Tor Browser 6.5 is released
Tor Browser 6.5 is now available from the Tor Browser Project page and also from our distribution directory.
This release features important security updates to Firefox.
This is a major release and the first one in the 6.5 series. First of all it fixes the usual critical bugs in Firefox by updating to ESR 45.7.0. It contains version updates to other bundle components as well: Tor to 0.2.9.9, OpenSSL to 1.0.2j, HTTPS-Everywhere to 5.2.9, and NoScript to 2.9.5.3.
Besides those updates Tor Browser 6.5 ships with a lot of the improvements we have been working on in the past couple of months.
On the security side we always block remote JAR files now and remove the support for SHA-1 HPKP pins. Additionally we backported from an other firefox branch patches to mark JIT pages as non-writable and other crash fixes that could disrupt a Tor Browser session quite reliably.
With respect to user tracking and fingerprinting we now isolate SharedWorker script requests to the first party domain. We improved our timer resolution spoofing and reduced the timing precision for AudioContext, HTMLMediaElement, and Mediastream elements. We stopped user fingerprinting via internal resource:// URLs, and for Windows users we fixed a regression introduced in Tor Browser 6.0 which could leak the local timezone if JavaScript were enabled.
A great deal of our time was spent on improving the usability of Tor Browser. We redesigned the security slider and improved its labels. We moved a lot of Torbutton's privacy settings directly into the respective Firefox menu making it cleaner and more straightforward to use. Finally, we moved as many Torbutton features as possible into Firefox to make it easier for upstreaming them. This allowed us to resolve a couple of window resizing bugs that piled on over the course of the past years.
The features mentioned above are only some of the highlights in Tor Browser 6.5. The full changelog since 6.0.8 is:
- All Platforms
- Update Firefox to 45.7.0esr
- Tor to 0.2.9.9
- OpenSSL to 1.0.2j
- Update Torbutton to 1.9.6.12
- Bug 16622: Timezone spoofing moved to tor-browser.git
- Bug 17334: Move referrer spoofing for .onion domains into tor-browser.git
- Bug 8725: Block addon resource and url fingerprinting with nsIContentPolicy
- Bug 20701: Allow the directory listing stylesheet in the content policy
- Bug 19837: Whitelist internal URLs that Firefox requires for media
- Bug 19206: Avoid SOCKS auth and NEWNYM collisions when sharing a tor client
- Bug 19273: Improve external app launch handling and associated warnings
- Bug 15852: Remove/synchronize Torbutton SOCKS pref logic
- Bug 19733: GETINFO response parser doesn't handle AF_UNIX entries + IPv6
- Bug 17767: Make "JavaScript disabled" more visible in Security Slider
- Bug 20556: Use pt-BR strings from now on
- Bug 20614: Add links to Tor Browser User Manual
- Bug 20414: Fix non-rendering arrow on OS X
- Bug 20728: Fix bad preferences.xul dimensions
- Bug 19898: Use DuckDuckGo on about:tor
- Bug 21091: Hide the update check menu entry when running under the sandbox
- Bug 19459: Move resizing code to tor-browser.git
- Bug 20264: Change security slider to 3 options
- Bug 20347: Enhance security slider's custom mode
- Bug 20123: Disable remote jar on all security levels
- Bug 20244: Move privacy checkboxes to about:preferences#privacy
- Bug 17546: Add tooltips to explain our privacy checkboxes
- Bug 17904: Allow security settings dialog to resize
- Bug 18093: Remove 'Restore Defaults' button
- Bug 20373: Prevent redundant dialogs opening
- Bug 20318: Remove helpdesk link from about:tor
- Bug 21243: Add links for pt, es, and fr Tor Browser manuals
- Bug 20753: Remove obsolete StartPage locale strings
- Bug 21131: Remove 2016 donation banner
- Bug 18980: Remove obsolete toolbar button code
- Bug 18238: Remove unused Torbutton code and strings
- Bug 20388+20399+20394: Code clean-up
- Translation updates
- Update Tor Launcher to 0.2.10.3
- Update HTTPS-Everywhere to 5.2.9
- Update NoScript to 2.9.5.3
- Bug 16622: Spoof timezone with Firefox patch
- Bug 17334: Spoof referrer when leaving a .onion domain
- Bug 19273: Write C++ patch for external app launch handling
- Bug 19459: Size new windows to 1000x1000 or nearest 200x100 (Firefox patch)
- Bug 12523: Mark JIT pages as non-writable
- Bug 20123: Always block remote jar files
- Bug 19193: Reduce timing precision for AudioContext, HTMLMediaElement, and MediaStream
- Bug 19164: Remove support for SHA-1 HPKP pins
- Bug 19186: KeyboardEvents are only rounding to 100ms
- Bug 16998: Isolate preconnect requests to URL bar domain
- Bug 19478: Prevent millisecond resolution leaks in File API
- Bug 20471: Allow javascript: links from HTTPS first party pages
- Bug 20244: Move privacy checkboxes to about:preferences#privacy
- Bug 20707: Fix broken preferences tab in non-en-US alpha bundles
- Bug 20709: Fix wrong update URL in alpha bundles
- Bug 19481: Point the update URL to aus1.torproject.org
- Bug 20556: Start using pt-BR instead of pt-PT for Portuguese
- Bug 20442: Backport fix for local path disclosure after drag and drop
- Bug 20160: Backport fix for broken MP3-playback
- Bug 20043: Isolate SharedWorker script requests to first party
- Bug 18923: Add script to run all Tor Browser regression tests
- Bug 20651: DuckDuckGo does not work with JavaScript disabled
- Bug 19336+19835: Enhance about:tbupdate page
- Bug 20399+15852: Code clean-up
- Windows
- OS X
- Linux
- Build system
- All platforms
- OS X
- Bug 20258: Make OS X Tor archive reproducible again
- Bug 20184: Make OS X builds reproducible (use clang for compiling tor)
- Bug 19856: Make OS X builds reproducible (getting libfaketime back)
- Bug 19410: Fix incremental updates by taking signatures into account
- Bug 20210: In dmg2mar, extract old mar file to copy permissions to the new one
Comments
Please note that the comment area below has been archived.
I'm loving it!
I'm loving it!
YES
YES
how did you get it? i've
how did you get it? i've been trying for 3 hours ad cannot get the linux version to either update(unknown error) or download from scratch (file not available)
Where are you trying to
Where are you trying to download it from?
good browser
good browser
i am loving it too :)
i am loving it too :)
thanks ! browserfingerprint
thanks !
browserfingerprint result is even in the highest setting not very good
"Are you unique? Almost! (You can most certainly be tracked.)"
[details snipped]
But only 301 browsers out of the 301007 observed browsers (0.09 %) have exactly the same fingerprint as yours.
middle setting
--------------------
"Are you unique?" Almost! (You can most certainly be tracked.)"
[details snipped]
"But only 391 browsers out of the 301001 observed browsers (0.09 %) have exactly the same fingerprint as yours."
source https://amiunique.org/
You're using a browser
You're using a browser that's just been released wait a week or so until more people have run fingerprint tests.
Yes indeed. See
Yes indeed. See also
http://tor.stackexchange.com/questions/6548/why-does-panopticlick-tell-…
It's getting better but
It's getting better but still too trackable:
"But only 2356 browsers out of the 301620 observed browsers (0.80 %) have exactly the same fingerprint as yours."
Let's wait
Remember that the goal of
Remember that the goal of Tor Browser is to make you blend in with the other Tor Browser users. It's not to make you blend in with "all browser everywhere".
Yes this is clear. Still
Yes this is clear. Still thought that more Users use Tor.
"But only 2442 browsers out of the 302327 observed browsers (0.81 %) have exactly the same fingerprint as yours."
I guess on websites where I am the only one with TorBrowser it could be even more conspicuous to use TBB.
Wouldn't it be quite ironic
Wouldn't it be quite ironic if the site "amiunique.org" were run by the FBI or the CIA ?
As a honeypot, I can see little that is more attractive to people worrying about their security....
Some months ago if you visit
Some months ago if you visit a webpage and changed the security slider the webpage automatically reload. For some time it doesn't do that. Is this the right way?
Of course, right. If I want
Of course, right. If I want to change the security slider level, I definitely don't want to report it (changed fingerprint) to the current opened tab!
We have a ticket for that:
We have a ticket for that: https://trac.torproject.org/projects/tor/ticket/21153.
Thanks!
Thanks!
I have three
I have three questions/suggestions:
Thanks for those
Thanks for those questions/suggestions:
Re 1) Hm. I can't remember right now that we changed something in that regard. I guess this got introduce with Tor Browser 6.0 when we switched to ESR45? Could you track the version down where that changed (https://archive.torproject.org/tor-package-archive/torbrowser/ has all the old Tor Browser versions)? Without knowing exactly what causes this "new" behavior it is hard to tell whether you are on the safe side.
Re 2) Do you mind filing a bug on https://trac.torproject.org/projects/tor? Ideally with some explanation about what is not needed anymore/needed now so we can fix it (we even accept patches ;) ).
Re 3): Could you elaborate on which options you saw and which single option you are seeing now? Depending on that, yes, it might be possible to just set the options via the Firefox settings menu.
Thanks!
Re 1) As part of
Re 1) As part of https://trac.torproject.org/projects/tor/ticket/11641, we made --no-remote the default and added support for a new (at the time) --allow-remote flag. But note that remoting is still enabled if the browser is started with the -osint flag. That means that it should be safe to leave --no-remote off unless somehow your Tor Browser is being started with the -osint flag (that probably only happens if you make Tor Browser your default browser and start it by clicking an URL in another application such as Thunderbird).
Thank you! Now I also found
Thank you! Now I also found your old explanation of the problem: https://github.com/micahflee/torbrowser-launcher/issues/157#issuecommen…
Thanks for reply! I see
Thanks for reply!
Now we have only network.proxy.socks and network.proxy.socks_port in about:config. I described it in the aforementioned ticket 21326 too.
I hate it. As usual problems
I hate it.
As usual problems with tabgroups after update. Add-on "Tabgruppen" no function. All tabgroups lost!!!
Addons may very well
Addons may very well deanonymise you. That is why The Tor Project doesn't develop the TBB for the stability all other addons (except for the ones that comes with it) in mind.
Heads up, I'm seeing an
Heads up, I'm seeing an increase in circuit retries of the form "We tried for 15 seconds to connect to '[scrubbed]' using exit... at...".
You can set SafeLogging 0 if
You can set SafeLogging 0 if you want to see which destinations are causing the problems.
It could be anything really -- maybe you're trying to go to a website that's down.
Ok, so after a few minutes
Ok, so after a few minutes the notices appeared again, the faulty destination is ocsp.comodoca.com. I looked in the browser console, and sure enough, it reports the getFirstPartyURI failure for the ocsp server, and an invalid security certificate for ocsp.digicert.com.
(Roger, could you remove my previous, and as of yet unpublished comment, I wouldn't want to add noise to the blog. Thanks for the prompt reply.)
Right after the update, as
Right after the update, as no transition scheme was developed, my Medium-High settings landed to Medium with some minor inconsistencies in NoScript:
05:31:12.993 ReferenceError: PolicyState is not defined Main.js:3946:1
The same is with
The same is with Medium-Low.
But no problem, just change the new security slider settings to be sure.
What do you mean with "minor
What do you mean with "minor inconsistencies"? Do they stop NoScript from behaving correctly? Or are "merely" errors showing up in the browser console/terminal?
I didn't test thoroughly,
I didn't test thoroughly, but it looks like NoScript continues to use the settings that were before the update, and it causes "merely" errors showing up in the browser console.
Oh, no, my assumptions were
Oh, no, my assumptions were wrong. Errors in the browser console appear at startup of a new clean installation :(
DDG from about:tor instead
DDG from about:tor instead of search results gave me empty https://duckduckgo.com/ with my request in its search bar and:
06:18:53.521 TypeError: DDG.Pages.SERP is not a constructor
duckduckgo.com:1
duckduckgo.com:1:12
06:18:53.599 ReferenceError: DDH is not defined
nrji() duckduckgo.com:1
d2048.js:61
bL.Callbacks/b6() d2048.js:26
bL.Callbacks/cf.fireWith() d2048.js:26
.ready() d2048.js:15
bZ() d2048.js:15
duckduckgo.com:1:347
06:18:54.782 TypeError: DDG.page is undefined
d.js:1
d.js:1:61
06:18:55.137 TypeError: DDG.duckbar is undefined
t.js:1
t.js:1:1
Is that an ongoing problem?
Is that an ongoing problem? If so, could you tell us more about your setup (operating system, tweaked settings etc.) I can't reproduce your issue currently.
It was right after the
It was right after the update only. Errors seem to be on the DDG side, but there is https://trac.torproject.org/projects/tor/ticket/19910, so I'm not sure. Is there any pref to toggle it for testing?
Reproducible thing is: pasting space from the clipboard and search.
Okay. I think reporting
Okay. I think reporting nothing back if you don't input anything (or if you input things like spaces) is quite acceptable for a search result provider.
Strange. Tor Browser didn't
Strange. Tor Browser didn't auto-update this time. I had to do it manually. Any reason as to why?
Your Tor Browser checks
Your Tor Browser checks every so often to see if there's an update. My guess is that if you'd left it alone for a few hours, it would have noticed and started you on the update path.
(We actually don't want every Tor Browser to update itself at the very same time. Check out the "thundering herd" problem for more details:
https://en.wikipedia.org/wiki/Thundering_herd_problem )
Tools > HTTPS Everywhere
Tools > HTTPS Everywhere >
This sub-menu doesn't open, doesn't do anything.
Could you give us a bit more
Could you give us a bit more information? What operating system are you using? Do you see the HTTPS-Everywhere extension on the about:addons page?
It seems that guy is talking
It seems that guy is talking about https://trac.torproject.org/projects/tor/ticket/18937#comment:9
Looks related:
https://trac.torproject.org/projects/tor/ticket/6276
I'm on Windows 7. The
I'm on Windows 7.
The extension is on the far-right menu button okay, and expands. And now is okay from the Tools menu too, so just a glitch when updating I guess.
I take that back, the menu
I take that back, the menu on the Tools menu is not expanding again now, so clearly something is wrong, an intermittent fault. Yes, it appears in about:addons.
Can you bring back the
Can you bring back the "Custom" warning/field in
Tor Browser Security Settings under the slider ?
Instead of the pane with the
Instead of the pane with the Restore Defaults button? Why? It seems to me having just that tiny checkbox makes it easy to overlook that one is in the custom mode (which is a thing we don't want).
"tiny checkbox makes it easy
"tiny checkbox makes it easy to overlook that one is in the custom mode"
Yes, like in TBB6.0.8. TBB6.5 hasn't.
"Restore Defaults button"
Where? 1 click to set all customs back to default, may conditional on "Security Level" slider.
Has moving "Security Level" slider back,forth the same result?
'"Restore Defaults
'"Restore Defaults button"
Where? 1 click to set all customs back to default, may conditional on "Security Level" slider.'
What do you mean?
If you moved the security slider back/forth on 6.0.8 you got our of the custom mode.
Can you make it working to
Can you make it working to get media links without to heavy javascript?
E.g. custom allow in NoScript, get clickable allow in Noscript for a full media url BUT cannot simple copy this link!
Could you give me an example
Could you give me an example for what should work but does not work right now? I am not sure I understand your feature request/bug report.
I guess he's saying that
I guess he's saying that there should be an option in NoScript to allow extrapolating a video URL to watch directly.
You like to see a media clip
You like to see a media clip the site don't want you can easy download -ugly javascript&no download button, without good reason.
You can temporary allow all this page and hope clip is playing.
You can allow custom [...] and NoScript presenting you a clickable
'allow' with a full URL, e.g. .mp4. But i can't copy this link and need more doing to get this.
nice and helpful
nice and helpful
Thank you! :D
Thank you! :D
Awesome! I love the privacy
Awesome! I love the privacy improvements and especially fixing resource:// leakage. The security slider change is also great, I never able to figure out what medium-low settings is useful for and now without it, fingerprintability is reduced! Thanks again for all the excellent changes. Can't wait for Tor browser to become multi-process and speed up the browsing experience!
More than wonderful Allah
More than wonderful
Allah has made you help us and like us and bless you
What will the browser's
What will the browser's "useragent" for this release be reported as, exact string, please ?
well
well
Comment
Comment regarding:
Changelog:
Tor Browser 6.5 -- January 24 2017
* All Platforms
* Update Firefox to 45.7.0esr
* Tor to 0.2.9.9
----------------------------------------------------------
You are good human beings. Stand tall and receive the vibes and warmth from this one little guy out here on the blustery slopes of ignorance.
Your inclusion of the Changelog is a great gift. Browsing it taught me things about the meaning of life,
You think I am kidding. No.
This is how life should be; can be.
Look at one another around the edges of your cubicles and nod. You have made good choices. Thanks.
Thanks Tor people! :)
Thanks Tor people! :) Hopefully we'll see Selfrando integration in Tor Browser 7 :D
My 'fruit OS' Console.app
My 'fruit OS' Console.app got to enthusiastic generating new mind breaking messages, one of many is this one.
- NaN
['t/i/m/e'] [0x0-0x30030].org.mozilla.tor browser ['number process'] ['t/i/m/e'] ['localhostname/modem name'] firefox ['number process'] : replacing NaN with 0.
More than a hundred times in one minute.
NaN again? Has this anything to do with the SVG security issue?
First it said several times something like , : doClip: empty path.
Another one is about updating addons over an insecure connection?
Does not matter if you disable automatic updates.
- Addons
['t/i/m/e'] [0x0-0x51051].org.mozilla.tor browser['number process'] 1485302776300 addons.productaddons ERROR Request failed certificate checks: [Exception... "SSL is required and URI scheme is not https." nsresult: "0x8000ffff (NS_ERROR_UNEXPECTED)" location: "JS frame :: resource://gre/modules/CertUtils.jsm :: checkCert :: line 145" data: no]
Also this one
['t/i/m/e'] [0x0-0x96096].org.mozilla.tor browser ['number process'] 1484838545725 addons.update-checker WARN HTTP Request failed for an unknown reason
Thanks for looking at it
Not sure what the former is
Not sure what the former is but the latter two are due to TorLauncher and Torbutton not being allowed to ping Mozilla's Add-on server for update checks. Those messages are harmless.
Thanks!
Thanks!
merci pour votre travail
merci pour votre travail
Onion Circuits would be a
Onion Circuits would be a nice feature for TBB.
ServerNames instead of IPs.
TOR BROWSER 6.5 (updated
TOR BROWSER 6.5 (updated today).
From Tor toolbar button | Security Settings there are three options High, Medium and Low.
===================
Medium:
JavaScript is disabled by default on all sites non-HTTPS sites.
On sites where JavaScript is enabled, performance optimizations are disabled. Scripts on some sites may run slower.
===================
Above is OK.
===================
High:
JavaScript is disabled by default on all sites.
On sites where JavaScript is enabled, performance optimizations are disabled. Scripts on some sites may run slower.
===================
This is now confusing, isn't it? If JavaScript is disabled (first sentence), how can it be enabled on some sites. Is this copy/paste problem?
In case you need to allow
In case you need to allow JavaScript on some site but do not want to touch the other settings on level "high" it assures you that other JavaScript features like JIT stay disabled.
awesome work
awesome work
I'm getting a signing key
I'm getting a signing key mismatch that's bugging me. What I should see according to https://www.torproject.org/docs/verifying-signatures.html.en is this:
gpg --fingerprint 0x4E2C6E8793298290
You should see:
pub 4096R/93298290 2014-12-15
Key fingerprint = EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
uid Tor Browser Developers (signing key)
sub 4096R/F65C2036 2014-12-15
sub 4096R/D40814E0 2014-12-15
sub 4096R/C3C07136 2016-08-24
What I see instead is this:
gpg --fingerprint 0x4E2C6E8793298290
pub 4096R/93298290 2014-12-15 [expires: 2020-08-24]
Key fingerprint = EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
uid Tor Browser Developers (signing key)
sub 4096R/F65C2036 2014-12-15 [expires: 2017-08-25]
sub 4096R/D40814E0 2014-12-15 [expires: 2017-08-25]
sub 4096R/C3C07136 2016-08-24 [expires: 2018-08-24]
Trying to upgrade the TBB automagically from the Applications > Internet menu (XFCE on Debian) told me that "signature verification failed" and warned me that I might be under attack; so I downloaded & unpacked the tarball from Tor's site and again there's a mismatch but it looks less frightening. So I'm hesitating to use it 6.5 until checking it out with the pros here.
It looks like the signing key was renewed but the website just hasn't been updated to reflect that, which is trivial, but then there's a (probably very small) chance that I could be "under attack" or that this release is somehow compromised.
Please advise.
I guess the first upgrade
I guess the first upgrade mechanism fails as you are using torbrowser-launcher which does not have the new subkey baked in. Not sure why the one where you download from our website fails. What commands are you using and what is the output you get? What is the sha256 sum of the .tar.xz and the respective .asc?
I'm just cutting & pasting
I'm just cutting & pasting from the Mac OS X and Linux section of https://www.torproject.org/docs/verifying-signatures.html.en, except changing the filenames to reflect my 64-bit system.
sha256sum gets these:
c4714061748a70d3871dd84ff88d2f317b386d290a5c1fb94a504a1c256f1960 tor-browser-linux64-6.5_en-US.tar.xz
d922daa46e3c8aa2d4056579258a1fa4efe553da797102d0a0a8572851218d94 tor-browser-linux64-6.5_en-US.tar.xz.asc
If that's right then I shouldn't have to worry.
The difference is that, unlike what the web pages tells me to look for, I'm seeing expiration dates in brackets:
pub 4096R/93298290 2014-12-15
Key fingerprint = EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
uid Tor Browser Developers (signing key)
sub 4096R/F65C2036 2014-12-15
sub 4096R/D40814E0 2014-12-15
sub 4096R/C3C07136 2016-08-24
becomes
pub 4096R/93298290 2014-12-15 [expires: 2020-08-24]
Key fingerprint = EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
uid Tor Browser Developers (signing key)
sub 4096R/F65C2036 2014-12-15 [expires: 2017-08-25]
sub 4096R/D40814E0 2014-12-15 [expires: 2017-08-25]
sub 4096R/C3C07136 2016-08-24 [expires: 2018-08-24]
Like I said it seems minor but Tor is one thing I feel justified in getting slightly paranoid about. If it's supposed to work this way why not include the expiration dates on what the web page tells us to look for?
What does gpg --verify
What does
say *after* you updated your local key (i.e. fetched the subkey which signed the tar.xz file)?
a [BUG] !? Thanks, Both
a [BUG] !?
Thanks,
Both updates of TBB 6.5a2 & 7.0a1 on my 32bit Desktop, and TBB 6.5a2 & 7.0a1 on my 64bit noteBook: Works fine except for the (Torbutton 1.9.6.12)..addon!
When disable the new TorButton then the icon of [Session Manager addon] will appear!
Any idea Why!?
However, Will try to install older TorButton .xpi from previous TBB version, and feedback you results..
NP: another copy of All this comment will paste into:
https://blog.torproject.org/blog/tor-browser-70a1-released
Disabling Torbutton breaks
Disabling Torbutton breaks your Tor Browser. This is not going to work. Or do you mean your Torbutton extension did not get updated? If so, did it just vanish? What does about:addons show you?
Disabled Torbutton but
Disabled Torbutton but luckily the TBB didn't break..
and the icon of Session Manager appeared..
as described above,
Copied Torbutton xpi from previous releases over the new one, pasted into /extensions folder..
Session Manager icon not appearing..
Copied ALSO tor-launcher xpi from previous releases over the new one, pasted into /extensions folder..
Session Manager icon: finally appeared! sort of lite-weight hack ;)
previous xpi's used from: torbrowser-install-6.0.6_en-US..
Firstly thank you very much
Firstly thank you very much for this new TBB!
But I have a problem after updating to 6.5. When I start TBB the screensize of TBB is every time changed and not the usually screensize of TBB. I do not mean the fullscreen of TBB, just the normal scrennsize of TBB.
What is the usual screensize
What is the usual screensize for you? Which operating system are you using? And what screen size is your browser changed to?
He might "confusingly"
He might "confusingly" updated it to TBB 7.0a1 rather than the 6.5 !!
Better check menu: Help> About :)
I'm think that I'm also
I'm think that I'm also getting this.
Window size is much smaller than normal.
I noticed the changes notes listed some size alterations.
Bug 19459: Size new windows to 1000x1000 or nearest 200x100 (Firefox patch)
Perhaps that is related to this?
This size reduction seems a bit much, is it safe to change the window from it's default size?
How large is your window
How large is your window with the old 6.0.8 and how large is it now with 6.5? (6.0.8 can still be found on: https://dist.torproject.org/torbrowser/)
Just eye balling it but it
Just eye balling it but it appears that the window has gone from taking up 80% - 90% of the screen to maybe 60% or less.
It's pretty bad.
Thanks, yes, I agree. We put
Thanks, yes, I agree. We put fixing this issue on high priority and hope to have a patch ready for the next release. Sorry for the inconvenience. You can follow our efforts in ticket 20905 (https://trac.torproject.org/projects/tor/ticket/20905).
So thanks, seems like a lot
So thanks, seems like a lot of fixes here.
But still, after automatically and then manually upgrading -since first way didn't change anything- , my privacy preferences bug still persists and I cannot change it to "never remember history" .
Am I really the only one with this? Are the tickets on bug tracker even beeing considered anymore?
Before this, it seems that I could use tor browser and every site that only wanted to work with cookies enabled did so without in this fine peace of engineering. But no more, now I have to allow cookies here too for those pages to function, from online banking to fuckbook. Everywhere.
Is that supposed to be this way?
Tor Browser is set to custom
Tor Browser is set to custom prefs instead of "Clear history when Firefox closes", so you cannot switch it to "never remember history".
The changelog did not
The changelog did not contain an entry that fixes your problem. That said, yes, tickets in our bug tracker are considered and we work on them after prioritization. As we have way more tickets than developer capacity and as we encourage help from the community we'd be glad if we would see contributions especially on those tickets that are not our top priority.
That cookie problem seems orthogonal to me as you can easily disable cookies in Firefox' privacy settings.
Nice and helpful
Nice and helpful
good work but for us linux
good work but for us linux users who use WM that auto resizes windows , how to prevent Tor browser from being resized ? very problematic for anonymty purpose .
Could you describe your
Could you describe your scenario a bit more? How did Tor Browser 6.0.8 work for you and 6.5 does not?
6.0.8 does work, this issue
6.0.8 does work, this issue is not specific to 6.5 version
Would it ever be possible to
Would it ever be possible to add a single-click "New Tor Circuit for this Site" button to the toolbar? As it is it's 2 clicks or an awkward key combo, but one click would make life so much easier. Thanks.
The default browser window
The default browser window size for 6.5 appears to be much smaller than the size of the window in the previous release.
Painfully so. >_<
My understanding is adjusting the window size can lead to a less secure TOR browser.
Is there a reason the window has had it's size reduced to this extent?
How large is your window
How large is your window with the old 6.0.8 and how large is it now with 6.5? (6.0.8 can still be found on: https://dist.torproject.org/torbrowser/)
The screensize of TBB 6.0.8
The screensize of TBB 6.0.8 is 1000x600 pixels (inner size) and 6.5 800x600 pixels (inner size)
Thanks. We track the problem
Thanks. We track the problem in https://trac.torproject.org/projects/tor/ticket/20905 and hope to have a fix for it in the next Tor Browser release. Sorry for the inconvenience.
On some sites like
On some sites like en.wikipedia.org or marc.info, the destination of links is not shown at the bottom anymore while hovering over it, but on others like this one it still is. Is this on purpose?
No. Not sure what is going
No. Not sure what is going on but we did not implement a feature that stops showing destination sites when they are hovered over. Can you test with a clean 6.0.8 whether that is happening there as well (6.0.8 can still be found on: https://dist.torproject.org/torbrowser/)?
I did some tests with a
I did some tests with a fresh 6.0.8 and 6.5. Those are fine. So must be a problem with my install. Thanks for your help.
nice so goods
nice so goods
360 total security flags
360 total security flags both 6.5 and 7.0 Tor as a trojan!
is this normal? false positive?
Can you give us the SHA256
Can you give us the SHA256 hash of both of your downloads?
Verify the download and
Verify the download and signature with GPG. That's what the signatures are there for.
Bug 20471: Allow javascript:
Bug 20471: Allow javascript: links from HTTPS first party pages
doesn't work
https://addons.mozilla.org/en-US/firefox/addon/no-resource-uri-leak/#de…
Could you be a bit more
Could you be a bit more explicit about how bug 20741 relates to the comments on the no-resource-uri-leak extension page?
Arrow to expand/collapse
Arrow to expand/collapse "developer-comments" doesn't work on Medium settings.
How can I reproduce that? I
How can I reproduce that? I switched to "Medium" and loaded the link above in a new tab. Expanding/collapsing the comments via the arrow works for me on two different Linux systems both with 6.5 and the alphas.
*^#^&$%^@#!!!!!!!!!!!!!!!!! R
*^#^&$%^@#!!!!!!!!!!!!!!!!!
Random bugs or recent HTTPSE update!
Now everything works fine.
But before: arrows were not clickable and "the destination of links is not shown at the bottom anymore while hovering over it" as one user mentioned.
Thanks for your work to make
Thanks for your work to make Tor Browser better!
Thanks ! :)
Thanks ! :)
thank's tor legend e
thank's tor legend e
Unfortunately, new version
Unfortunately, new version has a serious performance regression of ~50-100% from previous stable (and 6.5a3 too) while playing video on YouTube (off-screen, no network activity (cached), no other processing).
How are you measuring this
How are you measuring this and how can I reproduce your findings?
Add-ons have no effect. It
Add-ons have no effect.
It turns out that Mozilla switched to FFmpeg and made other improvements, so everything will change in ESR52. Let's hope Mozilla will test Firefox with/without your uplifts on Talos.
26-01-2017, 12:28:02.300
26-01-2017, 12:28:02.300 [WARN] Proxy Client: unable to connect to 83.212.101.3:443 ("general SOCKS server failure")
The port is down again
There is a margin at the
There is a margin at the bottom of the page after updating.
I'm using windows 10.
Does that one go away after
Does that one go away after doing a New Identity or restarting the browser?
No, it still 1000x800.
No, it still 1000x800.
On Win 10 regression to
On Win 10 regression to 800x600 from 1000x600 on 1024x768.
My window size suddenly
My window size suddenly became 1000x500, even when I close the browser, or when I choose "New Identity"
Is this normal?
Ubuntu 16.10 64bits -- upgraded from Tor Browser 6.0.8
That might be
That might be https://trac.torproject.org/projects/tor/ticket/20905. Which window size did you have before? (i.e. with the 6.0.x series)
The normal 1000x600.
The normal 1000x600.
This is not a resize issue.
This is not a resize issue. The open application indicator (white dots on the left) show for Firefox but not for Tor browser even though the application is open.
If I open Tor browser only,
If I open Tor browser only, Ubuntu 16.04 LTS will show Firefox as open but not the Torbrowser.
thanks !!!
thanks !!!
You know this text from a
You know this text from a security guy about tor? What you think?
https://medium.com/@thegrugq/tor-and-its-discontents-ef5164845908
"In many ways Tor can be riskier than a VPN"
He's ranting about Mozilla
He's ranting about Mozilla Firefox not being the most secure browser, and about using vanilla Tor being risky for people in repressive regimes. Nothing about Tor itself. If he's a "security guy" then why doesn't he push pull request that ameliorate Firefox' so-called lack of security?
The Grugq is famous for
The Grugq is famous for being an expert in OPSEC. One thing he hates is when people use something like Tor but do not understand how to stay safe, and think that Tor alone is all they need to stay safe. If people think that using Tor is a magic bullet, then people will be unpleasantly surprised when a Firefox exploit by an advanced adversary breaks into their computer. You need proper OPSEC, his area of expertise, in combination with an anonymity network in order to be safe.
it is the best N #1 easy to
it is the best N #1 easy to use all restriction sites so i appreciate!!!!! 4 ur creativity
I have the torbrowser for
I have the torbrowser for the Mac
sha256 d79e18d691a407c9cc06ec508701bff2283d73b65d4321e254763b17d0a13a09
TorBrowser-6.0.5-osx64_en-US.dmg
When i perform a search through google.com for queen street, strangely it finds the queen street located to my location Canada, Ontario ISP Execulink.ca instead of the location the browser is connected. This appears to be a security issue.
I was connected to TOR circuit
OBFS4(united states)
Germany 5.9.12.29
France 62.210.69.79
27-01-2017, 17:48:34.300
27-01-2017, 17:48:34.300 [WARN] Proxy Client: unable to connect to 83.212.101.3:443 ("general SOCKS server failure")
83.212.101.3 is not responding again
v 6.5 comes up as a trojan.
v 6.5 comes up as a trojan. is this the right sha?
serial
0c 31 0a 0c 32 ce a7 fe 5d 6e 11 2d 52 e6 b6 ee
30 82 01 0a 02 82 01 01 00 c2 01 af 62 37 03 7a 70 db 5c 06 cb 1f 55 5d 3a e4 7d 17 4a 2e 48 3b 91 ea ae 45 c4 f1 dd 07 3c dc 4d 8c eb bc 34 2e 87 45 8b b3 9d b2 91 c8 cd 13 6d 3d a9 ad 1b 27 7f 61 42 e9 6b b0 2d 87 0f bf 07 9e 22 a6 ef 58 ff 38 44 0f 4a 3b 9c 44 ab eb 74 ea 3b 9b 0c 41 df e2 97 6d 91 82 5e cd 89 5b 6e 11 ea 8e dd b2 51 11 cf 80 c8 b3 db 7c 38 0f 79 c7 da ca 1b 83 1c 7d 96 e7 61 2d 24 c0 29 a6 7e f9 55 04 a3 b8 06 76 61 6b cf 58 19 81 97 d4 6c 97 b5 82 87 c4 59 a9 7e ef 88 ab 27 d1 29 36 d7 06 d0 7e 68 9d fa b9 a4 de 97 73 45 37 43 9c 07 ac 10 ad d1 30 7d 74 83 23 d5 87 2e 75 0f 29 21 17 87 f5 26 b5 0b 4f 1b f3 fd 47 c0 90 f8 01 aa ca e1 67 b4 56 a0 15 05 ac 6a 74 34 00 57 1c 9a 47 6a 99 12 d0 36 e4 53 39 12 17 49 48 66 eb 17 35 c7 55 ec f9 3c b4 20 a1 6e e0 50 56 89 02 03 01 00 01
thumbprint
c2 7e ac 1b 26 34 65 cd d7 36 30 d9 4b 0b 92 e6 74 f0 15 01
Those do not look like any
Those do not look like any kind of SHA hashes. Is that some kind of certificate output?
virustotal.com says tor 7.0
virustotal.com says tor 7.0 is clean, but 360 total security says its a trojan.
File identification
MD5 9a2d0dac7271f1b53e29a2ecf8ff02db
SHA1 2aee4b0d896698fa0619563f20beaf5a296fbf6e
SHA256 6afb207658fa52eafc1cf76c5f5e68abaca6757d9749c1c8e8ef05efcecb45bd
ssdeep786432:02ui80q4nti2wKRRMAEzps42244dPYlp4TUEK9MEX60vEB2QvqTtjqiJOX:QirqazwK8AlSPWp4TUEdJ0sB2QvMkiJu
authentihash 5d5f2c48133083f1942975127aa07fb0deb16e6ca0a1874a622bce446791cba6
imphash 187b3ae62ff818788b8c779ef7bc3d1c
File size 48.4 MB ( 50765080 bytes )
File type Win32 EXE
Magic literalPE32 executable for MS Windows (GUI) Intel 80386 32-bit
TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Here is my 360 total securiy
Here is my 360 total securiy log showing it flagged both tor 7.0 and 6.5 as viruses: (during the download)
I ran the files through 360 security individually and they passed today.
2017-01-26 02:22:39 C:\Users\login\Downloads\torbrowser-install-6.5_en-US.exe Virus Mozilla
2017-01-26 02:22:23 C:\Users\login\Downloads\torbrowser-install-7.0a1_en-US.exe Virus Mozilla
2017-01-24 22:34:10 C:\Users\a\Downloads\mb3-setup-consumer-3.0.5.1299.exe:Zone.Identifier Safe Opera
2017-01-24 21:55:16 C:\Users\a\Downloads\OperaNeonSetup.exe:Zone.Identifier Safe Opera
2017-01-24 21:55:15 C:\Users\a\Downloads\CAE5.tmp Safe Opera
2017-01-24 21:53:09 C:\Users\a\Downloads\Opera_Developer_44.0.2475.0_Setup_x64.exe:Zone.Identifier Safe Opera
2017-01-24 21:21:18 C:\Users\a\Downloads\B6A5.tmp Safe Opera
2017-01-24 21:19:56 C:\Users\a\Downloads\6F7C.tmp Virus Opera
2017-01-24 21:19:49 C:\Users\a\Downloads\Opera_Developer_44.0.2475.0_Setup.exe:Zone.Identifier Safe Opera
2017-01-24 21:18:34 C:\Users\a\Downloads\2BAD.tmp Virus Opera
2017-01-24 21:10:46 C:\Users\a\Downloads\SpybotAntiBeacon-1.6-setup.exe Unknown Mozilla
2017-01-12 15:40:34 C:\Users\login\Downloads\AA0C.tmp Safe Opera
2017-01-12 15:40:32 C:\Users\login\Downloads\A3A2.tmp Safe Opera
2017-01-10 19:29:10 C:\Users\login\Downloads\2E01.tmp Safe Opera
2017-01-10 19:28:07 C:\Users\login\Downloads\3751.tmp Safe Opera
2017-01-10 19:27:39 C:\Users\login\Downloads\C083.tmp Safe Opera
2017-01-06 19:52:39 C:\Users\login\Downloads\Jan Hammer - Crockett's Theme (Audio Mill Remix).mp4:Zone.Identifier Safe Opera
2017-01-05 20:19:51 C:\Users\login\Downloads\E153.tmp Safe Opera
2017-01-04 19:32:41 C:\Users\login\Downloads\6085.tmp Safe Opera
2017-01-04 19:32:25 C:\Users\login\Downloads\209C.tmp Safe Opera
2017-01-04 19:32:04 C:\Users\login\Downloads\CEBF.tmp Safe Opera
2017-01-02 14:56:28 C:\Users\login\Downloads\BAA0.tmp Safe Opera
2017-01-02 14:52:03 C:\Users\login\Downloads\ACCE.tmp Safe Opera
2017-01-02 14:48:31 C:\Users\login\Downloads\66D2.tmp Safe Opera
2017-01-02 14:44:39 C:\Users\login\Downloads\E0BF.tmp Safe Opera
2017-01-02 14:44:30 C:\Users\login\Downloads\C324.tmp Safe Opera
2017-01-02 14:43:34 C:\Users\login\Downloads\E3F9.tmp Safe Opera
2016-12-29 20:36:21 C:\Users\login\Downloads\7B8D.tmp Safe Opera
2016-12-29 19:02:05 C:\Users\login\Downloads\2898.tmp Safe Opera
2016-12-20 17:20:39 C:\Users\login\Downloads\24oct16\526816_4209793527940_1453686951_n.jpg:Zone.Identifier Safe Opera
2016-12-20 17:20:32 C:\Users\login\Downloads\9140.tmp Safe Opera
2016-12-20 13:51:09 C:\Users\login\Downloads\File0001.PDF:Zone.Identifier Safe Opera
2016-12-20 11:37:27 C:\Users\login\Downloads\Opera_Developer_43.0.2431.0_Setup(1).exe Safe Mozilla
2016-12-19 21:55:32 C:\Users\login\Downloads\24oct16\Bikini11.jpg:Zone.Identifier Safe Opera
2016-12-19 21:55:31 C:\Users\login\Downloads\F53E.tmp Safe Opera
2016-12-19 21:55:22 C:\Users\login\Downloads\24oct16\Bikini10 (1).jpg:Zone.Identifier Safe Opera
2016-12-19 21:55:17 C:\Users\login\Downloads\C179.tmp Safe Opera
2016-12-19 21:55:13 C:\Users\login\Downloads\24oct16\Bikini9 (1).jpg:Zone.Identifier Safe Opera
2016-12-19 21:55:12 C:\Users\login\Downloads\AB10.tmp Safe Opera
2016-12-19 21:55:02 C:\Users\login\Downloads\24oct16\Bikini7.jpg:Zone.Identifier Safe Opera
2016-12-19 21:55:00 C:\Users\login\Downloads\7E7F.tmp Safe Opera
2016-12-19 21:54:55 C:\Users\login\Downloads\24oct16\Bikini6.jpg:Zone.Identifier Safe Opera
2016-12-19 21:54:54 C:\Users\login\Downloads\6537.tmp Safe Opera
2016-12-19 21:54:44 C:\Users\login\Downloads\24oct16\Biks12.jpg:Zone.Identifier Safe Opera
2016-12-19 21:54:43 C:\Users\login\Downloads\3C21.tmp Safe Opera
2016-12-19 21:54:35 C:\Users\login\Downloads\24oct16\Biks22 (1).jpg:Zone.Identifier Safe Opera
2016-12-19 21:54:34 C:\Users\login\Downloads\17FC.tmp Safe Opera
2016-12-19 21:54:21 C:\Users\login\Downloads\24oct16\Biks22.jpg:Zone.Identifier Safe Opera
2016-12-19 21:54:20 C:\Users\login\Downloads\E08E.tmp Safe Opera
2016-12-19 21:54:15 C:\Users\login\Downloads\24oct16\Biks17.jpg:Zone.Identifier Safe Opera
2016-12-19 21:54:14 C:\Users\login\Downloads\C91C.tmp Safe Opera
2016-12-19 21:54:00 C:\Users\login\Downloads\24oct16\Bikini5.jpg:Zone.Identifier Safe Opera
2016-12-19 21:53:59 C:\Users\login\Downloads\8D57.tmp Safe Opera
2016-12-19 21:53:48 C:\Users\login\Downloads\24oct16\Bikini4.jpg:Zone.Identifier Safe Opera
2016-12-19 21:53:47 C:\Users\login\Downloads\5EF1.tmp Safe Opera
2016-12-19 21:53:41 C:\Users\login\Downloads\24oct16\Bikini3.jpg:Zone.Identifier Safe Opera
2016-12-19 21:53:40 C:\Users\login\Downloads\4695.tmp Safe Opera
2016-12-19 21:53:35 C:\Users\login\Downloads\24oct16\Bikini2.jpeg:Zone.Identifier Safe Opera
2016-12-19 21:53:34 C:\Users\login\Downloads\2DCB.tmp Safe Opera
2016-12-19 21:53:01 C:\Users\login\Downloads\24oct16\Biks7.png:Zone.Identifier Safe Opera
2016-12-19 21:52:59 C:\Users\login\Downloads\A683.tmp Safe Opera
2016-12-19 21:52:43 C:\Users\login\Downloads\24oct16\Biks13.jpg:Zone.Identifier Safe Opera
2016-12-19 21:52:42 C:\Users\login\Downloads\60CC.tmp Safe Opera
2016-12-19 21:52:34 C:\Users\login\Downloads\24oct16\Biks14.jpg:Zone.Identifier Safe Opera
2016-12-19 21:52:32 C:\Users\login\Downloads\3CA7.tmp Safe Opera
2016-12-19 21:52:08 C:\Users\login\Downloads\24oct16\Biks18.jpg:Zone.Identifier Safe Opera
2016-12-19 21:52:07 C:\Users\login\Downloads\D760.tmp Safe Opera
2016-12-19 21:51:55 C:\Users\login\Downloads\24oct16\Biks19.jpg:Zone.Identifier Safe Opera
2016-12-19 21:51:54 C:\Users\login\Downloads\A7B2.tmp Safe Opera
2016-12-19 21:51:40 C:\Users\login\Downloads\24oct16\Biks23.jpg:Zone.Identifier Safe Opera
2016-12-19 21:51:39 C:\Users\login\Downloads\6B62.tmp Safe Opera
2016-12-19 21:51:30 C:\Users\login\Downloads\24oct16\Biks24.jpg:Zone.Identifier Safe Opera
2016-12-19 21:51:28 C:\Users\login\Downloads\425B.tmp Safe Opera
2016-12-19 21:51:22 C:\Users\login\Downloads\24oct16\Bikini26.jpg:Zone.Identifier Safe Opera
2016-12-19 21:51:21 C:\Users\login\Downloads\2598.tmp Safe Opera
2016-12-19 21:51:13 C:\Users\login\Downloads\24oct16\Bikini25.jpg:Zone.Identifier Safe Opera
2016-12-19 21:51:12 C:\Users\login\Downloads\1B3.tmp Safe Opera
2016-12-19 21:48:10 C:\Users\login\Downloads\24oct16\Biks20.jpg:Zone.Identifier Safe Opera
2016-12-19 21:48:09 C:\Users\login\Downloads\371F.tmp Safe Opera
2016-12-19 21:47:53 C:\Users\login\Downloads\24oct16\Biks15.jpg:Zone.Identifier Safe Opera
2016-12-19 21:47:52 C:\Users\login\Downloads\F59D.tmp Safe Opera
2016-12-19 21:46:56 C:\Users\login\Downloads\24oct16\Bikini10.jpg:Zone.Identifier Safe Opera
2016-12-19 21:46:55 C:\Users\login\Downloads\1584.tmp Safe Opera
2016-12-19 21:46:43 C:\Users\login\Downloads\24oct16\Bikini9.jpg:Zone.Identifier Safe Opera
2016-12-19 21:46:35 C:\Users\login\Downloads\C6F2.tmp Safe Opera
2016-12-19 18:08:21 C:\Users\login\Downloads\Opera_Developer_43.0.2431.0_Setup.exe Safe Mozilla
2016-12-11 00:01:04 C:\Users\a\Downloads\Opera_Developer_43.0.2431.0_Setup.exe Safe Mozilla
2016-12-10 22:39:39 C:\Users\login\Downloads\frb_q32005.pdf:Zone.Identifier Safe Opera
2016-12-10 21:32:36 C:\Users\login\Downloads\5864.tmp Safe Opera
2016-12-10 21:01:22 C:\Users\login\Downloads\EAZY-E Real Muthaphuckkin G's - HD DIRECTOR'S CUT - Explicit.mp4:Zone.Identifier Safe Opera
2016-12-02 22:03:53 C:\Users\login\Downloads\Copy of Client List SD 29nov.xlsx:Zone.Identifier Safe Opera
2016-11-26 15:10:32 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY34.jpg:Zone.Identifier Safe Opera
2016-11-26 15:10:30 C:\Users\login\Downloads\AA4F.tmp Safe Opera
2016-11-26 15:10:11 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY33.jpg:Zone.Identifier Safe Opera
2016-11-26 15:10:09 C:\Users\login\Downloads\55F2.tmp Safe Opera
2016-11-26 15:09:52 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY31.jpg:Zone.Identifier Safe Opera
2016-11-26 15:09:51 C:\Users\login\Downloads\F70.tmp Safe Opera
2016-11-26 15:09:33 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY30.jpg:Zone.Identifier Safe Opera
2016-11-26 15:09:31 C:\Users\login\Downloads\C311.tmp Safe Opera
2016-11-26 15:09:15 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY29.jpg:Zone.Identifier Safe Opera
2016-11-26 15:09:14 C:\Users\login\Downloads\7F9A.tmp Safe Opera
2016-11-26 15:09:00 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY28.jpg:Zone.Identifier Safe Opera
2016-11-26 15:08:59 C:\Users\login\Downloads\44A2.tmp Safe Opera
2016-11-26 15:08:37 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY26.jpg:Zone.Identifier Safe Opera
2016-11-26 15:08:35 C:\Users\login\Downloads\E97C.tmp Safe Opera
2016-11-26 15:01:21 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY25.jpg:Zone.Identifier Safe Opera
2016-11-26 15:01:20 C:\Users\login\Downloads\429B.tmp Safe Opera
2016-11-26 14:22:11 C:\Users\login\Downloads\la veta.pdf:Zone.Identifier Safe Opera
2016-11-26 14:19:31 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY21.jpg:Zone.Identifier Safe Opera
2016-11-26 14:19:30 C:\Users\login\Downloads\F685.tmp Safe Opera
2016-11-26 14:19:07 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY19.jpg:Zone.Identifier Safe Opera
2016-11-26 14:19:05 C:\Users\login\Downloads\970B.tmp Safe Opera
2016-11-26 14:18:53 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY18.jpg:Zone.Identifier Safe Opera
2016-11-26 14:18:51 C:\Users\login\Downloads\5E45.tmp Safe Opera
2016-11-26 14:18:13 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY17.jpg:Zone.Identifier Safe Opera
2016-11-26 14:18:11 C:\Users\login\Downloads\C413.tmp Safe Opera
2016-11-26 14:17:45 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY15.jpg:Zone.Identifier Safe Opera
2016-11-26 14:17:44 C:\Users\login\Downloads\58CF.tmp Safe Opera
2016-11-26 14:17:18 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY13.png:Zone.Identifier Safe Opera
2016-11-26 14:17:17 C:\Users\login\Downloads\EDEA.tmp Safe Opera
2016-11-26 14:17:01 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY12.jpg:Zone.Identifier Safe Opera
2016-11-26 14:16:59 C:\Users\login\Downloads\AA35.tmp Safe Opera
2016-11-26 14:16:38 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY11.jpg:Zone.Identifier Safe Opera
2016-11-26 14:16:36 C:\Users\login\Downloads\4FEC.tmp Safe Opera
2016-11-26 14:16:25 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY10.jpg:Zone.Identifier Safe Opera
2016-11-26 14:16:23 C:\Users\login\Downloads\1C07.tmp Safe Opera
2016-11-26 14:15:44 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY9.jpg:Zone.Identifier Safe Opera
2016-11-26 14:15:42 C:\Users\login\Downloads\7B3B.tmp Safe Opera
2016-11-26 14:15:18 C:\Users\login\Downloads\24oct16\042416_1610_TheHottestY8.jpg:Zone.Identifier Safe Opera
2016-11-26 14:09:42 C:\Users\login\Downloads\24oct16\042416_1610.jpg:Zone.Identifier Safe Opera
2016-11-26 14:09:28 C:\Users\login\Downloads\C632.tmp Safe Opera
2016-11-24 11:56:52 C:\Users\login\Downloads\128E.tmp Safe Opera
2016-11-24 10:42:41 C:\Users\login\Downloads\23A3.tmp Safe Opera
2016-11-19 19:22:51 C:\Users\login\Downloads\A123.tmp Safe Opera
2016-11-19 12:39:22 C:\Users\login\Downloads\007-12-the-rongorongo-tablets-261073.jpg:Zone.Identifier Safe Opera
2016-11-19 12:39:20 C:\Users\login\Downloads\2C28.tmp Safe Opera
2016-11-19 12:39:03 C:\Users\login\Downloads\006-13-ulfberht-viking-swords-261069.jpg:Zone.Identifier Safe Opera
2016-11-19 12:39:02 C:\Users\login\Downloads\E3A2.tmp Safe Opera
2016-11-19 12:37:50 C:\Users\login\Downloads\004-15-the-quimbaya-airplanes-261063.jpg:Zone.Identifier Safe Opera
2016-11-19 12:37:48 C:\Users\login\Downloads\C5DD.tmp Safe Opera
2016-11-19 12:36:58 C:\Users\login\Downloads\002-17-the-winnipesaukee-mystery-stone-9e2502e5fb555789d7a48abe2736e9e1.jpg:Zone.Identifier Safe Opera
2016-11-19 12:36:54 C:\Users\login\Downloads\F2C4.tmp Safe Opera
2016-11-12 16:40:31 C:\Users\login\Downloads\4500057480.pdf Safe Mozilla
2016-11-12 11:48:46 C:\Users\login\Downloads\Copy of Client List SD 9nov.xlsx Safe Mozilla
2016-10-29 13:57:49 C:\Users\login\Desktop\Opera_Developer_42.0.2392.0_Setup.exe Safe Spartan browser
2016-10-29 13:56:29 C:\Users\login\Desktop\OperaSetupDeveloper.exe Virus Spartan browser
2016-10-26 20:20:52 C:\Users\login\Downloads\24oct16\742 Paradise Road Nat City 91950.pdf Safe Mozilla
2016-10-25 19:56:24 C:\Users\login\Downloads\24oct16\4690 51st st sd 92115.pdf Safe Mozilla
2016-10-25 19:28:42 C:\Users\login\Downloads\24oct16\Copy of Client List SD 23oct.xlsx Safe Mozilla
2016-10-25 00:02:02 C:\Users\login\Downloads\24oct16\1658 sagewood way san marcos ca 92078.pdf Safe Mozilla
2016-10-24 23:58:40 C:\Users\login\Downloads\24oct16\800 n mollison#5 el cajon 92021.pdf Safe Mozilla
2016-10-24 23:48:32 C:\Users\login\Downloads\24oct16\1908 la corta st lemon grove 91945.pdf Safe Mozilla
2016-10-24 23:48:01 C:\Users\login\Downloads\24oct16\3864 shiloh rd sd 92105.pdf Safe Mozilla
2016-10-24 23:39:11 C:\Users\login\Downloads\24oct16\13794 fontanelle pl sd 92128.pdf Safe Mozilla
2016-10-24 23:35:08 C:\Users\login\Downloads\24oct16\1130 hackamore rd vista 92083.pdf Safe Mozilla
2016-10-24 23:31:20 C:\Users\login\Downloads\24oct16\1455 canoe creek way chula vista 91915.pdf Safe Mozilla
2016-10-24 23:27:52 C:\Users\login\Downloads\24oct16\1435 india st#415 san diego 92101.pdf Safe Mozilla
2016-10-24 23:24:41 C:\Users\login\Downloads\24oct16\4970 dalehaven pl san diego 92105.pdf Safe Mozilla
2016-10-24 23:17:57 C:\Users\login\Downloads\24oct16\3233-3235 40th st san diego 92105.pdf Safe Mozilla
2016-10-24 23:13:19 C:\Users\login\Downloads\24oct16\2827weepingwillow chula vista.pdf Safe Mozilla
2016-10-22 15:44:00 C:\Users\login\Downloads\09-O-13575.pdf Safe Mozilla
2016-10-22 15:43:54 C:\Users\login\Downloads\13-O-10125-2.pdf Safe Mozilla
Bugs? Tor browser on Windows
Bugs?
Tor browser on Windows ...
I see a number of problems/bugs with addons here & in browser after update ... while you make it clear that extra addons break privacy and security. That's why you have a security slider & most realize this when using extra addons. Also on lowest security setting supposedly ALL browser features are enabled .. not so! Maybe you should include a 4th setting for those who use extra addons ... with the knowledge that they break further security/privacy. It is the RIGHT of the knowledgeable user to do so.
1 = Session Manager icons & listings in Tools menu disappear after update. BIG PROBLEM as session manager still works in background and leaks info more than ever. Similar/same goes for most tab tools.
PLEASE DO NOT BREAK Session Manager or Tab Mix as many use them to hide their activities by;
a= having many different session profiles with large number of tabs to confuse trackers/spies.
b= this also overloads their metadata and packet sniffing apps.
c= creates massive data to sort through, if possible at all, and fills/overloads their HDs
d= plays hell on tracking/spying Tor nodes & very quickly kicks tracking nodes
FYI , in previous versions of Tor Browser , session manager would generate 100's to 1000's of tabs per actual tab saved on save command or browser close. This helped in preventing spies ... although it almost killed loading of browser and overloaded boxes with less than 8GB of physical memory and quad-core box.
WE NEED TO SEE THESE ICONS & MENUS IN BROWSER AND CUSTOMIZE BROWSER
2 = NoScript ... similar to above. When one chooses to see different menu items/settings in NoScript we want them to be seen when hovered over. This facilitates quick changes in profile .. which plays havoc for spying sites and spies when globally activated/changed, especially google, adobe, akamai, and many others. Having open settings at coffee shops and internet cafe's to login/start and tighten settings thereafter is a necessity, not just a want.
BTW; only way to be half-ass secure these days with a windows box is to use one or more NAT routers, connected to secure login ISP , then VPN [up to 3] , and Tor browser to boot.
OR ... Tor boot/live CD/DVD , through VPN/s , then internet .. your settings saved on disposable mem stick / flash drive, if any.
We did not break anything on
We did not break anything on purpose and did not run into the issues you describe. The first thing that would help us looking at your problem would be steps to reproduce them. For instance, if you take a clean, new Tor Browser 6.0.8 and install Session Manager and update afterwards to 6.5 do you still get your broken experience. Likewise it is not clear what menu items/settings you are talking about in the NoScript case. Could you give us steps for that problem, too?
@ gk, You're kidding about,
@ gk,
You're kidding about, "did not run into the issues you describe" .. right?
Look at "On January 25th, 2017 Anonymous said: a [BUG] !? ..." on this blog page. So, obviously, i'm not the only one.
Then take a look at Firefox previous versions and problems with Session Manager and other plugins. And we have an inferior Tor browser version based on Firefox 45.7 while latest Firefox is ver. 51.
That's a lot of bugs and security updates to catch up on.
Now that we know Torbutton breaks Session Manager and other plugins let's see what 1 week of pissin around gave me & many others:
1. we find Tor breaks / deletes MANY other plugins as well; classic theme restorer, zoom image, remove it permanently, video download helper, gtranslate, among LOADS of others. .. about 1/3 of plugins from Mozilla website.
2. Firefox has fixed these bugs / problems in recent versions .. why hasn't Tor?
3. whatever was done in last Tor update causes browser to remove/disable/break even "customize browser" page so it doesn't function after uninstalling non-functioning plugins.
4. updating Firefox fixes these bugs for Firefox.
5. started with Tor ver 3 to present and in every update of Tor there's something that goes wrong or some part of browser is disabled/broken/deleted.
6. used fully patched boxes with versions of XP, vista, win7, .. to win10.. same probs with Tor for every box upon update of Tor to next ver.
And you can't reproduce these problems? HA
Try it: install early ver of Tor on clean and patched box, install plugins mentioned, add 250+ unique pages and types of pages to create sessions, visit pages, bounce between saved sessions, update Tor to next ver, ... repeat.
7. You expect users to wipe out 3 months to YEARS of settings with every update just because you can't get Tor to stop breaking/deleting plugins and other parts?
What I meant was we did not
What I meant was we did not run into issues while testing the new versions before releasing. And the problem with broken extensions has been in the alpha releases for weeks and months and nobody did run into it either. We have https://trac.torproject.org/projects/tor/ticket/21396 for breaking other extensions.
FWIW: Firefox has not fixed the underlying problem. Not in the current Firefox releases and not in their nightlies. And it does not look like this will going to happen anytime soon either.
@gk "nobody"? Wrong! Loads
@gk
"nobody"? Wrong! Loads of ppl have same probs just that they have very hard time finding place for support or to complain. It's only by chance that i found this blog after yrs of looking.
Reporting bugs fails 90% of the time via bug reports.
1. Thanks for ticket reference :)
2. Testing firefox in same manner as i mentioned above we find Firefox extensions are fixed/repaired after next to second next ver. Usually uninstalling and reinstalling the extension works on new version or update. Unless of coarse plugin/extension has been discontinued/blocked by Firefox in their add-ons pages. Then copying data, settings etc. to new ver. works most of the time.
3. with Tor browser 1 needs to start with fresh copy and hopefully recover data, settings, etc. from previous install/s and/or settings to gain only parts thereof. Most of the time they are lost and never to be found again. This is TOTALLY UNACCEPTABLE. No if's or butt's about it .. this is due to Tor update/install of new version/s of Tor.
4. You can test "new versions before releasing" all you want but unless you have done as i said above, you will not see what i'm talking about.
5. after all this, i'll go as far as ... don't try to defer to users or Firefox as the problem when i clearly proved it's Tor update/s and/or installs, and after extensive testing on numerous boxes and Windows OS's.
6. Furthermore, i'm told this problem breaks security and allows spies to gain access to users boxes and data, as partially mentioned in your ticket reference. This should not happen when user doesn't tell extension/plugin to call home.
7. So, no more excuses! Figure out how to fix this as it's a specific Tor problem. Just to be specific, this means, how does one fix this problem without installing new copy of Tor and loosing all data and settings? Another words ... how does one fix it on existing Tor update?
THANKS for the
THANKS for the improvements...btw - where is window size listed?
There is no place where the
There is no place where the window size is listed. It gets calculated depending on your screen resolution and should be a multiple of 200px for the width and 100px for the height.
Nice!
Nice!
Wonderful
Wonderful
The search bar "disconnect"
The search bar "disconnect" defaults to duckduckgo and should be removed
Disconnect should not be the
Disconnect should not be the default anymore with a new 6.5. Are you sure this is happening with a clean, new version? Any why should it be removed?
with the Mac version sha256:
with the Mac version sha256: 3496a928aba9c0504f7c143a6c4d4fcd859cfbd818d6ce3fbb1538fe8d225bf5
Disconnect is not the default but is still present in the search configuration. If you use disconnect it defaults to duckduckgo making it useless.
Ah, I see. I filed
Ah, I see. I filed https://trac.torproject.org/projects/tor/ticket/21363 for that, thanks.
can obfs4 bridges bypass
can obfs4 bridges bypass china firewall and turkey, iran's block? I know some bridges may not work in those countrys.
Thanks for all the efforts
Thanks for all the efforts folks!
I really hoped this release was going to add a the ability to password protect the Tor executable (same pw decrypting Tor setup files & bookmark would be a bonus). I recall this possibility being discussed several releases back. Some of the arguments against were 'creates a false sense of security', 'other means to same end' etc, but I thought it was still on the drawing board. Please advise if it is or is not, or shoot, if it's already been implemented and I haven't noticed it.
As it is now, using Windows I can lock a session, but at my work we cannot lock screens b/c it's common to hop on a coworker's system when they aren't around. This means I must either boot into Tails or store my main bookmarks & key files on a USB just in case someone does decide to open Tor. I'm looking for a better more permanent solution for this. Please advise if it's on the drawing board & I'll sit back & keep waiting for it. thanks again
*previous comment should be
*previous comment should be from 'bs' - thanks
Everytime I go to addons and
Everytime I go to addons and click "addon search" or "details" in addons then Tor Browser doesn't work and close it with such a error message. Win7, German, 32bit.
What do you mean with
What do you mean with "doesn't work and close it with such a error message"?
Thanks for the great release!
Thanks for the great release!
I can NOT get any of the new
I can NOT get any of the new versions to work.
I’ve been using 6.5a5 since it was released and it works fine.
Today I installed 6.5 several times and it just won’t connect.
"Something Went Wrong!
Tor is not working in this browser."
Onion icon shows "Tor disabled" and pages won’t load - "unable to find the proxy server"
I don’t have a proxy server configured right now!
Downloaded and installed several times, sometimes it says "Tor Launcher could not connect to Tor control port."
And v7.0a1 is the same.
Reinstalling 6.5a5 makes it functional again. WTF?!
Wouldn’t you know it -
Wouldn’t you know it - right after posting my comment I deleted and replaced the TorBrowser-Data folder AGAIN.
At first I got a big error window. Then I deleted the Updates folder within, and all the files in the Tor folder.
I had already done that many times, so I don’t know why Tor launched this time but it did (version 7.0a1).
I notice that inside the updates.xml file there’s no mention of version 7.0a1 or Firefox 45.7.0. The last updates listed are Tor 6.5a6 and Firefox 45.6.0.
Just successfully launched it again, so who knows what caused the problem.
- Firefox 24 ESR works on
- Firefox 24 ESR works on KDE 4
- Firefox 45 ESR (i.e. TBB 6.5) works on KDE 4
- Firefox 51 (no e10s) does not work on KDE 4
Not like I need Firefox 51 for KDE though, but Firefox 52 ESR is creeping up soon, so are there any plans for the next Tor Browser based on that version to work on KDE 4? :nervous:
Not sure. I guess the first
Not sure. I guess the first task would be to find out why it is not working anymore. Then we could think about ways to fix that. Is KDE4 support deprecated?
The last Plasma 4 LTS
The last Plasma 4 LTS release was 4.11.22 (August 19, 2015).
See: https://www.kde.org/announcements/announce-applications-15.08.0.php ("Other Releases")
Session Manager in Tools
Session Manager in Tools menu and it's icons in toolbars disappeared after update.
How to make Session Manager fully functional?
360 total security now flags
360 total security now flags the tor 7.0 and 6.5 as UNKNOWN, yesterday it was saying it was a virus/trojan
2017-01-29 13:47:56 D:\Users\user\Desktop\deskk\Downloads\torbrowser-install-7.0a1_en-US.exe Unknown Mozilla
2017-01-29 13:47:34 D:\Users\user\Desktop\deskk\Downloads\torbrowser-install-6.5_en-US.exe Unknown Mozilla
very use full
very use full
Can't download the new
Can't download the new version. Everytime I try, I receive this warning: "signature verification failed! You might be under attack, or there might just be a networking problem. Click start try the download again."
Well, I don't have networking problems and I'd already tried several times. Any help?
Simple- Do a fresh install
Simple- Do a fresh install of Tor and remember to redo your security settings.
There is a bug in
There is a bug in tor-browser-launcher: https://github.com/micahflee/torbrowser-launcher/issues/260. I'd recommend to download Tor Browser from our website and use its built-in updater. It should be much faster that way as well if you are updating regularly as it only downloads diffs in that case and not a whole new Tor Browser every time.
Something interesting. I
Something interesting. I think I may have found the FBI's alleged magic bullet. It seems that PHP has a known but not well publicized exploitable bug that allows a PHPscript to both hide other scripts such as javascript from the browser, as well as somehow, at least hypothetically, execute them as well. If this is the case, it would seem that PHP would be able to bypass the browser plugins and run scripts anyways. So a few questions:
1. Has this type of attack been considered and mitigated,
and,
2. How might we mitigate this sort of thing?
PHP is a server-side
PHP is a server-side language. It does not execute on browsers and cannot be used to exploit browsers in any way. A PHP bug, no matter how severe, could only be used to exploit a web server. PHP is simply a method of having a server choose what to send to a client, like any other CGI script like Perl, Ruby, ASP, or whatever. It cannot tell the client how to execute it. To answer your questions:
1. No, because it does not exist.
2. We cannot, because it does not exist.
tor + firefox updated not
tor + firefox updated not properly. Tor not run correctly in firefox. Items in "Add-ons" is absent. I do not know what kinds configuration methods to use for to repare. When I Install old version over not properly updated version then links what I added to "Bookmarls" is erased. These situation is appear often.
Did you get error messages
Did you get error messages during the update? What extensions were there before and are missing now? Which operating system are you using?
nice
nice
agree
agree
in saudi arabia your brawser
in saudi arabia your brawser has dead now im outside of my home
in this new 6.5 version some
in this new 6.5 version some web-site not opens. but in 6.0.8 all good. for example: https://999.md
Works with neither of them
Works with neither of them for me.
Try with Low security
Try with Low security settings
I did.
I did.
I think problem in NoScript
I think problem in NoScript
04-02-2017, 11:57:27.500
04-02-2017, 11:57:27.500 [WARN] Proxy Client: unable to connect to 83.212.101.3:443 ("general SOCKS server failure")
This is down again. This is used with the scramblesuite transport
I talked to the maintainer
I talked to the maintainer of that bridge and he told me that this bridge gets hammered with requests and the server can't handle that. We'll take that one out of the Tor Browser default bridges next time, alas.
That means that scramblesuit
That means that scramblesuit will be removed?
Yes, if we don't find a
Yes, if we don't find a replacement bridge before the next release is getting out.
The TOR metrics doesn't seem
The TOR metrics doesn't seem to support the excessive usage as it peaks at 300 averaging 120. See
https://metrics.torproject.org/userstats-bridge-transport.html?start=20…
Doesn't every TOR site support every bridge?
I don't know what "Doesn't
I don't know what "Doesn't every TOR site support every bridge" means, but if it means "Doesn't every Tor relay support every pluggable transport", the answer is no.
Pluggable transports, such as scramblesuit, are separate programs that transform Tor traffic in a way that makes it harder to detect and/or censor.
The scramblesuit protocol doesn't get that much use in practice, and there aren't that many bridges that support it, and apparently the ones that do are having trouble with stability. Sounds to me like a reasonable time to remove it from the Tor Browser.
I only use it because it is
I only use it because it is one of the transports that is able to get through "Tor"blocked sites that don't allow other transports through. This could be because it is hardly used and sites that try to block Tor don't pay any attention to scramblsuit.
Thanks! Your services are
Thanks! Your services are invaluable!!
super
super
I am using a Mac OSX, and I
I am using a Mac OSX, and I see 2 "Tor browser" processes running simultaneously. Is this normal ?
And both vanish if you close
And both vanish if you close Tor Browser? Are you using some pluggable transports or Tor Browser just as it ships connecting directly to the Tor network?
No big deal but it seems the
No big deal but it seems the "wrap long lines" option doesn't work when I open "view page source".
When I install To browser
When I install To browser 6.5 onto my Ubuntu 16.05 with the latest Firefox version already installed the Tor browser doesn't show being open from the App menu selection even though it is open. Firefox shows 2 applications open. It is if the Tor browser and Firefox are linked.
It seems to me this is a bug
It seems to me this is a bug related to https://trac.torproject.org/projects/tor/ticket/18199. Might even be the same.
Unable to verify the
Unable to verify the signature of file tor-browser-linux64-6.5_en-US.tar.xz. I get the following when I attempt to verify the signature:
SHA256 hash sum of the file:
c4714061748a70d3871dd84ff88d2f317b386d290a5c1fb94a504a1c256f1960
I've downloaded the file three different times now and had the same issue with all three downloads.
Updating your local Tor
Updating your local Tor Browser key should help. The bundles are signed with a new subkey. The SHA256 hash looks good for what it is worth.
I Love You Guys! Thanks Tor
I Love You Guys! Thanks Tor I will Always donate to you! Keep up the great work!
Version 6.5 consistantly
Version 6.5 consistantly does not start. Instead I am getting the message Something Went Wrong! Tor is not working in this browser
Version 6.08 is working.
Do you get some more error
Do you get some more error information than that? What exactly did you do? Does a clean new install of Tor Browser help? What operating system are you on?
does someone know why TBB
does someone know why TBB doesn't remember
browser.zoom.siteSpecific = true?
See:
See: https://trac.torproject.org/projects/tor/ticket/20727.
Is TBB affected
Is TBB affected with?
https://www.openssl.org/news/secadv/20170216.txt
Encrypt-Then-Mac renegotiation crash (CVE-2017-3733)
=========================================
Severity: High
During a renegotiation handshake if the Encrypt-Then-Mac extension is
negotiated where it was not in the original handshake (or vice-versa) then this
can cause OpenSSL to crash (dependent on ciphersuite). Both clients and servers
are affected.
OpenSSL 1.1.0 users should upgrade to 1.1.0e
No, we are using 1.0.2.
No, we are using 1.0.2.
ok
ok
Anonymity broken ? On some
Anonymity broken ?
On some website(s?) there is a strange error happening while printing a webpage to pdf file.
It will give a modem error message for more than 20 times within a second.
This is happening for some time, one or two Torbrowser versions.
This is happening with no javascripts allowed.
What I see in the Console program log
This "replacing NaN with 0" message only keeps popping up in console on this website www.security.nl
What is this?
A new manner for circumventing Torbrowser anonymity by trying tot send feedback when printing a page?
Why aren't all dom settings in the about:config that try to send back user behavior disabled?
There used tot be a separate dom setting for sending printing feedback as well in firefox but I can find it anymore.
Please just try this yourself or please analyze that website code.
Tested many websites but this is only happening on that website that happened to be in a way related to another company that is focused on legal interception (Pine).
It is strange behavior, exeptional and very specific related and it does not look right.
Could you give us exact
Could you give us exact steps to reproduce your problem? What operating system are you on?
Hi GK Tested this issue in
Hi GK
Tested this issue in different Torbrowser versions, on different Mac OS X systems, with different OS versions, with different separated Mac OS X configs and different Mac hardware systems.
For example, it is not happening on Torbrowser versions based on Firefox ESR 38.
It is happening in the ESR 45 based Torbrowser versions (even the newest alfa 7 version) depending on the OS system you use and is not depending on blocking or allowing javascripts, it does happen even if you block almost everything in NoScript.
I did not feel the urge (yet) to test it on all Mac OS X systems between 10.6 and 10.12, because I do not want Torbrowser code on every system. I like my privacy but life offers more than checking and using Torbrowser.
But I did test Torbrowser versions in two Mac OS X versions.
Torbrowser 45 is working fine on OS X 10.10
Installing Torbrowser 5.5.5./ESR 38.8 again, this one is working fine on OS X 10.6
Torbrowser 45 is NOT working (that) fine on OS X 10.6 (but far far far better than the latest ESR mozilla Firefox versions that hang and freeze on a very regular basis. GooD job TorTeam, you are better than the mozilla devs!).
This Torbrowser NaN problem seems (at least) to be a specific Mac OS X 10.6 related problem no matter which hardware, OS X or Torbrowser configuration.
While attempting to save a PDF to file the Mac will immediately start other connection processes (on that particular tested website).
Two mDNSResponder connections over port 5353, one 5353 connection over ipv6 and one over ipv4 to an address starting with 224.
At the same time also starting two local network ipv4 connection attempts by the nmblookup process over port 137.
These connections were allowed so it was not a result of blocking connections.
At the same time (during save print to pdf) one can see around 20 (error) messages in console regarding that 'NaN error' warning.
This will happen every time when I save a webpage as pdf file on that particular website.
I tested it a lot of times, every time same result, same connection activity.
User feedback settings issue?
Now, Firefox used to have user interaction feedback code embedded, to inform the website owner about some browser activities the user was performing (If the website used the (anti privacy) opportunities in Firefox).
I can remember some feedback function things like acting on copy, printing, right mouse click actions by the user but I don't see them anymore in the about config.
It gives still a very a lot of DOM values and I do not know the fuctions of a lot of them, but hopefully you do.
Apparently there is some Torbrowser code activated by this website to start other processes in Torbrowser while printing a webpage, but apparently this gives some errors 'along the network road' popping up in my console program.
I don't know much about this 'Nan' or computer code at all but it seams to be a warning about a value that does not match or exist? What is Torbrowser doing by request while I just save a webpage as pdf?
My concern is that Torbrowser (in this particular case) apparently is getting triggered to start a network process that maybe can be used in a way we do not like it to be that way, because it is leaving my local network or end up in my modem logs or anywhere else?
Relative problem or not?
I know that firefox is ending their support for 3 Mac OS X versions any time soon and one can see that as a solution of this (Mozilla Firefox and not Torbrowser) problem. At least I do not have to test it on OS X 10.7 / 10.8 / 10.9 for now, but maybe this problem appears in 10.7 or even 10.8 as well?
Anyway, I should think that it is worth to analyze this problem because if you know what the source is of this particular problem you can prevent yourself from related unknown and invisible bugs in Torbrowser in future Torbrowser versions.
Hopefully.
Because I can imagine that not all Torbrowser users are monitoring their network, system and console processes to see if there is 'some creative deviation in the normal part of the program', I thought is was worth mentioning it here anyway.
So if you want to reproduce this, just take a Mac that still can run that marvelous OS X 10.6, take torbrowser 6 or 7 , set Noscript on the highest setting, open console program (show log list) go to that particular website, just print the front-page, or any page and save it as a pdf file anywhere.
And if you have any kind of extra firewall software, look at it and see which connections Torbrowser is activating when doing the print tot file job.
Thanks for your answer anyway and I hope you can address / repair / disable this specific behavior in future versions.
A possible about:config correction clue would be nice as well.
Bye
> GooD job TorTeam, you are
> GooD job TorTeam, you are better than the mozilla devs!
That's why I'm using Tor Browser and stopped to use Firefox!
Additional answer while
Additional answer while earlier (long) answer is still in moderation
It is also the case on the front page of Wired, wired.com
Even up to 72 NaN error console messages within 2 seconds every time I print a pdf to file.
Happens also with Torbrowser 7.0a1 (based on Mozilla Firefox 45.7.0) in combination with the latest version of OS X 10.6.
So there must be some kind of web code that is triggering this behavior on some websites while printing a webpage.
Thanks for that report. Just
Thanks for that report. Just to make it clear (and make it easier to reproduce): This is just happening on an OS X 10.6 system and later macOS versions are unaffacted?
(As a sidenote: the upcoming alpha will be the last in its series that supports macOS < 10.9. We'll drop support for those older macOS versions with the switch to ESR 52 as Mozilla does).
GK, Please read the long
GK,
Please read the long answer again, the answers are there.
You missed a positive remark @ Torproject also.
So give yourself that chance for a compliment again, but you are free to stop support on (relatively) very good working products on a relatively safe and relatively malware free operating system.
I tested OS X 10.6 and 10.10 (for now).
It is up to you to test OS X 10.7/10.8 and 10.9 if you have them directly available.
But if the second part of your answer is also ment as an easy solution / excuse.
Well then, what can I do? This is an asymmetric discussion, I cannot force anyone to look at possible bugs and security issues that maybe can affect newer browser versions as well.
Because you do not see it directly (as seen in OS X 10.6) it does not mean a possible bug is not there in your newer Torbrowser code with all risks to come.
You will only know future safety of your browser by knowing what is the error background of the bug now.
That dns thing mentioned, may be a Mac OS X specific behavior of samba and bonjour things on MacOS.
But, the combination of DNS and malware has relevant attention in real life as well, so.. there you go.
http://blog.talosintelligence.com/2017/03/dnsmessenger.html
I hope you'll figure out and understand what I wrote, I was not born as a native english speaker.
Regarding languages,.. some language advice for the midst of march, order "een fluitje bier" if you want to code next day, or a lot of "vaasje" if you don't bother at all doing anything but having one big hangover that week.
And "Duvel" means "Devil", just think of it before you are ordering this (belgium) beer.
Have fun.
Another extra test,
Another extra test, Torbrowser 6.5 (based on Mozilla Firefox 45.7.0) on Mac OS X 10.7 does not seem to generate these print to pdf warnings on Wired.
Answered 2 times,
Answered 2 times, friday-saturday but moderation is quite behind (takes at least 2 days) or making decisions to not publish the answers. I do not mind as long that they are reaching you anyway. Bye
Thaks dude !!
Thaks dude !!
I have a concern. I am able
I have a concern. I am able to access the link http://timesofindia.indiatimes.com/ using TOR, however I am unable to sign into the page as the "SIGN IN" option does not appear on using TOR. As a result I cannot use the features of comment/like/dislike on any article. A quick update on this wud be appreciated.
Hi guys I have just
Hi guys I have just downloaded torbrowser-install-6.5.1_en-US.exe and I can't verify it neither by GPG not by SHA256:
gpg --verify torbrowser-install-6.5.1_en-US.exe.asc torbrowser-install-6.5.1_en-US.exe
gpg: Signature made 03/06/17 18:11:37 RTZ 2 (чшьр) using RSA key ID C3C07136
gpg: Good signature from "Tor Browser Developers (signing key) " [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
Subkey fingerprint: A430 0A6B C93C 0877 A445 1486 D148 3FA6 C3C0 7136
SHA256 of *.exe gives this value:
656DF6D342002CCE912584675CBBE0533BD794383E30B7138622BB2985B47608
However, what I see in the link
https://dist.torproject.org/torbrowser/6.5.1/sha256sums-unsigned-build…
d535f2ac460dd5d34cce5ba73e11126eec9170081b11b12f8332a88b2765e525 torbrowser-install-6.5.1_en-US.exe
What is wrong with it, or has it been replaced (attacked) somehow?