New Release: Tor Browser 8.5.5
Tor Browser 8.5.5 is now available from the Tor Browser Download page and also from our distribution directory.
This release features important security updates to Firefox.
This release is updating Firefox to 60.9.0esr, Tor to 0.4.1.5, and NoScript to 11.0.3. This release also includes various bug fixes. On the Windows side, we should now have support for accessibility tools. On the Android side, we added support for arm64-v8a devices.
This is expected to be the last release in the 8.5 series: on October 22 we will switch to the 9.0 series, based on Firefox 68ESR.
Note 1: Due to a temporary issue with our update infrastructure, we did not enable automatic updates for Windows, Linux and macOS users yet. We hope to be able to fix this issue soon. Update: this issue is now fixed, updates are enabled.
Note 2: Due to some issue with Google Play's new requirement for 64bit versions, we have not yet been able to publish the Android x86 and x86_64 versions on Google Play. We hope to be able to fix this in the next days. In the meantime the x86 version can be downloaded from our website.
Note 3: There is an issue with the aarch64 version on Android 9 causing a crash on every launch. We are working on a fix for this issue.
The full changelog since Tor Browser 8.5.4 is:
Comments
Please note that the comment area below has been archived.
I am sorry to say that…
I am sorry to say that triggering the update on macOS does not work… so, you might like to have a look into this, please.
We currently have an issue…
We currently have an issue with our update infrastructure. We hope to have it fixed soon to enable automatic updates.
Вы сделали проблему тысячам…
Вы сделали проблему тысячам людям! (((
hi, i have 2 questions: 1-…
hi, i have 2 questions:
1- is it safe to use the updated tor version as my own tor expert bundle? i mean copying the tor folder from the browser and replacing it with my expert bundle folder?
2- tor is blocked in my country and i'm using bridges, how many bridge nodes is enough for me? after how long should i update my list with new bridges and remove older ones?
1. If you're using the…
1. If you're using the expert bundle, then you should already know where to find the documentation of the binary and how to compare the hashes of binaries on your local machine. The expert bundle may not have the same relative directory tree structure as the browser bundle, and it probably doesn't have the same torrc contents. The tor binary in the browser bundle is supposed to be identical to what would be shipped in an expert bundle, but you should compare hashes of the same version anyway. The more you customize your configuration, the more you are on your own to determine if it's safe. Sometimes, better answers can be found if you describe your goal and constraints instead of one step in the path you chose to reach it.
2. I'm only a user, but if I was in your situation, I would keep three or four bridges that only support obfs4 or meek. I wouldn't use at least two of them so that when the bridges I'm using inevitably fail, I could use one of the unused bridges as a spare or a backup to request more bridges (maximum six). My unused bridges would also be unknown to eavesdropping network censors until I use the bridges or until they discover the bridges from someone else. Verify the status of all of your bridges every couple months here: https://metrics.torproject.org/rs.html I wouldn't remove bridges unless they support less trustworthy pluggable transport protocols or they have been removed from that relay search site. Don't treat bridges the same as you treat guard nodes.
Since your country censors the Internet, it may help to bookmark these:
* Open Observatory for Network Interference: https://ooni.torproject.org/
* https://www.censoredplanet.org/
* https://en.wikipedia.org/wiki/Internet_censorship_and_surveillance_by_c…
I assume you already know that you should be careful about your behavior and OpSec as well.
I installed Android 10 today…
I installed Android 10 today on a Pixel XL and torbrowser 8.5.4 stopped working. I then saw 8.5.5 armv7-multi was out so I downloaded, verified and installed and it also does not work.
Description:
Name of the affected software
-----------------------------
TorBrowser 8.5.5. & 8.5.4 for Android / Android 10 (Q)
Exact steps to reproduce the error
----------------------------------
Open torbrowser app.
Tap "CONNECT".
Orbot connects to tor network.
Firefox opens.
Actual result and description of the error
------------------------------------------
Firefox opens, about:tor displays nothing, settings are greyed out, there's no security settings slider, no noscript entry. Entering a URL does nothing -- seems like the app is frozen. Selecting Exit in the menu does not close the app.
Desired result
--------------
Browse the web.
Yes, that's https://trac…
Yes, that's https://trac.torproject.org/projects/tor/ticket/30607. We think we might be good with the switch to ESR 68 which happens in October. Meanwhile a new alpha, 9.0a6 is supposed to get out today which is already based on ESR 68. Could you test that one and report back if it solves your problem?
Ok, I will test it and thank…
Ok, I will test it and thank you for the response. Missed the ticket, sorry.
where u go get the alpha?…
where u go get the alpha? https://www.torproject.org/download/alpha/ = no android
Good question, I opened a…
Good question, I opened a ticket for our website: https://trac.torproject.org/projects/tor/ticket/31641. In general it should be available on https://dist.torproject.org/torbrowser/ as well. (Note: the real .apks (not the -qa ones) currently live at https://people.torproject.org/~gk/builds/9.0a6/. They still need to get synced over to dist.torproject.org and then we get the alpha out).
where u go get the alpha?…
where u go get the alpha? https://www.torproject.org/download/alpha/ = no android
Reporting back on the Pixel…
Reporting back on the Pixel XL running Android 10 now with 9.0a6 installed. Everything seems to be working as it should. Problem solved. Thanks very much.
Tor browser force close as…
Tor browser force close as soon as you open it
No way to import/export…
No way to import/export bookmarks yet? I still have a lot of bookmarks in an old version...
Have you looked at this link…
Have you looked at this link?
http://kb.mozillazine.org/Backing_up_and_restoring_bookmarks_-_Firefox
Sorry, I meant the mobile…
Sorry, I meant the mobile version of Tor (on Android).
How old is your "old version…
How old is your "old version"?
the solution i think will work:
1. Install regular esr or portable esr firefox, of the same version of esr that tor used in the "old version" tor browser of your bookmarks.
2. Drag you old places.sqlite (bookmarks file) into the firefox profile (This will replace the new default places.sqlite)
3. a. (if "paranoid", then you could now shut down your internet connection)
3. b. Start up the old esr, open bookmarks manager, then export bookmarks as .html (You could choose to backup as .json, but as far as I know, you cannot *add* that file into your current tor browser profile's bookmarks)
4. Then start current tor browser, open bookmarks manager, then import that .html file. Those bookmarks will show up as a folder *added* at the end of the bookmarks manager tree pane.
Hopefully i am answering the question you asked.
Tor Browser for Android…
Tor Browser for Android version 60.9.0 is crashing on every launch
Same thing on mobile…
Same thing on mobile.
Android updated to most recent
Galaxy s9
Tried reinstall
Previous version worked just fine.
Kindly check comments on…
Kindly check comments on Play Store for Tor Browser as there are multiple reports of app crashes. Thank you.
Thanks, I've opened https:/…
Thanks, I've opened https://trac.torproject.org/projects/tor/ticket/31616, please add device information to it and other helpful steps to reproduce the problem. We thought we found all the crashers by fixing #31140 but it seems we were wrong. Sorry for the inconvenience.
Can someone please update us…
Can someone please update us...
Hey, Tor Browser doesn't…
Hey, Tor Browser doesn't work on Android 10. When will it start working?
I think as soon as we switch…
I think as soon as we switch to Firefox 68 ESR as the underlying Firefox version. We'll release an alpha (9.0a6) based on that probably today (please test it if you can) and will release the final stable on October 22.
Could you please update the…
Could you please update the RSA key in your instructions for verification?
The instructions for TOR 8.0.8 say:
gpg: using RSA key 0xD1483FA6C3C07136
When verifying 8.5.5 you see:
gpg: using RSA key EB774491D9FF06E2
Thank you
Which instructions? The…
Which instructions? The documentation on this page should be correct:
https://support.torproject.org/tbb/how-to-verify-signature/
Thanks for the info. I was…
Thanks for the info.
I was using the instructions from
https://2019.www.torproject.org/docs/verifying-signatures.html.en
I've now made a note of where to go to get the latest, up-to-date instructions.
Thanks again
I have now followed the…
I have now followed the instructions at the location you gave (including downloading the latest GPG4win version - 3.1.10) but I am still having trouble.
When I put “gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org” into cmd.exe
All I got was “gpg: error retrieving 'torbrowser@torproject.org' via WKD: No inquire callback i
n IPC
gpg: error reading key: No inquire callback in IPC”
I can’t see what I have done wrong.
Can you pls help?
Thanks
Trisquel 8 x86 gpg --auto…
Trisquel 8 x86
gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org
gpg: invalid auto-key-locate list
gpg: Invalid option "--locate-keys"
Which version of gpg are you…
Which version of gpg are you using?
WKD lookup is implemented in GnuPG since v2.1.12. Maybe you are using gpg 1 and need to install the gpg2 package.
gpg2 --version gpg (GnuPG) 2…
gpg2 --version
gpg (GnuPG) 2.1.11
libgcrypt 1.6.5
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
sudo apt-get upgrade gnupg2
Reading package lists... Done
Building dependency tree
Reading state information... Done
gnupg2 is already the newest version (2.1.11-6ubuntu2.1+8.0trisquel1).
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
That's probably why I'm getting the error message. I'll probably try verifying it using TAILS instead. Thanks and more power!
New update not working on…
New update not working on android version 9....
Regarding: Editing the Torrc…
Regarding: Editing the Torrc
Somewhere (I cannot remember where) you have said that editing the Torrc (e.g. specifying guard node or exit node countries) affects anonymity in ways that you “do not understand”.
I live in Western Europe. I have reinstalled the TOR program about 100 times to see where the guard node is located. After doing this with 854 and 855 the same four countries (France, Germany, Netherlands, the UK) have appeared as the guard node country well over 90 times.
I do not wish to use these 4 countries for the guard node. How can I avoid them?
Isn’t TOR restricting itself by not choosing guard-node countries at random?
Please advise.
Thanks
Tor is selecting relays…
Tor is selecting relays randomly, without taking the country into account. Many of the relays are located in the countries you mentioned, which might explain why you often use relays from those countries.
you can edit torrc-defaults…
you can edit torrc-defaults before firstrun by adding ExcludeNodes {fr},{de},{nl},{uk} at the bottom:
...
...
...
## snowflake configuration
ClientTransportPlugin snowflake exec ./TorBrowser/Tor/PluggableTransports/snowflake-client............................
ExcludeNodes {fr},{de},{nl},{uk}
you shouldn't get connected to guards in these countries and none should be selected as guard.
[NOT TESTED] i don't know if ExcludeEntryNodes {fr} command exists and works!
you can preconfigure torrc by editing torrc-defaults before firstrun.
all this should be written into torrc during firstrun:
...
...
...
## snowflake configuration
ClientTransportPlugin snowflake exec ./TorBrowser/Tor/PluggableTransports/snowflake-client............................
EntryNodes yourchoice1,yourchoice2,yourchoice3,yourchoice4,yourchoice5
ExcludeNodes {sy},{cn},badnode1
ExcludeExitNodes {ir},{tr},badnode2
go to https://torstatus.blutmagie.de (or https://torstatus.rueckgr.at) and select some guards
of your choice (nicknames). maybe you specify a bunch of relays because not all of them are fast guards and
not all may work as guard.
you can exclude by nickname, IP and countrycode (lowercase!) e.g. {us}
in tor's documentation you'll find some further information.
countrycodes -> https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2
torrc can look like this (after firstrun) and you can edit whenever you like:
# This file was generated by Tor; if you edit it, comments will not be preserved
# The old torrc file was renamed to torrc.orig.1 or similar, and Tor will ignore it
DataDirectory PATH/tor-browser_en-US/Browser/TorBrowser/Data/Tor
EntryNodes yourchoice1,yourchoice2,yourchoice3,yourchoice4,yourchoice5
ExcludeNodes {sy},{cn},badnode1,{??}
ExcludeExitNodes {ir},{tr},badnode2,{??}
GeoIPFile PATH/tor-browser_en-US/Browser/TorBrowser/Data/Tor/geoip
GeoIPv6File PATH/tor-browser_en-US/Browser/TorBrowser/Data/Tor/geoip6
you can even specify a single or a few exits too (if they are exits):
ExitNodes myfavoriteexit1,myfavoriteexit2,myfavoriteexit3
OR
ExitNodes {us}
take care of brackets, spaces and , !
note: torrc-defaults WILL be overwritten during the next Tor Browser update!
good luck!
Many thanks to everyone for…
Many thanks to everyone for the helpful comments.
The TOR developers (in the information that I can no longer find) had said that TOR users should not edit the torrc for the reason stated above.
Could the TOR developers please advise if is now 'OK' to edit the torrc.
Thank you
No, modifying the way that…
No, modifying the way that Tor creates its circuits is strongly discouraged.
https://support.torproject.org/tbb/tbb-16/
it is ok to edit torrc to…
it is ok to edit torrc to avoid e.g. 5 eyes {au},{ca},{nz},{uk},{us} or slow/bad exits.
> Somewhere (I cannot…
> Somewhere (I cannot remember where)
> (in the information that I can no longer find)
> affects anonymity in ways that you “do not understand”.
It's from the old General FAQ:
Can I control which nodes (or country) are used for entry/exit?
The location of relays depends strongly on the where volunteer operators choose to set them up. The community has set up the majority of relay nodes in Europe and North America, but the distribution can change if volunteers set up relays in other places. (See the new Community site and the old General FAQ.) A comment linked to world maps in the recent blog post about bridges.
Tor Browser on this version…
Tor Browser on this version on Android 9 Pie (Pixel 2) crashes on launch. Previous version worked.
I am an android 6 user and I…
I am an android 6 user and I was using 8.5.4 version and it was working perfectly after updating to this version it crashed. and I just went through some testing with it. for some reason, the builtin tor within it is still on 0.3.5.8(based on the connection logs) and when it reaches 10% tor browser crashes. also, I tried to use bridges but immediately after entering the bridge settings it crashes.
Yes, tor 0.3.5.8 is within…
Yes, tor 0.3.5.8 is within TBB Android from 8.5 up to now, 8.5.6, according to the changelog. That's normal. On Windows + OS X + Linux, tor is 0.4.1.5 starting in TBB 8.5.5.
I also have some problems,…
I also have some problems, when I start TorBrowser, I see button "connect", but it stops to work, my phone just close the app, LG G7 ThinkQ
Hi, I've updated on Android,…
Hi,
I've updated on Android, It does not work! There is no way to run!!!!!!
Is there a way to downgrade to the previous version?
I restore default bar look …
I restore default bar look (right click - customize - restore default) and now few icons missing:
left side from adress bar: no script + something
right side: HTTPS everywhere + something
You might find any icons…
You might find any icons missing from your Toolbar if you look in your Customize window.
Tor Browser menu / View / Toolbars / Customize
I know this, but I think…
I know this, but I think everything strange with this crucial software should be reported.
The other missing icon (after default reset) is tor button and security level.
Note 9 app immediately…
Note 9 app immediately crashes and closes when trying to open it.
Not working on android. Just…
Not working on android. Just crashes
Any updates? Solutions?
Any updates? Solutions?
Appena apro l'app me la…
Appena apro l'app me la chiude subito
Don't work on Android 10((((
Don't work on Android 10((((
Play Store version crashes a…
Play Store version crashes a few seconds after launch. F-Droid version will build circuits and launch the browser, but all the menu items under "Settings" are greyed out and non-interactive. Pages won't load at all.
Здравствуйте. Жду когда…
Здравствуйте.
Жду когда ошибка вылета на android 9 будет исправлена.
Есть вопрос.В Orfox я столкнулся с проблемой долгого (а более точно вообще никогда не подключающегося) соединения к сайтам (onion,ну вы меня поняли).Подскажите пожалуйста в чем проблема соединения?
Заранее,благодарю.
https://support.torproject…
https://support.torproject.org/onionservices/onionservices-3/
Translated to Russian:
"Я не могу связаться с X.onion!
Если вы не можете получить доступ к желаемому луковому сервису, убедитесь, что вы правильно ввели 16-символьный или новейший 56-символьный адрес лука. Даже небольшая ошибка не позволит Tor Browser получить доступ к сайту. Если вы все еще не можете подключиться к луковому сервису, повторите попытку позже. Возможно, возникла временная проблема с подключением, или операторы сайта могли разрешить его отключение без предупреждения.
Вы также можете получить доступ к другим луковым сервисам, подключившись к луковому сервису DuckDuckGo."
Is there a schedule…
Is there a schedule somewhere for security updates? And is there any evidence of people using up 0-days before they are patched?
Basically I'm asking if there are any time periods when it's more risky than normal to enable javascript.
Also, it would be nice to see a breakdown of which exploits require javascript, and which affect users on each security level.
> is there any evidence of…
> is there any evidence of people using up 0-days before they are patched?
Yes, Tor Browser is based on Firefox ESR. Follow Mozilla's bug tracker as well as Tor Project's bug tracker. But your question is worded as if you think developers or white-hats magically know about a 0-day when someone else discovers them. Their very nature means they can be exploited long before someone publicly reports them. Follow exploit databases such as CVE.
There is no real schedule…
There is no real schedule. We mainly follow Mozilla's 6-8 weeks schedule of fixing security bugs found in the browser and then whatever comes up. There are some rare cases where people are using 0-days, yes.
Regarding the breakdown: yes, if someone would dig here and make such an overview that would be great. I could see us doing that but we lack the time. So, if you want to be the one helping out here, please do so.
Yep, Android 9 is a bust and…
Yep, it's a bust with Android 9 and the previous browser is disabled... redirecting us to a broken browser. How about letting us have the last version of the Orfox browser back until you get things sorted. Thanks.
How do i get Tor browser to…
How do i get Tor browser to work when my job blocks p2p through the wifi at work
> my job blocks p2p through…
> my job blocks p2p through the wifi
So do many Tor exit nodes.
To get Tor Browser to work behind a restrictive firewall:
General FAQ (old):
If none of the above solutions are acceptable, then click Configure again, and click "Tor is censored in my country" to enable a bridge relay. Please try to avoid using bridges so they will be available to users in repressive countries.
Just find an older apk…
Just find an older apk online and then turn. Kff auto updates. Back in business
Tor Browser is not opening…
Tor Browser is not opening in my Honor7X phone.
Whenever I open it automatically closes within seconds.
Tor browser keeps crashing…
Tor browser keeps crashing on android platform with the new 8.5.5 update
Why you remove GPG subkey's…
Why you remove GPG subkey's fingerprints from the documentation page, cut the gpg command output and reduce the content of the https://support.torproject.org/tbb/how-to-verify-signature/ ?
Can you restore an older version of this page?
I think we removed it to…
I think we removed it to make the instructions more useful. They where a little overwhelming on the old page and not organized very well.
Ok, but why you remove GPG…
I don't agree with it, but it is your decision, Ok.
But why you remove GPG subkeys?
What do you mean by …
What do you mean by "removing subkeys"?
How exactly would one…
How exactly would one disable a certain proxy? Haven't been able to locate this option for Android.
Please be more specific. Are…
Please be more specific. Are you talking about Tor or about proxies in general? Use a web search engine to learn about settings for proxies in general on Android.
Does this relese need orbot?
Does this relese need orbot?
No, Orbot is not needed.
No, Orbot is not needed.
Just updated to 8.5.5 and…
Just updated to 8.5.5 and got an invalid digital signature warning!
How can I be sure its not a compromised download?
What was the error message?…
What was the error message? Did you use the browser internal updater?
After updating the browser,…
After updating the browser, whenever i start it, it closes on its own. Device oneplus 6 android 9
Ny tor browser craches and…
Ny tor browser craches and turn off for about 2 sekonds now,,
I have Android 8.0.0 i gues,,
I found out this problem to Day 5 september,,
Greats B
Accessibility services When…
Accessibility services
When you say you have fixed “Bug 27503: Provide full support for accessibility tools”
Does this mean that (if users do not need such services) in the browser under Tools / Options / Privacy & Security / Permissions we should put a tick in “Prevent accessibility services from accessing your browser”?
If this is left UNticked does it mean that, e.g., users’ anti-virus programs can spy on them?
Pls advise as a matter of urgency.
Thanks
If you don't need…
If you don't need accessibility services, sure, ticking that checkbox should reduce possible attack surface (however, I have not checked what exactly that checkbox is doing).
If it is left un-ticked I am not sure what exactly external programs could do. I guess it would be worth looking deeper here. It ultimately boils down to whether you trust your anti-virus programs. They can easily spy on you even _without_ that checkbox enabled as they are usually pretty deeply embedded into your Windows system. So, if you don't trust them you should consider removing them instead.
I just installed tor_browser…
I just installed tor_browser 8.5.5 from the apk_file and everything seems to be fine.
Вечер добрый, тор обновился…
Вечер добрый, тор обновился и не работает теперь, до этого все было хорошо, исправьте ошибки, грузит максимум 25%,удалил и установил уже раз 50
hi! URL bar onion icon color…
hi!
URL bar onion icon color is different from padlock icon color.
i think they should be the same.
thanks!!!
Yes, agreed. We have https:/…
Yes, agreed. We have https://trac.torproject.org/projects/tor/ticket/26491 for that.
For anyone forced to migrate…
For anyone forced to migrate to a broken version of Tor Browser by the OrfoxRIP auto update, you can download the last working version of Orfox here:
https://github.com/guardianproject/Orfox/releases/download/Fennec-52.9.0esr%2FTorBrowser-7.5-1%2FOrfox-1.5.4-RC-1/Orfox-Fennec-52.9.0esr-TorBrowser-7.5-1-Orfox-1.5.4-RC-1.apk
Just be sure to back up your /data/data/info.guardianproject.orfox and /data/media/0/Android/data/info.guardianproject.orfox folders to a safe location first if you want to have any hope of recovering your bookmarks, tabs, preferences, etc. at some future time. Uninstalling OrfoxRIP and then downgrading to Orfox-1.5.4 will wipe out all those settings.
A few of the problems with…
A few of the problems with Tor
1) There may be a problem with bridges being a valid brige. Thee tracker reported several bridges not responding. "https://trac.torproject.org/projects/tor/ticket/30441" and this was going on for some time as I reported the error.
2) You no longer support many bridges and it appears only obfs4 and meek-azure are valid. The more bridge types the better but you have deprecated a few bridges like scramblesuit and I don't know why.
3) Android version of tor gives the ability to chooses your guard node (which country you connect) this option does not exist on the Mac. I have noticed that my guard node is almost always the same even when forcing a new circuit several times. Giving the ability to choose a guard node gives greater stealth. Why can't a Mac choose its guard node?
Yes, bridges can be offline…
Yes, bridges can be offline. We try to make sure only valid and working bridges are given out by BridgeDB and the default bridges shipped in Tor Browser should be available.
There is nothing that prevents you from finding e.g. scamblesuit bridges and using them in Tor Browser. It's just that we don't ship default ones anymore because the single one we shipped was overloaded AND scramblesuit does not offer better protections than, say, obfs4.
Tor Browser for Android does not let you choose the guard node country. That is deliberately done so as choosing that may seriously harm your anonymity. You should let pick Tor the proper path.
release the old version…
release the old version again please, the latest version can not work, release a new version only if it's a real stable version please
There are problems with…
There are problems with Google Maps, it can be in French if the exit is in France and maps show only after using the new circuit function. Other sites like Youtube have the same language issue.
Inter updater just don't…
Intern updater just don't update the browser. It downloads the new version and asks for a restart to update, it restarts, show the update progression, starts the browser and it just didn't update and keep asking for a restart and says it's not updated, no matter how many times i try to restart the browser it just don't update even though it completes the update bar when starting the browser, its so frustating and annoying, is there any way i can delete the downloaded update from the internal updater so i can try again? I really don't want to have to download and install from zero the new version. I'm on linux. I've never had this problem before.
Hm, so this happened for the…
Hm, so this happened for the first time? What does the update log show if you flip
app.update.log
totrue
and look at the debug output in the browser console (you open that one with Ctrl+Shift+J)? Any errors you get?Additionally, after the update failed you should have a update.log file in your Tor Browser directory in Browser/TorBrowser/UpdateInfo/updates/0/ what does it contain?
Per Note 3: the crash issue…
Per Note 3: the crash issue is also resident in Android 10 as well as 9.
also crashing every launch…
also crashing every launch on Lenovo Tab 4 Plus 10" Android 7.1.1
Still having problems with…
Still having problems with tor sometimes crashing when i open it :/
Which operating system +…
Which operating system + version is that?
hello, thank you for the…
hello, thank you for the great work you do!
I have noticed a new issue with both system Tor version 4.1.5 and in Tor Browser 8.5.5 as follows: when using either obfs4 bridges or entry guards, i (sometimes) receive a message in the connection logs about the large number of circuits that have failed. i opened onion circuits to see and sure enough, it appears as if circuits try to form and are destroyed very quickly. i can use the browser fine, and i only notice the issue upon inspection of the logs.
wireshark shows many "Fin,Ack" disconnections immediately followed by a fresh "Syn" and the corresponding "Syn, Ack" on a fresh port each time on localhost. The packets look normal other than that (no duplicate ACKs or re-transmissions, and the packet sizes are consistent with how Tor behaves). It is a strange issue because if you do not pay attention, you may not notice. I have not seen any excess cpu use for example. The client hello's are fine, handshakes are normal and intact and from the packet analyzer's point of view, the only clue of something going on is the constant disconnections and re-connections (from localhost:9050 or 9051 respectively). There have not been any interruptions in the actual browsing experience though and no browser crashes. System Tor works fine too and you only notice an issue upon examining the circuits; no obvious crashes with system Tor either.
i experience this issue on debian buster (host) as well as in virtualbox machines and also on whonix. i have tried several different bridges and entry guards to no avail. Other than the circuits building and almost immediately being torn down, i can see no other problems. i tested on both a wired and a wifi vanilla connection (vanilla meaning no vpn or proxy or ssh etc.) and the issue was present on each try. I used a freshly downloaded/verified tar.gz for each trial.
I have an updated Firefox esr on the host system as well which showed no such activity from wireshark; obviously Nyx/onion circuits don't apply :)
when inspecting the Tor Browser connection with Nyx, i see that the tor percentage is jumping around alot. usually, it will stay at 0% if i am idle. on Nyx's connections page you can see the circuits building and then being destroyed in real time. It will build 4 or so and then they disappear and it says "Building.." This continues for as long as the app is open and you are using the browser.
i am pretty stumped on this one; i am not sure what would cause continual circuit building issues? thank you for anything you can think of. i will continue to debug this. thanks for reading
Hi, I'm from Iran, a…
Hi,
I'm from Iran, a dictator regime with worst filtered internet. After update to this new version(tor-browser-855) on my Android(v.7), I can't open tor-browser.
It just crashed!
I use desktop tor browser now.
I Know many Iranian that use tor have this problem.
Thank you so much for help freedom all over the world.
Just downloaded 8.5.5 from…
Just downloaded 8.5.5 from Tor page and installed the .apk. working so far
Is there a Tor related FAQ…
Is there a Tor related FAQ regarding NoScript addon or don't Tor users have concerns regarding NoScript to warrent a FAQ page? cheers
There is no FAQ entry. Users…
There is no FAQ entry. Users should not be concerned with NoScript at all which is one reason why we moved it out of the toolbar in Tor Browser 8.5.
Thank you for your reply. …
Thank you for your reply.
The reason I asked was the reply to the following question
Can noScript addon details be read in Tor? If you whitelist a site with the noScript settings so that you do not have to repeatedly input them, can these be read in Tor and thus identify the user or use these settings to follow the user?
As far as we know, the settings can't be read unless there is a major bug that hasn't been reported, but they can identify you. There is a traffic pattern of which URLs your browser accesses when it loads a webpage and an availability pattern of which features in the page's code become enabled when the set of accessed things are loaded. If the URLs your browser accesses are different from the URLs accessed under normal configuration, that difference can single you out to people logging your traffic or to scripts on the webpage. So your NoScript settings under the Per-Site Permissions tab can indirectly be determined or reverse-engineered.
Cheers I don't understand it all but going by your reply it means that it is best not to whitelist any sites I hope I have understood this I also understand that it is still ok to use NoScript thanks again
Thus, as the settings 'can identify you' and 'can single you out to people logging your traffic or to scripts on the webpage'. Thus, 'your NoScript settings under the Per-Site Permissions tab can indirectly be determined or reverse-engineered'. Why do you say, 'Users should not be concerned with NoScript at all'. Thanks in advance for a reply. NB I am not a technician in my understanding of answers.
Yes, the particular…
Yes, the particular whitelist can identify users which is why we don't recommend doing that. The user can be identified by websites embedding particular sites and then seeing who is requesting contents and who not and how the pattern looks like.
Users should not be concerned with NoScript at all in the sense that they should not need to dig into its settings to do something they want. We should provide a simpler interface as we only use a tiny fraction of NoScript's functionality.
Can't download any files, it…
Can't download any files, it keeps failing. It doesn't even ask where you want to download the file to. Using TorBrowser-8.5.5osx64
Is that a new issue with 8.5…
Is that a new issue with 8.5.5? Does it happen in a clean, new install, if you e.g. drag the app to your desktop after double-clicking on the .dmg (instead of dragging it to /Applications)?
minor "bug" is: about:tor…
minor "bug" is:
about:tor tab loads as an additional tab, at every tor browser start up.
have options set so when tor browser starts up, it loads tabs that were open when tor browser was previously shut down.
version 8.5.5 on Windows 7
I think you can enable that…
I think you can enable that if you leave the permanent private browsing mode Tor Browser is in by default.
Hi, I can no longer modify…
Hi, I can no longer modify user agent on this new tor browser. When I click on useragent.override theres only "true/false" options. Is there any way I can modify it in this new browser?
Having a strange problem…
Having a strange problem with 8.5.5 running under Debian 10 with MATE desktop environment running on an HP PC with 1920x1080 display: the window is incorrectly placed, title bar is missing, and the drop down menus don't work.
This is likely related to multiple problems with pretty much everything in Debian 10, which clearly was released too early, and which appears to be fairly useless.
Tails 3.16 booted from a DVD works fine on the same computer. I fear this might change when Tails 4.0 comes out because that will be based on Debian 10.
Request to blog maintainers:…
Request to blog maintainers:
Please listen to the many users who live in regions with slow internet infrastructure and who have complained that the huge images appear to be slowing down loading of the webpages so much that we have to manually enter links to blog posts we wish to read. Many issues involving Tor are hard to fix but this one is very easy: remove the huge images which are unneeded eye candy and replace them with much smaller versions.
Thanks, noted.
Thanks, noted.
TOR browser for Android 10…
TOR browser for Android 10 crashes on every launch. It can't stay afloat.
New update w/ Samsung Galaxy…
New update w/ Samsung Galaxy causes crash on every load immediately
After update of tor on Linux…
After update of tor on Linux Mint i have experienced extremely long time starting up the tor browser (>10 minutes). What coulis be the reason, and how to fix?
Probably unlikely (10 mins…
Probably unlikely (10 mins is a lot), but it might be because of some add-on while running on higher security levels - could be related to bug #23719
If that is the case try disabling all non-default add-ons or lowering your security level and see if it still takes that long to start up.
Related to https://blog…
Related to https://blog.torproject.org/comment/282424#comment-282424
Tor unexpectly exited on startup seen also on Tor Browser 8.5.5
Tor Browser closes control connection and therefore tor exits.
-------------------------------------------------------------
Sep 13 05:36:34.000 [notice] Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
Sep 13 05:36:34.000 [notice] Bootstrapped 95% (circuit_create): Establishing a Tor circuit
Sep 13 05:36:55.000 [notice] New control connection opened from 127.0.0.1.
Sep 13 05:36:55.000 [notice] Owning controller connection has closed -- exiting now.
Sep 13 05:36:55.000 [notice] Catching signal TERM, exiting cleanly.
Hm. Did we ever pinpoint the…
Hm. Did we ever pinpoint the exact version where this started for you?
Hello Tor developers & users…
Hello Tor developers & users!
Seems like the Roscomnadzor and SORM / Yarovaya's package network hardware
are blocking the possibility of OBFS4 connections.
Currently only "meek-azure" connects successfully.
Please check the OBFS4 availability (with OONI or such) for:
Russia, Moscow, ISP Onlime (Rostelecom).
Tor Browser version: 8.5.5 for Linux.
I have just gone to the page…
I have just gone to the page of an onion search engine and was surprised to see that my usual guard was shown at no. 3 in the list of declared nodes and another node was shown as the ‘guard’.
I called up another onion search engine and this time my usual guard was in its usual place.
Any thoughts?
Thanks
Having problems with…
Having problems with verifying GPG keys on 8.5.5 (Linux X64). I'm pretty much a n00b but I can follow Terminal instructions easily enough. I have tried updating the GPG keys too but no joy. I presume this is already already known about?
NoScript enables fonts in…
NoScript enables fonts in safer.
Which fonts? Do you have an…
Which fonts? Do you have an example?
Not op, but on Safer, open…
Not op, but on Safer, open the NoScript menu. Click the Options icon that looks like the NoScript crossed-out "S" covered by a wrench. On the General tab are the Present customizations, the pattern of checkboxes for the Default mode, Trusted mode, and Untrusted mode. All three have Fonts checked (allowed). Safer's description in preferences says "Some fonts and math symbols are disabled."
Yes. As the text says, only…
Yes. As the text says, only some fonts are disabled while I think the NoScript menu item would disable *all* fonts if it was checked.
I tested in IP check
I tested in IP check
BUG / ANONYMITY RISK ? I was…
BUG / ANONYMITY RISK ?
I was on youtube, the video started with an advertising, so while waiting advertising to finish I start reading comments to that video.
Advertising start playing FULL SCREEN automatically.
Do not remember which video but I think it's the problem is a new kind of advertisement, or some settings ?
Step to reproduce:
1. Go to youtube and start to watch videos without any other actions.
2. Wait for the right "strange" form of advertising.
3. Video / advertising start to play fullscreen at some point.
4. tbb yellow strip alert you about fullscreen at top.
TBB-8.5.5 x86_64 on Linux Ubuntu 18.04
I would love to install TOR…
I would love to install TOR browser, but it is not running under 32bit Win...is there any suitable version and how can I download it?
Thanks
We have 32bit bundles for…
We have 32bit bundles for Windows 7-10. You can find them on https://www.torproject.org/download/languages/. (We have the 64bit version on our main page because that's what most of our Windows users want to download anyway)
Can i copy/use prefs.js from…
Can i copy/use prefs.js from Tor Browser 8.5.5 in the next release?
I am not sure to be honest…
I am not sure to be honest and it probably depends on what preferences you have saved in your prefs.js file.
After the update with…
After the update with Windows 10 the Tor browser doesn't allow me to go to any sites, instead it says:
"The proxy server is refusing connections
Firefox is configured to use a proxy server that is refusing connections.
Check the proxy settings to make sure that they are correct.
Contact your network administrator to make sure the proxy server is working."
I can't find the proxy settings anywhere from the browser... What should I do? Thanks for the help! :)
That happens after…
That happens after restarting the browser as well? I wonder whether something is blocking Tor here. Do you have any antivirus/firewall software installed that could block things here? If so, which? Does it work if you uninstall that piece of software (disabling is often not enough)?
Does anyone know how Tor…
Does anyone know how Tor performs with Opera?