New Release: Tor Browser 8.5a8
Tor Browser 8.5a8 is now available from the Tor Browser Project page and also from our distribution directory.
This release features important security updates to Firefox.
The main change in this new release is the update of Firefox to 60.5.1esr, fixing some vulnerabilities in the Skia library.
Note: We usually make sure that the build of each Tor Browser release is reproducible by having two separate people building it before we publish a new release. However, due to some people being unavailable this week, we are having some delays doing this verification for this alpha release. Because this release includes an important security fix that we want to release quickly, we will be checking the reproducibility of the build afterward. If you are interested in reproducing our build, you can find information about that on our wiki page. Update: we have now reproduced the build.
Note 2: The download link for the Android version is still pointing to 8.5a7 as we have not yet signed the 8.5a8 build. We plan to fix this soon. Update: This is now fixed.
The full changelog since Tor Browser 8.5a7 is:
- All platforms
- Build System
Comments
Please note that the comment area below has been archived.
Let me reiterate: the new…
Let me reiterate: the new logo is UGLY und HORRIFIC
+100000000000000000000000000
+100000000000000000000000000
Crickets Bay
Crickets Bay
Noted. No need to reiterate…
Noted. No need to reiterate again.
FWIW, I think the new logo…
FWIW, I think the new logo looks nice.
Link on the download page is…
Link on the download page is wrong for Android (or the proper android build is missing). There is no tor-browser-8.5a8-android-armv7-multi.apk in the download directory, only tor-browser-8.5a8-android-armv7-multi-qa.apk. Is this build OK to use?
Thanks for the report. tor…
Thanks for the report. tor-browser-8.5a8-android-armv7-multi-qa.apk should be good, however it is not signed. I updated the android download link to point to 8.5a7 until we have signed the 8.5a8 build.
This should be fixed now…
This should be fixed now. The 8.5a8 apk has been signed and published.
I want to join in this…
I want to join in this project
This page has some…
This page has some information about contributing to the project:
https://sedvblmbog.tudasnich.de/getinvolved/volunteer.html.en
I m new
I m new
Hello Tor Project devs!…
Hello Tor Project devs!
Thanks for your hard work. I was wondering what happen to Tor Browser 8.5a8 for Android. I can't seem to download it directly from Tor Project website
in tor browser android, if i…
in tor browser android, if i use bridges it fails to start
I tried several obfs4 and obfs3 ones
How are you configuring…
How are you configuring those bridges and what happens?
na
na
This humor is not funny any…
This humor is not funny any more:
We've detected that you have connected over Tor. There appears to be an issue with the Tor Exit Node you are currently using. Please recreate your Tor circuit or restart your Tor browser in order to fix this.
If this error persists, please let us know: error-tor@duckduckgo.com
i dont know this thing work …
i dont know this thing work
im new
No comète
No comète
still destroys the clipboard!
still destroys the clipboard!
If Tor is dynamically linked…
If Tor is dynamically linked, is that less secure ?
Is it a possibility that someone could introduce a custom library that looks 'binary the same' to one used dynamically by Tor, but calls off into another custom code, by somehow placing it on disk ?
Or is this nonsense ? (quietly hoping so)
Hello, world
Hello, world
Hi all, I used to use Tor on…
Hi all,
I used to use Tor on my Mac but it doesn't run anymore. As soon as I click on it, it seems it wants to open but the logo disappears and doesn't open. I have tried all different versions but I can not open either of them. Can you help?
Which version of Mac OS are…
Which version of Mac OS are you using?
I have literally the exact…
I have literally the exact same problem. OS version 10.13.6
How do I access the fucked…
How do I access the fucked up part of the dark web. Eg; cannabalism
403 ERROR The request could…
403 ERROR
The request could not be satisfied.
Request blocked.
Generated by cloudfront (CloudFront)
Request ID: HD5uUKwkEb86hGxCv0FDXvEIC6MEVaGyoTW9pCeuXGFvttsbdUqquQ==
Choose another circuit
Choose another circuit
Goooooooooood!
Goooooooooood!
the browser is not starting…
the browser is not starting if bridges are used.
is that normal?
No. It might be that the…
No. It might be that the bridge you are trying to use is offline.
Do you have some error logs?
I tried many it doesnt even…
I tried many it doesnt even start and if I remove bridges it starts normally
I also have a separate orbot with bridges and vpn mode enabled
do you think this is the reason? maybe only one can run with bridges and the other not? I dont understand what is wrong
How are you configuring…
How are you configuring bridges in Tor Browser?
I do it manually the same…
I do it manually the same way used in orbot
1- click on use bridges slider button in the main interface
2- go to options and tick the box use bridges (i dont know why you need to enable twice but maybe its another unrelated bug)
3- enter the bridges obtained earlier from bridges site and click ok to save
4- try to start (it doesnt)
what to do now?
what to do now?
Where do you get stuck? What…
Where do you get stuck? What is the log saying (you can swipe to the left on the right side to get it into view)?
Okay, so I looked closer at…
Okay, so I looked closer at that. It seems for some reason we a) don't get pluggable transport support stemming from Orbot for free even though we are compiling and using it and b) even if you want to use normal Tor bridges (no pluggable transport) this is only possible if you have PT support available as Orbot checks this case and only proceeds if it finds the
obfs4proxy
binary, which is rather unfortunate. I am sorry, but for now this is not working (as you found out :) ). I am working on getting this fixed for the next release, though.the strange thing is bridges…
the strange thing is bridges work just fine with normal orbot, so I hope in the next release both could work with bridges
do you have a ticket for this and when is the next release?
I think I added the relevant…
I think I added the relevant bits in https://trac.torproject.org/projects/tor/ticket/28802 which should give us parity to standalone Orbot. The next release is likely happening in 2 weeks.
I am new here . I want to…
I am new here . I want to know this How to work
This page is an overview…
This page is an overview:
https://sedvblmbog.tudasnich.de/about/overview.html.en
https://hackernoon.com…
https://hackernoon.com/untraceable-search-engines-alternatives-to-googl…
I hope any conflicts with…
I hope any conflicts with standalone orbot are investigated and resolved, testing all options to see if that breaks anything. There is a wide userbase that still use orbot. I'm interested to see any tickets in that regard. Thank you all.
There should not be any…
There should not be any conflicts with the standalone Orbot given that Tor Browser is using differnent SOCKS and Control Ports. Do you have something specific in mind? In general our mobile related tickets are tagged with
tbb-mobile
, so https://trac.torproject.org/projects/tor/query?status=accepted&status=a… gives you an overview of all the mobile related issues we are currently aware of.What is the purpose of VPN…
What is the purpose of VPN functionality in Tor Browser if one is already available in Orbot? What happens if both are activated? Can VPN mode in Tor Browser control other apps as well? If it does, what happens after Tor Browser is closed?
Lastly, if VPN mode in Tor Browser's own Orbot has no purpose then why not remove it all together?
This is confusing for the average user and I couldn't find answers in the Documentation Section.
On a side note, the design of having Tor Browser start with its Orbot means it has to connect to Tor all over again each time Tor Browser is started. Before that was introduced, Orbot used to run conveniently in the background and Tor Browser can be opened any number of times without having to reconnect.
There is no VPN…
There is no VPN functionality in Tor Browser. We have disabled it. We did not remove it yet because we are still changing the underlying architecture to switch to the Tor Onion Proxy Library (https://trac.torproject.org/projects/tor/ticket/27609) and after that is done all the UI is getting cleaned up accordingly.
This is an alpha version and things are still in flux. :)
Tor Browser starting with Orbot establishing a connection first is modeling the desktop Tor Browser because that's the most convenient/secure solution we have found so far: you can be sure to have a Tor/Orbot ready once you want to use the browser and don't have to wait for that getting weird proxy-connection-refused errors or delayed page loading, not knowing why this is happening.
We might be able to do better, in particular on mobile. But the model we have right now will be the baseline we start from exploring things further.
Tor Browser 8.5a8 is based…
Tor Browser 8.5a8 is based on Firefox 60.5.1ESR. But when I checked the latest Firefox, it seems like Firefox version is 65.0.1. 60.5.1 = 65.0.1? Outdated or typing error?
Neither! :) Mozilla has two…
Neither! :) Mozilla has two different release trains: the "normal" one and the "enterprise" one. Tor Browser is on the latter and it is based on Firefox 60 (hence, 60.5.1) while the "normal" one is currently 65.0.1.
https://mystor.github.io…
https://mystor.github.io/fission-news-1.html
Am using Linux, and this is…
Am using Linux, and this is the result:
User-Agent Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0
Passive, SYN Linux 2.2.x-3.x (no timestamps) | Language: Unknown | Link: Ethernet or modem | MTU: 1500 | Distance: 14 Hops
https://browserleaks.com/ip
It has been like this for a few iterations of the Tor browser, will it ever going to be fixed?
That's not a Tor Browser…
That's not a Tor Browser bug (and is likely not a bug at all) and you get it on Windows machines, too. What is happening is that this test is trying to find out the OS of the machine the request came from. But that is not your computer. Rather, it's the exit relay that gets fingerprinted instead. It seems that in your case it is running Linux, which is not much surprising...
can you please check my…
can you please check my answer on bridges above? sorry I dont mean to hijack this but it seams you overlooked the answer and I still dont know
New to tor, vpn and the dark…
New to tor, vpn and the dark web, how safe am I, really?
Hi ! Can somebody tell me…
Hi ! Can somebody tell me when Tor Browser will support TLS 1.3 ? Firefox does, Tor Browser doesn't. Knowing that using Tor means going through exit nodes which can easily be in government or hacker hands, the higher version of TLS would be appreciate. Thanks for your great job ;)
Tor Browser currently…
Tor Browser currently supports TLS 1.3, kind of. But for supporting the final specification version we'd need to have a backport from Firefox code. This is tracked in https://trac.torproject.org/projects/tor/ticket/27141. Not sure when this will happen. Chances are high that you'll get proper TLS 1.3 support with Tor Browser 9, though, which we plan to get out later this year.
opened tor checked which…
opened tor checked which update it is on mac, says 8.0.6. your site says should be, Tor Browser 8.5a8, correct or is it safe to use?
8.0.6 is fine. There are two…
8.0.6 is fine. There are two different Tor Browser series, the alpha one which is at version 8.5a8 and the stable one, which is currently at 8.0.6.
Tor NOTICE: Bootstrapped 30%…
Look at the times:
Tor NOTICE: Bootstrapped 30% (loading_status): Loading networkstatus consensus
[03-05 09:42:22] Torbutton INFO: tor SOCKS: https://www.https-rulesets.org/v1//latest-rulesets-timestamp via
--unknown--:87480448065ca417db2a73c5a773970b
[03-05 09:42:25] Torbutton INFO: Message received from NoScript: [{"__meta":{"name":"started","recipientInfo":null},"_messageName":"started"},{"id":"{uuid}","url":"moz-extension://uuid/_generated_background_page.html","envType":"addon_child","extensionId":"{uuid}","contextId":4},null]
[03-05 09:42:59] TorLauncher INFO: NOTICE CONSENSUS_ARRIVED
Tor NOTICE: I learned some more directory information, but not enough to build a circuit: We're missing descriptors for 1/2 of our primary entry guards (total microdescriptors: 6383/6549).
Tor NOTICE: Bootstrapped 50% (loading_descriptors): Loading relay descriptors
[03-05 09:43:01] TorLauncher INFO: NOTICE ENOUGH_DIR_INFO
Tor NOTICE: Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
A suggestion for future…
A suggestion for future alpha release posts, please could you start the post with a warning that this is a build for testers and include a link to download the latest stable (i.e. non-alpha) build? Something like
Note this is an experimental build for testing new features. For normal users please download the browser here [link].
It seems these alpha announcements always get a lot of newbie questions, so I wouldn't be surprised if some were downloading the alpha thinking it was stable. Especially considering there is no mention of alpha in the main text, newbies won't know what the "a" in the version number means and if they're not software developers they may not know what "alpha build" even means.
That's a good idea, thanks…
That's a good idea, thanks. We'll try to remember next time when we write a blog post for an a alpha release.
Could you please provide a…
Android Version:
Could you please provide a separate APK for Tor Browser only? In this new bundle, when a user exits the Tor Browser, the Orbot client too closes with it and this also turns off VPN and results in a connection drop.
Plus the new Tor Browser/Orbot does not support Android's "Alwasy-on" VPN feature which helps keep the connection alive in case of a drop from network and stops data leak. This increases privacy and security as well.
I found a Reddit post very similar to my request and I request you to provide a separate APK for Tor Browser.
Ref.: https://www.reddit.com/r/TOR/comments/af9brd/separate_apk_for_torbrowse…
Yes. We might get this…
Yes. We might get this squeezed into the next alpha but if not then the one after it. The current solution is just a stopgap to give a "Tor Browser desktop like"-feel to mobile users.
How can I use Tor to write…
How can I use Tor to write text?
Does this work on IPhones…
Does this work on IPhones and iPads?
No, the mobile version we…
No, the mobile version we provide is only available for Android systems.