New Release: Tor Browser 9.5a2
Tor Browser 9.5a2 is now available from the Tor Browser Alpha download page and also from our distribution directory.
Note: this is an alpha release, an experimental version for users who want to help us test new features. For everyone else, we recommend downloading the latest stable release instead.
This new alpha release contains various bug fixes and improvements. Among them, we improved the letterboxing experience. Additionally, we added a banner on the starting page for our fundraising campaign Take Back the Internet with Tor.
Known Issue
As with the stable release, we currently have a reproducible build issue. We recently made some progress on the issue and are getting closer to having a fix.
The full changelog since Tor Browser 9.5a1 is:
- All Platforms
- Update NoScript to 11.0.7
- Bug 30783: Fundraising banner for EOY 2019 campain
- Bug 32321: Don't ping Mozilla for Man-in-the-Middle-detection
- Bug 32318: Backport Mozilla's fix for bug 1534339
- Bug 32250: Backport enhanced letterboxing support (bug 1546832 and 1556017)
- Bug 31573: Catch SessionStore.jsm exception
- Bug 27268: Preferences clean-up
- Windows + OS X + Linux
- Update Tor to 0.4.2.3-alpha
- Update Tor Launcher to 0.2.20.2
- Bug 32164: Trim each received log line from tor
- Translations update
- Bug 31803: Replaced about:debugging logo with flat version
- Bug 31764: Fix for error when navigating via 'Paste and go'
- Bug 32169: Fix TB9 Wikipedia address bar search
- Bug 32210: Hide the tor pane when using a system tor
- Bug 31658: Use builtin --panel-disabled-color for security level text
- Bug 32188: Fix localization on about:preferences#tor
- Bug 32184: Red dot is shown while downloading an update
- Bug 27604: Fix broken Tor Browser after moving it to a different directory
- Bug 32220: Improve the letterboxing experience
- Bug 30683: Backport upstreamed fix from Mozilla (bug 1581537)
- Android
- Build System
Comments
Please note that the comment area below has been archived.
Error: listener not re…
Error: listener not re-registered 8 ExtensionCommon.jsm:2318:24
after update
regression https://trac…
regression https://trac.torproject.org/projects/tor/ticket/27604#comment:36
Still visible on Windows.
Still visible on Windows.
uncaught exception:…
uncaught exception: 2147746065 SessionStore.jsm:1325:22
after update
r u going to fix it?
r u going to fix it?
Still visible on Windows.
Still visible on Windows.
Mozilla has a different fix…
Mozilla has a different fix for it.
Content Security Policy:…
Content Security Policy: Couldn’t parse invalid host 'wasm-eval'
is still in httpse
Public-Key-Pins: An unknown…
Public-Key-Pins: An unknown error occurred processing the header specified by the site. en-US
on https://aus1.torproject.org/torbrowser/update_3/alpha/WINNT_x86_64-gcc3…
The most annoying error is…
The most annoying error is still:
[Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIDOMWindowUtils.removeSheetUsingURIString]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: resource://gre/modules/ExtensionCommon.jsm :: runSafeSyncWithoutClone :: line 75" data: no] 7 ExtensionCommon.jsm:75:12
runSafeSyncWithoutClone resource://gre/modules/ExtensionCommon.jsm:75
cleanup resource://gre/modules/ExtensionContent.jsm:403
close resource://gre/modules/ExtensionContent.jsm:913
destroyed resource://gre/modules/ExtensionContent.jsm:998
observe resource://gre/modules/ExtensionContent.jsm:1016
Pictures are still not…
Pictures are still not loading on some sites.
This is this ticket:https:/…
This is this ticket:
https://trac.torproject.org/projects/tor/ticket/32238
fucking cloudflare again
fucking cloudflare again
Thanks for your hard work! …
Thanks for your hard work!
A long-standing wish: it would help if your GPG signature filenames ended in '.sig' instead of the current '.asc'.
Some gpg linux software (like KGpg) is associated with '.sig', so clicking on the files in file manager nicely performs the verification.
In contrast, when your '.asc' files are clicked, it always causes the prompt to provide a new name to overwrite the files.
Thanks to the Tails devs for already using '.sig' and thus avoiding this annoyance!
There is a ticket open for…
There is a ticket open for changing Firefox's behavior when a .asc is requested. I agree it is annoying that the world uses two different file extensions for the same type of file, but gpg produces .asc files by default - it seems silly that other PGP/GPG tools do not handle that correctly. On the other hand, .sig is more explicit about what the file contains (a signature), instead of some-ascii-armored textblob.
I opened a ticket for this - https://trac.torproject.org/projects/tor/ticket/32479
L'antivirus, al download,…
L'antivirus, al download, dice che Tor potrebbe danneggiare il mio PC.
quale antivirus usi?
quale antivirus usi?
My letter box is 1cm each…
My letter box is 1cm each side but 3 cm at bottom of screen. Means I lose lot of screnn! any way to change this setting manually? I dont like it too big.
Is that the default…
Is that the default configuration? You see letterboxing when you start the browser? Did you customize the browser? Did you add a toolbar, like the bookmarks bar?
Yes default. I didn;t touch…
Yes default. I didn;t touch any thing new. Only make the browser full size on screen by click box in top corner.
> Yes default. I didn;t…
> Yes default. I didn;t touch any thing new. Only make the browser full size on screen by click box in top corner.
"full size" (called "maximizing the window") is not the default when you start the browser. sysrqb was asking about the state of the window when you first open Tor Browser or after you start a "new identity" by clicking the broom icon. The letterbox frame is intended to appear when you resize from that initial size such as when you maximize the window. It is not intended to appear on the default state of the window when you first open Tor Browser or after you start a new identity.
That's probably because it's…
That's probably because it's desktop, and the toolbar is showing, see https://trac.torproject.org/projects/tor/ticket/27845 and the toolbar icons cause the height to be 1 to 5 pixels short, causing a LB close to 100px (now all at the bottom)
I will check and report back…
I will check and report back. Si, it desktop (Windows 10, ASUS laptop) but didnt happen before. I have no toolbar showing. TBB stable not do. TBB alpha was ok before 9.5a2 for me. Sorry to be pain in ass, I love your TBB and Tails friends and gracias for all help every day.
Are there any plans for an…
Are there any plans for an Anti-DDoS functionality in Tor and Tor-Browser?
This could be done by requiring proof of work every N requests/minutes to be able to access an .onion site (see hashcash). Doing this via JS is not really an option because many people disable it for security reasons.
If not, please consider this for an upcoming version. Many websites suffer from DDoS and I think this could be an effective solution to the problem.
https://trac.torproject.org…
https://trac.torproject.org/projects/tor/ticket/28710
torbirdy fix would be a good…
torbirdy fix would be a good start
opening about:preferences…
opening about:preferences#privacy from the security toolbar button leads to adding about:preferences#tor items at the end of about:preferences#privacy
I opened this ticket:https:/…
I opened this ticket:
https://trac.torproject.org/projects/tor/ticket/32508#ticket
Handler function threw an…
Handler function threw an exception: [Exception... "Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsICacheInfoChannel.isRacing]" nsresult: "0x80040111 (NS_ERROR_NOT_AVAILABLE)" location: "JS frame :: resource://devtools/server/actors/network-monitor/network-response-listener.js :: NetworkResponseListener.prototype._getSecurityInfo< :: line 334" data: no]
Stack: NetworkResponseListener.prototype._getSecurityInfo<@resource://devtools/server/actors/network-monitor/network-response-listener.js:334:26
exports.makeInfallible/<@resource://devtools/shared/ThreadSafeDevToolsUtils.js:111:22
onStartRequest@resource://devtools/server/actors/network-monitor/network-response-listener.js:226:10
Line: 334, column: 0 2 ThreadSafeDevToolsUtils.js:90:13
reportException resource://devtools/shared/ThreadSafeDevToolsUtils.js:90
makeInfallible resource://devtools/shared/ThreadSafeDevToolsUtils.js:117
onStartRequest resource://devtools/server/actors/network-monitor/network-response-listener.js:226
still some FPI leaks: [11-17…
still some FPI leaks:
[11-17 09:06:49] Torbutton INFO: tor SOCKS: https://s0.2mdn.net/instream/video/client.js via
--unknown--:05892fa6accafe1f70d5462fd745dcb5
New Browser Console is…
New Browser Console is outstanding in its CPU usage and freezes the entire browser:
Script: resource://devtools/client/webconsole/reducers/messages.js:1341
Script: resource://devtools/client/webconsole/components/ConsoleOutput.js:150
NoScript is still fucking…
NoScript is still fucking computers with thousands of:
[11-17 10:59:15] Torbutton INFO: controlPort >> 650 STREAM 26704 CLOSED 133 cflarenuttlfuyn7imozr4atzvfbiw3ezgbdjdldmdx7srterayaozid.onion:443 REASON=DONE
https://trac.torproject.org…
https://trac.torproject.org/projects/tor/ticket/32528
this is frustrating
just do it
just do it
Tor browser android version…
Tor browser android version 9.*.* cache is not cleared by standard methods in online mode. Cleaning is possible only after closing the program. Each time after authorization it is necessary to close the program and start again. Can you fix it so that the full cache cleanup works online? Or is it impossible to fix?
HTTPS Everywhere Options in…
HTTPS Everywhere Options in about:addons
TypeError: chromeWin.gBrowserInit is undefined ext-webNavigation.js:140:1
Thank you for fixing the…
Thank you for fixing the wiki search bar issue. I thought it was just me.
But, isn't the window size supposed to be a configured size due to fingerprinting concerns? Mine does not seem to be, & I wasn't sure if that was no longer a concern.
Please disregard my previous…
Please disregard my previous comment regarding window size. It seems to work now... weird. I didn't change anything, but it didn't seem to work on one page, but did on another.
Which page? Are you using…
Which page? Are you using Tor Browser 9.5a2? If letterboxing is enabled, which it is by default, window size does not contribute to fingerprinting as much as it does without letterboxing. You should see bars or margins of blank space around the edges the web page display area. If your first try was in a window whose size you changed, then your description is normal behavior. But if your first and second tries were in a window of the same size, you may have found a bug that you should provide more information about.
WTF Mozilla/5.0 (Windows NT…
WTF
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0
when it should be
Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
https://bugzilla.mozilla.org/show_bug.cgi?id=1556223
This ticket is still open,…
This ticket is still open, the proposed patches have not been merged yet.
aaand? it doesn't mean you…
aaand? it doesn't mean you can violate the spec.
Which spec are you talking…
Which spec are you talking about, and how are we violating it?
You don't know specs for UA…
You don't know specs for UA o_0
You are not allowed to report mix of arches.
> You don't know specs for…
> You don't know specs for UA o_0
> You are not allowed to report mix of arches.
We're allowed to do anything we want. I'll just let tom explain it
"RFP violates web standards all over the place actually. We explicitly do so in the name of user intervention - the user has opted into a mode that has reduced compatibility on the web and breaks some features but provides greater privacy. At some point in the future it would be wonderful if RFP and Web Standards converged again - but it's going to have to be Web Standards that come to meet RFP - not the other way around"
Source: https://bugzilla.mozilla.org/show_bug.cgi?id=1535189#c12
you don't understand what…
you don't understand what you're talking about.
This ticket is not for RFP!
This ticket is not for RFP!
Are you seeing this in Tor…
Are you seeing this in Tor Browser or Firefox?
Tor Browser with js reports…
Tor Browser with js reports
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0
without js
Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
fix this nonsense!
somebody smart decreased the…
somebody smart decreased the number of connections to Trac so that TBB is loading some tabs forever :(
Developer! In all versions…
Developer!
In all versions of 9.. *. * For android devices, the following vulnerabilities were discovered:
1) The cache is not cleared from the standard browser menu in online mode!
2) switching cookie management modes does not work. Cookies are accepted even in the "Disabled" mode!
For 1), what do you mean by …
For 1), what do you mean by "online mode"? Currently you have to close the application and open it again to clear the cache. But we are planning to implement a "New Identity" features similar to the Desktop one: https://trac.torproject.org/projects/tor/ticket/28800
For 2), where did you change cookies settings? Preventing cookies completely is not recommended as it will change the fingerprint of your browser.
about:memory always shows 0…
about:memory always shows
0.00 MB ── wasm-runtime
[Exception... "Component…
[Exception... "Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIContentSniffer.getMIMETypeFromContent]" nsresult: "0x80040111 (NS_ERROR_NOT_AVAILABLE)" location: "JS frame :: resource:///modules/FaviconLoader.jsm :: onStopRequest :: line 277" data: no] FaviconLoader.jsm:277:24
onStopRequest resource:///modules/FaviconLoader.jsm:277
AsyncFunctionNext self-hosted:839
Handler function threw an…
Handler function threw an exception: [Exception... "Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsICacheInfoChannel.isRacing]" nsresult: "0x80040111 (NS_ERROR_NOT_AVAILABLE)" location: "JS frame :: resource://devtools/server/actors/network-monitor/network-response-listener.js :: NetworkResponseListener.prototype._getSecurityInfo< :: line 334" data: no]
Stack: NetworkResponseListener.prototype._getSecurityInfo<@resource://devtools/server/actors/network-monitor/network-response-listener.js:334:26
exports.makeInfallible/<@resource://devtools/shared/ThreadSafeDevToolsUtils.js:111:22
onStartRequest@resource://devtools/server/actors/network-monitor/network-response-listener.js:226:10
Line: 334, column: 0 ThreadSafeDevToolsUtils.js:90:13
reportException resource://devtools/shared/ThreadSafeDevToolsUtils.js:90
makeInfallible resource://devtools/shared/ThreadSafeDevToolsUtils.js:117
onStartRequest resource://devtools/server/actors/network-monitor/network-response-listener.js:226
TypeError: window is null 5…
TypeError: window is null 5 ContentMetaHandler.jsm:96:23
TypeError: this…
TypeError: this.messageManager is null 3 browser-custom-element.js:1553:11
purgeSessionHistory chrome://global/content/elements/browser-custom-element.js:1553
observe chrome://global/content/elements/browser-custom-element.js:224
torbutton_do_new_identity chrome://torbutton/content/torbutton.js:933
torbutton_new_identity chrome://torbutton/content/torbutton.js:835
oncommand chrome://browser/content/browser.xul:1
Could you guys fix the bad…
Could you guys fix the bad favicons for both DuckDuckGo search engines (regular and Tor)? They have been like this for a long time.
What is the issue with the…
What is the issue with the DuckDuckGo favicon? It looks fine for me.
Bad favicons? What do you…
Bad favicons? What do you see? According to the source html of their webpages, these are their favicons:
https://duckduckgo.com/favicon.ico
https://3g2upl4pq6kufc4m.onion/favicon.ico
Those look the same as DDG Onion's button in Tor Browser. DDG's .com button looks like those, but the red circle doesn't have a white line border. I like that I can tell them apart so I don't click the wrong one by accident.
I've been trying to download…
I've been trying to download the Tor browser for a couple of days. All the other links on the download page are live, but not the download link. I've tried with multiple browsers and on different computers. I know my ISP doesn't block it. Is there a current issue with the download? Thanks!
There is no known issue at…
There is no known issue at the moment. Which OS/language are you trying to download?
Can you paste here the download link that is not working?
EFF (Full): A new ruleset…
EFF (Full): A new ruleset bundle has been released, but it is older than the extension-bundled rulesets it replaces. Skipping. util.js:26:15
I opened a ticket for this…
I opened a ticket for this:
https://trac.torproject.org/projects/tor/ticket/32601
Which Tor Browser version are you using? If you add the HTTPSEverywhere icon to the URL bar and click on it, what Ruleset version does it show?
9.5a2, 2019.11.7 and 'n/a'…
9.5a2, 2019.11.7 and 'n/a' in options.
So it looks like it is not a…
So it looks like it is not a bug:
https://trac.torproject.org/projects/tor/ticket/32601#comment:1
It lies that "A new ruleset…
It lies that "A new ruleset bundle has been released".
Hi. I am using torbrowser…
Hi. I am using torbrowser with 5-6 opened profiles. And only one of these - use tor connection. the others have different proxy.
I am afraid to upgrade to newest version because of torbutton integrated. Can I use this version for non-tor browsing?
Using Tor Browser with…
Using Tor Browser with different profiles is not supported, so it might break in different ways.
WTF? Dropping text on the…
WTF?
Dropping text on the webpage resulted in the tab destroyed with
and no history to go back!
Log:
Ignoring response to aborted listener for 824
[11-29 03:36:19] Torbutton INFO: The DataTransfer is available
[11-29 03:36:21] Torbutton INFO: The DataTransfer is available 2
[11-29 03:36:21] Torbutton INFO: Inspecting the data transfer: 0
[11-29 03:36:21] Torbutton INFO: Type is: text/_moz_htmlcontext
[11-29 03:36:21] Torbutton INFO: Type is: text/_moz_htmlinfo
[11-29 03:36:21] Torbutton INFO: Type is: text/html
[11-29 03:36:21] Torbutton INFO: Type is: text/plain
TypeError: docShell.failedChannel is null NetErrorChild.jsm:844:32
Please can someone in plain…
Please can someone in plain Fu**ing Englih tell me how the fuck you verify tor download for ubuntu, 3 fucking weeks I have been trying to work it out ffs pull your heads out of your arses
Insults don't really help to…
Insults don't really help to get an answer.
It's unclear what you mean by "verify tor download for ubuntu". If you are talking about verifying gpg signatures then there is this page:
https://ijpaagiacu.tudasnich.de/tbb/how-to-verify-signature/