New Release: Tor Browser 8.5.1
Tor Browser 8.5.1 is now available from the Tor Browser Download page and also from our distribution directory.
Tor Browser 8.5.1 is the first bugfix release in the 8.5 series and aims at mostly fixing regressions and providing small improvements related to our 8.5 release. Additionally, we disable the WebGL readPixel() fingerprinting vector, realizing, though, that we need a more holistic approach when trying to deal with the fingerprinting potential WebGL comes with.
The full changelog since Tor Browser 8.5 is:
- All platforms
- Windows + OS X + Linux
- Android
- Bug 30635: Sync mobile default bridges list with desktop one
- Build System
- All platforms
- Bug 30480: Check that signed tag contains expected tag name
- All platforms
Comments
Please note that the comment area below has been archived.
I'm still concerned the hash…
I'm still concerned the hash of WebGL fingerprint isn't 00000000000 as in previous versions...
I have the same issue, https…
I have the same issue, https://panopticlick.eff.org/ says my webgl fingerprint is
Is it normal?
Well, just seeing the "f" I…
Well, just seeing the "f" I am not sure, but the fingerprint should not vary much across systems. We have two bugs tracking issues here so far, see:
https://trac.torproject.org/projects/tor/ticket/30531
https://trac.torproject.org/projects/tor/ticket/30537
Thanks for the reply! FTR,…
Thanks for the reply! FTR, the fingerprint is "f9a0f737691a9b57f5294121fc58a2df", which is one of the 2 fingerprints mentioned in http://ea5faa5po25cf7fb.onion/projects/tor/ticket/30531, so it should be fine.
Can you please add an…
Can you please add an advanced button that will enable us to directly select security level, javascript on/off, and images on/off? Just because you want low IQ grandmas to use Tor doesn't mean you should make all security options hidden and hard to use. If you want my opinion, hiding the security levels on the options page doesn't only make for better informed users, the reason given by the Tor developers for this change. It also ensures that the vast majority of users never get off Standard security. In other words, it ensures less security, not more.
Just my 2 cents.
Security level shield ->…
Security level shield -> Advanced Security Settings Is no good? JavaScript on/off and images on/off are no more hidden or visible than they are in normal Firefox about:config. Customizing too much away from the 3 levels makes your fingerprint stand out. NoScript icon is absent. It can be replaced, but the answer is buried in "New to Tor Browser?" walkthrough that advanced users won't think will say so. Tor Browser Security level is no harder or easier to use than before, two clicks from toolbar icon. The wording on first click could be more instructive, imo. I think it does result in many never getting off Standard.
No good. Needs a simple…
No good. Needs a simple button on the toolbar which opens to a selector showing the three security levels, not a scary link to 'advanced' settings.
i feel same. unfortunate…
i feel same. unfortunate TBB going backward. YOU REMOVED NOSCRIPT BUTTON. SHAME.
NoScript button was moved,…
NoScript button was moved, not removed.
https://blog.torproject.org/comment/281934#comment-281934
https://blog.torproject.org/comment/281991#comment-281991
https://blog.torproject.org/comment/281944#comment-281944
https://blog.torproject.org/comment/282078#comment-282078
https://blog.torproject.org/comment/281883#comment-281883
https://blog.torproject.org/comment/282297#comment-282297
See this comment later in…
See this comment later in this blog post:
https://blog.torproject.org/comment/282342#comment-282342
From the post for version 8.5:
https://blog.torproject.org/comment/281822#comment-281822
https://blog.torproject.org/comment/282013#comment-282013
https://blog.torproject.org/comment/282133#comment-282133
https://blog.torproject.org/comment/282178#comment-282178
good idea ffor access
good idea ffor access
No. Tor Browser is secure…
No. Tor Browser is secure out of the box. If you have to tweak settings to make Tor Browser secure then it's a flaw of Tor Browser. Standard security is actually really secure because Firefox is now hardened against exploits. If you can be exploited when you are on Standard then that's because the Tor Browser is broken, not because you fail to pick a higher security level. And exposing the option only creates a false sense of security.
> Just because you want low…
> Just because you want low IQ grandmas to use Tor
Wow, what a mean-minded engine of complaint you are.
> Just my 2 cents.
You know that's not a raise, right? Not from 50 cents its not.
Love the new icon! Keep up…
Love the new icon! Keep up the great work and security!
The shield or the half…
The shield or the half-covered target?
Plus one! Idea: one way of…
Plus one!
Idea: one way of understanding the shield icon (for security settings) viz the bullseye icon (for Tor Browser versions for major devices and OS's) might be that these serve as visual reminders that while Tor helps keep Tor users safe, everyone is a target, which implies that people who are not using Tor probably should be using Tor.
Not much to say, but I do…
Not much to say, but I do want to emphasize on what "qw" and "Thomas Tank engine" mentioned, because these 2 are legit issues.
Old Tor0.3.5.8 in new Tor…
Old Tor0.3.5.8 in new Tor Browser 8.5.1?
Why not 0.4.0.5/(0.4.0.6)?
We still need to give…
We still need to give dormant mode support in the alpha more testing but if nothing comes up we'll switch to 0.4.0.x in the next regular stable release.
"[...]give dormant mode…
"[...]give dormant mode support in the alpha more testing[...]"
Lack of logic?
4.0.5 is STABLE, torproject is testing in alpha and there are a lot of changes/bugfixes like padding.
Agencies needs no backdoors when torproject isn't introducing real improvements like padding faster.
No lack of logic, we need to…
No lack of logic, we need to test the changes in a *Tor Browser* alpha as we have to modify Tor Launcher as well to cope with the dormant mode introduced in the tor *stable*.
i just wanted to comment…
i just wanted to comment that i agree with everything Thomas Tank Engine has said. please consider implementing his idea.
Dah, it is now longer for…
Dah, it is now longer for users to go to temporarily change the security level.
If the bookmarks toolbar is shown, will change the screen size.
Can add the Preferences shortcut icon to nav bar (round gear or "sun" shape).
Two clicks & Preferences > Privacy & Security is open.
Share with comrades. Poka
How did you reach the…
How did you reach the conclusion that it's longer to click the Security Level shield icon, Advanced Security Settings than it is to open the general Preferences page, click the Privacy page, and manually scroll to find the 3 radio buttons?
For security, you don't find…
For security, you don't find a shield icon to be more intuitive than an onion?
Security options are shown in the UI tour since TBB 8.0a10 with Ticket #25695 but the tour may be simplified for returning users. Clicking on the icon brings up about:preferences security options for me.
A correction to my previous…
Just a reminder that users can open discussion about re-instating the security slider through bug report feedback:
Information to consider...
Why was it removed in the first place? "[T]o make setting security options accessible and more usable for everyone".
The lead developer of Tor Browser, gk, clarifies a limitation not yet in the manual:
Thomas the Tank Engine is…
Thomas the Tank Engine is right. The slider was fine the way it was before.
My recommendations:
a) remove the word "Advanced" from the button "Advanced Security Settings".
b) on the Security setting page under the "Safest" option, append "(editing via NoScript may expose you to fingerprinting)
c) for the "Standard" option please consider having a "No javascript from the FACAAGY corporations" enabled by default", ie. Facebook, Apple, Cloudflare, Amazon, Akamai, Google, Yandex". When a site uses blocked JS, a small speech bubble type element would appear from the NoScript plugin. Informing the person that FACAAGY corporation JS is disabled and how to enable it. The user can click, Go to Security Settings or ignore this message in future.
b) If developers go that…
b) If developers go that route, then Safer rather than Safest. Some sites have trouble on Safer which will cause some users to react by customizing NoScript. And click-to-play media simply adds custom entries to NoScript per-site permissions.
c) I doubt most people will have an idea what you mean by "FACAAGY". It sounds like you want a blocklist built in, but:
Should that be AGAFYCA? …
Should that be AGAFYCA? (Apple_Google-Amazon-Facebook-Yandex_Cloudflare-Akamai)
Regarding the Security Level…
Regarding the Security Level. Why not make something similar to https everywhere? Click on the shield icon (which is a nice choice by the way) to show the three options "standard", "safer" and "safest" and besides those options an on/off button each. This would simplify choosing the security level, would be preferable to "Advanced Settings" and look better then a slider. Furthermore you would just need one click.
(Non English speaker; apologies for strange grammar)
They cannot have on/off…
They cannot have on/off buttons because the 3 security levels are "mutually exclusive". Appropriate UI widgets for the security levels are radio buttons, a drop-down list, or a slider. On/off buttons are another form of a checkbox. Checkboxes are not mutually exclusive to other checkboxes.
Beauty is not the only thing to design for. Radio buttons provide the most accessible interface for selecting between paragraph-sized descriptions of the levels. The text stays visible when the selection is changed. To its credit, the vertical slider makes the hierarchy relationship between the levels immediately understood, but its compact form demands for the text to be replaced when the user moves the slider.
Lastly, developers basically said in comments to the blog post for Tor Browser 8.5 that they didn't want the levels to be simpler to choose than the old slider location because the level should really only be chosen at the beginning of the New Identity session. A simpler Security UI might lead newbies to change the level frequently in the middle of a session which would make their browsing activity conspicuous. Experienced users know better how to be careful.
If there would exist a prize…
If there would exist a prize for high quality software protecting privacy on internet,
then tor-browser would get first prize!
Just one little suggestion.
In order to verify the signature of the tor-browser archive one must be used to work with a CLI
like terminal.
Might it be possible to avoid this and (just like Tails) include the verification of the archive automatically?
Best regards
Include the verification?…
Include the verification? Think hard about what you're asking. Will an unverified program always be honest in verifying itself? The chicken or the egg. Fox guarding hens. Catch 22. Think about the chain of trust for each verification method. Tails' second method, BitTorrent, verifies that the downloaded file hashes agree with the torrent file or magnet link, but who gave you the torrent file or magnet link? Is the hash algorithm and your torrent program secure? Tails' first method is for you to install a browser extension. Was a man-in-the-middle attack possible? Is their extension signed? Is their server located at a third party hosting datacenter or CDN? Who are you trusting in the chains? Etc.
Learn how a certificate authority (CA) works. Learn whose certificates Windows uses to verify signed installers by non-Microsoft developers. For a spice of history, lookup NSAKEY. Next, contrast the public key infrastructure (PKI) to how the PGP web-of-trust works. Then, ask yourself, "How do I verify the GPG program itself if I have to trust it to run on my system and to verify honestly in order for me to verify it?" Figure out several ways. Next, figure out the best compromise for the most trustworthy way that is within your ability and within your acceptable risk threshold (related to what's called the threat model you decide on). Then, figure out the most trustworthy way that someone who is under threat from leaders of the country they are in or from pervasive global adversaries could do it. Compare to what they did to verify communications before mobile phones and then before the telegraph. Next, reassess your top methods for the types and amounts of metadata each method leaks.
Two examples of point-and-click interfaces for GPG are GPA and Kleopatra. For Windows, they are in the Gpg4win bundle. For Linux, they are in official repositories for most distros. For macOS, GPGTools integrates with the macOS services context menu. Those interfaces were made to manage keys and process e-mail messages. When you verify files, you can import and manage keys in those interfaces, but it might not be possible to verify files except by typing that one "verify" command in a terminal command prompt.
Glorious. Screenshot.
Glorious. Screenshot.
In order to verify the…
You only have to verify it manually the first time. You can update automatically after.
You can use graphical programs to verify signatures from the start: Gpg4win for Windows and GnuPG for macOS and Linux. After you install them, you can right-click and verify that two long sets of numbers match. No terminals necessary.
Seit wann wird die extra App…
Seit wann wird die extra App Orbot nicht mehr benötigt?
Replying to Mlders: …
Replying to Mlders:
Question (German):
Question (English):
Comments from New Release: Tor Browser 8.5:
Answer (German):
Anscheinend wird es noch gebraucht.
Answer (English):
Apparently it is still needed.
First off, will you guys…
First off, will you guys please add the HTTPS-EVERYWHERE and NOSCRIPT icons on the top bar by default (next to the Tor Button)? Those are important enough that they should be there by default without having to add it in customize.
Second, what was the point in changing the security settings UI from the old TorButton way of doing it? It's just adding an extra icon for no reason and less intuitive than the old settings. Also we should really have an an/tracking blocker like uBlock Origin added to TorBrowser by default as well.
You should NOT be changing…
You should NOT be changing any settings within these extensions on Tor Browser. They're hidden for the exact reason you want them to be there (people with no clue customizing things on a browser that's supposed to make you look the same as everyone else). If you want to use Tor Browser for anonymity, do not customize it. It very clearly says so.
About ad blocking: It's explained in the Tor documentary, why Tor Browser does not come with ad blocking. There are no "tracking blockers" that work, even if amateurs in forums may have convinced you otherwise. The fact that blacklisting of URLs doesn't work against tracking is why Tor Browser does not implement it and instead tries to solve the problem of tracking by creating separate circuits for different URLs and by making every Tor Browser user look about the same (excluding people like you, who change random settings because they think they know better, and who in turn stand out from the masses).
Your Logic is flawed, tell…
Your Logic is flawed, tell that to many people who have had their identity revealed trusting default settings in the TBB. Educate yourself and stop believing you are safe cause your using a privacy browser and thinking default settings are good enough.
P.S. Thanks Tor Developers and those who donate, You guys are helping everyone keep their information private. It isn't perfect, but Tor is the best we got for now.
It's not that ad blocking…
It's not that ad blocking doesn't work against tracking. It works well for certain threat models and configurations, but present implementations are not yet adapted well for the high bar threat model and low false-positives Tor Browser is designed for. A normal browser's fingerprint entropy compared to other normal browsers is drastically reduced by disabling javascript for instance. Populations of Tor Browser users installing different varieties of add-ons compared to most Tor Browser users is yet another issue. Imagine another situation: a normal browser on a free wifi access point that is configured to share one external IP address along with a restaurant or lobby full of other patrons who may or may not agree to synchronize their browsers.
Also we should really have…
Technically there is a ticket to add uBlock Origin to Tor Browser. uBlock Origin is a general-purpose blocker (also included with Tails) that can prevent WebRTC from leaking local IP addresses.
Anonymous is right: whitelist security is better than blacklist security.
This is important to mention…
This is important to mention:
The HTTPS EVERYWHERE icon on the top bar is MISSING SINCE A LONG TIME!
In the older releases it only appeared after some very long delay, but now it does not appear at all.
Even though I agree with removing the NoScript icon, I can not agree with removing the HTTPS EVERYWHERE icon, because it is absolutely needed for turning on HTTPS only mode, what is very very important because exit nodes can not and should not be trusted at all.
(By the way, I hope you have already solved the infinite loop problem what happens when posting here in high security mode, but anyway I posted here now, because the thing about HTTPS EVERYWHERE is very important)
Add it back to your toolbar…
Add it back to your toolbar is you think you need it: Right-click on the toolbar -> Customize... and drag the icon wherever you want to have it on your toolbar, done.
If you're worried about data…
If you're worried about data you send being sniffed by a man in the middle and the site's owners don't enforce HTTPS, then why do you trust the site to protect your data in the first place? If you're worried that exits are logging the full http URL, not just https domain.xyz, ads log the full URL anyway regardless of HTTPS. In that case, start a new identity in the onion icon after you finish using the site.
After update to newest…
After update to newest version on iMac Pro Mojave, Tor crashes, cannot roll back to older version, dead in the water, any advice?
What happens exactly when…
What happens exactly when you try to run Tor Browser? Do you have some error message?
Does the same happen with a new install of Tor Browser?
I have the same problem with…
I have the same problem with my macbook, TOR does not connect.
Do you have an error message?
Do you have an error message?
I am running Tor Browser 8.5…
I am running Tor Browser 8.5.1. When I try to set the Master Password, I get an error message that says "Password change failed', and "Unable to change master password".
The issue is known and has a…
The issue is known and has a workaround. See this ticket.
Thanks a lot for your work,…
Thanks a lot for your work, guys!
to the point: how do you…
to the point: how do you update tor within tails? i have looked but cannot find an answer that is clear enough..a step by step would be very nice..
You can update Tor Browser…
You can update Tor Browser in Tails. You need to wait for a Tails update.
A bit more on why it's best…
A bit more on why it's best to wait for the next Tails: if you try to install something fairly complicated like a Tor Browser bundle in Tails you might easily break some of the carefully tweaked configurations which Tails team put in to keep you safe(r). The risks of the consequences of something like that probably outweigh the possible benefit of replacing TB 8.5 with the current TB 8.5.1.
Please, listen to us and…
Please, listen to users and remove the extra and scary sounding Advanced Settings prompt. I only clicked on it after reading the comments here. Tiananmen Massacre's birthday was 2 days ago and China is getting more sophisticated.
Hi, I can not connect. It…
Hi, I can not connect. It shows me the following message on my MacbookPRo:
"Tor exited during startup. This might be due to an error in your torrc file, a bug in Tor or another program on your system, or faulty hardware. Until you fix the underlying problem and restart Tor, Tor Browser will not start."
I downloaded the last version tried to restart TOR but the problem persists.
There is a troubleshooting…
There is a troubleshooting guide in the manual.You might try a clean configuration:
If it still fails, it's a bug or a firewall issue.
Nice simple guide steps! I…
Nice simple guide steps! I wish it was in the support FAQ for visibility. It's good to clean configuration from time to time.
Please try running the…
Please try running the application from a shell prompt and let us know what messages you see. Open Terminal and type this:
/Applications/TorBrowser.app/Contents/MacOS/firefox
(assuming you have installed Tor Browser into /Applications).You have javascript enabled…
You have javascript enabled in your browser! Disable this for your own safety!
we want javascript plz i dont see it
Change the Security Level…
Change the Security Level shield icon to "Safer" or "Safest".
[06-06 09:30:42] Torbutton…
[06-06 09:30:42] Torbutton WARN: Version check failed! Web server error: 0
Is that reproducible? If so,…
Is that reproducible? If so, how?
It doesn't seem so. Maybe,…
It doesn't seem so. Maybe, it happens when Torbutton check occurs earlier than Tor circuit is established. What is reproducible is:
19:40:24.508 Public-Key-Pins: An unknown error occurred processing the header specified by the site. 1 en-US
https://aus1.torproject.org/torbrowser/update_3/release/WINNT_x86-gcc3-…
Thanks. I wonder whether the…
Thanks. I wonder whether the latter error is related to https://trac.torproject.org/projects/tor/ticket/21908.
Yes, it looks the same. In…
Yes, it looks the same. In general, it is intermittent browser bug, because I checked the headers, and they were correct. Also it seems to happen when you access some site for the first time only.
you can get even: 09:09:23…
you can get even:
09:09:23.060 TypeError: this._callback is null /Tor Browser/Browser/omni.ja!/components/nsUpdateService.js:3092:7
Mozilla boasts "Enhanced…
Mozilla boasts "Enhanced Tracking Protection" look-alike shield icon, June 4, 2019. Sure to confuse newbies of Tor Browser.
https://blog.mozilla.org/blog/2019/06/04/when-it-comes-to-privacy-defau…
https://blog.mozilla.org/blog/2019/06/04/firefox-now-available-with-enh…
Perhaps a better way would…
Perhaps a better way would be to give the user the option for the 3 security levels directly in the menu of the shield icon, but add a warning that changing this will change it for ALL tabs, not just the currently active one.
The regular Firefox settings should probably not be accessible through the UI at all. Same goes for the extensions settings. Making these accessible is a trap for people who don't know what they're doing and who think they can just switch stuff around like in a regular browser. If anyone wants to change a setting on Tor browser, for example a person who wants to test something and who doesn't need to be anonymous, they could still access the settings through the about:preferences page.
> add a warning that…
> add a warning that changing this will change it for ALL tabs
And that they should change it only when starting or ending a New Identity. What if a modal popup to change the security level displayed after a New Identity so you couldn't browse until you set or canceled it? Or the radio buttons were displayed on about:tor until HTTP activity? Would it dampen the effect of impulsive behavior? Would it link them to learn more?
> And that they should…
> And that they should change it only when starting or ending a New Identity.
I think this is good advice. Indeed I think somewhere TP offers the same advice. Possibly this injunction (choose New Identity whenever you move the security settings) should be more prominent?
Why is not possible to…
Why is not possible to comment this post?
https://blog.torproject.org/pride-and-privacy
Comments are turned off for…
Comments are turned off for that post, probably to avoid hate speech. It's happened before.
For how long have the 64-bit…
For how long have the 64-bit version of TBB for windows been available?
Just noticed I was running 32-bit version which i installed long ago when 64-bit wasn't available and it seems 32-bit users are not auto-upgraded to 64-bit so I had to re-install with the 64-bit TBB....
It's stable since Tor…
It's stable since Tor Browser 8.0, so a couple of months.
If the bridge type…
If the bridge type scramblesuit is deprecated should it be removed from the documentation for bridges?
I guess it depends on where…
I guess it depends on where the documentation is? It might still help people but, yes, we should make it in general explicit which pluggable transports we still support and which not.
I was referring to the…
I was referring to the bridge site for receiving new bridges
Videos aren't playing after…
Videos aren't playing after the update? Any help?
From which to which version…
From which to which version did you update? Could you give us steps to reproduce? What did you modify in Tor Browser?
To all complainers - please…
To all complainers - please be grateful, we are very fortunate to have tor
Plus one. P.S. Anyone who…
Plus one.
P.S. Anyone who can spare a few bucks please consider donating! I did.
Ever since the previous…
Ever since the previous update I've been having problems with downloading files, it's added to the download list, but on occasions it gets stuck starting the download, the bar is flashing blue and remains as in "unknown time left", is not a problem with the file or site, since if I try again it may then download normally, although it could happen for the new download to get stuck as well.
Another symptom of the issue is that the failed download cannot be cancelled or removed from the list, the entry would just remain there till the end of the session, while downloads that succeeded would behave just normal.
Now, this in on itself was not a problem(but quite annoying), I'll just try a new download and let the other one hanging there for hours until I was done using Tor, but now if I want to retry the download I'll be meet by a window stating that "the download cannot be completed for unknown reasons", and won't let me try for a new one unless I restart the browser, worse is some other downloads will be affected as well, some will show that window, others will download fine.
The behavior is random as far I can tell, but is almost always certain that the first download I try, whatever it is, will be stuck there for the rest of the session, along with any other that happens along the way.
Could you give us steps to…
Could you give us steps to reproduce and system information and Tor Browser modifications you did?
Had these same problems many…
Had these same problems many times, a new circuit has helped me with downloads. Also can help alot with the speed of the downloads. Have had no luck at canceling stuck downloads, sometimes they cancel sometimes they don't.
I've read so much about TOR…
I've read so much about TOR since i've been using it these last three and a bit years and i am basically no wiser than i was 1st time i used it. I had, and still have absolutely no idea how to change or even locate security settings before this latest change or since this latest change. Moreover even if i was able to locate security settings i do not know what security settings are the safest.
And as for downloading /uploading content???
winzip? or 7? or about 5 other free unpackers or whatever the hell they are called i have at various points downloaded them all but could i understand even 1% of how to use them? NOPE!
What infuriates me also is that i have CONTENT that i would happily share - but again ... i'd firstly need to know how to share beforedoing that.
Just my two cents worth also!
> I've read so much about…
> I've read so much about TOR since i've been using it these last three and a bit years and i am basically no wiser than i was 1st time i used it. I had, and still have absolutely no idea how to change or even locate security settings before this latest change or since this latest change.
That's disheartening but let me try to help.
> Moreover even if i was able to locate security settings
Look at the right side of the menu bar at the top of your Tor Browser 8.5.1 window. Click on the shield icon between the onion icon and the red UBlock icon.
> i do not know what security settings are the safest.
Unfortunately as a general rule we should expect to risk trading some usability (and maybe some anonymity) for better cybersecurity. And what works better for most might work not so well for you. All that said, the settings are "Standard", "Safer", and "Safest".
When you clicked the shield icon you should see a page with brief explanations of what additional security features are added by "safer" and "safest".
I always try to use the safest setting at every site I visit which does not entirely prevent me from using the site at all. For example, many sites work with "safest", but to play a video you may need to drop down to "safer" and reload (curly arrow icon at top left of menu bar).
I generally avoid sites which do not work at all except at "standard", and the number of blocked scripts I see tend to confirm that this is a wise practice.
> And as for downloading /uploading content??? winzip? or 7?
7zip, maybe?
> or about 5 other free unpackers or whatever the hell they are called i have at various points downloaded them all but could i understand even 1% of how to use them? NOPE!
I use Linux so I can't help you with Windows. Maybe someone else will address your question about using compression utilities on Windows?
> What infuriates me also is that i have CONTENT that i would happily share - but again ... i'd firstly need to know how to share beforedoing that.
Content (blog posts? videos of a street protest?) to share on... popular social media sites? This is a tricker subject I think and I have to agree that instructions seem to be hard to find, but I know people do this successfully all the time. The type of content and where you want to upload the content probably matters. I guess it is more likely you will be required to register an account (and to give a valid email) if you want to upload content. I hear good things about protonmail as an email provider which won't sell out their own users.
Maybe someone else can suggest a video tutorial?
(Not OP) What red uBlock…
(Not OP) What red uBlock icon? OP didn't say they are using Tails or separate add-ons.
https://tb-manual.torproject…
https://tb-manual.torproject.org/security-settings/
As for downloading/uploading content, I can't recommend appropriate things without knowing the kind of content and by what method or where you want to send it. 7-zip and others in general are called file archivers. You said Winzip, which is proprietary shareware for Windows, so I will assume you are using Windows. 7-zip is free/libre open-source software and is the one, single, archive program I recommend on Windows. Sometimes, however, it is not necessary to compress files.
There are many possible methods to share content, and there are positives and negatives for each method. Tor Project recommends OnionShare. https://support.torproject.org/misc/misc-12/
Suck off, fuckers! Fuck your…
Suck off, fuckers! Fuck your tiny updates and you yourself too. From yesterday I was not able to connect to my favorite site. Today, the tor browser said that it does not support the tor. Why? Were your invisible changes so important to reduce people in using their favorite browsers? Burn in hell, you and 'I added a space in my code, but million people will be required to update my software right now" people
> From yesterday I was not…
> From yesterday I was not able to connect to my favorite site
Using Tor Browser? No doubt the unnamed site has blocked Tor exit nodes from connecting. You cannot expect Tor Project to fix that, but you might try emailing the site owner yourself to ask that Tor be unblocked.
I have no idea what you might have been raging about in the rest of your comment.
By the way, how about a thank you to TP for providing Tor in the first place? Or at least a donation?
Yeah, it sounds like their…
Yeah, it sounds like their favorite site blocked Tor exit nodes.
https://support.torproject.org/censorship/censorship-2/
> Suck off, fuckers! Fuck…
> Suck off, fuckers! Fuck your tiny updates and you yourself too.
In future please bear in mind the self-evident wisdom of an earlier comment from a more positive minded user:
> To all complainers - please be grateful, we are very fortunate to have tor
> Burn in hell, you and "I…
> Burn in hell, you and "I added a space in my code, but million people will be required to update my software right now" people
You seem to be terribly unhappy that the Tor Project developers are working hard to fix bugs and to introduce necessary new anonymity and security enhancing features---- an attitude which frankly appears to be counter productive.
The devs cannot and clearly do not expect all users to understand all the changes introduced in each new version, but in the announcements they do list them for those with the background to personally study the changes in detail. Users should for the most part be happy, I think, that they do not need to understand the reasoning behind changes in the code in order to keep using Tor Browser.
For my part, I am full of gratitude to everyone who is working hard to keep Tor users safe(r) in an increasingly dangerous world.
Hi. I decided to remove…
Hi. I decided to remove Orbot + Orfox and installed latest version of Tor Browser (from Google Play store) on my Samsung Galaxy Tab A 2016 (Android 8.1), but now all web pages have a truly disturbing fixed-width font appearence.
I guess that's https://trac…
I guess that's https://trac.torproject.org/projects/tor/ticket/30913.
Hello Tor developers & users…
Hello Tor developers & users!
How can I easily know and understand the differences
between the various Tor Browser (TB) versions
(for example current v8.0.9, v8.5.1 and v9.0a1)?
Which preferences and about:config settings values is common
and which is vary in all these TB variants?
Where can I read about this more, in clearly explained form?
(I'm unexperienced TB user, began using it this New Year.)
Thanks in advance.
I read your 9.0a1 comment…
I read your 9.0a1 comment first, see my reply there: https://blog.torproject.org/comment/282413#comment-282413.
Tor Browser 8.5.1 seems to…
Tor Browser 8.5.1 seems to be working fine for me under Debian stable (currently Debian 9.9).
Regarding the question above from Mac users: I seem to recall that years ago, Apple computers were said to be harder to use with Tor Browser. Assuming I remember correctly, is that still the case?
More generally, I think it would be very useful for Tor Project to ask someone like Micah Lee to write a blog post offering up to date advice on how Tor users can improve their cybersecurity and privacy, beginning I suppose with constructing a threat model (this is the place where "up to date" is so important because several recent major revelations imply that many with an online life should revise their threat model to increase the likelihood that they will become particular if possibly automated targets of state-sponsored cyberespionage campaigns). Another basic point would probably be that there is litte point in using Tor if you never install security patches for your system.
Would that duplicate the…
How about Surveillance Self-Defense maintained by the EFF? It has guides for constructing a threat model, further learning and Tor guides:
I would prefer "browser…
I would prefer "browser.urlbar.speculativeConnect.enabled" default to false.
The issue is tracked with…
The issue is tracked with ticket 23392. It is tagged "needs_information"; if you are interested, you might provide information on Trac to help close the ticket. The pseudonymous account "cypherpunks", password "writecode" is available for all to use.
I would prefer "browser…
Ticket 23392 was closed recently, no changes since it was opened;
browser.urlbar.speculativeConnect.enabled
has an effect only when not in private browsing:Hi! Why not put back the…
Hi! Why not put back the security slider and another at the 'advance security setting'(like right now)?
Gmail has disable log in without javascript when accessing with tor now. Other sites include, zalora, qoo10, etc.
Whistleblowers take note:
Used Tor with the standard settings + logging in to criticise goverment and is tracked, still being tracked now. I also installed the same addons consistantly, so please avoid making my mistakes.
I hope you don't mean that…
I hope you don't mean that you logged in to an account that you created and used in a normal browser. Tor Browser cannot anonymize accounts that are already associated to your personal identity metadata.
Hello torproject, where is…
Hello torproject,
where is tor releasenotes ? Site in maintenancemode?
Till now i can click Documentation, Download and find all about.
Now .....it's more like a puzzle and no releasenotes at the logical place. Where?
Honestly, looks like Goofy is working for you.
Not sure what you mean. But…
Not sure what you mean. But as you are commenting on a blog post about Tor Browser I assume you want to see the changes made for the browser. That should be easy. On
about:tor
in the upper right there is theView Changelog
link and additionally, for up-to-date information you get a link to this blog post.An very easy to find link to…
An very easy to find link to releasenotes for tor stable and tor alpha?
Easy and clear like before torproject was changing the startsite and https://2019.www.torproject.org/download/download-easy.html.en
I need Tor for win 8 now!
Please I need tor for win 8 now!!!
I need Tor for win 8 now!
Tor Browser should work on…
Tor Browser should work on Windows 8, too. If not, what error are you getting?
All of a sudden, with this…
All of a sudden, with this current update, sites seem to be able to detect that I am using Tor for access, such as the New York Times as an example. I used to be treated as a normal visitor, but now as soon as I click on any article it blocks me as being in "Private Mode." This never happened previously, and it sucks. Is there any way to revert to the prior version?
I doubt this is a Tor…
I doubt this is a Tor Browser change. Rather, I suspect this is happening due to changes on those websites. They might just don't like users in private browsing mode anymore. Anyway, you can find older versions in our archive at: https://archive.torproject.org/tor-package-archive/torbrowser.
FYI: - https://bugzilla…
FYI:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1506680
- https://bugzilla.mozilla.org/show_bug.cgi?id=1366318
- https://bugzilla.mozilla.org/show_bug.cgi?id=781982
Thanks for the bug links. It…
Thanks for the bug links. It seems https://bugzilla.mozilla.org/show_bug.cgi?id=1506680#c12 is specifically talking about the New York Times even.
New York Times is…
New York Times is hypocritical as hell considering they run an onion service.
they track pple thru…
they track pple thru javascript and user agent also. Take note.
Ubuntu: impossible to…
Ubuntu: impossible to install with official instructions. Torproject.org has 2 different sub-websites for instructions to install TOR browser on Ubuntu. Both sub-websites include a signing key 886DDD89. This key has 2 problems:
1) On keyservers, there already exist 2 keys with the same last 8 digits
2) The public TOR signing key has some 1.3 Megabytes as a text file
When you want to install the key with the 8 last digits you might get the wrong key (totally legit signing key - which is from another company).
When you want to install the key with 16 digits or import it as text file then the gpg (gpg2) program refuses the import. The key is too big.
I recommend the following solution:
a) Merge the 2 sub-websites for installation instructions
b) Change the signing key to another key that can be imported into gpg (gpg2, GPA)
I use Debian so can't help…
I use Debian so can't help with Ubuntu specific issues, but since no else has spoken up I'll try to make a few comments which might be somewhat useful:
> Ubuntu: impossible to install with official instructions.
Am I correct in guessing that you tried to install the Tor Browser 8.5.1 tarball (file.tar.xz) by unpacking it somewhere?
> Torproject.org has 2 different sub-websites for instructions to install TOR browser on Ubuntu
Uh oh... Tor Project recently bungled the rollout of the long awaited new website, which turned out to be a much reduced main page and mostly broken links to the old website. There was quite a strong reaction from the user community as you will recall if you regularly read this blog. I guess the problem you noticed is part of that minor fiasco.
> Both sub-websites include a signing key 886DDD89.
Are you referring to the Tor Project Archive key? Isn't that used to sign debs? Isn't a subkey of another key (the Tor Browser Developer's key) used to sign the Tor Browser bundles?
I understand the issue about code (even GPG related code) not being consistent with using the last two viz the last four groups of hex digits as short references to a complete fingerprint, but I guess you already know about that. In any case, Tor Project needs "upstream" to fix that issue, because TP does not maintain gpg.
1) I find 5 sub-websites …
1) I find 5 sub-websites (pages) showing 16-bit (long) key ID or 40-bit (full) fingerprint. None of them recommend 8-bit (short) key ID.
https://2019.www.torproject.org/docs/debian.html.en
https://2019.www.torproject.org/docs/signing-keys.html.en
https://support.torproject.org/#operators-4
https://support.torproject.org/tbb/how-to-verify-signature/
https://2019.www.torproject.org/docs/verifying-signatures.html.en
In your
gpg.conf
file, enter:2) Tor people, key
0xEE8CBC9E886DDD89
has problems! When you go to some HTTP keyserver websites and search for the key, the page of results lags other tabs and shows binary mojibake. The ASCII armored text file is 3.4 MiB. GPG returns:2) Tor people, key…
See https://github.com/Stadicus/RaspiBolt/issues/343, talking about https://dev.gnupg.org/T4022. Workaround in this comment that in turn comes from Tor Project Ubuntu docs:
$ curl https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --import
As I understand it, everything's okay: the lag on HTTP keyservers is expected, because the file is huge, and the mojibake is OpenPGP without ASCII armor.
19 KiB. What a difference…
19 KiB. What a difference. It works but is not ideal for there to be a single source for the key. On top of that, its self-signature is in SHA1, and it cannot be updated until clients install gpg 2.2.9. At least GnuPG patched their piece. Very good research. Thank you.
app.normandy.enabled is true?
app.normandy.enabled is true?
Yes, we did not modify that…
Yes, we did not modify that preference as it should not take effect, see: https://searchfox.org/mozilla-esr60/search?q=app.normandy.enabled&case=… where it is only used in tests.
Hey, just a thing that I've…
Hey, just a thing that I've noticed, ever since the most recent update I've been getting --unknown-- listed as the final part of the Tor circuit every time without fail... Is this something I should be concerned about? I've tried restarting, new identity, new circuit, but I still get that --unkown-- one at the end...
Hm, I think we had a…
Hm, I think we had a discussion about that on one of our recent-ish blog posts... On which system does that happen? And that started after the update to 8.5.1?
Mac El Capitan, and yes ever…
Mac El Capitan, and yes ever since 8.5.1 (still doing it now). I'm hoping it's just a cosmetic error but I'm no IT expert by any means!
> I think we had a…
> I think we had a discussion about that on one of our recent-ish blog posts...
https://blog.torproject.org/comment/280689#comment-280689
https://trac.torproject.org/projects/tor/ticket/30171
Just tried a clean install…
Just tried a clean install and it fixed the problem. Don't know why that didn't come to me earlier.
Strange behavior using obsf4…
Strange behavior using obsf4 XX.XX.XX.XX when I go to https://shop.bmw.ca it says the site is not secure when it is when locally connected outside of Tor.
I don't think this is obfs4…
I don't think this is obfs4 related. I have trouble connecting to that website as well without using any bridges or pluggable transports.
I find using Tor prevents me…
I find using Tor prevents me from making comments on news articles that use Disqus to make comments, on their article and you can't open a Facebook account. It does the same as you do asks a question to make sure whether you are a human or not and no matter how many times you answer the question it asks you another one. Is this because Tor believes these are bad places to visit for safety reasons?
The Captcha problem is many…
The Captcha problem is many years old. Some types of Captchas do not work and may conflict with settings in browsers. Tor Browser does not block particular places but does block particular functions. Since most Captchas work fine, I put the blame on those not working Captchas rather than Tor Browser.
Reading all these comments I…
Reading all these comments I am starting to believe that Tor is for people who are way ahead of what I am when it comes to computer knowledge.
It's made by people who are…
It's made by people who are way ahead of most people, but I don't believe it's only for people who are. The interface was redesigned over the years for simplicity and to reduce dangerous actions.
https://2019.www.torproject.org/about/torusers.html.en
Hi Yall, Love Tor Browser…
Hi Yall, Love Tor Browser. Love my privacy. Thank you
Small but very annoying problem. I use dark themes everywhere. However when opening a "new tab" I get a blinding white screen. I can't find a solution or a workaround. Can anyone help? Thanking you in advance.
PS: when i use a standard Firefox browser i have the option to set "new tabs" to a page. I use Duck Duck Go, and the dark theme applies. Can't do it in Tor...
Try these steps. Click ,…
Try these steps.
Click , select "Customize" (screenshot and button image from Firefox help):
Click the "Themes" button near the bottom. Under the heading "My Themes" click "Dark" (not shown in this old screenshot):
It should then look like this:
Just update Jun 17 16:47:39…
Just update
Jun 17 16:47:39.000 [notice] New control connection opened from 127.0.0.1.
Jun 17 16:47:39.000 [notice] Owning controller connection has closed -- exiting now.
Jun 17 16:47:39.000 [notice] Catching signal TERM, exiting cleanly.
seen now on Tor Browser 8.5.1 on startup.
( This is same than what I have seen Tor Browser 8.5 earlier.
Mostly occurs when Tor Browser is started quite soon after boot.
I suspect that somewhere is short timeout or something like that.
)
Here is another problem…
Here is another problem. When I go to the site "https://www.asus.com/Phone/ZenFone-4-Pro-ZS551KL/HelpDesk_Manual/"
it gives a access error "Access Denied" but if I continue to to get new circuits for the site it finally works.
That's one type of message…
That's one type of message returned by websites that means the website decided to block Tor exit nodes. The site checks if your exit node is on a list of exit nodes. The site blocks your exit node if it's on the list they check. Tor Project also has a FAQ for site admins.
Mozilla releases Firefox 67…
Mozilla releases Firefox 67.0.3 to fix actively exploited zero-day.
https://www.zdnet.com/article/mozilla-patches-firefox-zero-day-abused-i…
How do you back up Bookmarks…
How do you back up Bookmarks on TorBrowser for Android? New app installed but bookmarks stayed in old app.
"We're still considering the…
"We're still considering the best solution here because Firefox Sync is not available on Android." [1] [2]
I have the Android version…
I have the Android version of TBB, I get this error when trying to make a screenshot.
"Screenshot disabled for security reasons"
I tried to "save image as" but doesn't work either and shows no error message,
https://blog.torproject.org…
https://blog.torproject.org/comment/282272#comment-282272
I set Tor browser will Use…
I set Tor browser will Use custom settings for history, tick off Remember my browsing and download history, then restart Tor browser, the settings seemed to be restored.
What about https://www…
What about https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/#CVE-2019… ?
It's strongly discouraged to…
It's strongly discouraged to install new add-ons in Tor Browser, because they can compromise your privacy and security. Tor Browser already comes installed with two add-ons — HTTPS Everywhere and NoScript — and adding anything else could deanonymize you.
Is it realy true?
1. I has ran Tor Browser/security level Safest/ without Ublock origin on the portal http://ip-check.info/index.php?jsID=16958488abc&auth=352833557&15610391….
And there is :Java script is activated .see picture 1.
2.I has ran Tor Browser/security level Safest/ with Ublock origin on the portal http://ip-check.info/index.php?
Andd ther is :Java script is currently off.
stevetoll
Yes, that's really true as…
Yes, that's really true as one does not know what those extensions are doing unless one keeps auditing the code.
am i the only one that is…
am i the only one that is bothered by tor now collecting my info and store it and calling me by my real name isnt that how google started telling you its for our own records well i no it botheres me and i looked to try and opt out but was never able to find where to opt out hum sounds like google to me im not sure i will be useing tor anymore myself dont like the idea of someone tracking what i do on the net so much for being annomus i guess
Where should we store your…
Where should we store your information and call you by your name?
am i the only one that is…
Chances are it has nothing to do with Tor because Tor would not know your name.Tor collects privacy-aware logs for download statistics but does not collect or publish your real name (or much else about users). Either you've given your real name to a site in the past, or they're sharing your information.
Suggestions:
There does not seem to be any opt-out, but you don't need to opt-out to remain anonymous. The Tor Metrics logging improves privacy and security, as security expert Bruce Schneier explains: "...With good network metrics, you can look back for indicators and anomalies at the time a privacy issue was reported. You can also extrapolate and look forward to prevent related issues in the future..."
The nice thing about Tor technology is that you can benefit from its security even when you don't trust the Tor Project, because the Tor Project itself cannot read your Tor traffic.In the end it's your decision to use or not to use Tor. EFF maintains a privacy section and tool guides. In addition, there are other dark web technologies, like I2P.
Am using the latest Tor…
Am using the latest Tor version in Windows 10 op sys with lots of disk and memory capacity. Noticed that when Win 10 is in high contrast custom color mode in desktop view, web mail and other email utilities entry fields turn BLACK with BLACK text. Also, many web pages get re-formatted where HTML details and graphics are lost and only skinny looking web pages appear . Please analyze this situation with Win 10 h/c desktop color schemes so Tor will display web and app pages properly, thanks! 05-Jul-2019, 0954AM PST
Can't download the dev key…
Can't download the dev key on windows...
gpg --auto-key-locate…
works for me on my Linux box. I tried it just now. Does it still break for you?