New Release: Tor Browser 8.0a10
Update (8/21 7:45UTC): We got reports from users facing a weird update behavior: even after successfully applying an update to 8.0a10 the updater keeps downloading and applying updates. This is tracked in bug 27221. As a workaround, please either use a fresh 8.0a10 or go to about:config
, search for 8.0a9
. browser.startup.homepage_override.torbrowser.version
and extensions.lastTorBrowserVersion
will show up. Switch their values to 8.0a10
. Sorry for the inconvenience.
Update 2 (8/23 16:20UTC): Today NoScript 10.1.8.17 got released which broke the security slider interaction due to a new messaging protocol. We fixed this problem in bug 27276 and the patch will be available in the Tor Browser 8 release. However, there is no alpha release planned to pick up this fix. Users that depend on the security slider functionality are encouraged to use the stable Tor Browser or a nightly version (starting with the one from tomorrow, August 24) until Tor Browser 8 and the next regular alpha release get out. Again, sorry for the inconvenience.
Tor Browser 8.0a10 is now available from the Tor Browser Project page and also from our distribution directory.
It is the second alpha release based on Firefox ESR 60 and contains a number of improvements and bug fixes. The highlights are the following features and major bug fixes:
- This alpha includes big changes to the user onboarding experience, and there are more to come.
- We included a revamped start page (special thanks to Mark and Kathy for the implementation on short notice).
- The meek pluggable transport should be fully functional now.
- We audited and enabled HTTP2 which should give performance improvements on many websites.
- We added another bunch of locales and ship our bundles now additionally in ca, ga-IE, id, is, and nb-NO.
For Windows users we worked around a bug in mingw-w64 which affected updates on Windows (64bit) resulting in intermittent update failures. Moreover, we finally enabled hardware acceleration for improved browser rendering performance after applying a fix for a long-standing bug, which often caused crashes on Windows systems with graphics cards, e.g. from Nvidia.
The Tor version we ship is now 0.3.4.6-rc and it would be a good time now to report client issues, noticed with this release candidate or previous alpha releases, in case they did not get fixed so far.
Known Issues
We already collected a number of unresolved bugs since Tor Browser 8.0a9 and tagged them with our ff60-esr
keyword to keep them on our radar. The most important ones are listed below:
- On Windows localized builds on first start the about:tor page is not shown, rather a weird XML error is visible.
- Maybe related to the previous item, NoScript does not seem to work properly on Windows builds right now.
- We are not done yet with reviewing the network code changes between ESR52 and ESR60. While we don't expect that proxy bypass bugs got introduced between those ESR series, we can't rule it out yet.
- We disable Stylo on macOS due to reproducibility issues we need to investigate and fix. This will likely not get fixed for Tor Browser 8, as we need some baking time on our nightly/alpha channel before we are sure there are no reproducibility/stability regressions. The tentative plan is to get it ready for Tor Browser 8.5.
Note: This alpha release is the second one that gets signed with a new Tor Browser subkey, as the currently used one is about to expire. Its fingerprint is: 1107 75B5 D101 FB36 BC6C 911B EB77 4491 D9FF 06E2
. We plan to use it for the stable series, too, once Tor Browser 8 gets released.
The full changelog since Tor Browser 8.0a9 is:
- All platforms
- Update Tor to 0.3.4.6-rc
- Update Torbutton to 2.0.2
- Bug 26960: Implement new about:tor start page
- Bug 26961: Implement new user onboarding
- Bug 26321: Move 'New Identity', 'New Circuit' to File, hamburger menus
- Bug 26590: Use new svg.disabled pref in security slider
- Bug 26655: Adjust color and size of onion button
- Bug 26500: Reposition circuit display relay icon for RTL locales
- Bug 26409: Remove spoofed locale implementation
- Bug 26189: Remove content-policy.js
- Bug 27129: Add locales ca, ga, id, is, nb
- Translations update
- Update Tor Launcher to 0.2.16.2
- Update NoScript to 10.1.8.16
- Update meek to 0.31
- Bug 26477: Make meek extension compatible with ESR 60
- Bug 27082: Enable a limited UITour for user onboarding
- Bug 26961: New user onboarding
- Bug 14952: Enable HTTP2 and AltSvc
- Bug 25735: Tor Browser stalls while loading Facebook login page
- Bug 17252: Enable TLS session identifiers with first-party isolation
- Bug 26353: Prevent speculative connects that violate first-party isolation
- Bug 24056: Use en-US strings in HTML forms if locale is spoofed to english
- Bug 26456: HTTP .onion sites inherit previous page's certificate information
- Bug 26321: Move 'New Identity', 'New Circuit' to File, hamburger menus
- Bug 26833: Backport Mozilla's bug 1473247
- Bug 26628: Backport Mozilla's bug 1470156
- Bug 26237: Clean up toolbar for ESR60-based Tor Browser
- Bug 26519: Avoid Firefox icons in ESR60
- Bug 26039: Load our preferences that modify extensions (fixup)
- Bug 26515: Update Tor Browser blog post URLs
- Bug 27129: Add locales ca, ga, id, is, nb
- Bug 26216: Fix broken MAR file generation
- Bug 26409: Remove spoofed locale implementation
- Bug 26603: Remove obsolete HTTP pipelining preferences
- Windows
- Bug 26514: Fix intermittent updater failures on Win64 (Error 19)
- Bug 26874: Fix UNC path restrictions failure in Tor Browser 8.0a9
- Bug 12968: Enable HEASLR in Windows x86_64 builds
- Bug 9145: Fix broken hardware acceleration
- Update tbb-windows-installer to 0.4
- Bug 26355: Update tbb-windows-installer to check for Windows7+
- Bug 26355: Require Windows7+ for updates to Tor Browser 8
- OS X
- Bug 26795: Bump snowflake to 6077141f4a for bug 25600
- Linux
- Build System
- All
- Bug 26410: Stop using old MAR format in the alpha series
- Bug 27020: RBM build fails with runc version 1.0.1
- Bug 26949: Use GitHub repository for STIX
- Bug 26773: Add --verbose to the ./mach build flag for firefox
- Bug 26569: Redirect pre-8.0a9 alpha users to a separate update directory
- Bug 26319: Don't package up Tor Browser in the `mach package` step
- OS X
- Bug 26489: Fix .app directory name in tools/dmg2mar
- Windows
- Bug 27152: Use mozilla/fxc2.git for the fxc2 repository
- All
Comments
Please note that the comment area below has been archived.
Hello. Tor button Circuit…
Hello. Tor button Circuit Display is not showing in Windows. Also, there is no drop down menu arrow for the button; nor is Tor button green. "New Identity" and "New Tor Circuit" do show up in the hamburger, though. I just downloaded the 8.0a10 installer, installed TBB and this is what I have discovered so far. Thank you.
Yes, guiding the user to the…
Yes, guiding the user to the new location is still missing. We hope to have it ready in the final Tor Browser 8 release. See: https://trac.torproject.org/projects/tor/ticket/26962 for progress on this.
I found the Circuit Display…
I found the Circuit Display. It drops down from the green padlock. Thank you again.
Hello. I've been giving 8…
Hello. I've been giving 8.0a10 a testing on Windows 7. At first things went ok. Then, the same problem that I had with 8.0a9 reappeared with 8.0a10. It may take a few restarts to get to this behavior I am describing. When navigating to any new page (e.g.: https://www.torproject.org/) from the purple starting page, the TBB 8.0a10 gets stuck in an endless page reloading cycle. The new page keeps flashing and reloading and the browser can't be used. One cannot even type a new URL into the address bar because the address bar clears with each page reload. Also, I notice that the onion button is not green, but charcoal gray. The temporary fix is to reinstall the TBB after deleting the "Tor Browser" folder. However, the problem soon returns. I have done the re-installation with both Windows Defender and Avast turned off, and have left Defender off - no good. The problem comes back even with Defender turned off in the registry. Thank you all for your hard work.
Hm. Is there are way you…
Hm. Is there are way you could make me a bundle available that is causing the problem, so I can inspect it and give it a try? If so, I'd gladly have a look. You can reach me via gk[@]torproject[.]org (without the brackets).
That said I fear that it is still some AV functionality that is interfering with Tor Browser, although I have no good idea how to deal with that. Could you try uninstalling Avast and see if that fixes the problem? (Turning those tools off often does not help).
Replying to self: I finally…
Replying to self: I finally have a bundle on Windows where this happens, too, thanks for the report. We investigate this problem in https://trac.torproject.org/projects/tor/ticket/27261 and hope to have this fixed in the final release.
[08-21 08:52:45] Torbutton…
[08-21 08:52:45] Torbutton INFO: This is a Tor Browser's XPCOM
Are you going to phase out XPCOM?
At some point in the near…
At some point in the near future, yes. We need to transition to WebExtensions, but that work will start after Tor Browser 8 is out.
#26884?
#26884?
No, that's kind of a hack to…
No, that's kind of a hack to get the XPCOM version of Torbutton we currently have working on mobile.
But it doesn't support …
But it doesn't support (officially) non-webext, and support for non-bootstrapped add-ons was removed entirely...
10:53:22.607 [NoScript]…
10:53:22.607 [NoScript] Cannot collect noscript activity data Could not establish connection. Receiving end does not exist. collectSeen@moz-extension://%uuid%/bg/main.js:252:38
1 log.js:12:62
What does it try to collect about users?!
(It also reveals local time in logs)
This is NoScript in the…
This is NoScript in the parent process trying to check what NoScript in the child process have detected/blocked, all inside the (multi-process) TorBrowser, in order to display this data in the popup UI when it's needed. The timestamp is automatically logged by the browser's console on each printed message. Nothing leaves your browser or is written on the disk.
Hi, Giorgio! We are pleased…
Hi, Giorgio! We are pleased to see you here!
Can we report NoScript issues here in the future?
Why does it log that and other noise with just a New Tab opening?
[08-21 09:03:34] Torbutton…
[08-21 09:03:34] Torbutton INFO: tor SOCKS: https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%7WHATS… via
--unknown--:568c32d11f93b7c148614d3f8cee7d09
"alpha", "Windows_NT 10.0" - could we send less info to mozilla?
Yes, in https://trac…
Yes, in https://trac.torproject.org/projects/tor/ticket/16931.
> Update (8/21 7:45UTC): We…
> Update (8/21 7:45UTC): We got reports from users facing a weird update behavior: even after successfully applying an update to 8.0a10 the updater keeps downloading and applying updates.
successfully? It's entirely missing from Update History! 8.0a9-8.0a10.mar downloaded, restarted, and:
[08-21 09:15:43] Torbutton INFO: tor SOCKS: https://cdn.torproject.org/aus1/torbrowser/8.0a10/tor-browser-win64-8.0… via
--unknown--:4c103840b78e7ea54c82a41a841e98d1
Now Full update. Restarting...
It looks like we still need…
It looks like we still need 5 cycles of partial/full updates on win64 to update...
You might have hit https:/…
You might have hit https://trac.torproject.org/projects/tor/ticket/27221 ? Otherwise, yes, the intermittent update failure will be gone when updating from 8.0a10 to the next alpha.
I mean, if you use Wind0wz,…
I mean, if you use Wind0wz, you get what you get.
Try Tails Linux. It's easy, it's fun, and you might learn a valuable skill or two.
It's an alpha test. Relax…
It's an alpha test. Relax.
Also look into TBB userbase ;)
Build System All …
Build System
All
Bug 26410: Stop using old MAR format in the alpha series
Bug 26569: Redirect pre-8.0a9 alpha users to a separate update directory
It is 'Updater', not 'Build System' ;)
Hey! It didn't show about…
Hey! It didn't show about:tbupdate on update!
Yes, that's due a bug we…
Yes, that's due a bug we have during update (see the update in the blog post at the top) which causes an ongoing update redownload. See the possible workarounds in that blog update for a solution.
> Bug 26237: Clean up…
> Bug 26237: Clean up toolbar for ESR60-based Tor Browser
It doesn't work for updated from 8.0a9 browsers :(
Yes, but that's more or less…
Yes, but that's more or less on purpose as we don't want to mess with user customizations. So, you just need to customize it once and then you are set.
7.5.6 -> 8.0?
7.5.6 -> 8.0?
10:15:04.554 NS_ERROR_NOT…
10:15:04.554 NS_ERROR_NOT_AVAILABLE: Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIWebNavigation.loadURIWithOptions] 1 browser-child.js:359
Menu/Options triggers [08-21…
Menu/Options triggers
[08-21 10:15:05] Torbutton INFO: tor SOCKS: https://aus1.torproject.org/torbrowser/update_3/alpha/WINNT_x86_64-gcc3… via
--unknown--:52b897d4f2e4b466a246cff69970ce58
fun, fun...
What's the problem? That an…
What's the problem? That an update request gets issued? Or that it's not isolated to the first party domain? The letter is to be expected given that the Menu/Options trigger it (how exactly gets that triggered?).
No problems (given that the…
No problems (given that the Menu/Options trigger it).
10:15:05.995 Public-Key-Pins…
10:15:05.995 Public-Key-Pins: An unknown error occurred processing the header specified by the site. 1 en-US
https://aus1.torproject.org/torbrowser/update_3/alpha/WINNT_x86_64-gcc3…
Still intermittent unknown errors while processing HPKP...
Seems to be reproducible…
Seems to be reproducible when opening 'About Tor Browser' and seeing in Browser Console!
Alright, filed https://trac…
Alright, filed https://trac.torproject.org/projects/tor/ticket/27263 for further investigation, thanks! (And by no means feel free to help with this or any other bug, we have more than we can squash :( ).
I see. It can be HTTPS-E,…
I see. It can be HTTPS-E, again :( Don't want to look at it. You asked for more bugs - now you have them :)
Opening menu/options makes…
Opening menu/options makes current update downloading process hang on windows.
You mean about:preferences…
You mean
about:preferences
or just some menuitem on the titlebar? Or the security slider settings?about:preferences
about:preferences
Perhaps you could start by…
Perhaps you could start by using something other than Windows?
It's proprietary, a black box. Don't trust your privacy/security with such an ugly thing.
Tor Browser should still…
Tor Browser should still work properly on it.
That's https://trac…
That's https://trac.torproject.org/projects/tor/ticket/27355 now, thanks!
> Bug 26603: Remove obsolete…
> Bug 26603: Remove obsolete HTTP pipelining preferences
You forgot:
network.http.pipelining.max-optimistic-requests
network.http.pipelining.read-timeout
network.http.pipelining.reschedule-timeout
BTW, Mozilla forgot:
network.http.version
network.http.proxy.version
Thanks, filed https://trac…
Thanks, filed https://trac.torproject.org/projects/tor/ticket/27262 for the prefs on our side. Mozilla would be happy to see a bug filed about the preferences they forgot to remove. *hint* *hint* :)
They should become more…
They should be more friendly to anonymous bug submission. *hint* ;)
Oh, no! They implemented h2…
Oh, no! They implemented h2 only, not http/2! So, we still need http/1.1 for plain http connections and HTTP pipelining for performance!
Obsolete https://trac…
Obsolete https://trac.torproject.org/projects/tor/ticket/13575
The User Agent leaks more…
The User Agent leaks more entropy than the previous releases, please fix this (I visit one website safest security setting = they can't know my OS, but now they can thanks to user agent)
It's a Mozilla led wreckage, even the original bug report on bugzilla doesn't make sense ("Because the network fingerprint leaks OS" BUT WHAT IF IT IS USED WITH A PROXY!)
This situation is literally unbelievable.
+1 ("Because the network…
+1
("Because the network fingerprint leaks OS" BUT WHAT IF IT IS USED WITH A PROXY!)
Yeah, especially considering…
Yeah, especially considering that Linux and Mac OS users are a minority so the entropy is actually higher when you don't fit the Redmond norm. We should never keep quiet about this otherwise it will get ignored as a non-issue when it's a very big issue.
The "general.useragent…
The
general.useragent.override
pref isMozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0
even for the Linux version, but the browser sendsMozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
.Not a big deal, but confusing anyway ...
Hello, I haven't attempted…
I'm not sure if this works with new versions or whether this is exactly what you're looking for, but try this and determine whether it works for you:
Tor Browser > about:config > right click/add string:
general.useragent.override
Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0
And to finish the job:
about:config > add new string:
general.platform.override
Win32
Now visit https://panopticlick.eff.org/ and see if this gets you some better results!
It is already set to Mozilla…
It is already set to
Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0
But panopticlick displays
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
on linux.
exactly, this version does…
exactly, this version does not have full fingerprinting protection on linux and maybe macos too.
FIX IT devs!
about:tor needs to be made…
about:tor needs to be made dynamic so that it displays correctly on 1000x600 and similar low res windows. Now I get a scrollbar with it!
> Bug 26960: Implement new…
> Bug 26960: Implement new about:tor start page
Shouldn't it fit into 1000x600?
Hi, tengo una pregunta,…
Hi,
I have a question, there is a project called https://joinpeertube.org and they usen the BitTorrent protocol to share bandwidth between users. It implies that your public IP address is stored in the public BitTorrent tracker of the video PeerTube instance as long as you're watching the video. As they mention privacy can be compromised with this protocol and recommend to solve this situation using VPN or TOR.
Is this true? I have read so much on the TOR website that it is not safe to use p2p, webRTC.
Thanks, I hope you can help me with the question.
> even after successfully…
> even after successfully applying an update to 8.0a10 the updater keeps downloading and applying updates.
It can update a10 to a10 with full update. Is it intentional and secure?
That's a bug (see the update…
That's a bug (see the update at the beginning of this blog post). It's mainly annoying.
In about:preferences there…
In about:preferences there're everywhere 'firefox', 'firefox', 'firefox'...
* Bug 26655: Adjust color…
* Bug 26655: Adjust color and size of onion button
Is it useful? Sec Settings -> hamb menu, Tor Net Settings -> Options, Check upd -> null.
* Bug 26519: Avoid Firefox…
* Bug 26519: Avoid Firefox icons in ESR60
needs more love
What is new 'browser.urlbar…
What is new 'browser.urlbar.matchBuckets general:5,suggestion:Infinity'?
WebGL Blocking (NoScript) …
WebGL Blocking (NoScript) ✔ not detected
It was blocked by default in previous versions.
"This browser supports WebGL…
"This browser supports WebGL ×False (supported, but disabled in browser settings, or blocked by extensions)" is what I get when going to browserleaks.com and doing the WebGL test. That's with a Linux bundle. How can I reproduce your issue?
https://browserleaks.com…
https://browserleaks.com/proxy
Test it not only on Linux.
And what's the problem to check NoScript settings?
Well I get "WebGL Blocking …
Well I get
"WebGL Blocking (NoScript) ✔ not detected " so, the test can't test the NoScript WebGL block anymore (while it is still blocked, see my previous comment). Thus, this is actually good.
WAT?! Set the sec slider to…
WAT?!
Set the sec slider to Safer and look into NoScript settings: unchecked for `medea` and checked for `webgl` by DEFAULT!
But WebGL is non-functional…
But WebGL is non-functional even with security slider on lowest security and NoScript disabled in about:addons - was that intended?
I don't see NoScript being…
I don't see NoScript being disabled. Does that happen for you in a clean, new 8.0a10?
No, I disabled NS manually…
No, I disabled NoScript manually to check if it was blocking WebGL. But even without NS, WebGL demos don't play. E.g., displays the error message "It does not appear your computer supports WebGL", and the browser console shows
Aha, interesting, thanks. I…
Aha, interesting, thanks. I opened https://trac.torproject.org/projects/tor/ticket/27290 for further investigation.
No, it's just broken.
No, it's just broken.
The opening pdfs online…
The opening pdfs online issue hasn't been solved yet right?
@Anonymous - August 21, 2018…
@Anonymous - August 21, 2018
>The opening pdfs online issue hasn't been solved yet right?
Why would you want to open pdfs online while using Tor? That's probably not a good idea.
Also, I recommend:
Tor Browser > about:conifg > pdfjs.disabled - true
Right, we are still working…
Right, we are still working on it but more pressing issues showed up putting it on the backburner, see: https://trac.torproject.org/projects/tor/ticket/26540 for development efforts.
Actually, I misread your…
Actually, I misread your question. So, the opening pdfs online should work again. But at the cost that the range requests are not properly isolated to the URL bar domain.
So, the opening pdfs online…
Well that's not even working for me, here's the crazy error that I get in the console:
Attempting to post a message to window with url "resource://pdf.js/web/viewer.html" and origin "resource://pdf.js^privateBrowsingId=1&firstPartyDomain=torproject.org" from a system principal scope with mismatched origin "[System Principal]".
Crazy error repeated itself 271 times.
Do you have an example URL…
Do you have an example URL which is not working for you? On which operating system? And with a clean, new 8.0a10?
From a filetype:pdf site…
From a
filetype:pdf site:torproject.org
search I tried this url https://www.torproject.org/about/findoc/2009-TorProject-Form990andPC.pdf and it didn't work, in fact all urls with pdf that i tried so far don't work.OS: Linux. Clean 8.0a10? No, I have an updated 8.0a9 to 8.0a10.
Hm, this works for me. What…
Hm, this works for me. What is your value for the
pdfjs.disableRange
preference inabout:config
? Did you update from 8.0a8 to 8.0a9 with this bundle as well?The value is pdfjs…
The value is
pdfjs.disableRange = true
, I can't recall exactly if I had a clean 8.0a9 or did the update from 8.0a8 to 8.0a9 but it's most probably the latter.That's the problem, see:…
That's the problem, see: https://trac.torproject.org/projects/tor/ticket/26540. However, I am not sure why it's not set to
false
in your case. We fixed that with https://trac.torproject.org/projects/tor/ticket/26039 in the sense that we don't setpdfjs.disableRange
totrue
anymore and noticed previously that pdfjs would blow away non-user prefs. Probably that's because we originally set it as a user pref.in the sense that we don't…
That explains why it works on clean builds and not updated ones, it needs to be reverted for everyone though. And yes setting pdfjs.disableRange to false fixes the issue for me. Thanks a lot Georg!
Thanks. I made a note on the…
Thanks. I made a note on the ticket that we try to reset the pref for alpha users (it never made it into stable) with the patch developed there.
Why didn't you update…
Why didn't you update OpenSSL to 1.0.2p [14 Aug 2018]?
That's been an oversight. It…
That's been an oversight. It's fixed on
master
and will make it into the next release.Update (8/21 7:45UTC): We…
Update (8/21 7:45UTC): We got reports from users facing a weird update behavior: even after successfully applying an update to 8.0a10 the updater keeps downloading and applying updates. This is tracked in bug 27221. As a workaround, please either use a fresh 8.0a10 or go to about:config, search for 8.0a9. browser.startup.homepage_override.torbrowser.version and extensions.lastTorBrowserVersion will show up. Switch their values to 8.0a10. Sorry for the inconvenience.
Setting extensions.lastTorBrowserVersion to 8.0a10 is enough to fix this issue. But what's the weird pref it is? Did somebody miss `.torbutton.` in some patch? Also, it's entirely Torbutton's bug which triggers Updater to update (and it unfortunately has no protections from updates to the same version).
FWIW, Torbutton shows the…
FWIW, Torbutton shows the old menu after update until restart.
Not sure what you mean but…
Not sure what you mean but the update is not applied after restart. You just get some hint on the hamburger menu that you'd get a new Tor Browser in case you restarted your browser.
Moreover, we finally enabled…
Doesn't this add new fingerprinting attack vectors?
I don't think there are any…
I don't think there are any new ones that this causes. Do you have specific attacks in mind?
Do you have specific attacks…
No, i just was worried that malicious JS could extract detailed information about my graphics hardware and use that for tailored attacks.
Are you saying it was…
Are you saying it was enabled by default and by design on all platforms except windows, and all threats were analyzed?
Don't you know that:
- D2D renders fonts differently?
- only WebGL has a so-so sanitizer (ANGLE), other calls are direct?
- DXVA has different versions and no sanitization of videos?
Also, what's up with SVG sanitizing instead of blocking?
Bug 12968: Enable HEASLR in…
Bug 12968: Enable HEASLR in Windows x86_64 builds
Doesn't work. No images above 4GiB.
The last flag which is not set is Control Flow Guard (CFG).
https://bugzilla.mozilla.org/show_bug.cgi?id=1438868
The bug is not closed yet,…
The bug is not closed yet, but we added what we already have while still working on the final part.
You've only set the bit in…
You've only set the bit in executables, but it's possible to force heaslr flag (but not heaslr) on the app even without it. However, you should know it is opt-in only. So, no heaslr for now.
Also, you missed libssp-0.dll.
https://bugs.chromium.org/p…
https://bugs.chromium.org/p/chromium/issues/detail?id=584575
Implement new about:tor…
Please re-add the link to check.torproject.org
That's not planned as your…
That's not planned as your browser is already checking that you are using Tor on start-up and we had a bunch of false negatives in the past leaving users confused.
Use new svg.disabled pref in…
But still using the long-gone
media.webaudio.enabled</code pref instead of the correct <code>dom.webaudio.enabled
preference ...We set dom.webaudio.enabled…
We set
dom.webaudio.enabled
tofalse
globally due to privacy concerns and not because we are worried about security imlications. That said, we should update the security slider accordingly. Thanks, I added a note in https://trac.torproject.org/projects/tor/ticket/26407.+200MB in memory for this…
+200MB in memory for this page! What were you thinking when posting it?
Where did you get that 200MB…
Where did you get that 200MB number? I get only 0.70MB when doing a memory snapshot. Can't ask for less I must say.
! On Windows Tor Browser is…
! On Windows Tor Browser is resource-hungry :(
https://github.com…
https://github.com/stevespringett/disable-webassembly
https://www.forcepoint.com/blog/security-labs/browser-mining-coinhive-a…
Yes, we have https://trac…
Yes, we have https://trac.torproject.org/projects/tor/ticket/21549 for that.
Error: We have already…
Error: We have already registered a distinct blocker with the same name: Crash Reporter: blocking on minidumpgeneration. nsAsyncShutdown.js:114:11
TypeError: win.gBrowser is undefined[Learn More] ProcessHangMonitor.jsm:412:9
Webconsole context has changed
Sometimes NoScript's menu…
Sometimes NoScript's menu opens partially with error:
21:58:04.646 TypeError: Argument 1 of PrecompiledScript.executeInGlobal is not an object. 1 ExtensionContent.jsm:489:18
after a few restarts…
after a few restarts NoScript is still not working on my window7, actually after a few restarts all add-ons stop working
What security level in your…
What security level in your slider do you have? And what add-ons stop working? How did you determine that?
security level is safest,…
security level is safest, all add-ons in the toolbar ( noscript, https everywhere) stop working, i noticed the bug in the previous version, just after a few restarts noscript stop working i know that because i test it on http://ip-check.info/?lang=en/ and the test says JavaScript is enabled, if i click on the noscript icon it simply doesn't work, it doesn't open any menu, https everywhere shows a blank menu
That's tracked in https:/…
That's tracked in https://trac.torproject.org/projects/tor/ticket/27261 as well.
@Anonymous - August 21, 2018…
@Anonymous - August 21, 2018
>WebGL Blocking (NoScript) ✔ not detected
>It was blocked by default in previous versions.
Tor Browser > about:config > webgl.disabled - true
One and done. Next?
I surf via Tor with a full…
I surf via Tor with a full screen.
I'm not about to struggle squinting in some stupid low-res mode of the browser because it makes me fit in with other Tor users. Sure, the maxed out browser window is against the recommendations of some, but seriously? There has to be a better way to deal with CSS bullshit and the browser, something better than leaving your browser open as a tiny window on a large screen!
While we're at it, I also disable favicons. The downsides of leaving them enabled is well documented.
Tor Browser > about:config > browser.chrome
and
browser.chrome.favicons;false
browser.chrome.image_icons.max_size;0
browser.chrome.site_icons;false
Great. So now we get the …
Great.
So now we get the "new" NoScript add-on? It's dumbed down to nothing! The old version of NoScript (which continues to function well with the old FF ESR) was/is kickass!
I wonder - does the author of NoScript plan on rebuilding the NoScript add-on to contain features it now lacks? Gone are all the options to tighten up your browser. Now it's just some point and click nonsense for sites. IMO, it's little more than a steaming pile of cow dung.
What a shame.
+1 And it is the main…
+1
And it is the main candidate for tor onboarding feature, because it changed much more drastically then Circuit Display!
I disagree. Users should not…
I disagree. Users should not need to get in touch with NoScript and its settings at all. We plan to redo our security related settings after we get Tor Browser 8 out and we'll point to those then in the onboarding.
And what if a user needs to…
And what if a user needs to enable some media or js?
If there is need there…
If there is need there should be an easy way doing so, but the point is one should not need to mess in the NoScript settings to do so.
What features are gone? As…
What features are gone? As far as I can tell none crucial!!
I open TBB 8.0a10 to a white…
I open TBB 8.0a10 to a white browser page that says "The proxy server is refusing connections". Checking connections with "about:preferences" shows:
1. Manual proxy connections - check
2. SOCKS Host 127.0.0.1 ... Port 9150
3. SOCKS v5 - check
4. Proxy DNS when using SOCKS v5 - check
I did try running 8.0a10 in Safe Mode on Windows 7 x64bit FIRST to bork the antivirus and Windows Defender. Reason: trying to grapple with the endless browser reload loop without uninstalling Avast antivirus. That's when I got "The proxy server is refusing connections" originally. After rebooting into a normal Windows session, the problem persisted. However, TBB 7.5.6 opened and functioned normally in Safe Mode. I don't what's the difference, but that's what happened. Imma gonna go hide now before the Tor Project Team mushroom cloud nukes me.
No, that's been a good bug…
No, that's been a good bug report. We are working on it (see: https://trac.torproject.org/projects/tor/ticket/27261).
There may be a Security…
There may be a Security Slider problem. First, thank you for pointing out ticket #27261. I read the comments, noting comments #8, #14 and #15. Then I deleted my Tor Browser folder for TBB 8.0a10_64bit. A fresh re-installation of the TBB opened to a blank white browser, but using either "New Window" or "New Identity" in the hamburger menu took me right to the purple start page. Add-ons Manager in about:addons allowed me to disable NoScript. 8.0a10_64bit has been stabile, meaning no endless reload cycling (after numerous TBB re-boots). NoScript remains disabled. I can use Library>Bookmarks>https://www.torproject.org/ to navigate away from the starting page - no problem. Now then ... I notice that twitter[.]com requires the slider to be set at mid-range in TBB 7.5.6, or twitter doesn't work well (e.g.: threads won't open). However, twitter[.]com is completely permissive to TBB 8.0a10_64bit with the slider set to "safest". If I use about:config to set javascript enabled to false, I will get the same impaired function on twitter with TBB 8.0a10 that I would get with TBB 7.5.6's slider set to "safest". So ... the TBB 8.0a10 security slider may not be protecting (fully?) in the safest position. Best wishes, and thanks again. I know all of you are pushing hard to release a stabile TBB 8.0
The slider only works…
The slider only works together with NoScript. So, if you disable it then some of its functionality, especially at higher levels, is lost.
Is there a reason "Bookmark…
Is there a reason "Bookmark Toolbar" dose not show the items? Selecting the option adds the space for it to the toolbar but the items do not display.
Or am I doing something wrong?
Sorry forgot to add: Using 8…
Sorry forgot to add: Using 8.0a10 on win7 64bit system.
Works on win10.
Works on win10.
No, this seems to be a bug…
No, this seems to be a bug. Thanks for reporting, I filed: https://trac.torproject.org/projects/tor/ticket/27264.
Tried the "View|Toolbars…
Tried the "View|Toolbars|Customize... and clicked "Restore Defaults". - steps and that seems to have cleared the problem on Win7 64bit also. I don't know if you would call that a fix but it worked.
Thanks!
In the Tor Browser 8.0…
In the Tor Browser 8.0 customize panel, select the '⭑ Bookmarks Toolbar Items' icon and drag/drop it into the horizontal bookmarks toolbar space near the top of the customize panel.
JavaScript error: chrome:/…
On shutdown:
JavaScript error: chrome://torbutton/content/tor-circuit-display.js, line 466: TypeError: myController is null
Yes, that's https://trac…
Yes, that's https://trac.torproject.org/projects/tor/ticket/26236.
Bug 26206: Ship pthread…
Bug 26206: Ship pthread related dll with tor
WTH with this dll on Windows?
On Linux the User Agent is:…
On Linux the User Agent is: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
So it will leak, that you are using Linux, instead of being the same user agent for all OS
Also I don't get why the compact theme isn't standard.
You want to waste as little space as possible.
Hey, it's a new Tor? My Tor…
Hey, it's a new Tor? My Tor don't show me new updates since a long time ago :(
I guess the best thing is to…
I guess the best thing is to start fresh over with a new Tor Browser downloaded from our download page at https://www.torproject.org/download/download-easy.html.en.
I like this site and I want…
I like this site and I want to learn more about informatique systeme . I live in Germany , I m 20
NoScript or Firefox? 15:35…
NoScript or Firefox?
15:35:47.923 TypeError: this.contentWindow is null 1 ExtensionPageChild.jsm:191:5
Update (8/21 7:45UTC): We…
Real alpha! (Most alphas were too boring :) ) Only versions with such bugs can be called alpha!
MinGW build needs more love:…
MinGW build needs more love: mozilla most likely forgot to add to it https://hg.mozilla.org/mozilla-central/rev/f1b7ef2430da
What do you mean? SSE2 was…
What do you mean? SSE2 was already required with Tor Browser 7.0 on Windows.
So? It doesn't mean they…
So? It doesn't mean they took care about MinGW/GCC toolchain and set the same options for GCC for Windows.
Everything they set seems to…
Everything they set seems to be " ../gcc-$gcc_version/configure --prefix=${prefix-/tools/gcc} --enable-languages=c,c++ --disable-nls --disable-gnu-unique-object --enable-__cxa_atexit --with-arch-32=pentiumpro --with-sysroot=/" in /build/unix/build-gcc/build-gcc.sh
Hey! I can run Tor Browser 7…
Hey! I can run Tor Browser 7.5.6 on Windows without SSE perfectly fine! And requiring SSE2 is a big mistake for Open Source!
Interesting. Are you getting…
Interesting. Are you getting updates on that system? E.g. if you are trying 7.5.5 (https://archive.torproject.org/tor-package-archive/torbrowser/7.5.5/) does it update to 7.5.6?
The 9 and 10 alphas I have…
The 9 and 10 alphas I have the same issue: My network connection test is not 100% stable. With ff DE and stable tor I have a flat line of 3.3 Mbps when doing network download test at testmy.net site. I have the tor proxy disabled for all tests. The alpha releases show a wobbly line varying between 3.0 and 3.8 mbps. This only happens with the alpha versions. Could you please investigate.
Which operating system? And,…
Which operating system? And, note, running Tor Browser without Tor is not supported. You might encounter all sorts of bugs in that scenario.
Windows 7 Pro x64
Windows 7 Pro x64
According to ghacks-user.js…
According to ghacks-user.js sections 4500 and 4600, with Firefox 55 and later the following prefs should be left at their Firefox default values if
privacy.resistFingerprinting
is enabled:dom.maxHardwareConcurrency
,dom.enable_resource_timing
,dom.enable_performance
,device.sensors.enabled
,browser.zoom.siteSpecific
,dom.gamepad.enabled
,dom.netinfo.enabled
,media.webspeech.synth.enabled
,media.video_stats.enabled
,dom.w3c_touch_events.enabled
,media.ondevicechange.enabled
,webgl.enable-debug-renderer-info
.However, 000-tor-browser.js still changes them, except
dom.netinfo.enabled
(setting the obsoletedom.network.enabled
pref instead),media.ondevicechange.enabled
, andwebgl.enable-debug-renderer-info
. Is this done on purpose or just an ESR52 leftover?That's a leftover I think…
That's a leftover I think. We have https://trac.torproject.org/projects/tor/ticket/27268 for the clean-up. I'll add your suggestion to the ticket.
More probably dead prefs:…
More probably dead prefs:
app.update.badge
,browser.download.manager.scanWhenDone
,browser.syncPromoViewsLeftMap
,devtools.appmanager.enabled
,dom.enable_user_timing
(maybe replaced bydom.performance.enable_user_timing_logging
and covered byprivacy.resistFingerprinting
?),extensions.checkCompatibility.4.*
,extensions.enabledItems
,font.default.lo
,font.default.my
,font.name.fantasy.*
,font.name.*.my
,general.productSub.override
,general.useragent.vendor
,general.useragent.vendorSub
,intl.charset.default
,media.audio_data.enabled
,media.eme.apiVisible
,network.http.pipelining.*
,privacy.suppressModifierKeyEvents
(covered byprivacy.resistFingerprinting
?),privacy.use_utc_timezone
(covered byprivacy.resistFingerprinting
?)Also,
security.tls.version.max
is 4 (which means TLS 1.3 support) in FF ESR 60, but 3 in Tor Browser (TLS 1.2 supported but not 1.3). Any reason for not allowing TLS 1.3 yet?Hello to Tor Developers, the…
Hello to Tor Developers, the bookmarks do not work with this version. I'll stick with the old one for now. Thank you for your hard work.
What do you mean by "they do…
What do you mean by "they do not work"? That bookmark items are not visible on the bookmarks toolbar? That's https://trac.torproject.org/projects/tor/ticket/27264.
This browser goes of the…
This browser goes of the charts on Panopticlick , but i do like it
That's not surprising as the…
That's not surprising as the dataset behind Panopticlick is biased and comparing your new Tor Browser against all the fingerprints already being in the database.
How can I disable HTTP2?…
How can I disable HTTP2? DEFINITELY dont want that sh*t
Security Check on Facebook…
Security Check on Facebook is broken on stable TBB 7.5.6!
Security check failed
You didn't correctly type the word in the box.
Security Check
Why am I seeing this?
Hey! Your blog has eaten all…
Hey! Your blog has eaten all html markup which is shown on a Facebook page!
the addon uBlock Origin is…
the addon uBlock Origin is not working with this version of tor browser and other addons .
I just visited Whoer.net on…
I just visited Whoer.net on my newly installed TOR Browser 8.0 and I'm able to see my device information. I have a Mac running OS X and I can see that information on Whoer.net. It should be showing my device as a PC running Windows and not a Mac running OS X.
do i need to install https…
do i need to install https everywhere ? cause i cant see Block all unencrypted requests check button by default
Upgraded Tor September 5 for…
Upgraded Tor September 5 for Mac OSX 10.9.5 (Mavericks) and it can not load anymore. Get a warning message it cannot start. Will try a new fresh download and see if it works.
Hi. Tor Browser 8 appears to…
Hi. Tor Browser 8 appears to have a problem with IDM integration add-on (internet download manager integration add-on). In this update, I am required to download the new IDM integration for "Firefox 53 or newer" from https://getidmcc.com/ because the new Tor browser uses a new Firefox browser, but when I do this I run into the following problem:
The IDM integration does not work on Tor browser when I install it and after I restart the Tor browser, the browser windows is invisible. Task manager shows Tor running, but the window is nowhere to be seen. I tried reinstalling Tor Browser several times and the same problem occurred each time I installed IDM add-on, until I downloaded and installed Tor Browser 7.5.6, which uses an older version of Firefox and thus I install IDM integration for "Firefox 52 or older" from the above-mentioned website like always, and I can download videos from online websites like before.
Please make Tor Browser 8 work with "IDM integration for Firefox 53 or newer", otherwise we won't be able to download any videos from blocked websites. I really need this. Thank you.
I'm looking forward to hearing from you. I will check here again to see your reply.
I'm sorry. I forgot to…
I'm sorry. I forgot to mention that Tor Browser 8's problem with IDM integration add-on is on Windows 10. I'm running Windows 10.
For some reason, tor 8 tab…
For some reason, tor 8 tab crashes when directed to my local (Israeli) addresses. Worked fine before upgrade.
How can I reproduce that?
How can I reproduce that?
Hi, my updated version of…
Hi, my updated version of Tor Browser 8 isn't working. It was installed on a Debian sid machine using torbrowser-launcher. The browser loads normally, but it does not matter what I write on the url, I cannot access any website.
By running the Tor Browser from its installation directory using --verbose as a parameter I get a lot of error messages. I have saved the messages here: https://pastebin.com/FBev291f
If I try to create another tab, I get basically the same error messages. No tab is created and I still cannot access any site.
By doing some research, I noticed that it may be connected to multi-process windows in Firefox: https://support.mozilla.org/pl/questions/1167673
It is suggested that I should disable the multi-process using about:config, but unfortunately I can't even access this configuration tab.
Do you have some suggestion on how to fix this? Do you guys need more info on this problem?
Does a download from our…
Does a download from our website work for you? If so, then please file a bug report at the torbrowser-launcher project.
have downloaded version 8.0…
have downloaded version 8.0 on apple Imac, in France, through update routine and get message window: "Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system, or faulty hardware..."
Downloaded version 8.5a (experimental) with identical result.
Tor log is empty.
I have upgraded to the…
I have upgraded to the latest tor browser on win7 64 bit. I am using the NonVisual Desktop Access (NVDA) screen reader from www.nvda-project.org version 2018.3.2. When I start tor browser with the latest update, I hear "establishing a connection," followed by "about tor browser," and that's it. This version of the tor browser is completely inaccessible. I suspect this has something to do with the initial versions of firefox quantum being inaccessible also; a problem which firefox has since fixed. When I run OCR on the tor browser help about page, it seems to say 8.0.2, and tells me that tor browser is up to date as far as I can determine. If this could please be looked into and fixed, that would be great. Thanks.
I recently downloaded Tor 8…
I recently downloaded Tor 8.0.3 64 bit to my new computer that has Windows 10 64 bit. The browser launches, but I cannot bookmark web pages, the bookmarks toolbar doesn't appear, the menu button in the upper right does nothing and customize gives a blank screen. Any idea what's going on? Thanks.
https://bugs.torproject.org…
https://bugs.torproject.org/27264 sure looks related -- and looks like it was fixed in a recent Tor Browser.
You're posting on a really old blog post, so maybe an update to your browser will help.