To Maxr:
Bookmarks matter to users, but not to privacy, as they aren't transmitted. Overwriting torrc means routing changes which can matter a LOT. The Tails distro is complaining about this very issue in TBB and trying to work around it.
Vidalia, well...appearance settings don't even take...aside from other brokenness. Tor Project is folding Vidalia into their browser. See 3.0 alpha release. So it's pointless trying to fix, I guess.
To Boskote:
Thanks for the interest and help.
Key signing has more to do with makepkg than pacaur. Still it'd be nice if pacaur would bail on fail. Your remark on -m lost me. If the download won't validate, there's no point building a package from it.
On the wiki I'd advise
sudo pacman-key --recv-keys 0x63FEE659
sudo echo "GNUPGHOME=/etc/pacman.d/gnupg" >> /etc/makepkg.conf
with explanation that makepkg will now use pacman keyrings as it should, rather than personal e-mail keyrings.
A special AUR keyring package for Tor Project might help. In core repo lives archlinux-keyring, for example. A similar package could become a dep for tor-browser. Then the keyring packager could monitor all the subtleness plus personnel or key changes at Tor Project. A separate package then nicely separates concerns from TBB proper.
GnuPG should already be a dep for tor-browser. That flag with a Tor Project keyring package dep would encapsulate the whole mess, I expect.
Search Criteria
Package Details: tor-browser-bin 14.0.6-1
Package Actions
| Git Clone URL: | https://aur.archlinux.org/tor-browser-bin.git (read-only, click to copy) |
|---|---|
| Package Base: | tor-browser-bin |
| Description: | Tor Browser Bundle: anonymous browsing using Firefox and Tor |
| Upstream URL: | https://www.torproject.org/projects/torbrowser.html |
| Licenses: | MPL-2.0 |
| Conflicts: | tor-browser |
| Provides: | tor-browser |
| Submitter: | FabioLolix |
| Maintainer: | grufo (jugs) |
| Last Packager: | jugs |
| Votes: | 1286 |
| Popularity: | 5.92 |
| First Submitted: | 2023-09-24 17:45 (UTC) |
| Last Updated: | 2025-02-09 21:27 (UTC) |
Dependencies (19)
- alsa-lib
- dbus-glib
- desktop-file-utils (desktop-file-utils-gitAUR)
- hicolor-icon-theme (hicolor-icon-theme-gitAUR)
- hunspell (hunspell-gitAUR)
- icu (icu-gitAUR)
- libevent (libevent-gitAUR)
- libvpx (libvpx-full-gitAUR, libvpx-gitAUR)
- libxt
- mime-types (mailcap)
- nss (nss-hgAUR)
- sqlite (sqlite-fossilAUR)
- startup-notification
- gst-libav (gst-libav-gitAUR) (optional) – H.264 video
- gst-plugins-good (gst-plugins-good-gitAUR) (optional) – H.264 video
- kdialog (kdialog-gitAUR) (optional) – KDE dialog boxes
- libnotify (libnotify-gitAUR) (optional) – Gnome dialog boxes
- libpulse (pulseaudio-dummyAUR, libpulse-gitAUR) (optional) – PulseAudio audio driver
- zenity (zenity-gtk3AUR, zenity-gitAUR, qarma-gitAUR) (optional) – simple dialog boxes
Required by (0)
Sources (8)
- https://dist.torproject.org/torbrowser/14.0.6/tor-browser-linux-i686-14.0.6.tar.xz
- https://dist.torproject.org/torbrowser/14.0.6/tor-browser-linux-i686-14.0.6.tar.xz.asc
- https://dist.torproject.org/torbrowser/14.0.6/tor-browser-linux-x86_64-14.0.6.tar.xz
- https://dist.torproject.org/torbrowser/14.0.6/tor-browser-linux-x86_64-14.0.6.tar.xz.asc
- tor-browser.desktop.in
- tor-browser.in
- tor-browser.png
- tor-browser.svg
DaveCode commented on 2013-08-13 01:37 (UTC)
Boskote commented on 2013-08-12 09:14 (UTC)
Based on this discussion, I have updated the wiki page for Tor with more recent information about the Tor Browser Bundle, including a tip on how to add the tor dev signing keys to gpg for signature verification through makepkg: https://wiki.archlinux.org/index.php/Tor#Web_browsing
DaveCode,
Hopefully the update to the .install file for this package, and on the Tor wiki page, will make the signature verification process less confusing. I'm also a pacaur user, and I just noticed the pacaur -m option. To build but not install. This gives an opportunity to --recv-keys the required key (and rebuild to verify) before installing the package. I agree that support for signature verification could be developed further as a feature of an AUR helper (if it isn't already). I'm thinking of starting a thread about it on the forums. If I do I'll let you know.
Maxr commented on 2013-08-10 06:20 (UTC)
In fact I consider the complete rewrite of ~/.tor-browser-en as a privacy feature. Nevertheless, I will have a look into this in two weeks after my vacation. The closing misbehaviour persists since AFAIK the start of this package. No idea why. I do not think it is really a problem. Feel free to investigate if you want to.
DaveCode commented on 2013-08-09 22:22 (UTC)
1. App closure is misbehaved - Vidalia stays open - fails to obey
tor-browser-en/INSTALL/Docs/README-TorBrowserBundle
"To exit, close Firefox. Vidalia will automatically clean up and exit."
2. Package updates wrongly overwrite customized torrc, vidalia.conf, and prefs.js (use *.pacnew for updated files).
3. To Boskote:
Put it the other way. Personal keyrings are for personal keys. So dropping AUR keys in personal rings is wrong. There is vastly more justification/rationale to have AUR keys mixed with dev packager keys.
I think we're just looking at a default situation that has fallen out of previous inertia. Nobody sat down and thought about it. Any dev intentions causing this situation should change -- I see none -- though I haven't looked beyond my last post.
A keyring can serve more than one need. AUR/Arch packages are close relatives, neighbors; all their keys belong on the same ring. If devs want separation, then they should create an AUR keyring just for AUR packages, as they made a package keyring for official packages.
Personally the amount of research needed to understand the matter tells me it's messed up. An experienced user should not need so much effort and I wasn't alone.
Lastly, and most importantly, any AUR helper tool that installs non-passing packages defeats the entire purpose. Pacaur emits a warning, but still installs, unless your fingers are really quick with Ctrl-C. I don't know about others.
- thanks -
ZaZam commented on 2013-08-07 14:13 (UTC)
Thanks Boskote. I got it working.
Maxr commented on 2013-08-07 08:17 (UTC)
Thanks for explanation. Just to clarify: It should be possible to use any browser with tor (providing you do the proxy configuration right). However, there are many ways to miss some important privacy/security related options when not using the builtin fixes provided by Torbutton (see https://www.torproject.org/torbutton/) which is only available within TBB, unfortunately.
Boskote commented on 2013-08-07 07:27 (UTC)
The tor project no longer supports using tor through any browser other than the tor browser bundle, including regular firefox (TBB uses a patched version of firefox ESR):
https://www.torproject.org/docs/faq.html.en#TBBOtherBrowser
The standalone tor and vidalia packages still exist "for use by experts and relay operators". ZaZam, you can use Tor Browser from the TBB with your already installed versions of tor and vidalia with a simple change to the ~/.tor-browser-en/INSTALL/start-tor-browser script:
https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers#UseTorBrowserwithalocallyinstalledTorVidaliaNIXONLY
However, as Maxr explained in his comment on 2012-03-11, the contents of ~/.tor-browser-en get rewritten with the first call of TBB after each update. So you may need to redo the change to the start-browser-script with every update of the package.
Maxr commented on 2013-08-07 06:30 (UTC)
The package is distributed by the tor team as is for all those who don't want to install 3 software packages and configure them to work together. If you do not need the whole package, why don't you just install firefox in addition to your tor setup?
Pinned Comments
grufo commented on 2019-08-15 02:22 (UTC)
Before running
makepkg, you must do this (as normal user):$ gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.orgIf you want to update tor-browser from AUR without AUR helpers you can run in a terminal:
$ tor-browser -u