New Release: Tor Browser 8.0.1

by boklm | September 22, 2018

Tor Browser 8.0.1 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox. Note that we just picked up the necessary patches this time but did not bump the Firefox version to 60.2.1esr as we needed to start building before Mozilla was ready. Thus, users are fine with Tor Browser 8.0.1 even if the Firefox version says 60.2.0esr.

Moreover, Alex Catarineu from Cliqz found a mistake we made that would make it possible to trick a user into installing an unsigned Torbutton extension. Thus, all users are encouraged to update older Tor Browser versions to 8.0.1 and keep in mind that installing third party extensions is potentially dangerous to Tor Browser's privacy guarantees and therefore strongly discouraged.

Tor Browser 8.0.1 is shipping the first stable Tor in the 0.3.4 series (0.3.4.8) which solves an annoying crash bug on older macOS systems (10.9.x).

We found a better solution to our User Agent treatment: on desktop platforms Tor Browser will send a Windows User Agent at the network level now while still allowing to query the unspoofed User Agent with JavaScript. This takes concerns about any server passively logging the User Agent into account while still avoiding broken websites as good as we can. Thanks to everyone who helped with this issue.

Finally, we included a banner for signing up to Tor News which allows anyone to stay up-to-date about things going on in the Tor universe (which is, admittedly, sometimes hard to keep track of).

Known Issues

We already collected a number of unresolved bugs since Tor Browser 7.5.6 and tagged them with our tbb-8.0-issues keyword to keep them on our radar. While we fixed a number of them for the 8.0.1 release, there are still issues remaining. The most important ones are listed below:

  • WebGL is broken right now.
  • Accessibility support is broken on Windows. We are considering options to address this issue right now.
  • Tor Browser 8 is not starting anymore on some older Ubuntu/Mint Linux systems. We still have issues to reproduce this bug but hope we can fix it in the next release.
  • Tor Browser 8 is not starting anymore on CentOS 6. We have a fix in our upcoming 8.5a2 to give it a bit of testing. Users affected by this bug may resort to that alpha version for now. We plan to backport the patch in the next stable release.
  • NoScript is not saving per-site permissions anymore. We have a potential patch for this bug in our 8.5a2 release as well and plan to backport it, too, in the next stable release in case no issues with it are found.

Note: The changelog file has an incorrect release date (September 24 instead of September 22).

The full changelog since Tor Browser 8.0 is:

  • All platforms
    • Update Tor to 0.3.4.8
    • Update Torbutton to 2.0.7
      • Bug 27097: Tor News signup banner
      • Bug 27663: Add New Identity menuitem again
      • Bug 26624: Only block OBJECT on highest slider level
      • Bug 26555: Don't show IP address for meek or snowflake
      • Bug 27478: Torbutton icons for dark theme
      • Bug 27506+14520: Move status version to upper left corner for RTL locales
      • Bug 27427: Fix NoScript IPC for about:blank by whitelisting messages
      • Bug 27558: Update the link to "Your Guard note may not change" text
      • Translations update
    • Update Tor Launcher to 0.2.16.6
      • Bug 27469: Adapt Moat URLs
      • Translations update
      • Clean-up
    • Update NoScript to 10.1.9.6
    • Bug 27763: Restrict Torbutton signing exemption to mobile
    • Bug 26146: Spoof HTTP User-Agent header for desktop platforms
    • Bug 27543: QR code is broken on web.whatsapp.com
    • Bug 27264: Bookmark items are not visible on the boomark toolbar
    • Bug 27535: Enable TLS 1.3 draft version
    • Backport of Mozilla bug 1490585, 1475775, and 1489744
  • OS X
    • Bug 27482: Fix crash during start-up on macOS 10.9.x systems
  • Linux
    • Bug 26556: Fix broken Tor Browser icon path on Linux

Comments

Please note that the comment area below has been archived.

Ranger Danger (not verified) said:

September 22, 2018

Permalink

Thanks troopers for bringing back the identity change item in Torbutton! Does anyone know that since 8.0.0 bookmarks are unable to dock to the bookmark toolbar? I thought I would have seen that in the known issues as it still is a problem and I was not the first to bring this up.

The following worked for me:
1. Select → View/Toolbars/Bookmarks Toolbar
2. Select → View/Toolbars/Customize, opening the customize menu.
3. In the customize menu, drag/drop '⧆Bookmarks Toolbar Items' to the customize-menu toolbar.
4. Restore or import your bookmarks.

Anonymous (not verified) said:

September 22, 2018

Permalink

We found a better solution to our User Agent treatment: on desktop platforms Tor Browser will send a Windows User Agent at the network level now while still allowing to query the unspoofed User Agent with he Tor Browser by design breaks a lot of things so please don't make some people look different just because of a website's problem.JavaScript

Ok, can you use the same fonts later on across Linux, Mac and Windows and then revert this JS related patch in the future (methinks Tor Browser 10)?

*************** (not verified) said:

September 22, 2018

Permalink

WOW :) Nice work Tor! This new Stable release is absolutely Superb, super slick. A big thank you to everyone at Tor Project :D

noam (not verified) said:

September 22, 2018

Permalink

Thanks for fixing the widely debated user agent issue so quickly, well and thanks for your work anyway. One question though: Are there plans to restore the old New Identity behaviour to clear NoScript's temporary permissions, or is this impossible to do with the new No Script web extension?

Anonymous (not verified) said:

September 22, 2018

Permalink

Is it the browser or the noscript addon that is failing to export the noscript information?

geometry (not verified) said:

September 22, 2018

Permalink

OBS4 still doesn't load on Windows?
I don't know if TOR can't do anything about incessant blocking of websites (cloudfare), is there a solution so I don't have to find a new circuit to get a site to work?

Too much time is lost! Some sites won't let you in no matter how many circuits get changed.
I use this browser for general browsing, am I better off using a mainstream browser?

Again, sites don't let you in, and what sites that do let you in, can take several minutes?

pickles (not verified) said:

September 22, 2018

Permalink

Version 8 has been a nightmare. Onion sites rarely work with this version now.
This version is way slower than 7? Sites stall out all of the time? Pages rarely load?

Using windows version of TOR.

SuperOnions (not verified) said:

September 22, 2018

Permalink

— The Tor Browser 8.0.1 default browser-window size on MacOS, Linux, and Windows desktop computers must be identical across all three platforms to help preserve the anonymity of Tor Browser users, but, apparently, the Tor Browser 8.0.1 default browser-window size varies, depending on whether the desktop platform is MacOS, Linux, or Windows. For example:

1000 Width x 0998 Height on MacOS desktop
1000 Width x 1000 Height on Linux desktop
1000 Width x 1000 Height on Windows desktop

— In order to preserve the anonymity of Tor Browser users on MacOS, Linux, and Windows desktop computers, the Tor Browser default browser-window size must not vary and must be identical in size on MacOS, Linux, and Windows desktop computers. For example:

1000 Width x 1000 Height on MacOS desktop
1000 Width x 1000 Height on Linux desktop
1000 Width x 1000 Height on Windows desktop

— In Tor Browser 8.0.1, the default browser-window size on MacOS desktop is 1000 Width x 998 Height.

— In Tor Browser 8.0, the default browser-window size on MacOS desktop is 1000 Width x 998 Height.

— In Tor Browser 7.5.6, the default browser-window size on MacOS desktop is 1000 Width x 1000 Height.

— In Tor Browser versions prior to version 7.5.6, the Tor Browser default browser-window size on MacOS desktop computers is 1000 Width x 1000 Height.

Anonymous (not verified) said:

September 22, 2018

Permalink

Thank you for fixing the user agent issue!!!

Have there been any thoughts about replacing NoScript with uMatrix? uMatrix allows for more granular JS, cross-site-request, and cookie blocking on a per-site or global basis. It can also block/allow "behind-the-scenes" requests made by SharedWorkers or browser extensions. Now that the WebExtensions version of NoScript lacks features like ABE and ClearClick, it is strictly inferior to feature set of uMatrix. uMatrix is not an adblocker (uBlock Origin is the adblocker).

Anonymous (not verified) said:

September 22, 2018

Permalink

Gesturefy 2.x add-on still doesn't work, as reported earlier

Add-on installs and configures just fine, but the mouse gestures do not work. No matter which mouse gesture I try, there's always a diagonal line (starting from the upper left corner to the center of the browser window) and then nothing happens.

Anonymous (not verified) said:

September 22, 2018

Permalink

since today's update, noscript refuses to save any settings and loads with no whitelist at all until the reset button is used

anonymous (not verified) said:

September 22, 2018

Permalink

I just got a new computer this week (Windows 10 Home 64-bit). I downloaded TBB 8.0. and everything worked fine. I just tried updating the new TBB update and McAfee quaranteed it. I restored the quarenteed item and restarted my computer. I tried opening the Tor browser again and McAfee once again quaranteed it. I've now downloaded the last known TBB version 8.0 in order to come here to leave this comment.

http://imageupper.com/g/?S120001001Z15376635621365637

Anonymous (not verified) said:

September 22, 2018

Permalink

Hello Tor team!

Big thank's for this release, glad to see the identity changer is back again.
However I do miss to see countries!

Would be greatly appreciated if you guys could add that feature back again.

//Best regards

Anonymous (not verified) said:

September 22, 2018

Permalink

Note that we just picked up the necessary patches this time

You mean all or just https://hg.mozilla.org/releases/mozilla-esr60/pushloghtml?changeset=654…

but did not bump the Firefox version to 60.2.1esr as we needed to start building before Mozilla was ready.

Why didn't you bump the Firefox to its revision 6546ee839d30 on 11 Sep from https://hg.mozilla.org/releases/mozilla-esr60/shortlog

Thus, users are fine with Tor Browser 8.0.1 even if the Firefox version says 60.2.0esr.

Hmm, but why does it say 60.2.0.6609?

Anonymous (not verified) said:

September 22, 2018

Permalink

Moreover, Alex Catarineu from Cliqz found a mistake we made that would make it possible to trick a user into installing an unsigned Torbutton extension.

Huh? We have
xpinstall.whitelist.required;true
to prevent installations from anything except TestPilot & AMO.
But what are you going to do with
extensions.langpacks.signatures.required;false

Anonymous (not verified) said:

September 22, 2018

Permalink

We found a better solution to our User Agent treatment: on desktop platforms Tor Browser will send a Windows User Agent at the network level now while still allowing to query the unspoofed User Agent with JavaScript.

"Win64" for 32-bit OS! Epic!

Anonymous (not verified) said:

September 22, 2018

Permalink

Bug 26624: Only block OBJECT on highest slider level

WHY?! Where in the Design Guide do you state it should be blocked?

Anonymous (not verified) said:

October 02, 2018

Permalink

Thanks for that, it rarely every worked for me when it was on the Tor button, now I can see it.9

The object tag itself is not an issue. The problem is that it can embed JavaScript and that one do we want to treat correctly on the security slider levels. So, far this worked fine out of the box but we did make a mistake during the esr60 preparation. That's fixed with this release.

Anonymous (not verified) said:

September 22, 2018

Permalink

Bug 27543: QR code is broken on web.whatsapp.com

What should a user do to reenable canvas after mistakenly disabling it?

Anonymous (not verified) said:

September 22, 2018

Permalink

Bug 27535: Enable TLS 1.3 draft version

Why do we need it? And why are you experimenting on users?

JD (not verified) said:

September 22, 2018

Permalink

McAfee antivirus has quarantined a file when I tried upgrading Tor Browser to 8.0.1. Why could that be possible?

Anonymous (not verified) said:

September 22, 2018

Permalink

no

Anonymous (not verified) said:

September 22, 2018

Permalink

why does browser.zoom.siteSpecific;true not work anymore?
my most used button is the zoom+ . it's annoying.

Anonymous (not verified) said:

September 23, 2018

Permalink

> We found a better solution to our User Agent treatment: on desktop platforms Tor Browser will send a Windows User Agent at the network level now while still allowing to query the unspoofed User Agent with JavaScript.

It's similar to schizophrenia. Anonymizing tool should always send the same metadata, no mater what OS and software version are installed. Besides, websites that behave differently depending on OS brake W3C standards, and your "solution" helps them in their harmful development.

> This takes concerns about any server passively logging the User Agent into account while still avoiding broken websites as good as we can.

I never met websites broken in this way.

Lesly (not verified) said:

September 23, 2018

Permalink

How would I go about disabling connection though Tor network, while preserving other browser features? On Tor Browser 7.5.6 it was done by setting about:config => network.proxy.socks_remote_dns to false and setting Options => Advanced tab => Network to No Proxy (the recipe is borrowed from here), now it doesn't seem to work (Tor Browser simply looses network connection). Is it at all possible to achieve in Tor Browser 8?

I'm aware that this is no help for you, but it still works for me the very same way you just described here. To make it persist between re-starts, you've to disable torbutton though.

Anonymous (not verified) said:

September 23, 2018

Permalink

Since updating to 8.0.1 I have seen a LOT of Cloudflare captchas (one more step). Like 50% of all pages.

Something is seriously broken. I have not seen these captchas since the large fix on issue in 2016.

In Windows TBB 8.0 send Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0 useragent.
TBB 8.0.1 send
Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0 - for HTTP request
and
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0 for javascript

Anonymous (not verified) said:

September 23, 2018

Permalink

privacy.resistFingerprinting.autoDeclineNoUserInputCanvasPrompts ; false
who wants to be identified uniquely?

jb (not verified) said:

September 23, 2018

Permalink

On the right side of URL and /Search boxes there are 2 icons, HTTPS Everywhere and NoScript,
both identified with "S".
Could you change HTTPS Everywhere icon to "Lock" as in URL, on blue background ?

Anonymous (not verified) said:

September 23, 2018

Permalink

I set the search engine to DuckDuckGo (onion). Very often, when I search something in the address bar, it ends up producing an error 400 (bad request). Searching directly in the DuckDuckGo onion search field always works.

Anonymous (not verified) said:

September 26, 2018

Permalink

Opening a website which doesn't work w/o js, enabling js in custom pane, it reloads, NoScript shows 0 blocked, but the website is still not working, going to custom pane and seeing 'fetch' in red, enabling it, and the website works!

Morley (not verified) said:

September 23, 2018

Permalink

Your new release 8.0.1 is now generating captcha site blocking security by cloudfare. The problem i'm having is the captcha sequence keeps repeating itself after successful completion and verification without allowing site access. How can I disable this security feature which is frustrating and did not occur on any previous versions of TOR browser.

Depending on tor exit this existed in older versions of TBB too. It is not TBB issue. If I see this, I change tor chain. It is cloudflare or target website which blocks tor exit.

Devin (not verified) said:

September 23, 2018

Permalink

Was looking forward to experience with Tor, but it's for Windows version 7.0/8 and higher, and I'm still using XP Pro. Can anyone guide me to an older, stable version that I can use until I upgrade?

The last version with XP support was 7.5.6 (based on the last supported version of Firefox). However it has known vulnerabilities, so using it is not recommended.

Until your system is upgraded, an alternative is to boot on a Tails usb stick when you need to use Tor Browser:
https://tails.boum.org/

tEramus (not verified) said:

September 24, 2018

Permalink

As well as not saving permissions, Noscript has suffered another bug since tor browser 8. The default site behavior has been to to trust all Scripts, Objects, Media, Frame, Fonts, Webgl, Fetch, and Other. This is so comprehensively permissive as to render Noscript useless. For comparison's sake, Noscript's default behavior in Firefox 60+ is to permit only Media, Frame, Fonts, Webgl, and Other. Obviously, altering the default behavior doesn't affect the next tor browser session as that won't be remembered, per the bug.

Please, alter the default Noscript permissions in the next release. If you can separate this issue from Noscript settings being remembered across sessions, please prioritize this issue. Thank you

Me (not verified) said:

September 24, 2018

Permalink

Since TBB-8.0.1 and its new User-Agent behavior, almost 327,52% of web sites I visit and which are protected by the Cloudflare (187,03% of the internet) ask me to solve Google Captcha : I could use "New circuit for this site" but at best, I have to spend 2 to 3 minutes to bypass Cloudflare. And this is when it is possible : some page are not even reachable whatever the time you spent on renewing a circuit.

It means that my privacy is worst than ever before as Cloudflare & Google are well known to be the greatest enemy to privacy, free speech and anonymity :/

There are cloudflare intentions to use onion v3 services in their infrastructure to treat network traffic from tor users differently. However, it is still in progress yet.

Anonymous (not verified) said:

September 24, 2018

Permalink

GPU process can die successfully on Win 7:
(#10) Error Killing GPU process due to IPC reply timeout
(#11) Error Failed to connect GPU process
(#12) Error Receive IPC close with reason=AbnormalShutdown

Anonymous (not verified) said:

September 30, 2018

Permalink

No Antivirus.
Using the Comodo firewall.
However, tor.exe and firefox.exe are fully open settings.
Default level. I did not change anything.
This crash did not occur in the 7 version, but only in the 8 version.

I installed the normal Firefox 60 ESR x86. (https://www.mozilla.org/en-US/firefox/organizations/)
The doileak.com test passes.

Anonymous (not verified) said:

October 02, 2018

Permalink

I deleted the Comodo Firewall, still an error. https://imgur.com/a/UAwZjm7 Bridge has never been used. I just use Tor in Virtualbox. (Window 7 Embedded Thin PC x86, Disable 3D Acceleration, Enable VT-X) I think there are no special points other than that. Hmm... I turned off some window services. List of running services. https://imgur.com/a/eiQmGlB This is all. I'm poor at English. It's hard to talk any more. Sorry and thank you.

Anonymous (not verified) said:

September 24, 2018

Permalink

Not working for me since update, I just get an endless loop of CAPTCHA Tried new circuits but same result. Not good!!.

I had a similar occurrence years ago: One minute I'm browsing, the next minute the Window was just [i]gone[/i]. When it came up on its own I was informed that Tor was updated and 2 of my AddOns were outdated. (At the time, I was too shocked to seek out the devs because I was simply too busy retracing my steps and updating my AddOns.)
I haven't had this issue since, but my completely uneducated (and untested) guess would be that some AddOns interfere with the Tor browsers' ability to ask if the user would like to update 'now' when it's set to automatically update.
If you have interest in looking into this particular theory, you could send the devs a list of your AddOns and settings, Viktor. (Presuming Tor doesn't change those in the process of the 8.0.1 update.)

SuperOnions (not verified) said:

September 24, 2018

Permalink

— In Tor Browser 8.0.1, what is the default browser-window size supposed to be on Windows, Linux, and MacOS desktop platforms?

— On MacOS desktop platforms, the default browser-window size is 1000 Wide x 0998 High.

— On MacOS desktop platforms, is the default browser-window size supposed to be 1000 Wide x 0998 High or is this a defect?

— On Windows desktop platforms, is the default browser-window size supposed to be 1000 Wide x 1000 High or is this a defect?

— On Linux desktop platforms, is the default browser-window size supposed to be 1000 Wide x 1000 High or is this a defect?

— Are the default Tor Browser 8.0.1 browser-window sizes supposed to be identical across all 3 desktop platforms, or are one or more of the default browser-window sizes supposed to be different across the 3 desktop platforms?

tErasmus (not verified) said:

September 24, 2018

Permalink

As mentioned, Noscript in tor browser 8.0.1 does not save settings between sessions. A related problem is that the default settings in Noscript on tor browser 8.0.1 currently permit all aspects of javascript:
-script
-object
-media
-frame
-font
-webgl
-fetch
-other

Default currently is indifferent from a "trusted" site. For reference, the default settings for Noscript on Firefox 60+ only permit:
-media
-frame
-font
-webgl
-other

The default settings are so comprehensively permissive that they make Noscript entirely useless. Of course, altering the default settings does not "stick" between sessions due to the current bug. Please, fix both bugs. However, if you can separate the issues, please prioritize this default settings issue. It really places your users' security in jeopardy. Thank you

Anonymous (not verified) said:

September 24, 2018

Permalink

When bugfix of #23512 will be backported to stable releases? It is so scary bug...

Do we have a web page where I could read man pages for tor alpha releases?

Anonymous (not verified) said:

September 24, 2018

Permalink

Hey, why the hell CF uses 443 for http onions?!
cflarexljc3rw355ysrkrzwapozws6nre6xsy3n4yrj7taye3uiby3ad.onion:443
or is it a Firefox not recognizing 443 for .onion domains?
and what's up with https version of it?

Zello (not verified) said:

September 24, 2018

Permalink

Can't connect to certain sites.
Using Windows 10 Home. Version 1803 64-bit.

9/25/18, 06:17:11.986 [NOTICE] We tried for 15 seconds to connect to '[scrubbed]' using exit $51377C496818552E263583A44C796DF3FB0BC71B~apx1 at 185.107.47.215. Retrying on a new circuit.

add on problem (not verified) said:

September 25, 2018

Permalink

cant search for add on because it pops new browser and search mozilla database not tor....previous versions worked but this new version doees not allow this. strange?

Pampe Lune Artique (not verified) said:

September 25, 2018

Permalink

Hi,

Since I upgraded to 8.0.1, I spend most of my time solving captcha than surfing : are Cloudflare and/or Google and/or both launching a war on Tor ? o_O

Pampe Lune Artique (not verified) said:

September 25, 2018

Permalink

Ok, thanks you.

It's sad that the solution seems to switch back to 8.0 (at least if one uses TBB in a resstable VM), until either TBB-8.0.2 or Cloudflare stops leaking TOR user privacy to Google :/

rhe (not verified) said:

September 25, 2018

Permalink

Seems with the new TOR update many sites now require CAPTCHA where as before they did not.

Anonymous (not verified) said:

September 25, 2018

Permalink

Downgrading to 8.0 or earlier seems to solve the captchas occurring.

8.0.1, 8.0 and 7.5 all have different user agents.

I understand cloudflare whitelists default tor browser user agent. I think they have not yet updated user agent recognition to match the string 8.0.1 is using.

Anonymous (not verified) said:

September 25, 2018

Permalink

why do you ship that pingsender program which mozilla explicitly documents as not obeying firefox proxy settings?

Dazed_&_Confused (not verified) said:

September 25, 2018

Permalink

I fail to understand why Tor Browser 8.0.1 gets released when Tor Browser 8.5a1 is already out. Maybe that's something you should explain to your users 'before' going into technical details and bug report numbers.

I'm currently sticking with Tor Browser 7.5.6 because of this, as well as the fact that an attempted update to Tor Browser 8.0 broke all the AddOns I use to make the newer versions of Firefox usable for me. (Fortunately I started making backups before making Tor updates.)

The most privacy focused browser in the world doesn't help me if I can't use it.

And in the vague hope that someone will actually read this: You should unify the size of the Tor browser windows based on the 'inner' measurement, rather than the outer border of the window. As soon as a user adds one toolbar or chooses a different size for icons, a good part of your anonymity concept is out of the window anyway. (Apparently just blocking JavaScript won't help here because CSS can be still use used to take measurements.)

Despite all this, I wish you a nice day, because no sort of frustration makes me blind to the fact that you actually 'try'. Thank you for that.

We have two Tor Browser series: a stable one and an alpha one (the latter has an "a" in its version numbers to tell them apart). We have those two series in order to give new features and bug fixes more testing in the alphas before they reach the stable series. This should help shaking out bugs and is aimed at developers/users that would like to help us with bug finding/fixing.

anonymous (not verified) said:

September 25, 2018

Permalink

tbb 8.0.1 on linux 64bit produces platform linux_x86 (not Win32, the desired value) on Panopticlick

eliaz (not verified) said:

September 26, 2018

Permalink

Even with javascript disabled, https://www.doileak.com/ gives me the following:
Operating System: We have detected multiple OS:
Windows (User Agent, )
Linux (Fingerprint, )

Same is true for https://browserleaks.com/

Disabling javascript completely in about:config won't hinder both websites to reveal my platform either.

However, while I was never aware of this: I just checked and Tor Browser 7.5.6 gives me the same results, so it's not related to the latest updates. Was hiding the platform never the intention?

eliaz (not verified) said:

September 28, 2018

Permalink

Disregard my previous comment, I didn't think that through at all. Both websites use passive TCP/IP fingerprinting for OS detection and hence it's just the fingerprint of my exit node, which coincidentally happened to run linux..

Anonymous (not verified) said:

September 28, 2018

Permalink

"we do spoof the user agent when doing HTTP requests but allow getting the unspoofed values if you have JavaScript enabled."

Why?

Anonymous (not verified) said:

September 29, 2018

Permalink

So allow unspoofed user agent only for macOS users, on GNU/Linux we have normal keyboard.

Anonymous (not verified) said:

September 25, 2018

Permalink

If Cloudflare blocks TOR traffic based on user agent string, then how LONG does it take for them to update their servers when a new TOR version is released?

Anonymous (not verified) said:

September 26, 2018

Permalink

Having a problem with the auto-update feature. Torbutton continues telling me a TB update is available, even though I've "updated" it to 8.0.1 several times now. It restarts and says "Tor browser is checking addon compatibility and will start in a moment," and then starts but the About page still says Tor Browser 8.0. I imagine a fresh install will fix it, but I just wondered if anyone else was having this problem. Qubes 3.2 with Whonix, vanilla updater.

Hm. You mean the text in the browser itself stays on english if you click on browser menus? Do you have a screenshot which could help understanding your issue? If you go on the about:addons page do you see a language pack section on the left? If so, what does it show if you click on it?

okguy (not verified) said:

September 26, 2018

Permalink

I visited whoer.net and found that torbrowser 8.0.1 leaked my operate system. Usually the headers of browser should be same as the javascript, as bellow shows.

Headers:
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
JavaScript:
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0

But torbrowser 8.0.1 gets this result.

Headers:
Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0
JavaScript:
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0

Anonymous (not verified) said:

September 29, 2018

Permalink

Facepalm

Anonymous (not verified) said:

September 29, 2018

Permalink

Fix some sites for macOS users by showing real OS and compromising privacy of GNU/Linux users, but don't care about breaking cloudflared websites. Genius! Maybe this is some kind of warrant canary?

Anonymous (not verified) said:

September 26, 2018

Permalink

Is there any thought to replacing the Firefox icons that appear when you pin Tor to the Start Menu in Windows 10? The icons are in the VisualElements folder.

Zello (not verified) said:

September 27, 2018

Permalink

Tor crashes every now and then at startup.
Using Windows 10 home edition.

9/28/18, 06:35:57.877 [NOTICE] Bootstrapped 90%: Establishing a Tor circuit
9/28/18, 06:35:58.175 [NOTICE] Tor has successfully opened a circuit. Looks like client functionality is working.
9/28/18, 06:35:58.175 [NOTICE] Bootstrapped 100%: Done
9/28/18, 06:36:02.968 [NOTICE] New control connection opened from 127.0.0.1.
9/28/18, 06:36:02.968 [NOTICE] New control connection opened from 127.0.0.1.

TheOnioners (not verified) said:

September 28, 2018

Permalink

why is it that i have to solve a captcha everytime i go to a cloudflare protected website?
it didn't happened on the previous version.

Anonymous (not verified) said:

September 28, 2018

Permalink

Please fix cloudflare alt-svc to transparent onions no longer working between this and 8.0 i get much many more captcha now

keeramon (not verified) said:

September 28, 2018

Permalink

Thank you for the Tor project. I've had major cloudflare issues though since updating to 8.0.1 on windows 7 professional 64 bit. In the two years I've used Tor browser I've only ever rarely encountered captchas, but since the update I'm consistently getting them, multiple times per page load attempt. I can eventually get rid of them by establishing a new tor circuit for the site, but I'm often needing to do this up to 20 times in a row to load a page.
I tried deleting and reinstalling with no relief, and I was reluctant to update to 8.5 as I can't see cloudflare mentioned as an issue. I've since rolled back to the previous version (7.5 something) and the problem has gone away.

UU (not verified) said:

September 29, 2018

Permalink

Tor Browser 8.0.1 on a Windows, noscript - default. VK redirect to badbrawser

Anonymous (not verified) said:

September 29, 2018

Permalink

On Tor Brawser 7 this issue cure:
NoScript Options > Advanced > Untrusted
Forbid META redirections inside elements

Anonymous (not verified) said:

September 30, 2018

Permalink

8.0.1 unusable. pages stop loading after 30 seconds of use. must go back to 7.x to browse the internet.

Anonymous (not verified) said:

September 30, 2018

Permalink

Pictures on some sites are loaded from different domain (pic server, for optimization), but cloudflare blocks them with shitty captcha which can't be shown instead of a picture!
Please, help!

AnonOne (not verified) said:

September 30, 2018

Permalink

Endless Captcha loops since the last major update to Tor Browser on almost all https web addresses ?

Never have I seen such a decline in functionality of Tor Browser before & I cannot understand why this wasn't firstly, extensively tested & secondly once discovered, subsequently held back for further code tweaking!? I've never had an issue with Captcha loops before as an experienced user & I do mean from the very beginning... ?

tortor (not verified) said:

October 01, 2018

Permalink

While using obfs3 IP 109.105.109.163 the captcha kept repeating. I tried a new circuit but it kept getting obfs3 IP 109.105.109.163. the captcha appears to be the older one where you select an item with a check mark then copy and paste the correct results.

Works for me if I click on the small NoScript block in the lower left corner to enable media. I agree, it would be better if one just needed to click on the "main" part of the video. Not sure why that is not working.

Anonymous (not verified) said:

October 02, 2018

Permalink

Great to see the "Tor Enabled" onion button is back again for "New Identity" but I can't see what country it is and I can't change identity for 1 specific window. There is only this "New identity" option wich will close and change ALL the windows.

I'm on Linux/Ubuntu 18.04.1 LTS

Thank's in advance!

tortor (not verified) said:

October 02, 2018

Permalink

"connection not secure" When I go to the tor circuit I notice a message stating connection not secure when I attempted to go to the site "https://tunnelblick.net" the site is valid and the circuit is Bridge obfs3 109.105.109.163, swedan 158.174.14.94, czeck republic 46.36.38.57.

Should I report errors such as the above?

Anonymous (not verified) said:

October 02, 2018

Permalink

When starting Tor 8.0.1 on Windows 7 Ultimate I get the normal firewall alerts, but before I can tick yes to the one below:

Path:\Tor 8.0.1\Tor Browser\Browser\firefox.exe
An attempt to create a process has been detected.
Command line: Path:\Tor 8.0.1\Tor Browser\Browser\firefox.exe

a Windows popup box says:

[Window Title]
Path:\Tor 8.0.1\Tor Browser\Browser\TorBrowser\Tor\tor.exe

[Content]
Windows cannot access the specified device, path, or file. You may not have the appropriate
permissions to access the item.

[OK]

Then after allowing the firewall alert it says ''Tor failed to start''.
The ''OK'' button is very opaque, the ''OK'' can barely be read, the surround box is light blue.

After clicking on ''OK'' I get ''Tor unexpectedly exited. This may be due to a bug'' etc.

I click on restart Tor, 3 firewall alerts later it says starting, waited 5 minutes nothing.

Try again, hover mouse over Cancel and it turns the box very opaque, a white ''Cancel'' with a very light blue background.

Next attempt.. Loading network status, but the green progress bar doesn't move past the message, so cancel, quit.

Try again, Loading network status doesn't even appear, green bar doesn't show up, so quit.

So far I've only managed to get Tor 8.0.1 to work twice, once on the 1st attempt (after the Windows error popup box appeared though and after clicking on restart) and this time after about 6 or 7 attempts

The firewall log shows no blocks, maybe Tor just times out before I can click on yes to the firewall alert? I don't know.

*The other thing is where the heck is ABE in the new NoScript? as I can't find it anywhere.

Anonymous (not verified) said:

October 02, 2018

Permalink

Some Cloudflare sites even after getting the google captcha correct it just reloads the page instead of forwarding you to the website

Anonymous (not verified) said:

October 02, 2018

Permalink

Something I never noticed before but after clicking on enter on a website it auto maximized/full screened the page, then I get the warning about not doing that! lol.
Any way to stop them from doing that?.

Anonymous (not verified) said:

October 15, 2018

Permalink

I can't recall now, but thanks for the links, you are obviously looking in to it.