Tor Browser 5.5.5 is released
Tor Browser 5.5.5 is now available from the Tor Browser Project page and also from our distribution directory.
This release features important security updates to Firefox.
This release updates Firefox to 38.8.0esr. Additionally, we bump NoScript to version 2.9.0.11 and HTTPS-Everywhere to 5.1.6.
Moreover, we don't advertise our help desk anymore as we are currently restructuring our user support.
Here is the full changelog since 5.5.4:
Tor Browser 5.5.5 -- April 26 2016
Comments
Please note that the comment area below has been archived.
Is there a reason why
Is there a reason why customers cannot shop online at Wal-mart through Tor? If it's a tech issue, please repair.
It is not a tech issue
It is not a tech issue Wal-mart and other online shopping companies are intentional blocking Tor and other anonymity services to prevent criminals from using stolen credit cards anonymously.
It is time to couple all
It is time to couple all exit nodes through a VPN.
How to?
Thx,
Richard
I understand that they are
I understand that they are preventing anonymous use of credit cards,
but I think the OP meant "shopping" as just window shopping without being tracked.
obviously when it comes to using your credit card. that page should be deanonymized,
They don't want their
They don't want their competitors using the site at all.
This is correct, you can ask
This is correct, you can ask anyone who has worked in retail.
Looks like you can add
Looks like you can add walmart.com to the ListOfServicesBlockingTor wiki page.
Based on the block page, it looks like they are using Akamai to block Tor users.
YES dcf Once in a blue moon,
YES dcf
Once in a blue moon, you can get to Walmart by using "New tor cicuit for this site" but very rarely.
where do we submit all the URLs?
You can add them to the wiki
You can add them to the wiki page yourself.
First, click https://trac.torproject.org/projects/tor/register to create a wiki username/password, or use the anonymous credentials cypherpunks/writecode. Then go to https://trac.torproject.org/projects/tor/wiki/org/doc/ListOfServicesBlo… and click the Edit button at the bottom of the page.
thanks Pal, worked great,
thanks Pal,
worked great, added to the list
They block Tor's nodes.
They block Tor's nodes.
Use CNET to download older
Use CNET to download older version of Tor, then update.
https://www.walmart.com.br/
https://www.walmart.com.br/ Is not locked.
LOL You are right but your
LOL You are right but your prices are jacked up 10x
who in the world would pay $500 for a toaster :)
I cannot believe people
I cannot believe people steal credit cards and then proceed to shop at Walmart with them. Good luck low life!
walmart.com.br no blocked.
walmart.com.br no blocked.
When are you moving to 45
When are you moving to 45 esr?
https://trac.torproject.org/p
https://trac.torproject.org/projects/tor/ticket/15197
The release on 2016-06-07
The release on 2016-06-07 will be based on Firefox 45.2esr.
There are also plans to make a release based on 45.1esr at the end of May.
Good browser no changes
Good browser no changes
Thanks for the update guys /
Thanks for the update guys / girls!
Keep it rocking :)
Thanks
Thanks
yyyeeeehhhh!!!!!!!!!!)))))))
yyyeeeehhhh!!!!!!!!!!)))))))
Thanks to ALL you.. on
Thanks to ALL you.. on behalf of TorBrowserestrs :)
Next is not a bug.. but a suggestion,
if possible to include an On/Off Icon (to be per-configured) [for privacy and security settings]
so, instead of:
1-Clicking pull-down-menu of the green Tor icon, Then
2-Selecting privacy and security settings, Then
3-Selcting (temporarily) LOW sec-Level, Then
4-pressing OK..
That's in order (for example) to watch a quick video clip ..
and will go after all above 1-2-3-4 steps AGAIN to "undo" the LOW to be Mid-LOW .. and back&forth again&again for similar instances ..
That's why thought of above suggestion for a near-by icon to the green one.. (side-by-side)
ON- (Green color led) means:
privacy and security set to (ANY level above LOW)
Or set according to what has been chosen under (Tor green icon)
OFF- (Red color led) means:
privacy and security set to (LOW level)
While per-configuration may include some of the following:
Auto-Off: to select how many minutes to AUTO turn the icon to OFF (Green)
for myself i'd mostly chose 3 minutes,
when i forget to click! it will Auto-Off by itself
:)
Hope u all like my contribution,
Thanks Again, Bye for Now..
forgot to mention that the
forgot to mention that the suggested NEW side-by-side icon is a click-able one..
click once- goes Red to view videos
click again- goes Green..
or leave it to auto-off
(according to what time was set in per-configuration)
..
thanks..
This is not a good request.
This is not a good request. It will only add to the confusion. If people can't read and understand what it says, then that's their issue.
Sorry to say that the
Sorry to say that the "confusion-in-Whole" is that i can't understand any part of your kind comment :)
RGDS: idea-Maker..
yes! it is! nice trip
yes! it is!
nice trip
Thanks anyway buddy, if you
Thanks anyway buddy,
if you mean 1-2-3-4 "trip"! will, that's quite long, need to find a motel in the middle, to get rest for 2 days :)
but if you mean to say the miss-spilled (TiP) .. I'd then second thanking you again..
if Tor..Divz, would make the TiP,
i'll then move the 'Great'Green (Tor enabled) icon under the so-called "hamburger Menu" .. and will keep instead of it the On-Off (Red-Green) icon.. so that the privacy will turn (or Auto-Turn) to my own-default & will NEVER be FORGOTTEN after watching any video clip :)
Best RGDS: idea-Maker
First of all, even at the
First of all, even at the low setting you're still sending your traffic through tor, and Tor Browser still has some additional safety features over vanilla Firefox. Making it seem like you're turning something off as opposed to down will just increase the confusion.
In addition to all of that, I don't think that's a good way to browse the web. While I agree that the security slider could use some changes, I don't believe your suggestion which implies that the amount of time you have security set to low makes a difference. What matters is the sites you visit while the security slider is set to low. It only takes one visit to launch a browser javascript exploit.
Besides, you can still technically play video with the slider set to high. It's click to play and certain sites don't work (i.e. Youtube,) but video can still play. The sites in question do not play video without javascript enabled, so this is a wider issue than Tor Browser and should also be addressed with the sites in question.
Also, concerning Youtube in particular: Youtube is owned by Google and thus actually one of the more dangerous sites to set to Low in terms of privacy. Downloading the video (if possible) and playing it through a local video player might be a better option than viewing it on Youtube itself.
I'm not sure why you think
I'm not sure why you think this is a bad way to use the Tor Browser.
Sure, it takes just one visit to launch an exploit. But if on 95% of the sites that I visit, I can do without javascript and on 5% I can't, am I not safer lowering the security slider only when visiting those 5%?
I also think it would be great to convince popular sites (like Youtube) not to require the use of javascript. But we live in the real world and simply pointing the finger realistically doesn't help anyone much.
I'm also unsure whether downloading a youtube video through some dedicated, torified application would be more secure, since it's obviously detectable and you're distinguishing yourself from the crowd. (Same problems over and over again)
Actually, in order to watch
Actually, in order to watch youtube you don't have to disable all protections, you only need to do 3 things when the security slider is set to max:
1. Enable audio/video in noscript.
2. Enable svg.in-content in about:config.
3. Add youtube.com and ytimg.com to the whitelist in noscript
This way, you only expose yourself to javascript and svg security risks in youtube.com and ytimg.com which are operated by google and you stay protected from all other known browser attack vectors. Obviously, from a privacy angle this settings could make your browser fingerprint unique in the eyes of google should they bother to fully collect and analyze every ancillary aspect of your browsing behaviour.
You could claim however that if you only use low security settings after taking a new identity and then browsing only youtube.com and after you finish you set the security slider back to max and starting a new session, then perhaps the slightly larger attack surface you give google is not worth the privacy sacrifice you make by choosing a rare browser fingerprint. But that depents perhaps on your threat model. For example, to the best of my knowledge google has never used it's servers to actively attack users in any circumstances, though it is possible of course that it was done against terrorists with a NSL. On the other hand google is widely known of passively collecting huge amounts of information about its' user base from commercial reasons.
So the conclusion is that perhaps unless you are a very high target, then you should be more afraid of google passively collecting information than of it actually trying to hack into your device. And in that case, your method of watching youtube might be better than mine, as long as you make sure you never visit any other non google site when you're in low security settings.
Thank you for elaborating on
Thank you for elaborating on the matter. I think I agree with everything you said.
I'm glad you brought up the
I'm glad you brought up the browser fingerprint. I've had concern about that since reading an article proving users can usually be completely uniquely identified with only a browser fingerprint. I had no idea I was broadcasting so much detailed information. I'm wondering why no one has built a spoof for this that would truncate the point point point release versions of add-ons, etc,, substitute a standard list of fonts, etc. Do you know anything about this? I'm not technically savvy enough about browsers to know at what level this information is being snatched and sent and if that could be hijacked for us.
Autoupdate hosed my
Autoupdate hosed my installation this time. Cannot start browser; instead I get a "Can't load FXCOM" dialog, that does nothing but close.
I had it wrong, my previous
I had it wrong, my previous comment. Errmsg is
“Couldn't load XPCOM”
I have the same issue, can
I have the same issue, can not launch Tor at all now, what to do!!! help!!
Perhaps your antivirus
Perhaps your antivirus quarantined a component. In a previous release Panda Antivirus did that to me, thinking some part of Tor was bad news. A false positive. I have now set Panda to ask me whether to do this or not so I have a chance to exclude things that are not a threat that it makes a mistake with, such as Tor.
Same error have not seen a
Same error have not seen a solution posted yet
A search of this problem
A search of this problem suggested that those using "WebRoot" software need to allow certain .dll files through the identity protection filter. In my case, after updating Tor and Firefox, i allowed the file "nss3.dll" and Tor browser ran as normal. Hope this helps!
I have webroot and having
I have webroot and having same problem how do I allow the files or know wich files I need to allow?
When are you going to move
When are you going to move to 45 esr?
This is probably the last
This is probably the last ESR38 based one. The alpha we are about to release is already ESR45 based.
<3
<3
tor seems sort of faster
tor seems sort of faster past this update. don't see why that would be, but I'm pleased either way.
Sometimes, you just gotta go
Sometimes, you just gotta go with the flow. ( ͡° ͜ʖ ͡°)
this update was well managed
this update was well managed and bring us a better protection : thx.
Hardened update release?
Hardened update release?
Is in the works. We'll
Is in the works. We'll release it today or tomorrow together with the alpha. We had to rebuild both in a last minute fashion due to a severe bug we found while testing (https://bugs.torproject.org/18900)
Great, thanks for the update.
Great, thanks for the update.
Hi Tor crew I know this
Hi Tor crew I know this isn't the best place but:
programs like f.lux and twilight which filter blue light from the screen
after sunset to preserve melatonin production in the brain: Such programs ask and rely upon ones location to finetune the sunrise/sunset times
If one is using Tor at the time the program seeks/sets/relates to/ ones location information, this could leak? As both Tor, and the program, are communicating data related to 'what is appearing on the screen right now''
Run linux and install
Run linux and install redshift, run "redshift -L longitude:langitude -t 6500:1000" in a terminal. Program is open source so probably no leaks.
Hacking Team CEO claims they
Hacking Team CEO claims they can now break Tor:
No longer will his clients have to bait a Tor user in order to circumvent the anonymity software — as Morocco did with the Scandal file it sent to Mamfakinch. Now, Vincenzetti boasts, his software can “break” Tor. “I can put a box in this room which will decode all your encrypted traffic on the fly,” he tells me. “Logins, passwords, locations, real user name, real site names…. It’s black magic.”
This kind of decryption would not only transform law enforcement, but also threaten to destroy the protection that private citizens, namely political dissidents, have come to expect online. Jeff Moss, a security analyst and founder of the Def Con hacker conference, is dubious of Vincenzetti’s claim — but if true, he says, it would be “a severity 10” bug that the Tor community would have to race to fix.
Quoted from https://foreignpolicy.com/2016/04/26/fear-this-man-cyber-warfare-hackin…
sounds like nonsense at
sounds like nonsense at best, or at worst an endpoint compromise, but i'd be curious if devs have any comments.
We should keep watching news
We should keep watching news stories because even 99% of information is nonsense, the remaining 1% matters.
“I can put a box in this
“I can put a box in this room which will decode all your encrypted traffic on the fly,” he tells me. “Logins, passwords, locations, real user name, real site names…. It’s black magic.”
Says the CEO who 'got-his-ass-hacked' - PWNED big time - because he couldn't secure his own networks:
"The hack itself was executed using a common weakness: first, an embedded device within the network was found with a known zero-day weakness. From there, the hacker was able to get into an unencrypted backup and find the passwords for a Domain Admin server, which basically gave him the keys to the kingdom."
Note sysadmins at Hacking Team were using passwords like (not kidding): "P4ssword", so let's take dirtbag's word with a grain of salt.
See http://pastebin.com/raw/0SNSvyjJ
Chaining Tor with VPNs, bridges and solid O/S arrangements like Qubes Whonix will give anybody far greater security, since one can isolate browsing sessions to VMs and d*ickfaces like Vincezetti can possibly discover your 'real IP address' correlates to an OpenVPN entry point, at best. Further, run of the mill attackers will have some job breaking out of unpriveleged AppVM domains in Qubes with read-only access to the filesystem template on which it is based, and nothing else.
The main point of that blog entry you referred to is that you shouldn't open random attachments - a classic way to get infected.
Tor's primary weakness probably remains the end-end correlation that suggests you may be Tor user X. If your stuff is that critical e.g. political dissident, use TAILS instead from USB on random computers that can't point to a home address i.e. so they can't just sit at the suspected area of the network they think you are using and do the math looking at in-out flows.
Just be aware that every USB
Just be aware that every USB memory or flash card has a unique hardware ID, don't ever use the same USB in your own machine for every day use as Windows, at least since XP, stores all ID's at least in the registry and may be sent as some "usefull telemetry" data back to the HQ.
Without verification, it
Without verification, it will remain a claim. However, if this is true, would using a VPN service prevent this? Or would it also be decrypted on the fly?
@ Tor people: a million
@ Tor people: a million thanks for all your work, please keep it up, and please take care!
About Hacking Team: however you assess the level of threat HT poses to human rights activists who use Tor, one thing is certain: David Vincenzetti is gunning for Tor.
On the bright side, to repeat a rare and welcome bit of good news: the Italian government, goaded by the UN and EU human rights people, recently cracked down on HT, and even revoked many of the company's most lucrative export licenses. And as the FP article noted, several key employees quit in disgust upon discovering (thanks to Citizen Labs and other sources) how evil is Hacking Team's clientèle. Also, as the FP article noted, a deal with the Saudi government to buy HT fell through. So HT is quite possibly in serious financial straits. That would be beneficial for the world.
> “I can put a box in this room which will decode all your encrypted traffic on the fly,” he tells me. “Logins, passwords, locations, real user name, real site names…. It’s black magic.”
I agree with those who express skepticism of this evil-spyware marketing claim from an extremely disreputable company, but we should be careful not to underestimate our enemies. Divincenzetti has always been very dangerous to free people everywhere, and the highly successful intrusion by Phineas Phisher has only made him angry. Unfortunately, I do not find it so implausible that HT has acquired new and nastier government clients attracted by the evil reputation of this company. So TP should remain vigilant, as I am sure you would regardless of comments posted in this blog.
The Foreign Policy article is excellent, and anyone interested in learning more about who uses Tor and what kind of organizations want to spy on people who use Tor should read it.
Awesome. We love you Tor .
Awesome. We love you Tor .
boring
boring
Thank you very much! Best
Thank you very much! Best browser!
By hitting download on the
By hitting download on the tor browser project page there is this warning: Fehler: Gesicherte Verbindung fehlgeschlagen SSL_ERROR_BAD_MAC_READ This is on Firefox 46
almost impossible to log on
almost impossible to log on to chatstep.com some times takes 2 hours
any way around it?
any way around it?
The best
The best
GOOD
GOOD
Good job . thanks we can't
Good job . thanks
we can't receive Tor bridges in iran . this message is received please check it :
This is the mail system at host polyanthum.torproject.org.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
I don't know a good answer
I don't know a good answer for your question but hope someone else can help.
I believe that Tor Project is currently reorganizing its "help desk" to assist people who need help obtaining bridges or who are having other problems using Tor.
Tor Project has less than ten employees, I believe, so they are all very overworked, but the help desk functions are mostly done by a world-wide network of volunteers.
VERRY GOOD
VERRY GOOD
ok mais je suis novice
ok mais je suis novice
Very nice service !
Very nice service !
i love tor
i love tor
Is there an update for the
Is there an update for the iPhone, if so, download URL please. Thanks for the work and team work involved in bringing us back to reality!
I can't see you tube
I can't see you tube
Read above comment that
Read above comment that starts with:
"On April 26th, 2016 Anonymous said: Thanks to ALL you.."
You'll then -may- find a solution by yourself ;)
ps. for a quick-find.. it's 1 of the longest comment written :)
You could download the
You could download the videos with some of the add-ons, and it's possible to start looking at a video already when downloading, so you can stop/pause downloading to see if you like the video imediately, and then continue download the whole video.
Also, it is possible to use VLC player to stream youtube videos through tor browser bu setting the network proxy configuration to use the TBB 9150/1 ports, the only limit is that VLC can only play max 720p videos, but on the other hand VLC is extremely light on the CPU resources in comparison to HTML5 videos and Flash. I for one am not so sure I wouldn't even like to watch Youtube videos with the TBB, the reason is that the new browsers MSE/EME and DRM capability may reveal hardware ID's of your computer, it's a bombshell.
thanks for the great work,
thanks for the great work, and for endeavoring to keep pace with mozilla release cycles
Sorry, 1/2 off-topic but i
Sorry, 1/2 off-topic but i have/there is a little really big problem:
If anybody is using TAILS without USB, he,she has a
non-persistent, non-editable state file! And the Tails team say it's not urgent:
https://labs.riseup.net/code/projects/tails/roadmap
https://labs.riseup.net/code/versions/272
"Due in about 20 months (12/31/2017)
Roadmap for 2017"
Persistence preset: Tor state
https://labs.riseup.net/code/issues/5462
At the and of 2017 .........speechless and helpless.
An essential security mechanism of Tor is unimportant? Why?
Tor Browser 5.5.5 have
Tor Browser 5.5.5 have malware? My 360 TS antivirus said that there is malware and I cannot install new version.
Pls check.
Thanks and best regards
Either your lying, your
Either your lying, your antivirus downloaded a false-flag signature,or your tor bundle was switched with a malicious one. I think you may have been compromised.
Some antivirus think that a
Some antivirus think that a file that has not yet been seen by many users is suspicious and will display a warning.
If you want to make sure that you downloaded the real Tor Browser 5.5.5, you can check the gpg signature:
https://www.torproject.org/docs/verifying-signatures.html.en
Thanks so so much best
Thanks so so much best Browser
2nd paragraph:
2nd paragraph: s/import/important/ ;)
Ooops, thanks. Fixed.
Ooops, thanks. Fixed.
Cloudflare problems? After
Cloudflare problems?
After updating I can no longer access websites protected by cloudflare: usually I only needed to solve a couple of captcha puzzle sets, but now I keep getting more and more of them, even after correctly solving all of them, I keep getting the "Multiple correct solutions required, please solve more" message.
Is it just me?
I've had trouble solving
I've had trouble solving coudlfare captcha today too. But it could be unrelated to the update.
Uhm, you're right; the
Uhm, you're right; the problem lasted for some hours, and now it's gone.
So, not related to the Tor update. Sorry for overreacting too fast :)
cloudflare is the absolute
cloudflare is the absolute worst. that gives me an idea i may start working on soon - an anti-cloudflare tbb extension that adds a bridge to 'non-tor' VPN endpoints
like using vpn over tor, but easier to set up for less technical users
cloudflare is the dumbest
cloudflare is the dumbest tech ever happened to the whole era of computers, that which may makes think the origin of human is a 'Monkey" might be 99.9% true :)
there are Zillion smarter ways to breakdown a suspicious "DoS streams".. that will be founded by our grand sons, at that time when they will look back to us saying: Shame on you :))
however, myself, when want just-to-read and the dumb cloudflare appears then will not solve any damn puzzle, will just drop the link into https://www.proxfree.com/
RGDS: idea-Maker
Please don't; allowing Tor
Please don't; allowing Tor exit nodes to be known is intentional. Using techniques to mask that tor use, especially on the large scale, will in the long run make it harder to convince site admins to allow tor.
Also, it doesn't tend to take Cloudflare a long time to block IP's with "suspicious activity," and so it probably won't take long for them to block your VPN, leaving you with increased attack surface with no actual benefit.
one of the many things which
one of the many things which concerns me about Cl0udflare is that the captchas are being served by G0ogle.
That bothers me too...
That bothers me too... anyone know what info the goog's getting when they serve up a captcha? (Will they know what site you're trying to visit, or just that cloudflare wants someone at X ip to solve a million captchas?)
thanks tor! obrigado tor!
thanks tor!
obrigado tor!
good
good
Great.
Great.
I seem to have a bug, that
I seem to have a bug, that happens for some time now. Happens everytime Tor Browser Bundle finds an update, while my normal Firefox Browser is still open. When restarting TBB for the update to install, it says:
"The update could not be installed. Please make sure there are no other copies of Firefox running on your computer, and then restart Firefox to try again."
I closed normal Firefox and tried to update again, but the same message appears. Only way to install new TBB version is to install the new Bundle version from new. I haven't tried to restart the pc yet though. Maybe that could help.
It's still running in the
It's still running in the background.Try opening task manager,wait a few minutes (3-5 min), if you still see it on task manager, kill the process. Doing this however, may result in data loss/corruption. Only kill it if you have nothing to lose.
Sorry, i should have said
Sorry, i should have said that i closed the process in the task-manager. So it is not running anymore. But it wouldn't work nevertheless. Maybe it is another process that is correlated with the normal Firefox Browser that is preventing the TBB to update. But i can't find out.
OS X 10.10.5 Tor
OS X 10.10.5
Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any websites. If the problem persists, please send a copy of your Tor Log to the support team.
Restarting Tor will not close your browser tabs.
RE 5.5.5 can't launch '
RE 5.5.5 can't launch ' Couldn't load XPCOM' errmesg
W7
XPcom would not load Error
XPcom would not load Error W10
ty
ty
thank you.. thank
thank you..
thank you..
thank you...
nice browser
nice browser
Подскажите,
Подскажите, почему при просмотре видео на ютуб, если во ремя просмотра выйти на домашнюю страницу "about:tor", показывает что TOR отключен.
Спасибо.
Thnx for helping us to brows
Thnx for helping us to brows anonymously. Could you please enable Bangla font in Tor. It will be great help.
If its already enable please inform the procedure to enable Bangla font.
What operating system do you
What operating system do you use? What web site doesn't work for you?
It is working for me, for example https://bn.wikipedia.org/.
You can help fix the problem by filing a bug report. First go to https://trac.torproject.org/projects/tor/register and make an account, then go to https://trac.torproject.org/projects/tor/newticket to make a new ticket.
Here is some previous discussion on this issue: https://blog.torproject.org/blog/tor-browser-55-released#comment-154202. We were not able to help because they did not tell us what web site doesn't work.
Thank you
Thank you
thanks fissed!
thanks fissed!
you are the best!
you are the best!
Yorts and that!
Yorts and that!
Hi mom!
Hi mom!
Alright!
Alright!
Hello, I typed "Tor" on the
Hello,
I typed "Tor" on the search line of Yahoo and downloaded Tor. I got a message that I was connected and was invited to check out a website which yielded an address.
I keep seeing references to a "Tor Bundle". Did I receive everything when I downloaded Tor as described? I believe the version I have is 5.5.5.5.
Is the next step to go to an .onion site to try Tor out?
Because of what is taking place in America, and around the world, I feel some pressure to become proficient with Tor as soon as possible as I will have some training to do. Any internet references for initiates would be greatly appreciated.
Thank you for your time and assistance.
Col. Randall Smith, KF5YMT/AAR6KQ, Commander
C.D. Nationwide Emergency Communications Network
invited to check out a
invited to check out a website?
I'd say he's referring to
I'd say he's referring to https://check.torproject.org/.
> I typed "Tor" on the
> I typed "Tor" on the search line of Yahoo and downloaded Tor.
I hope you mean: in more detail,
1. using your usual web browser, you surfed to
https://www.torproject.org/download/download-easy.html.en
2. you downloaded the appropriate TBB (Tor Browser Bundle) tarball
3. you have gpg or pgp installed on your computer
4. you used gpg or pgp to "import" the TBB team's signing key
5. you used gpg or pgp to verify the downloaded tarball
6. you uncompressed and unpacked the tarball on your computer
7. you used the provided start script in the TBB directory to start Tor Browser
(most things seem complicated when you describe them in detail, but all these steps are really important in this context)
> I got a message that I was connected and was invited to check out a website which yielded an address.
I hope that address was check.torproject.org. You should see an icon in the "url pane" which you can click on to see some information about the https certificate confirming (if all goes well) that you are connected to the genuine torproject.org website. This site provides a quick check that you are in fact surfing using the Tor network.
Cryptography serves several essential purposes:
o authentication (you need to confirm you are at the genuine torproject.org website and not some phishing site)
o data integrity (you need to confirm the tarball was not maliciously modified on its way from torproject.org to your computer
o privacy (if you send an email you probably don't want anyone with access to the sending or receiving mail server to read it--- unencrypted email is like a postcard you tack up on some public bulletin board for everyone to read)
> I keep seeing references to a "Tor Bundle". Did I receive everything when I downloaded Tor as described? I believe the version I have is 5.5.5.5.
5.5.5 probably. TBB includes everything you need to surf using Tor Browser, which is configured to use a Tor client, so your websurfing is anonymized using "Tor circuits"
your_computer <==> entry_node <==> relay <==> exit_node <--> destination_website
where the last connection is unencrypted if the website does not use https.
(DNS lookups are done by the exit node--- if you know what this means, you can see this is essential to provide websurfing anonymity. Tor nodes are operated by a worldwide volunteer network of private citizens in dozens of countries around the world.)
> Is the next step to go to an .onion site to try Tor out?
Once you have started TBB you can surf on the ordinary internet just like you would with Firefox.
(Tor Browser is based on the open source version of Firefox, which is called Iceweasel.)
And if you know an onion address you want to visit, you can just type that (carefully) into the url pane and Tor Browser will get you to that onion site.
Two concepts which are easily confused:
o onion sites (sometimes called "the Dark Net")
o files which are accessible via Internet owing to a misconfiguration, but which were probably intended to be kept private (more properly called "the Deep Net")
Onion sites are just websites, except that they are protected by additional layers of anonymity using Tor infrastructure. The difference from "the public internet" is that the publisher of an onion site is also anonymous.
> Because of what is taking place in America
Check out
eff.org/nsa-spying/nsadocs
(compilation of Snowden leaked documents with links to news articles describing the significance of each document)
publicintelligence.net
(compilation of government documents, for example from the US military, which are in some sense publicly available but which you probably wont see discussed in "mainstream" news media)
theyarewatchingyou.org
(nice overview of current USG surveillance methods known to be widely used against ordinary citizens, from the ACLU)
> and around the world,
citizenlab.org
(terrific source of authoritative information on state-sponsored malware, focusing on that used by governments other than FVEY but nonetheless invaluable to US persons too)
hrw.org
rsf.org (more perspective on what is happening around the world)
This should also be of interest:
https://www.eff.org/deeplinks/2016/04/community-groups-come-together-ac…
These are all ordinary websites (the publishers are not anonymous), but in the current situation it would perhaps be unsafe to visit them while not using Tor.
Notice that you can use Tor Browser to download files from sites like publicintelligence.net using your browser just like you would with firefox.
Also, if you type in an abbreviated url like citizenlab.org, Tor Browser will connect using the https protocol, so the last link (from Tor exit node to destination website) is also encrypted.
Further, Tor uses perfect forward secrecy, which means that adversaries cannot decrypt all your past browsing at some website simply by (for example) forcing the website operator to hand over their https certificate or encryption keys.
Tor Browser also comes with NoScript so it provides a lot of additional protections against cross-site compromises. If you are a newbie, it is probably wise to avoid doing anything like installing additional "add-ons" or fiddling with any configurations. Tor Browser protects you from many things, but by no means from every hazard, so you still need to be careful when using Tor Browser. Tor Browser does several things like enabling file downloads in addition to websurfing, but it does not provide chat or email. The Tor Project is developing a chat system called Tor Messenger which from the user perspective works much like the Tor Browser: you can download it as a tar ball, verify the signature, unpack it and start it using a provided script.
For even more security/anonymity while surfing the Internet, see an allied project, the Tails Project, which has some nice documentation including this essential reading:
https://tails.boum.org/doc/about/warning/index.en.html
www.howsmyssl.com says Your
www.howsmyssl.com says
Your SSL client is Improvable.
Session Ticket Support
Improvable Session tickets are not supported in your client. Without them, services will have a harder time making your client's connections fast. Generally, clients with ephemeral key support get this for free.
Looks to be a speed problem but wanted to check, any concern here???
Session tickets aren't
Session tickets aren't needed, and if not configured properly/carefully can do disastrous things to PFS.
https://www.ietf.org/rfc/rfc5077.txt
Session tickets are disabled
Session tickets are disabled for anti-tracking reasons. See here:
https://www.torproject.org/projects/torbrowser/design/#identifier-linka…
On a pron site with
On a pron site with javascript on -for searching.isn't working.blocking tor?- security.enable_tls_session_tickets suddely was on.
Don't ask, i don't know why.
All right everyone. Everyone
All right everyone. Everyone get the SpyShelter Software here:
https://www.spyshelter.com/
Tell me that Firefox.exe or Tor does not keep trying to record your typing keystrokes! What is going on? Is it my computer or Tor? Or, is it Firefox?!
I'm not entirely sure what
I'm not entirely sure what exactly the program does, but Firefox does record keystrokes; otherwise you wouldn't be able to type anything into the address bar/search box/page textboxes (or use any keyboard shortcuts.)
With that said, I'm not entirely sure I trust SpyShelter to not spy on me either.
Almost every standard
Almost every standard (crappy) Windows app tries to get direct keyboard access for hotkey support (from ancient times). You can easily block it without worries.
best
best
cant post
cant post
Very good
Very good
Thanks, it worked fine
Thanks,
it worked fine since more than 24Hrs,
but it suddenly crashed few minutes ago,
that doesn't happen -frequently- with any previous updates/upgrades..
copied this from crash report,
will notify u if it'll crash again (hope it'll not)
ps. if it's not so necessary to show this details,
then plz don't show it, but it's up to U..
;)
====================================
Application Version: 38.8.0.0
Application Timestamp: 00000000
Fault Module Name: xul.dll
Fault Module Version: 38.8.0.0
Fault Module Timestamp: 00000000
Exception Code: c0000005
Exception Offset: 020db758
OS Version: 6.1.7601.2.1.0.256.1
Locale ID: 1033
Additional Information 1: 0a9e
Additional Information 2: 0a9e372d3b4ad19135b953a78882e789
Additional Information 3: 0a9e
Additional Information 4: 0a9e372d3b4ad19135b953a78882e789
e-o-t..
aka: idea-Maker :)
Do you remember what you
Do you remember what you were doing, or which website you were visiting before the crash? And if so, can you try to do the same thing, or visit the same website again to see if the crash is reproducible?
Hi boklm.. 1- Sorry for
Hi boklm..
1- Sorry for this late reply..
2- Yes, According to crashed> (session Manager).. and after visiting same links again ..there seem to be no suspicion to crash it..
3- What's suspected to crash it, might be the updating of add-ons,
After upgrading TBB, found about 5 add-ons that must be updated (uBlock Origin, Tweak network, Page Zoom, Open link in current, Memory fox Next..) and other 2 add-ons (that are originally disabled) ..So, i guess it crashed -due to- temporarily unstable "new" update of that add-ons.. that happened right after upgrading the TBB itself..
Now everything seem to be stable and back to normal,
Will comment back if it crash in the next 3 days,
Otherwise, consider it [SOLVED] :)
Thanks for your kind consideration..
(off-Topic)
in this current page, did you notice my idea of the ON/OFF icon to -temporarily- watch videos! is it doable?
Thanks again
great
great
why you haven't fixed it
why you haven't fixed it https://www.browserleaks.com/firefox
What exactly haven't we
What exactly haven't we fixed?
platform, language and
platform, language and torbrowser version leak
What are the values you see
What are the values you see and which are you expecting?
lol at "why you haven't". Is
lol at "why you haven't". Is that a question or are you informing us/them? anyway, I didn't visit the link because I'm lazy; if you're referring to the memory leak issue with Firefox, then that's Mozilla's fault. They don't care about addressing that problem, because you can quit and restart the application. I don't find that to be an acceptable solution but whatever.
thx from my site
thx from my site
So good
So good
I have to thanks all who
I have to thanks all who work on tor project
THANKS
THANKS
BRAVO
BRAVO
Very good
Very good
Very good
Very good
Former Tor Developer Helped
Former Tor Developer Helped the FBI by Creating Malware to Go After Tor Users
https://www.dailydot.com/politics/government-contractor-tor-malware/
Thanks for this link. @
Thanks for this link.
@ Roger &c: is the official TP statement to Daily Dot available in full?
Some of us have warned for years that USG is likely to try to insert moles into the Tor Project. Was Matt Edman the first such uncovered, or was he "turned" during or after his employment at TP?
I've been using Tor browser
I've been using Tor browser on x64 Windows for 2 years and I've noticed a change recently. Last week I accidentally maximized the "Save As" dialogue box and now every time I'd save something it takes up the whole screen. It doesn't bother me too much, but here's where it gets strange. eEen after deleting and reinstalling Tor Browser, that setting remains every time.
Is that normal? It sure doesn't seem normal, isn't Tor Browser completely erased including all settings when you delete it?
It would be nice if the TB
It would be nice if the TB team helped with troubleshooting what ifs here:
gpg: requesting key 93298290 from hkp server pool.sks-keyservers.net
gpgkeys: HTTP fetch error 7:
gpg: DBG: armor-keys-failed (KEY 0x4E2C6E8793298290 BEGIN
) ->0
gpg: DBG: armor-keys-failed (KEY 0x4E2C6E8793298290 FAILED 9
) ->9
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: keyserver communications error: keyserver unreachable
gpg: keyserver communications error: public key not found
gpg: keyserver receive failed: public key not found
And here:
gpg: can't open signed data `/Users/OSX/Downloads/TorBrowser-5.5.5-osx64_en-US.dmg'
gpg: can't hash datafile: file open error
Key verification was fine but I already imported it in the past ):
Clearly a pgp issue but this can be avoided with better documentation.
What gpg command did you run
What gpg command did you run to get this error?
Thanks
Thanks
muy biuen
muy biuen
Waiting for Tor Project
Waiting for Tor Project person to explain how the 'snowflake' pluggable transport differs in operation from all the other pluggable transports.
Put 'snowflake pluggable
Put 'snowflake pluggable transport' in the Tor Browser search bar and select Disconnect.me. Several links will be shown that will give more information about snowflake.
EVERYTHING IS BEING
EVERYTHING IS BEING MONITORED BOTH PHYSICALLY AND DIGITALLY NO MATTER WHAT! ALL COMPUTER HAVE BUILT IN KEYSTROKE SOFTWARE AND BACK DOORS!
http://www.shtfplan.com/headline-news/americans-everything-you-do-is-mo…
Don't panic--- the situation
Don't panic--- the situation is bad, but probably not that bad.
For a well-informed overview of current surveillance techniques likely to be encountered by ordinary persons (focusing on US persons), see
theyarewatchingyou.org
which is from the ACLU.
Search for eff.org "NSA primary documents" and "ANT catalog" to read some leaked NSA/GCHQ documents describing in considerable detail the kind of highly sophisticated electronic espionage/"effects" methods used by the USG and its closest allies.
Tor can't help defend you against everything mentioned in the website theyarewatchingyou.org, much less the techniques described in the ANT catalog, but it is much better than nothing, and probably will suffice to keep many people safe while doing things like reading uncensored news online.
See citizenlab.org for authoritative information on internet surveillance techniques and state-sponsored malware used by various governments (focusing on non-FVEY but still very useful for people who live in USA, UK, Canada, Australia, New Zealand).
That's FUD and complete
That's FUD and complete bullshit. Tell that to any security expert and they will laugh at you. It's really not hard to reverse engineer software, even something as complex as Windows, or something as ubiquitous in the IoT as VXWorks, to look for things such as keystroke software or backdoors. It's true that backdoors have been found, but it's total FUD to say that everything has keystroke software and backdoors. All you are doing is trying to convince people that there is nothing they can do to protect themselves, which makes them give up, which is the exact opposite of what they need to do to stay safe.
Exactly! Thank you for
Exactly! Thank you for debunking the dangerous suggestion (which no doubt is encouraged by our many adversaries) that "privacy is dead; everyone should just give up" [sic].
why cant i use Tor browser
why cant i use Tor browser to download?
Downloading files using Tor
Downloading files using Tor Browser should work. Can you give more details about the problem?
Most downloads get stuck at
Most downloads get stuck at "a few seconds remaining".
good
good
WONDERFULL!!!!!!!!!!!!!!!!!!!
WONDERFULL!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Tor is very good
Tor is very good
Where is the "Start Tor
Where is the "Start Tor Browser" link? Firefox.exe gives a "couldn't load XPCOM" message.
Did you run the install
Did you run the install executable after downloading the bundle? orif you did then look in the folder where it's located and copy or 'create shortcut' to wherever you normally have it.
very good
very good
Thanks
Thanks
A big thumbs up to the TOR
A big thumbs up to the TOR team, wherever and whoever you are. Great service and such a useful tool.
Mac OS automatic
Mac OS automatic upgrade?
Should TOR browser automatically update to the next version when a new version appears? This is occurring on my Yosemite Mac after a new version is apparent and the TOR browser is closed and reopened. It automatically opens to the new version without me installing.
It is applying the update in
It is applying the update in the background to avoid dealing with the update during the next start-up (which costs time). So, everything is fine.
howsmyssl says Your SSL
howsmyssl says
Your SSL client is Improvable.
Session Ticket Support
Improvable Session tickets are not supported in your client. Without them, services will have a harder time making your client's connections fast. Generally, clients with ephemeral key support get this for free.
ignor that last comment
ignor that last comment
awesome job once again
awesome job once again
please make tor faster than
please make tor faster than Mozilla Firefox. Its great but really slow.
It's not so easy to just
It's not so easy to just "make Tor faster".
In my experience, websurfing using Tor Browser is not noticeably slower than ordinary websurfing, but downloading enormous files or watching videos may be slower.
Over time, as the Tor network continues to grow and improve, speed will probably increase.
why did tor works really slow
why did tor works really slow
What are the best, simplist
What are the best, simplist ways to learn to use Tor please?
Have a Mac new last August 2015, already corrupted. Someone added something to the innards of the computer to make accessing it from away, easy. When I am on, usu
ally for hours, someone else is on too.
am only journalist, need privacy, for that may need a new, untouched Mac
> What are the best,
> What are the best, simplist ways to learn to use Tor please?
Did you download the latest Tor Browser Bundle (TBB) from torproject.org?
Once you know how to start Tor Browser, this should provide everything you need to surf the Internet using Tor Browser, so you may not need to learn very much to use Tor to surf.
Tor Project is also developing Tor Messenger, which provides anonymized chat, which should help to keep in touch with other journalists, sources, etc., but this is still being tested so you probably shouldn't use it quite yet to contact your sources.
> Have a Mac new last August 2015, already corrupted. Someone added something to the innards of the computer to make accessing it from away, easy.
Did you find a hardware keylogger, or are you just suspicious?
> When I am on, usually for hours, someone else is on too.
You should try to contact these amazing people: citizenlab.org. They may be able to help you find out what is going on. Also, human rights organizations may be able to help you obtain training for at risk journalists in your country or a neighboring country (if you can travel).
Good luck, try to stay safe, but above all, keep doing journalism!
The two most popular
The two most popular privacy-enhancing applications which use Perfect Forward Secrecy are WhatsApp (as of about one month ago) and Tor. Now comes this news:
https://theintercept.com/2016/05/02/whatsapp-used-by-100-million-brazil…
WhatsApp, Used by 100 Million Brazilians, Was Shut Down Nationwide Today by a Single Judge
Glenn Greenwald, Andrew Fishman
2 May 2016
> A BRAZILIAN STATE JUDGE ordered mobile phone operators to block nationwide the extremely popular WhatsApp chat service for 72 hours, a move that will have widespread international reverberations for the increasingly contentious debate over encryption and online privacy. The ruling, issued on April 26, became public today when it was served on mobile service providers. It took effect at 2 p.m. local time (1 p.m. ET); as of that time, people in Brazil who tried to use the service could not connect, nor could they send or receive any messages. Failure to comply will subject the service providers to a fine of 500,000 reals per day ($142,000 per day).
> ...
> It is stunning to watch a single judge instantly shut down a primary means of online communication for the world’s fifth-largest country. The two security experts in the NYT wrote of the first WhatsApp shutdown: “The judge’s action was reckless and represents a potentially longer-term threat to the freedoms of Brazilians.” But there is no question that is just a sign of what is to come for countries far from Brazil: There will undoubtedly be similar battles in numerous countries around the world over what rights companies have to offer privacy protections to their users.
To repeat the warning some Tor users have been issuing for months: today they came for WhatsApp, in Brazil. Tommorrow they will come for Tor, in the USA.
We are all in great danger, and we need to put our heads together and decide how we will react to a similar judicial order shutting down TP.
I hope Sheri and Roger are very busy reaching out to the news media, trying to correct the dangerous and misleading ant-Tor propaganda being peddled by our enemies in the USG and in other governments around the world.
> reaching out to the news
> reaching out to the news media, trying to correct the dangerous and misleading ant-Tor propaganda being peddled by our enemies in the USG and in other governments around the world.
We're about five years too late, and the news media have been vocal in their condemnation of privacy technology. The news is firmly against us, as are the vast majority of people around the world. Just about everyone thinks it's completely reasonable to outlaw encryption for personal communication.
This just highlights the
This just highlights the problems with centralized communication software.... wonder what it'll take to get soemthing like telehash popular.
The USG has essentially
The USG has essentially offered the tech industry this choice: either we will enact legislation which makes strong encryption illegal, or we will enact legislation making it even easier for even more agencies to engage in secret state-sponsored hacking.
In particular some of us have warned for years about the implications for Tor users of a proposed change in Rule 41 of the Federal RCP, which is set to become law without any action being taken by the US Congress:
http://arstechnica.com/tech-policy/2016/04/rule-41-would-make-it-easier…
Rule 41 would make it easier for the government to carry out hacks
ACLU: Rule 41 fix has "insufficient privacy protections, transparency, or oversight."
Cyrus Farivar
29 Apr 2016
> Privacy activists and at least one senator are up in arms over a proposed change to a section of the Federal Rule of Criminal Procedure that would allow any magistrate judge to issue warrants authorizing government-sanctioned hacking anywhere in the country.
>
> If the proposal does go forward, it would mark a notable expansion of judicial power to sign off on "remote access" of criminal suspects’ computers. As Ars has reported previously, for more than two years now, the Department of Justice has pushed to change Rule 41 in the name of being able to thwart online criminal behavior enabled by
tools like Tor.
^^^^^^^^^^^^^^^
>
> On Thursday, the Supreme Court passed the proposed change to Rule 41 and sent it to Congress on Thursday, which will have until December 1 to modify, reject, or defer the proposal. If the House of Representatives and Senate do not pass a resolution in favor by simple majority, the revisions will become law that same day.
> ...
> For now, Sen. Ron Wyden (D-Oregon) appears to be the only legislator to have spoken out against the revision.
>
> "These amendments will have significant consequences for Americans’ privacy and the scope of the government’s powers to conduct remote surveillance and searches of electronic devices," he said in a Thursday statement. "I plan to introduce legislation to reverse these amendments shortly, and to request details on the opaque process for the authorization and use of hacking techniques by the government."
>
> "Such a monumental change in the law should not be snuck by Congress under the guise of a procedural rule," Neema Singh Guliani, an attorney with the American Civil Liberties Union, said in a statement sent to Ars.
>
> "The change proposed would expose Americans, including victims of crimes, to government hacking with insufficient privacy protections, transparency, or oversight. Congress should reject the proposed changes to Rule 41, and instead demand answers from the government about their current hacking practices."
> ...
I can't believe nolo.com
I can't believe nolo.com blocks Tor. (time out exceeded)
works ok for me
works ok for me
since 5.5.5 coments on
since 5.5.5 coments on YouTube ain't work anymore. In 5.5.4 it worked.
Hello! I´m trying to run
Hello!
I´m trying to run Tor 5.5.5 on MacOs 10.11.4 and it
chrshes right away after running it and press the
connect-button.
R-installing and so on doesn´t take any effect.
So Tor is just unuseable.....
Same here. Same setup.
Same here. Same setup.
Do you get some crash output
Do you get some crash output that could shed some light on this problem?
is 8chan down or is the last
is 8chan down or is the last upgrade of Tor stopping it from loading??
Im getting a 504 error... just wondering cuz since I upgraded, 8 chan wont load...
504 sounds like a server
504 sounds like a server side problem.
How much additional
How much additional programming would be required to use existing public blogs to communicate information, images, apps, etc., by hiding the private data in ordinary presentations? I believe it is already being done with font scripts and high def scrambled images that look innocent to otherwise ordinary users. It should be possible to hide the entire library of congress in a 2 hour home movie. (Hypothetically) The only way to block the equivalent of SSB (ham radio communications jargon for Single Side Band combined with CW {unmodulated radio frequency}) would be to shut down the entire internet or to ask publishers to explain the meaning of each and every word, sentence, and punctuation.
I imagine that, even the threat of doing this could bring down a government rather quickly.
Are you talking about
Are you talking about steganography?
If so, governments are well aware of the proliferation of schemes such as steghide (available in Debian repositories if you want to try it) which can hide a short message (not the LOC or movies) in innocuous nontext files having certain formats such as gif images. They are funding research on attacking steganography software because they fear that political dissidents might exchange short messages without being noticed by the Surveillance State, not because they are worried about people hiding LOC books in movies.
One flaw in such schemes is that if the adversary has a copy of the unmodified file (such as a snapshot from some public blog), a comparison will reveal the presence of the a hidden message, thus compromising the point of steganography (to hide the fact that any message is being communicated at all).
To avoid this, it is best to use as "cover" files which are not known or easily recreated in their original form to any adversary. For example, if you generate a pretty fractal image using randomly chosen parameters, you should not choose a program which writes the parameters in the generated image! (Apparently university students who develop fractal generating programs for school projects are often threatened by USG agents who want to ensure that their program overtly or covertly writes the parameters into the generated image, because university projects sometimes evolve into open source projects used in the real world.)
I have heard that PSAs
I have heard that PSAs targeting Tor users with the warning "you are not anonymous" are airing in US and Canada. Does anyone have more information about what corporation is producing these PSAs?
Maybe ugly Elsevier doesn't want information to be free?
http://scihub22266oqcxt.onion/
Thank you to everybody who
Thank you to everybody who makes Tor!
You are all awesome!
Tor makes me feel like there is good people on the internet who really care and believe in true democracy and real freedom for everybody in the World!
Thank you everyone!
Many Tor users have
Many Tor users have expressed the fear that FBI will begin "interviewing", serving subpoenas upon (possibly using NSL's accompanied by eternal gag orders), arresting, or outright "disappearing" TP employees and volunteers. Consequently, we have urged TP to consider relocating lead developers and other key Tor people to safer locations in other countries, such as Germany, Norway, or Iceland.
And now comes evidence that FBI is attempting to intimidate Tor employees who are preparing to emigrate (not necessarily because of our fears about the poor prospects for TP in Comey's America!):
https://www.techdirt.com
FBI Harassing Core Tor Developer, Demanding She Meet With Them, But Refusing To Explain Why
from the not-cool-fbi dept
5 May 2016
> Isis Agora Lovecruft is a lead software developer for Tor and has worked on Tor for many years, as well as on a variety of other security and encryption products, including Open Whisper Systems and the LEAP Encryption Access Project. And, apparently, the FBI would really like to talk to her, but won't tell her (or her lawyer) exactly why.
https://www.ibtimes.co.uk/tor-developer-isis-agora-lovecruft-publicly-a…
Tor developer Isis Agora Lovecruft publicly accuses the FBI of harassment
Jason Murdock
6 May 2016
> [The harassment] reportedly started with a house visit from the FBI and escalated to the threat of a federal subpoena. For one member of the Tor Project's core development team, named Isis Agora Lovecruft, the past six months have been characterized by stress, confusion and underhand threats at the hands of US law enforcement. Now, she has publicly accused the agency of harassment.
https://blog.patternsinthevoid.net/fbi-harassment.html
FBI Harassment
Sunday, 01 May 2016
By isis agora lovecruft
> [Special Agent Kevin Porter, FBI Atlanta field office, on the phone with her lawyer:] "We… uh… have some documents we’d like her opinion on."
And if she declines to be interviewed?
> ... "We have teams in Los Angeles, San Francisco, Chicago, New York, and Atlanta keeping an eye out for her."
> [Special Agent Mark Burrnett, FBI LA Field Office, on the phone with her laywer:] "are you the point of contact for serving a subpoena? She’s not the target of investigation, but, uh… we uh… need her to clear up her involvement or… uh… potential involvement in a matter.”
In her blog post, Isis asked:
> Is this really how the United States has decided to treat American tech workers? Am I just the forerunner in a larger campaign by the FBI to personally go after developers of encryption software which annoys them?
Intimidation and threats: standard tactics straight from their "suasion" playbook.
FBI probably wants many things from Isis, but one thing they are almost certainly trying to do is to identify a key Tor person they think they can bully into becoming a secret informant inside TP, or even into allowing FBI to abuse their signing key in order to perform such criminal actions as serving malware to ordinary citizens which has been disguised as LEAP or some other good thing which people need in order to live free.
The interview might begin with a misleading suggestion that the agents are trying to *protect* the employee from some (possibly exaggerated or even entirely imaginary) threat, e.g. they might claim to have information that a third party (e.g. the Russian government) is planning to harm the subject. It might continue with a discursive discussion intended to elicit information about the subject's character, motivations, and personal weaknesses.
When agents step out of the room where the subject is detained, it is likely that they are conferring not only with each other about their next moves, but with a psychologist consultant who is building a model of the subject's psychological vulnerabilities, and counseling the agents on how to exploit them.
After some time, there might be a rapid fire sequence of sudden shifts in the questioning, which is intended to confuse and disorient the subject.
Specific suasion techniques often employed (probably ineffective with Tor Project employees, but the G-men might fall back upon these out of ingrained habit) include these:
o appeals to pride in technical accomplishments ("your unique skills could be put to better use serving your country") or to a desire to change the world ("you could have enormous influence on future policy decisions by the US government"),
o vague (and false) promises of personal financial benefit should the employee cooperate,
o attempts to shock the employee into "flipping", by presenting horrifying graphic imagery of the aftermath of a terrorist bombing, or especially objectionable pron,
o vague insinuations of a criminal case or other unpleasantness (such as an IRS audit or ruinous civil lawsuit) which can be made to "disappear" if the employee agrees to become an FBI mole,
o explicit dire threats, such as the promise that if the employee refuses to become a mole, "you will die in an isolation cell in the Supermax prison in Colorado".
It would not be a bad idea for TP to offer its key employees a seminar in the old-fashioned Reid technique, the "Big Man" technique (favored by RCMP), the techniques taught to US Army interrogators at Fort Huachuca, accounts from former Gitmo detainees of their own interrogations, etc.
It is also important to know that representatives from other government agencies (such as CIA, NSA, NCIS, USAF) might well sit in, and may even misrepresent themselves as FBI agents. This ought to be illegal, but in matters of Tor, it is likely that the US government recognizes no rules it is bound to obey.
The interrogators will be trying to trick you into saying something they can exploit to bring further pressure to bear upon you, but it is important to remember that at some points they will probably make their own mistakes, for example by making a damaging admission, or by revealing their own psychological weaknesses, frustrations, motivations, or accidentally hinting at what they ultimately hope to accomplish by "turning" you, incarcerating you, torturing you, whatever.
FBI is an extremely dangerous rogue agency, and it will only become more vicious as time goes on.
It is important to recognize that the next US President will effectively be chosen by FBI. Despite disclaimers from the Clinton campaign, there is a very real possibility that Ms. Clinton (not just her closest aides) will be indicted. If that happens, Trump will almost certainly be elected, which may result in succession by some of the more anti-fascist states. If it doesn't, Clinton will almost certainly have cut some secret deal with Comey in order to avoid prosecution, basically making her FBI's woman in the White House. Scary times.
A million thanks to the Tor developers and volunteers for all your hard work and dedication!
I hope everyone at Tor
I hope everyone at Tor Project is aware of these developments:
Comey claims encryption is a necessary requirement for terrorism (implying that if all non-government encryption is banned, all non-government terrorism will cease):
http://arstechnica.com/tech-policy/2016/05/encryption-is-essential-trad…
Encryption is “essential tradecraft” of terrorists, FBI director says
Comey also says cops may not police well out of fear of being in a viral video.
David Kravets
12 May 2016
Mozilla (maker of Firefox) demands that FBI disclose the bugs exploited by its NIT (Tor targeting malware):
https://blog.mozilla.org/blog/2016/05/11/advanced-disclosure-needed-to-…
Advance Disclosure Needed to Keep Users Secure
Denelle Dixon-Thayer
11 May 2016
Comey responds by promising to intensify FBI's war on software providers such as Tor Project (the assault on Isis suggests that Tor Project is on the short list for receiving an NSL any day now--- is TP prepared to fight this?--- or even for state-sponsored burglaries--- are TP locations physically secured? maybe Google can help?):
http://arstechnica.com/tech-policy/2016/05/over-last-6-months-fbi-looke…
FBI director warns that feds will bring more encryption-related cases
Meanwhile, WhatsApp's end-to-end encryption continues to frustrate FBI, too.
Cyrus Farivar
11 May 2016
hello. i am living in margav
hello. i am living in margav a village in mazandaran in in iran. my old 50 years. and director tv. please free help and support and connect me for all site and all web page by tor browser for 5 week'. then i buy this v p n . good day
Hi, I hope someone will post
Hi, I hope someone will post a link to the Farsi version of torproject.org website.
You should only download the most recent TorBrowser Bundle (TBB) from this site (torproject.org). You should be able to use a version in your language. To use Tor from inside Iran, you will probably need to use bridges (see the Tor FAQ at this website). Tor is not a VPN and it is free for everyone to use (you don't need to pay anyone). You should avoid mentioning specific information about yourself ("I am living in Margav, a village in Mazandaran, Iran. My age is 50 years") when using Tor for anonymity.
Someone recently said that Tor Project is currently reorganizing their help desk. I hope this is completed very soon.
Please keep trying to obtain and use Tor, it's great!
Does this help? Only a
Does this help? Only a partial translation:
https://tails.boum.org/news/index.fa.html
hi, is there a way to login
hi,
is there a way to login to the gmail account without verifying because when i try to use youtube and logging into gmail account using tor browser to post any comment i am directed to the page "Verify its you" which i dont want
thanks
we need one for windows also
we need one for windows also
I like Tor, I don't use it
I like Tor, I don't use it much but I know I should use it more. I don't like losing my 4th Amendment. But have you seen this story. https://theintercept.com/2016/05/12/mozilla-wants-heads-up-from-fbi-on-…
good tor
good tor
Keep getting "Timeout" on
Keep getting "Timeout" on majority of sites i try to visit. Tor going downhill pretty fast...Every update it just keeps getting worse...It was great while it lasted :(
Feature request: instead of
Feature request: instead of forcing us to hack the location of the exit node into a configuration file, which is time consuming, error prone, and extremely OBSCURE, how about creating an explicit interface in the GUI to let us configure exit nodes?
You already have this in ORBOT.
We don't build Orbot. That
We don't build Orbot. That is done by the Guardian Project. And, no, I am not convinced that we want to expose a GUI option for that. This might endanger your anonymity and, if enough people are messing with their exit node, it might affect all the other Tor users that don't use it as well. At a minimum more research is needed on the impact of this proposed feature I think.
good
good
like it thank u
like it thank u
ok
ok
5.5.5 does not work over the
5.5.5 does not work over the best OS,windows 7.
5.5.5 is “Couldn't load XPCOM” version.
It is just the sound of a fail installation bell ringing.
5.5.4 without adding FireFox is working.
I recommend Tor users using StartPage for search engine with 5.5.4.
I ask Tor to stop updating available new version automatically.
Because,5.5.4 is available for working.
Yes, absolutely
Yes, absolutely correct.
5.5.5 does not work over the best OS,windows 7.Very slow and i am not use Tor.
I'm having trouble opening
I'm having trouble opening the newest version of Tor on my Mac. The last download worked fine, but now it won't run, either. The message I get is that there are "no mountable files" to add to the Applications folder, which tells me that the download is actually coming in corrupted. Maybe a compatibility issue? Any help is appreciated.
best
best
This version(5.5.5) is very
This version(5.5.5) is very slow.The previous version was too fast.
I wish I did not upgrade to the new version.
Hajamir50
what dose overlap mean i
what dose overlap mean i have a URL from someone who told me to overlap it to TOR.
CAN ANYONE EXPLAIN THIS TO ME.
Thank you
good
good
HOW TO CONFIGURE A NEW
HOW TO CONFIGURE A NEW MOBILE PHONE TO USE TOR . I MEAN I WANT MY PHONE FROM THE BEGINNING TO BE HIDDEN WHEN BROWSING THE INTERNET. HIDDEN LOCATION , IDENTITY , IP ADDRESS . DON'T WANT GOOGLE AND ANY OTHERS KNOW AT LEAST MOST OF MY PRIVACY .. ANY IDEA GUYS OR TOOLS OR TUTORIALS TO FOLLOW UP WITH ??
Why can't I get rid of that
Why can't I get rid of that bloody Duck duck go? It's a pain in the derriere and takes me to everywhere I don't wish to go!
Absolute rubbish and drags down the TOR experience. I have to keep downloading versions prior to 5.5.5 until it suddenly upgrades again. AAAAARRRRRGGGGHH!!!!!
Runing Mac OS Yoemite when I
Runing Mac OS Yoemite when I perform search in the firefox search bar(top right) it redirectss from diconnect serch to duckuck GO. I m using trnport type meek-amzon
I am using yosemite OS and
I am using yosemite OS and when I perform search in the top right hand corner which should use disconnect search the TOR browser redirects me to duckduck go search. Even if I remove duckduck go search from the search options it still redirect me to duckuck go
The transport types meek
The transport types
meek google
fte-ipv6
Do not work.