New Release: Tor Browser 8.5.3
Tor Browser 8.5.3 is now available from the Tor Browser Download page and also from our distribution directory.
This release includes an important security update in Firefox, a sandbox escape bug, which combined with additional vulnerabilities could result in executing arbitrary code on the user's computer.
Note: As part of our team is currently traveling to an event, we are unable to access our Android signing token, therefore the Android release is not yet available. We expect to be able to publish the Android release this weekend. In the meantime, Android users should use the safer
or safest
security levels. The security level on Android can be changed by going in the menu on the right of the URL bar and selecting Security Settings
.
Update: The Android version is now available from the download page.
The full changelog since Tor Browser 8.5.2 is:
- All platforms
- Pick up fix for Mozilla's bug 1560192
Comments
Please note that the comment area below has been archived.
Can you guys please just add…
Can you guys please just add the HTTPS-Everywhere and NoScript icons on the top bar (where the Tor Button is) by default? It's a pain to customize and set them up each time. Those addons are important enough that they belong there.
Also someone really needs to tell noscript to put a link to their options somewhere on their menu because right now the only way to get to it is from the firefox addons menu, while everything else about noscript is customized from their toolbar icon directly.
https://ocewjwkdco.tudasnich.de…
https://ocewjwkdco.tudasnich.de/comment/281883#comment-281883
https://ocewjwkdco.tudasnich.de/comment/282317#comment-282317
> the only way to get to [NoScript options] is from the firefox addons menu, while everything else about noscript is customized from their toolbar icon directly.
Click the NoScript toolbar icon. Along the top edge are a bunch of large icons. Hover your mouse on the NoScript icon that has a white wrench on it, and the popup tooltip will say, "Options..." Click it.
Those buttons never…
Those buttons never disappeared for me. This is what the navigation bar looks like for me with no customizations:
[======= Page URL =======] [O] [S] [== Search ==] [NS] [HE]
O = Onion
S = Shield
NS = NoScript
HE = HTTPS Everywhere
In recent versions for Linux…
In recent versions for Linux including 8.5.3 I see this:
[======= Page URL =======] [O] [S] [== Search ==] [NS] [HE][M]
M = Drop down menu
No NS or HE in view.
Are you using the Windows version?
It cannot be good that the versions apparently differ.
NoScript and HTTPS…
NoScript and HTTPS Everywhere are still present in the URL bar if you upgraded from an older version. They are not present if you did a new install with a recent version.
Seriously does it even…
Seriously does it even matter how the button layout is? As long as you only have a single row of customization you should blend in yes?
Yes.
Yes.
OK. I did install from a…
OK. I did install from a new tarball in my Debian.
I also use Tails, usually booted from a DVD, but I also use Tails booted from USB sticks. And I upgraded those by cloning the running Tails (the latest booted from the DVD burned from the verified ISO image). And in those I do not see the icons. Is it safe to clone the running Tails from an instance of Tails booted from DVD burned from verified ISO image? If you cannot be entirely sure someone has not had physical access to the laptop?
If the hardware is…
If the hardware is compromised, any software that runs on it may become compromised regardless of if it was verified. Turn off the device completely, and unplug all non-essential parts outside and inside the case. If software is all you're able to work with, begin by reflashing the firmware/BIOS of each hardware component from verified copies of the firmware and flashing program. Then, run your live DVD on it and go from there. Don't reflash unless you absolutely have to because it's possible to brick the hardware, and flash memory has a limited number of erase-write cycles.
Running the verified DVD, mount the clone, and compare partition parameters in Gparted of the verified DVD to the mounted clone.
When you boot the DVD, does the bootloader menu list an option to check the CD/DVD integrity as it does in Ubuntu for instance? What you could do is find the file of checksums/hashes (that the integrity checker uses) on the verified DVD and compare the sha512sum of that file to the sha512sum of the file of the same name in the clone mounted while running the verified DVD. Or you could make your own checksum/hash file of all files on the verified DVD by running sha512sum on the root directory of directories on the mounted verified DVD. Mount the clone,
cd
to the clone's root directory, and input your checksum file to sha512sum to check all files of the clone.Ask Tails developers. It's a difficult but important question.
>Are you using the Windows…
>Are you using the Windows version?
No, Linux also. Mine is the same w/ the hamburger menu on the right.
The placement of the onion and shield buttons is weird but it doesn't matter apparently.
Please make a release for…
Please make a release for alpha users, merci
Why is it taking so much?…
Why is it taking so much? This is seriously making me question the devs' competence in handling urgent situations...
The alpha is available now…
The alpha is available now. Building, signing and uploading everything takes a lot of time. If you want faster updates, then you should use the stable release as it is the one we do in priority.
Thank you all so much for…
Thank you all so much for your rapid action!
However:
> As part of our team is currently traveling to an event, we are unable to access our Android signing token, therefore the Android release is not yet available.
An unneccessary delay of even a few days could be very serious once more people adopt the new Tor for Android. While I appreciate that TP is a small outfit (in many ways that is a strength), I and others have urged TP to plan ahead for emergencies such as this pair of critical zero-days seen to be be currently jointly exploited in the wild on very dangerous cyberattacks. With particular respect to travel, users have suggested that TP designate a "Tiger Team" which does not travel and which can handle this kind of emergency just as fast as Mozilla or whomever issue any needed "upstream" security patches.
I don't know exactly how…
I don't know exactly how their team set it up, but a token is basically a sealed hardware device made to be unique. A PGP subkey can be created and given a new passphrase, but creating subkeys all the time clutters and inflates the size of keys shared on keyservers. I'm guessing TP has better and safer approaches, too. In other words, it might be a sign of good security practices that they aren't able to access it.
I assume TP uses ssss …
I assume TP uses ssss (Shamir's secret sharing scheme; see the Debian repositories) as part of their solution. AFAIK this should be a very secure way of allowing any subset of k devs to mutually sign something which needs to be signed, but accessing while traveling is no doubt a harder problem even if devs keep their devices on their persons at all times, because borders.
I agree with that. The…
I agree with that. The problem in this particular case is that we did not have the chance yet to move our signing token to our signing infrastructure which is not dependent on a single person being available. This is done in the coming weeks. Thus, this problem should not occur again.
Good to know, thanks, GeKo. …
Good to know, thanks, GeKo. And thank to the entire team for quick action on this zero-squared day.
BTW, I'd also like to offer huge thanks to the Tails team for their own rapid action. I know they planned to spend the weekend making intensive final preparations for the rollover from Stretch to Buster as Debian stable which is expected to happen sometime around 7 Jul 2019. So last weekend must have been pretty stressful.
I hope everyone get's a vacation, staggered of course so there are enough people to handle any emergencies.
Has anyone else noticed intense cyberattacks apparently associated with 21 Jun? I have every year since 2013. Which I interpret as weak evidence pointing to FVEY. But there's always something new, such as the alleged IR wiper attacks, so who knows?
8.5.3 is installed, and I'm…
8.5.3 is installed, and I'm trying it out now. Thank you again.
Hi - can anyone talk me…
Hi - can anyone talk me through how to change the country it thinks I'm connecting through when using 8.5.3? The instructions I've been able to find all refer to editing the text in the "torrc" file - but when I open that up, it's completely empty. I've run Tor several times since the update so that's not the reason.
Normally, your torrc.orig.1…
Normally, your torrc.orig.1 file always will have no content. Normally, your torrc file always will have content. Your current Tor Browser installation could be corrupted if your torrc file has no content
You might resolve the issue if you (1) download a fresh Tor Browser installer package from http://expyuzz4wqqyqhjn.onion/download/languages/ (or, https://sedvblmbog.tudasnich.de/download/languages/), (2) completely uninstall your current Tor Browser installation per the instructions at http://dgvdmophvhunawds.onion/uninstalling/ (or, https://tb-manual.torproject.org/uninstalling/), and (3) install the fresh download.
After content appears in your new torrc file, you can change/select the country location(s) of your exit relay per the Tor Project options:
https://ijpaagiacu.tudasnich.de/tbb/tbb-16/
https://2019.sedvblmbog.tudasnich.de/docs/faq.html.en#ChooseEntryExit
Caveat: "We recommend you do not use these [options] — they are intended for testing and may disappear in future versions. You get the best security that Tor can provide when you leave the route selection to Tor; overriding the entry / exit nodes can mess up your anonymity in ways we don't understand."
I don't know if people…
I don't know if people notice it or not, but tor browser can be downloaded from http://yjuwkcxlgo7f7o6s.onion/tor-package-archive/torbrowser/8.5.3/ without going through exit node (the download links in http://expyuzz4wqqyqhjn.onion/download/languages/ are still in the clear net)
For the record, tails can be downloaded from http://yjuwkcxlgo7f7o6s.onion/amnesia.boum.org/tails/stable/tails-amd64… too.
All links above are listed in https://onion.torproject.org/ so they should be genuine.
Tried several times to…
Tried several times to update (get that green arrow in top-right corner) but everytime the history say 'install failed'. ...?!...
The last installed was 8.5.1. (20190307020101).
Are you installing Tails to…
Are you installing Tails to a bootable USB with a persistent volume holding your personal data? If so, if you know how to obtain the latest Tails (the ISO image), do that (it is about 1.4 GB so it will take a little while), burn a bootable Tails DVD, boot Tails on a 64 bit laptop (with suitable boot settings so it boots from the DVD drive before the disk drive), insert but do not mount your existing Tails USB, and from the top left of Tails menu bar, choose
Applications -> Tails -> Tails Installer
Check the boxes saying you want to clone the running Tails to the (unmounted) USB drive. You should see a message saying the installer will update Tails while preserving the persistent volume. Confirm that by choosing "Update". After about five or ten minutes your USB should be updated and you should be ready to boot your laptop from the USB.
I've tried other ways to use the Tails installer to upgrade Tails USBs but like you have not been able to make them work properly. But so far the method I just described has always "worked" in the sense that I can boot from the USB and I can mount the persistent volume. I do worry about cloning a live Tails from the code as it exists in RAM rather than the code as it exists on the DVD, since there is always the niggling worry that they might not be the same--- which would be bad because I've only verified the DVD not Tails as loaded into RAM. NSA/TAO and thus UAE/DarkMatter operatives just might be able to mess with the controllers for disk drives--- if they had brief access to the laptop in a hotel room or at a border, for example--- to do something horrid as Tails is read from the DVD. And if they don't yet know how to do this I have no doubt they are trying to figure out how to do this. To you and me. Nationality and good citizenship are irrelevant to these professional poisoners.
By the way, using Tails booted from a DVD should be more secure (at least assuming the DVD is R/O), but Tails booted from a USB is possibly more convenient because you can install persistently a small number of small applications (but you should avoid installing complicated software which has many dependencies and probably opens many security holes). If you do boot Tails from a DVD, you can keep your personal files on a LUKS encrypted USB data stick, which you can easily create using Tails itself. So using Tails booted from a R/O DVD is practical and as the recent flurry of exploitable critical vulns plus speculative execution style attacks suggests, may be wiser than using Tails booted from a USB.
Asterix never said they use…
Asterix never said they use Tails.
> I do worry about cloning a live Tails from the code as it exists in RAM rather than the code as it exists on the DVD
Everything passes through RAM so the CPU can process it. That includes between connected peripherals. Peripherals do not talk to one another directly; the CPU manages data bus communication. Input/output peripherals except for video cards connect to a motherboard's south bridge; CPU and RAM are on north bridge.
> Asterix never said they…
> Asterix never said they use Tails.
Oh damundblast, you are right, my mistake, sorry, everyone.
Sounds like you know a lot more about bare metal than I do but the Snowden leaks confirm that state-sponsored malware targeting disk drive controllers (not the CPU) are a thing. Unfortunately.
Not sure I see your point…
Not sure I see your point but it may be relevant that one of the fixes in the most recent Tails was a fix made upstream in Debian for a critical vulnerability in dbus (the Debian package which handles the data bus).
Does anyone know whether it is presumed safe to upgrade a Tails USB by cloning from a running Tails, booted from a R/O DVD burned from a verified ISO image? I'd follow the instructions at talls.boum.org but my Tails TB literally cannot read their tutorial so I don't know what procedure they advise. But I've found by trial and error that cloning (and nothing else) always seems to work and it also faster for me.
Do you have Tor Browser…
Do you have Tor Browser customized in some way? On which operating system does this happen? If you enable update logging by setting
app.update.log
totrue
in yourabout:config
and opening the browser console before performing an update e.g. by pressingCtrl + Shift + J
do you see some errors showing up? (You can force an update check by opening the about dialog in Tor Browser by clicking on the Hamburger menu -> Help -> About Tor Browser)Do you have enough free…
Do you have enough free space on the drive?
Assigned defect # 30441…
Assigned defect # 30441"https://trac.torproject.org/projects/tor/ticket/30441"
The issue still continues with operating bridges not being handed out.
Should the circuit Bridge obfs4 IP change occasionally ?
example Tor circuit
this browser
bridge: obfs4:XX.XX.XX.XX
Unites states 75.34.64.170
Unites states 209.95.51.11
torproject.org
Please immediately remove…
Please immediately remove the obfs4 bridge IP address appearing in your submission. An adversary could use the obfs4 IP address appearing in your submission to identify the physical location of the bridge relay, attack it, compromise it, or take down the volunteer operator of the obfs4 bridge relay, who might not want an adversary to know his physical location and his identity.
In future, you should avoid…
In future, you should avoid mentioning the IP address of a bridge in public, for reasons which will presumably become obvious once you remember why we need bridges in the first place.
Sorry I can't help with your question but I hope someone else will answer it.
The obfs4 bridges are listed…
The obfs4 bridges are listed in the file torrc. On my Mac the file produces 13 OBFS4 bridges and there IP when I deleted the file the same obfs4 files appeared with a change in order.
Explain how displaying the IP protects the obfs4 bridge site when anyone can view the torrc file?
The torrc file is a local…
The
torrc
file is a local one on your computer, so it is not readable by anyone but you (and maybe your admin). That said, the default bridges we ship are kind of public anyway as they are included in our source code which is public.Your obfs4 bridge line and…
Your obfs4 bridge line (and its IP address) will not change unless you replace your bridge line with another bridge line. However, if your Tor Network Settings includes 2 or more bridge lines, your bridge line (and its corresponding IP address) automatically can/will change if your current bridge stops running, one or more other bridge lines are present (in reserve) in your Tor Network Settings, and if that/those other bridge(s) are running.
The last 2 versions problems…
The last 2 versions problems initiating the browser. It does not connect at start up and has to be shut down and restarted to connect.
> Should the circuit Bridge…
> Should the circuit Bridge obfs4 IP change occasionally ?
Not unless you can't access them, they are being attacked or compromised, or they do not have the "Valid" flag in relay search. As long as bridges remain valid and secret, there is less reason for a user's tor exe to choose a different bridge than there is to choose a different public guard node. You should occasionally check the validity of your bridges by pasting the hashed fingerprints in relay search because a user's tor exe doesn't automatically choose new bridges if their flags change. No doubt some users connect by old, neglected bridge settings. Developers(!), would it be safe if tor automatically checked a user's old bridges?
If python is installed, type on the command line to convert a fingerprint into a hashed fingerprint:
Replace 0123... with the fingerprint. Developers(!), it would be better if a converter was built into onion icon >> Tor Network Settings.
https://ocewjwkdco.tudasnich.de/comment/281627#comment-281627
Another thing to be mindful of is the country and company where your bridge IP is. (Developers(!), Tor Browser's circuit display doesn't show your bridge's country.) Copy the IP to a local, non-cloud text editor. Change the last three to four digits of the IP to obfuscate the true IP (octets are 0 to 255 decimal in IPv4, hextets are 0 to ffff hexadecimal in IPv6), and then copy the obfuscated IP into a geolocation search engine in Tor Browser. Keep all true, non-hashed bridge information private, secret, and on your local machine.
The issue is the tor…
The issue is the tor browsers Bridge obs4 IP XX.XX.XX.XX, Cogent is reporting "connection is not secure" for Https valid connection occasionally and since the Obsf4 bridge does not change often from what I understand I thought I would report the issue.
Since Tor is experiencing a problem with bridges obfs4, FTE IPv6 and emailing of new bridges I want to ensure Tor is aware of the additional issue.
Moderators, do you even skim…
Moderators, do you even skim posts for bridge addresses before approving them? tormac is a repeat offender.
> Cogent is reporting …
> Cogent is reporting "connection is not secure" for Https valid connection occasionally
If this started in last few days, could it be related to the latest huge BGP snafu in which Verizon improperly sent 20% of major East coast website traffic through a tiny regional ISP (used by CIA?) which immediately crashed under the load, so all those packets were sinkholed. Maybe an IR cyberwar action? I believe Cogent is much used by US feds, so this just might be an explanation.
> Cogent is reporting …
> Cogent is reporting "connection is not secure" for Https valid connection occasionally
Hypothesis: the exit node needs to perform OSCP lookup to connect to your destination website. But over the weekend, a good deal of traffic (I am guessing including some Cogent too) was improperly sinkholed owing to a BGP "mistake" (or was it? Cf. alleged IR-US cyberwar in progress). So maybe the https connection failed because the exit node could not do the cert lookup in time, because that request was sinkholed owing to the BGP "goof".
The regional ISP affected by the BGP "goof" may be a provider for federal USG agencies so it would not be implausible that the "mistake" happened because IR cyberwarriors broke into the network of that small ISP and made the improper claim which was accepted by Verizon resulting in a huge mess for much US traffic.
I have noticed that obfs4…
I have noticed that obfs4 bridges are no producing three new bridges for obfs4 that work as of June-27-2019.
However I have noticed cross script errors which when I perform a captcha will continue to repeat.
Can you describe these cross…
Can you describe these cross-site scripting experiences in more detail? What sites? What exactly are you seeing?
You are not supposed to…
You are not supposed to request new bridges or change them if you already have ones that work. The system is designed to prevent people from collecting the whole list.
> IR cyberwarriors broke…
> IR cyberwarriors broke into
Why not USG agencies doing a test run? Or, yes, a simple mistake by employees.
No, the bridge used should…
No, the bridge used should not change once you've found a working one.
Please address the code…
Please address the code signing issue with Android.
If one or more of your team are ran over by a car then the project has severe issues. This is not good for project continuance.
Thanks for all your efforts so far!
> If one or more of your…
> If one or more of your team are ran over by a car then the project has severe issues. This is not good for project continuance.
This is exactly the problem with Shamir's Secret Sharing System (see the software Debian repositories) can help solve. I am pretty sure Tor Project knows all about ssss and uses it-- I know the Tails team does.
But yes, plus one on making
a) proper code signing
b) preparing for crises in advance
top priorities.
Speaking of Shamir's secret…
Speaking of Shamir's secret sharing scheme, guess who else uses that? Cloudflare!
See their online randomness source:
https://www.cloudflare.com/leagueofentropy/
It would be very interesting to subject the output streams to statistical tests which challenge the alleged cryptographic quality randomness.
One of the uglier USG schemes to mess with other nations involved destructive weather alteration and destructive earthquake generation. Those who know the mindset of military contractors who sense opportunity for a new boondoggle will not be as quick as some to dismiss the concern that using seismic data from Chile might start a very bad actor thinking about altering the data stream by generating earthquakes. Especially because that ability would take out 3 of the 5 servers in sufficiently destructive quakes, because all three live in some of the most dangerous fault zones in the world.
Speaking of Debian, guess who else uses their own derivative of Debian? The Russian government! (Search for "Astra".) Just one more reason to be concerned about NSA messing with Debian: to attack Astra, it is natural to begin by attacking Debian. Thank you, Kremlin. Brrr!
One wonders whether…
One wonders whether Kaspersky will pay more attention to Debian specific state-sponsored malware because the Russian government asks them to help protect Astra.
Interestingly enough,…
Interestingly enough, Cloudflare was apparently much affected by a BGP foulup a few days ago in which Verizon improperly sent some 20% of Cloudflare traffic though a tiny ISP (associated with USG customers I think) which immediately fell over under the load, so all that traffic was sinkholed. Pretty nifty cyberwar action (IR maybe?) if one suspects that BGP "goofs" are not always goofs.
Please don't use online…
Please don't use online sources of entropy for anything you want to be secure or private. Regardless of quality and consistency, it lets someone else define and record your bitstream or PRNG seed and send it through any number of potential men-in-the-middle.
Debian does not have imperatives of a company and is spread around the world. Many different governments on different continents have forked Debian into distros for themselves, and there's nothing wrong with that. If we are concerned with good reason about one country's intelligence agencies messing with Debian, we must be concerned about every country's intelligence agencies including those of our present location and those of where we nationalistically feel at home.
Have no fear, I completely…
Have no fear, I completely agree with all of that.
Good entropy is hard to come by. Right now Tails supports entropy broker but I don't think that will help most users. As of a year or so ago they also supported a particular brand of "entropy stick" (a USB stick which is supposed to provide a steady stream of cryptographic quality random bits), but I haven't checked recently whether they still do. In any case, I have seen papers casting statistical doubt upon the quality of the entropy provided from inexpensive physical devices.
Yes, I agree as replied…
Yes, I agree as replied above. We did not manage to get our signing token to our signing infrastructure which was plan to happen in the coming weeks.
I, too, now have to …
I, too, now have to "Customize..." TB each time to return NoScript icon to the tool bar. Without it, relying solely on the 3 offered "levels of safety" is too crude.
That is, to make a website functional, I don't wish to lower the security globally. This would enable ALL junk 3-rd party scripts, but I prefer enabling only the needed elements.
I believe you mentioned some proposed "per-site" solution coming in the future - great, thanks for doing it. Until it comes out, we still need NoScript on the toolbar.
Thanks.
> I, too, now have to …
> I, too, now have to "Customize..." TB each time to return NoScript icon to the tool bar. Without it, relying solely on the 3 offered "levels of safety" is too crude.
Since it always bears repeating, I'll repeat it: "customizing" is the enemy of anonymity.
But I think I see a theme developing here: the users who are most concerned by the recent "cosmetic" changes in Tor Browser may be more concerned with obtaining the *cybersecurity* benefits which come from using Tor Browser (or even better, Tails) than with obtaining the "anonymity" benefits.
If anyone thinks this describes their own goals in using TB, please speak up. I hope this might help the TB team figure out a way to keep both the "cybersecurity first" and "anonymity first" user bases happy...ish.
Excellent distinction. …
Excellent distinction. Privacy Settings, an add-on for Firefox/Chrome/Opera, does an excellent job teaching users the distinction between security and privacy as well. https://github.com/schomery/privacy-settings/
> Since it always bears…
> Since it always bears repeating, I'll repeat it: "customizing" is the enemy of anonymity.
All the more reason for the Tor devs to stop dumbing down the product. We know why they left javascript on by default, but why did they take away the convenient turn off javascript checkbox in the config menus and force us to use about:config? It's not only that the average dumb user should be able to get a Tor experience out of the box. It's also that users who actually have security requirements CAN'T get them out of the box. Why are the UX people allowed to ruin basic functionality?
Next update: a talking paperclip that REQUIRES javascript.
If you want to turn off…
If you want to turn off javascript, then you can change the security level. There is also nothing preventing you from adding NoScript on the toolbar even if it is not there by default.
"safer" does more than…
"safer" does more than disable javascript, and it makes sure your combination of settings is the same as other TBB users.
> All the more reason for…
> All the more reason for the Tor devs to stop dumbing down the product
I don't think that's what Tor Project is doing. Rather, they have recognized--- and they are correct--- that in this dangerous world, everyone needs Tor regardless of what government they live under or what their personal political/religious beliefs or social status are, etc., which means that TP must grow its user base. In addition, moving to a user-supported funding model is needed to insulate TP from undue pressure from the spooks of any one government, in particular the USG which has not played a very nice role globally for many decades and which is particularly dangerous to Tor Project and thus to Tor users.
> why did they take away the convenient turn off javascript checkbox
I don't recall a checkbox, but I used the slider (now renamed "security level")
> in the config menus and force us to use about:config?
Well, you can still use the security slider to turn off javascript, AFAIK.
As I understand, the rationale for discouraging users from making lots and lots of "customizations" is that
o customizing makes users less anonymous,
o extensive customizing break things TP has done to enhance both security and anonymity.
I think we all need to recognize that both maintaining/developing Tor products and using Tor products involves constant tradeoffs between usability, security, and anonymity. TP needs to try to make the best decision for the greatest number of Tor users in every case, without keeping the kind of intrusive and dangerous personal data about each user that companies like Google do, so I think we all need to give them more credit than some of us are inclined to do.
> It's also that users who actually have security requirements CAN'T get them out of the box.
I don't understand what personal security requirements you desire which you feel Tor is not enabling you to easily obtain, or why you think you need these particular security requirements. Your requirements might well appear legitimate, at least to me, maybe not to some government, if you explained. Some governments might be tempted to assume that any Tor user who wants good security must be working for some "opposition entity" about which said government is feeling particularly paranoid.
For example, currently USG is feeling paranoid (probably with justification) about ransomware targeting more or less hapless US city governments. Tor users who would be adversely affected by a successful ransomware attack on their own municipal government would probably find themselves in rare agreement with USG on that point.
So we certainly don't want to encourage Tor users to be manipulated into taking a position supporting anything done by the USG or any other government. We need to see ourselves rather as a virtual nation comprised of good citizens whose legitimate needs are very evidently not being met but are rather being crushed by our bricks and mortar governments (and by corporations such as Amazon/Google/Microsoft/Facebook/Twitter). C.f. the huge study which showed that the opinions and expressed desire of ordinary US citizens has had no visible effect whatever on US federal government policies over the past sixty odd years; rather, government reliably follows the advice of corporate lobbyists who often write the new laws which are then passed by their politicians who effectively represent the billionaires, the big banks, and international conglomerates, but certainly do not represent The People. No doubt similar studies in other supposed "representative democracies" would reach the same conclusion.
Jared Diamond, Noam Chomsky, Ralph Nader, and other figures have made similar points for many years.
Dear Tor blog admins, the…
Dear Tor blog admins, the sub-thread above, comments 282789 and 282816, are under the wrong parent comment. It has happened before.
Hey check.torproject.org is…
Hey check.torproject.org is down right now, June 22, 2019 01:13 UTC.
Has been an off and on issue lately. Also reported here: https://www.isitdownrightnow.com/check.torproject.org.html
Can any one provide an explaination please?
@pelethar, I'm not sure what…
@pelethar,
I'm not sure what you mean by "it THINKS I'm connecting through."
The country of the exit node shown *IS* the exit from Tor network and the entry node (guard) *IS* the country you're entering the network through.
You don't say what your objective is, but you need to read the https://sedvblmbog.tudasnich.de/docs/tor-manual.html.en. Editing the torrc file (which is empty). You can do things like list countries that you want to use for nodes, or exclude countries you don't want to use.
Don't make the list too short of acceptable countries to use, or you may see big slow downs or connection problems.
Don't make a list of countries to exclude too large, or you may have the same problems. Tor might override your torrc settings to make viable connections.
This is how you list countries to use:
ExitNodes {an},{at}...
ExcludeExitNodes {au},{ca}...
StrictNodes 1
Capitalization matters. There's a space between ExitNodes & the 1st country, but no spaces between country codes - just a comma separator.
Using StrictNodes with a value =1 (enabled) tries to force it to use the countries listed.
If you have too few listed, it may use others to maintain a connection (I'm not positive & still investigating.
Since the last 3 upgrades i…
Since the last 3 upgrades i'm finding that my Tor browser is no longer changing sites. Why i run https://whatismyipaddress.com/ it only shows an address in France, Iran and the Ukraine. How do i get back the function of the URL changing on a regular address to more than just 3 url's?
I think you mean to say that…
I think you mean to say that your circuits only include exit nodes in FR, IR, UA. That does seem strange. Did you verify the detached signature of the Tor Browser tarball before you unpacked it?
I'll assume you meant the IP…
I'll assume you meant the IP addresses of your Tor exit nodes because your choice of words is unusual. The website you wrote tells you the IP address it sees, which belongs to the exit node (third, final node) of the relay circuit that Tor Browser used to access the website. Your exit node IP address normally changes every 10 minutes if idle and when you visit different domains (website.tld). You can force it to change by clicking "New Circuit for this Site" (tb-manual). Tor Project operates a similar site https://check.torproject.org/
Did you edit your torrc file by accident? What operating system?
I set Tor browser will Use…
I set Tor browser will Use custom settings for history, tick off Remember my browsing and download history, then restart Tor browser, the settings seemed to be restored.
Yes, that's working as…
Yes, that's working as expected if you are not in permanent private browsing mode.
Could there be a quick way…
Could there be a quick way to change the security level?
There is, assuming you…
There is, assuming you regard two clicks as quick: click on the shield icon, which pulls up a page with buttons; click on the button corresponding to the desired security level.
One click would be better for those who avoid tabs, but I think Tor Project devs were concerned that most TB users may not realize that downgrading security level (e.g. "safer" to "standard") applies to all open tabs, which could lead to disaster if one tab is associated with sensitive information another with a login to an untrusted site.
Just wanted to say 8.5.3…
Just wanted to say 8.5.3 seems to be working for me, and thanks for the rapid response to this instance of critical zero-squared-days in FF.
Regarding tor for mobile phones and smart phones: does anyone know whether Microsoft has expressed an interest in funding development by TP of a version of Tor Browser for Microsoft branded phones? How about Apple? Seems like this would be a smart move on the part of any phone maker.
Why Tor Project is ignoring …
Why Tor Project is ignoring .onion DDOS issue?
It's almost like if (((you))) are not interested in fixing it.
I am waiting for Tor Project to announce that .onion sites will be phased out.
Some people are working on…
Some people are working on it.
https://lists.torproject.org/pipermail/tor-dev/2019-May/013837.html
https://lists.torproject.org/pipermail/tor-dev/2019-June/013875.html
I have no reason to think…
I have no reason to think the OP actually has any reason to think Tor Project will "phase out onions", but... you aren't actually about to do any such thing, right?
In a somewhat related development, "Tor panels" are being blamed in the news for the rash of ransomware attacks which have crippled Baltimore, MD and caused numerous other US cities to pay ransom monies. (In electronic currency one presumes, so if it's true that NSA is enriching itself by stealing electronic currency, the ransomware plague may represent a further transfer of wealth from cities to the federal government.) See for example the article in Arstechnica featuring the grim prediction that this will only get worse.
I hope someone at Tor Project has asked the media team to try to combat this latest round of reporters who ought to know better failing to mention any of the ways Tor can improve cybersecurity for everyone including local governments whenever they mention that cybercriminals (or state-sponsored cyberwarriors masquerading as such) as well as spooks use Tor for crime. Case in point: Sen. Wyden (D-OR) just stated that US government employees (at all levels) still often transfer unencrypted zip files which contain sensitive data. But we know OnionShare is a much smarter and more secure way to transfer sensitive data. Venues such as Wired often mention the cyberinsecurities associated with unencrypted DNS lookups, but never mention that onions can apparently circumvent some of the most fundamental of these vulns.
There is no plan to phase…
There is no plan to phase out onions. Version 2 onions will be phased out at some point, replaced by version 3, but not in the near future.
Good to know, thank you.
Good to know, thank you.
> "Tor panels" are being…
> "Tor panels" are being blamed in the news for the rash of ransomware attacks... I hope someone at Tor Project has asked the media team to try to combat this latest round of reporters who ought to know better failing to mention any of the ways Tor can improve cybersecurity for everyone
Support FAQ: The files on my computer have been locked, and someone is demanding I download Tor Browser to pay a ransom for my files!
Yes, but it is obviously in…
Yes, but it is obviously in our best interests not to fall prey to ransomware in the first place. So all Tor users need to try to behave in cybesecure fashion as far as possible.
However, individuals can do little if anything about ransomware attacks on their city governments. (Right now the attacks seem to focus on US cities, but no doubt this plague will soon become a global pandemic. Thank you NSA.)
> ransomware attacks on…
> ransomware attacks on their city governments
PEBKAC is the answer in many of those cases.
How does this solution solve…
How does this solution solve anything? So we limit the number of connection requests reaching the hidden service from the intro point. The attacker can still fill those up and lock out legitimate users.
Establishing a connection costs the attacker the same as the service. As long as you don't solve that, your solution only pushes the problem around.
Why is "block dangerous and…
Why is "block dangerous and deceptive content" off??
I switched to higher security settings but it didn't turn on that option do I have to do it manually?
Why is it not enabled at highest security settings?
You should not change the…
You should not change the this setting to avoid changing your fingerprint.
There are currently some discussions to enable it in the future as a means for performance improvements:
https://trac.torproject.org/projects/tor/ticket/30939
1) Block dangerous and…
1)
Block dangerous and deceptive content
is not part ofTracking Protection
settings as in that ticket. It's further down the preferences page underDeceptive Content and Dangerous Software Protection
.2) It sends browsing data to Google. Next to
Block dangerous and deceptive content
, click Learn More. "If the site is found on that list (of malware sites), Firefox blocks the file immediately, otherwise it asks Google’s Safe Browsing service if the software is safe by sending it some of the download’s metadata." "when using Malware Protection to protect downloaded files, Firefox may... submit some information about the file, including the name, origin, size and a cryptographic hash of the contents, to the Google Safe Browsing service which helps Firefox determine whether or not the file should be blocked."UX team, recognize that OP's…
UX team, recognize that OP's setting is the first option visible below the security level radio buttons. OP glanced under "Safest", saw it was unchecked, thought it was faulty, and wanted to enable it. Other users may change preferences on that page out of reflex and not come here to find out.
Whenever I search for…
Whenever I search for something the result is always links. The image tab and others are lost. Can someone help me.
I hope so. Could you give us…
I hope so. Could you give us steps to reproduce your problem? On which operating system does that happen? (Right now I am not sure I understand your problem)
I think you are saying that…
I think you are saying that you are trying to search (using DuckDuckGo, the default search engine) by typing a query in the "location pane" in the Tor Browser window. which doubles for both URL entry and for search query entries, and that Tor Browser always interprets your attempt to enter a search query as an attempt to visit some website.
Do I understand the problem correctly?
If so, try adding a space before you enter your search query in the location pane.
The notion of a location pane doubling for entering URLs and search queries is IMO too tricky, but I should point out that AFAIK it is inherited from Firefox.
"location pane"?https://blog…
"location pane"?
https://ocewjwkdco.tudasnich.de/comment/280967#comment-280967
https://en.wikipedia.org/wiki/Address_bar
And Mozilla's Quantum for whatever reasons mimicked it from Chrome.
I just hope users don't paste anything in it by accident. (passwords, tax data, medical, etc.) Before, it went to DNS servers. Now, it goes to a search website. Either is dangerous.
Lower your security level. …
Lower your security level. It sounds like you're browsing on "Safest". JavaScript is required for most image search engines.
Dunno know about image…
Dunno know about image searches, but just to be clear: while I find it tricky to enter " Dog shows in Cleveland" for example into the the location pane, and then to click on the DuckDuckGo onion icon rather than hitting return, it is certainly possible to perform text searches with the slider on "Safest". You might get redirected to a non-Javascript page for presentation of the search results however. That is probably why I don't get (actually I don't want) images in my search results.
Yes, and good for you, but…
Yes, and good for you, but OP is looking for "the image tab and others". The image tab isn't on duckduckgo's non-Javascript page.
To your problem of finding it tricky, you can change your default search engine. Click on the gear icon at the end of the bar of search icons, and that will open
about:preferences#search
. Some other settings on that page affect your privacy, so be careful. Change your default search engine to DuckDuckGo onion. Then, you don't have to click the icon anymore to search and can simply press Enter.When is taisl getting this?
When is tails getting this?
With the next release I…
With the next release I suspect. But I don't know when this will get out.
It came out in Tails 3.14.2…
It came out in Tails 3.14.2 which was released early Monday GMT.
I use kali linux and I have…
I use kali linux and I have downloaded TB 8.5.2, extract that in to download folder and every time i am clicking on to start.torbrowser.desktop is it opening note script. I did create a new user and download it over there....i did not download in to root user. what should i do? please help me.
What do you mean by "opening…
What do you mean by "opening note script"?
it is opening in text editor.
it is opening in text editor.
Don't know what file manager…
Don't know what file manager you're using, but there should be a setting how to handle executable text files in its preferences. The default here might be to display them, which will open the .desktop file in text editor, which is what you're encountering right now, if I got you right, so just change the preference. Alternatively right-click the file > open with > run or something around these lines.
In case your file manager doesn't allow to execute text files,
cd
in the directory and run./start-tor-browser.desktop
from the terminal. Afterwards you can add a Tor Browser launcher to your menu by opening the desktop file in a text editor again and following the instructions in there.it is opening by using…
it is opening by using terminal cd in the directory and then ./start-tor-browser.desktop and it is opening but when ever i am clicking on to start-tor-browser.desktop icon in the folder without using terminal it is only opening in text editor. is there any way i could start TB just by going into the folder and click on to the icon rather than using terminal to open TB all the time.
Can you just reread my…
Can you just reread my comment? Again, what file manager are you using? It's impossible to help you without some basic information. There should be a setting how to handle executable text files, change it.
Assuming Nautilus (GNOME's file manager): Hamburger menu > Preferences > Behaviour > Executable Text Files
Or just add a launcher, like described in the start-tor-browser.desktop file. To quote the relevant part (read the rest as well tho!):
as said above, it depends on…
as said above, it depends on your file manager.
try to make start-tor-browser.desktop executable > context menu (right click) > properties
or move it to your desktop and make it executable.
> it is opening by using…
> it is opening by using terminal cd in the directory and then ./start-tor-browser.desktop and it is opening but when ever i am clicking on to start-tor-browser.desktop icon in the folder without using terminal it is only opening in text editor.
As I understand this, you open a terminal (AKA console or shell window), cd to the directory with the start script, and then type ./start-tor-browser.desktop in the terminal, which is what you should do (if you are using Linux at least), so Tor Browser starts up and begins connecting to the Tor network. But, you say, I think, you also tried "clicking" on the script--- when you were using the file manager?--- and that did not work. Did I get that right? What is your goal here-- are you trying to find the safest possible way of starting Tor Browser?
Android tor browser has had…
Android tor browser has had no updates on f-driod since the 9th of June : is this really OK?
There will be an update on f…
There will be an update on f-droid soon.
it says the install is…
it says the install is modifying my dll. it has never done this before. sometimes virustotal.com will flag the latest tor as a virus, but i ignore and install it anyways. so far no one has drained my bank account
https://support.torproject…
https://ijpaagiacu.tudasnich.de/tbb/how-to-verify-signature/
https://2019.sedvblmbog.tudasnich.de/docs/verifying-signatures.html.en
This TOR thing is a…
This TOR thing is a brilliant idea!! :-)
Why V3 .Onion sites(the long…
Why V3 .Onion sites(the long links) can't be opened using Tor browser?
They should. Maybe the…
They should. Maybe the website you are trying to reach is currently offline.
looks like we cannot connect…
looks like we cannot connect in Iran; maybe government somehow blocks the connection. can they do it? I have 3 different tor clients and none works, this exactly happens to my friends.
Yes, that should be possible…
Yes, that should be possible. Does it help if you use pluggable transports (see: https://tb-manual.torproject.org/transports/)? As far as I know at least
meek
should still work.Got ---------------- Tor…
Got
----------------
Tor Browser 8.5.3
View Changelog
Something Went Wrong!
Tor is not working in this browser.
------------------
This https://ocewjwkdco.tudasnich.de/new-release-tor-browser-853 works however.
This is happened also with earlier versions sometimes.
-----------
verbose logging show nothing:
-------------------------------
Unable to update the static FcBlanks: 0x2029
Unable to update the static FcBlanks: 0xfff9
Unable to update the static FcBlanks: 0xfffa
Unable to update the static FcBlanks: 0xfffb
Jun 25 15:32:52.000 [notice] New control connection opened from 127.0.0.1.
Jun 25 15:32:52.000 [notice] New control connection opened from 127.0.0.1.
--------------------------------
Got now also "Owning…
Got now also "Owning controller connection has closed " on startup of
Tor Browser 8.5.3. This also was not immediately after boot (I tried Tor Browser 8.5a7 first).
Jun 26 16:27:28.000 [notice] Bootstrapped 100%: Done
Jun 26 16:27:28.000 [notice] New control connection opened from 127.0.0.1.
Jun 26 16:27:28.000 [notice] Owning controller connection has closed -- exiting now.
Jun 26 16:27:28.000 [notice] Catching signal TERM, exiting cleanly.
This is not new. Seen randomly on Tor Browser startup since 8.5
What OS do you use? Is your…
What OS do you use? Is your computer behind a firewall you do not maintain? Do you need a proxy to get onto the Internet? Are you by any chance running multiple instances of Tor Browser? Or more than one Tor client?
(For example, on my Debian system I have a Tor client which I use for updating from the onion mirrors of the Debian software repository, and I sometimes also run Tor Browser which could possibly sometimes lead to having two Tor processes getting in each other's way, although I do not think I have seen that.)
Hope at least one of these questions helps you sort things out!
> I have a Tor client...,…
> I have a Tor client..., and I sometimes also run Tor Browser which could possibly sometimes lead to having two Tor processes getting in each other's way
They won't if you leave the torrc files at default. Tor Browser and its tor communicate by localhost port 9150. The tor "expert bundle" package listens on localhost port 9050. 9150 != 9050.
Tor launcer(?) probably told…
Tor launcer(?) probably told
Unable to retrieve settings.
And then it was replaced with
Tor unexpectedly exited. ...
Control connection was closed:
Jul 04 05:31:17.000 [notice] Bootstrapped 100%: Done
Jul 04 05:31:35.000 [notice] New control connection opened from 127.0.0.1.
Jul 04 05:31:35.000 [notice] Owning controller connection has closed -- exiting now.
Jul 04 05:31:35.000 [notice] Catching signal TERM, exiting cleanly.
This is
Tor Browser 8.5.3
Related thread https://blog…
Related thread https://ocewjwkdco.tudasnich.de/comment/282389#comment-282389
Tor launcer: (Window title:…
Tor launcer: (Window title: Connect to Tor)
Unable to retrieve tor settings.
Immediately replaced with
Tor unexpectedly exited....
Restarting Tor will not close your browser tabs.
There is now yet browser window or tabs opened.
Console tells:
Jul 06 16:07:59.000 [notice] Bootstrapped 100%: Done
Jul 06 16:07:59.000 [notice] New control connection opened from 127.0.0.1.
Jul 06 16:07:59.000 [notice] Owning controller connection has closed -- exiting now.
Jul 06 16:07:59.000 [notice] Catching signal TERM, exiting cleanly.
Okay, let me think a bit…
Okay, let me think a bit about how to track this further down. It sems Tor is bootstrapping fine but Tor Launcher has for some reason issues reading your Tor configuration and aborting the bootstrap process.
can you guys please add…
can you guys please add ublock origin in tor.It is better than no script and it can block more than scripts.
https://trac.torproject.org…
https://trac.torproject.org/projects/tor/ticket/17569
tor browser bad not accept…
tor browser bad not accept linux dark theme always white
https://ocewjwkdco.tudasnich.de…
https://ocewjwkdco.tudasnich.de/comment/282837#comment-282837 might help you?
Just put link to homepage…
Just put link to homepage to
about:tor
Do we still need to install…
Do we still need to install orbot to use the current android version Tor browser?
No.
No.
Noscript has begun to…
Noscript has begun to support Chrome. It's so nice and convenient. I hope Tor can remember the Noscript setting. I know there's a way, but basically supporting the setup will help a lot of people.
https://browserleaks.com…
https://browserleaks.com/javascript
Visiting this site on Android Tor Browser with system language in Russian will show "ru" under "internationalization API" -> "locale"
Yes, we don't have added…
Yes, we don't have added support for locale spoofing on Android yet, see: https://trac.torproject.org/projects/tor/ticket/30605.
Irrelevant to this…
Irrelevant to this discussion, but important - Apple Store offers what claims to be "using Tor system" browser called TOB, uses the logo too (which I hope is both copyrighted and tradearked, not to offend the Open Source, but to prevent fraud
.
Symantec has labeled TOB a dangerous fraud and I lack the ability to do anything to confirm/deny AFAK, authors have not commented. I beg the TOR community offer real TOR for the iPhone, or, lacking that, demand the fraud be removed, if indeed that is what it is.
Symantec labeled this thing…
Symantec labeled this thing a fraud, but Apple has not removed it? Yikes.
which is the best tor onion…
which is the best tor onion email provider?
Depends on what you need and…
Depends on what you need and who you trust. You can search for mail providers at We Support Tor.
For a free long-term webmail provider I recommend ProtonMail (clearnet / onion service) as of 2019. Check the security features: OpenPGP, zero-access, server within a nuclear bunker...
I am not affiliated with ProtonMail in any way.
It depends what you mean and…
It depends what you mean and what your requirements are. Some of them are webmail interface, IMAP, POP3, SMTP, SSL/TLS ratings, Tor to Tor providers, Tor<->clearnet providers, client-side encryption, no Javascript, alias addresses, inbox size, 2FA, logging, categories in EFF's "Who has your back", price,... But this site is for Tor Project and its software. Search the web. Ask on reddit or tech forums.
Any news on this security…
Any news on this security issue https://trac.torproject.org/projects/tor/ticket/30918 ?
Yes, we are done here with…
Yes, we are done here with Tor Browser 8.5.3 and 9.0a3 (even though the Firefox version is still shown as 60.7.0esr).
Greetings Please tell me…
Greetings!
Please tell me specifically whether the traffic is encrypted on the way from the TOR client to the ingress node, and from the ingress node to the TOR client?
Does my provider see outgoing and incoming traffic?
Yes, the traffic between you…
Yes, the traffic between you and the guard node is encrypted. All you provider is seeing that you are talking to a server but not the content.
Scroll down to the images:…
Scroll down to the images: https://2019.sedvblmbog.tudasnich.de/about/overview.html.en
https://tb-manual.torproject.org/about/
Set your shield icon security level to Safer or Standard. Scroll down, and click the 2 gray buttons: https://www.eff.org/pages/tor-and-https
Does the search engine…
Does the search engine download to Windows 10?
Could you rephrase your…
Could you rephrase your question? I am not sure I understand it.
Please can you add saving…
Please can you add saving and restoring opened sites on Android application crash or restart.
That requires disk history…
That requires disk history being enabled and thus not being in private browsing mode by default. I think that won't happen by default anytime. Would it help you if it were possible to click on a bunch of options to be able save/restore opened sites? Or do you need this on by default?
You could save them as…
You could save them as bookmarks. However, bookmarks are saved to disk, so if your phone is confiscated or stolen, your bookmarks are like your browsing history.
ticket https://trac…
ticket https://trac.torproject.org/projects/tor/ticket/30441
The bridges are now providing 3 bridges instead of 1. However requesting obsf4 always provides the same 3 bridges which do not work when connecting. Also the other bridges FTE and obfs3 does not provide any bridges.
How to turn on function …
How to turn on function "always restore tabs"? Now it's not working.
What have you been doing to…
What have you been doing to get this going?
Nothing. Function "restore…
Nothing. Function "restore tabs" not working. Bad english, sorry. What should I do to make it work?
I think for that to work you…
I think for that to work you need to leave permanent private browsing mode. There might be other settings that need to get changed, not sure.
How to turn on saving…
How to turn on saving history of opened sites?
Do you mean Show your…
Do you mean Show your windows and tabs from last time?
For safety the setting is disabled and would depart from Tor Browser's design:
If it worked before, it was probably unsafe.
Need saving opened tabs in…
Need saving opened tabs in android version. Thanks.
Can the Android version of…
Can the Android version of Tor be added to the translation function? Like the chrome for Android
Hm. Which parts do you think…
Hm. Which parts do you think need to get translated? We have https://trac.torproject.org/projects/tor/ticket/30943 to show the version in general. Is that what you meant?
HELP!!. Tor browser hasnt…
HELP!!. Tor browser hasnt been working for me on win 10 since 8.0.3. It launches with two windows on the taskbar. one window does nothing the other window is the tor browser but it dowsnt connect to any siteeven the welcome page plus C.P.U usage is off the charts like upto 60% when any instance of Tor is running. i cant exit normally and have to end the process via task manager.
So, 8.0.2 was the last…
So, 8.0.2 was the last version that worked for you? Is that still the case? (see: https://archive.torproject.org/tor-package-archive/torbrowser/8.0.2/ for old bundles) Do you have any firewall/antivirus software installed that could interfere with Tor Browser? If so which?
Tor Browser Bundle in Win10…
Tor Browser Bundle in Win10 32 bit won't start unless I disable system-wide DEP (data execution protection). Is this a known issue, or do I have something wrong with my system?
That's the first time we…
That's the first time we hear of that. We ship the bundles with ASLR+DEP enabled, so it seems a bit weird that you need to disabled system-wide DEP. Do you have some firewall/antirvirus software that could interfere here? How are you disabling/enabling system-wide DEP? What error are you getting if you start Tor Browser but do not disable system-wide DEP?
Hello. I want to download…
Hello. I want to download Tor but my computer is too old it seems like. you guys require a newer software version of the MAC that is not available for this model of mine. Is there any way i can download an older model of you guyses ?
No, macOS 10.9 is the…
No, macOS 10.9 is the minimum version that Firefox requires. We followed that with Tor Browser.
You could try booting into…
You could try booting into Tails.
It is ok using the Whoer web…
It is ok using the Whoer web proxy add on ?
It's strongly discouraged to…
It's strongly discouraged to install other add-ons in Tor Browser.
https://ijpaagiacu.tudasnich.de/tbb/tbb-14/
https://2019.sedvblmbog.tudasnich.de/docs/faq.html.en#TBBOtherExtensions
From 1 July Tor Browser not…
From 1 July Tor Browser not starting by itself. Just after clicking on tor icon, tor appears to download >40MB's of data, then gpg has the CPU at 50-60% and tor won't start. Have left it for over half an hour sometimes and gpg never finishes. If I stop gpg process tor immediately brings up 'Establishing a Connection' window and starts. Are using 8.5.3 on Kubuntu bionic 32-bits. I think tor was updated on that day.
Am I creating a security problem by stopping this gpg process? , as its the only way to get tor working.
Are you using torbrowser…
Are you using torbrowser-launcher on your system? Please stop doing so, it is not recommended. Instead you should download the Linux bundle from our website. You'll get automatic updates with Tor Browser's internal updater. I think the problem is that torbrowser-launcher relies on Tor Browser's gpg signing key for checking for a good update but that key got recently horribly spammed which causes your gpg process to block launching the browser. For background on this issue, see: https://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html.
Tors Bookmarks are not…
Tors Bookmarks are not working in version 8.5.4
I can't save any bookmarks and you can't move them around or arrange them.
The Bookmark feature seems completely unusable.
Hola... tengo una pregunta…
Hola... tengo una pregunta.... porque al descargar "TOR" en mi pc en la que tengo el S.O. Win 7 Pro.. no me permite instalarlo, pues me sale el mensaje de que no es compatible con mi S.O. ... alguna solucion?....
Gracias por compartir y
Hm. Does a normal Firefox…
Hm. Does a normal Firefox work for you? We follow Mozilla here and figuring out whether it is our bug or theirs first might be a smart idea.
Hi I keep getting "Tor…
Hi I keep getting the "Tor Unexpectedly Exited" error. Im using Windows 10 and I cant seem to find a solution. Just downloaded this version because the old one was giving me the same error.
What's the path you…
What's the path you installed Tor Browser to? Do you have some special characters in it? Any antivirus/firewall software installed? If so which one? If there is any, does the problem go away if you uninstall it (disabling is often not enough)?
hiii:)
hiii:)