New Release: Tor Browser 10.0.16
Tor Browser 10.0.16 is now available from the Tor Browser download page and also from our distribution directory.
This version updates Firefox to 78.10esr and Fenix 88.1.3 for Android devices. In addition, Tor Browser 10.0.16 updates NoScript to 11.2.4, and adds localization in Burmese. This version includes important security updates to Firefox for Desktop and security updates to Firefox for Android.
Warning:
Tor Browser will stop supporting version 2 onion services later this year. Please see the previously published deprecation timeline. Migrate your services and update your bookmarks to version 3 onion services as soon as possible.
Note: New macOS Users, please report if you experience trouble with Gatekeeper when installing this Tor Browser version, and provide the error and the version of macOS you are using.
Note: The Android Tor Browser update will be available next week.
The full changelog since Desktop and Android Tor Browser 10.0.15:
- Windows + OS X + Linux
- Android
- Update Fenix to 88.1.3
- Update HTTPS Everywhere to 2021.4.15
- Update NoScript to 11.2.6
- Translations update
- Bug 40052: Rebase android-components patches for Fenix 88
- Bug 40162: Disable Numbus experiments
- Bug 40163: Rebase Fenix patches to Fenix 88.1.3
- Bug 40423: Disable http/3
- Bug 40425: Rebase 10.5 patches on 88.0.1
- Build System
- Android
Changes:
- Updated on 2021-04-23 to include Mozilla's Security Advisory
- Updated on 2021-06-03 to include Android release information
Comments
Please note that the comment area below has been archived.
No link to security fixes?…
No link to security fixes? Hrm...
Added now. Thanks
Added now. Thanks
> Tor Browser will stop…
> Tor Browser will stop supporting version 2 onion services later this year.
So what are the plans for content at:
onion.debian.org
onion.torproject.org
?
onion.torproject.org already…
onion.torproject.org already has v3 addresses. Please contact Debian for more information about their onion services.
V2 addresses are being…
V2 addresses are being deprecated too early.
The work that has been done to date to make v3s more accessible is inadequate. Please resume support for v2 (possibly with warnings) until an better solution is found, having to use old code bases is suboptimal.
Unfortunately that isn't…
Unfortunately that isn't realistic. Version 2 onion services have lived longer than they should. They will likely not be secure within the next five years, and we won't know when that happens until it's too late. Simply adding a warning will not force migration to version 3 addresses.
Accessibility of v3 addresses will improve as more people use them and the community adopts a solution.
Hang on. People in the…
People in the community are saying there is a problem with the current tools and then Tor Project tells them, "Community you try to work out how to deal with problems we create." That's really not right. We do have time to work out a solution, so work it out first regardless of what we think about how long we've been using them. Also, I've seen suggestions provided, over the years and they seem to get ignored. It is overkill to have 50 chars. Expect hidden services to jump ship to I2P and renewed interest in other anonymous networks, because I'm going to be honest here, this is not good at all. I already see services breaking down and now I'm under the impression Tor devs don't want to use a solution.
1. This is a known issue…
1. This is a known issue. The Tor Project is part of the larger Tor community, and a solution will be found one way or another. However, the security, anonymity, and privacy properties of Tor must be maintained and moving to v3 addresses is necessary.
2. Version 2 onion services had similar usability and accessibility issues, those issues were simply less extreme. Some sites created vanity addresses, but that is not a solution for everyone and vanity addresses lead to other problems. In short, v3 onion addresses are not significantly worse than v2 addresses.
3. 50 characters is not overkill. This is the correct length for Tor's security parameters.
4. If you or anyone else has a viable solution, then please restart that conversation. We are already testing Namecoin and a centralized list.
Why can you not make v2 and…
Why can you not make v2 and v1 length names with the v3 crypto? It's pretty rude to do this with the community.
Correct, that is not…
Correct, that is not something Tor can do. Tor must be able to deprecate and delete old code and features. Tor can't indefinitely grow in size and complexity.
> having to use old code…
> having to use old code bases is suboptimal.
There's the crux of it based on the comments I've read--libraries, modules, and userspace applications that aren't updated to version 3 onion services. Could you all MAKE A LIST of those and write them in a bug ticket, reddit thread, on a wiki, somewhere so at least they're together and everyone can find quickly which software projects are in need of repair?
Add Burmese as a new locale …
For Myanmar. Become a Tor translator. It's safer for people living outside of Myanmar to become translators of Burmese (language code: my). To sign up, you need an e-mail address. If you want more pseudonymity, you can create an e-mail inbox that is on a temporary service or an address that you intend to use only for Tor Project. Some e-mail services allow you to create and login to the e-mail address through Tor. If you do that, then also adjust your behavior (OpSec) based on your threat model.
Welcome, Burmese. To find…
Welcome, Burmese. To find all languages, open the download page. Under the big circles, click "Download in another language or platform". Burmese is listed as "မြန်မာစာ (my)".
An old Tor bug biting me…
An old Tor bug biting me sometimes:
[warn] {DIR} Received http status code 404 ("Consensus is too old") from server x.x.x.x:443 while fetching consensus directory.
Whenever Tor has started with this error message, all my v3 onionsites are unreachable, and I have to restart Tor. V2 onions are not affected. Please fix ASAP.
Yes, tor needs a recent…
Yes, tor needs a recent consensus so it can reach v3 onion services. This is a requirement.
Did you change any settings in Tor, or are you using the default configuration in Tor Browser? Did you enable bridges?
Yes, tor needs a recent…
Would it be possible to retry downloading the consensus from different entry nodes until it gets one that is recent enough?
No Tor settings changed, no bridges enabled.
Did you change any settings…
No Tor configuration changes besides setting up the onion services, and no bridges enabled. Apparently the client always tries to fetch the consensus from the same directory guard even if it failed, and the retry interval is 90 minutes, which is too long.
https://bugzilla.mozilla.org…
https://bugzilla.mozilla.org/show_bug.cgi?id=1700866
Thanks.
Thanks.
Keep it going!
Keep it going!
When I opened Tor browser…
When I opened Tor browser before the 10.0.16 update there was one tab open and on the right of the tab was a '+'. When I clicked this '+' a new tab opened, which was extremely handy. Since the 10.0.16 update this '+' has disappeared and now I can only open a new tab via File in the menu bar and then selecting 'new tab'. I find this very annoying so I uninstalled the update and reinstalled the previous version.
That button wasn't…
That button wasn't intentionally removed, and I have it in my 10.0.16 instance. Which operating system are you using?
> this '+' has disappeared…
> this '+' has disappeared and now I can only open a new tab via File in the menu bar and then selecting 'new tab'.
Were you customizing the toolbars? It sounds like you accidentally dragged the New Tab button off of the toolbar. Open the main menu in the top right (also known as the hamburger menu because the button's icon is 3 horizontal lines). In the menu, click Customize... The window will change and have a grid of button icons. Find the icon named "New Tab," and drag it with the mouse into the toolbar near the spot you want the button to be. Finally, at the bottom right, click Done.
Since you're using the File menu, you can also find the Customize item in the View menu --> Toolbars --> Customize...
> which was extremely handy.
Tor Browser is based on Mozilla Firefox. Standard browser features such as tabs are adopted from them. They are free/libre open source software.
I used tor browser on…
I used tor browser on Windows 10 with safer setting, to download from rapidgator. Rapidgator don't allow me to download again in the next 2 hours. So I used the new identity feature in the browser and tried download another file from rapidgator but rapd gator said no download for next 2 hours for this ip address. I tried the safest setting and did the new identity 3 four times, yet rapidgator identified my ip address and said no downloads for next 2 hours. So rapidgator can easily identify a tor user, it's not anonymous at all
The more likely explanation…
The more likely explanation is that other people are downloading from RapidGator, too, and they used many of the Tor Exit nodes already.
This is not an uncommon…
This is not an uncommon thing that happens when you use tor. All the millions of tor users are using the same ~1000 exit nodes. If RapidGator limits your usage, you're bound to have been affected by someone else's usage.
@Nobody Tor Support, linked…
@Nobody
Tor Support, linked at the top of torproject.org
All the comments in here are…
All the comments in here are replies even though they look like they are intended to be top-level comments?
Indentation broke in…
Indentation broke in February or March. It's a bug.
Latest Windows has…
Latest Windows has intermittent issues:
[04-26 06:56:00] TorLauncher NOTE: failed to open authenticated connection: [Exception... "Component returned failure code: 0x804b000d (NS_ERROR_CONNECTION_REFUSED) [nsIBinaryOutputStream.writeBytes]" nsresult: "0x804b000d (NS_ERROR_CONNECTION_REFUSED)" location: "JS frame :: jar:file:///C:/Tor%20Browser/Browser/browser/omni.ja!/chrome/torlauncher/components/tl-protocol.js :: _sendCommand :: line 890" data: no]
Is that at start-up or do…
Is that at start-up or do you see that after using the browser for some time?
at start-up
at start-up
That's probably the same…
That's probably the same issue as is being tracked in https://gitlab.torproject.org/tpo/applications/torbutton/-/issues/23918. Please help us make progress on that, if you can.
indeed, that seems to be…
indeed, that seems to be related to the timeouts being set to very small values in your app.
Android version when?
Android version when?
This week.
This week.
Hello, would you add an…
Hello, would you add
Thank you.
When I download a new…
When I download a new version of Tor Browser, I can't see the Top menu: File-Edit-View-History.
If I enable the Top Menu using View-ToolBars- Menu Bar
do I change the fingerprint of my browser and become more unique?
Thank you
Possibly. You can see the…
Possibly. Your browser is likely not unique, but it is one additional distinguisher from other users.
You can see the effect of it on https://arkenfox.github.io/TZP/tzp.html. Under the "screen" section, the "resolution" and "inner/outer window" values should change.
Identification of browsers -…
Identification of browsers - https://schemeflood.com/ - it tells me (16.05.2021) - "10FVVUV - This is your identifier. It was seen 292 times among 29494 tests so far.
That means it is 99.01% unique."
Yes, that is https://gitlab…
Yes, that is https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/404…
DuckDuckGo is not…
DuckDuckGo is not redirecting to its non-JavaScript page on Safest. It began sometime between 2021-05-14 and 2021-05-17.
Possibly related to https:/…
Possibly related to https://gitlab.torproject.org/tpo/applications/torbutton/-/issues/40038 ? Can you confirm by enabling NoScript's Restricted CSS capability?
DDG is properly working…
DDG is properly working again in safest. I don't know why. TBB 10.0.17, Linux-64, NoScript's Restricted CSS is disabled by TorButton in safest. Thanks.
Let Android users save…
Let Android users save passwords.
As of 10.0.16, duckduckgo …
As of 10.0.16, duckduckgo (both .com and .onion) on Safest no longer automatically redirect to the non-JS site (https://html.duckduckgo.com/html/...). There is a "click here if you are not redirected" link, which works, but the redirect was automatic until recently. Not sure if it's TB or DDG's fault.
Could you please provide…
Could you please provide information on what lead to decision that default window size should be 1000x1000?
Please see "Monitor, Widget,…
Please see "Monitor, Widget, and OS Desktop Resolution" on https://spec.torproject.org/torbrowser-design
the android version is in…
the android version is in the download page. however is not in this description.
Thanks, added now.
Thanks, added now.