New Release: Tor Browser 8.5.5

by boklm | September 3, 2019

Tor Browser 8.5.5 is now available from the Tor Browser Download page and also from our distribution directory.

This release features important security updates to Firefox.

This release is updating Firefox to 60.9.0esr, Tor to 0.4.1.5, and NoScript to 11.0.3. This release also includes various bug fixes. On the Windows side, we should now have support for accessibility tools. On the Android side, we added support for arm64-v8a devices.

This is expected to be the last release in the 8.5 series: on October 22 we will switch to the 9.0 series, based on Firefox 68ESR.

Note 1: Due to a temporary issue with our update infrastructure, we did not enable automatic updates for Windows, Linux and macOS users yet. We hope to be able to fix this issue soon. Update: this issue is now fixed, updates are enabled.

Note 2: Due to some issue with Google Play's new requirement for 64bit versions, we have not yet been able to publish the Android x86 and x86_64 versions on Google Play. We hope to be able to fix this in the next days. In the meantime the x86 version can be downloaded from our website.

Note 3: There is an issue with the aarch64 version on Android 9 causing a crash on every launch. We are working on a fix for this issue.

The full changelog since Tor Browser 8.5.4 is:

  • All platforms
    • Update Firefox to 60.9.0esr
    • Update Torbutton to 2.1.13
      • Bug 31520: Remove monthly giving banner from Tor Browser
      • Bug 31140: Do not enable IonMonkey on aarch64
      • Translations update
    • Update NoScript to 11.0.3
      • Bug 26847: NoScript pops up a full-site window for XSS warning
      • Bug 31287: NoScript leaks browser locale
    • Bug 31357: Retire Tom's default obfs4 bridge
  • Windows + OS X + Linux
    • Update Tor to 0.4.1.5
  • Windows
    • Bug 31547: Back out patch for Mozilla's bug 1574980
    • Bug 27503: Provide full support for accessibility tools
    • Bug 30575: Don't allow enterprise policies in Tor Browser
    • Bug 31141: Fix typo in font.system.whitelist
  • Android
  • Build System

Comments

Please note that the comment area below has been archived.

albatros (not verified) said:

September 03, 2019

Permalink

I am sorry to say that triggering the update on macOS does not work… so, you might like to have a look into this, please.

Anonymous (not verified) said:

September 03, 2019

Permalink

hi, i have 2 questions:

1- is it safe to use the updated tor version as my own tor expert bundle? i mean copying the tor folder from the browser and replacing it with my expert bundle folder?

2- tor is blocked in my country and i'm using bridges, how many bridge nodes is enough for me? after how long should i update my list with new bridges and remove older ones?

1. If you're using the expert bundle, then you should already know where to find the documentation of the binary and how to compare the hashes of binaries on your local machine. The expert bundle may not have the same relative directory tree structure as the browser bundle, and it probably doesn't have the same torrc contents. The tor binary in the browser bundle is supposed to be identical to what would be shipped in an expert bundle, but you should compare hashes of the same version anyway. The more you customize your configuration, the more you are on your own to determine if it's safe. Sometimes, better answers can be found if you describe your goal and constraints instead of one step in the path you chose to reach it.

2. I'm only a user, but if I was in your situation, I would keep three or four bridges that only support obfs4 or meek. I wouldn't use at least two of them so that when the bridges I'm using inevitably fail, I could use one of the unused bridges as a spare or a backup to request more bridges (maximum six). My unused bridges would also be unknown to eavesdropping network censors until I use the bridges or until they discover the bridges from someone else. Verify the status of all of your bridges every couple months here: https://metrics.torproject.org/rs.html I wouldn't remove bridges unless they support less trustworthy pluggable transport protocols or they have been removed from that relay search site. Don't treat bridges the same as you treat guard nodes.

Since your country censors the Internet, it may help to bookmark these:
* Open Observatory for Network Interference: https://ooni.torproject.org/
* https://www.censoredplanet.org/
* https://en.wikipedia.org/wiki/Internet_censorship_and_surveillance_by_c…

I assume you already know that you should be careful about your behavior and OpSec as well.

anonymous (not verified) said:

September 03, 2019

Permalink

I installed Android 10 today on a Pixel XL and torbrowser 8.5.4 stopped working. I then saw 8.5.5 armv7-multi was out so I downloaded, verified and installed and it also does not work.

Description:

Name of the affected software
-----------------------------
TorBrowser 8.5.5. & 8.5.4 for Android / Android 10 (Q)

Exact steps to reproduce the error
----------------------------------
Open torbrowser app.

Tap "CONNECT".

Orbot connects to tor network.

Firefox opens.

Actual result and description of the error
------------------------------------------
Firefox opens, about:tor displays nothing, settings are greyed out, there's no security settings slider, no noscript entry. Entering a URL does nothing -- seems like the app is frozen. Selecting Exit in the menu does not close the app.

Desired result
--------------
Browse the web.

Good question, I opened a ticket for our website: https://trac.torproject.org/projects/tor/ticket/31641. In general it should be available on https://oiyfgiixvl.tudasnich.de/torbrowser/ as well. (Note: the real .apks (not the -qa ones) currently live at https://people.torproject.org/~gk/builds/9.0a6/. They still need to get synced over to oiyfgiixvl.tudasnich.de and then we get the alpha out).

Anonymous (not verified) said:

September 04, 2019

Permalink

Reporting back on the Pixel XL running Android 10 now with 9.0a6 installed. Everything seems to be working as it should. Problem solved. Thanks very much.

Anonymous (not verified) said:

September 03, 2019

Permalink

No way to import/export bookmarks yet? I still have a lot of bookmarks in an old version...

How old is your "old version"?

the solution i think will work:
1. Install regular esr or portable esr firefox, of the same version of esr that tor used in the "old version" tor browser of your bookmarks.
2. Drag you old places.sqlite (bookmarks file) into the firefox profile (This will replace the new default places.sqlite)
3. a. (if "paranoid", then you could now shut down your internet connection)
3. b. Start up the old esr, open bookmarks manager, then export bookmarks as .html (You could choose to backup as .json, but as far as I know, you cannot *add* that file into your current tor browser profile's bookmarks)
4. Then start current tor browser, open bookmarks manager, then import that .html file. Those bookmarks will show up as a folder *added* at the end of the bookmarks manager tree pane.

Hopefully i am answering the question you asked.

Anonymous (not verified) said:

September 03, 2019

Permalink

Kindly check comments on Play Store for Tor Browser as there are multiple reports of app crashes. Thank you.

I think as soon as we switch to Firefox 68 ESR as the underlying Firefox version. We'll release an alpha (9.0a6) based on that probably today (please test it if you can) and will release the final stable on October 22.

Someone else (not verified) said:

September 04, 2019

Permalink

Could you please update the RSA key in your instructions for verification?
The instructions for TOR 8.0.8 say:
gpg: using RSA key 0xD1483FA6C3C07136

When verifying 8.5.5 you see:
gpg: using RSA key EB774491D9FF06E2

Thank you

Someone else (not verified) said:

September 05, 2019

Permalink

I have now followed the instructions at the location you gave (including downloading the latest GPG4win version - 3.1.10) but I am still having trouble.

When I put “gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org” into cmd.exe
All I got was “gpg: error retrieving 'torbrowser@torproject.org' via WKD: No inquire callback i
n IPC
gpg: error reading key: No inquire callback in IPC”

I can’t see what I have done wrong.

Can you pls help?

Thanks

Bennie Stours (not verified) said:

September 04, 2019

Permalink

gpg2 --version
gpg (GnuPG) 2.1.11
libgcrypt 1.6.5
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

sudo apt-get upgrade gnupg2
Reading package lists... Done
Building dependency tree
Reading state information... Done
gnupg2 is already the newest version (2.1.11-6ubuntu2.1+8.0trisquel1).
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

That's probably why I'm getting the error message. I'll probably try verifying it using TAILS instead. Thanks and more power!

Me again (not verified) said:

September 04, 2019

Permalink

Regarding: Editing the Torrc

Somewhere (I cannot remember where) you have said that editing the Torrc (e.g. specifying guard node or exit node countries) affects anonymity in ways that you “do not understand”.

I live in Western Europe. I have reinstalled the TOR program about 100 times to see where the guard node is located. After doing this with 854 and 855 the same four countries (France, Germany, Netherlands, the UK) have appeared as the guard node country well over 90 times.

I do not wish to use these 4 countries for the guard node. How can I avoid them?

Isn’t TOR restricting itself by not choosing guard-node countries at random?
Please advise.

Thanks

Tor is selecting relays randomly, without taking the country into account. Many of the relays are located in the countries you mentioned, which might explain why you often use relays from those countries.

you can edit torrc-defaults before firstrun by adding ExcludeNodes {fr},{de},{nl},{uk} at the bottom:

...
...
...
## snowflake configuration
ClientTransportPlugin snowflake exec ./TorBrowser/Tor/PluggableTransports/snowflake-client............................
ExcludeNodes {fr},{de},{nl},{uk}

you shouldn't get connected to guards in these countries and none should be selected as guard.
[NOT TESTED] i don't know if ExcludeEntryNodes {fr} command exists and works!

you can preconfigure torrc by editing torrc-defaults before firstrun.
all this should be written into torrc during firstrun:

...
...
...
## snowflake configuration
ClientTransportPlugin snowflake exec ./TorBrowser/Tor/PluggableTransports/snowflake-client............................
EntryNodes yourchoice1,yourchoice2,yourchoice3,yourchoice4,yourchoice5
ExcludeNodes {sy},{cn},badnode1
ExcludeExitNodes {ir},{tr},badnode2

go to https://torstatus.blutmagie.de (or https://torstatus.rueckgr.at) and select some guards
of your choice (nicknames). maybe you specify a bunch of relays because not all of them are fast guards and
not all may work as guard.

you can exclude by nickname, IP and countrycode (lowercase!) e.g. {us}
in tor's documentation you'll find some further information.
countrycodes -> https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2

torrc can look like this (after firstrun) and you can edit whenever you like:
# This file was generated by Tor; if you edit it, comments will not be preserved
# The old torrc file was renamed to torrc.orig.1 or similar, and Tor will ignore it

DataDirectory PATH/tor-browser_en-US/Browser/TorBrowser/Data/Tor
EntryNodes yourchoice1,yourchoice2,yourchoice3,yourchoice4,yourchoice5
ExcludeNodes {sy},{cn},badnode1,{??}
ExcludeExitNodes {ir},{tr},badnode2,{??}
GeoIPFile PATH/tor-browser_en-US/Browser/TorBrowser/Data/Tor/geoip
GeoIPv6File PATH/tor-browser_en-US/Browser/TorBrowser/Data/Tor/geoip6

you can even specify a single or a few exits too (if they are exits):

ExitNodes myfavoriteexit1,myfavoriteexit2,myfavoriteexit3
OR
ExitNodes {us}

take care of brackets, spaces and , !
note: torrc-defaults WILL be overwritten during the next Tor Browser update!

good luck!

Many thanks to everyone for the helpful comments.

The TOR developers (in the information that I can no longer find) had said that TOR users should not edit the torrc for the reason stated above.

Could the TOR developers please advise if is now 'OK' to edit the torrc.

Thank you

> Somewhere (I cannot remember where)
> (in the information that I can no longer find)
> affects anonymity in ways that you “do not understand”.

It's from the old General FAQ:
Can I control which nodes (or country) are used for entry/exit?

The location of relays depends strongly on the where volunteer operators choose to set them up. The community has set up the majority of relay nodes in Europe and North America, but the distribution can change if volunteers set up relays in other places. (See the new Community site and the old General FAQ.) A comment linked to world maps in the recent blog post about bridges.

rambod (not verified) said:

September 04, 2019

Permalink

I am an android 6 user and I was using 8.5.4 version and it was working perfectly after updating to this version it crashed. and I just went through some testing with it. for some reason, the builtin tor within it is still on 0.3.5.8(based on the connection logs) and when it reaches 10% tor browser crashes. also, I tried to use bridges but immediately after entering the bridge settings it crashes.

Mikk (not verified) said:

September 04, 2019

Permalink

I also have some problems, when I start TorBrowser, I see button "connect", but it stops to work, my phone just close the app, LG G7 ThinkQ

GiGi (not verified) said:

September 04, 2019

Permalink

Hi,
I've updated on Android, It does not work! There is no way to run!!!!!!
Is there a way to downgrade to the previous version?

Anon (not verified) said:

September 04, 2019

Permalink

I restore default bar look (right click - customize - restore default) and now few icons missing:

left side from adress bar: no script + something
right side: HTTPS everywhere + something

I know this, but I think everything strange with this crucial software should be reported.

The other missing icon (after default reset) is tor button and security level.

Anonymous (not verified) said:

September 04, 2019

Permalink

Play Store version crashes a few seconds after launch. F-Droid version will build circuits and launch the browser, but all the menu items under "Settings" are greyed out and non-interactive. Pages won't load at all.

Loky (not verified) said:

September 04, 2019

Permalink

Здравствуйте.
Жду когда ошибка вылета на android 9 будет исправлена.
Есть вопрос.В Orfox я столкнулся с проблемой долгого (а более точно вообще никогда не подключающегося) соединения к сайтам (onion,ну вы меня поняли).Подскажите пожалуйста в чем проблема соединения?
Заранее,благодарю.

https://ijpaagiacu.tudasnich.de/onionservices/onionservices-3/

Translated to Russian:
"Я не могу связаться с X.onion!
Если вы не можете получить доступ к желаемому луковому сервису, убедитесь, что вы правильно ввели 16-символьный или новейший 56-символьный адрес лука. Даже небольшая ошибка не позволит Tor Browser получить доступ к сайту. Если вы все еще не можете подключиться к луковому сервису, повторите попытку позже. Возможно, возникла временная проблема с подключением, или операторы сайта могли разрешить его отключение без предупреждения.

Вы также можете получить доступ к другим луковым сервисам, подключившись к луковому сервису DuckDuckGo."

Anon (not verified) said:

September 04, 2019

Permalink

Is there a schedule somewhere for security updates? And is there any evidence of people using up 0-days before they are patched?
Basically I'm asking if there are any time periods when it's more risky than normal to enable javascript.
Also, it would be nice to see a breakdown of which exploits require javascript, and which affect users on each security level.

> is there any evidence of people using up 0-days before they are patched?

Yes, Tor Browser is based on Firefox ESR. Follow Mozilla's bug tracker as well as Tor Project's bug tracker. But your question is worded as if you think developers or white-hats magically know about a 0-day when someone else discovers them. Their very nature means they can be exploited long before someone publicly reports them. Follow exploit databases such as CVE.

There is no real schedule. We mainly follow Mozilla's 6-8 weeks schedule of fixing security bugs found in the browser and then whatever comes up. There are some rare cases where people are using 0-days, yes.

Regarding the breakdown: yes, if someone would dig here and make such an overview that would be great. I could see us doing that but we lack the time. So, if you want to be the one helping out here, please do so.

Anon (not verified) said:

September 04, 2019

Permalink

Yep, it's a bust with Android 9 and the previous browser is disabled... redirecting us to a broken browser. How about letting us have the last version of the Orfox browser back until you get things sorted. Thanks.

> my job blocks p2p through the wifi

So do many Tor exit nodes.

To get Tor Browser to work behind a restrictive firewall:

  • Are some outgoing destination ports blocked? Do you know the port numbers? Does your normal traffic go through a proxy? The first time you start Tor Browser, click Configure. There, you can change outgoing proxy and destination ports. Those settings can be accessed when Tor Browser is already open by clicking on the onion icon > Tor Network Settings. Tor can not use a bridge if a proxy is set.
  • Support FAQ: Connecting To Tor

General FAQ (old):

If none of the above solutions are acceptable, then click Configure again, and click "Tor is censored in my country" to enable a bridge relay. Please try to avoid using bridges so they will be available to users in repressive countries.

Vishal (not verified) said:

September 04, 2019

Permalink

Tor Browser is not opening in my Honor7X phone.
Whenever I open it automatically closes within seconds.

dex (not verified) said:

September 05, 2019

Permalink

How exactly would one disable a certain proxy? Haven't been able to locate this option for Android.

Bugsy (not verified) said:

September 05, 2019

Permalink

Just updated to 8.5.5 and got an invalid digital signature warning!

How can I be sure its not a compromised download?

Mr B (not verified) said:

September 05, 2019

Permalink

Ny tor browser craches and turn off for about 2 sekonds now,,
I have Android 8.0.0 i gues,,

I found out this problem to Day 5 september,,

Greats B

Mr Fyd (not verified) said:

September 05, 2019

Permalink

Accessibility services

When you say you have fixed “Bug 27503: Provide full support for accessibility tools”

Does this mean that (if users do not need such services) in the browser under Tools / Options / Privacy & Security / Permissions we should put a tick in “Prevent accessibility services from accessing your browser”?

If this is left UNticked does it mean that, e.g., users’ anti-virus programs can spy on them?

Pls advise as a matter of urgency.

Thanks

If you don't need accessibility services, sure, ticking that checkbox should reduce possible attack surface (however, I have not checked what exactly that checkbox is doing).

If it is left un-ticked I am not sure what exactly external programs could do. I guess it would be worth looking deeper here. It ultimately boils down to whether you trust your anti-virus programs. They can easily spy on you even _without_ that checkbox enabled as they are usually pretty deeply embedded into your Windows system. So, if you don't trust them you should consider removing them instead.

Николай (not verified) said:

September 05, 2019

Permalink

Вечер добрый, тор обновился и не работает теперь, до этого все было хорошо, исправьте ошибки, грузит максимум 25%,удалил и установил уже раз 50

Anonymous (not verified) said:

September 05, 2019

Permalink

hi!
URL bar onion icon color is different from padlock icon color.
i think they should be the same.
thanks!!!

KB (not verified) said:

September 05, 2019

Permalink

For anyone forced to migrate to a broken version of Tor Browser by the OrfoxRIP auto update, you can download the last working version of Orfox here:
https://github.com/guardianproject/Orfox/releases/download/Fennec-52.9.0esr%2FTorBrowser-7.5-1%2FOrfox-1.5.4-RC-1/Orfox-Fennec-52.9.0esr-TorBrowser-7.5-1-Orfox-1.5.4-RC-1.apk
Just be sure to back up your /data/data/info.guardianproject.orfox and /data/media/0/Android/data/info.guardianproject.orfox folders to a safe location first if you want to have any hope of recovering your bookmarks, tabs, preferences, etc. at some future time. Uninstalling OrfoxRIP and then downgrading to Orfox-1.5.4 will wipe out all those settings.

tormac (not verified) said:

September 05, 2019

Permalink

A few of the problems with Tor
1) There may be a problem with bridges being a valid brige. Thee tracker reported several bridges not responding. "https://trac.torproject.org/projects/tor/ticket/30441" and this was going on for some time as I reported the error.

2) You no longer support many bridges and it appears only obfs4 and meek-azure are valid. The more bridge types the better but you have deprecated a few bridges like scramblesuit and I don't know why.

3) Android version of tor gives the ability to chooses your guard node (which country you connect) this option does not exist on the Mac. I have noticed that my guard node is almost always the same even when forcing a new circuit several times. Giving the ability to choose a guard node gives greater stealth. Why can't a Mac choose its guard node?

Yes, bridges can be offline. We try to make sure only valid and working bridges are given out by BridgeDB and the default bridges shipped in Tor Browser should be available.

There is nothing that prevents you from finding e.g. scamblesuit bridges and using them in Tor Browser. It's just that we don't ship default ones anymore because the single one we shipped was overloaded AND scramblesuit does not offer better protections than, say, obfs4.

Tor Browser for Android does not let you choose the guard node country. That is deliberately done so as choosing that may seriously harm your anonymity. You should let pick Tor the proper path.

A user (not verified) said:

September 05, 2019

Permalink

release the old version again please, the latest version can not work, release a new version only if it's a real stable version please

Anonymous (not verified) said:

September 05, 2019

Permalink

There are problems with Google Maps, it can be in French if the exit is in France and maps show only after using the new circuit function. Other sites like Youtube have the same language issue.

Random (not verified) said:

September 05, 2019

Permalink

Intern updater just don't update the browser. It downloads the new version and asks for a restart to update, it restarts, show the update progression, starts the browser and it just didn't update and keep asking for a restart and says it's not updated, no matter how many times i try to restart the browser it just don't update even though it completes the update bar when starting the browser, its so frustating and annoying, is there any way i can delete the downloaded update from the internal updater so i can try again? I really don't want to have to download and install from zero the new version. I'm on linux. I've never had this problem before.

Hm, so this happened for the first time? What does the update log show if you flip app.update.log to true and look at the debug output in the browser console (you open that one with Ctrl+Shift+J)? Any errors you get?

Additionally, after the update failed you should have a update.log file in your Tor Browser directory in Browser/TorBrowser/UpdateInfo/updates/0/ what does it contain?

anonymous (not verified) said:

September 06, 2019

Permalink

hello, thank you for the great work you do!
I have noticed a new issue with both system Tor version 4.1.5 and in Tor Browser 8.5.5 as follows: when using either obfs4 bridges or entry guards, i (sometimes) receive a message in the connection logs about the large number of circuits that have failed. i opened onion circuits to see and sure enough, it appears as if circuits try to form and are destroyed very quickly. i can use the browser fine, and i only notice the issue upon inspection of the logs.

wireshark shows many "Fin,Ack" disconnections immediately followed by a fresh "Syn" and the corresponding "Syn, Ack" on a fresh port each time on localhost. The packets look normal other than that (no duplicate ACKs or re-transmissions, and the packet sizes are consistent with how Tor behaves). It is a strange issue because if you do not pay attention, you may not notice. I have not seen any excess cpu use for example. The client hello's are fine, handshakes are normal and intact and from the packet analyzer's point of view, the only clue of something going on is the constant disconnections and re-connections (from localhost:9050 or 9051 respectively). There have not been any interruptions in the actual browsing experience though and no browser crashes. System Tor works fine too and you only notice an issue upon examining the circuits; no obvious crashes with system Tor either.

i experience this issue on debian buster (host) as well as in virtualbox machines and also on whonix. i have tried several different bridges and entry guards to no avail. Other than the circuits building and almost immediately being torn down, i can see no other problems. i tested on both a wired and a wifi vanilla connection (vanilla meaning no vpn or proxy or ssh etc.) and the issue was present on each try. I used a freshly downloaded/verified tar.gz for each trial.

I have an updated Firefox esr on the host system as well which showed no such activity from wireshark; obviously Nyx/onion circuits don't apply :)

when inspecting the Tor Browser connection with Nyx, i see that the tor percentage is jumping around alot. usually, it will stay at 0% if i am idle. on Nyx's connections page you can see the circuits building and then being destroyed in real time. It will build 4 or so and then they disappear and it says "Building.." This continues for as long as the app is open and you are using the browser.

i am pretty stumped on this one; i am not sure what would cause continual circuit building issues? thank you for anything you can think of. i will continue to debug this. thanks for reading

noName (not verified) said:

September 06, 2019

Permalink

Hi,
I'm from Iran, a dictator regime with worst filtered internet. After update to this new version(tor-browser-855) on my Android(v.7), I can't open tor-browser.
It just crashed!
I use desktop tor browser now.
I Know many Iranian that use tor have this problem.
Thank you so much for help freedom all over the world.

x (not verified) said:

September 07, 2019

Permalink

Is there a Tor related FAQ regarding NoScript addon or don't Tor users have concerns regarding NoScript to warrent a FAQ page? cheers

x (not verified) said:

September 11, 2019

Permalink

Thank you for your reply.

The reason I asked was the reply to the following question

Can noScript addon details be read in Tor? If you whitelist a site with the noScript settings so that you do not have to repeatedly input them, can these be read in Tor and thus identify the user or use these settings to follow the user?

As far as we know, the settings can't be read unless there is a major bug that hasn't been reported, but they can identify you. There is a traffic pattern of which URLs your browser accesses when it loads a webpage and an availability pattern of which features in the page's code become enabled when the set of accessed things are loaded. If the URLs your browser accesses are different from the URLs accessed under normal configuration, that difference can single you out to people logging your traffic or to scripts on the webpage. So your NoScript settings under the Per-Site Permissions tab can indirectly be determined or reverse-engineered.

Cheers I don't understand it all but going by your reply it means that it is best not to whitelist any sites I hope I have understood this I also understand that it is still ok to use NoScript thanks again

Thus, as the settings 'can identify you' and 'can single you out to people logging your traffic or to scripts on the webpage'. Thus, 'your NoScript settings under the Per-Site Permissions tab can indirectly be determined or reverse-engineered'. Why do you say, 'Users should not be concerned with NoScript at all'. Thanks in advance for a reply. NB I am not a technician in my understanding of answers.

Yes, the particular whitelist can identify users which is why we don't recommend doing that. The user can be identified by websites embedding particular sites and then seeing who is requesting contents and who not and how the pattern looks like.

Users should not be concerned with NoScript at all in the sense that they should not need to dig into its settings to do something they want. We should provide a simpler interface as we only use a tiny fraction of NoScript's functionality.

todi (not verified) said:

September 07, 2019

Permalink

Can't download any files, it keeps failing. It doesn't even ask where you want to download the file to. Using TorBrowser-8.5.5osx64

certifiable (not verified) said:

September 08, 2019

Permalink

minor "bug" is:
about:tor tab loads as an additional tab, at every tor browser start up.

have options set so when tor browser starts up, it loads tabs that were open when tor browser was previously shut down.
version 8.5.5 on Windows 7

useragent (not verified) said:

September 08, 2019

Permalink

Hi, I can no longer modify user agent on this new tor browser. When I click on useragent.override theres only "true/false" options. Is there any way I can modify it in this new browser?

Anonymous (not verified) said:

September 08, 2019

Permalink

Having a strange problem with 8.5.5 running under Debian 10 with MATE desktop environment running on an HP PC with 1920x1080 display: the window is incorrectly placed, title bar is missing, and the drop down menus don't work.

This is likely related to multiple problems with pretty much everything in Debian 10, which clearly was released too early, and which appears to be fairly useless.

Tails 3.16 booted from a DVD works fine on the same computer. I fear this might change when Tails 4.0 comes out because that will be based on Debian 10.

Anonymous (not verified) said:

September 08, 2019

Permalink

Request to blog maintainers:

Please listen to the many users who live in regions with slow internet infrastructure and who have complained that the huge images appear to be slowing down loading of the webpages so much that we have to manually enter links to blog posts we wish to read. Many issues involving Tor are hard to fix but this one is very easy: remove the huge images which are unneeded eye candy and replace them with much smaller versions.

Anonymous (not verified) said:

September 10, 2019

Permalink

After update of tor on Linux Mint i have experienced extremely long time starting up the tor browser (>10 minutes). What coulis be the reason, and how to fix?

Probably unlikely (10 mins is a lot), but it might be because of some add-on while running on higher security levels - could be related to bug #23719
If that is the case try disabling all non-default add-ons or lowering your security level and see if it still takes that long to start up.

K H (not verified) said:

September 12, 2019

Permalink

Related to https://ocewjwkdco.tudasnich.de/comment/282424#comment-282424

Tor unexpectly exited on startup seen also on Tor Browser 8.5.5

Tor Browser closes control connection and therefore tor exits.
-------------------------------------------------------------

Sep 13 05:36:34.000 [notice] Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
Sep 13 05:36:34.000 [notice] Bootstrapped 95% (circuit_create): Establishing a Tor circuit
Sep 13 05:36:55.000 [notice] New control connection opened from 127.0.0.1.
Sep 13 05:36:55.000 [notice] Owning controller connection has closed -- exiting now.
Sep 13 05:36:55.000 [notice] Catching signal TERM, exiting cleanly.

Russian Onion Garden (not verified) said:

September 17, 2019

Permalink

Hello Tor developers & users!

Seems like the Roscomnadzor and SORM / Yarovaya's package network hardware
are blocking the possibility of OBFS4 connections.
Currently only "meek-azure" connects successfully.

Please check the OBFS4 availability (with OONI or such) for:
Russia, Moscow, ISP Onlime (Rostelecom).

Tor Browser version: 8.5.5 for Linux.

tweehugger (not verified) said:

October 04, 2019

Permalink

I have just gone to the page of an onion search engine and was surprised to see that my usual guard was shown at no. 3 in the list of declared nodes and another node was shown as the ‘guard’.

I called up another onion search engine and this time my usual guard was in its usual place.

Any thoughts?
Thanks

Someone (not verified) said:

October 07, 2019

Permalink

Having problems with verifying GPG keys on 8.5.5 (Linux X64). I'm pretty much a n00b but I can follow Terminal instructions easily enough. I have tried updating the GPG keys too but no joy. I presume this is already already known about?

Anonymous (not verified) said:

October 27, 2019

Permalink

Not op, but on Safer, open the NoScript menu. Click the Options icon that looks like the NoScript crossed-out "S" covered by a wrench. On the General tab are the Present customizations, the pattern of checkboxes for the Default mode, Trusted mode, and Untrusted mode. All three have Fonts checked (allowed). Safer's description in preferences says "Some fonts and math symbols are disabled."

Anonymous (not verified) said:

October 09, 2019

Permalink

BUG / ANONYMITY RISK ?
I was on youtube, the video started with an advertising, so while waiting advertising to finish I start reading comments to that video.
Advertising start playing FULL SCREEN automatically.
Do not remember which video but I think it's the problem is a new kind of advertisement, or some settings ?

Step to reproduce:
1. Go to youtube and start to watch videos without any other actions.
2. Wait for the right "strange" form of advertising.
3. Video / advertising start to play fullscreen at some point.
4. tbb yellow strip alert you about fullscreen at top.

TBB-8.5.5 x86_64 on Linux Ubuntu 18.04

Beginner (not verified) said:

October 15, 2019

Permalink

I would love to install TOR browser, but it is not running under 32bit Win...is there any suitable version and how can I download it?
Thanks

Drone999 (not verified) said:

October 23, 2019

Permalink

After the update with Windows 10 the Tor browser doesn't allow me to go to any sites, instead it says:
"The proxy server is refusing connections

Firefox is configured to use a proxy server that is refusing connections.

Check the proxy settings to make sure that they are correct.
Contact your network administrator to make sure the proxy server is working."

I can't find the proxy settings anywhere from the browser... What should I do? Thanks for the help! :)

That happens after restarting the browser as well? I wonder whether something is blocking Tor here. Do you have any antivirus/firewall software installed that could block things here? If so, which? Does it work if you uninstall that piece of software (disabling is often not enough)?