record browsing history or website data (enables Private Browsing Mode)" all seems to be OK. Also the FF option under Privacy "Accept cookies from sites" have to be checked. 3rd-party cookies can be disabled. Is it also possible, that this preference is not corresponding with the Torbutton option "Restrict third party cookies and other tracking"?
If the FF option (also Privacy) "Always use private browsing mode" is checked no cookies are listed under "show Cookies...", if unchecked cookies are listed.
Is
Is https://trac.torproject.org/projects/tor/ticket/10353 related?
This whole FF issue with
This whole FF issue with removing the javascript preference in the content tab, coupled with the cookie "haze", should be viewed with suspicion. Sure, you can supposedly still disable JS by doing the about:config thing, but a lot of, if not most, people are going to trust in Tor or Noscript or whatever.
One can rightly say that not all exploits and other crap use javascript to execute, but JS is the easiest vector to manipulate to unmask people. That is Exactly why the NSA and the UK people use it.
Perhaps the tor project should look into partnering with other browsers that don't make it hard for the ordinary layperson to disable JS and cookies.
It was always understood as a FUNDAMENTAL thing - if you wat to surf safe, disable JS and cookies. Any org that makes it more and more difficult to do these basic things should be viewed suspiciously.
The other browsers lock down
The other browsers lock down extensions even more in terms of what they can do to change browser behavior -- so a lot of the contortions that Tor Browser Button goes through:
https://sedvblmbog.tudasnich.de/torbutton/en/design/
https://sedvblmbog.tudasnich.de/projects/torbrowser/design/
are downright impossible in things like Chrome without a huge amount of rewriting (which in turn means that when they change their code your patch breaks).
https://sedvblmbog.tudasnich.de/docs/faq#TBBOtherBrowser
points to
https://ocewjwkdco.tudasnich.de/blog/google-chrome-incognito-mode-tor-and-f…
which lists some Chrome bugs that remain blockers for moving TBB to Chrome.
Unless you had a different free-software browser in mind?
Isn't it kind of funny how
Isn't it kind of funny how people have such an emotional attachment to a simple utility like Vidalia? For years it's served as their assurance that everything is right in onionland and taking it away is like removing a baby from his mother's nipple. A valuable lesson for software projects...
In all seriousness arma deserves a round of applause for dealing with very frustrated people in such a friendly way.
... and users deserve to be
... and users deserve to be able to see for themselves that a three hop circuit has been built over three different continents as apposed to not being able to see... leaving open the possibility of a one or two hop circuit with entry and exits both within the USA's cess pool of a country along with the inherrant likihood that the NSA will own one or both of those servers.
Unless I have been allowed the opportunity by the developers to see for myself the built cuirciuts (as used to be the case), I cannot have any confidence in tor because transparency is essential to trust.
First, you're welcome to
First, you're welcome to hook up Vidalia and resume watching your circuits (see above FAQ). I hope we'll have that functionality in Tor Launcher soon too.
Second, you should learn more about Internet routing -- if you think that "has three relays in US" is unsafe and "has not all three relays in US" is safe, you're doing it wrong. :( The question is what networks the *links between relays* traverse. For example, traffic from Ecuador to Peru often goes through Miami. The Internet is centralized in a really scary way.
See also
http://freehaven.net/anonbib/#feamster:wpes2004
which led to
http://freehaven.net/anonbib/#ccs2013-usersrouted
which led to
https://ocewjwkdco.tudasnich.de/blog/improving-tors-anonymity-changing-guar…
"if you think that "has
"if you think that "has three relays in US" is unsafe and "has not all three relays in US" is safe, you're doing it wrong."
And pathetically deluded.
Thanks. What you're not
Thanks.
What you're not seeing here is all the frustrated people who have been dealing with all the Vidalia bugs over the years (yes, actually years) that it's been unmaintained and rotting.
The only way to see, which
The only way to see, which exit I am using, is to visit https://atlas.torproject.org - but this site requires JavaScript. I'd think, there should be a non-JS version for security reasons?
Totally agree.... torproject
Totally agree.... torproject should lead by example in not forcing surfers to enable JavaScript.
I for one prefer to NEVER enable JS if at all possible for obvious reasons such as the NSA's MITM attacks seamlessly redirecting you to a Foxacid server to be fuggin owned regardless of the fact that the site you were attempting to view might have had a harmless JS script, the JS that that MITM page contains or calls may well not be benign and in fact likely will be malicious if it is from the NSA (Never Serve America).
In simple terms, leaving JS enabled even for sites you trust like Goggle (if your a dumb F@%K) or even DuckDuckgo or torproject leaves you completely open to the most malicious and 0-day JS out there if the NSA uses their fraudulent, stolen and illegitimate privileged positions on the WWW backbone to MITM or MOTS you.
Therefore torproject should NOT publish html pages with functionalities that are essential to users of the software that ONLY operate if JS is enabled.
Come on, get serious guys, not only should you lead by example with your own site by rejecting mandatory JS functionalities, you should adopt the policy of recommending to all your industry peers to do the same with their websites.
First, as far as I
First, as far as I understand the Quantum attacks don't rely on Javascript in any way. Though I'll grant you that some of the Foxacid exploits use them -- but seriously, if that's your adversary, these people have like a 7 or 8 figure budget for buying browser exploits. We need way way better sandboxing in general before we can have those conversations.
As for whether atlas or globe use Javascript... they were both written by nice volunteers, and now we point people at them because we don't have better ones. If you want them to work better without Javascript, become one of the nice volunteers!
I guess we could throw them away, but there would be a lot more people yelling about "what did you do with atlas" than there are currently yelling about "omg atlas uses javascript".
Also, throwing away things written by nice volunteers is not a good way to have a community.
I understand and appreciate
I understand and appreciate your point, it's a valid point, throwing away things written by nice volunteers is not a good way to have a community.
However I think that you are dangerously misplaced in so far as your assessment of the potential and actual harms in the situation being discussed.
Yes, the NSA is my and every bodies adversary because they are the predominant force committing these illegal and damaging hacks.
You might have given up any hope of defending from them, but thank god that many/most of us have not and never will.
Whatever can be done to defend, should be done, simple.
Even if it is just to defend against the NSA finding out one little minor piece of personal info that is not really vital or damaging because it is NONE OF THEIR DAMN BUSINESS and they are doing both minor and major infractions of privacy to MILLIONS of individuals daily adding up to untold and gargantuan suffering/hurt/harm amongst unsuspecting innocent humans both men, women and children.
Therefore, such things as a few hurt feelings that may be felt by a volunteer who's creation is removed or modified simply pales in comparison to the truly deeply damaging outcomes that can and do occur when the NSA gets root on a Linux box or drops a Trojan on a Winblows box.
I'm thinking of a activist who is working to promote knowledge amongst the general population of the systematic yet semi-covert stripping of the few remaining civil rights of the citizen against the unlimited power of the state.
The NSA identifies this individual via the repeated keywords of interest like 'civil liberties', 'protest', 'freedoms', 'tyrannic' etc etc that it keeps pulling from data steams of this individuals internet activities via Deep packet inspection using its fiber splitters in its secret rooms at the major ISP's
It then performs a MITM on this individual, redirecting them to a Foxacid server and uses a 0-day to compromise their OS.
From there, analysts pour over the PC's contents, determine that this individual is indeed a determined champion of personal liberties and is actively taking daily measures to work towards thwarting Big Govts Orwellian agenda.
The NSA then decides that this individual is a true threat to the Govt's planned totalitarian dictatorship and so contacts the FBI and hands over a dossier of info from the compromised PC (planted illegal materials) along with giving the FBI the PC's encryption key that they obtained from RAM.
They instruct the FBI to use 'parallel construction' to recreate the investigation trail to say that they obtained the password voluntarily from the PC's owner in a their word against ours scenario and proceed to federally prosecute the poor individual for whatever they planted on the PC.
They successfully remove the threat to their most evil plans.
All that is not to mention, senators whos PC's are breached and secrets stolen and used to blackmail them into silence and compliance in voting for whatever bills the blackmailers want them to vote on or reject.
Why do you think that congress recently just gave the NSA an additional 60 MILLION to spend on tightening security against whistle blowers ? No senator is going to vote for that of their own free will, just look at the slow turn of the tide of opinion amongst congressmen towards wanting to rein in the NSA. Knowing it is wrong and wanting to rein it in is their true desire from day one and is naturally showing through in time, voting to give the NSA an additional 50 Million to secure against future leaker's was blackmail.
Then there is journalists being blackmailed to maintain silence of sensitive issues that the public needs to know, political dissidents in cruel regimes being exposed and jailed or killed, there is non-violent drug users being prosecuted and jailed as a result of NSA snooping and subsequent FBI 'parallel construction' to recreate the investigation trail.
All that stuff is not conspiracy theories any more, it is known to be occurring as a matter of course on a daily basis, its info that is in the public domain now owing to the numerous and various disparate articles from both the mainstream media such as the guardian and WSJ and the independent media that is taking over, pulled together, the picture is that the articles show its all been going on for over a decade to the point where FBI sources have even been quoted normalizing it as routine.
And not surprisingly,sweet bugger all terrorists are being caught planning to commit terrorist acts other than those that the FBI has created themselves via solicitation and then entrapment.
So you see, a blanked avoidance on JS because of the NSA ability to perform MITM attacks in an automated fashion en mass is a critical and mandatory action that the entire WWW community need to adopt ASAP.
I don't see it as a choice, but a fundamental necessity to curtail the NSA's abilities.
No time to proof read this now, gotta run.
These things keep me up at
These things keep me up at night too. They're a big part of why many people work on Tor.
If turning off atlas.torproject.org would have any real impact on them, I would totally do it. But that makes no sense.
Um, I think that turning off
Um, I think that turning off atlas.torproject.org is only one action recommended as a part of a much wider plan strategy
It seems to me, and I agree with him/her on this wholeheartedly, that what they are trying to get across is that the very existence of and use of JS in web browsers is the major facilitator allowing the NSA to exploit innocent persons computers.
He/she then states "So you see, a blanked avoidance on JS because of the NSA ability to perform MITM attacks in an automated fashion en mass is a critical and mandatory action that the entire WWW community need to adopt ASAP. I don't see it as a choice, but a fundamental necessity to curtail the NSA's abilities."
I think the word 'blanket' rather than 'blanked' was intended in the quote above, but anyway, this person appears not only to be saying that atlas.torproject.org should be removed or a non JavaScript version implemented,but that JavaScript should be black banned and consciously shunned universally, by all WWW users, webmasters, and so on until it can be removed entirely as a specification from the Internet and web browsers for the express purpose of destroying a large percentage of the attack surface that the NSA uses to compromise systems.
That appears to me to be a great idea because it is one of very few actually effective measures that could be taken if we have the collective will.
In that sense, removing atlas seems like a desirable step amongst many millions of additional similar desirable steps..