Tor Browser 4.0.4 is released
A new release for the stable Tor Browser is available from the Tor Browser Project page and also from our distribution directory.
Note: The individual bundles of the stable series are signed by one of the subkeys of the Tor Browser Developers signing key from now on, too. You can find its fingerprint on the Signing Keys page. It is:
pub 4096R/0x4E2C6E8793298290 2014-12-15
Key fingerprint = EF6E 286D DA85 EA2A 4BA7
DE68 4E2C 6E87 9329 8290
Tor Browser 4.0.4 is based on Firefox ESR 31.5.0, which features important security updates to Firefox. Additionally, it contains updates to NoScript, HTTPS-Everywhere, and OpenSSL (none of the OpenSSL advisories since OpenSSL 1.0.1i have affected Tor, but we decided to update to the latest 1.0.1 release anyway).
Here is the changelog since 4.0.3:
- All Platforms
- Update Firefox to 31.5.0esr
- Update OpenSSL to 1.0.1l
- Update NoScript to 2.6.9.15
- Update HTTPS-Everywhere to 4.0.3
- Bug 14203: Prevent meek from displaying an extra update notification
- Bug 14849: Remove new NoScript menu option to make permissions permanent
- Bug 14851: Set NoScript pref to disable permanent permissions
Comments
Please note that the comment area below has been archived.
AVG just flagged 4.0.4 as an
AVG just flagged 4.0.4 as an unknown threat, and killed the exe file. I have had no issues with TOR until the newest update. Is anyone else having that issue?
Same problem. My free Panda
Same problem. My free Panda Cloud Antivirus has detected too as virus an put it on quarantine.
Yes, the same.
Yes, the same.
yeh me 2
yeh me 2
same problem ... disabled
same problem ... disabled AVG ... installed 4.0.4 ... scanned TOR directory with MS Security Essentials ... found no issue ... reactivated AVG ... scanned TOR directory with AVG ...no issues. TOR works fine so far.
No problems on Apple Macs
No problems on Apple Macs
I have the same thing
I have the same thing
only when I attempted to
only when I attempted to connect to the tor network. :P
I also noticed when you try and set ExitNodes {AU} It no longer works. (causes tor to crash and can't open) Had to re-install tor >_> Anyone who is having that problem let me know :P
Have you found a solution
Have you found a solution for this? I used to change the ExitNodes in torrc with the previous versions, but can't find a way to access the geo blocked content with the 4.0.4 version.
Remove your antivirus easily
Remove your antivirus easily and use Qihoo 360 Total Security instead of it For free with two engines (Avira and Bitdefender)
To everyone with this issue:
To everyone with this issue: Please report it as a false-positive to your anti-virus overlords.
I stopped using AVG years
I stopped using AVG years back cause they have alot of false positives. Try other av. Norton or avast
Thank you for the update.
Thank you for the update.
Thanks for another great
Thanks for another great release! The team has been doing an excellent job of closing the gap between TBB updates and Firefox updates.
Hi, I can't find the public
Hi,
I can't find the public key corresponding to the .asc files given for the english linux64 TOR browser packages here: https://www.torproject.org/projects/torbrowser.html.en#downloads
I get the following:
$ gpg tor-browser-linux64-4.0.4_en-US.tar.xz.asc
gpg: Signature made Wed 25 Feb 2015 07:55:16 GMT using RSA key ID F65C2036
gpg: Can't check signature: public key not found
And F65C2036 also does not seem to be listed here:
https://www.torproject.org/docs/signing-keys.html.en
Key retrieval also fails:
$ gpg --keyserver keys.gnupg.net --recv F65C2036
gpg: requesting key F65C2036 from hkp server keys.gnupg.net
gpgkeys: key F65C2036 can't be retrieved
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
All my previous TOR downloads used to be signed with key RSA key ID 63FEE659 by Erinn Clark.
The is keyserver
The is keyserver x-hkp://pool.sks-keyservers.net
https://www.torproject.org/docs/verifying-signatures.html.en
For the benefit of Tor
For the benefit of Tor users, could Tor developers confirm whether pool.sks-keyservers.net is reliable, meaning, it doesn't host fake and modified keys uploaded by the NSA, GCHQ or other government surveillance agencies.
AFAIK any modification of a
AFAIK any modification of a key results in a change of its fingerprint and a key server can't change anything about it, thus presence of modified keys on the key server is irrelevant (until GPG itself is definitely broken).
look at the very bottom of
look at the very bottom of https://www.torproject.org/docs/signing-keys.html.en, sub #2:
Thanks to all who replied. I
Thanks to all who replied. I managed to get the key in the end using:
gpg --keyserver x-hkp://pool.sks-keyservers.net --recv-keys 0x4E2C6E8793298290
In case other people get this error:
gpg: requesting key 93298290 from hkp server pool.sks-keyservers.net
gpgkeys: key 4E2C6E8793298290 can't be retrieved
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
Check first that you do not have any special proxy setup like me. ;)
I could never import the key from a terminal and then tried via the KGpg GUI and it worked. It turns out I forgot to unset the http_proxy/https_proxy variables in bash after a recent setup change.
but how to sign
but how to sign
it looks like its mentioned
it looks like its mentioned at the bottom of this page: https://www.torproject.org/docs/signing-keys.html.en as a sub key of 93298290
it's a sub key of 93298290
it's a sub key of 93298290 as listed on the signing keys page
Please see
Please see https://www.torproject.org/docs/verifying-signatures.html.en
I was pleasantly surprised to see that it had been updated to reflect the key rotation that happened with 4.0.4
Quote: All my previous TOR
Quote: All my previous TOR downloads used to be signed with key RSA key ID 63FEE659 by Erinn Clark.
I'm wondering about it too.
Has Erinn Clark crossed over to the Dark Side to work for the NSA? I was told that NSA pays about US$70,000 to US$100,000 per MONTH for top talents.
Well, I am no GPG expert,
Well, I am no GPG expert, but it seems that Erinn Clark signed the new key 0x4E2C6E8793298290 with her old one 63FEE659:
$ gpg --list-sigs 0x4E2C6E8793298290
pub 4096R/93298290 2014-12-15
uid Tor Browser Developers (signing key)
sig 63FEE659 2015-01-13 Erinn Clark
sig 4B7C3223 2014-12-15 [User ID not found]
sig 3 93298290 2014-12-15 Tor Browser Developers (signing key)
sub 4096R/F65C2036 2014-12-15
sig 93298290 2014-12-15 Tor Browser Developers (signing key)
sub 4096R/D40814E0 2014-12-15
sig 93298290 2014-12-15 Tor Browser Developers (signing key)
sub 4096R/589839A3 2014-12-15
sig 93298290 2014-12-15 Tor Browser Developers (signing key)
Also, for those worried about the validity of pool.sks-keyservers.net, hkp://keys.gnupg.net also works to get the key.
But from what I know about public keyservers, that's just because they all exchange keys together. And anyone can submit keys there anyway.
I guess the best would be to meet the developers and do some keysigning...
Anyway, the new TOR browser 4.0.4 works as expected for me.
Yes! Same problem here.
Yes! Same problem here. This is just not how it's supposed to go. I also expected this to be signed by Erinn Clark with one of the following key IDs:
91FCD12F
63FEE659
I see a post here that tries to explain this:
https://blog.torproject.org/blog/tor-browser-404-released
I would like for this message/blog post to be signed by Erinn Clark's key but what I do find instead is mostly ok.
Go to the pgp.mit.edu server and enter the ID specified on that page (0x4E2C6E8793298290) You will see a key associated with Tor Browser Developers (signing key) and you will see that it is signed by 63FEE659 a.k.a. erinn@debian.org.
So I trust this new file and will use it.
Why has auto-updates been
Why has auto-updates been removed ?
It has not. The updater is
It has not. The updater is working for me.
Met too.
Met too.
good job
good job
While I was using Tor
While I was using Tor Browser 4.0.4, I visited an HTTP website.
Within a few seconds of me visiting the HTTP website, I saw words and images on the website being removed and changed. While I was on the HTTP website, I got a message saying, "Hello Tor user, Tor stinks and is not anonymous anymore".
When I left the HTTP website, everything went back to normal, and I haven't visited a website that doesn't use HTTPS/SSL since.
Was someone conducting a Man In The Middle Attack on me while I was visiting that HTTP website?
What was that site?
What was that site?
Yeah what was this site? i'd
Yeah what was this site? i'd very much like to see how the hell they did it
Notice that the attacker was
Notice that the attacker was unable to tell you your IP address.
My Mac version has modified
My Mac version has modified date of 1999 and create date of 2000 -- it's also about 24k smaller. ??? What's this about ???
See:
See: https://www.torproject.org/docs/faq.html.en#Timestamps. Not sure where the smaller size comes from exactly but that is not a sign for something being wrong per se.
Getting AVG unknown threat
Getting AVG unknown threat for versions 4.0.4 and 4.5a4
Previous versions were ok
AVG version is 2015.0.5645
Virus database version is 4299/9181
Running win 7 ultimate 64bit
Please tell AVG their are
Please tell AVG their are giving false positive, your anti-virus overlords will thank you.
Forgot to add: AVG
Forgot to add: AVG identifies the threat on install
Please tell AVG about this
Please tell AVG about this false positive. Even your anti-virus overlords make mistakes.
Auto-updates in TBB is only
Auto-updates in TBB is only update the Tor Browser not the Tor Browser Bundle, is it OK?
The Tor Browser Bundle got
The Tor Browser Bundle got renamed into Tor Browser a year or so ago; it's the same thing.
How to verify the Tor
How to verify the Tor Browser after updating from Tor Browser itself, as I am very worried about anything without verification.
That is tricky. Your best
That is tricky. Your best bet is to not use the built-in updater until the 4.5 alpha series is the new stable one. There the update files are signed by one of the Tor Browser developers and the Tor Browser is refusing any unsigned/wrongly signed updates.
Sorry I have updated TBB
Sorry I have updated TBB from 4.03 to 4.04 using built-in, why they allow us to update without secure?
We believe it is secure
We believe it is secure enough to allow updates via the in-browser updater. If you think your update files should be signed please try the current alpha series where this feature already landed.
Got really insecure when
Got really insecure when that auto-updater first
came up and told that 4.0.4 was out.
that's kinda risky since people can't check the
original keys and compare them before installation.
however, could you guys please name the releases
more specific just as in the blog? to be able to see
when it's an alpha/stable version in to see in the update
manager and not just the number of version, like this time (4.0.4).
the less information aviable, the more people will get insecure.
will there be any keys aviable in the next versions of update-manager?
The alpha has an "a" in its
The alpha has an "a" in its version scheme, like "4.5a4". So, you can differentiate between both series pretty easily. That said, yes, the current alpha is supposed to be the next stable in 6 weeks and will have the singed MAR files feature implemented.
Does that mean Tor Browser
Does that mean Tor Browser internal updater doesn't verify the new files for updating? Can I have manually verifiation?
There is no verification
There is no verification (like checking a GPG signature) in the current stable series available: We just pin the cert that governs the download of the metadata and then check whether the SHA512 sum of the downloaded MAR file matches.
Yes, you can manually verify that. Check the MAR file of your OS/locale combination in the sha256sums file you can find in https://dist.torproject.org/torbrowser/4.0.4/ according to the advanced part of our verification documentation: https://www.torproject.org/docs/verifying-signatures.html.en. Then install that MAR file manually following the Mozilla documentation: https://wiki.mozilla.org/Software_Update:Manually_Installing_a_MAR_file
No one can find 2 different
No one can find 2 different files with same SHA512 sum, so why it isn't secure enough, cert? If that should I enable update automatically in Tor browser add-ons manager?
For Windows, download and
For Windows, download and extract the Tor Browser exe file, use WinMerge to compare this folder with your older browser folder, all files should be identical with the older browser having extra files due to being used.
same here
same here
How do I force the browser
How do I force the browser to use US IP addresses only? I did it in the previous version, but now it's not working. Any help would be great! Thank you.
you have to edit the torrc
you have to edit the torrc
Having the same problem...
Having the same problem... ExitNodes {US} Doesn't work!
you cant it randomly selects
you cant it randomly selects ip addresses!!!
With all due respect, the
With all due respect, the new "Forbid making permissions permanent in NoScript" has broken the "Allow Javascript on this site!" functionality. There are some websites that people like myself would like to allow scripts for permanently because they are trusted websites.
Is there anyway to turn off this regression (in my mind)?
I have downloaded
I have downloaded tor-browser-linux64-4.0.4_en-US.tar.xz. I have also read the page on who signs what packages. There seem to be a couple of anomalies. The primary key fingerprint suggests that there is no problem. The subkey fingerprint doesn't appear to match anything on the page about who signs what. Additionally the date on which the signature was made shows as 25 Feb, not a date in January as appears in the blog. Have I misunderstood something? Is the date of creation of the signature the date on which the package was signed (in which case 25 Feb sounds right) or is it meant to be the date on which the Fingerprint was created, in which something doesn't match.
More generally, I'd appreciate knowing whether it is possible (i.e., I'm not asking whether it is the case here) that a primary key fingerprint could be non-fraudlent at the same time as a subkey fingerprint was wrong? I guess I don't understand how primary key and sub-key relate to one another.
The output from
gpg
for the verification check is ...Veryifying the file tor-browser-linux64-4.0.4_en-US.tar.xz
... using signature file tor-browser-linux64-4.0.4_en-US.tar.xz.asc
gpg: Signature made Wed 25 Feb 2015 18:55:16 AEDT
gpg: using RSA key 7017ADCEF65C2036
gpg: Good signature from "Tor Browser Developers (signing key) "
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
Subkey fingerprint: 5242 013F 02AF C851 B1C7 36B8 7017 ADCE F65C 2036
I don't really mean to be
I don't really mean to be pedantic, but being a newcomer to TOR I want to make sure that everything is as it should be.
I followed your instructions on verifying the signatures (https://www.torproject.org/docs/verifying-signatures.html.en
but got a few variations to what you say.
You say:
gpg: Signature made Tue 24 Jan 2015 09:29:09 AM CET using RSA key ID D40814E0
I got
gpg: Signature made 02/25/15 07:55:56 GMT Standard Time using RSA key ID F65C203
I understand that the date and time will be the time I make my enquiry (will they?), and I assume there is no problem here (is there?) BUT the RSA key ID is different from what you say.
Also, you say:
Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
I got
Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
Subkey fingerprint: 5242 013F 02AF C851 B1C7 36B8 7017 ADCE F65C 2036
I take it that this is OK as well and there is no problem getting a 'subkey fingerprint' as well but I would just like to make sure.
Thanks for your clarification.
Yeah I'm also having that
Yeah I'm also having that problem with exitnodes... When I edit the torrc file.
ExitNodes {AU}
It just causes tor to crash on the tor startup... Had to delete then re-install ._.
okay need help, how do i
okay need help, how do i sign keys in this tor browser version!!!
I log-in my google plus page
I log-in my google plus page normally by using Tor Browser. However,I cannot use hangouts in google plus ,it says "please sign in to chat with your friends",and I tried so many times to sign in, but still failed yet. Why?
Primary key fingerprint:
Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
Yup fine
but...
Subkey fingerprint: 5242 013F 02AF C851 B1C7 36B8 7017 ADCE F65C 2036
Is this the correct subkey fingerprint? Why not just also list the subkeys here and make it simple?
Verifying the top-level key
Verifying the top-level key automatically verifies the subkeys because the sub-key IDs are in the top-level key. It's way easier to verify 1 key regardless of OS is way simpler than people trying to find the correct one.
The problem is, that on the
The problem is, that on the blog was mentioned one particular subkey that wasn't actually used. The release is signed with other (AFAIK) valid, but nowhere published subkey - that's confusing for users - for example using Kleopatra graphical interface for verification gives a result like the subkey was entirely invalid (because the main key doesn't contain it). The used subkey should be at least uploaded to a key server.
WARNING
WARNING !!!!!!!!!!!!
Possible backdor in Windows 10. After installing Tor, I recognise severeal unauthorised comunications of windows application via unknow servers. One came from Windows email client, and another one was comming from some windows update application. Anti-Virus software recognised also one trojan and one virus app which were installed when I was not in front of PC.
Before Tor installing everything was perfectly fine. I don't download any files after tor instalation and I use tor only in couple of standard sites.
I'm not expert but I suspect that Tor activity is strictly monitored and agencies have backdors is MS systems...
Sorry for my English...
Go to
Go to https://tails.boum.org/ and download and use Tails. Tails is based on Debian, a Linux distribution. You won't have to worry about backdoors in MS systems 'cause Tails does not use Microsoft.
WARNING
WARNING !!!!!!!!!!!!
Possible bullshit alert!
Why are posts like this
Why are posts like this allowed here?
Yes it seems be simple to
Yes it seems be simple to automate, just look for "Why ... posts ... allowed" and drop it.
because censoring the tor
because censoring the tor project blog would be the most ridiculously hypocritical thing i could think of. Also, shockingly, a lot of vulnerabilities are found by end users, if this turned out to be right you wouldn't be so judgmental
No, that 4chan style
No, that 4chan style trolling can't be right.
Try to not use Windows
Try to not use Windows directly connected to the Internet. It is a private closed source commercial OS controlled by company close to infamous agencies. In extremal situation it is better to install VirtualBox and use Tails.
I have problem: Error:
I have problem:
Error: platform version 31.5.0 is not compatible with
minVersion >=31.4.0
maxVersion<=31.4.0
What does it mean and how can i fix it?
Interesting. Could you give
Interesting. Could you give us some details hoe you get to this error? Like th operating system you are using which previous Tor Browser version etc. in order to get that reproduced?
Well, for some reason you can't use the built-in updater to get an up-to-date Tor Browser. It seems you have to get a new one via https://www.torproject.org/download/download-easy.html.en
Online Armor 7.0.0.1866
Online Armor 7.0.0.1866 flagged this version as a keylogger.
thank you all <3
thank you all <3
hi is chat step safe with
hi is chat step safe with tor?i tried chat step with tor but i cannot join or create a room bcz the buttons are unresponsive.
also i get a untrustworthy site message .
So guys what's up with
So guys what's up with Pwn2Own?
I had a few problems on the
I had a few problems on the alpha releases, not the last one though.
there was several sites that i couldn't visit, videos was blocked on
every site. and videos on youtube for example was slow as hell,
stoped and started every 3 second, damn annoying.
however are now able to visit these sites again, are also able to
watch videos on other sites. if there is anything to point finger at
it is the loading of videos, doesn't matter if you wait or not since
the videos doesn't seem to load at all, they are stuck at the same
time lap as when you paused the video, so when you start running
it again it continue to stop, load, stop, load. this is not the case
everytime. if you find a good connection that allows videos to play
like the should, it's ok for a while, but after some time the connection
is interrupting it again.
so my only problem now seem to be videos. but that seem to be
the only case, everything else seem to work proparly and good.
so thank you guys for a great job!
keep it up!
Instead of this mess about
Instead of this mess about verifying keys (how many people around the world can meet physically the Tor staff members ?)
WHY don't you simply give us a MD5 hash from each original file (not possibly modified by bad guys) ????
So it would be easy to know if we have DL the original file or not...
Using MD5 is not a good
Using MD5 is not a good idea, it is broken. How should the files not be possibly modified by bad guys if you are downloading them?
Even assuming that you can
Even assuming that you can get a MD5 hash you're sure of, there is still the issue of collisions.
I believe the question was
I believe the question was not about concrete hash algorithm but in principal. Nobody will cry if you publish say sha512 hashes.
When collecting information
When collecting information on Tor Browser usage, how do you determine if a standalone Tor Browser is used or a Tor Browser included with Tails is used?
The key for Tor Browser
The key for Tor Browser Developers (signing key) could use some more signatures from Tor project people. That way, those of us who have met in person and confirmed keys can have slightly enhanced assurance levels, intead of entirely chaining through their signatures on Erinn's key.
Off Topic re Facebook's
Off Topic re Facebook's onion access 'portal'. Why is it that if you set up a profile through this portal and enter NO identifying information especially geo-location Facebook will ask you for the 'city in which you live'; one of these options WILL be your city and the other two two will be in close proximity (to where the first 'hop' on your ISP routing resides). Are Facebook using JavaScript or some other technique to uncover IP addresses. Have a creepy feeling that this Facebook onion portal is not as 'anonymous' as we are led to believe.
Incidentally, the Facebook
Incidentally, the Facebook onion 'portal' is complete and utter crap; it does nothing but constantly re-load the page; ah well, back to non-Tor access to Facebook... ;)
My 'anonymous' onion
My 'anonymous' onion Facebook is now asking where I work; one of the option is a specific place just a few hundred metres away. How does Facebook manage this tracking stuff? Anyone know?
So it verified that this new
So it verified that this new version of TOR has been hacked and hijacked by big brother. I'm switching over to Freenet and I2p.
Last best version of Tor was 4.0.3.
Similar to what happened with Truecrypt 7.1a
Sad.
How did you verify that?
How did you verify that? Care to share details?
Why would I be seeing [
Why would I be seeing [ .../dev/?_escaped_fragment_=... ] on some http and onion sites? Could it be something I changed in NoScript? I'm not a developer and from my extremely limited understanding it has something to do with crawling.
I've been having an issue
I've been having an issue with 4.0.3, and now it's continued with the new release as well; It's not an issue with the build, but trouble I'm experiencing on my end.
Everything runs as expected the 1st time during installation; However when I close TBB and attempt to re-start it later, I'm unable to connect and receive an (win64) error message that includes:
Problem Event Name: APPCRASH
Fault Module Name: d2d1.dll
This started after I was having memory (leak?) issues and I tried to see if it could be resolved in about:memory, but I ended up screwing something up which started the issue with 'd2d1.dll'. I'm not sure why it would affect that specific .dll in the system folder, but I'm an idiot so I donno.
If d2d1.dll is corrupted, could I replace it and expect everything to work fine again?
And if so, could you recommend a reputable resource, as I never made a back-up disc or set a restore point.
Any help would be greatly appreciated...
So, this happens with a
So, this happens with a clean, new Tor Browser? Are "gfx.direct2d.disabled" and "layers.acceleration.disabled" set to "true"? (You can see this in the about:config)
I'm so sorry for not
I'm so sorry for not responding sooner, gk. I swear I checked every few minutes for days but didn't see my comment posted and grew increasingly frustrated since I had to repeatedly re-install Tor Browser. I gave up hope and have been begrudgingly re-installing TBB every other day :) .
I was searching the tubes through ddg and was surprised to find someone had the same problem. After clicking the link I wound up right back where I started a month ago. lol. I just saw your comment so I'm going to take your advice and report back.
Thanks again. Fingers Crossed!
Thank You Jeebus!!! gk, You
Thank You Jeebus!!!
gk, You are the Best! It worked perfectly!
"gfx.direct2d.disabled" and "Layers.acceleration.disabled" were both set to "false." They were in bold in about:config, so I don't know how or when the change occurred, but yeah these were after clean installs. after installing, everything worked as expected when prompted to 'run tor browser', but after closing and re-starting Tor Browser, tor.exe wouldn't connect.
I'm curious as to what could have caused the modification to these specific application settings, since it's nearly identical to my firefox configuration?
anyway,
I just wanted to thank you again, gk. I feel guilty about bugging you guys with something every release, but you and arma always help out with any issues I have.
Thank You!!!
I have an impossible to
I have an impossible to update for "unknown reason". Where can I check for a log file to understand what went wrong? Thanks.
In about:config set
In about:config set "app.update.log" to "true" and you should see the log in the browser console (Ctrl + Shift + J).
Thank You! I solved the
Thank You! I solved the problem by restarting Win. Simply quitting and restarting Tor didn't work; restarting Win worked and Tor automatically updated at first launch.
Is it possible to connect to
Is it possible to connect to my private web server https://nnn..nn.onion:mm/ which have certificate (v1) issued by my family's private ca?
First try was unsuccessful as tor browser refuses to accept ca certificate(v1). Any hope to return this beast to my control?
If we decided to use Bitcoin
If we decided to use Bitcoin through tor, which one is safer (provided we use TAILS): blockchain or electrum?
Electrum is not optimal because you could be connecting to the tor network through a malicious exit node. You can use an .onion electrum server in order to prevent this from happening but most of these do not work and it is not clear whether if you find one that works it could be malicious itself. Bear in mind that, unless you use the -1 option through the command line interface, it will connect to other clearnet servers other than the specified .onion address and it is very difficult to be able to connect through any onion server when you use this -1 option. Moreover, with its default configuration, electrum not only connects to clearnet servers but it may also connect to servers that do not use SSL/TLS. In short, the main drawback is that electrum might be vulnerable to the kind of attack described in Ivan Pustogarov's paper.
Blockchain.info should be safer in this regard if you use the https://blockchainbdgpzk.onion address. However, you need to allow javascript or you won't be able to create a wallet. Does allowing javascript pose a deanonymization risk even if you use the tor browser within TAIL's safe context?
WTF torproject! No Vidalia?
WTF torproject! No Vidalia? WTF!
Adoro usar o tor.
Adoro usar o tor.
previous versions of TOR ran
previous versions of TOR ran fine. Updated to 4.0.4 and I get the 'Couldn't load XPCOM' message and nothing starts!
same thing happened here.
same thing happened here. you have to delete it and install it again. there is nothing else you could do. make sure to follow this websites instructions, because if you use apt get, it may look like tor and act like tor,but it might just not be tor at all.
i would love to volunteer here, but i can't find the time! i wanna fix you so badly! hahaha you guys could simplify your explanations on how to get things done here... i mean, we have to spend sooooo much time searching around for information on why does a website keep blocking me even after i have set the bridges and what other steps i ought to take to make sure i am not being tracked... you wrote something, but to a beginner it means nothing. who's with me? :p
Is Torproject Blog going to
Is Torproject Blog going to discuss the U.S. "net- neutrality" fiasco?
There are no plans for that
There are no plans for that yet, as far as I can tell.
Does also someone else note
Does also someone else note massively connection problems with this version of TOR the last few days? Often, files of a website (images, js, css or html) seems not to be loaded and the page must be refreshed several times until it is correctly rendered. And it seems not to be a problem of one ore two bad exit nodes. Problem with my ISP, the TOR network or the TB bundle? Could this be a new kind of statistical attack?
Is there a doc somewhere on
Is there a doc somewhere on how to set up a local network TOR proxy you can point 1 or more local network TBB 4.0.x clients at?
I'm basically looking to have a Linux box on the local network that will always be the entry guard (1st hop) for all local network hosts running TBB 4.0.x, and it will also be a public relay so our local network's client traffic gets mixed in with public traffic being relayed through our proxy.
I had more or less followed this document in the past with the 2.5.x series of TBB on the clients and a Fedora linux box running polipo and tor (0.2.3.25) as a relay.
https://trac.torproject.org/projects/tor/wiki/doc/CentralizedTorServer
but things started breaking with newer versions of TBB coming out -- it got to where the clients could never complete the setup -- such as not being able to pull a directory or just never getting a circuit going.
Or, if anybody knows of anything offhand that I should just do differently while otherwise following the doc referenced above please let me know.
It's entirely possible that I'm overcomplicating the setup on the client side. Or maybe the tor version I was running on the Linux tor/polipo proxy box was not compatible with the newer proxy modules etc. of newer TBB releases?
I could probably figure it out if I had a good overall illustration of how the clients and local proxy config should work together with newer versions. Just can't find anything like that.
Thanks in advance. I'm not asking anyone to do all the work for me, just a nudge in the right direction or reference to some more current docs. Every time I look for docs along these lines I find the same old docs I followed in the past that no longer work, or older docs that didn't work for me the first time either (they were obsolete).
I am noticing that a lot of
I am noticing that a lot of images on Tumblr are refusing to load for the last few weeks. They are transitioning to Edgecastcdn.net for some of their images, and those are the ones that are blocked. Typical response from edgecastcdn is "Server Denied". Not sure if that is 4.0.4 specific or if it affects entire Tor network. Other browsers using static IP work fine on same images.
its been mor then a year
its been mor then a year that i havent used tor and non of mthe old sites i knew doesn't work can anybody help me with that?