New Release: Tor Browser 8.0.1
Tor Browser 8.0.1 is now available from the Tor Browser Project page and also from our distribution directory.
This release features important security updates to Firefox. Note that we just picked up the necessary patches this time but did not bump the Firefox version to 60.2.1esr as we needed to start building before Mozilla was ready. Thus, users are fine with Tor Browser 8.0.1 even if the Firefox version says 60.2.0esr.
Moreover, Alex Catarineu from Cliqz found a mistake we made that would make it possible to trick a user into installing an unsigned Torbutton extension. Thus, all users are encouraged to update older Tor Browser versions to 8.0.1 and keep in mind that installing third party extensions is potentially dangerous to Tor Browser's privacy guarantees and therefore strongly discouraged.
Tor Browser 8.0.1 is shipping the first stable Tor in the 0.3.4 series (0.3.4.8) which solves an annoying crash bug on older macOS systems (10.9.x).
We found a better solution to our User Agent treatment: on desktop platforms Tor Browser will send a Windows User Agent at the network level now while still allowing to query the unspoofed User Agent with JavaScript. This takes concerns about any server passively logging the User Agent into account while still avoiding broken websites as good as we can. Thanks to everyone who helped with this issue.
Finally, we included a banner for signing up to Tor News which allows anyone to stay up-to-date about things going on in the Tor universe (which is, admittedly, sometimes hard to keep track of).
Known Issues
We already collected a number of unresolved bugs since Tor Browser 7.5.6 and tagged them with our tbb-8.0-issues keyword to keep them on our radar. While we fixed a number of them for the 8.0.1 release, there are still issues remaining. The most important ones are listed below:
- WebGL is broken right now.
- Accessibility support is broken on Windows. We are considering options to address this issue right now.
- Tor Browser 8 is not starting anymore on some older Ubuntu/Mint Linux systems. We still have issues to reproduce this bug but hope we can fix it in the next release.
- Tor Browser 8 is not starting anymore on CentOS 6. We have a fix in our upcoming 8.5a2 to give it a bit of testing. Users affected by this bug may resort to that alpha version for now. We plan to backport the patch in the next stable release.
- NoScript is not saving per-site permissions anymore. We have a potential patch for this bug in our 8.5a2 release as well and plan to backport it, too, in the next stable release in case no issues with it are found.
Note: The changelog file has an incorrect release date (September 24 instead of September 22).
The full changelog since Tor Browser 8.0 is:
- All platforms
- Update Tor to 0.3.4.8
- Update Torbutton to 2.0.7
- Bug 27097: Tor News signup banner
- Bug 27663: Add New Identity menuitem again
- Bug 26624: Only block OBJECT on highest slider level
- Bug 26555: Don't show IP address for meek or snowflake
- Bug 27478: Torbutton icons for dark theme
- Bug 27506+14520: Move status version to upper left corner for RTL locales
- Bug 27427: Fix NoScript IPC for about:blank by whitelisting messages
- Bug 27558: Update the link to "Your Guard note may not change" text
- Translations update
- Update Tor Launcher to 0.2.16.6
- Bug 27469: Adapt Moat URLs
- Translations update
- Clean-up
- Update NoScript to 10.1.9.6
- Bug 27763: Restrict Torbutton signing exemption to mobile
- Bug 26146: Spoof HTTP User-Agent header for desktop platforms
- Bug 27543: QR code is broken on web.whatsapp.com
- Bug 27264: Bookmark items are not visible on the boomark toolbar
- Bug 27535: Enable TLS 1.3 draft version
- Backport of Mozilla bug 1490585, 1475775, and 1489744
- OS X
- Bug 27482: Fix crash during start-up on macOS 10.9.x systems
- Linux
- Bug 26556: Fix broken Tor Browser icon path on Linux
Comments
Please note that the comment area below has been archived.
Thanks troopers for bringing…
Thanks troopers for bringing back the identity change item in Torbutton! Does anyone know that since 8.0.0 bookmarks are unable to dock to the bookmark toolbar? I thought I would have seen that in the known issues as it still is a problem and I was not the first to bring this up.
The following worked for me:…
The following worked for me:
1. Select → View/Toolbars/Bookmarks Toolbar
2. Select → View/Toolbars/Customize, opening the customize menu.
3. In the customize menu, drag/drop '⧆Bookmarks Toolbar Items' to the customize-menu toolbar.
4. Restore or import your bookmarks.
I'm not the questioner. But…
I'm not the questioner. But very very thank you!
Hey thanks SO. That worked…
Hey thanks SO. That worked great. Wonder why they made it so you have to drag and drop it now.
Same problem for me
Same problem for me
Hello, With this new…
Hello,
With this new version, still cant change the background color or the torbrowser. https://share.riseup.net/#oJdF9mXtJxsjKoCVQLA0bg The actual white background is killing my eyes.
Thank you for your work
thanks for solving the user…
thanks for solving the user agent issue
We found a better solution…
Ok, can you use the same fonts later on across Linux, Mac and Windows and then revert this JS related patch in the future (methinks Tor Browser 10)?
When will the 8.5a2 release…
When will the 8.5a2 release be made please?
It should be available in…
It should be available in the next 2 or 3 days.
WOW :) Nice work Tor! This…
WOW :) Nice work Tor! This new Stable release is absolutely Superb, super slick. A big thank you to everyone at Tor Project :D
There is no tor button icon…
There is no tor button icon in the task bar system (only a black space).
Linux - Plasma
A comment that worked for me…
A comment that worked for me from 8.0
https://ocewjwkdco.tudasnich.de/comment/276892#comment-276892
Does this happen with a…
Does this happen with a clean, new Tor Browser 8.0.1? Because that issue should actually be fixed.
Thanks for fixing the widely…
Thanks for fixing the widely debated user agent issue so quickly, well and thanks for your work anyway. One question though: Are there plans to restore the old New Identity behaviour to clear NoScript's temporary permissions, or is this impossible to do with the new No Script web extension?
We have this ticket to clear…
We have this ticket to clear NoScript's temporary permissions on New Identity:
https://trac.torproject.org/projects/tor/ticket/27732
Thanks for your reply - and…
Thanks for your reply - and sorry for not searching properly before askong :)
Thank you for putting back…
Thank you for putting back the New Identify button where it belongs.
Is it the browser or the…
Is it the browser or the noscript addon that is failing to export the noscript information?
It could be the browser. We…
It could be the browser. We have https://trac.torproject.org/projects/tor/ticket/27825 open for further investigation.
OBS4 still doesn't load on…
OBS4 still doesn't load on Windows?
I don't know if TOR can't do anything about incessant blocking of websites (cloudfare), is there a solution so I don't have to find a new circuit to get a site to work?
Too much time is lost! Some sites won't let you in no matter how many circuits get changed.
I use this browser for general browsing, am I better off using a mainstream browser?
Again, sites don't let you in, and what sites that do let you in, can take several minutes?
Increased likelihood of…
Increased likelihood of cloudflare captchas on 8.0.1 is being addressed.
https://trac.torproject.org/projects/tor/ticket/27848
"Sign Up For Tor News"…
"Sign Up For Tor News" should point to the RSS (https://newsletter.torproject.org/rss/) or Live Bookmark link by default, not to an email signup form.
Maybe include a description on how to use those features in the Tor Browser.
People who want to use the…
People who want to use the rss can find it from https://newsletter.torproject.org/.
NOT for public comment, just…
NOT for public comment, just bugreport
This page https://ocewjwkdco.tudasnich.de/new-release-tor-browser-801 has infinite reload without javascript.
https://trac.torproject.org…
https://trac.torproject.org/projects/tor/ticket/22530
I have no problem, unless…
I have no problem, unless javascript is getting through with the slider on high.
https://browserleaks.com/javascript shows false.
Version 8 has been a…
Version 8 has been a nightmare. Onion sites rarely work with this version now.
This version is way slower than 7? Sites stall out all of the time? Pages rarely load?
Using windows version of TOR.
Have you been using Tor…
Have you been using Tor Browser 8.0 or 8.5a1?
This ticket is about Tor Browser 8.5a1:
https://trac.torproject.org/projects/tor/ticket/27655
— The Tor Browser 8.0.1…
— The Tor Browser 8.0.1 default browser-window size on MacOS, Linux, and Windows desktop computers must be identical across all three platforms to help preserve the anonymity of Tor Browser users, but, apparently, the Tor Browser 8.0.1 default browser-window size varies, depending on whether the desktop platform is MacOS, Linux, or Windows. For example:
1000 Width x 0998 Height on MacOS desktop
1000 Width x 1000 Height on Linux desktop
1000 Width x 1000 Height on Windows desktop
— In order to preserve the anonymity of Tor Browser users on MacOS, Linux, and Windows desktop computers, the Tor Browser default browser-window size must not vary and must be identical in size on MacOS, Linux, and Windows desktop computers. For example:
1000 Width x 1000 Height on MacOS desktop
1000 Width x 1000 Height on Linux desktop
1000 Width x 1000 Height on Windows desktop
— In Tor Browser 8.0.1, the default browser-window size on MacOS desktop is 1000 Width x 998 Height.
— In Tor Browser 8.0, the default browser-window size on MacOS desktop is 1000 Width x 998 Height.
— In Tor Browser 7.5.6, the default browser-window size on MacOS desktop is 1000 Width x 1000 Height.
— In Tor Browser versions prior to version 7.5.6, the Tor Browser default browser-window size on MacOS desktop computers is 1000 Width x 1000 Height.
Thanks! We are tracking that…
Thanks! We are tracking that regression in https://trac.torproject.org/projects/tor/ticket/27845.
Thank you for fixing the…
Thank you for fixing the user agent issue!!!
Have there been any thoughts about replacing NoScript with uMatrix? uMatrix allows for more granular JS, cross-site-request, and cookie blocking on a per-site or global basis. It can also block/allow "behind-the-scenes" requests made by SharedWorkers or browser extensions. Now that the WebExtensions version of NoScript lacks features like ABE and ClearClick, it is strictly inferior to feature set of uMatrix. uMatrix is not an adblocker (uBlock Origin is the adblocker).
Still can get your real OS…
Still can get your real OS with navigator in javascript.
Th bookmark toolbar, isnt…
Th bookmark toolbar, isnt working good
https://trac.torproject.org…
https://trac.torproject.org/projects/tor/ticket/27264
Gesturefy 2.x add-on still…
Gesturefy 2.x add-on still doesn't work, as reported earlier
Add-on installs and configures just fine, but the mouse gestures do not work. No matter which mouse gesture I try, there's always a diagonal line (starting from the upper left corner to the center of the browser window) and then nothing happens.
I opened https://trac…
I opened https://trac.torproject.org/projects/tor/ticket/27867 for further investigation. Please help if you can!
Thank you. I'd be glad to,…
Thank you. I'd be glad to, just let me know what I can do to be of assistance.
since today's update,…
since today's update, noscript refuses to save any settings and loads with no whitelist at all until the reset button is used
We have this ticket about…
We have this ticket about noscript not saving permissions on restarts:
https://trac.torproject.org/projects/tor/ticket/27175
think for your job
think for your job
I just got a new computer…
I just got a new computer this week (Windows 10 Home 64-bit). I downloaded TBB 8.0. and everything worked fine. I just tried updating the new TBB update and McAfee quaranteed it. I restored the quarenteed item and restarted my computer. I tried opening the Tor browser again and McAfee once again quaranteed it. I've now downloaded the last known TBB version 8.0 in order to come here to leave this comment.
http://imageupper.com/g/?S120001001Z15376635621365637
Alas, there is not much we…
Alas, there is not much we can do against McAfee. Maybe asking there customer support might help you?
Hello Tor team! Big thank's…
Hello Tor team!
Big thank's for this release, glad to see the identity changer is back again.
However I do miss to see countries!
Would be greatly appreciated if you guys could add that feature back again.
//Best regards
The circuit? It's still…
The circuit? It's still there, just hit the i (show site information) on the left of the URL bar.
Note that we just picked up…
You mean all or just https://hg.mozilla.org/releases/mozilla-esr60/pushloghtml?changeset=654…
Why didn't you bump the Firefox to its revision 6546ee839d30 on 11 Sep from https://hg.mozilla.org/releases/mozilla-esr60/shortlog
Hmm, but why does it say 60.2.0.6609?
We took the patches for…
We took the patches for Mozilla bugs 1490585, 1475775, and 1489744.
So we included patches for all the security vulnerabilities fixed in 60.2.1:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-23/
All the other 60.2.1 changes will be included in the next release.
Where does it say 60.2.0…
Where does it say 60.2.0.6609?
In Help -> About Tor Browser, it says 60.2.0esr.
In firefox.exe properties.
In firefox.exe properties.
Moreover, Alex Catarineu…
Huh? We have
xpinstall.whitelist.required;true
to prevent installations from anything except TestPilot & AMO.
But what are you going to do with
extensions.langpacks.signatures.required;false
We found a better solution…
"Win64" for 32-bit OS! Epic!
Bug 26624: Only block OBJECT…
WHY?! Where in the Design Guide do you state it should be blocked?
How do we see the circuit…
How do we see the circuit links in 8.0.1 ??
You click on the left of the…
You click on the left of the URL bar.
It does not show the circuit…
It does not show the circuit for 8.0.1 when clicking the green padlock
On which website does this…
On which website does this happen?
Thanks for that, it rarely…
Thanks for that, it rarely every worked for me when it was on the Tor button, now I can see it.9
The object tag itself is not…
The object tag itself is not an issue. The problem is that it can embed JavaScript and that one do we want to treat correctly on the security slider levels. So, far this worked fine out of the box but we did make a mistake during the esr60 preparation. That's fixed with this release.
Bug 27543: QR code is broken…
What should a user do to reenable canvas after mistakenly disabling it?
Bug 27535: Enable TLS 1.3…
Why do we need it? And why are you experimenting on users?
We are doing the same as…
We are doing the same as default Firefox 60esr.
Are they going to fix it on…
Are they going to fix it on esr with ff63 release?
https://tls13.crypto.mozilla…
https://tls13.crypto.mozilla.org/
TBB updates to 8.0 from 7.5…
TBB updates to 8.0 from 7.5.6 and only then to 8.0.1. Is this intentional?
Yes, this is intentional…
Yes, this is intentional. With version 8.0 the format of the update MAR files changed, and version 7.5.6 does not support this new format, so you need to update to 8.0 first.
https://trac.torproject.org/projects/tor/ticket/26050
McAfee antivirus has…
McAfee antivirus has quarantined a file when I tried upgrading Tor Browser to 8.0.1. Why could that be possible?
no
no
why does browser.zoom…
why does browser.zoom.siteSpecific;true not work anymore?
my most used button is the zoom+ . it's annoying.
http://ip-check.info System …
http://ip-check.info
System
Windows NT 6.1; Win64; x64 Win64 (Sat Sep 22 2018 17:06:11 GMT+0000 (UTC))
> We found a better solution…
> We found a better solution to our User Agent treatment: on desktop platforms Tor Browser will send a Windows User Agent at the network level now while still allowing to query the unspoofed User Agent with JavaScript.
It's similar to schizophrenia. Anonymizing tool should always send the same metadata, no mater what OS and software version are installed. Besides, websites that behave differently depending on OS brake W3C standards, and your "solution" helps them in their harmful development.
> This takes concerns about any server passively logging the User Agent into account while still avoiding broken websites as good as we can.
I never met websites broken in this way.
Please fix Accessibility…
Please fix Accessibility support in tor browser in windows.
We are working on it:https:/…
We are working on it:
https://trac.torproject.org/projects/tor/ticket/27503
How would I go about…
How would I go about disabling connection though Tor network, while preserving other browser features? On Tor Browser 7.5.6 it was done by setting
about:config => network.proxy.socks_remote_dns
tofalse
and settingOptions => Advanced tab => Network
toNo Proxy
(the recipe is borrowed from here), now it doesn't seem to work (Tor Browser simply looses network connection). Is it at all possible to achieve in Tor Browser 8?I'm aware that this is no…
I'm aware that this is no help for you, but it still works for me the very same way you just described here. To make it persist between re-starts, you've to disable torbutton though.
Since updating to 8.0.1 I…
Since updating to 8.0.1 I have seen a LOT of Cloudflare captchas (one more step). Like 50% of all pages.
Something is seriously broken. I have not seen these captchas since the large fix on issue in 2016.
In Windows TBB 8.0 send …
In Windows TBB 8.0 send Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0 useragent.
TBB 8.0.1 send
Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0 - for HTTP request
and
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0 for javascript
I guess that's https://trac…
I guess that's https://trac.torproject.org/projects/tor/ticket/27848. We are investigating. Oh, and, yes, I agree that Cloudflare is breaking Tor Browser and that it is not good for a healthy Internet.
privacy.resistFingerprinting…
privacy.resistFingerprinting.autoDeclineNoUserInputCanvasPrompts ; false
who wants to be identified uniquely?
Get rid of Noscript asap.
Get rid of Noscript asap.
On the right side of URL and…
On the right side of URL and /Search boxes there are 2 icons, HTTPS Everywhere and NoScript,
both identified with "S".
Could you change HTTPS Everywhere icon to "Lock" as in URL, on blue background ?
Would be a good feature…
Would be a good feature request to file at the HTTPS Everywhere project. We don't maintain that one and just take the final version and ship it in Tor Browser.
I set the search engine to…
I set the search engine to DuckDuckGo (onion). Very often, when I search something in the address bar, it ends up producing an error 400 (bad request). Searching directly in the DuckDuckGo onion search field always works.
I experience the same. Just…
I experience the same. Just press ctrl+shift+L, and that's all.
NoScript's icon doesn't show…
NoScript's icon doesn't show it is blocking 'fetch' on a website.
How are you testing that?
How are you testing that?
Opening a website which…
Opening a website which doesn't work w/o js, enabling js in custom pane, it reloads, NoScript shows 0 blocked, but the website is still not working, going to custom pane and seeing 'fetch' in red, enabling it, and the website works!
You are starting with the…
You are starting with the security slider set to "safest"? It seems like this is a NoScript bug. Could you file one in the NoScript forum(https://forums.informaction.com/viewforum.php?f=3)?
Of course. Of course. Of…
Of course. Of course. Of course, no. He can't even fix https://www.netflix.com/
See https://forums.informaction.com/viewtopic.php?f=7&t=25231
Your new release 8.0.1 is…
Your new release 8.0.1 is now generating captcha site blocking security by cloudfare. The problem i'm having is the captcha sequence keeps repeating itself after successful completion and verification without allowing site access. How can I disable this security feature which is frustrating and did not occur on any previous versions of TOR browser.
Depending on tor exit this…
Depending on tor exit this existed in older versions of TBB too. It is not TBB issue. If I see this, I change tor chain. It is cloudflare or target website which blocks tor exit.
Was looking forward to…
Was looking forward to experience with Tor, but it's for Windows version 7.0/8 and higher, and I'm still using XP Pro. Can anyone guide me to an older, stable version that I can use until I upgrade?
The last version with XP…
The last version with XP support was 7.5.6 (based on the last supported version of Firefox). However it has known vulnerabilities, so using it is not recommended.
Until your system is upgraded, an alternative is to boot on a Tails usb stick when you need to use Tor Browser:
https://tails.boum.org/
As well as not saving…
As well as not saving permissions, Noscript has suffered another bug since tor browser 8. The default site behavior has been to to trust all Scripts, Objects, Media, Frame, Fonts, Webgl, Fetch, and Other. This is so comprehensively permissive as to render Noscript useless. For comparison's sake, Noscript's default behavior in Firefox 60+ is to permit only Media, Frame, Fonts, Webgl, and Other. Obviously, altering the default behavior doesn't affect the next tor browser session as that won't be remembered, per the bug.
Please, alter the default Noscript permissions in the next release. If you can separate this issue from Noscript settings being remembered across sessions, please prioritize this issue. Thank you
Since TBB-8.0.1 and its new…
Since TBB-8.0.1 and its new User-Agent behavior, almost 327,52% of web sites I visit and which are protected by the Cloudflare (187,03% of the internet) ask me to solve Google Captcha : I could use "New circuit for this site" but at best, I have to spend 2 to 3 minutes to bypass Cloudflare. And this is when it is possible : some page are not even reachable whatever the time you spent on renewing a circuit.
It means that my privacy is worst than ever before as Cloudflare & Google are well known to be the greatest enemy to privacy, free speech and anonymity :/
There are cloudflare…
There are cloudflare intentions to use onion v3 services in their infrastructure to treat network traffic from tor users differently. However, it is still in progress yet.
GPU process can die…
GPU process can die successfully on Win 7:
(#10) Error Killing GPU process due to IPC reply timeout
(#11) Error Failed to connect GPU process
(#12) Error Receive IPC close with reason=AbnormalShutdown
Noscript config not saved…
Noscript config not saved.
Crash detected on doileak.com test.
https://imgur.com/LOMmPJo
Win 7 Thin PC x86
Is that crash reproducible…
Is that crash reproducible with a clean Tor Browser? (Both with a 64bit/32bit one?)
torbrowser-install-8.0.1_en…
torbrowser-install-8.0.1_en-US.exe
I installed it and immediately went to the website.
And I pressed the test button.
Still crash occurred.
https://imgur.com/WsOj81F
https://imgur.com/HywdPyD
Win7 Thin PC x86 (VitualBox)
Is there some Antivirus…
Is there some Antivirus/Firewall software running on that system? Did you change the security slider to "safer"/"safest" or did you let it at the default level?
No Antivirus. Using the…
No Antivirus.
Using the Comodo firewall.
However, tor.exe and firefox.exe are fully open settings.
Default level. I did not change anything.
This crash did not occur in the 7 version, but only in the 8 version.
I installed the normal Firefox 60 ESR x86. (https://www.mozilla.org/en-US/firefox/organizations/)
The doileak.com test passes.
Could you disable (better:…
Could you disable (better: uninstall) the Comodo Firewall to check whether that fixes your issue? Or maybe not everything you need is whitelisted, hm. Do you use bridges?
I deleted the Comodo…
I deleted the Comodo Firewall, still an error. https://imgur.com/a/UAwZjm7 Bridge has never been used. I just use Tor in Virtualbox. (Window 7 Embedded Thin PC x86, Disable 3D Acceleration, Enable VT-X) I think there are no special points other than that. Hmm... I turned off some window services. List of running services. https://imgur.com/a/eiQmGlB This is all. I'm poor at English. It's hard to talk any more. Sorry and thank you.
https://arxiv.org/abs/1808…
https://arxiv.org/abs/1808.07285 - This uses deep learning to correlate Tor traffic correctly 96% of the time by observing only 900 KB of data flowing, compared to existing methods getting only 4%. That sounds like a broken Tor to me. Any response?
How do we access the circuit…
How do we access the circuit links for 8.0.1 ?
Not working for me since…
Not working for me since update, I just get an endless loop of CAPTCHA Tried new circuits but same result. Not good!!.
Necesito que actual izen…
Necesito que actual
izen dentro del browser el java
(#843736) Error Attempt to…
(#843736) Error Attempt to create DrawTarget for invalid surface. Size(380,503) Cairo Status: 1
Your f*cking update killed…
Your f*cking update killed my session!!!
Do you have more details…
Do you have more details about the issue?
The browser should ask you before restarting (giving the option to do it later).
I had a similar occurrence…
I had a similar occurrence years ago: One minute I'm browsing, the next minute the Window was just [i]gone[/i]. When it came up on its own I was informed that Tor was updated and 2 of my AddOns were outdated. (At the time, I was too shocked to seek out the devs because I was simply too busy retracing my steps and updating my AddOns.)
I haven't had this issue since, but my completely uneducated (and untested) guess would be that some AddOns interfere with the Tor browsers' ability to ask if the user would like to update 'now' when it's set to automatically update.
If you have interest in looking into this particular theory, you could send the devs a list of your AddOns and settings, Viktor. (Presuming Tor doesn't change those in the process of the 8.0.1 update.)
— In Tor Browser 8.0.1, what…
— In Tor Browser 8.0.1, what is the default browser-window size supposed to be on Windows, Linux, and MacOS desktop platforms?
— On MacOS desktop platforms, the default browser-window size is 1000 Wide x 0998 High.
— On MacOS desktop platforms, is the default browser-window size supposed to be 1000 Wide x 0998 High or is this a defect?
— On Windows desktop platforms, is the default browser-window size supposed to be 1000 Wide x 1000 High or is this a defect?
— On Linux desktop platforms, is the default browser-window size supposed to be 1000 Wide x 1000 High or is this a defect?
— Are the default Tor Browser 8.0.1 browser-window sizes supposed to be identical across all 3 desktop platforms, or are one or more of the default browser-window sizes supposed to be different across the 3 desktop platforms?
As mentioned, Noscript in…
As mentioned, Noscript in tor browser 8.0.1 does not save settings between sessions. A related problem is that the default settings in Noscript on tor browser 8.0.1 currently permit all aspects of javascript:
-script
-object
-media
-frame
-font
-webgl
-fetch
-other
Default currently is indifferent from a "trusted" site. For reference, the default settings for Noscript on Firefox 60+ only permit:
-media
-frame
-font
-webgl
-other
The default settings are so comprehensively permissive that they make Noscript entirely useless. Of course, altering the default settings does not "stick" between sessions due to the current bug. Please, fix both bugs. However, if you can separate the issues, please prioritize this default settings issue. It really places your users' security in jeopardy. Thank you
Why not set duckduckgo onion…
Why not set duckduckgo onion as default search?
https://trac.torproject.org…
https://trac.torproject.org/projects/tor/ticket/21483
When bugfix of #23512 will…
When bugfix of #23512 will be backported to stable releases? It is so scary bug...
Do we have a web page where I could read man pages for tor alpha releases?
Hard to say. Once it will be…
Hard to say. Once it will be in a new stable Tor we'll ship it in Tor Browser, though.
Do we have a web page where…
Do we have a web page where I could read man pages for tor alpha releases?
Yes
Hey, why the hell CF uses…
Hey, why the hell CF uses 443 for http onions?!
cflarexljc3rw355ysrkrzwapozws6nre6xsy3n4yrj7taye3uiby3ad.onion:443
or is it a Firefox not recognizing 443 for .onion domains?
and what's up with https version of it?
It is all about [url=https:/…
It is all about this.
It doesn't answer to my…
It doesn't answer to my questions.
You may contact CloudFlare…
You may contact CloudFlare devs and ask them directly. Why anybody here should be responsible for?
Because it is a feature of…
Because it is a feature of Tor Browser.
It is all about…
It is all about opportunistic encryption with HTTP/2 or SPDY, read Sec. "How it works". Indeed, this was later used with CloudFlare onions.
Can't connect to certain…
Can't connect to certain sites.
Using Windows 10 Home. Version 1803 64-bit.
9/25/18, 06:17:11.986 [NOTICE] We tried for 15 seconds to connect to '[scrubbed]' using exit $51377C496818552E263583A44C796DF3FB0BC71B~apx1 at 185.107.47.215. Retrying on a new circuit.
cant search for add on…
cant search for add on because it pops new browser and search mozilla database not tor....previous versions worked but this new version doees not allow this. strange?
What exactly are you doing?…
What exactly are you doing? Could you give us some steps to reproduce?
maybe i not seeing it but i…
maybe im not seeing it but i can no longer see the 3 ip addresses when i click on the onion symbol
You need to click on the…
You need to click on the left of the URL bar.
When are you going to…
When are you going to sanitize SVG instead of disabling it?
Giorgio Maone, why are you…
Giorgio Maone, why are you using unsupported 'report-to' CSP which is spamming the console?
https://github.com/hackademix/noscript/blob/e2b63cf98204a45f4c55ba44668…
https://developer.mozilla…
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Secur…
Hi, Since I upgraded to 8.0…
Hi,
Since I upgraded to 8.0.1, I spend most of my time solving captcha than surfing : are Cloudflare and/or Google and/or both launching a war on Tor ? o_O
https://trac.torproject.org…
https://trac.torproject.org/projects/tor/ticket/27848
Ok, so I switch back to 8.0 …
Ok, thanks you.
It's sad that the solution seems to switch back to 8.0 (at least if one uses TBB in a resstable VM), until either TBB-8.0.2 or Cloudflare stops leaking TOR user privacy to Google :/
Seems with the new TOR…
Seems with the new TOR update many sites now require CAPTCHA where as before they did not.
https://trac.torproject.org…
https://trac.torproject.org/projects/tor/ticket/27848
Downgrading to 8.0 or…
Downgrading to 8.0 or earlier seems to solve the captchas occurring.
8.0.1, 8.0 and 7.5 all have different user agents.
I understand cloudflare whitelists default tor browser user agent. I think they have not yet updated user agent recognition to match the string 8.0.1 is using.
8.0.1, 8.0 and 7.5 all have…
They call it "Resist Fingerprinting"
:)
:)
why do you ship that…
why do you ship that pingsender program which mozilla explicitly documents as not obeying firefox proxy settings?
I fail to understand why Tor…
I fail to understand why Tor Browser 8.0.1 gets released when Tor Browser 8.5a1 is already out. Maybe that's something you should explain to your users 'before' going into technical details and bug report numbers.
I'm currently sticking with Tor Browser 7.5.6 because of this, as well as the fact that an attempted update to Tor Browser 8.0 broke all the AddOns I use to make the newer versions of Firefox usable for me. (Fortunately I started making backups before making Tor updates.)
The most privacy focused browser in the world doesn't help me if I can't use it.
And in the vague hope that someone will actually read this: You should unify the size of the Tor browser windows based on the 'inner' measurement, rather than the outer border of the window. As soon as a user adds one toolbar or chooses a different size for icons, a good part of your anonymity concept is out of the window anyway. (Apparently just blocking JavaScript won't help here because CSS can be still use used to take measurements.)
Despite all this, I wish you a nice day, because no sort of frustration makes me blind to the fact that you actually 'try'. Thank you for that.
We have two Tor Browser…
We have two Tor Browser series: a stable one and an alpha one (the latter has an "a" in its version numbers to tell them apart). We have those two series in order to give new features and bug fixes more testing in the alphas before they reach the stable series. This should help shaking out bugs and is aimed at developers/users that would like to help us with bug finding/fixing.
tbb 8.0.1 on linux 64bit…
tbb 8.0.1 on linux 64bit produces platform linux_x86 (not Win32, the desired value) on Panopticlick
Not sure how Panopticlick is…
Not sure how Panopticlick is testing that but we do spoof the user agent when doing HTTP requests but allow getting the unspoofed values if you have JavaScript enabled.
Even with javascript…
Even with javascript disabled, https://www.doileak.com/ gives me the following:
Operating System: We have detected multiple OS:
Windows (User Agent, )
Linux (Fingerprint, )
Same is true for https://browserleaks.com/
Disabling javascript completely in about:config won't hinder both websites to reveal my platform either.
However, while I was never aware of this: I just checked and Tor Browser 7.5.6 gives me the same results, so it's not related to the latest updates. Was hiding the platform never the intention?
Disregard my previous…
Disregard my previous comment, I didn't think that through at all. Both websites use passive TCP/IP fingerprinting for OS detection and hence it's just the fingerprint of my exit node, which coincidentally happened to run linux..
we do spoof the user agent…
"we do spoof the user agent when doing HTTP requests but allow getting the unspoofed values if you have JavaScript enabled."
Why?
The short explanation is…
The short explanation is that it breaks websites like Google Doc and some Github functionality otherwise for macOS users. The longer discussion is in: https://trac.torproject.org/projects/tor/ticket/26146.
So allow unspoofed user…
So allow unspoofed user agent only for macOS users, on GNU/Linux we have normal keyboard.
If Cloudflare blocks TOR…
If Cloudflare blocks TOR traffic based on user agent string, then how LONG does it take for them to update their servers when a new TOR version is released?
https://www.bleepingcomputer…
https://www.bleepingcomputer.com/news/security/new-mozilla-firefox-atta…
"crash or freeze the Mozilla Firefox desktop browser simply by visiting a web page that contains an embedded JavaScript script"
Has TBB this new innovative function, too?
Seriously?! Any webpage with…
Seriously?! Any webpage with 100-200+ ads freezes/crashes Tor Browser like that.
Having a problem with the…
Having a problem with the auto-update feature. Torbutton continues telling me a TB update is available, even though I've "updated" it to 8.0.1 several times now. It restarts and says "Tor browser is checking addon compatibility and will start in a moment," and then starts but the About page still says Tor Browser 8.0. I imagine a fresh install will fix it, but I just wondered if anyone else was having this problem. Qubes 3.2 with Whonix, vanilla updater.
Hello I have download Tor…
Hello
I have download Tor Brownser 8.0 and Tor Browser 8.1 (with fresh install and Update from 8.0), but the Tor Browser stay in english.
How to put Tor Browser in French please ?
I have download Tor Browser with this link : https://oiyfgiixvl.tudasnich.de/torbrowser//8.0.1/torbrowser-install-win64-…
Hm. You mean the text in the…
Hm. You mean the text in the browser itself stays on english if you click on browser menus? Do you have a screenshot which could help understanding your issue? If you go on the
about:addons
page do you see a language pack section on the left? If so, what does it show if you click on it?I visited whoer.net and…
I visited whoer.net and found that torbrowser 8.0.1 leaked my operate system. Usually the headers of browser should be same as the javascript, as bellow shows.
Headers:
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
JavaScript:
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
But torbrowser 8.0.1 gets this result.
Headers:
Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0
JavaScript:
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
Yes, that's intentional. See…
Yes, that's intentional. See: https://trac.torproject.org/projects/tor/ticket/26146 for the reasoning behind that decision.
Facepalm
Facepalm
Fix some sites for macOS…
Fix some sites for macOS users by showing real OS and compromising privacy of GNU/Linux users, but don't care about breaking cloudflared websites. Genius! Maybe this is some kind of warrant canary?
No, it's a joint effort of…
No, it's a joint effort of Mozilla's & Tor's developers :(
Is there any thought to…
Is there any thought to replacing the Firefox icons that appear when you pin Tor to the Start Menu in Windows 10? The icons are in the VisualElements folder.
Yes. We have https://trac…
Yes. We have https://trac.torproject.org/projects/tor/ticket/22654 for that. Please help if you can.
04:50:49.748 TypeError:…
04:50:49.748 TypeError: content.document.body is null 1 aboutTor-content.js:76:34
Tor crashes every now and…
Tor crashes every now and then at startup.
Using Windows 10 home edition.
9/28/18, 06:35:57.877 [NOTICE] Bootstrapped 90%: Establishing a Tor circuit
9/28/18, 06:35:58.175 [NOTICE] Tor has successfully opened a circuit. Looks like client functionality is working.
9/28/18, 06:35:58.175 [NOTICE] Bootstrapped 100%: Done
9/28/18, 06:36:02.968 [NOTICE] New control connection opened from 127.0.0.1.
9/28/18, 06:36:02.968 [NOTICE] New control connection opened from 127.0.0.1.
That log looks good. What…
That log looks good. What happens if Tor Browser is crashing? Do you get an error message?
why is it that i have to…
why is it that i have to solve a captcha everytime i go to a cloudflare protected website?
it didn't happened on the previous version.
Please fix cloudflare alt…
Please fix cloudflare alt-svc to transparent onions no longer working between this and 8.0 i get much many more captcha now
Thank you for the wonderful…
Thank you for the Tor project. I've had major cloudflare issues though since updating to 8.0.1 on windows 7 professional 64 bit. In the two years I've used Tor browser I've only ever rarely encountered captchas, but since the update I'm consistently getting them, multiple times per page load attempt. I can eventually get rid of them by establishing a new tor circuit for the site, but I'm often needing to do this up to 20 times in a row to load a page.
I tried deleting and reinstalling with no relief, and I was reluctant to update to 8.5 as I can't see cloudflare mentioned as an issue. I've since rolled back to the previous version (7.5 something) and the problem has gone away.
Tor Browser 8.0.1 with…
Tor Browser 8.0.1 with NoScript Version 10.1.9.6 don't view VK.com https://vk.com/badbrowser.php
I just tested with a clean…
I just tested with a clean new Tor Browser 8.0.1 on a Linux machine and I don't have this issue. Do you have steps to reproduce your problem? Which operating system are you using?
Tor Browser 8.0.1 on a…
Tor Browser 8.0.1 on a Windows, noscript - default. VK redirect to badbrawser
On Tor Brawser 7 this issue…
On Tor Brawser 7 this issue cure:
NoScript Options > Advanced > Untrusted
Forbid META redirections inside elements
Hey, why cloudflare is…
Hey, why cloudflare is FULLBREAKING netbrowsing with TBB again, again and again?
After send message to this…
After send message to this blog, page go to infinity loop.
Tor on a Windows. scripts blocked.
8.0.1 unusable. pages stop…
8.0.1 unusable. pages stop loading after 30 seconds of use. must go back to 7.x to browse the internet.
Pictures on some sites are…
Pictures on some sites are loaded from different domain (pic server, for optimization), but cloudflare blocks them with shitty captcha which can't be shown instead of a picture!
Please, help!
CloudFlare accsess error to…
CloudFlare accsess error to e-hentai.org: http://220xd.site//img-5bb0b7010e341.html
chan.sankakucomplex.com
Unknoun error: http://220xd.site//img-5bb0b74ada7a4.html
Security level safest, Tor browser 801, script block
Endless Captcha loops since…
Endless Captcha loops since the last major update to Tor Browser on almost all https web addresses ?
Never have I seen such a decline in functionality of Tor Browser before & I cannot understand why this wasn't firstly, extensively tested & secondly once discovered, subsequently held back for further code tweaking!? I've never had an issue with Captcha loops before as an experienced user & I do mean from the very beginning... ?
Fucking captcha is broken on…
Fucking captcha is broken on 'Safer' level!!!
who do you see the circuit…
who do you see the circuit in TOR VERSION 8.0.1 - CAN NOT FIND IT ANYWHERE.. PLEASE HELP??
Left click on the round ( i …
Left click on the round ( i ) (info button) at the far left of the address bar, I just found this out myself.
also stuck on 7.5.6 - seems…
also stuck on 7.5.6 - seems last usable ver
While using obfs3 IP 109.105…
While using obfs3 IP 109.105.109.163 the captcha kept repeating. I tried a new circuit but it kept getting obfs3 IP 109.105.109.163. the captcha appears to be the older one where you select an item with a check mark then copy and paste the correct results.
And how to watch it on …
And how to watch it on 'Safer'?
https://coub.com/view/ak24v
Works for me if I click on…
Works for me if I click on the small NoScript block in the lower left corner to enable media. I agree, it would be better if one just needed to click on the "main" part of the video. Not sure why that is not working.
And where is the sound?
And where is the sound?
Great to see the "Tor…
Great to see the "Tor Enabled" onion button is back again for "New Identity" but I can't see what country it is and I can't change identity for 1 specific window. There is only this "New identity" option wich will close and change ALL the windows.
I'm on Linux/Ubuntu 18.04.1 LTS
Thank's in advance!
"connection not secure" When…
"connection not secure" When I go to the tor circuit I notice a message stating connection not secure when I attempted to go to the site "https://tunnelblick.net" the site is valid and the circuit is Bridge obfs3 109.105.109.163, swedan 158.174.14.94, czeck republic 46.36.38.57.
Should I report errors such as the above?
When starting Tor 8.0.1 on…
When starting Tor 8.0.1 on Windows 7 Ultimate I get the normal firewall alerts, but before I can tick yes to the one below:
Path:\Tor 8.0.1\Tor Browser\Browser\firefox.exe
An attempt to create a process has been detected.
Command line: Path:\Tor 8.0.1\Tor Browser\Browser\firefox.exe
a Windows popup box says:
[Window Title]
Path:\Tor 8.0.1\Tor Browser\Browser\TorBrowser\Tor\tor.exe
[Content]
Windows cannot access the specified device, path, or file. You may not have the appropriate
permissions to access the item.
[OK]
Then after allowing the firewall alert it says ''Tor failed to start''.
The ''OK'' button is very opaque, the ''OK'' can barely be read, the surround box is light blue.
After clicking on ''OK'' I get ''Tor unexpectedly exited. This may be due to a bug'' etc.
I click on restart Tor, 3 firewall alerts later it says starting, waited 5 minutes nothing.
Try again, hover mouse over Cancel and it turns the box very opaque, a white ''Cancel'' with a very light blue background.
Next attempt.. Loading network status, but the green progress bar doesn't move past the message, so cancel, quit.
Try again, Loading network status doesn't even appear, green bar doesn't show up, so quit.
So far I've only managed to get Tor 8.0.1 to work twice, once on the 1st attempt (after the Windows error popup box appeared though and after clicking on restart) and this time after about 6 or 7 attempts
The firewall log shows no blocks, maybe Tor just times out before I can click on yes to the firewall alert? I don't know.
*The other thing is where the heck is ABE in the new NoScript? as I can't find it anywhere.
new to this
new to this
Some Cloudflare sites even…
Some Cloudflare sites even after getting the google captcha correct it just reloads the page instead of forwarding you to the website
Something I never noticed…
Something I never noticed before but after clicking on enter on a website it auto maximized/full screened the page, then I get the warning about not doing that! lol.
Any way to stop them from doing that?.
It depends on what is…
It depends on what is actually happening. Does the website just resize the window to maximize it or does it put it into fullscreen mode? Two tickets (with further references) that deal with aspects of this problem are:
https://trac.torproject.org/projects/tor/ticket/12609
https://trac.torproject.org/projects/tor/ticket/9881
I can't recall now, but…
I can't recall now, but thanks for the links, you are obviously looking in to it.
I read this ticket: https:/…
I read this ticket: https://trac.torproject.org/projects/tor/ticket/12609
and one user said HTML5 fullscreen API makes TB fingerprintable, disable it!
one suggestion is to set dom.disable_window_move_resize = true
via about:config
Is it ok to do this? or is that bug already fixed so not necessary?.