Tor Browser Bundle Mac

Tor Browser Bundle for Mac enables you to securely browse the Web while hiding your identity, proving to be an accessible, feature-rich option. Because of its dependency on the Tor network. Tor Browser will block browser plugins such as Flash, RealPlayer, QuickTime, and others: they can be manipulated into revealing your IP address. We do not recommend installing additional add-ons or plugins into Tor Browser.

Updated 10 August 2016

The Tor Browser keeps your online activities private. It disguises your identity and protects your Web traffic from many forms of Internet surveillance. Tor can also be used to bypass Internet filters.

The ability to conceal your digital identity from the websites that you visit
The ability to conceal the websites you visit from Internet Service Providers and surveillance programmes
The ability to bypass Internet censorship and filtering rules
Protection from insecure and potentially malicious websites through the HTTPS Everywhere and NoScript browser add-ons

Note: If you are in a location where access to the Tor Project website is blocked, you can use email to request a download link that is more likely to work. Just send an email to gettor@torproject.org with the version you need (Windows, OSX or Linux) in the body of the message. You will receive a response that includes a link to the Tor Browser archive via Dropbox, Google Docs or Github. Further details about this feature are available on the Tor Project website.

1.1 Things you should know about the Tor Browser before you start

The Tor Browser operates on the Tor network, which runs on Free and Open Source Software (FLOSS) and which is designed to enable online anonymity and censorship circumvention.

The Tor software bounces your communications around a distributed network of relays run by volunteers throughout the world, which makes your traffic appear to come from a different [IP address*], often in a different country. As a result, Tor hides your *IP address from the websites you access while also hiding the websites you access from third parties who might be monitoring your traffic. Tor is designed in such a way that not even the Tor relays themselves can know both your location on the Internet and the websites you visit.

Tor also takes steps to encrypt communications into and throughout its network. However, this protection does not extend all the way to websites that are accessible through unencrypted channels (that is, websites that do not support HTTPS).

Because the Tor Browser hides the connection between you and the websites you visit, it allows you to browse the Web anonymously and avoid online tracking. It it also useful for circumventing online filters so that you can access content from (or publish content to) websites that would otherwise be restricted.

Note: There is a trade-off between anonymity and speed. Tor provides anonymity by bouncing your traffic through volunteer servers in various parts of the world, it will almost always be slower than a direct connection to the Internet.

Definitions:

Bridge Relay: A Bridge Relay is a Tor server that is not publicly advertised. If you use a bridge, it can provide you with access to the Tor network even if Tor is blocked in your country.
Port: A port is an access point through which software communicates with services running on other networked computers. If a URL (such as www.securityinabox.org, gives you the 'street address' of a service, then the port tells you which 'door' to use once you reach the correct destination. Port 80 is typically used for HTTP websites that do not support encryption, and port 443 is used for secure websites that support HTTPS.
Proxy: A proxy is a software intermediary that runs on your computer, on your local network, or somewhere else on the Internet, that helps to relay your communication toward its final destination.
Route: A route is the communication path on the internet between your computer and the destination server.

The following steps illustrate how the Tor network works when Alice's computer uses Tor Browser to communicate with Bob's server:

Step 1. Alice's Tor Browser obtains a list of Tor nodes or relays [1] from the Tor directory server (Dave).

Step 2. Alice's Tor Browser picks a random path through Tor network to the destination server (Bob). All connections inside Tor network are encrypted (green [3]). In this example, the last connection is not-encrypted (red [2]). The last connection would be encrypted if Alice were visiting an https website.

Step 3. If at the later time, Alice visits another server (Jane), Alice's Tor Browser selects a different random path.

Note: There is a trade-off between anonymity and speed. Tor provides anonymity by bouncing your traffic through volunteer servers in various parts of the world. It will almost always be slower than a direct connection to the Internet.

1.2 Other Tools Like the Tor Browser

GNU Linux, Mac OS X, and other Microsoft Windows Compatible Programs:

The Tor Browser is available for Mac OS X, GNU Linux, Microsoft Windows and Android operating systems. Tor is the most recommended and rigorously tested tool for keeping your online activities anonymous. But we would like to list some other recommended solutions here:

Riseup VPN is a free Virtual Private Network (VPN) proxy server for Linux, Mac OS X, Android and Microsoft Windows.
Psiphon3 is a free commercial Virtual Private Network (VPN) solution for Microsoft Windows and Android.
Lantern is a free and open source circumvention tool for Linux, Mac OS X and Windows.

2.1 Download the Tor Browser

Step 1. Download the Tor Browser for Mac OS X using one of two options.

Option 1. Go to the Tor download page. Make sure you're actually on the secure version of the https://www.torproject.org/download/download-easy.html.en website before downloading anything. (The 'https' part encrypts the connection between your browser and the website, thus making it harder for an attacker to modify the file you're going to download.)

The link above goes to Tor’s ‘easy download’ page, which is designed to identify the operating system you’re using and present you with the correct version of Tor Browser for your computer: Tor Browser for Mac. Click [Download] to begin the file download.

Figure 1: Tor Browser ‘Easy’ Download Page

Option 2. If you are in a location where access to the Tor Project website is blocked, you can request a copy of the Tor Browser Bundle installer via email. To do this, send an email to gettor@torproject.org with the version of Tor you want in the body of the email (e.g., Windows if you have a Windows computer, OSX if you use an Mac Computer, or Linux if you use a Linux-based computer).

Figure 2: Emailed request to gettor@torproject.org for the OS X version of Tor Browser

You will receive a reply to your email with a link to download the installer via several locations online. Further details about this feature are available on the Tor Project website.

Figure 3: Email response from gettor@torproject.org with Tor Browser download links for Mac OS X

2.2 Install the Tor Browser

To install the Tor Browser, follow the steps below:

Step 1. Navigate to the folder in which you saved the Tor Browser package (a .dmg file beginning with ‘Tor Browser). In this example, we assume you saved file in your Downloads file.

Figure 1: The Downloads folder containing the Tor Browser .dmg file

Step 2. Double-click the Tor Browser .dmg file to mount it as a disk image. It should show up as in a new window (Figure 2, below) and under Devices in the left-hand sidebar of a normal Finder window.

Figure 2: Inside the mounted Tor Browser disk image

Step 3. Drag the TorBrowser.app into your Applications folder.

Figure 3: Dragging the mounted TorBrowser.app into the Applications folder

It should then copy over into Applications.

Figure 4: Progress window for copying TorBrowser.app into the Applications folder

Step 4. Before we start using TorBrowser, we should unmount (or 'eject') the TorBrowser disk image. Find Tor Browser under Devices in the Finder sidebar. Click on the {eject} icon next to it in the sidebar to unmount the disk image.

Figure 5: Unmounting (or ejecting) the TorBrowser disk image

Step 1. Navigate to the Tor Browser in your Applications folder.

Figure 1: The Tor Browser in the Applications folder

Step 2. Double-click the Tor Browser app.

Step 3. Depending on your security settings in System Preferences, you may now see a notification (Figure 2) telling you that Tor Browser is from an ’unidentified developer’.

Figure 2: OS X’s ‘Gatekeeper’ alert reporting that the Tor Browser is from an ‘unidentified developer’

We now must ‘approve’ the Tor Browser in System Preferences in order to use it.

Step 4. OpenSystem Preferences by clicking on the Apple icon in the top-level menu and scrolling down to selectSystem Preferences.

Figure 3: Navigating to System Preferences

Step 5. Click on Security & Privacy in the top row of System Preferences.

Figure 4: System Preferences

Step 6. In the Security & Privacy section of System Preferences, you should see your Gatekeeper settings in the bottom half of the window. (See Figure 5 below.) Mac OS X Gatekeeper restricts which applications you can install on your device.

If your settings are set to only allow apps from the first option, Mac App Store, or the second option Mac App Store and ‘identified developers’, you need to give your system permission to install the Tor Browser.

Since we’ve tried to open the Tor Browser, there should now be a [Open Anyway] button after the statement ’“TorBrowser.app” was blocked from opening because it is not from an identified developer.’ In order to make changes, click the lock in the bottom corner.

Figure 5: The Security & Privacy section of System Preferences

Note: In order to be considered an ’identified developer’ by Mac OS X, developers need to [pay annual fees] to Apple. Many developers, especially those working on [Free and Open Source Software (FOSS)] projects, choose not to do this on principle and because of the costs involved. Keep this in mind when installing other FOSS security and privacy tools for Mac OS X.

Step 7. Enter the user name and password for an account with administrative privileges, then click [Unlock].

Figure 6: 'Unlocking’ Security & Privacy preferences

Step 8. Back in Security & Privacy settings, you’ll now be able to click the [Open Anyway] button in order to open and use the Tor Browser.

Note: Doing this doesn’t change your Gatekeeper settings for future applications you download. It only provides permission for the operating system to open and run Tor Browser now and in the future.

Figure 7: The ’unlocked’ Security & Privacy section of System Preferences

Step 8: Return to you your Applications folder and double-click the Tor Browser to open it. One final alert will pop up to ask you if you’re sure you want to open ”TorBrowser.app”. Click[Open].

Figure 8: Final confirmation prompt

The first time you launch the Tor Browser, it will ask you how it should connect to the Internet:

Direct Access: Select this option if your access to the Internet is unrestricted and if the use of Tor is not blocked, banned, or monitored where you are located.
Restricted Access: Select this option if your access to the Internet is restricted or if the use of Tor is blocked, banned, or monitored where you are located.

After you initially configure and launch the Tor Browser, it will continue to connect to the Tor network with no additional configuration. But you can change these settings at any time from within the Tor Browser. You may need to change them when you are traveling, or if the situation changes in your country. To do so, see Section 3.3, How to reconfigure access to the Tor network.

3.1 How to connect to the Tor network - Direct Access

If access to the Internet (and to the Tor Network) are not restricted in your location, perform the following steps to configure the Tor Browser:

Step 1. Launch the Tor Browser

Figure 1: The Tor Network Settings screen

Step 2. To connect directly to the Tor network, click[Connect].

The Tor Browser will now establish a circuit for you within the Tor network. This may take a while the first time you run the Tor Browser. There will be a progress bar as this runs.

Figure 2: Establishing a Tor circuit when connecting to the Tor network

Step 3. After a few moments, the Tor Browser will open.

Figure 3: The Tor Browser

From here, go toSection 4 to learn how to to use the Tor Browser to access websites safely and anonymously.

3.2 How to connect to the Tor network - Restricted Access

If you want to use the Tor Browser from a location where the Tor network is blocked, you will have to use a bridge relay. Bridges are not listed in the public directory of Tor relays, so they are more difficult to block. Some bridges also support pluggable transports, which try to disguise your traffic to and from the Tor network. This helps prevent online filters from identifying and blocking bridge relays.

The default pluggable transport, called obfs4, also makes it slightly more difficult for others to figure out that you are connecting to the Tor network. In general, though, Tor is not designed to hide the fact that you are using Tor.

You can learn more about bridges on the Tor project website. There are two ways to use bridges. You can enable the provided bridges or you can request custom bridges.

3.2.1 How to connect to the Tor network with provided bridges

You can use provided bridges to connect to the Tor network by performing the following steps:

Step 1. Launch the Tor Browser

Figure 1: Tor Network Settings

Step 2: If you have restricted access, click[Configure]

Note: If you have already configured the Tor Browser, you can activate the screen below by following the steps in Section 3.3

Figure 3: The first bridges configuration screen

Step 3:SelectYes, then click [Continue].

Figure 4: The second bridges configuration screen

Step 4. SelectConnect with provided bridges and click[Continue].

The Tor Browser will now ask if you need to use a local proxy to access the Internet. The steps below assume that you do not.

Tip: If you do, you can check your regular browser settings and copy over your proxy configuration. (In Firefox you can find these settings under Preferences > Advanced > Network > Connection Settings. In other browsers you may find them under Internet Options. You can also use the Help feature within your browser for further assistance.

Figure 5: The proxy configuration screen

Step 6. SelectNo, then click [Connect] to launch the Tor Browser.

Figure 6: Connecting to the Tor network

After a few moments, the main Tor Browser window will open. From here, go toSection 4 to learn how to to use the Tor Browser to access websites safely and anonymously.

3.2.2 How to connect to the Tor network with custom bridges

You can also connect to the Tor network through custom bridges, which are used by fewer people than the provided bridges and are therefore less likely to be blocked. If you are unable to access the Tor Project website, you can request custom bridge addresses by sending an email to bridges@torproject.org using a Riseup, Gmail or Yahoo account. Include the phrase, get bridges in the body of your message

If you can access the Tor Project website, you can obtain custom bridge addresses by visiting https://bridges.torproject.org/options and following the steps below.

Step 1. Go to https://bridges.torproject.org/.

Figure 1: Tor’s BridgeDB website

Step 2. ClickGet bridges in Step 2.

Figure 2: The ‘Get Bridges!’ page on Tor’s BridgeDB website

Step 3. ClickJust give me bridges!

Step 4. Fill in the captcha and press enter.

Figure 3: The ‘Get Bridges!’ captcha

This should display three bridge addresses.

Figure 4: Three custom bridge lines from Tor’s BridgeDB website

Alternatively, you can get bridge addresses by sending an email to bridges@torproject.org from a Riseup, Gmail or Yahoo email account.

To request basic, ‘vanilla’ bridges, include get bridges in the body of the email. You will receive three custom bridges in response.

Figure 5: Three custom bridge lines sent from bridges@torproject.org in response to an emailed request

Step 5. Once you have your custom bridge addresses, you can type them into Tor Bridge Configuration screen shown below.

Note: If you are launching Tor Browser for the first time, you can find the Tor Bridge Configuration screen by follow the first few steps of the previous section. To find this screen if you have already setup Tor Browser, see the next section.

Figure 6: Entering custom bridge addresses on the second Tor Bridges Configuration screen

3.3 How to reconfigure access to the Tor network

At any stage, if you need to access the Tor Network a different way—-for example, if you have travelled to a country that blocks Tor—-you can update your Tor Network Settings from within the main Tor Browser window.

Step 1. Click the button to activate the Tor Browser menu

Figure 1: Accessing Tor Network Settings via the Tor Browser’s onion icon menu

Step 2. SelectTor Network Settings to change how Tor Browser connects to the Internet.

Figure 2: Tor Network Settings

This screen allows you to enable or disable the use of Bridges and add custom Bridges, among other configuration changes.

Step 3. When you are done, click[OK] and restart the Tor Browser.

As an up-to-date, privacy-optimised version of Firefox, the Tor Browser was designed to be very easy to use.

Note: In keeping with a policy of privacy by design, the Tor Browser is configured in such a way that it does not save your browsing history to your hard drive. Each time you quit the Tor Browser, your browsing history will be deleted.

4.1. How to check if the Tor Browser is working

The Tor Browser hides your IP address from the websites you visit. If it is working properly, you should appear to be accessing websites from a location on the Internet that

Is different from your normal IP address
Cannot be linked to your physical location

The simplest way to confirm this is by visiting the Tor Check website, which is located at https://check.torproject.org/.

When you run the Tor Browser, the ’Test Tor Network Settings’ link goes to the Tor Check website. Tor Check will also tell you what your new ‘exit’ IP address is, but it does not tell you which country that IP address is ‘in’.

Step 1. To be sure that the Tor Browser is working and connecting to the Tor Network, click on the ’Test Tor Network Settings’ link. (Or you can manually type in https://check.torproject.org/.)

Figure 1: The Tor Browser

If you are not using Tor, it will display the following:

Figure 2: Tor Check showing that Tor is not working properly

If you are using Tor, it will display the following:

Figure 3: Tor Check showing that Tor is working properly

Step 2. (Optional) It is often useful to see the route your Tor circuit is taking through the Tor Network, including the country your ‘new’ IP address is in.

To see the details of your current Tor circuit, including the country your ‘exit’ IP address is located in, click the button.

Figure 4: The ‘Tor circuit for this site’ feature

Step 3. (Optional) If you want to check your IP address using a service that is not associated with the Tor Project, there are many options online. IP address information sites that support https encryption make it more difficult for someone other than your service provider to “fake' the information seen there. Examples of sites that support https include:

If you access these websites without using the Tor Browser, they should display your real IP address, which is linked to your physical location. If you access them through the Tor Browser, they should display a different IP address--the IP address where your Tor circuit through the Tor Network is ’exiting’.

4.2 How to create a new identity

You can create a new identity for your Tor Browser. When you do, the Tor Browser will randomly select a new set of Tor relays for its Tor Circuit, which will make you appear to be coming from a new IP address when you visit websites. To do this, follow the steps below:

Step 1. Click the button to activate the Tor Browser menu

Figure 1: Creating a new identity in the Tor Browser

Step 2. SelectNew Identity from the menu.

The Tor Browser will show a confirmation message confirming your request for a New Identity. Click [Yes].

Figure 2: New Identity confirmation message

The Tor Browser will clear your browsing history and cookies then restart. Once it has restarted, you can confirm that you appear to be coming from a new IP address as described in the previous section, How to check if the Tor Browser is working.

4.3 How to enable the No Script Add-on

NoScript is a Firefox add-on that provides extra protection for your browser by blocking executable content from running without your permission.

It was developed to block malicious code which might be embedded in websites from running on your computer when you access such websites. Software like Java, Java Script, Flash, Silverlight and other potentially executable content are blocked by default, protecting you from the potential exploitation of security vulnerabilities.

While the Tor Browser comes with NoScript pre-installed, it is disabled by default. This is because No Script blocks all scripts that are not ‘whitelisted,’ and many users find it confusing at first. You can, however, configure NoScript to set different permissions for different websites. Once you start adding sites to your whitelist (i.e., your list of ‘safe’ or ‘trusted’ sites that you allow scripts to run on), it becomes much easier to deal with.

To enable NoScript in the Tor Browser, follow the steps below:

Step 1. Click the [NoScript] button to the left of the button. It will have a blue ’S’ with a red exclamation point after it (to signify that currently all scripts are allowed per the Tor Browser’s default.

Figure 1: The NoScript add-on

Step 2. Scroll down to selectForbid Scripts Globally (advised). After you do this, the NoScript icon will change to signify that you are forbidding scripts globally. It will now have a red circle with a diagonal slash over the blue ’S’, as seen in Figure 2 below:

Figure 2: The NoScript button with ‘Forbid Scripts Globally’ selected

Step 3. Initially, using NoScript to forbid scripts globally will appear to ‘break’ many of the websites you visit. But if a website fails to load properly, and you don’t consider that particular site a ‘risky’ one, you can add it to your NoScript whitelist.

To do this, click on [NoScript] button and select Temporarily allow all this page or Temporarily allow [full URL address], such as Temporarily allow https://check.torproject.org in Figure 3 below:

Figure 3: Temporarily allowing scripts for a given webpage in NoScript

For more information about the features of NoScript and how to use them, you can learn more in the NoScript section of the Firefox Tool Guide.

4.4 How to keep the Tor Browser up-to-date

When updates for the Tor Browser are available, you will be presented with a notice within the main Tor Browser window that it is out of date (Figure 1).

Tip: Because updates to the Tor Browser are often security- and privacy-related, it’s a good idea to always keep it up to date.

Figure 1: The Tor Browser's ‘out of date’ warning

As shown in Figure 1, you can update your version of Tor Browser by following the steps below:

Step 1. Click the button to activate the Tor Browser menu, then selectCheck for Tor Browser Update.

Figure 2: Downloading a Tor Browser update

Step 2. SelectDownload Tor Browser Update.

The Tor Browser update will begin downloading.

Figure 3:Tor Browser download status bar

Step 3. When the download is complete, it will notify you that it is ready to install. Click [Restart Tor Browser] to install the Tor Browser update.

Figure 4: Tor Browser update ready to install

Step 4. When the upload is complete, the Tor Browser will automatically restart. The final screen of the Tor Browser software update window will notify you that the update was successfully installed. Click [OK].

Figure 5: Successful Tor Browser update notification

Q: Why should I use the Tor Browser?

A: The Tor Browser is a useful tool if you need to circumvent Internet censorship in order to access certain websites. It's also useful if you don't want your Internet Service Provider (ISP) to know what websites you're visiting, or if you don't want those websites to know your location on the Internet.

Q: When I run the Tor Browser, do all of my other programs communicate anonymously through the Tor network?

A: No, it is important to remember that, by default, the Tor Browser only sends its own traffic through Tor network. Your other programs communicate directly with service providers on the Internet. You can verify that you are communicating over the Tor network by loading the Tor Check page at https://check.torproject.org. Tor also assumes that you will exercise of caution, common sense and good judgement when browsing new or unfamiliar websites.

Q: Is my Tor Browser traffic encrypted?

A: Tor will encrypt all of your communication within the Tor network. Keep in mind, however, that Tor cannot encrypt your traffic after it leaves the Tor network. To protect the data you send and receive between your Tor exit node and the website with which you are communicating, you are still relying on HTTPS.

Muutokset v4.0.6 - v4.0.8

All Platforms
Bug 15637: Fix update loop due to improper versioning
Update Tor to 0.2.5.12
Update NoScript to 2.6.9.21

Muutokset v4.0.5 - v4.0.6

Contains updates to Firefox, meek, and OpenSSL; it is also the last release planned to run on 32-bit Apple hardware. If you have a 64-bit Mac and are running Mac OS X 10.8, you can expect to be automatically upgraded to Tor Browser 4.5, optimized for your hardware, later this month. If you are running OS X 10.6 or 10.7, however, you will need to update manually once that version of Tor Browser is released, as described in the end-of-life announcement last year.

Muutokset v4.0.4 - v4.0.5

All Platforms
Update Firefox to 31.5.3esr
Update Tor 0.2.5.11
Update NoScript to 2.6.9.19

Muutokset v4.0.3 - v4.0.4

All Platforms
Update Firefox to 31.5.0esr
Update OpenSSL to 1.0.1l
Update NoScript to 2.6.9.15
Update HTTPS-Everywhere to 4.0.3
Bug 14203: Prevent meek from displaying an extra update notification
Bug 14849: Remove new NoScript menu option to make permissions permanent
Bug 14851: Set NoScript pref to disable permanent permissions

Muutokset v4.0.2 - v4.0.3

All Platforms
Update Firefox to 31.4.0esr
Update NoScript to 2.6.9.10
Update meek to 0.15
Update Tor Launcher to 0.2.7.0.2
Translation updates only

Muutokset v4.0.1 - v4.0.2

All Platforms
Update Firefox to 31.3.0esr
Update NoScript to 2.6.9.5
Update HTTPS Everywhere to 4.0.2
Update Torbutton to 1.7.0.2
Bug 13019: Synchronize locale spoofing pref with our Firefox patch
Bug 13746: Properly link Torbutton UI to thirdparty pref.
Bug 13742: Fix domain isolation for content cache and disk-enabled
browsing mode
Bug 5926: Prevent JS engine locale leaks (by setting the C library
locale)
Bug 13504: Remove unreliable/unreachable non-public bridges
Bug 13435: Remove our custom POODLE fix (fixed by Mozilla in 31.3.0esr)
Windows
Bug 13443: Fix DirectShow-related crash with mingw patch.
Bug 13558: Fix crash on Windows XP during download folder changing
Bug 13594: Fix update failure for Windows XP users

Muutokset v4.0 - v4.0.1

All Platforms
Update Tor to 0.2.5.10
Update NoScript to 2.6.9.3
Bug 13301: Prevent extensions incompatibility error after upgrades
Bug 13460: Fix MSVC compilation issue
Windows
Bug 13443: Disable DirectShow to prevent crashes on many sites
Bug 13091: Make app name 'Tor Browser' instead of 'Tor'

Muutokset v3.6.6 - v4.0

All Platforms
Update Firefox to 31.2.0esr
Udate fteproxy to 0.2.19
Update Tor to 0.2.5.8-rc (from 0.2.4.24)
Update NoScript to 2.6.9.1
Update Torbutton to 1.7.0.1 (from 1.6.12.3)
Bug 13378: Prevent addon reordering in toolbars on first-run.
Bug 10751: Adapt Torbutton to ESR31's Australis UI.
Bug 13138: ESR31-about:tor shows 'Tor is not working'
Bug 12947: Adapt session storage blocker to ESR 31.
Bug 10716: Take care of drag/drop events in ESR 31.
Bug 13366: Fix cert exemption dialog when disk storage is enabled.
Update Tor Launcher to 0.2.7.0.1 (from 0.2.5.6)
Bug 11405: Remove firewall prompt from wizard.
Bug 12895: Mention @riseup.net as a valid bridge request email address
Bug 12444: Provide feedback when “Copy Tor Log” is clicked.
Bug 11199: Improve error messages if Tor exits unexpectedly
Bug 12451: Add option to hide TBB's logo
Bug 11193: Change 'Tor Browser Bundle' to 'Tor Browser'
Bug 11471: Ensure text fits the initial configuration dialog
Bug 9516: Send Tor Launcher log messages to Browser Console
Bug 13027: Spoof window.navigator useragent values in JS WebWorker threads
Bug 13016: Hide CSS -moz-osx-font-smoothing values.
Bug 13356: Meek and other symlinks missing after complete update.
Bug 13025: Spoof screen orientation to landscape-primary.
Bug 13346: Disable Firefox 'slow to start' warnings and recordkeeping.
Bug 13318: Minimize number of buttons on the browser toolbar.
Bug 10715: Enable WebGL on Windows (still click-to-play via NoScript)
Bug 13023: Disable the gamepad API.
Bug 13021: Prompt before allowing Canvas isPointIn*() calls.
Bug 12460: Several cross-compilation and gitian fixes (see child tickets)
Bug 13186: Disable DOM Performance timers
Bug 13028: Defense-in-depth checks for OCSP/Cert validation proxy usage
Bug 4234: Automatic Update support (off by default)
Bug 11641: Reorganize bundle directory structure to mimic Firefox
Bug 10819: Create a preference to enable/disable third party isolation
Bug 13416: Defend against new SSLv3 attack (poodle).
Windows:
Bug 10065: Enable DEP, ASLR, and SSP hardening options
Linux:
Bug 13031: Add full RELRO hardening protection.
Bug 10178: Make it easier to set an alternate Tor control port and password
Bug 11102: Set Window Class to 'Tor Browser' to aid in Desktop navigation
Bug 12249: Don't create PT debug files anymore

Muutokset v3.6.5 - v3.6.6

Update Tor to tor-0.2.4.24
Update Firefox to 24.8.1esr
Update NoScript to 2.6.8.42
Update HTTPS Everywhere to 4.0.1
Bug 12998: Prevent intermediate certs from being written to disk
Update Torbutton to 1.6.12.3
Bug 13091: Use 'Tor Browser' everywhere
Bug 10804: Workaround fix for some cases of startup hang

Muutokset v3.6.3 - v3.6.4

Not yet ....

Muutokset v3.6.2 - v3.6.3

Update Firefox to 24.7.0esr
Update obfsproxy to 0.2.12
Update FTE to 0.2.17
Update NoScript to 2.6.8.33
Update HTTPS Everywhere to 3.5.3
Bug 12673: Update FTE bridges
Update Torbutton to 1.6.11.0
Bug 12221: Remove obsolete Javascript components from the toggle era
Bug 10819: Bind new third party isolation pref to Torbutton security UI
Bug 9268: Fix some window resizing corner cases with DPI and taskbar size.

Muutokset v3.6.1 - v3.6.2

All Platforms
Update Firefox to 24.6.0esr
Update OpenSSL to 1.0.1h
Update NoScript to 2.6.8.28
Update Tor to 0.2.4.22
Update Tor Launcher to 0.2.5.5
Bug 10425: Provide geoip6 file location to Tor process
Bug 11754: Remove untranslated locales that were dropped from Transifex
Bug 11772: Set Proxy Type menu correctly after restart
Bug 11699: Change &#160 to in UI elements
Update Torbutton to 1.6.10.0
Bug 11510: about:tor should not report success if tor proxy is unreachable
Bug 11783: Avoid b.webProgress error when double-clicking on New Identity
Bug 11722: Add hidden pref to force remote Tor check
Bug 11763: Fix pref dialog double-click race that caused settings to be reset
Bug 11629: Support proxies with Pluggable Transports
Updates FTEProxy to 0.2.15
Updates obfsproxy to 0.2.9
Backported Tor Patches:
Bug 11654: Fix malformed log message in bug11156 patch.
Bug 10425: Add in Tor's geoip6 files to the bundle distribution
Bugs 11834 and 11835: Include Pluggable Transport documentation
Bug 9701: Prevent ClipBoardCache from writing to disk.
Bug 12146: Make the CONNECT Host header the same as the Request-URI.
Bug 12212: Disable deprecated webaudio API
Bug 11253: Turn on TLS 1.1 and 1.2.
Bug 11817: Don't send startup time information to Mozilla.

Muutokset v3.6 - v3.6.1

All Platforms
Update HTTPS-Everywhere to 3.5.1
Update NoScript to 2.6.8.22
Bug 11658: Fix proxy configuration for non-Pluggable Transports users
Backport Pending Tor Patches:
Bug 8402: Allow Tor proxy configuration while PTs are present
Note: The Pluggable Transports themselves have not been updated to support proxy configuration yet.

Muutokset v3.5.4 - v3.6

All Platforms
Update Firefox to 24.5.0esr
Include Pluggable Transports by default:
Obfsproxy3 0.2.4, Flashproxy 1.6, and FTE 0.2.13 are now included
Bug 11586: Include license files for component software in Docs directory.
Bug 9010: Add Turkish language support.
Bug 9387 testing: Disable JS JIT, type inference, asmjs, and ion.
Update NoScript to 2.6.8.20
Update Tor Launcher to 0.2.5.4
Bug 9665: Localize Tor's unreachable bridges bootstrap error
Bug 10418: Provide UI configuration for Pluggable Transports
Bug 10604: Allow Tor status & error messages to be translated
Bug 10894: Make bridge UI clear that helpdesk is a last resort for bridges
Bug 10610: Clarify wizard UI text describing obstacles/blocking
Bug 11074: Support Tails use case (XULRunner and optional customizations)
Bug 11482: Hide bridge settings prompt if no default bridges.
Bug 11484: Show help button even if no default bridges.
Update Torbutton to 1.6.9.0:
Bug 11242: Fix improper 'update needed' message after in-place upgrade.
Bug 10398: Ease translation of about:tor page elements
Bug 9901: Fix browser freeze due to content type sniffing
Bug 10611: Add Swedish (sv) to extra locales to update
Bug 7439: Improve download warning dialog text.
Bug 11384: Completely remove hidden toggle menu item.
Backport Pending Tor Patches:
Bug 9665: Report a bootstrap error if all bridges are unreachable
Bug 11200: Prevent spurious error message prior to enabling network.
Bug 5018: Don't launch Pluggable Transport helpers if not in use
Bug 9229: Eliminate 60 second stall during bootstrap with some PTs
Bug 11069: Detect and report Pluggable Transport bootstrap failures
Bug 11156: Prevent spurious warning about missing pluggable transports
Mac:
Bug 4261: Use DMG instead of ZIP for Mac packages
Bug 9308: Prevent install path from leaking in some JS exceptions on Mac and Windows
Linux:
Bug 11190: Switch linux PT build process to python2
Bug 10383: Enable NIST P224 and P256 accel support for 64bit builds.
Windows:
Bug 9308: Prevent install path from leaking in some JS exceptions on Mac and Windows
Here is the changelog since the 3.6-beta-2:
All Platforms
Update Firefox to 24.5.0esr
Update Tor Launcher to 0.2.5.4
Bug 11482: Hide bridge settings prompt if no default bridges.
Bug 11484: Show help button even if no default bridges.
Update Torbutton to 1.6.9.0
Bug 7439: Improve download warning dialog text.
Bug 11384: Completely remove hidden toggle menu item.
Update NoScript to 2.6.8.20
Update fte transport to 0.2.13
Backport Pending Tor Patches:
Bug 11156: Additional obfsproxy startup error message fixes
Bug 11586: Include license files for component software in Docs directory.
Windows and Mac:
Bug 9308: Prevent install path from leaking in some JS exceptions on Mac and Windows builds

Muutokset v3.6 beta 1 - v3.6 beta 2

All Platforms
Update OpenSSL to 1.0.1g
Bug 9010: Add Turkish language support.
Bug 9387 testing: Disable JS JIT, type inference, asmjs, and ion.
Update fte transport to 0.2.12
Update NoScript to 2.6.8.19
Update Torbutton to 1.6.8.1
Bug 11242: Fix improper 'update needed' message after in-place upgrade.
Bug 10398: Ease translation of about:tor page elements
Update Tor Launcher to 0.2.5.3
Bug 9665: Localize Tor's unreachable bridges bootstrap error
Backport Pending Tor Patches:
Bug 9665: Report a bootstrap error if all bridges are unreachable
Bug 11200: Prevent spurious error message prior to enabling network.
Linux:
Bug 11190: Switch linux PT build process to python2
Bug 10383: Enable NIST P224 and P256 accel support for 64bit builds.
Windows:
Bug 11286: Fix fte transport launch error

Muutokset v3.5.2.1 - v3.6 beta 1

All Platforms
Update Firefox to 24.4.0esr
Include Pluggable Transports by default:
Obfsproxy3 0.2.4, Flashproxy 1.6, and FTE 0.2.6 are now included
Update Tor Launcher to 0.2.5.1
Bug 10418: Provide UI configuration for Pluggable Transports
Bug 10604: Allow Tor status & error messages to be translated
Bug 10894: Make bridge UI clear that helpdesk is a last resort for
bridges
Bug 10610: Clarify wizard UI text describing obstacles/blocking
Bug 11074: Support Tails use case (XULRunner and optional
customizations)
Update Torbutton to 1.6.7.0:
Bug 9901: Fix browser freeze due to content type sniffing
Bug 10611: Add Swedish (sv) to extra locales to update
Update NoScript to 2.6.8.17
Update Tor to 0.2.4.21
Backport Pending Tor Patches:
Bug 5018: Don't launch Pluggable Transport helpers if not in use
Bug 9229: Eliminate 60 second stall during bootstrap with some PTs
Bug 11069: Detect and report Pluggable Transport bootstrap failures
Bug 11156: Prevent spurious warning about missing pluggable transports
Bug 10237: Disable the media cache to prevent disk leaks for videos
Bug 10703: Force the default charset to avoid locale fingerprinting
Bug 10104: Update gitian to fix LXC build issues (for non-KVM/VT builders)
Mac:
Bug 4271: Use DMG instead of ZIP for Mac packages
Linux:
Bug 9533: Fix keyboard input on Ubuntu 13.10
Bug 9896: Provide debug symbols for Tor Browser binary
Bug 10472: Pass arguments to the browser from Linux startup script

Muutokset v3.5.3 - v3.5.4

Update OpenSSL to 1.0.1g

Muutokset v3.5.2.1 - v3.5.3

All Platforms
Update Firefox to 24.4.0esr
Update Torbutton to 1.6.7.0:
Bug 9901: Fix browser freeze due to content type sniffing
Bug 10611: Add Swedish (sv) to extra locales to update
Update NoScript to 2.6.8.17
Update Tor to 0.2.4.21
Bug 10237: Disable the media cache to prevent disk leaks for videos
Bug 10703: Force the default charset to avoid locale fingerprinting
Bug 10104: Update gitian to fix LXC build issues (for non-KVM/VT builders)

Muutokset v3.5.2 - v3.5.2.1

Muutokset v3.5.1 - v3.5.2

Muutokset v2.3.25-13 - v2.3.25-14

Muutokset v2.3.25-12 - v2.3.25-13

Update Firefox to 17.0.9esr
https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#f...
Update HTTPS Everywhere to 3.4.1
Update NoScript to 2.6.7.1
Remove extraneous libevent libraries (closes: #9727)
Enable GCC hardening for Tor
Firefox patch changes:
◦- Disable filtered results in Startpage omnibox (closes: #8839)

Muutokset v2.3.25-6 - v2.3.25-8

Muutokset v2.3.25-4 - v2.3.25-5

Muutokset v2.3.25-2 - v2.3.25-4

Muutokset v2.3.25-1 - v2.3.25-2

Muutokset v2.2.39-5 - v2.3.25-1

Muutokset v2.2.39-4 - v2.2.39-5

Muutokset v2.2.39-3 - v2.2.39-4

Muutokset v2.2.39-1 - v2.2.39-3

Muutokset v2.2.38-2 - v2.2.39-1

Update Tor to 0.2.2.39
Update NoScript to 2.5.4

Muutokset v2.2.38-1 - v2.2.38-2

Muutokset v2.2.37-2 - v2.2.38-1

Tor Browser Bundle Mac

Muutokset v2.2.37-2 - v2.3.20 alpha 1

Muutokset v2.2.35-11 - v2.2.35-12

Muutokset v2.2.35-10 - v2.2.35-11

Tor Browser Bundle For Mac

What Is Tor Browser Bundle

Muutokset v2.2.35-8 - v2.2.35-9

Tor Browser Bundle Cnet

Muutokset v2.2.35-7 - v2.2.35-8

Muutokset v2.3.25-2 - v2.3.25-3