Tor Browser 8.0a2 is released

by boklm | February 23, 2018

Tor Browser 8.0a2 is now available from the Tor Browser Project page and also from our distribution directory.

This release includes Tor 0.3.3.2-alpha. In addition we update HTTPS Everywhere to 2018.1.29, NoScript to 5.1.8.4, meek to 0.29, and we include various other fixes and improvements.

The full changelog since Tor Browser 8.0a1 is:

  • All Platforms
    • Update Tor to 0.3.3.2-alpha
    • Update Torbutton to 1.9.9
      • Bug 24159: Version check does not deal with platform specific checks
      • Bug 25016: Remove 2017 donation banner
      • Translations update
    • Update Tor Launcher to 0.2.15
      • Bug 25089: Special characters are not escaped in proxy password
      • Translations update
    • Update HTTPS Everywhere to 2018.1.29
    • Update NoScript to 5.1.8.4
    • Update meek to 0.29
    • Bug 25215: Revert bug 18619 (we are not disabling IndexedDB any longer)
    • Bug 19910: Rip out optimistic data socks handshake variant (#3875)
    • Bug 22659: Changes to `intl.accept.languages` get overwritten after restart
    • Bug 25000: Add [System+Principal] to the NoScript whitelist
    • Bug 15599: Disable Range requests used by pdfjs as they are not isolated
    • Bug 22614: Make e10s/non-e10s Tor Browsers indistinguishable
    • Bug 13575: Disable randomised Firefox HTTP cache decay user tests
    • Bug 25020: Add a tbb_version.json file
    • Bug 24995: Include git hash in tor --version
  • OS X
    • Bug 22794: Don't open AF_INET/AF_INET6 sockets when AF_LOCAL is configured
  • Linux
    • Bug 22794: Don't open AF_INET/AF_INET6 sockets when AF_LOCAL is configured
  • Windows:
    • Bug 25266: PT config should include full names of executable files
  • Build System
    • Windows
      • Bug 25111: Don't compile Yasm on our own anymore for Windows Tor Browser

Comments

Please note that the comment area below has been archived.

Anonymous (not verified) said:

February 23, 2018

Permalink

EXECUTE PATCH TorBrowser/Data/Tor/torrc-defaults
LoadSourceFile: destination file size 1063 does not match expected size 1017
LoadSourceFile failed
### execution failed

Modified config and bye bye partial update, huh?

Anonymous (not verified) said:

February 23, 2018

Permalink

Partial update failed, full update succeeded, but
Bug 25000: Add [System+Principal] to the NoScript whitelist
wasn't added.

Anonymous (not verified) said:

February 23, 2018

Permalink

Bug 13575: Disable randomised Firefox HTTP cache decay user tests
You should override user pref in update.

Anonymous (not verified) said:

February 23, 2018

Permalink

A lot of
Torbutton INFO: controlPort >> 650 STREAM 64 CLOSED 12 [2620:12a:8000::2]:443 REASON=END REMOTE_REASON=CONNRESET
fun fun

anonymous (not verified) said:

February 23, 2018

Permalink

you guys were doing great until quite recently in tracking the FF release calendar. what happened?

We are still tracking the firefox release calendar. But we are also doing some additional releases, especially on the alpha channel to give move testing to the alpha tor releases and the other new features.

Remember this … (not verified) said:

February 23, 2018

Permalink

Thankyou again for all your hard work in helping keep us safe(r) on the Internet.
Nothing is perfect but it's a damn sight better than not having a Tor Browser.
The NSA and their cronies don't sleep, neither should we.

Good job (not verified) said:

February 24, 2018

Permalink

We hope the dev can use vimeo / daily motion and youtube (.onion) domain video sharing website

to educate and Certificate degree likes I.T exam to teaching the non - tech elder 60 year+ to use

the privacy protection internet web bower , in the suppress regime (part of North Korea ) , the browser under surveillance with real internet protocol address/ real passport identify number leak competitor have

1. UC web browser

2.cheetah browser

3. three hundred and sixty browser

4. QQ browser (ten-cent) (ICQ clone)

5. SO-GO (the dog searching ) browser

6: Bai-du ( searching for hundred times) browser

7.the cloud traveler browser (regional developer ) (not list in stock exchange )

8. greed tea browser (regional developer ) (not list in stock exchange )

9. Quark Browser (regional developer ) (not list in stock exchange )

10. VIA browsers (regional developer ) (not list in stock exchange )

Anonymous (not verified) said:

February 24, 2018

Permalink

TypeError: window.location is null[Learn More] popup.js:247:7
TypeError: this.contentWindow is null[Learn More] ExtensionChild.jsm:781:5

Could you post a link to pdfs with non-isolated requests?

I believe pretty much all PDFs suffered that issue. If you want one that was affected for sure, look at the bug report for #15599. It has some links.

> doesn't feel good at loading :(

True, that why it's only enabled in alpha for now, to see if it's worth the trade-off.

Anonymous (not verified) said:

February 24, 2018

Permalink

browser.ownerGlobal is null ext-utils.js:800
getBrowserId chrome://browser/content/ext-utils.js:800:9
chrome://browser/content/ext-tabs.js:79:26
runSafeSyncWithoutClone resource://gre/modules/ExtensionUtils.jsm:71:14
emit/promises< resource://gre/modules/ExtensionUtils.jsm:384:55
from self-hosted:595:17
emit resource://gre/modules/ExtensionUtils.jsm:383:20
WebRequestEventManager/register/listener chrome://extensions/content/ext-webRequest.js:51:7
runChannelListener resource://gre/modules/WebRequest.jsm:721:24
onStopRequest resource://gre/modules/WebRequest.jsm:841:5
onStopRequest resource://gre/modules/WebRequest.jsm:351:5
[02-24 16:37:52] Torbutton WARN: Version check failed! Web server error: 0
[02-24 16:37:52] Torbutton INFO: controlPort >> 650 STREAM 951 CLOSED 111 [2620:0:6b0:b:1a1a:0:26e5:4810]:443 REASON=END REMOTE_REASON=CONNRESET

Nadir (not verified) said:

February 24, 2018

Permalink

B/

Anonymous (not verified) said:

February 25, 2018

Permalink

torproject.org down since yesterday or even longer. No way to download Tor-Browser-Bundle or anything.

I wish Tor Project would at least attempt to official warn users when this happens, but I too experienced difficulties, and in another thread in this blog, a reliable source confirmed that Tor network and the torproject.org site were under attack this weekend. No word on who might be responsbible.

Thomas of Balt… (not verified) said:

February 25, 2018

Permalink

This may be a dumb question, but I'll go ahead and ask it: I wonder if there would be any value in creating web-browser extensions for mainstream browsers (Firefox and Chrome) that falsely, though convincingly (mis)identifies the browser as a Tor user? Would hundreds of thousands of false Tors provide some cover for true Tors?

You mean as a Tor Browser user? The first tricky part is to "simulate" sending your traffic over the Tor network while not doing so as I don't see how an extension could achieve that. How would you want to do that?

Thomas of Balt… (not verified) said:

February 26, 2018

Permalink

To obfuscate the spotting of Tor users (sans VPNs) by ISPs and others, would there be any value in having every mainstream browser appear to be a Tor user by downloading an extension on the Chrome or Firefox browser? Could there be a false Tor network the extension visits that appears just convincing enough to appear real without actually using the actual Tor systems?

Making Tor look like normal traffic should be done by modifying Tor (and not by modifying the rest of the normal traffic) or by usage of pluggable transport that obfuscate the traffic such as with meek-amazon, snowflake, obfs4, et cetera

Anonymous (not verified) said:

February 26, 2018

Permalink

09:55:18.514 A promise chain failed to handle a rejection. Did you forget to '.catch', or did you forget to 'return'?
See https://developer.mozilla.org/Mozilla/JavaScript_code_modules/Promise.j…

Date: Mon Feb 26 2018 09:54:33 GMT+0000 (UTC)
Full Message: [object Object]
Full Stack: JS frame :: resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js :: PendingErrors.register :: line 194
JS frame :: resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js :: this.PromiseWalker.completePromise :: line 715
JS frame :: resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js :: Handler.prototype.process :: line 968
JS frame :: resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js :: this.PromiseWalker.walkerLoop :: line 813
JS frame :: resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js :: this.PromiseWalker.scheduleWalkerLoop/< :: line 747 1 (unknown)

Not likely, this is the "test" version to work out the kinks using random volunteers as test subjects. You won't ever see the real TOR browser that the U.S. intel has to deploy in other countries.

I would like to see a Ukrainian TOR ED

To my knowledge, yes it does. The release notes for 7.5 have some screenshots that show how to do it. You'll have to use a certain transports though (the ones marked works in China).

Thom of Baltim… (not verified) said:

February 26, 2018

Permalink

Yea -- this was a dumb question. You can tell I am not technically-inclined. I appreciate you indulging my inquiry.

Tor Downer? (not verified) said:

February 28, 2018

Permalink

TOR browser is unable to connect to any site: Secure Connection Failed. Server reset. Is TOR browser down?

Anonymous (not verified) said:

February 28, 2018

Permalink

Now it is 2nd or 3rd day when all bandwidth values in cached-microdesc-consensus file have Unmeasured=1 flag. Many tor nodes have bandwidth=10000. (tor 0.3.2.9). Is it some attack? Were DA nodes compromised?

Anonymous (not verified) said:

March 08, 2018

Permalink

Thank you! Indeed, later I found discussion of this issue in tor mailing lists. Now tor stat is OK.

Yacob Shabudin (not verified) said:

March 02, 2018

Permalink

Why is the first Tor relay address static? Every time a user requests for a new Tor circuit, the first relay address does not change compared to last time.

Thank you and Best Regards

Anonymous (not verified) said:

March 02, 2018

Permalink

win64
partial update failed:
failed: 19
calling QuitProgressUI
hrm...

Anonymous (not verified) said:

March 05, 2018

Permalink

Yes. Cert of partial update was corrupted or what? Is this related to that SHA-1 is "unsupported" now? It was clean 8.0.a1 -> a2.

terry (not verified) said:

March 13, 2018

Permalink

I'm an old guy from the post WW2 generation.I didn't grow up with computers and have very little to no experience in coding.For people like myself,reading part way into the comments ,was enough to tell me that this isn't quite ready for public consumption.