Why am I getting so many update notifications for TOR?

I have the flatpak version of TOR installed and it seems like I get a notification to update it in Pamac every 2-3 days. It seems really annoying.

What’s even more confusing everytime I check the version I’m updating to its the exact same one: 0.3.6

Unfortunately there are no date details I can check to see if the update is truly legitimate or if it is a bug.

Why is this happening and how can I fix it?

According to Flathub, version 0.3.6 was released on December 13, and is the most recent version.


Use the torbrowser-launcher from the repo

Source: GitHub - micahflee/torbrowser-launcher: Securely and easily download, verify, install, and launch Tor Browser in Linux

Tor Browser Launcher is intended to make Tor Browser easier to install and use for GNU/Linux users. You install torbrowser-launcher from your distribution’s package manager and it handles everything else:

  • Downloads and installs the most recent version of Tor Browser in your language and for your computer’s architecture, or launches Tor Browser if it’s already installed (Tor Browser will automatically update itself)
  • Verifies Tor Browser’s signature for you, to ensure the version you downloaded was cryptographically signed by Tor developers and was not tampered with
  • Adds “Tor Browser” and “Tor Browser Launcher Settings” application launcher to your desktop environment’s menu
  • Includes AppArmor profiles to make a Tor Browser compromise not as bad
  • Optionally plays a modem sound when you open Tor Browser (because Tor is so slow)

The version of Tor might be the same but the flatpack “package” might get updated to fix some issues.
When it comes to version number, i personally am running this at moment:

> tor --version
Tor version
Tor is running on Linux with Libevent 2.1.12-stable, OpenSSL 3.0.5, Zlib 1.2.11, Liblzma 5.2.5, Libzstd 1.5.2 and Glibc 2.36 as libc.
Tor compiled with GCC version 12.2.0

Which is not a flatpack but normal package version on Kubuntu, using the repo of the tor project itself…

> cat /etc/apt/sources.list.d/tor-project.list 
deb [arch=amd64 signed-by=/usr/share/keyrings/deb.torproject.org-keyring.gpg] tor+https://deb.torproject.org/torproject.org kinetic main

Download Tor only from their site, extract it, and run it from the folder. Never use Tor from any other source including from Manajro.

1 Like

Right, but I meant if there were actually new updates that for some reason were sticking to the old version number.

But the fact that update is 2 months old, and I am receiving notifications for it every two days, means something else is wonky.

So using the community repo version was my first option. Unfortunately it didn’t work. TOR ismply wouldn’t launch (and that too on a fresh install).

I was at a loss of what to do so I decided to install flatpak version which works fine, except fort eh update issue

I know that’s the advice they give, but given the open source nature, can’t we trust flatpak and distro versions?

Also while that is what I would have done on windows, during my first days on Linux I was strictly told never to install things using the windows appraoch; and only get sfotware from distro repo.

Fresh install has nothing to do with it.

It’s the version you can guarantee has not been altered by outside sources. As for Flatpaks you have no guarantee that the browser has not been altered. You do realize a flatpak, snap, appimage, etc… is installing items just like you would a exe file, right? As for extracting a package and running a program from it’s content ALL OS’s you can do that on, it’s NOT “just the Windows way”. :man_facepalming: :man_facepalming: :man_facepalming: