Tor Browser 3.5.2 is released

by mikeperry | February 10, 2014

The 3.5.2 release of the Tor Browser Bundle is now available on the Download page. You can also download the bundles directly from the distribution directory.

This release includes important security updates to Firefox.

Please see the TBB FAQ listing for any issues you may have before contacting support or filing tickets. In particular, the TBB 3.x section lists common issues specific to the Tor Browser 3.x series.

Here is the list of changes since 3.5.1. The 3.x ChangeLog is also available.

  • Rebase Tor Browser to Firefox 24.3.0ESR
  • Bug 10419: Block content window connections to localhost
  • Update Torbutton to 1.6.6.0
    • Bug 10800: Prevent findbox exception and popup in New Identity
    • Bug 10640: Fix about:tor's update pointer position for RTL languages.
    • Bug 10095: Fix some cases where resolution is not a multiple of 200x100
    • Bug 10374: Clear site permissions on New Identity
    • Bug 9738: Fix for auto-maximizing on browser start
    • Bug 10682: Workaround to really disable updates for Torbutton
    • Bug 10419: Don't allow connections to localhost if Torbutton is toggled
    • Bug 10140: Move Japanese to extra locales (not part of TBB dist)
    • Bug 10687: Add Basque (eu) to extra locales (not part of TBB dist)
  • Update Tor Launcher to 0.2.4.4
    • Bug 10682: Workaround to really disable updates for Tor Launcher
  • Update NoScript to 2.6.8.13

Comments

Please note that the comment area below has been archived.

February 10, 2014

In reply to arma

Permalink

The problem is: I Don't speak Russian.

hUEHuHEUEHuhEUHEuh BR BR

February 11, 2014

In reply to arma

Permalink

The problem is that Tor Browser 3.5.2 was built from Firefox 24.3.0esrpre but the language packs require the release version 24.3.0.

February 10, 2014

Permalink

Hi,

thanks for TBB! Just please make sure next time the x86_64 builds for GNU/Linux are correctly "localised". I bet the previous "Anonymous" received his bundle poorly configured for his/her language, as I received mine.

February 10, 2014

Permalink

Please help me figure out which signature was used to sign this package.
I am having a little problem. I tried Erinn's and Mike Perry's but both failed. I checked to make sure that the info had not change with the details at https://www.torproject.org/docs/signing-keys.html.en and
https://www.torproject.org/docs/verifying-signatures.html.en

I didn't face this conundrum in previous packages. By the way, Erinn has several sigs and I tried all 3 blocks - still no go.

TIA
If I goofed, forgive me but this has never happened before. I even downloaded the asc and archived packaged to be sure nothing flipped.

February 10, 2014

Permalink

Please ignore my post about the signature problems. I also snagged Erinn's 2003 signature. I downloaded the package again but from another machine without using the Tor network. Sorry about the drama.

same here, any solution/reason for this?
In my case I "installed" on top of 3.5.1

Thanks for the great project!

If it's complaining about being out of date, and you installed on top of 3.5.1, I suggest making a fresh 3.5.2 install. That's certainly the safer way to do it.

February 10, 2014

Permalink

Isn't there too much trust in NoScript? Seeing how it's present in nearly every privacy configuration (TBB, Tails, etc.):

1. It became the primary, worthy target.

2. The integrity of the NoScript developer was ranked low after him reportedly giving a false statement regarding the embedded block-resistant advertisement code on his website. Who knows what else may be embedded? See the AdBlock developer blog for details.

Does anyone capable actually checks the NoScript source each time?

Would Tor Project (with any allied sponsor groups) be interested in producing their own script-control mechanism? A part of TBB, and not hosted at Mozilla?

That's a great point, and certainly the various third-party things we pull in provide both risks as well as benefits. (I think Firefox itself is the best example of this balance.)

In the case of HTTPS Everywhere, we've actually ended up co-maintaining that because it's so important.

But actually, the reason we're co-maintaining HTTPS Everywhere is because somebody on the Tor side stepped up and personally decided to do it. We're all overloaded with too many components to maintain and keep track of. So would we be interested in replacing NoScript with something else? Maybe in theory, but in practice that seems like a poor plan, since it will just leave us with yet another thing, and when something goes wrong with the thing and it needs fixing and nobody has time, then you all will quite reasonably be upset about that too.

I think we have to grow the community of people who can write good reliable security components. The solution can't be for Tor to make its own version of each thing. (And even if we did, that wouldn't accomplish what you want, because we'd have to grow the set of people that make up Tor, and just calling somebody a Tor person doesn't make them immune to, say, programming errors.)

"The integrity of the NoScript developer was ranked low after him reportedly giving a false statement regarding the embedded block-resistant advertisement code on his website."

Has this claim been addressed by anyone at Tor Project?

February 10, 2014

Permalink

Same here, with Dutch (NL) language pack. It is incompatible because Mozilla's Firefox ESR language packs require a minimum install version 24.3.0 but TBB's Firefox version is 24.3.0espre, which is considered lower than 24.3.0.

Quick fix:

Unzip the languagepack-??@firefox.mozilla.org.xpi file
Edit the file "install.rdf". Replace the line

24.3.0

with

24.3.0esrpre

Re-zip the unpacked files and rename the zip to xpi.
Copy the new xpi over the old languagepack file.

Restart TBB - it should now speak your language!

February 10, 2014

Permalink

Tails users: Caution

People should proceed with caution when using Tails 0.22.1 as it contains security holes that are only fixed in Tor Browser Bundle 3.5.2.

February 14, 2014

In reply to arma

Permalink

Yeah? Please be specific about which ones you're worried about?

You only need to compare the changelogs of TBB 3.5.2 and Tails 0.22.1 to see that the latter has unpatched security holes.

February 10, 2014

Permalink

Hi,
Any plan to release a new pluggable transport TBB? The latest 3.6-beta-1 pt bundle says: "HOWEVER, this browser is out of date". A bit confusing!

Thanks!

David, George, and others are still working on it, in (alas) their spare time.

See David's tor-qa mail recently for something he needs help with:
https://lists.torproject.org/pipermail/tor-qa/2014-February/000324.html

See also Kevin Dyer's release candidate of TBB + fteproxy:
https://lists.torproject.org/pipermail/tor-dev/2014-February/006170.html

In theory, once TBB 3.6 comes out, it will have (some of) the PT stuff in (but disabled) by default. That way we won't need to have separate downloads.

February 10, 2014

Permalink

I downloaded the new 3.5.2 version ,extracted it and installed it.
And now I cannot open it, and I get the message 'could not load XPCOM'
Is that a bug and what can I do about it, thanks.

Please provide the following information:

1. What is your operating system? Microsoft Windows XP/Vista/7/8/8.1 or....? Mac OS? Linux?

2. Did you thoroughly delete the old TBB before extracting the contents of the latest version?

February 10, 2014

Permalink

I just updated, and yet i still have the flashing yellow "need to update" on the onion.

Same here button still flashing update.
Also very hard to get the right download.
Downloading the Tor package and after un taring. It's the source code.
Not the package. So it complies OK and Tor runs but that was not what I
was trying to get.
I don't feel safe with Tor. I used to but not so much now.
At least I don't use Micro$oft.

February 10, 2014

Permalink

Maybe I'm missing something, but is there a typo in the Torbutton version?

The last two TBB versions (3.5 and 3.5.1) on the changelog mention "update Torbutton to 1.6.5.2" and "update Torbutton to 1.6.5.5" respectively. This newer TBB says "update to Torbutton 1.6.0"... erm, huh?

I haven't downloaded anything yet, but is it supposed to be 1.6.6.0 ... ??

February 11, 2014

Permalink

Please go back and look at ticket https://trac.torproject.org/projects/tor/ticket/7449 tbb-disk-leak , especially now that people are starting to watch videos using the internal browser video player.

"TorBrowser creates temp files in Linux /tmp & Windows %temp% during the file downloads dialog & when using internal browser video player"

Whenever a person downloads a file, there is a short period of time when it is stored in their %TEMP% directory for windows and /tmp for linux.

The same applies while a person watches a video such as mp4 with the native browser video player.

February 11, 2014

Permalink

keeps saying couldnt load xpcom when I installed the update, worked perfectly before, now I cant use tor at all

February 11, 2014

Permalink

I downloaded tor browser 3.5.2, extracted, installed and now nothing will start it and all I get is "couldn't load XPCOM" whatever that means.
Have no idea what to do next.

I found a temporary fix. Before I start TOR, I turn off Webroot. When TOR opens, I turn Webroot back on. It works so far, but I don't know if I am endangering my protection.

February 11, 2014

Permalink

thanks, but:

Deutsch (DE) Language Pack is inconpatible with TorBrowser 24.3.0espre.

Deutsch (DE) Language Pack 24.3.0 (disabled)

is it possible to fix it?

February 11, 2014

Permalink

Warning: Tor Browser 3.5.2

Google Safe Browsing is NOT disabled in this version! Means, Google can track you any time this version is starting!

See about:config search for Google

February 11, 2014

Permalink

Warning: Tor Browser 3.5.2

Google Safe Browsing is NOT disabled in this version! Means, Google can track you any time this version is starting!

Each Firefox browser has its own ID that Google can see!

This should NOT be in TOR!!!

See about:config search for Google

I don't know why I never noticed that even in my regular browser.

What other SafeBrowsing values should be modified? *malware.enabled ; *gethashURL ; services.sync.prefs.sync.browser.safebrowsing.enabled; and so on

if I leave the reporting URLs as-is would it still send info?

February 11, 2014

Permalink

Hi there,

I investigated a Problem with the German (DE) Language Pack of 3.5.2:

Warning in the addon-manager: Language Pack in not compatible with 24.3.0esrpre

Workaround tested: Disable compatibility-checks.

Regards

Wolfgang (wolfgang@heukeroth.de)

February 11, 2014

Permalink

3.5.2_de for Mac (OS X 10.6.8 on iMac Core i5) comes with broken localisation, menu is not in German, but in English. What's worse: Tor messes around with the proy preferences. Either it is unable to "connect" to the local server at 127.0.0.1, but shows external sites, or (if it does access local server after being told to use the system's proxy preferences) it cannot connect to external addresses.

February 11, 2014

Permalink

Linux32
==========

Bug 10095: Fix some cases where resolution is not a multiple of 200x100 :
not to adjust the window size.

Bug 10640: Fix about:tor's update pointer position for RTL languages.

Language es-ES: no translate bar menu and others.Only en.

February 11, 2014

Permalink

Wait... Why are all the files and folders in that package have the owner/group set to "ftp" in the permissions? Is someone trying to play us a dirty trick!?

I'd like to think something is wrong in the chown routines of my system, or something else... but I don't recall having changed anything lately.

The owner/group is set to ubuntu/ubuntu in the tarball -- at least, in the 64-bit linux tarball. That's because that's the user in the gitian vm that builds the tarball.

Were you looking at a different package? In any case, if you extract the package using a normal user, the files will become owned by that normal user.

February 11, 2014

Permalink

It was previously possible to make the 1Password work in TBB. It's no longer working; I'm not sure, but I suspect the fix for ticket #10419 (I left a more detailed comment there).

Just for clarity, doing this wasn't supported by the 1Password folks devs (I have no relation to them other than a happy user of their software), so not sure what (if anything) can be done here... but life without 1P in the browser is going to be a pain.

February 11, 2014

Permalink

It doesn't open on my computer when i run "Start Tor Browser.exe". It starts a process "tor.exe" and a Tor Browser process, but the Tor Browser doesn't open.

I use Windows 7 32-bit

February 11, 2014

Permalink

PedroPerez

linux32 only work window 1016x819. If you increase the size of the window size increment is blank.
Forze size in "special preferences window" the same.
Icons small or large Icons,same.

(Desktop of PC is 1440x900)

February 11, 2014

Permalink

downloaded the new 3.5.2 version on Windows 7 64bit.
get the message 'could not load XPCOM' same as person above
regards

February 11, 2014

Permalink

That Google safebrowsing thing sure is more than sketchy! Why the hell is this in the Tor Browser!?

Hey,
What Google safebrowsing thingy are you talking about?
I'm in the config console and I see "browser.safebrowsing.enabled =false", Should I'll be looking for a different parameter?

tank you

February 11, 2014

Permalink

1) why has the bundle changed to mandatory installation?
It used to require only extraction in the past.

2)what happened to the Vidalia console (that little square which gave you access to some options including seeing your IP and some of the members in the network)?

Thank you very much!

February 12, 2014

In reply to arma

Permalink

Thanks for the reply.
Regarding the installation - I supppose you have a point and if the previous constellation really created a problem for some users then I approve your change (not that you need my approval :) ), but would it be difficult to make 2 versions one with an installer and another with an extraction? The extract packages could be added in some "Other versions" section.

Also, I want to note that the download page reads "Everything you need to safely browse the Internet. This package requires no installation. Just extract it and run". That quote made me think I missed something and spend 30 min digging through the site, eventually giving up...

Anyway, thx:)

February 26, 2014

In reply to arma

Permalink

Kick Vidalia(Worldmap) out because of
this:
"We switched to an installer after watching many Windows users click "run" rather than "save as" when they first fetch it, meaning it works the first time but then they can't find it after that."

Sould like a really really....... strange programmer joke.
To use friendly words.

February 11, 2014

Permalink

3) have you thought about abandoning Firefox now that it has so brazenly removed/deeply burried the "disable JS" option, discouraging users to turn it off and creating what is quite an obvious security vulnerabilty for nor no good reason, raising strong suspicions about NSA pressure?

Thank you.

I do think Mozilla has been making some poor decisions lately on the "have a simple interface" vs "give users control" spectrum, but that doesn't at all make me jump to "NSA pressure".

There are plenty of good explanations for their poor decisions that have nothing to do with shady government agencies -- keep in mind that they're feeling a lot of pressure from Chrome.

As for abandoning Firefox... what would we move to? Chrome has an even larger list of privacy-invasive flaws that need attention.
https://www.torproject.org/docs/faq#TBBOtherBrowser

February 16, 2014

In reply to arma

Permalink

sorry friend, I do not speak English, it was just a suggestion

is open-source, based on the chromium engine, but without all the crap that we do not like

February 13, 2014

In reply to arma

Permalink

Damn you and your cold logic!
I was under the impression that Opera was open source (especially with them abandoning their old platform and moving to some kit shared with google).
Interwebz say it is not.
:(
Are there really no alternatives?

As for the pressure/machinations on Mozilla- I wish I could believe that but I haven't heard a good enough explanation yet.
What they are saying is that they want to provide with an "accident free" user experience for the laymen (http://limi.net/checkboxes-that-kill) and remove "buttons that destroy the product", but just off the top of my head I can think of 2 easy ways of achieving that without damaging the product for other users.
The most obvious thing is to move the "dangerous options" to a seperate tab in the "Advanced" section with ample warnings and queries for user consent with a big green button that says "push here in case of trouble" (reactivates all the cancelled definitions they fear about).
Let me tell you, as a reasonably tech savy but not a coding person who upon recieving a new item always tinker with every possible customize option- I had no idea of Firefoxes 'about:config' page, I thought that I explored everything availiable and if I had not used this browser before I would have not known it is even capable of turning Javascript off (actually, Firefox is where I found out about Javascript existence to begin with). But even now, with me knowing where things are and me being used to tech, I must say that the first time I opened that page I was somewhat intimidated. As for the comfort of getting there... even IE does a better job and that should say something.

So with quite a few ways to reach the goal they want, they chose the worst one, perhaps indeed I'm wrong, but it just seems peculiar ...

February 24, 2014

In reply to arma

Permalink

Any thought of working on building a Tor browser from scratch? I.e., a browser built from the beginning to be optimized for Tor?

If we had an extra 100 developers with nothing better for them to do, it would be a great idea. Alas, we both don't have the developers, and also have many pressing things that need our attention.

February 25, 2014

In reply to arma

Permalink

Thanks for replying.

So apparently as time-consuming and stressful as having to thoroughly examine and test each new release of Firefox no doubt is, building a browser from scratch would be considerably (if not vastly) more so.

The old "reinventing the wheel" thing, eh?

Problem: can't load XPCOM
Solution: If you have webroot antivirus, go to ---|--- IDENTITY PROTECTION ---|--- Application Protection ---|--- and allow gkmedias.dll in C:\users\..\tor browser\browser

February 12, 2014

Permalink

Is it normal for Tor to randomly change the IP in the same session, without me manually selecting "New Identity" after just a few minutes?

You could set "trackhostexits ." in your torrc file. Or you could crank up the value of MaxCircuitDirtiness more. Or both.

But really, you're walking into dangerous territory here in terms of implications on anonymity and whether you blend in anymore with other Tor users.

Maybe if you want a VPN you should just be using one?

February 12, 2014

In reply to arma

Permalink

I'm really new to this. Ok so if I get a VPN, can I choose for the ip address to be different everytime I access it ?

February 12, 2014

In reply to arma

Permalink

not op: I meant to ask a few updates ago, roughly speaking, about how long does it take to rotate through a different exit relay? Is it a certain amount of time or amount of data in/out?

also, this isn't restricted to TBB, but I can't find an answer anywhere on the web. I used to be able to highlight text from somewhere on a page, then drag it to the address/url bar in FF. This text would be inserted among what was already present. Now, whatever I drag just replaces the existing text.

before: [www.abcdefg.com] could be [www.abcdefg.com/123]

now it would just be [123], replacing everything.

I thought maybe it was a setting I accidentally changed in FF a number of releases ago, but I noticed it's happening in TBB too. Sorry if it's not clear, but thanks for any help.

Tor's circuit rotation has nothing to do with amount of data in/out. It has to do with how much time has passed, and also whether any stream attempts have failed from that circuit.

You might like Damian's explanation of circuit rotation at
https://stem.torproject.org/faq.html#how-do-i-request-a-new-identity-fr…

As for pasting into Firefox's address bar, that sounds to me as much like a window manager question as it does a Firefox question.

February 13, 2014

In reply to arma

Permalink

Hi,
Sorry to barge ('Not OP' #2 here) but I must ask, I thought the most known method of TOR breaching is flooding the system with controled nodes, who over time will have interactions with the end user, combining that with the "fingertips" many/most/all users leave on the net- anonymity shattered.

So isn't frequent changing of nodes at the same browsing sesion increase this risk even more?

I don't think the most known system of Tor breaching is running a bunch of attacking relays. If I had to pick the most known system, it would be "give the user a webpage that exploits their browser and thus bypasses Tor". Or if you were thinking about attacking Tor directly, I would worry more about network-level attackers that observe large parts of the Internet and thus get to see traffic to/from many Tor relays.

In any case, against the attack you describe, we try to get the right balance in both ways: change your exit relay often to prevent the exit relay from building a profile of your activities, but keep the entry relay the same over time.

https://www.torproject.org/docs/faq#EntryGuards
https://blog.torproject.org/blog/improving-tors-anonymity-changing-guar…

February 12, 2014

Permalink

I use the new version of TBB on an iMac (osx 10.9.1) it works. I can browse the net. I click on the Torbutton "Test Settings. It reports no problem.

I use the same TBB on a Macbook Air. It installs alright but cannot reach the internet. I check all the settings of the laptop (firewall, Network, WiFi etc). I cannot detect any problem. When I click on Torbutton "Test Settings" it reports "Internal Error'.

Would be grateful if anyone could assist. Thank you.

February 12, 2014

Permalink

Re safe-browsing and Google. Could the contributors who have pointed this out please advise if any of the settings in about:config need to be changed and if so, which ones, how and to what?

Thanks

February 12, 2014

Permalink

When I first downloaded the update, there were no issues. But now everytime I open tor, it keeps saying it needs to be updated. So of course, I reinstalled, and it's still saying the same thing. Is this an issue or can I ignore it ? Even though that blinking onion is irritating lol

February 12, 2014

Permalink

vidalia isn't corresponding with tor. It keeps saying that tor isn't connected. Help is greatly appreciated

Copied from link below

"When Vidalia doesn't connect automatically to a running Tor instance, you'll have to configure it. Click on Settings and find a line with the word tor. On the right side is a button Browse. Click on it and enter the correct path to your Tor executable. This is usually the subdirectory Tor of your TBB installation. Now save your settings."

From https://tor.stackexchange.com/questions/1499/arm-may-not-be-usable-for-…

February 12, 2014

Permalink

========================
TOR & GOOGLE ID in FIREFOX.
========================
Notification to the development team!!!

In the previous release of the packages, Google safebrowsing and everything from Google was fully deleted!

browser.safebrowsing is in the new 3.5.2 version enabled!!!

Remember that any Firefox version installed has a unique ID which sent to Google as soon you start Firefox which may identify the user any time, therefore - browser.safebrowsing from Google and all other Google related points in "about:config) must be deleted to protect TOR user.

February 12, 2014

Permalink

========================
TOR & GOOGLE ID in FIREFOX.
========================
Notification to the development team!!!

In the previous release of the packages, Google safebrowsing and everything from Google was fully deleted!

browser.safebrowsing is in the new 3.5.2 version enabled!!!

Remember that any Firefox version installed has a unique ID which sent to Google as soon you start Firefox which may identify the user any time, therefore - browser.safebrowsing from Google and all other Google related points in "about:config) must be deleted to protect TOR user.

February 13, 2014

Permalink

In view of concerns about Google, despite the fact that safebrowsing seems to be disabled in about:config, would it be possible to re-release the TOR browser with all links to Google disabled?

February 13, 2014

Permalink

All noscript and other plugins seem to have stopped working in the new version (en). The tor icon that lets use new identity has disappeared.

February 13, 2014

Permalink

Hello there

I don't know if this is the right place to ask for help, move this post if necessary.

I've just downloaded and installed TBB 3.5.2 and was unable to make a connection.
Previous version TBB 3.5.0 works fine.

I just copied and pasted TBB 3.5.0's bridge setting into the new TBB's torrc file, when executing the program, the status bar just freeze at 0%...

I tried to add a log option into torrc, and by checking the log files, I found the following lines:

Feb 14 00:42:44.000 [warn] We were supposed to connect to bridge '173.246.104.81:45698' using pluggable transport 'obfs3', but we can't find a pluggable transport proxy supporting 'obfs3'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.

also the following lines are observed:

Feb 14 00:42:44.000 [debug] channel_change_state(): Changing state of channel 00EA2860 (global ID 0) from "opening" to "channel error"
Feb 14 00:42:44.000 [info] circuit_handle_first_hop(): connect to firsthop failed. Closing.
Feb 14 00:42:44.000 [info] circuit_build_failed(): Our circuit died before the first hop with no connection

Feb 14 00:42:49.000 [debug] onion_extend_cpath(): Path is complete: 1 steps long
Feb 14 00:42:49.000 [debug] circuit_handle_first_hop(): Looking for firsthop '173.246.104.81:45698'
Feb 14 00:42:49.000 [info] circuit_handle_first_hop(): Next router is [scrubbed]: Not connected. Connecting.
Feb 14 00:42:49.000 [debug] channel_tls_connect(): In channel_tls_connect() for channel 00EA2860 (global id 33)
Feb 14 00:42:49.000 [warn] We were supposed to connect to bridge '173.246.104.81:45698' using pluggable transport 'obfs3', but we can't find a pluggable transport proxy supporting 'obfs3'. This can happen if you haven't provided a ClientTransportPlugin line, or if your pluggable transport proxy stopped running.
Feb 14 00:42:49.000 [debug] channel_change_state(): Changing state of channel 00EA2860 (global ID 33) from "opening" to "channel error"
Feb 14 00:42:49.000 [info] circuit_handle_first_hop(): connect to firsthop failed. Closing.
Feb 14 00:42:49.000 [info] circuit_build_failed(): Our circuit died before the first hop with no connection
Feb 14 00:42:49.000 [info] connection_ap_fail_onehop(): Closing one-hop stream to '$0000000000000000000000000000000000000000/173.246.104.81' because the OR conn just failed.
Feb 14 00:42:49.000 [debug] circuit_increment_failure_count(): n_circuit_failures now 34.

Sorry to bother you guys with exceptionally long log lines, but the log file just grows to a good size of >300KB!

I use WinXP SP3 with all necessary patches, and Kapasky AV software. The TBB 3.5.0 still works fine when I was writing this post.

Could somebody please point out where did I do wrong?

February 13, 2014

Permalink

I can't manage cookies in cookie protections and cookie management. Is it normal? TBB 3.5.2 on Windows

I don't see any cookies not only in Cookie Protections, but even in the default Firefox cookie management dialog. There are no cookies even when I stay logged in (so cookies must be). The only way to erase cookies is to use New Identity. I have this problem since TBB 3.5.1. Do all Tor users have the same problem?

February 13, 2014

Permalink

===========================
How to eradicate Google from Firefox
===========================

This tutorial will help you eradicate Google from Firefox, so that your browser does not send information about you to the Monster of Mountain View.

Step 1. Remove Google from the list of search engines.
Click the dropdown icon next to the search box in the upper right hand corner of Firefox.
Click “Manage Search Engines” (at the bottom of the list).
A dialogue box will appear. Select Google and click Remove. Then click OK.

Step 2. Turn off “safe browsing”.
Firefox has a feature called “safe browsing” which reports information about your browsing to Google. This “feature” can be turned off by going to Tools > Options, clicking the Security tab, and unchecking “Block reported attack sites” and “Block reported web forgeries.” (You can take charge of your own browsing security by installing these essential privacy add-ons for Firefox, outlined in this separate tutorial).

Step 3. Disable location-aware browsing. Another Firefox “feature” that works in conjunction with Google, this useless piece of functionality allows websites to collect detailed information about where you’re browsing from.
In the URL bar, type about:config
Click “I’ll be careful, I promise” when you get the “This might void you warranty” warning
In the Filter box, type geo.enabled
Double click on the geo.enabled preference
Location-Aware Browsing is now disabled.
Leave the about:config tab open for next steps.

Step 4. Adjust and/or disable location bar search
When you type an invalid URL into Firefox’s address bar and hit enter (or mistakenly use the location bar in place of the search box), Firefox’s default behavior is to send this information to Google as a search query, whereupon Google shows you results for the invalid URL. We can modify and also disable this behavior.
Clear the Filter Box by clicking the little X just inside the right edge of the box.

Type keyword

You’ll see two listings. The first will show a Google URL. Double click this listing.
A box will appear allowing you to edit the URL. You can paste in substitutes like:
http://bing.com/results.aspx?q= (for Bing)

Click OK to save changes.
Optionally, you can double click the second listing (keyword.enabled) to completely turn off location bar search in Firefox. Replacing the Google URL first is still a good idea!

Step 5. Change your home page.
The default homepage for Mozilla Firefox has a Google search bar in it. You can change this by dragging the icon next to any URL onto your Home button. If you don’t have a favorite website to change to, consider making Bing your homepage. It features a gorgeous picture every day.

Addtional Note: In about:config you should delete anything with the name Google on it!!

From:
http://www.leavegooglebehind.com/how-tos/how-to-eradicate-google-from-f…

(No copyright, You may copy and distribute this text anywhere!)

February 13, 2014

Permalink

===========================
How to eradicate Google from Firefox
===========================

browser.safebrowsing.enabled (search in about:config)

Firefox ships with the Google Safe Browsing extension built-in and enabled by default. Designed to prevent phishing, it compares the websites you visit to a Google-run blacklist. This means that Google is constantly able to track you. If you have installed our recommended Firefox extensions then you will gain no additional protection from Google Safe Browsing, while telling Google a great deal about your browsing history. We therefore strongly recommend that you turn it off by setting the value to false.

browser.safebrowsing.malware.enabled (search in about:config)

Safe Browsing (now renamed Phishing Protection) is basically a version of Google Safe Browsing licenced to Mozilla (but which still reports to Google). We therefore recommend that you set it to false, for the same reasons as above.

Stop disinformation !
"browser.safebrowsing.enabled" is "false"! Safebrowsing disabled for TBB by default.

And report your OS, and hash for installer file.

February 13, 2014

Permalink

Anybody ever tested if this browser ID changes with updates or is it related to system specification (partly or 100%)?
We don't need a browser ID at all!
Is it not time that the TOR users form a group to get all of this shit out of the browser that is used for TOR. (100 see more then 1 ....) If I wire-shark a standard Firefox just starting it generates tons of traffic

February 13, 2014

Permalink

************************************************************************

GOOGLE is Anywhere and Everywhere!

Google's dominance in all areas hurts many of us, Anywhere and Everywhere!

Google has a real dangerous monopoly and Google is much more dangerous than Microsoft ever was.

Google has grown dramatically and the monopoly over all the internet searches and advertising is a problem now for all.

************************************************************************

February 13, 2014

Permalink

The Update Add-ons Automatically option is checked so NoScript updated.

I agree that it's important -- alas, many things are important.

See https://trac.torproject.org/projects/tor/ticket/10902 for part of your bug. Patches happily accepted.

As for a Windows zip that has everything you need... I think the TBB people would be happy to receive a patch for the gitian build system that makes one of those also. Or heck, maybe even just a script you can run afterwards to convert the installer version to a zip version. The ideal case would be to fix the installer so when you unzip the exe, you get a functional thing. This is the sort of thing that is perfect for a volunteer to help with. Otherwise the TBB will (as they should) keep putting out things that are more on fire. Please help!

As for "what are you hiding"... First, you can check for yourself that we're not hiding anything. And second, that sort of statement makes reasonable developers prioritize other issues than yours.

February 14, 2014

Permalink

Yes folks, how truth the statement is Google is anywhere and everywhere and Google has owned the Internet. And as long people will not switch from search engine Google to Yahoo, Bing or any other, Google will be anywhere and everywhere. Google has grown too big! Absolute power corrupts absolutely

February 14, 2014

Permalink

I love the Vidalia viewing the Tor network rate, traffic, deleting the circuit ect, if I would be in Windows there is Toranger instead, what is the tool in Linux?

February 14, 2014

Permalink

Am I a victim of a man-in-the-middle attack?

Why is TBB 3.5.1and TBB 3.5.2 NoScript is configured in the manner of enabling all java scripting? Crazy! All granularity options to administer java scripting on a site are disappeared. Strange! What's about NoScript ABE ( Application Boundaries Enforcer )? NoScript ABE is like a Firewall inside the browser. It's disabled. Rational?

Some onion sites shows sporadically advertising compromising content, e.g. kid porn. No java script, ( perhaps ) no advertising content. In Germany an user, who only had/has a file with compromising content, also in form of deleted TEMPORARY files in the past, may be imprisoned. The scenario is very simply: A uses TOR. Sometimes he encounters advertising compromising content. B denounces A for whatever reason. A house search includes the confiscation of the IT hardware. Computer forensic specialist do the rest. After a trial A will be imprisoned. In Germany, this is the main road to criminalize using TOR.

Ok, an user should know what he does. But how he does what he knows? He administers the access to a site using NoScript to enabling scripting slightly - if he wants this. Using the browser in a well configured sandbox protect the system as well as possible. Therefore the main problem is not malicious code. It's compromising content. For that reason, NoScript has to be configured to disable all scripting as default. Enabling all scripting as default subtly compromises an user heavily! NoScript in TBB 3.5.1 and in TBB 3.5.2 has to be reconfigured completely in the depth to prevent compromising the system user more the system itself. That's why TBB 3.5.1 and TBB 3.5.2 are highly unrecommended for an normal user.

The signatures are useless because they are not certified. A simple md5 check sum would rather do the same job.

February 14, 2014

Permalink

Suggestion: Add the open source ad blocker AdBlock Plus (https://adblockplus.org) to TBB.
Main reasons and benefits:
1-It is already added to TAILS' IceWeasel
2-Saves TONS of bandwidth for the Tor network
3-Removes a vulnerable platform, which is the ad networks, cookies, scripts, objects, etc... which the NSA is using to track Tor users, therefore increasing Tor users' privacy and security.

These would appear to be valid, if not strong arguments for the inclusion of an Ad blocker in TBB. At the same time, there are also valid, if not strong arguments against such inclusion, which have been stated by the Tor Project.

But one thing seems certain to me: Tails and TBB should do the same thing, whatever that will be. Having Tails ship w/ AdBlock Plus, while TBB ships w/out any Ad blocker, can only harm the Tor user base by further splitting it into such easily identifiable sub-categories. The fact that this discrepancy between TBB and Tails has existed for as long as it has (since I can remember) should be disturbing to anyone concerned about Tor and the issues it addresses.

BTW, are you sure you would choose AdBlock Plus over the fork AdBlock Edge?

+1. Good points, I agree.
I would prefer AdBlock Edge to be included in TBB.
Also, it would be better if all ties to Google would be severed and all URLs in TBB code referencing Google-related sites would be removed.

Google does not like anonymity because it generates less profits.
Google is not my friend. Google Is EVIL...

But doesn't each new version of NoScript, like that of any add-on, first need to be examined and tested to ensure no conflicts w/ Tor or other potential anonymity leaks?

February 15, 2014

Permalink

Been trying to get TBB 3.5.2 to work in the past few days without luck...TBB 3.5.0 works fine though.

Every time the program starts up, it stuck at 'connecting to directory server' forever. What should I do to locate the problems?

I say again TBB 3.5.0 works fine on this computer, that ruled out any misconfiguration in hardware or network connection.

Any input will be greatly appreciated.

Tor was updated since 3.5.0, to 0.2.4.20
Maybe try to replace Tor for TBB 3.5.2 with Tor from TBB 3.5.0?
What OS? Maybe some smart AV/Firewall decide you no need internet with changed Tor?

February 15, 2014

Permalink

I extract the file through Tor, and then install; Tor works and says it is up to date until I close it, then it reverts to it's previous verison (3.5.1). Anyone else having this issue?

February 15, 2014

Permalink

After this update when i try to launch the program nothing happens! I have Xubuntu 13.10 on my machine! anyone has solutions?
thanks!

February 15, 2014

Permalink

Anyone else have this: I can start up tor, but all attempts to visit torproject.org, or check tor status instantly time out. Why is that?

February 17, 2014

Permalink

I always save bookmarks as HTML, delete the previous version of TBB before installing the latest version which I have already downloaded, and I have no problems. Just my twopennyworth, but I don't speak as a computer geek.

February 24, 2014

Permalink

**Don't know what's wrong, it ran once and never worked afterwards**

2/24/2014 16:29:09 PM.136 [NOTICE] Opening Socks listener on 127.0.0.1:9150
2/24/2014 16:29:09 PM.391 [NOTICE] Bootstrapped 5%: Connecting to directory server.
2/24/2014 17:45:47 PM.565 [WARN] Problem bootstrapping. Stuck at 5%: Connecting to directory server. (Permission denied [WSAEACCES ]; RESOURCELIMIT; count 10; recommendation warn)
2/24/2014 17:45:47 PM.565 [WARN] 1 connections have failed:
2/24/2014 17:45:47 PM.565 [WARN] 1 connections died in state connect()ing with SSL state (No SSL object)
2/24/2014 19:39:43 PM.417 [WARN] Problem bootstrapping. Stuck at 5%: Connecting to directory server. (Permission denied [WSAEACCES ]; RESOURCELIMIT; count 11; recommendation warn)
2/24/2014 19:39:43 PM.417 [WARN] 1 connections have failed:
2/24/2014 19:39:43 PM.417 [WARN] 1 connections died in state connect()ing with SSL state (No SSL object)
2/24/2014 19:39:43 PM.418 [WARN] Problem bootstrapping. Stuck at 5%: Connecting to directory server. (Permission denied [WSAEACCES ]; RESOURCELIMIT; count 12; recommendation warn)
2/24/2014 19:39:43 PM.418 [WARN] 1 connections have failed:
2/24/2014 19:39:43 PM.418 [WARN] 1 connections died in state connect()ing with SSL state (No SSL object)
2/24/2014 19:39:43 PM.419 [WARN] Problem bootstrapping. Stuck at 5%: Connecting to directory server. (Permission denied [WSAEACCES ]; RESOURCELIMIT; count 13; recommendation warn)
2/24/2014 19:39:43 PM.419 [WARN] 1 connections have failed:
2/24/2014 19:39:43 PM.419 [WARN] 1 connections died in state connect()ing with SSL state (No SSL object)
2/24/2014 19:39:43 PM.419 [WARN] Problem bootstrapping. Stuck at 5%: Connecting to directory server. (Permission denied [WSAEACCES ]; RESOURCELIMIT; count 14; recommendation warn)
2/24/2014 19:39:43 PM.420 [WARN] 1 connections have failed:
2/24/2014 19:39:43 PM.420 [WARN] 1 connections died in state connect()ing with SSL state (No SSL object)
2/24/2014 19:39:43 PM.420 [WARN] Problem bootstrapping. Stuck at 5%: Connecting to directory server. (Permission denied [WSAEACCES ]; RESOURCELIMIT; count 15; recommendation warn)
2/24/2014 19:39:43 PM.420 [WARN] 1 connections have failed:
2/24/2014 19:39:43 PM.420 [WARN] 1 connections died in state connect()ing with SSL state (No SSL object)
2/24/2014 19:39:43 PM.421 [WARN] Problem bootstrapping. Stuck at 5%: Connecting to directory server. (Permission denied [WSAEACCES ]; RESOURCELIMIT; count 16; recommendation warn)
2/24/2014 19:39:43 PM.421 [WARN] 1 connections have failed:
2/24/2014 19:39:43 PM.421 [WARN] 1 connections died in state connect()ing with SSL state (No SSL object)
2/24/2014 19:39:43 PM.422 [WARN] Problem bootstrapping. Stuck at 5%: Connecting to directory server. (Permission denied [WSAEACCES ]; RESOURCELIMIT; count 17; recommendation warn)
2/24/2014 19:39:43 PM.422 [WARN] 1 connections have failed:
2/24/2014 19:39:43 PM.422 [WARN] 1 connections died in state connect()ing with SSL state (No SSL object)
2/24/2014 19:39:43 PM.422 [WARN] Problem bootstrapping. Stuck at 5%: Connecting to directory server. (Permission denied [WSAEACCES ]; RESOURCELIMIT; count 18; recommendation warn)
2/24/2014 19:39:43 PM.423 [WARN] 1 connections have failed:
2/24/2014 19:39:43 PM.423 [WARN] 1 connections died in state connect()ing with SSL state (No SSL object)
2/24/2014 19:39:43 PM.423 [WARN] Problem bootstrapping. Stuck at 5%: Connecting to directory server. (Permission denied [WSAEACCES ]; RESOURCELIMIT; count 19; recommendation warn)
2/24/2014 19:39:43 PM.423 [WARN] 1 connections have failed:
2/24/2014 19:39:43 PM.424 [WARN] 1 connections died in state connect()ing with SSL state (No SSL object)

February 28, 2014

Permalink

Having finally changed to the new 3.5.2.1 I am encountering a number of issues with the new release that make it almost impossible for me to use:

1. Stability problems
I am getting the impression that every new release is becoming more unstable than the previous. On some java script websites crashes in a matter mouse klicks now.

2. Lost Vidalia features
Most annoying among them is the whole browser being closed every time you need "new identity" thingie. Since browser history isn't used for obvious reasons, all research will be lost, logins as well. Many sites ban Tor exit nodes so new idenitity without closed tabs is a must for continuous surfing.
Using the workaround with stand-alone vidalia now.

3. Process naming in windows
The old tor browser bundle used to be called tbb.exe + vidalia.exe in windows task manager. Now only firefox.exe is being used, making it impossible to dinstinguish from regular firefox versions. Very unfortunate choice!

1) Sounds like a Firefox issue. I haven't heard from many people with this issue. Perhaps you can describe steps to repeat?

2) I'm glad the standalone Vidalia is working for you.

3) I think this is also a choice made by the more recent Firefox. But that's a good point -- I'll mention it to the TBB developers and see what they think.

Also, I deleted your duplicate comment on the earlier blog post -- please don't spam the same thing onto multiple blog posts.

March 01, 2014

In reply to arma

Permalink

No.1 happens especially when opening multiple js-based tabs in a short time on the same website. Makes Tor browser freeze until the process is killed from the task manager. No issues in that regard with earlier versions of Tor. Got the newest js-update, but still no improvement.

Unfortunately using standalone Vidalia didn't solve my problems with the new Tor browser, probably a Firefox issue as well:

'Clearing all current history' with everything crossed from the Tools/Options menu doesn't seem to work to its full extent. When I do that and get 'new identity' from Vidalia to work around login problems, websites still recognize the login-name, although browser cache including cookies has been deleted and the ip address is new (I verified that with whatismyip). So anonymity is corrupted - very alarming!
I have never experienced such a thing before with older versions of Tor.

Also I am being refused access to AOL-webmail since switching to Tor 3.5.2.1. I already found entries online with people encountering the very same problem with the newest Tor. When switching back to an older version of Tor, everything worked fine again. So it's definitely a problem with version 3.5.2.1. :-(
I also tried AOL basic mail, which I think doesn't use js, however, I still do get the following error message: 'BLERK! ERROR 1 C0FE170E'.

Thank you for deleting my redundant blog post. I didn't receive any automated feedback on whether I had successfully posted or not, instead my entry just disappeared completely after hitting 'post comment'. So it looked as if I had to write it again.

March 01, 2014

Permalink

At about:config, why does the variable extensions.torbutton.useragent_override says it's Firefox 17 instead of 24?
The variable general_useragent.override shows it correctly.

March 02, 2014

Permalink

flash proxy Not works any more, I need old version........

bridge flashproxy 0.0.1.0:1

March 05, 2014

Permalink

you cannot deactivate cookies completely ...why is that? tor is not anonymous anymore.

March 07, 2014

Permalink

I have a problem with mozilla addon foxyproxy. Patterns don't work.

Through the usual firfefox all works, but not through the torus assembly. Setting in the expansion of the torus (in your browser assembly) does nothing. What could be wrong?