New Release: Tor Browser 8.5.3

by boklm | June 21, 2019

Tor Browser 8.5.3 is now available from the Tor Browser Download page and also from our distribution directory.

This release includes an important security update in Firefox, a sandbox escape bug, which combined with additional vulnerabilities could result in executing arbitrary code on the user's computer.

Note: As part of our team is currently traveling to an event, we are unable to access our Android signing token, therefore the Android release is not yet available. We expect to be able to publish the Android release this weekend. In the meantime, Android users should use the safer or safest security levels. The security level on Android can be changed by going in the menu on the right of the URL bar and selecting Security Settings.

Update: The Android version is now available from the download page.

The full changelog since Tor Browser 8.5.2 is:

  • All platforms
    • Pick up fix for Mozilla's bug 1560192

Comments

Please note that the comment area below has been archived.

June 21, 2019

Permalink

Can you guys please just add the HTTPS-Everywhere and NoScript icons on the top bar (where the Tor Button is) by default? It's a pain to customize and set them up each time. Those addons are important enough that they belong there.

Also someone really needs to tell noscript to put a link to their options somewhere on their menu because right now the only way to get to it is from the firefox addons menu, while everything else about noscript is customized from their toolbar icon directly.

https://ocewjwkdco.tudasnich.de/comment/281883#comment-281883
https://ocewjwkdco.tudasnich.de/comment/282317#comment-282317

> the only way to get to [NoScript options] is from the firefox addons menu, while everything else about noscript is customized from their toolbar icon directly.

Click the NoScript toolbar icon. Along the top edge are a bunch of large icons. Hover your mouse on the NoScript icon that has a white wrench on it, and the popup tooltip will say, "Options..." Click it.

Those buttons never disappeared for me. This is what the navigation bar looks like for me with no customizations:
[======= Page URL =======] [O] [S] [== Search ==] [NS] [HE]

O = Onion
S = Shield
NS = NoScript
HE = HTTPS Everywhere

In recent versions for Linux including 8.5.3 I see this:

[======= Page URL =======] [O] [S] [== Search ==] [NS] [HE][M]

M = Drop down menu

No NS or HE in view.

Are you using the Windows version?

It cannot be good that the versions apparently differ.

NoScript and HTTPS Everywhere are still present in the URL bar if you upgraded from an older version. They are not present if you did a new install with a recent version.

June 24, 2019

In reply to boklm

Permalink

Seriously does it even matter how the button layout is? As long as you only have a single row of customization you should blend in yes?

June 25, 2019

In reply to boklm

Permalink

OK. I did install from a new tarball in my Debian.

I also use Tails, usually booted from a DVD, but I also use Tails booted from USB sticks. And I upgraded those by cloning the running Tails (the latest booted from the DVD burned from the verified ISO image). And in those I do not see the icons. Is it safe to clone the running Tails from an instance of Tails booted from DVD burned from verified ISO image? If you cannot be entirely sure someone has not had physical access to the laptop?

If the hardware is compromised, any software that runs on it may become compromised regardless of if it was verified. Turn off the device completely, and unplug all non-essential parts outside and inside the case. If software is all you're able to work with, begin by reflashing the firmware/BIOS of each hardware component from verified copies of the firmware and flashing program. Then, run your live DVD on it and go from there. Don't reflash unless you absolutely have to because it's possible to brick the hardware, and flash memory has a limited number of erase-write cycles.

Running the verified DVD, mount the clone, and compare partition parameters in Gparted of the verified DVD to the mounted clone.

When you boot the DVD, does the bootloader menu list an option to check the CD/DVD integrity as it does in Ubuntu for instance? What you could do is find the file of checksums/hashes (that the integrity checker uses) on the verified DVD and compare the sha512sum of that file to the sha512sum of the file of the same name in the clone mounted while running the verified DVD. Or you could make your own checksum/hash file of all files on the verified DVD by running sha512sum on the root directory of directories on the mounted verified DVD. Mount the clone, cd to the clone's root directory, and input your checksum file to sha512sum to check all files of the clone.

Ask Tails developers. It's a difficult but important question.

>Are you using the Windows version?

No, Linux also. Mine is the same w/ the hamburger menu on the right.

The placement of the onion and shield buttons is weird but it doesn't matter apparently.

The alpha is available now. Building, signing and uploading everything takes a lot of time. If you want faster updates, then you should use the stable release as it is the one we do in priority.

June 21, 2019

Permalink

Thank you all so much for your rapid action!

However:

> As part of our team is currently traveling to an event, we are unable to access our Android signing token, therefore the Android release is not yet available.

An unneccessary delay of even a few days could be very serious once more people adopt the new Tor for Android. While I appreciate that TP is a small outfit (in many ways that is a strength), I and others have urged TP to plan ahead for emergencies such as this pair of critical zero-days seen to be be currently jointly exploited in the wild on very dangerous cyberattacks. With particular respect to travel, users have suggested that TP designate a "Tiger Team" which does not travel and which can handle this kind of emergency just as fast as Mozilla or whomever issue any needed "upstream" security patches.

I don't know exactly how their team set it up, but a token is basically a sealed hardware device made to be unique. A PGP subkey can be created and given a new passphrase, but creating subkeys all the time clutters and inflates the size of keys shared on keyservers. I'm guessing TP has better and safer approaches, too. In other words, it might be a sign of good security practices that they aren't able to access it.

I assume TP uses ssss (Shamir's secret sharing scheme; see the Debian repositories) as part of their solution. AFAIK this should be a very secure way of allowing any subset of k devs to mutually sign something which needs to be signed, but accessing while traveling is no doubt a harder problem even if devs keep their devices on their persons at all times, because borders.

I agree with that. The problem in this particular case is that we did not have the chance yet to move our signing token to our signing infrastructure which is not dependent on a single person being available. This is done in the coming weeks. Thus, this problem should not occur again.

June 25, 2019

In reply to gk

Permalink

Good to know, thanks, GeKo. And thank to the entire team for quick action on this zero-squared day.

BTW, I'd also like to offer huge thanks to the Tails team for their own rapid action. I know they planned to spend the weekend making intensive final preparations for the rollover from Stretch to Buster as Debian stable which is expected to happen sometime around 7 Jul 2019. So last weekend must have been pretty stressful.

I hope everyone get's a vacation, staggered of course so there are enough people to handle any emergencies.

Has anyone else noticed intense cyberattacks apparently associated with 21 Jun? I have every year since 2013. Which I interpret as weak evidence pointing to FVEY. But there's always something new, such as the alleged IR wiper attacks, so who knows?

June 21, 2019

Permalink

Hi - can anyone talk me through how to change the country it thinks I'm connecting through when using 8.5.3? The instructions I've been able to find all refer to editing the text in the "torrc" file - but when I open that up, it's completely empty. I've run Tor several times since the update so that's not the reason.

Normally, your torrc.orig.1 file always will have no content. Normally, your torrc file always will have content. Your current Tor Browser installation could be corrupted if your torrc file has no content

You might resolve the issue if you (1) download a fresh Tor Browser installer package from http://expyuzz4wqqyqhjn.onion/download/languages/ (or, https://sedvblmbog.tudasnich.de/download/languages/), (2) completely uninstall your current Tor Browser installation per the instructions at http://dgvdmophvhunawds.onion/uninstalling/ (or, https://tb-manual.torproject.org/uninstalling/), and (3) install the fresh download.

After content appears in your new torrc file, you can change/select the country location(s) of your exit relay per the Tor Project options:

https://ijpaagiacu.tudasnich.de/tbb/tbb-16/

https://2019.sedvblmbog.tudasnich.de/docs/faq.html.en#ChooseEntryExit

Caveat: "We recommend you do not use these [options] — they are intended for testing and may disappear in future versions. You get the best security that Tor can provide when you leave the route selection to Tor; overriding the entry / exit nodes can mess up your anonymity in ways we don't understand."

I don't know if people notice it or not, but tor browser can be downloaded from http://yjuwkcxlgo7f7o6s.onion/tor-package-archive/torbrowser/8.5.3/ without going through exit node (the download links in http://expyuzz4wqqyqhjn.onion/download/languages/ are still in the clear net)

For the record, tails can be downloaded from http://yjuwkcxlgo7f7o6s.onion/amnesia.boum.org/tails/stable/tails-amd64… too.

All links above are listed in https://onion.torproject.org/ so they should be genuine.

June 21, 2019

Permalink

Tried several times to update (get that green arrow in top-right corner) but everytime the history say 'install failed'. ...?!...
The last installed was 8.5.1. (20190307020101).

Are you installing Tails to a bootable USB with a persistent volume holding your personal data? If so, if you know how to obtain the latest Tails (the ISO image), do that (it is about 1.4 GB so it will take a little while), burn a bootable Tails DVD, boot Tails on a 64 bit laptop (with suitable boot settings so it boots from the DVD drive before the disk drive), insert but do not mount your existing Tails USB, and from the top left of Tails menu bar, choose

Applications -> Tails -> Tails Installer

Check the boxes saying you want to clone the running Tails to the (unmounted) USB drive. You should see a message saying the installer will update Tails while preserving the persistent volume. Confirm that by choosing "Update". After about five or ten minutes your USB should be updated and you should be ready to boot your laptop from the USB.

I've tried other ways to use the Tails installer to upgrade Tails USBs but like you have not been able to make them work properly. But so far the method I just described has always "worked" in the sense that I can boot from the USB and I can mount the persistent volume. I do worry about cloning a live Tails from the code as it exists in RAM rather than the code as it exists on the DVD, since there is always the niggling worry that they might not be the same--- which would be bad because I've only verified the DVD not Tails as loaded into RAM. NSA/TAO and thus UAE/DarkMatter operatives just might be able to mess with the controllers for disk drives--- if they had brief access to the laptop in a hotel room or at a border, for example--- to do something horrid as Tails is read from the DVD. And if they don't yet know how to do this I have no doubt they are trying to figure out how to do this. To you and me. Nationality and good citizenship are irrelevant to these professional poisoners.

By the way, using Tails booted from a DVD should be more secure (at least assuming the DVD is R/O), but Tails booted from a USB is possibly more convenient because you can install persistently a small number of small applications (but you should avoid installing complicated software which has many dependencies and probably opens many security holes). If you do boot Tails from a DVD, you can keep your personal files on a LUKS encrypted USB data stick, which you can easily create using Tails itself. So using Tails booted from a R/O DVD is practical and as the recent flurry of exploitable critical vulns plus speculative execution style attacks suggests, may be wiser than using Tails booted from a USB.

Asterix never said they use Tails.

> I do worry about cloning a live Tails from the code as it exists in RAM rather than the code as it exists on the DVD

Everything passes through RAM so the CPU can process it. That includes between connected peripherals. Peripherals do not talk to one another directly; the CPU manages data bus communication. Input/output peripherals except for video cards connect to a motherboard's south bridge; CPU and RAM are on north bridge.

> Asterix never said they use Tails.

Oh damundblast, you are right, my mistake, sorry, everyone.

Sounds like you know a lot more about bare metal than I do but the Snowden leaks confirm that state-sponsored malware targeting disk drive controllers (not the CPU) are a thing. Unfortunately.

Not sure I see your point but it may be relevant that one of the fixes in the most recent Tails was a fix made upstream in Debian for a critical vulnerability in dbus (the Debian package which handles the data bus).

Does anyone know whether it is presumed safe to upgrade a Tails USB by cloning from a running Tails, booted from a R/O DVD burned from a verified ISO image? I'd follow the instructions at talls.boum.org but my Tails TB literally cannot read their tutorial so I don't know what procedure they advise. But I've found by trial and error that cloning (and nothing else) always seems to work and it also faster for me.

Do you have Tor Browser customized in some way? On which operating system does this happen? If you enable update logging by setting app.update.log to true in your about:config and opening the browser console before performing an update e.g. by pressing Ctrl + Shift + J do you see some errors showing up? (You can force an update check by opening the about dialog in Tor Browser by clicking on the Hamburger menu -> Help -> About Tor Browser)

Please immediately remove the obfs4 bridge IP address appearing in your submission. An adversary could use the obfs4 IP address appearing in your submission to identify the physical location of the bridge relay, attack it, compromise it, or take down the volunteer operator of the obfs4 bridge relay, who might not want an adversary to know his physical location and his identity.

In future, you should avoid mentioning the IP address of a bridge in public, for reasons which will presumably become obvious once you remember why we need bridges in the first place.

Sorry I can't help with your question but I hope someone else will answer it.

The obfs4 bridges are listed in the file torrc. On my Mac the file produces 13 OBFS4 bridges and there IP when I deleted the file the same obfs4 files appeared with a change in order.

Explain how displaying the IP protects the obfs4 bridge site when anyone can view the torrc file?

The torrc file is a local one on your computer, so it is not readable by anyone but you (and maybe your admin). That said, the default bridges we ship are kind of public anyway as they are included in our source code which is public.

Your obfs4 bridge line (and its IP address) will not change unless you replace your bridge line with another bridge line. However, if your Tor Network Settings includes 2 or more bridge lines, your bridge line (and its corresponding IP address) automatically can/will change if your current bridge stops running, one or more other bridge lines are present (in reserve) in your Tor Network Settings, and if that/those other bridge(s) are running.

> Should the circuit Bridge obfs4 IP change occasionally ?

Not unless you can't access them, they are being attacked or compromised, or they do not have the "Valid" flag in relay search. As long as bridges remain valid and secret, there is less reason for a user's tor exe to choose a different bridge than there is to choose a different public guard node. You should occasionally check the validity of your bridges by pasting the hashed fingerprints in relay search because a user's tor exe doesn't automatically choose new bridges if their flags change. No doubt some users connect by old, neglected bridge settings. Developers(!), would it be safe if tor automatically checked a user's old bridges?

If python is installed, type on the command line to convert a fingerprint into a hashed fingerprint:

  1. <br />
  2. python -c 'import binascii; import hashlib; fingerprint = "0123456789ABCDEF0123456789ABCDEF01234567"; print("Hashed fingerprint: " + hashlib.sha1(binascii.a2b_hex(fingerprint)).hexdigest().upper())'</p>
  3. <p>

Replace 0123... with the fingerprint. Developers(!), it would be better if a converter was built into onion icon >> Tor Network Settings.
https://ocewjwkdco.tudasnich.de/comment/281627#comment-281627

Another thing to be mindful of is the country and company where your bridge IP is. (Developers(!), Tor Browser's circuit display doesn't show your bridge's country.) Copy the IP to a local, non-cloud text editor. Change the last three to four digits of the IP to obfuscate the true IP (octets are 0 to 255 decimal in IPv4, hextets are 0 to ffff hexadecimal in IPv6), and then copy the obfuscated IP into a geolocation search engine in Tor Browser. Keep all true, non-hashed bridge information private, secret, and on your local machine.

The issue is the tor browsers Bridge obs4 IP XX.XX.XX.XX, Cogent is reporting "connection is not secure" for Https valid connection occasionally and since the Obsf4 bridge does not change often from what I understand I thought I would report the issue.

Since Tor is experiencing a problem with bridges obfs4, FTE IPv6 and emailing of new bridges I want to ensure Tor is aware of the additional issue.

> Cogent is reporting "connection is not secure" for Https valid connection occasionally

If this started in last few days, could it be related to the latest huge BGP snafu in which Verizon improperly sent 20% of major East coast website traffic through a tiny regional ISP (used by CIA?) which immediately crashed under the load, so all those packets were sinkholed. Maybe an IR cyberwar action? I believe Cogent is much used by US feds, so this just might be an explanation.

> Cogent is reporting "connection is not secure" for Https valid connection occasionally

Hypothesis: the exit node needs to perform OSCP lookup to connect to your destination website. But over the weekend, a good deal of traffic (I am guessing including some Cogent too) was improperly sinkholed owing to a BGP "mistake" (or was it? Cf. alleged IR-US cyberwar in progress). So maybe the https connection failed because the exit node could not do the cert lookup in time, because that request was sinkholed owing to the BGP "goof".

The regional ISP affected by the BGP "goof" may be a provider for federal USG agencies so it would not be implausible that the "mistake" happened because IR cyberwarriors broke into the network of that small ISP and made the improper claim which was accepted by Verizon resulting in a huge mess for much US traffic.

I have noticed that obfs4 bridges are no producing three new bridges for obfs4 that work as of June-27-2019.

However I have noticed cross script errors which when I perform a captcha will continue to repeat.

You are not supposed to request new bridges or change them if you already have ones that work. The system is designed to prevent people from collecting the whole list.

June 21, 2019

Permalink

Please address the code signing issue with Android.

If one or more of your team are ran over by a car then the project has severe issues. This is not good for project continuance.

Thanks for all your efforts so far!

> If one or more of your team are ran over by a car then the project has severe issues. This is not good for project continuance.

This is exactly the problem with Shamir's Secret Sharing System (see the software Debian repositories) can help solve. I am pretty sure Tor Project knows all about ssss and uses it-- I know the Tails team does.

But yes, plus one on making

a) proper code signing

b) preparing for crises in advance

top priorities.

Speaking of Shamir's secret sharing scheme, guess who else uses that? Cloudflare!

See their online randomness source:

https://www.cloudflare.com/leagueofentropy/

It would be very interesting to subject the output streams to statistical tests which challenge the alleged cryptographic quality randomness.

One of the uglier USG schemes to mess with other nations involved destructive weather alteration and destructive earthquake generation. Those who know the mindset of military contractors who sense opportunity for a new boondoggle will not be as quick as some to dismiss the concern that using seismic data from Chile might start a very bad actor thinking about altering the data stream by generating earthquakes. Especially because that ability would take out 3 of the 5 servers in sufficiently destructive quakes, because all three live in some of the most dangerous fault zones in the world.

Speaking of Debian, guess who else uses their own derivative of Debian? The Russian government! (Search for "Astra".) Just one more reason to be concerned about NSA messing with Debian: to attack Astra, it is natural to begin by attacking Debian. Thank you, Kremlin. Brrr!

One wonders whether Kaspersky will pay more attention to Debian specific state-sponsored malware because the Russian government asks them to help protect Astra.

Interestingly enough, Cloudflare was apparently much affected by a BGP foulup a few days ago in which Verizon improperly sent some 20% of Cloudflare traffic though a tiny ISP (associated with USG customers I think) which immediately fell over under the load, so all that traffic was sinkholed. Pretty nifty cyberwar action (IR maybe?) if one suspects that BGP "goofs" are not always goofs.

Please don't use online sources of entropy for anything you want to be secure or private. Regardless of quality and consistency, it lets someone else define and record your bitstream or PRNG seed and send it through any number of potential men-in-the-middle.

Debian does not have imperatives of a company and is spread around the world. Many different governments on different continents have forked Debian into distros for themselves, and there's nothing wrong with that. If we are concerned with good reason about one country's intelligence agencies messing with Debian, we must be concerned about every country's intelligence agencies including those of our present location and those of where we nationalistically feel at home.

Have no fear, I completely agree with all of that.

Good entropy is hard to come by. Right now Tails supports entropy broker but I don't think that will help most users. As of a year or so ago they also supported a particular brand of "entropy stick" (a USB stick which is supposed to provide a steady stream of cryptographic quality random bits), but I haven't checked recently whether they still do. In any case, I have seen papers casting statistical doubt upon the quality of the entropy provided from inexpensive physical devices.

June 21, 2019

Permalink

I, too, now have to "Customize..." TB each time to return NoScript icon to the tool bar. Without it, relying solely on the 3 offered "levels of safety" is too crude.
That is, to make a website functional, I don't wish to lower the security globally. This would enable ALL junk 3-rd party scripts, but I prefer enabling only the needed elements.
I believe you mentioned some proposed "per-site" solution coming in the future - great, thanks for doing it. Until it comes out, we still need NoScript on the toolbar.
Thanks.

> I, too, now have to "Customize..." TB each time to return NoScript icon to the tool bar. Without it, relying solely on the 3 offered "levels of safety" is too crude.

Since it always bears repeating, I'll repeat it: "customizing" is the enemy of anonymity.

But I think I see a theme developing here: the users who are most concerned by the recent "cosmetic" changes in Tor Browser may be more concerned with obtaining the *cybersecurity* benefits which come from using Tor Browser (or even better, Tails) than with obtaining the "anonymity" benefits.

If anyone thinks this describes their own goals in using TB, please speak up. I hope this might help the TB team figure out a way to keep both the "cybersecurity first" and "anonymity first" user bases happy...ish.

> Since it always bears repeating, I'll repeat it: "customizing" is the enemy of anonymity.

All the more reason for the Tor devs to stop dumbing down the product. We know why they left javascript on by default, but why did they take away the convenient turn off javascript checkbox in the config menus and force us to use about:config? It's not only that the average dumb user should be able to get a Tor experience out of the box. It's also that users who actually have security requirements CAN'T get them out of the box. Why are the UX people allowed to ruin basic functionality?

Next update: a talking paperclip that REQUIRES javascript.

If you want to turn off javascript, then you can change the security level. There is also nothing preventing you from adding NoScript on the toolbar even if it is not there by default.

> All the more reason for the Tor devs to stop dumbing down the product

I don't think that's what Tor Project is doing. Rather, they have recognized--- and they are correct--- that in this dangerous world, everyone needs Tor regardless of what government they live under or what their personal political/religious beliefs or social status are, etc., which means that TP must grow its user base. In addition, moving to a user-supported funding model is needed to insulate TP from undue pressure from the spooks of any one government, in particular the USG which has not played a very nice role globally for many decades and which is particularly dangerous to Tor Project and thus to Tor users.

> why did they take away the convenient turn off javascript checkbox

I don't recall a checkbox, but I used the slider (now renamed "security level")

> in the config menus and force us to use about:config?

Well, you can still use the security slider to turn off javascript, AFAIK.

As I understand, the rationale for discouraging users from making lots and lots of "customizations" is that

o customizing makes users less anonymous,

o extensive customizing break things TP has done to enhance both security and anonymity.

I think we all need to recognize that both maintaining/developing Tor products and using Tor products involves constant tradeoffs between usability, security, and anonymity. TP needs to try to make the best decision for the greatest number of Tor users in every case, without keeping the kind of intrusive and dangerous personal data about each user that companies like Google do, so I think we all need to give them more credit than some of us are inclined to do.

> It's also that users who actually have security requirements CAN'T get them out of the box.

I don't understand what personal security requirements you desire which you feel Tor is not enabling you to easily obtain, or why you think you need these particular security requirements. Your requirements might well appear legitimate, at least to me, maybe not to some government, if you explained. Some governments might be tempted to assume that any Tor user who wants good security must be working for some "opposition entity" about which said government is feeling particularly paranoid.

For example, currently USG is feeling paranoid (probably with justification) about ransomware targeting more or less hapless US city governments. Tor users who would be adversely affected by a successful ransomware attack on their own municipal government would probably find themselves in rare agreement with USG on that point.

So we certainly don't want to encourage Tor users to be manipulated into taking a position supporting anything done by the USG or any other government. We need to see ourselves rather as a virtual nation comprised of good citizens whose legitimate needs are very evidently not being met but are rather being crushed by our bricks and mortar governments (and by corporations such as Amazon/Google/Microsoft/Facebook/Twitter). C.f. the huge study which showed that the opinions and expressed desire of ordinary US citizens has had no visible effect whatever on US federal government policies over the past sixty odd years; rather, government reliably follows the advice of corporate lobbyists who often write the new laws which are then passed by their politicians who effectively represent the billionaires, the big banks, and international conglomerates, but certainly do not represent The People. No doubt similar studies in other supposed "representative democracies" would reach the same conclusion.

Jared Diamond, Noam Chomsky, Ralph Nader, and other figures have made similar points for many years.

June 21, 2019

Permalink

@pelethar,
I'm not sure what you mean by "it THINKS I'm connecting through."
The country of the exit node shown *IS* the exit from Tor network and the entry node (guard) *IS* the country you're entering the network through.

You don't say what your objective is, but you need to read the https://sedvblmbog.tudasnich.de/docs/tor-manual.html.en. Editing the torrc file (which is empty). You can do things like list countries that you want to use for nodes, or exclude countries you don't want to use.
Don't make the list too short of acceptable countries to use, or you may see big slow downs or connection problems.
Don't make a list of countries to exclude too large, or you may have the same problems. Tor might override your torrc settings to make viable connections.
This is how you list countries to use:
ExitNodes {an},{at}...
ExcludeExitNodes {au},{ca}...
StrictNodes 1
Capitalization matters. There's a space between ExitNodes & the 1st country, but no spaces between country codes - just a comma separator.

Using StrictNodes with a value =1 (enabled) tries to force it to use the countries listed.
If you have too few listed, it may use others to maintain a connection (I'm not positive & still investigating.

June 21, 2019

Permalink

Since the last 3 upgrades i'm finding that my Tor browser is no longer changing sites. Why i run https://whatismyipaddress.com/ it only shows an address in France, Iran and the Ukraine. How do i get back the function of the URL changing on a regular address to more than just 3 url's?

I think you mean to say that your circuits only include exit nodes in FR, IR, UA. That does seem strange. Did you verify the detached signature of the Tor Browser tarball before you unpacked it?

I'll assume you meant the IP addresses of your Tor exit nodes because your choice of words is unusual. The website you wrote tells you the IP address it sees, which belongs to the exit node (third, final node) of the relay circuit that Tor Browser used to access the website. Your exit node IP address normally changes every 10 minutes if idle and when you visit different domains (website.tld). You can force it to change by clicking "New Circuit for this Site" (tb-manual). Tor Project operates a similar site https://check.torproject.org/

Did you edit your torrc file by accident? What operating system?

June 22, 2019

Permalink

I set Tor browser will Use custom settings for history, tick off Remember my browsing and download history, then restart Tor browser, the settings seemed to be restored.

There is, assuming you regard two clicks as quick: click on the shield icon, which pulls up a page with buttons; click on the button corresponding to the desired security level.

One click would be better for those who avoid tabs, but I think Tor Project devs were concerned that most TB users may not realize that downgrading security level (e.g. "safer" to "standard") applies to all open tabs, which could lead to disaster if one tab is associated with sensitive information another with a login to an untrusted site.

June 22, 2019

Permalink

Just wanted to say 8.5.3 seems to be working for me, and thanks for the rapid response to this instance of critical zero-squared-days in FF.

Regarding tor for mobile phones and smart phones: does anyone know whether Microsoft has expressed an interest in funding development by TP of a version of Tor Browser for Microsoft branded phones? How about Apple? Seems like this would be a smart move on the part of any phone maker.

June 22, 2019

Permalink

Why Tor Project is ignoring .onion DDOS issue?
It's almost like if (((you))) are not interested in fixing it.
I am waiting for Tor Project to announce that .onion sites will be phased out.

June 23, 2019

In reply to boklm

Permalink

I have no reason to think the OP actually has any reason to think Tor Project will "phase out onions", but... you aren't actually about to do any such thing, right?

In a somewhat related development, "Tor panels" are being blamed in the news for the rash of ransomware attacks which have crippled Baltimore, MD and caused numerous other US cities to pay ransom monies. (In electronic currency one presumes, so if it's true that NSA is enriching itself by stealing electronic currency, the ransomware plague may represent a further transfer of wealth from cities to the federal government.) See for example the article in Arstechnica featuring the grim prediction that this will only get worse.

I hope someone at Tor Project has asked the media team to try to combat this latest round of reporters who ought to know better failing to mention any of the ways Tor can improve cybersecurity for everyone including local governments whenever they mention that cybercriminals (or state-sponsored cyberwarriors masquerading as such) as well as spooks use Tor for crime. Case in point: Sen. Wyden (D-OR) just stated that US government employees (at all levels) still often transfer unencrypted zip files which contain sensitive data. But we know OnionShare is a much smarter and more secure way to transfer sensitive data. Venues such as Wired often mention the cyberinsecurities associated with unencrypted DNS lookups, but never mention that onions can apparently circumvent some of the most fundamental of these vulns.

> "Tor panels" are being blamed in the news for the rash of ransomware attacks... I hope someone at Tor Project has asked the media team to try to combat this latest round of reporters who ought to know better failing to mention any of the ways Tor can improve cybersecurity for everyone

Support FAQ: The files on my computer have been locked, and someone is demanding I download Tor Browser to pay a ransom for my files!

Yes, but it is obviously in our best interests not to fall prey to ransomware in the first place. So all Tor users need to try to behave in cybesecure fashion as far as possible.

However, individuals can do little if anything about ransomware attacks on their city governments. (Right now the attacks seem to focus on US cities, but no doubt this plague will soon become a global pandemic. Thank you NSA.)

June 24, 2019

In reply to boklm

Permalink

How does this solution solve anything? So we limit the number of connection requests reaching the hidden service from the intro point. The attacker can still fill those up and lock out legitimate users.

Establishing a connection costs the attacker the same as the service. As long as you don't solve that, your solution only pushes the problem around.

June 22, 2019

Permalink

Why is "block dangerous and deceptive content" off??

I switched to higher security settings but it didn't turn on that option do I have to do it manually?

Why is it not enabled at highest security settings?

June 24, 2019

In reply to boklm

Permalink

1) Block dangerous and deceptive content is not part of Tracking Protection settings as in that ticket. It's further down the preferences page under Deceptive Content and Dangerous Software Protection.
2) It sends browsing data to Google. Next to Block dangerous and deceptive content, click Learn More. "If the site is found on that list (of malware sites), Firefox blocks the file immediately, otherwise it asks Google’s Safe Browsing service if the software is safe by sending it some of the download’s metadata." "when using Malware Protection to protect downloaded files, Firefox may... submit some information about the file, including the name, origin, size and a cryptographic hash of the contents, to the Google Safe Browsing service which helps Firefox determine whether or not the file should be blocked."

June 24, 2019

In reply to boklm

Permalink

UX team, recognize that OP's setting is the first option visible below the security level radio buttons. OP glanced under "Safest", saw it was unchecked, thought it was faulty, and wanted to enable it. Other users may change preferences on that page out of reflex and not come here to find out.

June 23, 2019

Permalink

Whenever I search for something the result is always links. The image tab and others are lost. Can someone help me.

I think you are saying that you are trying to search (using DuckDuckGo, the default search engine) by typing a query in the "location pane" in the Tor Browser window. which doubles for both URL entry and for search query entries, and that Tor Browser always interprets your attempt to enter a search query as an attempt to visit some website.

Do I understand the problem correctly?

If so, try adding a space before you enter your search query in the location pane.

The notion of a location pane doubling for entering URLs and search queries is IMO too tricky, but I should point out that AFAIK it is inherited from Firefox.

"location pane"?
https://ocewjwkdco.tudasnich.de/comment/280967#comment-280967
https://en.wikipedia.org/wiki/Address_bar
And Mozilla's Quantum for whatever reasons mimicked it from Chrome.

I just hope users don't paste anything in it by accident. (passwords, tax data, medical, etc.) Before, it went to DNS servers. Now, it goes to a search website. Either is dangerous.

Dunno know about image searches, but just to be clear: while I find it tricky to enter " Dog shows in Cleveland" for example into the the location pane, and then to click on the DuckDuckGo onion icon rather than hitting return, it is certainly possible to perform text searches with the slider on "Safest". You might get redirected to a non-Javascript page for presentation of the search results however. That is probably why I don't get (actually I don't want) images in my search results.

Yes, and good for you, but OP is looking for "the image tab and others". The image tab isn't on duckduckgo's non-Javascript page.

To your problem of finding it tricky, you can change your default search engine. Click on the gear icon at the end of the bar of search icons, and that will open about:preferences#search. Some other settings on that page affect your privacy, so be careful. Change your default search engine to DuckDuckGo onion. Then, you don't have to click the icon anymore to search and can simply press Enter.

June 23, 2019

Permalink

I use kali linux and I have downloaded TB 8.5.2, extract that in to download folder and every time i am clicking on to start.torbrowser.desktop is it opening note script. I did create a new user and download it over there....i did not download in to root user. what should i do? please help me.

Don't know what file manager you're using, but there should be a setting how to handle executable text files in its preferences. The default here might be to display them, which will open the .desktop file in text editor, which is what you're encountering right now, if I got you right, so just change the preference. Alternatively right-click the file > open with > run or something around these lines.

In case your file manager doesn't allow to execute text files, cd in the directory and run ./start-tor-browser.desktop from the terminal. Afterwards you can add a Tor Browser launcher to your menu by opening the desktop file in a text editor again and following the instructions in there.

it is opening by using terminal cd in the directory and then ./start-tor-browser.desktop and it is opening but when ever i am clicking on to start-tor-browser.desktop icon in the folder without using terminal it is only opening in text editor. is there any way i could start TB just by going into the folder and click on to the icon rather than using terminal to open TB all the time.

Can you just reread my comment? Again, what file manager are you using? It's impossible to help you without some basic information. There should be a setting how to handle executable text files, change it.
Assuming Nautilus (GNOME's file manager): Hamburger menu > Preferences > Behaviour > Executable Text Files

Or just add a launcher, like described in the start-tor-browser.desktop file. To quote the relevant part (read the rest as well tho!):

You can also add Tor Browser to your desktop's application menu
by running ./start-tor-browser.desktop --register-app

as said above, it depends on your file manager.
try to make start-tor-browser.desktop executable > context menu (right click) > properties
or move it to your desktop and make it executable.

> it is opening by using terminal cd in the directory and then ./start-tor-browser.desktop and it is opening but when ever i am clicking on to start-tor-browser.desktop icon in the folder without using terminal it is only opening in text editor.

As I understand this, you open a terminal (AKA console or shell window), cd to the directory with the start script, and then type ./start-tor-browser.desktop in the terminal, which is what you should do (if you are using Linux at least), so Tor Browser starts up and begins connecting to the Tor network. But, you say, I think, you also tried "clicking" on the script--- when you were using the file manager?--- and that did not work. Did I get that right? What is your goal here-- are you trying to find the safest possible way of starting Tor Browser?

June 23, 2019

Permalink

it says the install is modifying my dll. it has never done this before. sometimes virustotal.com will flag the latest tor as a virus, but i ignore and install it anyways. so far no one has drained my bank account

June 24, 2019

Permalink

looks like we cannot connect in Iran; maybe government somehow blocks the connection. can they do it? I have 3 different tor clients and none works, this exactly happens to my friends.

June 25, 2019

Permalink

Got
----------------
Tor Browser 8.5.3
View Changelog
Something Went Wrong!

Tor is not working in this browser.
------------------

This https://ocewjwkdco.tudasnich.de/new-release-tor-browser-853 works however.

This is happened also with earlier versions sometimes.

-----------

verbose logging show nothing:

-------------------------------
Unable to update the static FcBlanks: 0x2029
Unable to update the static FcBlanks: 0xfff9
Unable to update the static FcBlanks: 0xfffa
Unable to update the static FcBlanks: 0xfffb
Jun 25 15:32:52.000 [notice] New control connection opened from 127.0.0.1.
Jun 25 15:32:52.000 [notice] New control connection opened from 127.0.0.1.
--------------------------------

Got now also "Owning controller connection has closed " on startup of
Tor Browser 8.5.3. This also was not immediately after boot (I tried Tor Browser 8.5a7 first).

Jun 26 16:27:28.000 [notice] Bootstrapped 100%: Done
Jun 26 16:27:28.000 [notice] New control connection opened from 127.0.0.1.
Jun 26 16:27:28.000 [notice] Owning controller connection has closed -- exiting now.
Jun 26 16:27:28.000 [notice] Catching signal TERM, exiting cleanly.

This is not new. Seen randomly on Tor Browser startup since 8.5

What OS do you use? Is your computer behind a firewall you do not maintain? Do you need a proxy to get onto the Internet? Are you by any chance running multiple instances of Tor Browser? Or more than one Tor client?

(For example, on my Debian system I have a Tor client which I use for updating from the onion mirrors of the Debian software repository, and I sometimes also run Tor Browser which could possibly sometimes lead to having two Tor processes getting in each other's way, although I do not think I have seen that.)

Hope at least one of these questions helps you sort things out!

> I have a Tor client..., and I sometimes also run Tor Browser which could possibly sometimes lead to having two Tor processes getting in each other's way

They won't if you leave the torrc files at default. Tor Browser and its tor communicate by localhost port 9150. The tor "expert bundle" package listens on localhost port 9050. 9150 != 9050.

Tor launcer(?) probably told

Unable to retrieve settings.

And then it was replaced with

Tor unexpectedly exited. ...

Control connection was closed:

Jul 04 05:31:17.000 [notice] Bootstrapped 100%: Done
Jul 04 05:31:35.000 [notice] New control connection opened from 127.0.0.1.
Jul 04 05:31:35.000 [notice] Owning controller connection has closed -- exiting now.
Jul 04 05:31:35.000 [notice] Catching signal TERM, exiting cleanly.

This is

Tor Browser 8.5.3

Tor launcer: (Window title: Connect to Tor)

Unable to retrieve tor settings.

Immediately replaced with

Tor unexpectedly exited....

Restarting Tor will not close your browser tabs.

There is now yet browser window or tabs opened.

Console tells:

Jul 06 16:07:59.000 [notice] Bootstrapped 100%: Done
Jul 06 16:07:59.000 [notice] New control connection opened from 127.0.0.1.
Jul 06 16:07:59.000 [notice] Owning controller connection has closed -- exiting now.
Jul 06 16:07:59.000 [notice] Catching signal TERM, exiting cleanly.

Okay, let me think a bit about how to track this further down. It sems Tor is bootstrapping fine but Tor Launcher has for some reason issues reading your Tor configuration and aborting the bootstrap process.

June 25, 2019

Permalink

can you guys please add ublock origin in tor.It is better than no script and it can block more than scripts.

June 26, 2019

Permalink

Noscript has begun to support Chrome. It's so nice and convenient. I hope Tor can remember the Noscript setting. I know there's a way, but basically supporting the setup will help a lot of people.

June 26, 2019

Permalink

Irrelevant to this discussion, but important - Apple Store offers what claims to be "using Tor system" browser called TOB, uses the logo too (which I hope is both copyrighted and tradearked, not to offend the Open Source, but to prevent fraud
.
Symantec has labeled TOB a dangerous fraud and I lack the ability to do anything to confirm/deny AFAK, authors have not commented. I beg the TOR community offer real TOR for the iPhone, or, lacking that, demand the fraud be removed, if indeed that is what it is.

It depends what you mean and what your requirements are. Some of them are webmail interface, IMAP, POP3, SMTP, SSL/TLS ratings, Tor to Tor providers, Tor<->clearnet providers, client-side encryption, no Javascript, alias addresses, inbox size, 2FA, logging, categories in EFF's "Who has your back", price,... But this site is for Tor Project and its software. Search the web. Ask on reddit or tech forums.

June 29, 2019

Permalink

Greetings!
Please tell me specifically whether the traffic is encrypted on the way from the TOR client to the ingress node, and from the ingress node to the TOR client?
Does my provider see outgoing and incoming traffic?

That requires disk history being enabled and thus not being in private browsing mode by default. I think that won't happen by default anytime. Would it help you if it were possible to click on a bunch of options to be able save/restore opened sites? Or do you need this on by default?

You could save them as bookmarks. However, bookmarks are saved to disk, so if your phone is confiscated or stolen, your bookmarks are like your browsing history.

July 01, 2019

In reply to gk

Permalink

Nothing. Function "restore tabs" not working. Bad english, sorry. What should I do to make it work?

Do you mean Show your windows and tabs from last time?
Screenshot of about:preferences in Firefox: 'General' heading, radio button 'When Firefox starts' selected as 'Show your windows and tabs from last time'.
For safety the setting is disabled and would depart from Tor Browser's design:

...[some features are disabled in Tor Browser] stemming from the requirement to leave essentially no trace on the computer revealing browsing activity...using Firefox's permanent private browsing mode...
Ticket #26390 comment 2 (similar issue)

If it worked before, it was probably unsafe.

July 03, 2019

Permalink

HELP!!. Tor browser hasnt been working for me on win 10 since 8.0.3. It launches with two windows on the taskbar. one window does nothing the other window is the tor browser but it dowsnt connect to any siteeven the welcome page plus C.P.U usage is off the charts like upto 60% when any instance of Tor is running. i cant exit normally and have to end the process via task manager.

July 03, 2019

Permalink

Tor Browser Bundle in Win10 32 bit won't start unless I disable system-wide DEP (data execution protection). Is this a known issue, or do I have something wrong with my system?

That's the first time we hear of that. We ship the bundles with ASLR+DEP enabled, so it seems a bit weird that you need to disabled system-wide DEP. Do you have some firewall/antirvirus software that could interfere here? How are you disabling/enabling system-wide DEP? What error are you getting if you start Tor Browser but do not disable system-wide DEP?

July 03, 2019

Permalink

Hello. I want to download Tor but my computer is too old it seems like. you guys require a newer software version of the MAC that is not available for this model of mine. Is there any way i can download an older model of you guyses ?

July 09, 2019

Permalink

From 1 July Tor Browser not starting by itself. Just after clicking on tor icon, tor appears to download >40MB's of data, then gpg has the CPU at 50-60% and tor won't start. Have left it for over half an hour sometimes and gpg never finishes. If I stop gpg process tor immediately brings up 'Establishing a Connection' window and starts. Are using 8.5.3 on Kubuntu bionic 32-bits. I think tor was updated on that day.
Am I creating a security problem by stopping this gpg process? , as its the only way to get tor working.

Are you using torbrowser-launcher on your system? Please stop doing so, it is not recommended. Instead you should download the Linux bundle from our website. You'll get automatic updates with Tor Browser's internal updater. I think the problem is that torbrowser-launcher relies on Tor Browser's gpg signing key for checking for a good update but that key got recently horribly spammed which causes your gpg process to block launching the browser. For background on this issue, see: https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html.

July 11, 2019

Permalink

Tors Bookmarks are not working in version 8.5.4
I can't save any bookmarks and you can't move them around or arrange them.
The Bookmark feature seems completely unusable.

August 07, 2019

Permalink

Hola... tengo una pregunta.... porque al descargar "TOR" en mi pc en la que tengo el S.O. Win 7 Pro.. no me permite instalarlo, pues me sale el mensaje de que no es compatible con mi S.O. ... alguna solucion?....
Gracias por compartir y

August 27, 2019

Permalink

Hi I keep getting the "Tor Unexpectedly Exited" error. Im using Windows 10 and I cant seem to find a solution. Just downloaded this version because the old one was giving me the same error.

What's the path you installed Tor Browser to? Do you have some special characters in it? Any antivirus/firewall software installed? If so which one? If there is any, does the problem go away if you uninstall it (disabling is often not enough)?