Tor Browser Bundle

Tor Browser Bundle is a free and platform-independent application designed to allow users to browser the Web anonymously through the powerful Tor network on the Linux, Microsoft Windows and Mac OS X operating systems, without the need to use any third-party software.

Features at a glance

It is a portable software, allowing users to use directly from a USB flash drive, running a pre-configured web browser to protect their anonymity. The Tor software is the key component of Tor Browser Bundle, protecting users by bouncing their communications around a distributed network of relays, which are run by volunteers all around the world.

Getting started with Tor Browser Bundle

When you open the application for the first time, it will ask if you want to immediately connect to the Tor network and start browsing the Web anonymously, or if you want to tweak your network settings, in case the respective computer its censored, proxied or filtered.

Once you hit the Connect button, the software will connect to the Tor network and in a few seconds it will close the connection dialog and open the actual web browser, which is based on an ESR (Extended Support Release) version of the Mozilla Firefox project.

To verify if your connection is indeed anonymous, you can access the www.whatismyip.com website, wich will display the current IP address you’re using at that moment, as well as the geographical location.

Availability and supported platforms

It is a freely distributed, yet not open source graphical software, a mix between the well known Mozilla Firefox web browser and the Tor application, enabling users to surf the Web anonymously from the comfort of their Linux desktops.

Detailed installation instructions for each of the supported operating systems is provided on the project’s homepage, along with the respective binary packages, supporting the 64-bit and 32-bit hardware platforms and many languages.

Bottom line

Overall, Tor Browser Bundle is a really powerful application for Mozilla Firefox users who don’t want to configure the Tor network separately on their Linux-based operating system. Happy anonymous surfing!

What is new in this release:

• Update Firefox to 31.4.0esr
• Update NoScript to 2.6.9.10
• Update meek to 0.15
• Update Tor Launcher to 0.2.7.0.2 (translation updates only)

What is new in version 4.0.2:

• Update Firefox to 31.3.0esr
• Update NoScript to 2.6.9.5
• Update HTTPS Everywhere to 4.0.2
• Update Torbutton to 1.7.0.2
• Bug 13019: Synchronize locale spoofing pref with our Firefox patch
• Bug 13746: Properly link Torbutton UI to thirdparty pref.
• Bug 13742: Fix domain isolation for content cache and disk-enabled
• browsing mode
• Bug 5926: Prevent JS engine locale leaks (by setting the C library
• locale)
• Bug 13504: Remove unreliable/unreachable non-public bridges
• Bug 13435: Remove our custom POODLE fix (fixed by Mozilla in 31.3.0esr)

What is new in version 4.0.1:

• Update Tor to 0.2.5.10
• Update NoScript to 2.6.9.3
• Bug 13301: Prevent extensions incompatibility error after upgrades
• Bug 13460: Fix MSVC compilation issue

What is new in version 4.0:

• This release features important security updates to Firefox. Additionally, due to the POODLE attack, we have also disabled SSLv3 in this release.
• The primary user-facing change since the 3.6 series is the transition to Firefox 31-ESR.
• More importantly for censored users who were using 3.6, the 4.0 series also features the addition of three versions of the meek pluggable transport. In fact, we believe that both meek-amazon and meek-azure will work in China today, without the need to obtain bridge addresses.
• This release also features an in-browser updater, and a completely reorganized bundle directory structure to make this updater possible. This means that simply extracting a 4.0 Tor Browser over a 3.6.6 Tor Browser will not work. Please also be aware that the security of the updater depends on the specific CA that issued the www.torproject.org HTTPS certificate (Digicert), and so it still must be activated manually through the Help ("?") "about browser" menu option. Very soon, we will support both strong HTTPS site-specific certificate pinning (ticket #11955) and update package signatures (ticket #13379). Until then, we do not recommend using this updater if you need stronger security and normally verify GPG signatures.
• There are also a couple behavioral changes relating to NoScript since 3.6. In particular, by default it now enforces script enable/disable for all sub-elements of a page, so you only need to enable scripts once for a page to work, rather than enabling many sub-scripts. This will hopefully make it possible for more people to use the "High Security" setting in our upcoming Security Slider, which will have Javascript disabled globally via NoScript by default. While we do not recommend per-element whitelisting due to fingerprinting, users who insist on keeping this functionality may wish to check out RequestPolicy.

What is new in version 4.0 Alpha 2:

• All Platforms:
• Update Firefox to 24.8.0esr
• Update NoScript to 2.6.8.39
• Update Tor Launcher to 0.2.7.0
• Bug 11405: Remove firewall prompt from wizard.
• Bug 12895: Mention @riseup.net as a valid bridge request email address
• Bug 12444: Provide feedback when "Copy Tor Log" is clicked.
• Bug 11199: Improve error messages if Tor exits unexpectedly
• Update Torbutton to 1.6.12.1
• Bug 12684: New strings for canvas image extraction message
• Bug 8940: Move RecommendedTBBVersions file to www.torproject.org
• Bug 12684: Improve Canvas image extraction permissions prompt
• Bug 7265: Only prompt for first party canvas access. Log all scripts that attempt to extract canvas images to Browser console.
• Bug 12974: Disable NTLM and Negotiate HTTP Auth
• Bug 2874: Remove Components.* from content access (regression)
• Bug 4234: Automatic Update support (off by default)
• Bug 9881: Open popups in new tabs by default
• Meek Pluggable Transport:
• Bug 12766: Use TLSv1.0 in meek-http-helper to blend in with Firefox 24
• Windows:
• Bug 10065: Enable DEP, ASLR, and SSP hardening options
• Linux:
• Bug 12103: Adding RELRO hardening back to browser binaries.

What is new in version 3.6.5:

• All Platforms:
• Update Firefox to 24.8.0esr
• Update NoScript to 2.6.8.39
• Update HTTPS Everywhere to 4.0.0
• Update Torbutton to 1.6.12.1
• Bug 12684: New strings for canvas image extraction message
• Bug 8940: Move RecommendedTBBVersions file to www.torproject.org
• Bug 9531: Workaround to avoid rare hangs during New Identity
• Bug 12684: Improve Canvas image extraction permissions prompt
• Bug 7265: Only prompt for first party canvas access. Log all scripts that attempt to extract canvas images to Browser console.
• Bug 12974: Disable NTLM and Negotiate HTTP Auth
• Bug 2874: Remove Components.* from content access (regression)
• Bug 9881: Open popups in new tabs by default
• Linux:
• Bug 12103: Adding RELRO hardening back to browser binaries.

What is new in version 4.0 Alpha 1:

• Ticket 10935: Include the Meek Pluggable Transport (version 0.10):
• Two modes of Meek are provided: Meek over Google and Meek over Amazon
• Update Firefox to 24.7.0esr
• Update Tor to 0.2.5.6-alpha
• Update OpenSSL to 1.0.1i
• Update NoScript to 2.6.8.36:
• Script permissions now apply based on URL bar
• Update HTTPS Everywhere to 5.0development.0
• Update Torbutton to 1.6.12.0:
• Bug 12221: Remove obsolete Javascript components from the toggle era
• Bug 10819: Bind new third party isolation pref to Torbutton security UI
• Bug 9268: Fix some window resizing corner cases with DPI and taskbar size.
• Bug 12680: Change Torbutton URL in about dialog.
• Bug 11472: Adjust about:tor font and logo positioning to avoid overlap
• Bug 9531: Workaround to avoid rare hangs during New Identity
• Update Tor Launcher to 0.2.6.2:
• Bug 11199: Improve behavior if tor exits
• Bug 12451: Add option to hide TBB's logo
• Bug 11193: Change "Tor Browser Bundle" to "Tor Browser"
• Bug 11471: Ensure text fits the initial configuration dialog
• Bug 9516: Send Tor Launcher log messages to Browser Console
• Bug 11641: Reorganize bundle directory structure to mimic Firefox
• Bug 10819: Create a preference to enable/disable third party isolation
• Backported Tor Patches:
• Bug 11200: Fix a hang during bootstrap introduced in the initial
• bug11200 patch.
• Linux Changes:
• Bug 10178: Make it easier to set an alternate Tor control port and password
• Bug 11102: Set Window Class to "Tor Browser" to aid in Desktop navigation
• Bug 12249: Don't create PT debug files anymore

What is new in version 3.6.4:

• Update Tor to 0.2.4.23
• Update Tor launcher to 0.2.5.6
• Update OpenSSL to 1.0.1i
• Backported Tor Patches:
• Bug 11654: Properly apply the fix for malformed bug11156 log message
• Bug 11200: Fix a hang during bootstrap introduced in the initial
• bug11200 patch.
• Update NoScript to 2.6.8.36:
• Bug 9516: Send Tor Launcher log messages to Browser Console
• Update Torbutton to 1.6.11.1:
• Bug 11472: Adjust about:tor font and logo positioning to avoid overlap
• Bug 12680: Fix Torbutton about url.

What is new in version 3.6.3:

• Update Firefox to 24.7.0esr
• Update obfsproxy to 0.2.12
• Update FTE to 0.2.17
• Update NoScript to 2.6.8.33
• Update HTTPS Everywhere to 3.5.3
• Bug 12673: Update FTE bridges
• Update Torbutton to 1.6.11.0
• Bug 12221: Remove obsolete Javascript components from the toggle era
• Bug 10819: Bind new third party isolation pref to Torbutton security UI
• Bug 9268: Fix some window resizing corner cases with DPI and taskbar size.
• Bug 11102: Set Window Class to "Tor Browser" to aid in Desktop navigation
• Bug 12249: Don't create PT debug files anymore