Tor is a software project that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security. Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. Tor works with many of your existing applications, including web browsers, instant messaging clients, remote login, and other applications based on the TCP protocol.

Security fixes:

• Fix a heap-corruption bug that may be remotely triggerable on
  some platforms. Reported by Ilja van Sprundel.

Major bugfixes:

• When a stream at an exit relay is in state "resolving" or
  "connecting" and it receives an "end" relay cell, the exit relay
  would silently ignore the end cell and not close the stream. If
  the client never closes the circuit, then the exit relay never
  closes the TCP connection. Bug introduced in Tor 0.1.2.1-alpha;
  reported by "wood".
• When sending CREATED cells back for a given circuit, use a 64-bit
  connection ID to find the right connection, rather than an addr:port
  combination. Now that we can have multiple OR connections between
  the same ORs, it is no longer possible to use addr:port to uniquely
  identify a connection.
• Bridge relays that had DirPort set to 0 would stop fetching
  descriptors shortly after startup, and then briefly resume
  after a new bandwidth test and/or after publishing a new bridge
  descriptor. Bridge users that try to bootstrap from them would
  get a recent networkstatus but would get descriptors from up to
  18 hours earlier, meaning most of the descriptors were obsolete
  already. Reported by Tas; bugfix on 0.2.0.13-alpha.
• Prevent bridge relays from serving their 'extrainfo' document
  to anybody who asks, now that extrainfo docs include potentially
  sensitive aggregated client geoip summaries. Bugfix on
  0.2.0.13-alpha.
• If the cached networkstatus consensus is more than five days old,
  discard it rather than trying to use it. In theory it could be
  useful because it lists alternate directory mirrors, but in practice
  it just means we spend many minutes trying directory mirrors that
  are long gone from the network. Also discard router descriptors as
  we load them if they are more than five days old, since the onion
  key is probably wrong by now. Bugfix on 0.2.0.x. Fixes bug 887.

Minor bugfixes:

• Do not mark smartlist_bsearch_idx() function as ATTR_PURE. This bug
  could make gcc generate non-functional binary search code. Bugfix
  on 0.2.0.10-alpha.
• Build correctly on platforms without socklen_t.
• Compile without warnings on solaris.
• Avoid potential crash on internal error during signature collection.
  Fixes bug 864. Patch from rovv.
• Correct handling of possible malformed authority signing key
  certificates with internal signature types. Fixes bug 880.
  Bugfix on 0.2.0.3-alpha.
• Fix a hard-to-trigger resource leak when logging credential status.
  CID 349.
• When we can't initialize DNS because the network is down, do not
  automatically stop Tor from starting. Instead, we retry failed
  dns_inits() every 10 minutes, and change the exit policy to reject
  *:* until one succeeds. Fixes bug 691.
• Use 64 bits instead of 32 bits for connection identifiers used with
  the controller protocol, to greatly reduce risk of identifier reuse.
• When we're choosing an exit node for a circuit, and we have
  no pending streams, choose a good general exit rather than one that
  supports "all the pending streams". Bugfix on 0.1.1.x. Fix by rovv.
• Fix another case of assuming, when a specific exit is requested,
  that we know more than the user about what hosts it allows.
  Fixes one case of bug 752. Patch from rovv.
• Clip the MaxCircuitDirtiness config option to a minimum of 10
  seconds. Warn the user if lower values are given in the
  configuration. Bugfix on 0.1.0.1-rc. Patch by Sebastian.
• Clip the CircuitBuildTimeout to a minimum of 30 seconds. Warn the
  user if lower values are given in the configuration. Bugfix on
  0.1.1.17-rc. Patch by Sebastian.
• Fix a memory leak when we decline to add a v2 rendezvous descriptor to
  the cache because we already had a v0 descriptor with the same ID.
  Bugfix on 0.2.0.18-alpha.
• Fix a race condition when freeing keys shared between main thread
  and CPU workers that could result in a memory leak. Bugfix on
  0.1.0.1-rc. Fixes bug 889.
• Send a valid END cell back when a client tries to connect to a
  nonexistent hidden service port. Bugfix on 0.1.2.15. Fixes bug
  840. Patch from rovv.
• Check which hops rendezvous stream cells are associated with to
  prevent possible guess-the-streamid injection attacks from
  intermediate hops. Fixes another case of bug 446. Based on patch
  from rovv.
• If a broken client asks a non-exit router to connect somewhere,
  do not even do the DNS lookup before rejecting the connection.
  Fixes another case of bug 619. Patch from rovv.
• When a relay gets a create cell it can't decrypt (e.g. because it's
  using the wrong onion key), we were dropping it and letting the
  client time out. Now actually answer with a destroy cell. Fixes
  bug 904. Bugfix on 0.0.2pre8.

Minor bugfixes (hidden services):

• Do not throw away existing introduction points on SIGHUP. Bugfix on
  0.0.6pre1. Patch by Karsten. Fixes bug 874.

Minor features:

• Report the case where all signatures in a detached set are rejected
  differently than the case where there is an error handling the
  detached set.
• When we realize that another process has modified our cached
  descriptors, print out a more useful error message rather than
  triggering an assertion. Fixes bug 885. Patch from Karsten.
• Implement the 0x20 hack to better resist DNS poisoning: set the
  case on outgoing DNS requests randomly, and reject responses that do
  not match the case correctly. This logic can be disabled with the
  ServerDNSRamdomizeCase setting, if you are using one of the 0.3%
  of servers that do not reliably preserve case in replies. See
  "Increased DNS Forgery Resistance through 0x20-Bit Encoding"
  for more info.
• Check DNS replies for more matching fields to better resist DNS
  poisoning.
• Never use OpenSSL compression: it wastes RAM and CPU trying to
  compress cells, which are basically all encrypted, compressed, or
  both.

Program Information Category: Internet and communication Type: Free Version: 0.2.0.33 Size: 7.96MB Works on: Windows Product page: here