The Portable Freeware Collection Forums

[Moderator note: this thread is made up of several update notices combined into one. Some redundancy will occur.]

----

ofcourse they updated it like right after it was added, -_-

Anyways, new version:
http://www.vidalia-project.net/dist/vid ... -0.0.9.exe
(the old link wont work anymore as you Have to update Tor to be able to use it,)

Tor version: 0.1.1.26
Vidalia version: 0.0.9
Privoxy version: 3.0.6


And, yeah, Andy, about you saying it was one of the biggest install instructions,
it all takes alot, thats for sure, -_-
it took me like over an hour to get the thing to work right in the first place,
like it being portable is an easter-egg to the program or something, >.<

I have updated the download link. Thanks!

PortableTor has been updated, and fixes several problems:

- Location of torrc has been changed to a better location, the Tor folder
- Updated to the most recent versions of Tor and Vidalia, fixing a major security flaw with torrc
- Fixed a problem where PortableTor was using the Application Data folder for some settings. Created a DataDirectory folder to hold the necessary files, and PortableTor no longer saves onto the host system.

Questions can be directed to silivrenion@gmail.com.

Thanks!

rev2
- window fixes, file performance and neatness improvements, 50% reduction in filesizes

http://portabletor.sf.net

Ah, good stuff.

I found an option in the torrc I was not previously aware of - "AvoidDiskWrites". I'm going to include this in my next release.

I'm interested to know what the security flaw in the config was?

The update was released via tor.eff.org(http://archives.seul.org/or/announce/Au ... 00000.html):

Tor 0.1.2.16 fixes a critical security vulnerability that allows a
remote attacker in certain situations to rewrite the user's torrc
configuration file. This can completely compromise anonymity of users
in most configurations, including those running the Vidalia bundles,
TorK, etc. Or worse.

Users who do not have ControlPort enabled are secure; if you are not
sure, you should upgrade and you should probably overwrite your torrc
file with the default when you upgrade. More details will be posted over
the next few days.

is out

http://sourceforge.net/project/showfile ... _id=194105

Thx silivrenion!

BR
z.

Tor 0.1.2.17 leaves a file behind in the Application Data folder, so PortableTor is no longer stealth as it does not handle this.

I honestly don't know why anyone is still using PortableTor, when I have updated Torvox to the latest Tor and Vidalia builds (available here: http://portablefreeware.com/forums/view ... 9&start=21)

Torvox does so much more, it follows PortableApps Format standard for easy integration into the PortableApps Menu, and it can rewrite the config files if they are deleted.

On top of that, the newest Torvox version deletes the stray Tor state file left behind, so Torvox is still stealth (in the sense OperaUSB is - it cleans up after itself).

Well M@tty, I do prefer your version, but silivrenion was quicker on the update though, so never mind

I had this version written the day after the new builds came out, but I forgot I hadn't released them. When I read your topic in the other board, it reminded me to release them (and update the readme and version information in the process).

Don't be bashing PortableTor. If there's any bugs, its because users haven't reported a problem. I correct everything thrown at me, and my testing has shown that everything is fine, but if you find a file left behind or anything, there's forums available on the sourceforge site for the project where you can post anything you find about the project.

The PortableTor I maintain is useful for so many people, and generally the reason why people choose PortableTor is because it was mass-publicized and created first. I love your enthusiasm that to fix a problem, you'll make a new version, but there's a separation there: don't tell people "i don't know why you're using XX software, cause mine's a million times better." Honestly, we both have our pros and cons in software.

Because of this post, I have found that a file "state" is left in folder "tor" in Application Data, and I will release a fix for this sometime today.

I encourage people to submit bugs that are found on the bug tracker at http://sourceforge.net/tracker/?atid=94 ... unc=browse

Edit:
Now some of my logic behind what's happening. I think this is a bug in Tor itself, that even if the DataDirectory function is set, there is still a blank remnant left over. it doesn't carry any data, its just created blankly before Tor thinks about what its doing. Deleting the file is an ok thing to do, but it doesn't exactly solve the problem. I'll see why this happens, and get back to here about it.

My reasoning behind not auto regenerating files is simply that I want to let the end user control their configuration completely. Besides, not many people will go corrupting the Tor directories, and if they did, they'd probably delete a program file too, making a reextract the only solution. hey, if you break your Tor, why don't you just extract the program again? It's only a 6MB download.

More updates soon on what I find.

The remnant error has been identified as a bug in Tor itself, NOT the PortableTor build. This means that both of our builds are susceptible of putting a blank file on the system, a not-so-serious security threat as far as I can see. They are working on fixing it, but I'll add some code to temporarily fix the problem.

See http://bugs.noreply.org/flyspray/index. ... ils&id=499

I'm not bashing PortableTor - it does the job it is meant to, but Torvox has a lot more handling for errors and can recover the config files if accidentally deleted. I think you mistake the way it does this though - it doesn't rewrite the config files every time it is loaded - it rewrites the default portable settings if the config files are not present. The user still has full configuration over the config files once they are created, and it will not overwrite their settings.

And I realise the problem lies in Tor, not PortableTor, which is why I put:

Tor 0.1.2.17 leaves a file behind in the Application Data folder, so PortableTor is no longer stealth as it does not handle this.

The key bit being "as it does not handle this", whereas Torvox attempts to by deleting the file.

It's like OpenOffice.org vs Microsoft Office, they both do the same job essentially but some people prefer one or the other. The reason I feel my build does a better job - Torvox does everything PortableTor does, as well as following PortableApps format for integration into the PAM, not because I think your software is useless.

And yes, Torvox will still put a state file on the computer if the user stops and starts Tor, but it will not leave the state file there if they just open Torvox then point their applications to the proxy - whereas PortableTor does.

Anyway at the end of the day the end user will make their own decision, I'm just presenting the facts. It isn't like I class them as in competition, as they are both freeware solutions. Cheer up =D

There's good news for both of us, the newest release coming out fixes the issue. Also, I'm moving to PAM format, which means mandatory auto recovery of the data configs too. Good updates coming up!

That's good to hear, my solution was kind of dirty, but at least it worked. I'll be happy when I can chop it out of the code though.

One problem you may run into, how do batch scripts handle setting of the working directory? Because the PAM is, well, somewhat inflexible.

EDIT:

fix should appear in 0.2.0.7-alpha and in 0.1.2.18.