New Release: Tor Browser 9.0.3

by boklm | January 8, 2020

Tor Browser 9.0.3 is now available from the Tor Browser download page and also from our distribution directory.

This release features important security updates to Firefox.

This new stable release picks up security fixes for Firefox 68.4.0esr. We also updated Tor to 0.4.2.5 for the desktop versions. On Android we fixed a possible crash after the bootstrap.

Reproducible Builds

As with previous releases since 9.0, a bug in our toolchain is making it more difficult to reproduce our builds (a second rebuild is sometimes required to get a matching build). Fortunately, we now have a fix for this issue, which we are testing in the alpha series, so this should be fixed in the stable release that we'll have in February.

Tor Browser 9.0.4

Mozilla is preparing a new Firefox version, 68.4.1, fixing an additional issue, therefore we are planning to release version 9.0.4 of Tor Browser picking up this fix soon.

ChangeLog

The full changelog since Tor Browser 9.0.2 is:

  • All Platforms
    • Update Firefox to 68.4.0esr
    • Bump NoScript to 11.0.11
    • Translations update
    • Update OpenPGP keyring
    • Bug 32606: Set up default bridge at Georgetown University
    • Bug 32659: Remove IPv6 address of default bridge
    • Bug 32547: Add new default bridge at UMN
    • Bug 31855: Remove End of Year Fundraising Campaign from about:tor
  • Windows + OS X + Linux
    • Bump Tor to 0.4.2.5
    • Update Tor Launcher to 0.2.20.5
      • Bug 32636: Clean up locales shipped with Tor Launcher
  • Android
    • Bug 32405: Crash immediately after bootstrap on Android
  • Build System
    • Linux
      • Bug 32676: Create a tarball with all Linux x86_64 language packs

Comments

Please note that the comment area below has been archived.

January 08, 2020

Permalink

Hi, is there a tor browser forum where we can discuss the browser performance vis-a-vis captcha detection of said browser? Irc is not working for me.

January 08, 2020

Permalink

Facebook not allowing upload of photos and videos (all personal and copyright free), when using their .onion address over Tor. Only way around this is to use a node that has been previously used to sign in on the usual Facebook address.

And for this to work we need the option to specify our own nodes. Please bring the ability to select nodes.

You are crippling advanced users like me and more!

But, correct me if I am wrong, facebookcorewwwi.onion has no way of seeing what is your exit node, it just sees the last three nodes in your route, just like you see the first three.

January 08, 2020

Permalink

Are these sums correct? I get different results from DDG engine. Please and thankyou

$ md5sum tor-browser-linux64-9.0.3_en-US.tar.xz
9faa33ed8e7398007464bbc831c73513 tor-browser-linux64-9.0.3_en-US.tar.xz

$ sha256sum tor-browser-linux64-9.0.3_en-US.tar.xz
8983d3784b9563b67e54ed46c74839aa486013fbc3568441cf1c3b09abbd5169 tor-browser-linux64-9.0.3_en-US.tar.xz

January 08, 2020

Permalink

Tor never works within China without upstream proxy,and year 2020 is just getting worse.
neither meek nor any obfs (including obfs4) works,they are useless behind GFW.

And about 'request for bridge' : I can get the CAPTCHA shows up but after entering the corrected one I don't get any bridges.
I see it in wireshark that when i click the 'request for bridge' and when the CAPTCHA shows up,the connenctions are fine.Even submitted the wrong one the connections works properly.
But after submmited the right CAPTCHA,the connection get TCP RST at the last 2 connections.
I tried several times and this always happens,so i am sure it is not coincidence
My guess is GFW can detect this and intercept bridges for sure.

I high suspect that GFW actually use this to get tor bridges and block them if someone in china tried to get a tor bridge without upstream proxy
unlike most and tor people believe that the GFW use manual or bots methods to get tor bridges blocked,i think in this case they are using this kind of MITM method to get tor bridges blocked

Also the GFW are getting stronger since 2020,many proxy/VPS/VPN are not working properly or not working at all even.
Even with luck that some connections do work,they only last like literally 1~10 minutes,some for like 1 hour or 3 hours at max but will surely be disconencted and blocked by GFW soon,then become unavailable
Which means tor is totally unavailable and useless to use in china let alone bypassing GFW.
For what is worse all ISP are directly controlled by CCP and GFW in china in case you don't know.
China is trully just a very huge prison actually.

The situation in China is really bad and getting worse and worse.
I only get to this website with mere luck and i am sure this connection will be lost within 10 minutes.
I can not contact others and have almost no hope to do so
if any of you read this please look into it and help.Atleast tell others.please
Please help.

Thank you in advance

Hi, thank you for sharing your experiences with this. This information is helpful and we'll be sure to follow up on it. We are actively working on the GFW situation and we believe that private obfs4 bridges (those not distributed through BridgeDB) still work. We're also working on a new transport called Snowflake that has had mixed success in China.

We can send you a private bridge if you contact us directly on IRC or by email at cohosh@torproject.org or phw@torproject.org

What happens if you try to connect to some website hosted on Microsoft Azure? It could be something is temporarily wrong with it. In fact, that's by orders of magnitude more likely than that GFW can somehow decipher your connections with Azure.

January 08, 2020

Permalink

Media from 3rd party site doesn't play until Media for the 1st party site is allowed on Safer :(

January 09, 2020

Permalink

Hi. i download 9.0.4 from other blog , its from your server , but on your offical website 9.0.3 is lastest version
its true? its offical version? its for everybody?

January 09, 2020

Permalink

Hello,
I rarely use Tor, but today I opened it to try to access a pirate bay proxy.
It updated automatically, but right now it seems I cannot access the internet through a regular browser (neither chrome nor firefox works). Tor opens regular webpages as normal.
What might be the problem, and how should I fix it?

Thank you for your assistance.

my guess here is probably useless, but ....

Are there proxy settings for the regular chrome and firefox?

I'd expect this is not the problem, if only because chrome uses the os (windows.. inetcpl.cpl?) proxy setting, while firefox has its own proxy setting in preferences.
Yet *both* browsers aren't connecting correctly.

The ticket is still open (https://trac.torproject.org/projects/tor/ticket/28786), so this means it has not been done yet, but it is still planned to do it as some point, although we have other things which are higher priority, so there is no promise about when it will be done. Probably this will be done after the switch to fenix to avoid doing it twice.

Of course if anyone wants to help get that done faster, patches are welcome.

January 10, 2020

Permalink

In android there is a problem with cookies.
If you have disabled them and after leave the browser, the next time you enter the browser they are enabled, even if they seem to be disabled.
To disable them, you should enable and after disable them.

January 10, 2020

Permalink

I am on Android. Do you recommend using i.e the new quad9 connect app? I am on it now i.e.

I think I read about using quad9 for dns query and resolving (servers) as ok but not cloudflare for tor exit servers!

January 10, 2020

Permalink

tor browser 9.0.3/4 for android (aarch64) leaks locale again on tablet running android7. on smartphone running android8 everything's fine

January 10, 2020

Permalink

Hey trying to sign up for new Facebook account but just keeps coming up with "There was an error with your registration. Please try registering again." error...
Using Protonmail. Any suggestions?
Thanks!

February 09, 2020

Permalink

Ahhh bad. Everything has been leaked. Is necessary a split tunneling on a vpn ? Lol . Where is gone anonymity. No setup in tor browser android. Like was on orbot. I tested on :browserleak : which has showed everything else model of phone. No cookie no js . Ipv6. Till adresse and city of server is a nsa joke? Tried last orbot same . So I consider again old orbot around version 1.5.1 and so on till 1.6.3 and tor browser android first release. Goodday