New Release: Tor Browser 10
Update 1700 UTC 2020-09-24: After investigating the error seen by Windows users while playing videos on Youtube, a user helped us identify the cause. Until this is fixed in an upcoming release, a workaround is setting media.rdd-opus.enabled as false in about:config.
The new shiny Tor Browser 10 for Desktop is now available from the Tor Browser download page and also from our distribution directory!
Android Tor Browser 10 is under active development and we are supporting the current 9.5 series for Android until the new one is ready. We are informed by Mozilla of any issues they learn about affecting the 9.5 series. We expect to release the new Tor Browser for Android based on Fenix in the following weeks.
Tor Browser 10 ships with Firefox 78.3.0esr, updates NoScript to 11.0.44, and Tor to 0.4.4.5. This release includes important security updates to Firefox.
This new Tor Browser release is focused on stablizing Tor Browser based on a new extended support release of Mozilla Firefox. Tor Browser 10.0 is the first stable release of the 10.0 series based on Firefox 78esr.
Note: Tor Browser 10.0 is the final Tor Browser series supporting CentOS 6. Beginning with the 10.5 series, CentOS 6 is not supported.
Note: In this release JavaScript is controlled by NoScript again. JavaScript was completely disabled on the Safest security level beginning in Tor Browser 9.0.7. The Firefox preference javascript.enabled is reset to true in this release. You must re-set it as false if that is your preference.
Give Feedback
If you find a bug or have a suggestion for how we could improve this release, please let us know. Thanks to all of the teams across Tor, and the many volunteers, who contributed to this release.
Full Changelog
The full changelog since Tor Browser 9.5.4 is:
- Windows + OS X + Linux
- Update Firefox to 78.3.0esr
- Update Tor to 0.4.4.5
- Update Tor Launcher to 0.2.25
- Bug 32174: Replace XUL <textbox> with <html:input></html:input></textbox>
- Bug 33890: Rename XUL files to XHTML
- Bug 33862: Fix usages of createTransport API
- Bug 33906: Fix Tor-Launcher issues for Firefox 75
- Bug 33998: Use CSS grid instead of XUL grid
- Bug 34164: Tor Launcher deadlocks during startup (Firefox 77)
- Bug 34206: Tor Launcher button labels are missing (Firefox 76)
- Bug 40002: After rebasing to 80.0b2 moat is broken
- Translations update
- Update NoScript to 11.0.44
- Bug 40093: Youtube videos on safer produce an error
- Translations update
- Bug 10394: Let Tor Browser update HTTPS Everywhere
- Bug 11154: Disable TLS 1.0 (and 1.1) by default
- Bug 16931: Sanitize the add-on blocklist update URL
- Bug 17374: Disable 1024-DH Encryption by default
- Bug 21601: Remove unused media.webaudio.enabled pref
- Bug 30682: Disable Intermediate CA Preloading
- Bug 30812: Exempt about: pages from Resist Fingerprinting
- Bug 31918+33533+40024+40037: Rebase Tor Browser esr68 patches for ESR 78
- Bug 32612: Update MAR_CHANNEL_ID for the alpha
- Bug 32886: Separate treatment of @media interaction features for desktop and android
- Bug 33534: Review FF release notes from FF69 to latest (FF78)
- Bug 33697: Use old search config based on list.json
- Bug 33721: PDF Viewer is not working in the safest security level
- Bug 33734: Set MOZ_NORMANDY to False
- Bug 33737: Fix aboutDialog.js error for Firefox nightlies
- Bug 33848: Disable Enhanced Tracking Protection
- Bug 33851: Patch out Parental Controls detection and logging
- Bug 33852: Clean up about:logins to not mention Sync
- Bug 33856: Set browser.privatebrowsing.forceMediaMemoryCache to True
- Bug 33862: Fix usages of createTransport API
- Bug 33867: Disable password manager and password generation
- Bug 33890: Rename XUL files to XHTML
- Bug 33892: Add brandProductName to brand.dtd and brand.properties
- Bug 33962: Uplift patch for bug 5741 (dns leak protection)
- Bug 34125: API change in protocolProxyService.registerChannelFilter
- Bug 40001: Generate tor-browser-brand.ftl when importing translations
- Bug 40002: Remove about:pioneer
- Bug 40002: Fix generateNSGetFactory being moved to ComponentUtils
- Bug 40003: Adapt code for L10nRegistry API changes
- Bug 40005: Initialize the identity UI before setting up the circuit display
- Bug 40006: Fix new identity for 81
- Bug 40007: Move SecurityPrefs initialization to the StartupObserver component
- Bug 40008: Style fixes for 78
- Bug 40017: Audit Firefox 68-78 diff for proxy issues
- Bug 40022: Update new icons in Tor Browser branding
- Bug 40025: Revert add-on permissions due to Mozilla's 1560059
- Bug 40036: Remove product version/update channel from #13379 patch
- Bug 40038: Review RemoteSettings for ESR 78
- Bug 40048: Disable various ESR78 features via prefs
- Bug 40059: Verify our external helper patch is still working
- Bug 40066: Update existing prefs for ESR 78
- Bug 40066: Remove default bridge 37.218.240.34
- Bug 40073: Disable remote Public Suffix List fetching
- Bug 40073: Repack omni.ja to include builtin HTTPS Everywhere
- Bug 40078: Backport patches for bug 1651680 for now
- Bug 40082: Let JavaScript on safest setting handled by NoScript again
- Bug 40088: Moat "Submit" button does not work
- Bug 40090: Disable v3 add-on blocklist for now
- Bug 40091: Load HTTPS Everywhere as a builtin addon
- Bug 40102: Fix UI bugs in Tor Browser 10.0 alpha
- Bug 40106: Cannot install addons in full screen mode
- Bug 40109: Playing video breaks after reloading pages
- Bug 40119: Enable v3 extension blocklisting again
- Windows
- OS X
- Bug 32252: Tor Browser does not display correctly in VMWare Fusion on macOS (mojave)
- Build System
- Windows + OS X + Linux
- Bump Go to 1.14.7
- Bug 31845: Bump GCC version to 9.3.0
- Bug 34011: Bump clang to 9.0.1
- Bug 34014: Enable sqlite3 support in Python
- Bug 34390: Don't copy DBM libraries anymore
- Bug 34391: Remove unused --enable-signmar option
- Bug 40004: Adapt Rust project for Firefox 78 ESR
- Bug 40005: Adapt Node project for Firefox 78 ESR
- Bug 40006: Adapt cbindgen for Firefox 78 ESR
- Bug 40037: Move projects over to clang-source
- Bug 40026: Fix full .mar creation for esr78
- Bug 40027: Fix incremental .mar creation for esr78
- Bug 40028: Do not reference unset env variables
- Bug 40031: Add licenses for kcp-go and smux.
- Bug 40045: Fix complete .mar file creation for dmg2mar
- Bug 40065: Bump debootstrap-image ubuntu_version to 20.04.1
- Bug 40087: Deterministically add HTTPS Everywhere into omni.ja
- Windows
- Bug 34230: Update Windows toolchain for Firefox 78 ESR
- Bug 40015: Use only 64bit fxc2
- Bug 40017: Enable stripping again on Windows
- Bug 40052: Bump NSIS to 3.06.1
- Bug 40061: Omit the Windows default browser agent from the build
- Bug 40071: Be explicit about no SEH with mingw-w64 on 32bit systems
- Bug 40077: Don't pass --no-insert-timestamp when building Firefox
- Bug 40090: NSIS 3.06.1 based builds are not reproducible anymore
- OS X
- Linux
- Windows + OS X + Linux
Comments
Please note that the comment area below has been archived.
I love Tor and ten is my…
I love Tor and ten is my lucky number! Can't wait to see android get some updates too! :)
Were there any changes to…
Were there any changes to browser size rounding? 10.0 is opening at 999x499 for me, if maximized it's 1198x599. This is viewport size as reported by websites.
However everything is also quite zoomed-in by default, I've checked Preferences and the zoom setting claims "100%". But judging by the actual browser size in terms of native OS pixels the zoom is about 125%. The OS is not using any kind of resolution scaling or anything similar, everything is at native resolution.
This is on Linux.
I'm also wondering about…
I'm also wondering about this. I love the scaling, it's easier on the eyes, but I'm wondering about it maximizing and why there isn't anything in the changelog about it. Is maximizing the browser no longer a problem? Linux here too.
tbb 10 torbrowser-launcher …
tbb 10 torbrowser-launcher fix
wget -v 'https://github.com/sysrqb/torbrowser-launcher/raw/develop/share/torbrow…
/tor-browser-developers.asc' ; sudo cp -v ~/tor-browser-developers.asc /usr/share/torbrowser-launcher/ ; torbrowser-launcher ; echo "DONE"
Does not work for …
Does not work for torbrowser-launcher 3.2 in ubuntu. Torbrowser-launcher is steadfastly plagued with update issues. Developer not competent? Bad image for torproject team. Torbrowser-launcher from ubuntu software manager is how majority install tor browser.
torbrowser-launcher is…
torbrowser-launcher is nothing we provide. In fact we recommend not using it, in particular due to the issue you describe.
If it's not maintained…
If it's not maintained properly then why don't you fork it and make it an official one? There already seems to be tor developers helping to maintain it (intrigeri)
It supports AppArmor profiles on Debian/Ubuntu by default and feels a lot better than to launch a commonly used system application from an ugly folder all the time. You maintain a more legit app on Android/F-Droid at this point than desktop, you absolutely should fork this imo if you're having trouble with the current maintainer.
When we have enough time to…
When we have enough time to keep up with blog comments, then we will likely consider maintaining a installer/launcher like torbrowser-launcher.
Fails to work for Ubuntu 18…
Fails to work in Ubuntu 18.04.
long time bug ubuntu. …
long time bug ubuntu. noscript and httpseverywhere plugin icons do not show top right. version 9 and 10 tbb.
This applies to NoScript …
This applies to NoScript (and HTTPS Everywhere):
To add it back:
Click , select "Customize" (screenshot and button image from Firefox help)
Right-click and select "Add to toolbar", or drag them to the desired places yourself.
Those icons were hidden a…
Those icons were hidden a long time ago. If you need them, then open "Customize..." and drag them onto the toolbar. Modifying the settings of those add-ons may make your browsing activity unique however, so it's recommended to use the security level icon instead.
To be fair NoScript needs to…
To be fair NoScript needs to be there in the Safest mode. When people click it there should be a small warning to tell people that enabling Javascript on a per domain basis might be used to fingerprint you.
I only say this because at a seminar I went to virtually someone was teaching people JS tactics to use for some sites. Everyone who attended this virtual seminar will revert to using the same tactics, thus they would likely be indistinguishable from each other.
The NoScript & HTTPS…
The NoScript & HTTPS-Everywhere plugin-icons were removed from the URL-bar,
To reinstate them, Click Menu, click Customize,
Then left-click and hold button down on the NoScript icon,
and then drag it to the URL-bar and drop it (release the mouse button).
...
Tor 10, unlike Firefox ESR…
Tor 10, unlike Firefox ESR 78.3, does not have telemetry or unwanted connections to hosts such as firefox.services.settings.mozilla.org among many others. It would be great if you create a guide or a patch to remove those connections for Firefox ESR users.
Here: https://support…
Here: https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-…
These are only for the unwanted connections. Other patches are available in the Tor Browser repository.
If you wish to use Tor Browser without connecting to Tor set the following environmental variables:
TOR_SKIP_LAUNCH=1
TOR_TRANSPROXY=1
This does not work with tor…
This does not work with tor browser 10. How can i use tor browser without tor ?
You don't need TOR…
You don't need TOR_TRANSPROXY. What error are you seeing?
If i use only TOR_TRANSPROXY…
If i use only TOR_TRANSPROXY=1, i have error "The proxy server is refusing connections"
If i use TOR_SKIP_LAUNCH=1 and TOR_TRANSPROXY=1 i have "Hmm. We’re having trouble finding that site." No internet access.
9 version work perfect. But after update i have this trouble.
OS Windows 10
set network.dns.disabled to…
set network.dns.disabled to false. This extra setting got Tor Browser 10 working for me.
Yes: https://gitlab…
Yes:
https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/401…
Thanks for the information,…
Thanks for the information, I already had the steps of the Mozilla guide and I have not managed to eliminate all the connections. firefox.settings.services.mozilla.com continues making connections even after adding it to the host list, other connections not mentioned in the guide are made like location.services.mozilla.com, push.services.mozilla.com, among other.
Whether or not Tor Project…
Whether or not Tor Project does, here are some great places to start investigating such settings:
https://github.com/arkenfox/user.js -- Thorin frequently participates on the bug tracker for Tor Browser.
https://wiki.mozilla.org/Privacy/Privacy_Task_Force/firefox_about_confi…
Thanks, I will investigate…
Thanks, I will investigate about it.
The very best:*wtf* firefox…
The very best:*wtf*
firefox.settings.services.mozilla.com
Firefox connects to firefox.settings.services.mozilla.com. You cannot disable this. Your only recourse is to block access to this host in your "hosts" file by putting in this line:
127.0.0.1 firefox.settings.services.mozilla.com
That's right, there is no…
That's right, there is no way to disable this. The only way is by adding to the host list of the operating system. In my case it has not worked and Firefox continues to do so. In Wireshark I see that 2 DNS requests are made and the corresponding responses are received. 4 IP addresses belonging to AWS are associated, these IP addresses are not always the same.
I object. TP employees are…
I object. TP employees are overworked as it is. Why cannot you simply use Tor Browser instead of Firefox?
For TOR mobile, has bookmark…
For TOR mobile, has bookmark import/export been implemented yet?
No
No
Youtube now gives this error…
Youtube now gives this error now when starting a video after the new update.
same
same
same problem here
same problem here
Try invidio.us instead of YT
Try invidio.us instead of YT
That instance closed on 2020…
That instance closed on 2020-09-01. Try another, perhaps an onion service: https://github.com/iv-org/invidious/wiki/Invidious-Instances#tor-onion-…
Hi, I have been having…
Hi,
I have been having issues with updating tor. It started with me not realizing that it needed an update. I recognize this as my fault and I tried to fix it but as I tried I feel like it just got worse and worse. At first I tried the classic uninstall and redownload method but that didn't work. First off for some reason the tor browser installer kept saying "The destination directory already exists. You can try to upgrade the Tor Browser Bundle, but if you run into any problems, use a new directory instead Continue?". Even when I clicked yes my antivirus software would say that the firefox.exe was a high level threat so at first I ignored it but even when I did I would run into the problem of the tor browser saying "Tor Browser is already running, but is not responding. The old Tor Browser process must be closed to open a new window.". Now I know that Firefox was ok but my antivirus didn't like so I am not sure what to do. I have checked every last square inch of my files even when I delete all mentions of it will continue to say "The destination directory already exists. You can try to upgrade the Tor Browser Bundle, but if you run into any problems, use a new directory instead Continue?". Now even when I say yes it pops up in the middle of the download saying that it couldn't open the files for writing. I don't know what's going on all I know is I cant get into tor because I didn't know that I myself had to prompt it to update which is what caused all of this. I need help is the message I am trying to get across.
Thank you for your time.
Try rebooting (I know, not…
Try rebooting (I know, not very good advice), and you can delete the current directory and then re-install Tor Browser using the installer. However, before you try this, first please try using the built-in automatic updater (open the Help menu, then click About Tor Browser).
That is actually the correct…
That is actually the correct suggestion, the user has a background Tor process running and rebooting is the quickest solve to dismiss it. After reboot, the user should NOT start Tor again but instead uninstall at that time, then reboot again, then reinstall fresh.
This broke torbrowser…
This broke torbrowser-launcher (SO ANNOYNING! Not the first time this happens...)
Unable to use tor browser, it errors with "I'm being attacked"...
I and I expect lots of other…
I and I expect lots of other people have experienced similar issues with torbrowser-launcher in the past. Tor Project recommends not using it according to gk's answer above.
Now I just download Tor Browser from the website and let it auto-update.
Maybe they should update the…
Maybe they should update the appropriate repositories so the tools work the way users expect them to.
Yeah, i have the same…
Yeah, i have the same problem. I've done a fresh install of Ubuntu 20.04.1 and try to install Tor. I'm stuck in installing window with error I'm being attacked. I left the installing run for several minutes but it didn't finish.
you can fix it yourself…
you can fix it yourself until update shows in repo
https://github.com/micahflee/torbrowser-launcher/pull/499
https://github.com/micahflee/torbrowser-launcher/pull/499/commits/070a5…
Please correct miss labled…
Please correct miss labled Blog Post;
" New Release: Tails 4.10 by tails | September 22, 2020
To; New Release: Tails 4.11 by tails | September 22, 2020
https://blog.torproject.org/new-release-tails-411
And point "For more details, read our changelog." URL to;
https://gitlab.tails.boum.org/tails/tails/-/raw/4.11/debian/changelog
Thanks
Instead of loading some well…
Instead of loading some well-known .com site, Tor browser shows:
Onionsite Has Disconnected
Browser
Network
Onionsite
The most likely cause is that the onionsite is offline. Contact the onionsite administrator.
Details: 0xF2 — Introduction failed, which means that the descriptor was found but the service is no longer connected to the introduction point. It is likely that the service has changed its descriptor or that it is not running.
Can you please provide an…
Can you please provide an example?
It happened just one time…
It happened just one time. Probably, related to alt-svc. What else could it be...
All tabs closed. A lot of…
All tabs closed. A lot of new connections to addresses like cflares35lvdlczhy3r6qbza5jjxbcplzvdveabhf7bsp7y4nzmn67yd.onion
continue to have a sex with my PC (approx. 2 per second).
What the hell?
Thanks for the reminder. I…
Thanks for the reminder. I've wanted to open a ticket for this and investigate:
https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/401…
Since cloudflare sites…
Since cloudflare sites offers alt-svc, with TBB endless rotating cloudflare-onion-addresses are 'normal.'
When I go to DDG .onion @…
When I go to DDG .onion @ https://3g2upl4pq6kufc4m.onion/
I type in my search query and hit Enter but it goes to a blank page which says, "Forbidden."
The regular clearnet DDG page works without this error.
This is new in TB10.
How to fix?
I can't reproduce this. Are…
I can't reproduce this. Are you still seeing this issue?
> I can't reproduce this…
> I can't reproduce this. Are you still seeing this issue?
Yes. This is something very new to TB10, I have never experienced this issue on previous releases. Let me be clear, this is running TB10 on Linux, I am not using TAILS.
I can use DDG only via clearnet HTTPS but not via .onion. Something has changed. Hmmmm?
I can confirm a problem with…
I can confirm a problem with the Tor DuckDuckGo search page : https://3g2upl4pq6kufc4m.onion/html/
Loads OK, but when you enter a search item i.e. 'test' it fails with "forbidden"
(or another fail message, complains about an improper Tor-exit node)
However entering into the URL-bar works : https://3g2upl4pq6kufc4m.onion/html?q=test
...
Youtube is broken in this…
Youtube is broken in this release. Is there a way to fix this? ty.
Norton stopped the latest…
Norton stopped the latest download of Tor Update 10, saying unsafe. Now I cannot even access Tor. Please advise asap.
Some antivirus software will…
By the way, you can be updating automatically from within Tor Browser, if you aren't already.
Advise for you: https:/…
Advise for you:
https://support.torproject.org/tbb/antivirus-false-positive/
https://blog.torproject.org/comment/282671#comment-282671
https://blog.torproject.org/comment/284740#comment-284740
https://blog.torproject.org/comment/285592#comment-285592
https://blog.torproject.org/comment/286937#comment-286937
The browser up date was…
The browser up date was interrupted by my computer crashing due to printing a document. When I restarted the computer I can no longer open up Tor. I have tried many things including a backup restore. My question is, if I download the newest version of Tor, will it delete my bookmarks, etc. I really don't want everything gone. I can not find where to upgrade the browser bundle.
What is the error you are…
What is the error you are seeing when you try starting Tor Browser? Your computer crashing while downloading the update should not prevent starting Tor Browser again.
This has happened to me…
This has happened to me before. When the computer crashed it corrupted omni.ja or addonStartup.json.lz4 if I remember correctly, preventing the browser from starting. Also what happens frequently is, the browser opens but comes up with half the stuff not loaded and requires a second load to open correctly, though this is a long standing issue.
Tor Browser is based on…
Tor Browser is based on Firefox, so for things like bookmarks that aren't related to Tor, search for how to solve it in Firefox.
For your problem,
places.sqlite
file, which contains your bookmarks, to a directory (folder) outside of your Tor Browser directory. It is found in the directory where you installed Tor Browser. For example,/tor-browser_en-US/Browser/TorBrowser/Data/Browser/profile.default/
places.sqlite
file might work only with 9.5.4.places.sqlite
file might work only with 9.5.4. Copy your backup ofplaces.sqlite
into your Tor Browser directory, overwriting theplaces.sqlite
that is there. Then, open Tor Browser. You should see your bookmarks in the browser now.If you installed 9.5.4 over your existing installation, then once Tor Browser is running and you see your bookmarks in the browser, I strongly suggest that you properly export your bookmarks to an HTML file as explained here https://support.torproject.org/tbb/export-and-import-bookmarks/ and write down any "etc." things as you said in your post. Then, delete your existing Tor Browser directory. Install a new clean copy of 10.0. And finally, import your HTML bookmarks into your new clean 10.0.
Pro tip: Always backup (export) your bookmarks and custom settings before you update in case something breaks in the process of updating.
I updated, but it says "The…
I updated, but it says "The bookmarks and history system will not be functional because one of Tor Browser's files is in use by another application. Some security software can cause this problem." I also can't browse on Tor anymore, and it always says "Secure Connection Failed An error occurred during a connection to [site]. security library failure. Error code: SEC_ERROR_LIBRARY_FAILURE"
Please help with the fix?
Please try rebooting your…
Please try rebooting your computer (sorry, I know that's not very good advice)
> "The bookmarks and history…
> "The bookmarks and history system will not be functional because one of Tor Browser's files is in use by another application. Some security software can cause this problem."
Possible solution:
https://blog.torproject.org/comment/289228#comment-289228
But that problem continued in 9.5.4 and 10.0, so this Tor blog post needs a note added to it.
Exactly this error is…
Exactly this error is happening on my system. I've restarted and tried reinstalling TOR but it's made no difference. Started to happen following the update. TOR was working ok before the update.
Starting with Tor Browser 10…
Starting with Tor Browser 10 on Ubuntu NoScript is now preventing videos from playing if they are visited directly e.g. https://example.com/video.mp4
NoScript ignores any attempt to allow the media to play and changing Tor Browser's security level has no effect.
This seams to only apply to directly linked media from a remote server, embedded media still play normally, and local files also play normally.
Just to add to this…
Just to add to this. Directly visited videos seem to briefly start playing before showing the NoScript blocked icon. Seems counterintuitive? Though this is not a new thing.
media.videocontrols.picture…
media.videocontrols.picture-in-picture.enabled; true
Picture-in-picture blue icon appears over the right side of videos played in safer mode. It never appeared in older versions. None of the bugs reference it. Is picture-in-picture considered safe now, or was it overlooked in this release?
Lol this message appeared…
Lol this message appeared seconds before I posted my one about picture-in-picture
You removed Enhanced Tracker…
You removed Enhanced Tracker Protection and DNT options from normal Firefox browser. This is very bad, allowing anyone to distinguish Firefox+Tor or TorBrowser.
Add back ETP like normal Firefox has.
"allowing anyone to…
"allowing anyone to distinguish Firefox+Tor or TorBrowser." - Preventing this was never a goal for Tor Browser. Don't use "Firefox with Tor".
Sysrqb, thanks for…
Sysrqb, thanks for commenting. The first part of his request is actually valid, please don't dismiss it by rightfully faulting his last words.
TorBrowser has the User-Agent of Firefox, so by design it needs to blend in with the Firefox signatures. If now TorBrowser differs more (like he claims), it needs to be investigated and addressed ASAP. Would you be so kind to open the ticket for the issue?
Thanks.
The deletion of Tracking…
The deletion of Tracking Protection was intentional, and Tor Browser has avoided using Do-Not-Track for many years:
https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/5545
When experienced users of…
When experienced users of Tor Browser talk about distinguishing, it's usually in comparison to other users of Tor Browser. It is definitely not in comparison to normal web browsers because those are not designed to remain as identical as possible, and they start their traffic on the regular Internet. When you customize options like those compared to other users in the Tor network, you don't protect yourself from trackers. You make your Tor Browser more distinguishable from other Tor Browsers. Remember, Tor Browser does not operate starting on the regular Internet but through the Tor network. Tor Browser is designed to attempt to blend in with all of the other Tor Browsers coming out of the exit nodes as you are at the same time.
DNT: https://blog.torproject.org/comment/283701#comment-283701
Enhanced Tracking Protection is a third-party blocklist managed by Disconnect.me:
https://blog.mozilla.org/blog/2019/06/04/firefox-now-available-with-enh…
https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firef…
https://2019.www.torproject.org/docs/faq.html.en#TBBOtherExtensions
https://2019.www.torproject.org/projects/torbrowser/design/#philosophy
Disable: Always check if…
Disable:
Always check if Tor Browser is your default browser
Recommend extensions as you browse
Recommend features as you browse
Show alerts about passwords for breached websites
Prevent accessibility services from accessing your browser
> Prevent accessibility…
> Prevent accessibility services from accessing your browser
That one is enabled intentionally. Read:
https://blog.torproject.org/comment/284760#comment-284760
https://blog.torproject.org/comment/276644#comment-276644
https://blog.torproject.org/comment/286871#comment-286871
https://trac.torproject.org/projects/tor/ticket/27503
What is the UserAgent of…
What is the UserAgent of TorBrowser Android?
https://tor.stackexchange.com/questions/21579/please-what-is-the-userag…
Something like: "Mozilla/5.0…
Something like: "Mozilla/5.0 (Android 9; Mobile; rv:78.0) Gecko/20100101 Firefox/78.0"
XML Parsing Error: undefined…
XML Parsing Error: undefined entity
Location: chrome://browser/content/browser.xhtml
Line Number 1317, Column 7:
Updated from 9.5.4 and…
Updated from 9.5.4 and browser no longer connects to the port set with TOR_CONTROL_PORT environment variable. Why is there no documentation of this change and how do I fix it?
On Windows 10, it's not…
On Windows 10, it's not possible to load any website. Absolutely everything returns the "Secure Connection Failed" error.
fullscreen mode of tube…
fullscreen mode of tube shows the real screen resolution, the letterboxing function doesn't work at this case.
I've noticed this too. If my…
I've noticed this too. If my screen resolution is w*h then on youtube in fullscreen it shows (w-2)*(h-1).
Hello, it's not possible to…
Hello, it's not possible to post in the tails blog post however the title is wrong it says version 4.10 instead of 4.11, I hope any admin who sees my message will fix this.
We have detected that you…
We have detected that you have connected over Tor.There appears to be an issue with the exit node...
I get this massage constantly while using DDG Onion.
Is that a problem of DDG?
I am using the latest android version.
Does anybody else gets this message?
How do you get wayland to…
How do you get wayland to work? Seems to be x11 by default.
MOZ_ENABLE_WAYLAND=1 doesn't help
Letterboxing appears to…
Letterboxing appears to still be producing temporary window sizes that don't comply to the divisible by 100 rule. For example while resizing a window, width and height can be all over the place. I expect this to leak information about the window manger in use.
Similar temporary sizes are produced when using "Find in This Page" (Ctrl+F), window menu (Alt), "Full Screen" (F11), or "Developer Tools".
I run your js code on a…
I run your js code on a localhost apache2 server. Interesting values all quite over the place:
1601986376300: 900 / 700 <- pressing strg+f
1601986395300: 900 / 676
1601986395300: 900 / 611
1601986395400: 900 / 608
1601986395400: 900 / 602
1601986395400: 900 / 600
1601986451800: 900 / 599
1601986451800: 900 / 598
1601986451900: 900 / 600
1601986451900: 900 / 598
1601986451900: 900 / 600
1601986452100: 900 / 599
But I'm not sure how this could reveal the window manger in use.
How long OS X 10.9 will be…
How long OS X 10.9 will be supported? I wish it be the same as in 78 ESR
Google and YouTube display a…
Google and YouTube display a pop-up on European exit nodes for Alphabet Inc. privacy switches. Those links open new tabs to other Alphabet domains where the switches are. Will customizing those switches backfire and identify us across domains? Does Tor Project recommend users avoid those switches, or do the default preferences in Tor Browser nullify that possibility of backfiring?
Picture-in-picture isn't…
Picture-in-picture isn't working for me on macOS and linux. The button shows up (except on YouTube) and it expands when I hover over it but clicking does nothing. Is this known/is this supposed to happen?
What is the new official …
What is the new official _desktop_ User Agent string now? Thanks!
User-Agent: Mozilla/5.0 …
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
One more thing to take care…
One more thing to take care of. When Android version is released, make sure that intl.locale.requested and intl.accept_languages are set to default values or can be changed and stay changed. That's something currently Fenix nightly won't do.
just a heads-up; bug when…
just a heads-up; bug when browser is set to "Safest," javascript.enabled is still set to true in about:config. Tor Browser 10, non-alpha, linux
Yes, that was this note: """…
Yes, that was this note:
"""
Note: In this release JavaScript is controlled by NoScript again. JavaScript was completely disabled on the Safest security level beginning in Tor Browser 9.0.7. The Firefox preference javascript.enabled is reset to true in this release. You must re-set it as false if that is your preference.
"""
What´s up with https…
What´s up with https-everywhere?
It may be in a built-in addon in omni.ja now, but it doesn´t work apparently. So many sites now open as http and you have to manually change them to https and there´s nothing indicating https-everywhere is present, which also mean you can´t force encryption. Tried Tor 9.54 with https-everywhere removed and that works exactly the same way. So https-everywhere seems not to work in Tor 10. Also tried to install https-everywhere manually but it is being removed and the xpi-file gets deleted.
I can't remove HTTPS…
I can't remove HTTPS Everywhere since this new version, is there a reason to prohibit its removal? please add that option, I just removed NoScript tho.
Browser size is not rounding…
Browser size is not rounding properly, it's slightly off both in width and height (x99 or x98 instead of x00). I've tested this with various sites, including AmIUnique and TorZillaPrint, and compared it to 9.5.4 release which is always rounded to multiples of 100.
AmIUnique also reports that my canvas is unique. The displayed canvas is not just white anymore like in previous releases but filled with RGB lines.
I've tried running a fresh copy of the browser as well (i.e. not upgraded from older release but unpacked from tarball), and the issues persist. I'm not sure if it's safe to use the new release in terms of anonymity anymore, so I'd appreciate an answer from the team.
Have you considered…
Have you considered incorporating something similar to LocalCDN (but better), so people can use safest mode but also have websites work correctly? Thank you for this great release!
Content Security Policy:…
Content Security Policy: Couldn’t parse invalid host 'wasm-eval'
17:47:20.059 [Exception... …
17:47:20.059 [Exception... "Component returned failure code: 0x80520001 (NS_ERROR_FILE_UNRECOGNIZED_PATH) [nsIXPCComponents_Utils.readUTF8URI]" nsresult: "0x80520001 (NS_ERROR_FILE_UNRECOGNIZED_PATH)" location: "JS frame :: resource://gre/modules/L10nRegistry.jsm :: L10nRegistry.loadSync :: line 661" data: no] 2 L10nRegistry.jsm:661:19
Thank you for writing those…
Thank you for writing those notes and the update workaround in the original blog post!! Good management right there.
I updated, but it says "The…
I updated, but it says "The bookmarks and history system will not be functional because one of Tor Browser's files is in use by another application. Some security software can cause this problem." I also can't browse on Tor anymore, and it always says "Secure Connection Failed An error occurred during a connection to [site]. security library failure. Error code: SEC_ERROR_LIBRARY_FAILURE"
i rebooted pc but nothing .. does not work.
On upgrading to Tor 10,…
On upgrading to Tor 10, using Tor browser in transparent mode (i.e. TOR_TRANSPROXY=1) doesn't work.
I have a linux system that connects to the internet via a gateway running on a VM, so I don't use the tor proxy on the client VM. This client VM can no longer connect to the internet after the upgrade. Note that non-Tor browsers on this client machine CAN connect to the internet.
I tried re-installing Tor 10 with the same result. I re-installed Tor 9.5 and everything works ok. I have disabled upgrades because Tor 10 is currently unusable for me.
I am confused, in this post…
I am confused, in this post you say "Bug 40016: Update Snowflake to discover NAT type", but Snowflake is still not available in the stable release?
Yes, that's true. That is a…
Yes, that's true. That is a mistake (copied from a previous Alpha releases).
how to turn off animations…
how to turn off animations/effects like it was with toolkit.cosmeticAnimations.enabled;false in previous version of firefox?
browser.tabs…
browser.tabs.maxOpenBeforeWarn
Seems to be broken.
Recently switched from…
Recently switched from Windows 10 to Ubuntu 20.04. Was able to download and use tor with just a minimal learning curve thing.
Tor updated. So did Ubuntu, to 20.04 LTS. Somewhere along the way, I can't access tor any longer. I have spent 4 days that I will never get back doing every damn trick that is out there in the blogs to make tor functional. I get bupkis.
Am I the only schlepp on the planet going through this? Or are there others just not bothering and using clearnet instead.
I'm new to Linux, to be sure. I also have buddies in the tor world that are really tech savvy and need to use little words for me. That said... I'm NOT imagining this. I've tried both Ubuntu and Linux mint 20.04 LTS. I've done simple and not so simple things in terminal.
I want to say again... before the TBB update, I had NO such hoops to jump through. It was super easy to get tor to work. Really. Now? Damn near impossible. Help needed. If you send me to blog posts already posted? I've tried them. It's not working.
Somewhere between the latest updates that collided TBB and Linux vs 20.04 LTS? Hell came to my breakfast table.
Help appreciated.
Thanks.
FML
Can you describe exactly…
Can you describe exactly what isn't working?
It seems letterboxing doesn…
It seems letterboxing doesn't work properly when HiDPI scaling enabled on GNOME.
Previous version works good.
I do love Tor Browser, but…
I do love Tor Browser, but the list of "popular" websites blocking/censoring Tor seem to be growing by the day:
https://www.macys.com/
https://www.merriam-webster.com/
https://www.quora.com/ (Partial block)
https://www.snopes.com/
These are just four websites that are either difficult to access natively in Tor Browser—i.e., clicking the "New Circuit for this Site" button enough times will eventually provide access—or impossible to access natively in Tor Browser—i.e., clicking the "New Circuit for this Site" button umpteen times won't give you access.
You've successfully implemented solutions to deal with blocks/censorship on a country level, but can anything be done to mitigate/circumvent the blocking/censorship that's happening more and more on a website level?
An official up-to-date list of websites currently blocking Tor would be a good start!
The RSS preview workaround…
The RSS preview workaround of adding "view-source:" before the URL doesn't work anymore.
> Bug 33856: Set browser…
> Bug 33856: Set browser.privatebrowsing.forceMediaMemoryCache to True
Playing video is fully broken in 32-bit Windows!
Hello! TBB10 is fine! Here…
Hello! TBB10 is fine!
Here some regressions since TBB9.5.4 however:
- open https://vc.ru - you may see the site-icon at browser-tab is BROKEN. I had observed such kind of icon-corruption at some other sites too - do not remember the urls.
This version of Tor Browser…
This version of Tor Browser ignores window manager settings like "do nothing" on title bar double click, and will maximize when double clicked.
Previous version honored this setting and would not maximize. Regular firefox continues to honor this. This is unique to TB 10.0.
Why I see securedrop cookies…
Why I see securedrop cookies if I never opened securedrop.org site?
My guess is that comes from…
My guess is that comes from the background connection https-everywhere makes for fetching the *.securedrop.tor.onion ruleset.
What happened to the…
What happened to the blinking yellow exclamation point when an update is available? I just realized one of my VMs was still on 9.5.1, and must have missed several updates due to insufficient disk space. I only noticed it was still an old version because the URL bar looks slightly different in 10.
AmIUnique.org says my…
AmIUnique.org says my browser is unique because of canvas. Is canvas now being deliberately randomized? I thought Tor Project always argued than uniformity is better than randomization, so why this change in strategy now?
You might enjoy this thread:…
You might enjoy this thread:
https://lists.torproject.org/pipermail/tbb-dev/2020-April/001066.html
The picture-in-picture…
The picture-in-picture button appears on videos now. Clicking it does nothing, but right-clicking a video and clicking "Picture-in-Picture" in the menu activates picture-in-picture.