New Release: Tor Browser 8.0a10

by boklm | August 20, 2018

Update (8/21 7:45UTC): We got reports from users facing a weird update behavior: even after successfully applying an update to 8.0a10 the updater keeps downloading and applying updates. This is tracked in bug 27221. As a workaround, please either use a fresh 8.0a10 or go to about:config, search for 8.0a9. browser.startup.homepage_override.torbrowser.version and extensions.lastTorBrowserVersion will show up. Switch their values to 8.0a10. Sorry for the inconvenience.

Update 2 (8/23 16:20UTC): Today NoScript 10.1.8.17 got released which broke the security slider interaction due to a new messaging protocol. We fixed this problem in bug 27276 and the patch will be available in the Tor Browser 8 release. However, there is no alpha release planned to pick up this fix. Users that depend on the security slider functionality are encouraged to use the stable Tor Browser or a nightly version (starting with the one from tomorrow, August 24) until Tor Browser 8 and the next regular alpha release get out. Again, sorry for the inconvenience.

Tor Browser 8.0a10 is now available from the Tor Browser Project page and also from our distribution directory.

It is the second alpha release based on Firefox ESR 60 and contains a number of improvements and bug fixes. The highlights are the following features and major bug fixes:

  1. This alpha includes big changes to the user onboarding experience, and there are more to come.
  2. We included a revamped start page (special thanks to Mark and Kathy for the implementation on short notice).
  3. The meek pluggable transport should be fully functional now.
  4. We audited and enabled HTTP2 which should give performance improvements on many websites.
  5. We added another bunch of locales and ship our bundles now additionally in ca, ga-IE, id, is, and nb-NO.

For Windows users we worked around a bug in mingw-w64 which affected updates on Windows (64bit) resulting in intermittent update failures. Moreover, we finally enabled hardware acceleration for improved browser rendering performance after applying a fix for a long-standing bug, which often caused crashes on Windows systems with graphics cards, e.g. from Nvidia.

The Tor version we ship is now 0.3.4.6-rc and it would be a good time now to report client issues, noticed with this release candidate or previous alpha releases, in case they did not get fixed so far.

Known Issues

We already collected a number of unresolved bugs since Tor Browser 8.0a9 and tagged them with our ff60-esr keyword to keep them on our radar. The most important ones are listed below:

  1. On Windows localized builds on first start the about:tor page is not shown, rather a weird XML error is visible.
  2. Maybe related to the previous item, NoScript does not seem to work properly on Windows builds right now.
  3. We are not done yet with reviewing the network code changes between ESR52 and ESR60. While we don't expect that proxy bypass bugs got introduced between those ESR series, we can't rule it out yet.
  4. We disable Stylo on macOS due to reproducibility issues we need to investigate and fix. This will likely not get fixed for Tor Browser 8, as we need some baking time on our nightly/alpha channel before we are sure there are no reproducibility/stability regressions. The tentative plan is to get it ready for Tor Browser 8.5.

Note: This alpha release is the second one that gets signed with a new Tor Browser subkey, as the currently used one is about to expire. Its fingerprint is: 1107 75B5 D101 FB36 BC6C  911B EB77 4491 D9FF 06E2. We plan to use it for the stable series, too, once Tor Browser 8 gets released.

The full changelog since Tor Browser 8.0a9 is:

  • All platforms
    • Update Tor to 0.3.4.6-rc
    • Update Torbutton to 2.0.2
      • Bug 26960: Implement new about:tor start page
      • Bug 26961: Implement new user onboarding
      • Bug 26321: Move 'New Identity', 'New Circuit' to File, hamburger menus
      • Bug 26590: Use new svg.disabled pref in security slider
      • Bug 26655: Adjust color and size of onion button
      • Bug 26500: Reposition circuit display relay icon for RTL locales
      • Bug 26409: Remove spoofed locale implementation
      • Bug 26189: Remove content-policy.js
      • Bug 27129: Add locales ca, ga, id, is, nb
      • Translations update
    • Update Tor Launcher to 0.2.16.2
      • Bug 26985: Help button icons missing
      • Bug 25509: Improve the proxy help text
      • Bug 27129: Add locales ca, ga, id, is, nb
      • Translations update
    • Update NoScript to 10.1.8.16
    • Update meek to 0.31
      • Bug 26477: Make meek extension compatible with ESR 60
    • Bug 27082: Enable a limited UITour for user onboarding
    • Bug 26961: New user onboarding
    • Bug 14952: Enable HTTP2 and AltSvc
      • Bug 25735: Tor Browser stalls while loading Facebook login page
    • Bug 17252: Enable TLS session identifiers with first-party isolation
    • Bug 26353: Prevent speculative connects that violate first-party isolation
    • Bug 24056: Use en-US strings in HTML forms if locale is spoofed to english
    • Bug 26456: HTTP .onion sites inherit previous page's certificate information
    • Bug 26321: Move 'New Identity', 'New Circuit' to File, hamburger menus
    • Bug 26833: Backport Mozilla's bug 1473247
    • Bug 26628: Backport Mozilla's bug 1470156
    • Bug 26237: Clean up toolbar for ESR60-based Tor Browser
    • Bug 26519: Avoid Firefox icons in ESR60
    • Bug 26039: Load our preferences that modify extensions (fixup)
    • Bug 26515: Update Tor Browser blog post URLs
    • Bug 27129: Add locales ca, ga, id, is, nb
    • Bug 26216: Fix broken MAR file generation
    • Bug 26409: Remove spoofed locale implementation
    • Bug 26603: Remove obsolete HTTP pipelining preferences
  • Windows
    • Bug 26514: Fix intermittent updater failures on Win64 (Error 19)
    • Bug 26874: Fix UNC path restrictions failure in Tor Browser 8.0a9
    • Bug 12968: Enable HEASLR in Windows x86_64 builds
    • Bug 9145: Fix broken hardware acceleration
    • Update tbb-windows-installer to 0.4
      • Bug 26355: Update tbb-windows-installer to check for Windows7+
    • Bug 26355: Require Windows7+ for updates to Tor Browser 8
  • OS X
    • Bug 26795: Bump snowflake to 6077141f4a for bug 25600
  • Linux
    • Bug 25485: Unbreak Tor Browser on systems with newer libstdc++
    • Bug 20866: Fix OpenGL software rendering on systems with newer libstdc++
    • Bug 26951+18022: Fix execdesktop argument passing
    • Bug 26795: Bump snowflake to 6077141f4a for bug 25600
  • Build System
    • All
      • Bug 26410: Stop using old MAR format in the alpha series
      • Bug 27020: RBM build fails with runc version 1.0.1
      • Bug 26949: Use GitHub repository for STIX
      • Bug 26773: Add --verbose to the ./mach build flag for firefox
      • Bug 26569: Redirect pre-8.0a9 alpha users to a separate update directory
      • Bug 26319: Don't package up Tor Browser in the `mach package` step
    • OS X
      • Bug 26489: Fix .app directory name in tools/dmg2mar
    • Windows
      • Bug 27152: Use mozilla/fxc2.git for the fxc2 repository

Comments

Please note that the comment area below has been archived.

Anonymous (not verified) said:

August 20, 2018

Permalink

Hello. Tor button Circuit Display is not showing in Windows. Also, there is no drop down menu arrow for the button; nor is Tor button green. "New Identity" and "New Tor Circuit" do show up in the hamburger, though. I just downloaded the 8.0a10 installer, installed TBB and this is what I have discovered so far. Thank you.

Thank Goodness… (not verified) said:

August 20, 2018

Permalink

Hello. I've been giving 8.0a10 a testing on Windows 7. At first things went ok. Then, the same problem that I had with 8.0a9 reappeared with 8.0a10. It may take a few restarts to get to this behavior I am describing. When navigating to any new page (e.g.: https://sedvblmbog.tudasnich.de/) from the purple starting page, the TBB 8.0a10 gets stuck in an endless page reloading cycle. The new page keeps flashing and reloading and the browser can't be used. One cannot even type a new URL into the address bar because the address bar clears with each page reload. Also, I notice that the onion button is not green, but charcoal gray. The temporary fix is to reinstall the TBB after deleting the "Tor Browser" folder. However, the problem soon returns. I have done the re-installation with both Windows Defender and Avast turned off, and have left Defender off - no good. The problem comes back even with Defender turned off in the registry. Thank you all for your hard work.

Hm. Is there are way you could make me a bundle available that is causing the problem, so I can inspect it and give it a try? If so, I'd gladly have a look. You can reach me via gk[@]torproject[.]org (without the brackets).

That said I fear that it is still some AV functionality that is interfering with Tor Browser, although I have no good idea how to deal with that. Could you try uninstalling Avast and see if that fixes the problem? (Turning those tools off often does not help).

Anonymous (not verified) said:

August 21, 2018

Permalink

#26884?

Anonymous (not verified) said:

August 21, 2018

Permalink

But it doesn't support (officially) non-webext, and support for non-bootstrapped add-ons was removed entirely...

Anonymous (not verified) said:

August 21, 2018

Permalink

10:53:22.607 [NoScript] Cannot collect noscript activity data Could not establish connection. Receiving end does not exist. collectSeen@moz-extension://%uuid%/bg/main.js:252:38
1 log.js:12:62
What does it try to collect about users?!
(It also reveals local time in logs)

This is NoScript in the parent process trying to check what NoScript in the child process have detected/blocked, all inside the (multi-process) TorBrowser, in order to display this data in the popup UI when it's needed. The timestamp is automatically logged by the browser's console on each printed message. Nothing leaves your browser or is written on the disk.

Anonymous (not verified) said:

August 21, 2018

Permalink

> Update (8/21 7:45UTC): We got reports from users facing a weird update behavior: even after successfully applying an update to 8.0a10 the updater keeps downloading and applying updates.

successfully? It's entirely missing from Update History! 8.0a9-8.0a10.mar downloaded, restarted, and:
[08-21 09:15:43] Torbutton INFO: tor SOCKS: https://cdn.torproject.org/aus1/torbrowser/8.0a10/tor-browser-win64-8.0… via
--unknown--:4c103840b78e7ea54c82a41a841e98d1
Now Full update. Restarting...

Anonymous (not verified) said:

August 21, 2018

Permalink

Build System
All
Bug 26410: Stop using old MAR format in the alpha series
Bug 26569: Redirect pre-8.0a9 alpha users to a separate update directory

It is 'Updater', not 'Build System' ;)

Yes, that's due a bug we have during update (see the update in the blog post at the top) which causes an ongoing update redownload. See the possible workarounds in that blog update for a solution.

Anonymous (not verified) said:

August 21, 2018

Permalink

> Bug 26237: Clean up toolbar for ESR60-based Tor Browser
It doesn't work for updated from 8.0a9 browsers :(

Anonymous (not verified) said:

August 21, 2018

Permalink

10:15:04.554 NS_ERROR_NOT_AVAILABLE: Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIWebNavigation.loadURIWithOptions] 1 browser-child.js:359

What's the problem? That an update request gets issued? Or that it's not isolated to the first party domain? The letter is to be expected given that the Menu/Options trigger it (how exactly gets that triggered?).

Anonymous (not verified) said:

August 22, 2018

Permalink

I see. It can be HTTPS-E, again :( Don't want to look at it. You asked for more bugs - now you have them :)

Anonymous (not verified) said:

August 21, 2018

Permalink

> Bug 26603: Remove obsolete HTTP pipelining preferences
You forgot:
network.http.pipelining.max-optimistic-requests
network.http.pipelining.read-timeout
network.http.pipelining.reschedule-timeout

BTW, Mozilla forgot:
network.http.version
network.http.proxy.version

Anonymous (not verified) said:

August 22, 2018

Permalink

Oh, no! They implemented h2 only, not http/2! So, we still need http/1.1 for plain http connections and HTTP pipelining for performance!

Anonymous (not verified) said:

August 21, 2018

Permalink

The User Agent leaks more entropy than the previous releases, please fix this (I visit one website safest security setting = they can't know my OS, but now they can thanks to user agent)

It's a Mozilla led wreckage, even the original bug report on bugzilla doesn't make sense ("Because the network fingerprint leaks OS" BUT WHAT IF IT IS USED WITH A PROXY!)

This situation is literally unbelievable.

Yeah, especially considering that Linux and Mac OS users are a minority so the entropy is actually higher when you don't fit the Redmond norm. We should never keep quiet about this otherwise it will get ignored as a non-issue when it's a very big issue.

The general.useragent.override pref is Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0 even for the Linux version, but the browser sends Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0.
Not a big deal, but confusing anyway ...

I'm not sure if this works with new versions or whether this is exactly what you're looking for, but try this and determine whether it works for you:

Tor Browser > about:config > right click/add string:

general.useragent.override
Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0

And to finish the job:

about:config > add new string:

general.platform.override
Win32

Now visit https://panopticlick.eff.org/ and see if this gets you some better results!

It is already set to
Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0

But panopticlick displays
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0

on linux.

Anonymous (not verified) said:

August 21, 2018

Permalink

about:tor needs to be made dynamic so that it displays correctly on 1000x600 and similar low res windows. Now I get a scrollbar with it!

aqwerty (not verified) said:

August 21, 2018

Permalink

Hi,
I have a question, there is a project called https://joinpeertube.org and they usen the BitTorrent protocol to share bandwidth between users. It implies that your public IP address is stored in the public BitTorrent tracker of the video PeerTube instance as long as you're watching the video. As they mention privacy can be compromised with this protocol and recommend to solve this situation using VPN or TOR.

Is this true? I have read so much on the TOR website that it is not safe to use p2p, webRTC.

Thanks, I hope you can help me with the question.

Anonymous (not verified) said:

August 21, 2018

Permalink

> even after successfully applying an update to 8.0a10 the updater keeps downloading and applying updates.
It can update a10 to a10 with full update. Is it intentional and secure?

Anonymous (not verified) said:

August 21, 2018

Permalink

* Bug 26655: Adjust color and size of onion button
Is it useful? Sec Settings -> hamb menu, Tor Net Settings -> Options, Check upd -> null.

"This browser supports WebGL ×False (supported, but disabled in browser settings, or blocked by extensions)" is what I get when going to browserleaks.com and doing the WebGL test. That's with a Linux bundle. How can I reproduce your issue?

Well I get
"WebGL Blocking (NoScript) ✔ not detected " so, the test can't test the NoScript WebGL block anymore (while it is still blocked, see my previous comment). Thus, this is actually good.

Anonymous (not verified) said:

August 23, 2018

Permalink

No, I disabled NoScript manually to check if it was blocking WebGL. But even without NS, WebGL demos don't play. E.g., displays the error message "It does not appear your computer supports WebGL", and the browser console shows 

  1. Error: WebGL warning: Failed to create WebGL context: WebGL creation failed:<br />
  2. * Error during native OpenGL init.<br />
  3. * Exhausted GL driver caps.<br />
  4. * Exhausted GL driver options.

@Anonymous - August 21, 2018

>The opening pdfs online issue hasn't been solved yet right?

Why would you want to open pdfs online while using Tor? That's probably not a good idea.

Also, I recommend:

Tor Browser > about:conifg > pdfjs.disabled - true

gk

gk said:

August 22, 2018

Permalink

Actually, I misread your question. So, the opening pdfs online should work again. But at the cost that the range requests are not properly isolated to the URL bar domain.

Anonymous (not verified) said:

August 22, 2018

Permalink

So, the opening pdfs online should work again

Well that's not even working for me, here's the crazy error that I get in the console:

Attempting to post a message to window with url "resource://pdf.js/web/viewer.html" and origin "resource://pdf.js^privateBrowsingId=1&firstPartyDomain=torproject.org" from a system principal scope with mismatched origin "[System Principal]".

Crazy error repeated itself 271 times.

Anonymous (not verified) said:

August 23, 2018

Permalink

The value is pdfjs.disableRange = true, I can't recall exactly if I had a clean 8.0a9 or did the update from 8.0a8 to 8.0a9 but it's most probably the latter.

That's the problem, see: https://trac.torproject.org/projects/tor/ticket/26540. However, I am not sure why it's not set to false in your case. We fixed that with https://trac.torproject.org/projects/tor/ticket/26039 in the sense that we don't set pdfjs.disableRange to true anymore and noticed previously that pdfjs would blow away non-user prefs. Probably that's because we originally set it as a user pref.

Anonymous (not verified) said:

August 24, 2018

Permalink

in the sense that we don't set pdfjs.disableRange to true

That explains why it works on clean builds and not updated ones, it needs to be reverted for everyone though. And yes setting pdfjs.disableRange to false fixes the issue for me. Thanks a lot Georg!

Anonymous (not verified) said:

August 21, 2018

Permalink

Update (8/21 7:45UTC): We got reports from users facing a weird update behavior: even after successfully applying an update to 8.0a10 the updater keeps downloading and applying updates. This is tracked in bug 27221. As a workaround, please either use a fresh 8.0a10 or go to about:config, search for 8.0a9. browser.startup.homepage_override.torbrowser.version and extensions.lastTorBrowserVersion will show up. Switch their values to 8.0a10. Sorry for the inconvenience.

Setting extensions.lastTorBrowserVersion to 8.0a10 is enough to fix this issue. But what's the weird pref it is? Did somebody miss `.torbutton.` in some patch? Also, it's entirely Torbutton's bug which triggers Updater to update (and it unfortunately has no protections from updates to the same version).

Anonymous (not verified) said:

August 21, 2018

Permalink

Moreover, we finally enabled hardware acceleration for improved browser rendering performance

Doesn't this add new fingerprinting attack vectors?

Anonymous (not verified) said:

August 22, 2018

Permalink

Do you have specific attacks in mind?

No, i just was worried that malicious JS could extract detailed information about my graphics hardware and use that for tailored attacks.

1 (not verified) said:

August 22, 2018

Permalink

Are you saying it was enabled by default and by design on all platforms except windows, and all threats were analyzed?
Don't you know that:
- D2D renders fonts differently?
- only WebGL has a so-so sanitizer (ANGLE), other calls are direct?
- DXVA has different versions and no sanitization of videos?

Also, what's up with SVG sanitizing instead of blocking?

Anonymous (not verified) said:

August 22, 2018

Permalink

You've only set the bit in executables, but it's possible to force heaslr flag (but not heaslr) on the app even without it. However, you should know it is opt-in only. So, no heaslr for now.
Also, you missed libssp-0.dll.

Anonymous (not verified) said:

August 21, 2018

Permalink

Use new svg.disabled pref in security slider

But still using the long-gone media.webaudio.enabled</code pref instead of the correct <code>dom.webaudio.enabled preference ...

Anonymous (not verified) said:

August 21, 2018

Permalink

Error: We have already registered a distinct blocker with the same name: Crash Reporter: blocking on minidumpgeneration. nsAsyncShutdown.js:114:11
TypeError: win.gBrowser is undefined[Learn More] ProcessHangMonitor.jsm:412:9
Webconsole context has changed

Anonymous (not verified) said:

August 21, 2018

Permalink

Sometimes NoScript's menu opens partially with error:
21:58:04.646 TypeError: Argument 1 of PrecompiledScript.executeInGlobal is not an object. 1 ExtensionContent.jsm:489:18

Anonymous (not verified) said:

August 21, 2018

Permalink

after a few restarts NoScript is still not working on my window7, actually after a few restarts all add-ons stop working

Anonymous (not verified) said:

August 22, 2018

Permalink

security level is safest, all add-ons in the toolbar ( noscript, https everywhere) stop working, i noticed the bug in the previous version, just after a few restarts noscript stop working i know that because i test it on http://ip-check.info/?lang=en/ and the test says JavaScript is enabled, if i click on the noscript icon it simply doesn't work, it doesn't open any menu, https everywhere shows a blank menu

Anonymous (not verified) said:

August 21, 2018

Permalink

@Anonymous - August 21, 2018

>WebGL Blocking (NoScript) ✔ not detected
>It was blocked by default in previous versions.

Tor Browser > about:config > webgl.disabled - true

One and done. Next?

Anonymous (not verified) said:

August 21, 2018

Permalink

I surf via Tor with a full screen.

I'm not about to struggle squinting in some stupid low-res mode of the browser because it makes me fit in with other Tor users. Sure, the maxed out browser window is against the recommendations of some, but seriously? There has to be a better way to deal with CSS bullshit and the browser, something better than leaving your browser open as a tiny window on a large screen!

While we're at it, I also disable favicons. The downsides of leaving them enabled is well documented.

Tor Browser > about:config > browser.chrome

and

browser.chrome.favicons;false
browser.chrome.image_icons.max_size;0
browser.chrome.site_icons;false

grover (not verified) said:

August 21, 2018

Permalink

Great.

So now we get the "new" NoScript add-on? It's dumbed down to nothing! The old version of NoScript (which continues to function well with the old FF ESR) was/is kickass!

I wonder - does the author of NoScript plan on rebuilding the NoScript add-on to contain features it now lacks? Gone are all the options to tighten up your browser. Now it's just some point and click nonsense for sites. IMO, it's little more than a steaming pile of cow dung.

What a shame.

I disagree. Users should not need to get in touch with NoScript and its settings at all. We plan to redo our security related settings after we get Tor Browser 8 out and we'll point to those then in the onboarding.

Flabbergasted (not verified) said:

August 21, 2018

Permalink

I open TBB 8.0a10 to a white browser page that says "The proxy server is refusing connections". Checking connections with "about:preferences" shows:
1. Manual proxy connections - check
2. SOCKS Host 127.0.0.1 ... Port 9150
3. SOCKS v5 - check
4. Proxy DNS when using SOCKS v5 - check
I did try running 8.0a10 in Safe Mode on Windows 7 x64bit FIRST to bork the antivirus and Windows Defender. Reason: trying to grapple with the endless browser reload loop without uninstalling Avast antivirus. That's when I got "The proxy server is refusing connections" originally. After rebooting into a normal Windows session, the problem persisted. However, TBB 7.5.6 opened and functioned normally in Safe Mode. I don't what's the difference, but that's what happened. Imma gonna go hide now before the Tor Project Team mushroom cloud nukes me.

Flabbergasted (not verified) said:

August 22, 2018

Permalink

There may be a Security Slider problem. First, thank you for pointing out ticket #27261. I read the comments, noting comments #8, #14 and #15. Then I deleted my Tor Browser folder for TBB 8.0a10_64bit. A fresh re-installation of the TBB opened to a blank white browser, but using either "New Window" or "New Identity" in the hamburger menu took me right to the purple start page. Add-ons Manager in about:addons allowed me to disable NoScript. 8.0a10_64bit has been stabile, meaning no endless reload cycling (after numerous TBB re-boots). NoScript remains disabled. I can use Library>Bookmarks>https://sedvblmbog.tudasnich.de/ to navigate away from the starting page - no problem. Now then ... I notice that twitter[.]com requires the slider to be set at mid-range in TBB 7.5.6, or twitter doesn't work well (e.g.: threads won't open). However, twitter[.]com is completely permissive to TBB 8.0a10_64bit with the slider set to "safest". If I use about:config to set javascript enabled to false, I will get the same impaired function on twitter with TBB 8.0a10 that I would get with TBB 7.5.6's slider set to "safest". So ... the TBB 8.0a10 security slider may not be protecting (fully?) in the safest position. Best wishes, and thanks again. I know all of you are pushing hard to release a stabile TBB 8.0

Siranger (not verified) said:

August 21, 2018

Permalink

Is there a reason "Bookmark Toolbar" dose not show the items? Selecting the option adds the space for it to the toolbar but the items do not display.

Or am I doing something wrong?

siranger (not verified) said:

August 22, 2018

Permalink

Tried the "View|Toolbars|Customize... and clicked "Restore Defaults". - steps and that seems to have cleared the problem on Win7 64bit also. I don't know if you would call that a fix but it worked.

Thanks!

In the Tor Browser 8.0 customize panel, select the '⭑ Bookmarks Toolbar Items' icon and drag/drop it into the horizontal bookmarks toolbar space near the top of the customize panel.

Anonymous (not verified) said:

August 22, 2018

Permalink

On shutdown:

JavaScript error: chrome://torbutton/content/tor-circuit-display.js, line 466: TypeError: myController is null

LeanordoQI (not verified) said:

August 22, 2018

Permalink

On Linux the User Agent is: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
So it will leak, that you are using Linux, instead of being the same user agent for all OS

Also I don't get why the compact theme isn't standard.
You want to waste as little space as possible.

Anonymous (not verified) said:

August 23, 2018

Permalink

NoScript or Firefox?
15:35:47.923 TypeError: this.contentWindow is null 1 ExtensionPageChild.jsm:191:5

Anonymous (not verified) said:

August 23, 2018

Permalink

Update (8/21 7:45UTC): We got reports from users facing a weird update behavior: even after successfully applying an update to 8.0a10 the updater keeps downloading and applying updates. This is tracked in bug 27221. As a workaround, please either use a fresh 8.0a10 or go to about:config, search for 8.0a9. browser.startup.homepage_override.torbrowser.version and extensions.lastTorBrowserVersion will show up. Switch their values to 8.0a10. Sorry for the inconvenience.

Update 2 (8/23 16:20UTC): Today NoScript 10.1.8.17 got released which broke the security slider interaction due to a new messaging protocol. We fixed this problem in bug 27276 and the patch will be available in the Tor Browser 8 release. However, there is no alpha release planned to pick up this fix. Users that depend on the security slider functionality are encouraged to use the stable Tor Browser or a nightly version (starting with the one from tomorrow, August 24) until Tor Browser 8 and the next regular alpha release get out. Again, sorry for the inconvenience.

Real alpha! (Most alphas were too boring :) ) Only versions with such bugs can be called alpha!

Anonymous (not verified) said:

August 24, 2018

Permalink

So? It doesn't mean they took care about MinGW/GCC toolchain and set the same options for GCC for Windows.

Anonymous (not verified) said:

August 24, 2018

Permalink

Everything they set seems to be " ../gcc-$gcc_version/configure --prefix=${prefix-/tools/gcc} --enable-languages=c,c++ --disable-nls --disable-gnu-unique-object --enable-__cxa_atexit --with-arch-32=pentiumpro --with-sysroot=/" in /build/unix/build-gcc/build-gcc.sh

Anonymous (not verified) said:

August 24, 2018

Permalink

Hey! I can run Tor Browser 7.5.6 on Windows without SSE perfectly fine! And requiring SSE2 is a big mistake for Open Source!

JoMoJo (not verified) said:

August 23, 2018

Permalink

The 9 and 10 alphas I have the same issue: My network connection test is not 100% stable. With ff DE and stable tor I have a flat line of 3.3 Mbps when doing network download test at testmy.net site. I have the tor proxy disabled for all tests. The alpha releases show a wobbly line varying between 3.0 and 3.8 mbps. This only happens with the alpha versions. Could you please investigate.

Anonymous (not verified) said:

August 24, 2018

Permalink

According to ghacks-user.js sections 4500 and 4600, with Firefox 55 and later the following prefs should be left at their Firefox default values if privacy.resistFingerprinting is enabled:

dom.maxHardwareConcurrency,dom.enable_resource_timing,dom.enable_performance,device.sensors.enabled,browser.zoom.siteSpecific,dom.gamepad.enabled,dom.netinfo.enabled,media.webspeech.synth.enabled,media.video_stats.enabled,dom.w3c_touch_events.enabled,media.ondevicechange.enabled,webgl.enable-debug-renderer-info.

However, 000-tor-browser.js still changes them, except dom.netinfo.enabled (setting the obsolete dom.network.enabled pref instead), media.ondevicechange.enabled, and webgl.enable-debug-renderer-info. Is this done on purpose or just an ESR52 leftover?

Anonymous (not verified) said:

August 25, 2018

Permalink

More probably dead prefs:
app.update.badge,
browser.download.manager.scanWhenDone,
browser.syncPromoViewsLeftMap,
devtools.appmanager.enabled,
dom.enable_user_timing (maybe replaced by dom.performance.enable_user_timing_logging and covered by privacy.resistFingerprinting?),
extensions.checkCompatibility.4.*,
extensions.enabledItems,
font.default.lo,
font.default.my,
font.name.fantasy.*,
font.name.*.my,
general.productSub.override,
general.useragent.vendor,
general.useragent.vendorSub,
intl.charset.default,
media.audio_data.enabled,
media.eme.apiVisible,
network.http.pipelining.*,
privacy.suppressModifierKeyEvents (covered by privacy.resistFingerprinting?),
privacy.use_utc_timezone (covered by privacy.resistFingerprinting?)

Also, security.tls.version.max is 4 (which means TLS 1.3 support) in FF ESR 60, but 3 in Tor Browser (TLS 1.2 supported but not 1.3). Any reason for not allowing TLS 1.3 yet?

C3PO (not verified) said:

August 24, 2018

Permalink

Hello to Tor Developers, the bookmarks do not work with this version. I'll stick with the old one for now. Thank you for your hard work.

Anonymous (not verified) said:

August 27, 2018

Permalink

Security Check on Facebook is broken on stable TBB 7.5.6!

Security check failed

You didn't correctly type the word in the box.
Security Check
Why am I seeing this?

Anonymous (not verified) said:

September 05, 2018

Permalink

I just visited Whoer.net on my newly installed TOR Browser 8.0 and I'm able to see my device information. I have a Mac running OS X and I can see that information on Whoer.net. It should be showing my device as a PC running Windows and not a Mac running OS X.

newbie (not verified) said:

September 06, 2018

Permalink

do i need to install https everywhere ? cause i cant see Block all unencrypted requests check button by default

Ron (not verified) said:

September 06, 2018

Permalink

Upgraded Tor September 5 for Mac OSX 10.9.5 (Mavericks) and it can not load anymore. Get a warning message it cannot start. Will try a new fresh download and see if it works.

Cannot downoad… (not verified) said:

September 08, 2018

Permalink

Hi. Tor Browser 8 appears to have a problem with IDM integration add-on (internet download manager integration add-on). In this update, I am required to download the new IDM integration for "Firefox 53 or newer" from https://getidmcc.com/ because the new Tor browser uses a new Firefox browser, but when I do this I run into the following problem:

The IDM integration does not work on Tor browser when I install it and after I restart the Tor browser, the browser windows is invisible. Task manager shows Tor running, but the window is nowhere to be seen. I tried reinstalling Tor Browser several times and the same problem occurred each time I installed IDM add-on, until I downloaded and installed Tor Browser 7.5.6, which uses an older version of Firefox and thus I install IDM integration for "Firefox 52 or older" from the above-mentioned website like always, and I can download videos from online websites like before.

Please make Tor Browser 8 work with "IDM integration for Firefox 53 or newer", otherwise we won't be able to download any videos from blocked websites. I really need this. Thank you.

I'm looking forward to hearing from you. I will check here again to see your reply.

Freedom (not verified) said:

September 08, 2018

Permalink

I'm sorry. I forgot to mention that Tor Browser 8's problem with IDM integration add-on is on Windows 10. I'm running Windows 10.

Dave (not verified) said:

September 10, 2018

Permalink

For some reason, tor 8 tab crashes when directed to my local (Israeli) addresses. Worked fine before upgrade.

No one (not verified) said:

September 13, 2018

Permalink

Hi, my updated version of Tor Browser 8 isn't working. It was installed on a Debian sid machine using torbrowser-launcher. The browser loads normally, but it does not matter what I write on the url, I cannot access any website.

By running the Tor Browser from its installation directory using --verbose as a parameter I get a lot of error messages. I have saved the messages here: https://pastebin.com/FBev291f

If I try to create another tab, I get basically the same error messages. No tab is created and I still cannot access any site.

By doing some research, I noticed that it may be connected to multi-process windows in Firefox: https://support.mozilla.org/pl/questions/1167673

It is suggested that I should disable the multi-process using about:config, but unfortunately I can't even access this configuration tab.

Do you have some suggestion on how to fix this? Do you guys need more info on this problem?

jean-yves (not verified) said:

September 15, 2018

Permalink

have downloaded version 8.0 on apple Imac, in France, through update routine and get message window: "Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware..."
Downloaded version 8.5a (experimental) with identical result.
Tor log is empty.

Anonymous (not verified) said:

October 05, 2018

Permalink

I have upgraded to the latest tor browser on win7 64 bit. I am using the NonVisual Desktop Access (NVDA) screen reader from www.nvda-project.org version 2018.3.2. When I start tor browser with the latest update, I hear "establishing a connection," followed by "about tor browser," and that's it. This version of the tor browser is completely inaccessible. I suspect this has something to do with the initial versions of firefox quantum being inaccessible also; a problem which firefox has since fixed. When I run OCR on the tor browser help about page, it seems to say 8.0.2, and tells me that tor browser is up to date as far as I can determine. If this could please be looked into and fixed, that would be great. Thanks.

Chip (not verified) said:

December 08, 2018

Permalink

I recently downloaded Tor 8.0.3 64 bit to my new computer that has Windows 10 64 bit. The browser launches, but I cannot bookmark web pages, the bookmarks toolbar doesn't appear, the menu button in the upper right does nothing and customize gives a blank screen. Any idea what's going on? Thanks.