New Release: Tor Browser 8.0.2
Tor Browser 8.0.2 is now available from the Tor Browser Project page and also from our distribution directory.
This release features important security updates to Firefox. We picked up the necessary patches, but because we needed to start building before Mozilla was ready with a first candidate build, we did not bump the Firefox version to 60.2.2esr. Thus, users are fine with Tor Browser 8.0.2 even though the Firefox version is 60.2.1esr.
Known Issues
We already collected a number of unresolved bugs since Tor Browser 7.5.6 and tagged them with our tbb-8.0-issues keyword to keep them on our radar. The most important current issues are:
- WebGL is broken right now.
- Accessibility support is broken on Windows. We are considering options to address this issue right now.
- Tor Browser 8 is not starting anymore on some older Ubuntu/Mint Linux systems. We still have issues to reproduce this bug but hope we can fix it in the next release.
- Tor Browser 8 is not starting anymore on CentOS 6. We have a fix in our 8.5a2 release to give it a bit of testing. Users affected by this bug may resort to that alpha version for now. We plan to backport the patch in the next stable release.
- NoScript is not saving per-site permissions anymore. We have a potential patch for this bug in our 8.5a2 release as well and plan to backport it, too, in the next stable release in case no issues with it are found.
- While preparing the 8.0.2 release we encountered intermittent reproducibility failures for Linux (64bit) bundles.
The full changelog since Tor Browser 8.0.1 is:
- All platforms
- Update Firefox to 60.2.1esr
- Backport fix for Mozilla bug 1493900 and 1493903
- OS X
- Backport fix for Mozilla bug 1489785 for macOS 10.14 compatibility
Comments
Please note that the comment area below has been archived.
Don't know what happened but…
Don't know what happened but I upgraded from 7.5.x to 8.0.2 and since, I got a ton of Cloudflare pages telling me to solve lots of Google Captcha because I need to "run an anti-virus scan on [my] device to make sure it is not infected with malware". But whatever I try, the problem is still there : anti-virus, anti-malware, reinstalling TBB, and so on. I even tried to reset my W10 and to install a full TBB 8.02 archive : the problem is still there. I cannot beleive the problem is on my side, but since you don't report such a problem, I'm wondering what's going on ? :/
A lot of shitty sites sell…
A lot of shitty sites sell your data to Cloudflare which asks your confirmation to proceed.
Cloudfare being Cloudfare…
Cloudfare being Cloudfare. Meanwhile, we are all improving Google's artificial intelligence for free by filling reCAPTCHA.
I never fill in capchas.
I never fill in capchas.
change tls.max.version to 3…
change tls.max.version to 3 from 4 in about:config as a workaround until cloudflare fixes see: https://trac.torproject.org/projects/tor/ticket/27848
No, don't do that. It would…
No, don't do that. It would make you fingerprintable.
The proper workaround when you see a Cloudflare CAPTCHA is to press Ctrl+Shift+L ("New Tor Circuit for this Site") until it goes away.
This is the only thing that…
This is the only thing that works without making me extremely homicidal towards Google and Cloudflare, but it is not a sustainable solution, as the list of accepted TOR exit nodes must get smaller all the time (due to abuse, or just being flagged as TOR exit nodes - ask Cloudflare how it works).
This is precisely why I…
This is precisely why I learned the shortcut.
Another way is to use archive.org or another service to access the site, which is no problem if you know the page is years/months/weeks old anyway. Or find another way.
Some sites don't work at all no matter how much you try a "New tor circuit", those are sites that throw an Error 403 or a raw text page to that effect. Even sites where you may need to download Windows drivers. Be careful there I only trust drivers from the original manufacturer website.
I agree insofar that the Tor…
I agree insofar that the Tor project could have/should have done this themselves. They have tested this beforehand and must have noticed this issue.
It doesn't matter how "secure" your browser is if it doesn't work half of the time. I'll stick to using Tor 7.5.6 until the 8.x Tor browser works reliably. And in that I include a summary that doesn't start with "Known Issues: WebGL is broken right now." I get it: WebGL is not very good. And FireFox itself has been getting worse and worse with every update. Maybe the Tor project should dial the Firefox version back a bit and just apply the updates concerning privacy/security.
This is nothing to do with…
This is nothing to do with viruses, malware or the update, or your system. Cloudflare simply has a list of tor exit nodes and applies the captcha globally to them. That can be adjusted individually by each website which uses cloudflare. Lots of websites block tor exit nodes by default.
You can use bing or startpage cache / proxy to read some websites, without solving a captcha. Google itself has a captcha on tor.
If you don't believe me then install tor browser 7.5.x on a different computer, then look at the same websites on both.
The upgrade went fine! For…
The upgrade went fine!
For the CAPTCHA issue there is https://trac.torproject.org/projects/tor/ticket/27848
I get the same. Also the…
I get the same. Also the captcha seems to be poor quality? It takes a lot of clicks to get verified. All I can assume is the circuit you are given is on their blacklist of sites - but its very common.
It should be better now. …
It should be better now. The bug report mentioned in other replies is marked fixed now and anecdotally I don't see as many captchas as before.
New version screws up my…
New version screws up my fave sites (Win 7) asking for captcha and can not solve the captcha. I system restored old Tor version and now all is OK. But Tor updates automatically, so next time I restart I'll be hooped again! Please fix so no captcha required for sites, such as YIFY movies
Since xul to webextensions…
Since xul to webextensions was the biggest change when ff went quantum, I'd *suspect* that loss of noscript functionality causes these tor browser 8 site "incompatibilities".
But why even [i]have[/i]…
But why even have Quantum then? You know what I mean? It's not like Mozilla owns torproject. The core concepts of Tor (as far as I'm aware) are anonymity through a daisy chain of proxies and everybody looking the same. Just stick to a pre-Quantum Firefox - or even an entirely different browser. I bet the Linux community would have a few lovely browser suggestions that are neither Firefox nor Google's Chrome. While I would miss the addons, I would be happy to have a Tor browser that delivers a... smoother experience. I mean 8.0 was released in early September but every time I check the current version, everything's ... kind of a mess, really. It honestly feels to me like an alpha version was pushed to live as part of a joke but the rest of the team took it at face value and now the person responsible doesn't dare to speak up...
This worked for me in…
This worked for me in Windows. Re-install the old version. In the Tor Browser folder, navigate to \Browser\TorBrowser\UpdateInfo. Delete the folder UpdateInfo. Or, alternatively, open UpdateInfo and delete the file "active-update.xml". Then navigate on to "*\updates\0" and delete the files "update.mar", "update.status", and "update.version". Use the hamburger stack to open Options, then set the update preference to "Never check for updates (not recommended)". If you don't mind being nagged by a popup, enable "Check for updates but let you choose to install them". Close your browser and restart it. If the delete folder "UpdateInfo" option was chosen, that folder should be regenerated upon restart. But it will be empty, and your TBB version should persist as your old version.
It would be really nice to…
It would be really nice to have a Tor browser on UBports' Ubuntu Touch...
I second the comment above…
I second the comment above about Cloudflare problems.
I also have huge problems with Cloudflare captchas since the upgrade to TBB 8.0 at the beginning of September, 2018. I use TBB on both Win10 and Ubuntu, and the Cloudflare problems occur on both.
Cloudflare has been a big problem for us TBB users for a long time, but the situation had gotten a bit better throughout 2017 and 2018, even without any "privacy pass". But starting exactly with the TBB 8.0 upgrade, huge numbers of websites became unusable because of Cloudflare captcha loops (you're shown captcha after captcha, but it never acknowledges that you solve the captcha correctly, and the loop never ends).
How many sites you find which are now inaccessible depends on your browsing habits of course, so I can only give my situation. I read many sites every day, covering a big range of topics. In my case, I now find around 30-40 different sites per day where TBB is completely blocked by Cloudflare. Even for heavy internet use, it's a lot. Since most are sites I visit regularly, I'm certain that they were not blocked before the 8.0 upgrade.
It should be better now. …
It should be better now. There was a bug report tracking the issue that has been marked fixed and my personal experience is that I don't get as many captchas as in recent weeks.
The bug report is here:
https://trac.torproject.org/projects/tor/ticket/27848
Second dot release and still…
Second dot release and still: Safer - is unusable, Safest - is unusable. Is new 8.x for dummies only?
What do you mean with …
What do you mean with "unusable"?
That means the control of…
That means the control of partially allowing some web content is totally lost.
And without js most sites…
And without js most sites are unusable.
After upgrading to 8.0.1. my…
After upgrading to 8.0.1. my system seems overwhelmed. I am not too savvy but prior to upgrade I would have one firefox.exe open for each tab that was open. Now I may gave as many as 3 for each tab open. I am using an older laptop running windows 7 and at my age not too inclined to spend the money to stay with the newest platforms. I used TOR because it was not a resource hog but that has changed. Is there something I can do to fix this?
Go into the options and…
Go into the options and under "Performance" disable "Use hardware acceleration when available" and change "Content process limit" to 1. For me, this reduces memory usage considerably. There are reasons why the default settings are good, but for me they aren't worth the cost.
I'm running LinuxMint 19.0…
I'm running LinuxMint 19.0 and Tor browser 8.0.2
Tor onion circuit menu still not available
what's going on?
I think you are looking at…
I think you are looking at the wrong place. We moved the circuit display to the URL bar (more specifically it is now behind the "i" icon which you get when loading a web page) which we announced in our Tor Browser 8.0 blog post, both with some animations and in the blog post text.
Why does it show a padlock…
Why does it show a padlock instead of an onion for onion domains?
Not sure exactly what you…
Not sure exactly what you mean but you might hit https://trac.torproject.org/projects/tor/ticket/27657.
That's it.
That's it.
Check More Information for…
Check More Information for https://3g2upl4pq6kufc4m.onion and discover it doesn't fit into Page Info window.
The circuit display is not…
The circuit display is not there when we click the 'i' icon - Only displayed is ''secure connection'' and ''permissions'' - this is for windows 43 bit and windows 64 bit too.
Please sort it out r update us here when it has been fixed.
I've seen that, and it's…
I've seen that, and it's erratic. But if I click "New Circuit for this Site", it seems to load a complete circuit path.
NO CIRCUIT DISPLAY - see my…
NO CIRCUIT DISPLAY - see my image link for thie proof
https://imgur.com/a/xUyvRbR
What operating system and…
What operating system and security slider level is that? Do you get errors if you look at the log output in the browser console (Ctrl + Shift + J)? Does that happen with a clean, new Tor Browser installed to a different location?
Windows 10, 64 bit, tried it…
Windows 10, 64 bit, tried it with 32bit and same issue, same issue when security level is at low or high. download and refreshed and installed it 3 times and same issue no circuit displayed at all.
I installed the tor browser…
I installed the tor browser on a new machine a few days ago and just realized it doesn't show the circuit hops anymore. (I'm not sure if that was the case from the moment it was installed.) It's running on Ubuntu 18.04. The security slider level is standard.
It does -- it's just in a…
It does -- it's just in a different place.
On the home page that it gives you on startup ("about:tor") it tries to help you learn what has changed.
I'm referring to the same…
I'm referring to the same issue as SMITHY is showing on the screen shot.
I have been using 8.0.2 since it has been released and know the circuits were displayed in a new place. It's a different problem:
When I use a bridge, the circuit is not displayed (I get the same information as SMITHY)
when I don't use a bridge the circuit is displayed.
I only noticed that yesterday because I didn't use a bridge before and I think it's confusing.
Interesting. Are you using…
Interesting. Are you using any of the built-in bridges? If so, does that just happen with a particular type? If not, does it happen with built-in bridges as well?
It actually desn't happen…
It actually desn't happen with the built-in bridges that successfully connected to the network no matter the type.
How do you get the bridges…
How do you get the bridges where you can reproduce it?
I forgot: nodeData[i].ip is…
I forgot:
nodeData[i].ip is undefined tor-circuit-display.js:297
updateCircuitDisplay chrome://torbutton/content/tor-circuit-display.js:297:11
onLocationChange chrome://torbutton/content/tor-circuit-display.js:326:25
callListeners chrome://browser/content/tabbrowser.js:704:18
_callProgressListeners chrome://browser/content/tabbrowser.js:727:7
_callProgressListeners chrome://browser/content/tabbrowser.js:4230:12
onLocationChange chrome://browser/content/tabbrowser.js:4577:7
_callProgressListeners resource://gre/modules/RemoteWebProgress.jsm:144:11
receiveMessage resource://gre/modules/RemoteWebProgress.jsm:237:7
That was driving me freaking…
That was driving me freaking crazy, not being able to find the circuit info. Thought it had been removed and I was going to downgrade back to 7.
extensions.langpacks…
extensions.langpacks.signatures.required;false
WTF?!
The 'Reload Every' option…
The 'Reload Every' option for each tab seems to have disappeared over the last couple of updates. Why has this been removed, and can it be placed back again?
web search implies that …
web search implies that "reload every" is a feature of at least three extensions. It is also either feature of opera or a chrome extension.
receive you device does not…
receive you device does not have permission to access file no matter how many times i download it
Since these updates to version 8, version 8.0.1 and 8.0.2 there has been nothing but problems,
Do you have some Antivirus…
Do you have some Antivirus/Firewall software installed that could be interfering with Tor Browser?
Yes got McAfee, but that has…
Yes got McAfee, but that has never been an issue before, and McAfee doesn't seem to be the thing interrupting it.. I download 32 bit and it works ok now. apart from no circuit display :(
The circuit display will be…
The circuit display will be displayed when you press on the green lock icon near the https:// or near the 'i' circle.
search for the exact phrase…
search for the exact phrase inside quote characters.
when searching for, "your device does not have permission to access file", the results are at least two similar error messages.
STILL NO CIRCUIT DISPLAY FOR…
STILL NO CIRCUIT DISPLAY FOR 8.0.1, same problem with 8.0.1..
In the old version of tor …
In the old version of tor (less than 8.0) i could download the source code and recompile it( change the number of nodes for example) and create a new tor.exe file and switch it with the tor.exe file that create with tor installation.
but now, in the new version of tor the 8.0 and above when im doing that i'm having error- 0xc00007b-which means that i'm working with 32 bit on 64 bit or 64 bit on 32 bit. i found work around way that i can install an old version of tor(less then 8.0 version) do the update to 8.0.2 and then i can change the tor.exe file without any error.
why this thing happens?
is the bug fixed when i have…
is the bug fixed when i have tor browser in veracrypt and lock vera crypt and open, the torlauncher and torbutton wont start, is that fixed?
Latest McAfee is…
Latest McAfee is Quarantining the firefox.exe file stating the threat is
Real Protect-LS!8AC8CAD041C5
When searching McAfee's own site this is not found ?
McAfee is a crap.
McAfee is a crap.
Having looked into a wide…
Having looked into a wide variety of Antiviruses and I think as far as free options go Avira's Antivirus has the best combination of protection and respectful privacy settings. You've just got to live with one self advertising popup every two days.
That being said: I am a random person on the internet. You can take my advice as a point to check out, but you should do your own research into reading privacy policies as well as test results. ;)
This new update has McAfee …
This new update has McAfee quarantined the update AGAIN. This happened with the last update 8.1 too and I left a comment about it then. I restored this quarantined thing just now and rebooted but McAfee still quarantined it again when I tried opening the browser. I'm now using TBB version 8.0 because that's the only downloader I hadn't deleted yet. I'm using Windows 10 64-bit.
http://imageupper.com/i/?S1100010100011R153858960765664
while remaining on ver 7.5.6…
while remaining on ver 7.5.6 for now, I want to note that you guys have a really hard job to do and it isn't reasonable to expect it to be done quickly or without new problems arising
Staying on outdated version…
Staying on outdated version is not an option. Migration is really hard this time. But it doesn't mean Tor Browser Team should rely on Mozilla's patches & make releases without testing.
I didn't see these addressed…
I didn't see these addressed so I'll add them:
- Tor still doesn't remember the size of the browser window, so those of us who have the menu bar open, or addons for tabs, always end up with a unique sized window that is read read by whatever tab happens to be loading.
- I can't login to disqus. I have added it to the whitelist, to no avail.
- I wish you could get sync back.
I have those issues with Tor under Windows 7 SP1, Linux Ubuntu 16.04, and Linux Ubuntu 18.04.
Thank you
Your window size problem is…
Your window size problem is deliberate, to avoid fingerprinting. If you set privacy.resistFingerprinting to true in about:config for vanilla firefox, you will experience the same thing.
The Disqus bug is https:/…
The Disqus bug is https://trac.torproject.org/projects/tor/ticket/27249. We could need some help investigating that one.
Does it work with NoScript…
Does it work with NoScript 10.1.9.9?
Gesturefy extension still…
Gesturefy extension still not work.
No support for extensions.
No support for extensions.
Personally I don't care…
Personally I don't care about that AddOn either, BUT: An AddOn not working might be an indicator of something else that's broken in the Tor browsers' code. For all we know this could be highly valuable feedback for the devs. Hence giving feedback shouldn't be discouraged. ;) It's still at least [i]related[/i] to the issues at hand.
I had TOR once, but am not…
I had TOR once, but am not sure I have it now. How can I find out?
This TBB 8.0.2 seems to…
This TBB 8.0.2 seems to solve the Cloudflare / Google Captcha problem. Thanks !
Cloudflare fixed it on their…
Cloudflare fixed it on their side.
It's going to be great when…
It's going to be great when Tor Browser gets accessibility support on Windows again. I miss privacy.
caprcha still fucks my mind,…
caprcha still fucks my mind, none of recipts of this tread does nnot help
If you enable Media for the…
If you enable Media for the site before it is fetched, NoScript blocks it without any indication!!!
Do you have steps to…
Do you have steps to reproduce this behavior?
Heh. You should have your…
Heh. You should have your own tests, guys! ;)
But, okay. Try to search something on youtube (Safest). You then have to enable Script on that page to see anything, but try to enable also Media and Fetch (beforehand, as they are not colored red yet). And you get in the console:
element has no “src” attribute. Media resource load failed. results
All candidate resources failed to load. Media load paused.
Also click on the first found video, and you get empty rectangle instead of media player on its page.
NoScript is also getting…
NoScript is also getting reset to allow-all every time TorBrowser is relaunched. This is a serious breach of controls, please ensure this is fixed!
new update (Tor Browser 8.0…
new update (Tor Browser 8.0.2) color changing make feel worst. older green is feels good. specifically tabs (current tabs and other tabs) colors makes very bad. chrome only behave aggressively like this. now i am worrying and some bad hand interfere tor....
Hello! After upgrade to…
Hello! After upgrade to version 8.0 (x64) I cannot resize main window, only maximize or minimize. How I can resize browser?
Troll?
Troll?
Websites can easily see the…
Websites can easily see the exact size of your browser window, so if you are using anything other than the Tor Browser default, they may be able to identify you, possibly even uniquely identify you. For this reason, TB discourages you from trying to resize the window. Since different devices (e.g. laptops, tablets) have differently sized and shaped "maximized" windows, TB suggests that you not maximize the window either.
This might be OT but i have…
This might be OT but i have a question, a new version of tor has been released, but i remember the previous one was showing where you were connected, like germany-france-usa. I cannot find this option anymore. Has it been removed or is it still there? Thanks.
You can see the circuit by…
You can see the circuit by clicking on the left of the URL.
A minor improvement of TBB8:…
A minor improvement of TBB8: I can reply to more than one comment here.
With previous TBB, blog.torproject.org's newer commenting software allowed only one reply, then the page disabled or hid the "Reply" link on every comment. The "Reply" links showed again after TBB restart. But as I recall, the faster workaround was to clear cookies or something else that did not require TBB restart.
Odd, I haven't been seeing…
Odd, I haven't been seeing that at all. In my recent experience at this blog (using the latest Tails, which uses the latest Tor Browser), as long as I set the slider below "Safest", and answer the captcha, the comment appears to be submitted properly (but presumably was nixed by the moderator, in cases where it never appears).
Why does Tor look different…
Why does Tor look different after the 8.0.2 update? The opening (Start Up) page is purple and there isn't a bookmark for check to make sure your using tor
Ever since I updated to 8.0…
Ever since I updated to 8.0.2 the start up page is different. The page is purple and completely different than the last version that I had where I could check to make sure I was connected to Tor. Is this normal or have I been bugged?
This is normal. This was…
This is normal. This was changed with the 8.0 release:
https://blog.torproject.org/new-release-tor-browser-80
in this version has a script…
in this version has a script, does someone tell me where is it located now?
Hello torproject, why one…
Hello torproject,
why one can not unpack the browser-dir( [0] ) in the TBB-64bit-install.exe-file?
I don't understand the…
I don't understand the question. What are you trying to unpack, and how do you do it?
He asks why Win64 bundle is…
He asks why Win64 bundle is a normal PE+ (with [0] section inside) which cannot be extracted by common archiver (7z, etc) while Win32 bundle is a normal SFX archive.
I used to do this too. You…
I used to do this too. You could open the executable installer as an archive with 7-zip or other tools and extract it, and running it from the extracted folder would work the same as if you properly ran the installer to copy the browser into a folder. Not running executables from the web just seemed like the properly paranoid thing to do. I think I stopped because of a warning in the installation and usage instructions that any deviation from them means that the security benefits promised by TorBrowser can't be guaranteed.
Instead run exe, unpack it …
Instead run exe, unpack it -easy to understand?
No problem with 32bit file, yet.
Access denied. Your IP…
Access denied. Your IP address is blacklisted. If you feel this is in error please contact your hosting provider's abuse department.
take a bridge or a vpn …
take a bridge or a vpn (windscribe is free)
When I cut off network then…
When I cut off network then close TBB and reopen, cookies are not cleared.
Did you select the option …
Did you select the option "Remember my browsing and download history" in the "Privacy & Security" preferences?
I forget to select "Clear…
I forget to select "Clear History When Tor Browser Close", maybe it's my fault.
how to create a custom …
how to create a custom .onion domain name . i try a make domain name .onion but its not working :-(
https://www.torproject.org…
https://www.torproject.org/docs/tor-onion-service.html.en
Menu "Preferences>General"…
Menu "Preferences>General" don't open. What happen?
I use Tor Browser 8.0.2 on Ubuntu 32 bits.
Do you get an error message…
Do you get an error message in the browser console (Ctrl+Shift+J) if you are trying it? If so, which?
I Just hate Captcha, but…
I Just hate Captcha, but what we do its all about search engine algorithm.some where the main reason is security.
WTF happened to noscrpt? Now…
WTF happened to noscrpt? Now it's on ALLOW ALL by default! Brilliant.
Is there no way to set this back to BLOCK by default? I tried and each time I open the browser, back to ALLOW ALL.
NoScript has always been on…
NoScript has always been on by default but you can adjust the security slider (click on the onion on the toolbar and on Security Settings...) to change that.
you added an annoying…
you added an annoying glowing (!) mark in the onion logo to force the users to update the browser even if my updates are turned off shame on you I switch to epic browser asap. you became worse than the multi national companies with their scams and user hacks
SHAME ON YOU!!!!!!!!!!
I love you
I love you
Hello Tor Project Team, I've…
Hello Tor Project Team,
I've had some trouble conserving TBB 8.0.1 as a backup to 8.0.2. After doing several re-installations, TBB 8.0.1 had continued to force an update to TBB 8.0.2 in spite of enabling either:
1. "Check for updates but let you choose to install them", or
2. "Never check for updates (not recommended)" ... using the hamburger stack:
"Options>General>Allow Firefox to".
I have discovered that a file named "active-update.xml" has appeared in v.8.0.1 Tor Browser\Browser\Torbrowser\UpdateInfo. Checking Tor Browser\Browser\Torbrowser\UpdateInfo\updates\0 reveals three more files:
1. "update.mar" (a Microsoft Access Report Shortcut, as per checking file properties)
2. "update.status" (Opening in Notepad shows "pending")
3. "update.version" (Opening in Notepad shows "8.0.2"
Deleting each of these four files, or the entire UpdateInfo folder before exiting TBB 8.0.1 prevents the forced update to TBB 8.0.2 when restarting TBB 8.0.1 . The UpdateInfo folder is regenerated as an empty folder after a restart. So ... I feel better. And you, chupta? Thank you for your dedication, and the good things that you provide us all with.
noscript does not work…
noscript does not work correctly:
example:
with the security-slider set on "high"
go on: https://metager.de/
1. noscript is on "standard" - you won't see the icons for "Web", "News/Politik", "Wissenschaft" ... "settings" and so on around the search field are not visible = normal behaviour
2. click on "temp. TRUSTED" and reload the page: icons become visible. This noscript setting alone should not allow icons to be displayed as the security slider is still on "high". Do noscript and the security slider no longer interact correctly???
3. click on "delete temporary permissions" (icon "clock icon" on the rightmost) and reload the page. Now, the icons on the metager.de-site around the search field should not appear - just like in point 1. "standard" as noscript should block the icons. However, the icons around the search field are still displayed.
4. click on "MISSTRUST" in noscript. The icons on metager.de should not be displayed. However, they are definitely displayed.
Am I doing something wrong in noscript? Or is noscript doing something wrong?
Another question concerning noscript:
How can you get directly to noscript.net? In the old versions of TBB you just had to open "addons" and click on the link under "NoScript". This link is missing now. Or is there another way to get to noscript.net now?
Another problem:
https-everywhere:
When installing TBB, the https-everywhere-icon does not appear, you have to click on "customize" in the browser menu and drag and drop the https-everywhere-icon manually - just like in many versions of TBB before. For some versions this problem was solved, but now it reoccurs.
And finally, another point:
In the German version of TBB, on the introductory page, there are three different translations for the English "circuit". There is: 1. Circuit-Ansicht (which is no translation!). 2. In the explanatory text there is "Zeige deinen Pfad" - here "circuit" becomes "Pfad" (= "path") and users are told to "choose"( = "wählen", which should be "click on" = "klicken auf" - not "choose") "Neuer Pfad für diese Seite". 3. If you do so and click on the "Informations-Symbol" which is the padlock, you will not get "Neuer Pfad für diese Seite", but "Neuen Kanal für diese Seite". (By the way: this should be: "NeueR Pfad" (nominative) instead of "NeueN Pfad" (accusative) - but this is only a minor mistake.)
So you have three names for the English word "circuit": 1. circuit, 2. Pfad, 3. Kanal
On the right, at the bottom of the introduction. you will read "Pfad" again. If you click on that field, you will get to Duck Duck Go and you will read "Circuits" again, and:"Relays". In the old version of TBB you used "Relais" as translation for "relay". And if you click on the green padlock, "relay" is translated as "Verteiler".
First and foremost, this is not a question of translation, but a question of logical thinking. Even with not knowing German at all, you can easily realise that there must be something wrong with so many different tranlations for one thing. And the correct translations had been available from older versions of TBB.
This is not explanatory at all, on the contrary - it is confusing.
On the introductory page you have a link "FAQ", and there you will find a link "NoScript FAQ", which will open the FAQ for the old noscript version(s). There is no official documentation for noscript. All you can get is a link to a blog writer giving "basic" information about the new noscript. This is very basic indeed and not an official documentation.
Another link will redirect you to a page inteding to give an overview of the new noscript in a nutshell. A nutshell is not enough for understanding the new noscript - as you can see from the "226 Responses to “NoScript, "Quantum" vs "Legacy" in a nutshell”.
You have to provide a clear official guide to the new version of noscript.
Everything has become difficult enough. But do we really have to plough through a white text on a black background? Do you really want us to spoil our eyes?
Has everything to be put upside down now?
For me, all that is a complete mess. Sorry, but I really tried to give my very best to come to grips with all the novelties and tried to find information, read and understand. But now I'
ve come to the conclusion that any effort will always lead to the point that there is no clear information.
Please, do your homework and make things clear and understandable
Localization for Tor Browser…
Localization for Tor Browser is done by volunteers, so you're welcome to help out if you think something doesn't sound right. You can find more information on how to contribute to translation efforts here:
https://www.torproject.org/getinvolved/translation-overview.html.en
Thanks for your feedback! I…
Thanks for your feedback! I filed https://bugs.torproject.org/28417 and https://bugs.torproject.org/28418 for it.
Hi, would someone mind to…
Hi, would someone mind to explain what EXACTLY the "Safest" option adds over the "Safer" one ?
In complete technical terms. What is blocked that wasn't previously, when you go from Safer to Safest ?
For example, at same NoScript configuration, Safest doesn't play videos on YouTube or PornHub, but Safer does. For this particular case, what is being blocked ? It doesn't seem to be Mediasource, from a quick look at about:config.
I would rather downgrade Safest a little through NoScript than upgrade Safer, if possible, because I want to be..safest, while watching a video.
For example, at same…
For example, at same NoScript configuration, Safest doesn't play videos on YouTube or PornHub, but Safer does.
No guarantees at all.
As an example of taken over exit nodes. Several exit nodes from indonesia will prevent you from accessing certain sites anyway. If you are lucky you will be redirected to a page that is telling you why access is blocked, a legal notice page telling you that what you are doing is forbidden.
NoScript will not help you with this.
Beside this kind of governmental educating interferences, maybe you should consider other technical solutions for your certain needs, like using VPN.
Using VPN for your happy video consuming needs will be faster and will not be unnecessary heavy using Tor network that is essentially mend for serious exchange of information.
In other words, don't block people that need Tor network for their human existence in places where there is lack of sufficient human rights with happy over consuming video downloading, file sharing etc.
Be social and consider using VPN solutions for that.
At first I thought you were…
At first I thought you were trying to reply but didn't understand the question. Then I got that you wanted to just bar video from Tor.
Hopefully someone else knows the difference between Safer and Safest: It appears that with identical NoScript configurations, videos only work on the former.
There are more differences obviously, and I'm looking for a full technical list of them.
(Disclaimer: I'm not trying…
(Disclaimer: I'm not trying to ignore or marginalize the bigger problem here, but I thought I could help at least a little.)
You can remove Indonesia from the list of nodes chosen for you by editing the "torrc" file with a text editor and adding the line "ExcludeNodes {ID}" at the end. It's absolutely not recommended by the Tor project to do so because it will make it very slightly easier to track users that way. Personally, I'm not too keen on using nodes in countries that might confiscate or add trackers to their Tor nodes at any time.
Hi It's not working on…
Hi
It's not working on Ubuntu. Should I upgrade to the latest version?
What is not working? Did you…
What is not working? Did you try to use a clean, new version downloaded from our website? What is happening in your case?
Can not move torbrowser…
Can not move torbrowser directory. When I move the torbrowser directory it stops working. Is this normal behavior?
It's a bug we still have not…
It's a bug we still have not solved yet, see: https://trac.torproject.org/projects/tor/ticket/27604. Please help if you can.
Not a solution, but a…
Not a solution, but a workaround: Disabling and enabling torbutton and torlauncher again solves this issue for me after moving or renaming the Tor Browser directory. Also, other than your ticket implies, copying instead of moving works for me on Debian testing, at least as long as the directory of origin is not removed. After doing so, the torbutton and torlauncher problem turns up again for some reason..
And while I'm already here: Thank you very much for your work!
A operational website like…
A operational website like https://www.yidio.com shows only a black screen
Not familiar with that site,…
Not familiar with that site, but FWIW I often visit sites which show up as blank pages. In such cases I usually assume that the problem is that the site assumes every visitor's browser has Javascript enabled, but with the security slider set to "safest" (or even "safer"?) that's not true about Tor Browser.
Someone please correct me if that's not correct!
Same with Tor 7.5.6 set to…
Same with Tor 7.5.6 set to safest - but the safer setting seems to work fine. I guess that's yidio's "This page requires JavaScript to work properly, because we want it to look fancy." message... You should consider writing them an email and ask them what the hell they were thinking.
For some reason a website…
For some reason a website like http://www.tvland.com/full-episodes is not reachable. a message below appears.
Access Denied
You don't have permission to access "http://www.tvland.com/full-episodes" on this server.
Reference #18.e2e17b5c.1539091186.137b40f2
Not familiar with that site,…
Not familiar with that site, but FWIW I often see such messages, and generally assume that the problem is that some website operators (or more likely a third party CDN) simply block all traffic from the (known) list of Tor exit nodes.
A related possibility is that CDNs may run software which rather stupidly expects to track any browser as it the owner surfs from site to site, but TB resists that, so the software "fails bad" and we see a blank page. For example, the operators might intend to let visitors see a few pages or videos for free, but after that tries to ask them to register an account. But if your requests come through a Tor exit node, others have exhausted the software's patience before you came along. Possibly.
I tried the "request a…
I tried the "request a bridge from torproject.org" and received a group of bridges however I was not able to connect through any of the proxies. Does it work? below is the log which the ports of all the proxies I tried where not open.
Well, it's hard to say what…
Well, it's hard to say what the issue is as there are multiple pieces involved here. First, all of the bridges you got could be down. Second, they could be up and running but a censor could have blocked them.
Does the meek pluggable transport work for you?
No the meek azure does not…
No the meek azure does not work. I have tried at least 9 bridges and none worked. Only obfs3 and obfs4 work.
I think I found the problem…
I think I found the problem. On my Mac when the new bridges did not work I closed Tor to reopen the app but it would not reopen. I noticed 2 running tor process (even though thelaunchpad show the process closed). I closed the 2 tor process and the bridges worked. There appears to be a problem with "tor browser" process when switching to the newly acquired bridges continuing to run..
Can voip be routed through…
Can voip be routed through TOR? I have routed other apps through TOR but VOIP does not work.
Getting a boat load of…
Getting a boat load of messages
"Bad Request
Your browser sent a request that this server could not understand."
from Startpage and DuckDuckGo when searching using normal keywords like "running shorts" using the searchbar.
Search process seems to be breaking for some reason.
This just happens part of the time, probably more than thirty percent though.
I've been seeing that too. …
I've been seeing that too. My guess is that this might be a timing issue, but that's just a wild guess.
Hi, it seems that 8.0.2 is…
Hi, it seems that 8.0.2 is signed with a newly created subkey, but I'm having a hard time finding it in key servers. Did you forget to upload the modified public key with the new subkey attached?
No, it's uploaded. Just…
No, it's uploaded. Just making your GPG client fetch the latest version of the key should give you the new subkey as well.
Thanks for the reply. I'll…
Thanks for the reply. I'll try again.
Since updating to Tor v. 8.0…
Since updating to Tor v. 8.0.2, the "suggest" feature of the address bar no longer works. When I type characters into the address bar, no suggestions appear. In the options, I have "bookmarks" and "open tabs" checked as the sources for the suggestions. This feature worked right up until I updated the browser. If anyone knows how to fix this problem, please let me know. If not, I will assume that it is a bug and will hope that it is fixed soon, as browsing without it is slow and tedious.
Hm, this works for me. Which…
Hm, this works for me. Which operating system are you using? Does this happen with a clean, new Tor Browser 8.0.2 as well?
Have you checked your about…
Have you checked your about:config? Maybe one of the necessary settings was turned off.
Thanks for your reply. I…
Thanks for your reply. I finally fixed this problem, but not without a lot of struggling. I believe that my bookmark file got corrupted when the Tor update took place.To correct the problem, I closed the browser. Then, I renamed the bookmark file (places.sqlite). Afterwards, I attempted to create a new bookmark file by reopening the browser. After repeated attempts, I managed to import one of my backup bookmark files into the new bookmark file and now everything is working properly. I hope that this experience was just a fluke and that I will not have to repeat the above steps each time I update the Tor browser. I guess I'll find out whether this will be an ongoing problem when the next update becomes available.
I use Windows 7 64. So that…
I use Windows 7 64.
So that I could verify the signatures for the latest package (8 0 2) I copied the information shown on https://www.torproject.org/docs/verifying-signatures.html.en and after installing GnuPG, I followed the instructions given. Since the present TOR package is specifically mentioned within those instructions I thought everything I saw would match exactly what appears in your instructions.
However, I got widely differing results.
You say:
“You should see:
pub rsa4096/0x4E2C6E8793298290 2014-12-15 [C] [expires: 2020-08-24]
Key fingerprint = EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
uid [ unknown] Tor Browser Developers (signing key)
sub rsa4096/0xD1483FA6C3C07136 2016-08-24 [S] [expires: 2018-08-24]
Key fingerprint = A430 0A6B C93C 0877 A445 1486 D148 3FA6 C3C0 7136
sub rsa4096/0xEB774491D9FF06E2 2018-05-26 [S] [expires: 2020-09-12]
Key fingerprint = 1107 75B5 D101 FB36 BC6C 911B EB77 4491 D9FF 06E2”
What I did see:
“pub rsa4096 2014-12-15 [C] [expires: 2020-08-24]
EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
uid [ unknown] Tor Browser Developers (signing key)
sub rsa4096 2018-05-26 [S] [expires: 2020-09-12]”
AND
“The output should say "Good signature":
gpg: assuming signed data in 'torbrowser-install-8.0.2_en-US.exe'
gpg: Signature made Wed 15 Nov 2017 05:52:38 PM CET
gpg: using RSA key 0xD1483FA6C3C07136
gpg: Good signature from "Tor Browser Developers (signing key) " [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
Subkey fingerprint: A430 0A6B C93C 0877 A445 1486 D148 3FA6 C3C0 7136
Currently valid subkey fingerprints are:
1107 75B5 D101 FB36 BC6C 911B EB77 4491 D9FF 06E2”
What the output DID say:
“gpg: assuming signed data in 'C:\Users\MYNAME\Desktop\torbrowser-install-win64-8.0.2_en-US.exe'
gpg: Signature made 10/03/18 00:24:04 GMT Daylight Time
gpg: using RSA key EB774491D9FF06E2
gpg: Good signature from "Tor Browser Developers (signing key) " [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
Subkey fingerprint: 1107 75B5 D101 FB36 BC6C 911B EB77 4491 D9FF 06E2”
I realise that you are all very busy but you can judge when a divergence in information matters and when it doesn’t. Most of us users cannot, therefore we are reliant on the information you give us being accurate and up-to-date.
Please reissue the instructions for verification.
Thank you.
The problem here is that the…
The problem here is that the output depends on the particular GnuPG configuration on your system (among other things). We only have space to give output for one possible configuration but not for all of them. That said, the output you got seems fine.
I've been having trouble…
I've been having trouble finding a version of the signing key sufficiently recent to include the subkey used to sign the current Tor Browser bundle.
https://duckduckgo.com/html/…
https://duckduckgo.com/html/
We've detected that you have connected over Tor. There appears to be an issue with the Tor Exit Node you are currently using. Please recreate your Tor circuit or restart your Tor browser in order to fix this. If this error persists, please let us know: error-lite-tor@duckduckgo.com
WTH?
Why the duckduckgo people…
Why the duckduckgo people thought any particular Tor exit node was "doing something wrong", I can only speculate, but did you try following their advice by pressing "New Circuit" or "New Identity" (i.e. "restart your Tor browser")?
I've seen a similar message a few times, and choosing a new identity seemed to fix the problem.
Hi, is it possible to…
Hi,
is it possible to download an installer for the last 7.x version of the tor browser? I know that i should always use the newest version but i would like to compare some behavior i have remarked to an older version.
All versions can be found at…
All versions can be found at https://archive.torproject.org/tor-package-archive/torbrowser.
Tor 8.0.2 Windows 7 Ultimate…
Tor 8.0.2
Windows 7 Ultimate
I installed updates to NoScript and HTTPS Everywhere manually.
NoScript overwrote the old version but HTTPS Everywhere did not.
I now have two versions of HTTPS Everywhere installed.
Version HTTPS Everywhere 2018.8.22 (the one that came with Tor 8.0.2) and HTTPS Everywhere 2018.9.18
Why did it not overwrite the older version?.
If you updated from Tor 8.0…
If you updated from Tor 8.0.1 to Tor 8.0.2 I have no idea.
If you updated from Tor 7.x to Tor 8.0.2 my [b]guess[/b] would be that it's because of the leap in Firefox versions/editions ("Mozilla Firefox - The next version is always the worst...").
As for fixing this, you should backup/export your settings for HTTPS Everywhere (the one that has your actual settings and preferences) remove both versions, install a fresh version of HTTPS Everywhere and import your settings.
I hope this helps.
It was a fresh install of…
It was a fresh install of Tor 8.0.2 not an update.
The behaviour seemed odd as I expected it to just overwrite the older version of HTTPS Everywhere.
I just uninstalled both versions of HTTPS Everywhere in the end then I manually installed HTTPS Everywhere 2018.9.19 again.
I had no saved settings so that didn't matter.
I thought that Tor Browser…
I thought that Tor Browser is to protect and not destroy? I installed Tor Browser from a different website which encrypted all my files. The ICFKB-DECRYPT note gave the Tor Project address: https://www.torproject.org/. I downloaded and installed Tor 8.0.2. I started the Tor Browser which launched but could not take me to the configured Congratulation page. Thus, I cannot use the link: http://gandcrabmfe6mnef.onion/625478cda2b77312 that is supposed to give me instructions to decrypt my files. I use HP mini which is not compatible with higher versions of Tor Browser. Please assist me. Please decrypt my files in line with your objective of ensuring privacy and protecting us
It sounds like you have been…
It sounds like you have been the victim of ransomware -- these jerks have nothing to do with Tor. I'm sorry it happened to you. :(
You might learn more at
http://tor.stackexchange.com/questions/9922/i-got-infected-by-ransomwar…
Hello torproject, Iain…
Hello torproject,
Iain Learmonth form torproject wrotes
https://lists.torproject.org/pipermail/tor-talk/2018-October/044572.html
"Can you provide some examples of things you can do with torstatus that
you can't do with Tor Metrics' tools?
Perhaps they are easy to implement."
Eehmm, are you serious?
There is NO service on .torproject.org you can
compare with torstatus e.g. torproject.blutmagie.de.
Especially the birds-eye view.
It would be really bad to loose this.
Tor Browser seems to have…
Tor Browser seems to have lost the ability to send a username and password to a socks5 proxy. I get lots of this in tor log file:
[WARN] Could not create SOCKS args string.
(If I connect to a socks5 server that doesn't require a username and password, it does work.)
What did you do and which…
What did you do and which operating system are you using? I guess you could start over with a fresh Tor Browser to solve your problem as well.
noscripts has no option …
noscripts has no option "Forbid Scripts Globally". How to disable scripts globally in Tor Browser 8.0.2?
The website tunnelblick.net…
The website tunnelblick.net produces a message "connection not secure" and connectivity is not possible. Tunnelblick say there site should be accessible via Tor
Pages with Hindi script are…
Pages with Hindi script are not viewable in my Tor browser. 8.0.2 (based on Mozilla Firefox 60.2.1esr) (32-bit)
e.g https://www.bbc.com/hindi
Where the Hindi fonts are there are only square boxes
Windows 10? Works on Windows…
Windows 10? Works on Windows 7.
When I start the Tor browser…
When I start the Tor browser, the default settings allows all. That is the case since I installed it. On the option page, when I click on reset, I am alerted that it will revert to the default values. After clicking ok, only "frame", "fetch" and "other" are enabled.
After restart, all is enabled again, which is consistant with the noscript bug in the known issues above.
But the default setting after installation and the default values after reset should be the same, and they are not.
Adding up these faults with the new noscript skin and the less options, I feel that the Tor browser is now less safe than before. And it should install with the safer options and not with the unsafest.
See: https://support…
See: https://support.torproject.org/en-US/#tor-browser-js-enabled-default for why e.g. JavaScript is enabled by default.
I guess, those values should indeed be default but then, on the other hand, you should not need to mess with NoScript's settings either. :) We'll solve the latter at least by redesigning our security controls and removing the NoScript toolbar button from the toolbar in https://trac.torproject.org/projects/tor/ticket/25658.
Thanks for the reply. But…
Thanks for the reply.
But why are the default values different? If the default is "all enabled", then the reset to the default values should enable all as well. But it doesn´t.
That is confusing, and since it reverts to all enabled after restart, misleading as well.
That's because you are…
That's because you are resetting to NoScripts default *as NoScript designs that* by clicking on the NoScript options. Tor Browser has a different understanding of default settings.
MAY it's ok for "NoScript +…
MAY it's ok for
"NoScript + https everywhere icons are going to be removed"
as default, but full removing NoScript + https everywhere Gui for all, with all it's
features?
Would be a very very ....strange move. Incomprehensible?
It's not usefull to remove all helpfull feature cause few people say they need a browser best with 1 button for all, chrome or so.
To understate, like going to Mc Donalds because all other food tastes to much ... .
We won't remove NoScript or…
We won't remove NoScript or HTTPS-Everywhere. They just won't show up by default on the toolbar anymore occupying precious space.
When retrieving new bridges…
When retrieving new bridges are ports 12445, 38339, and 9443 the only ports? Those are the only ports I see.
No. In general it depends on…
No. In general it depends on the bridge operator deciding which port to use.
8.0.2 Terrible update, loads…
8.0.2 Terrible update, loads no scriptwith all permissions enabled, what a mess
Many times I used to connect…
Many times I used to connect to the TOR network and the circuit display would show "outdated software" on a node - this circuit display has been deleted! It looks like TOR is dumbing-down the software? That is *bad*
Ok, it is fine
Ok, it is fine
Hello, With vpn cyberghost…
Hello,
With vpn cyberghost and Tor Browser, its not possible to send mail with guerillamail.com.
Google capcha secure is out of good validation.
A solution ??
Thank's