New Release: Tor Browser 9.0.3
Tor Browser 9.0.3 is now available from the Tor Browser download page and also from our distribution directory.
This release features important security updates to Firefox.
This new stable release picks up security fixes for Firefox 68.4.0esr. We also updated Tor to 0.4.2.5 for the desktop versions. On Android we fixed a possible crash after the bootstrap.
Reproducible Builds
As with previous releases since 9.0, a bug in our toolchain is making it more difficult to reproduce our builds (a second rebuild is sometimes required to get a matching build). Fortunately, we now have a fix for this issue, which we are testing in the alpha series, so this should be fixed in the stable release that we'll have in February.
Tor Browser 9.0.4
Mozilla is preparing a new Firefox version, 68.4.1, fixing an additional issue, therefore we are planning to release version 9.0.4 of Tor Browser picking up this fix soon.
ChangeLog
The full changelog since Tor Browser 9.0.2 is:
- All Platforms
- Update Firefox to 68.4.0esr
- Bump NoScript to 11.0.11
- Translations update
- Update OpenPGP keyring
- Bug 32606: Set up default bridge at Georgetown University
- Bug 32659: Remove IPv6 address of default bridge
- Bug 32547: Add new default bridge at UMN
- Bug 31855: Remove End of Year Fundraising Campaign from about:tor
- Windows + OS X + Linux
- Bump Tor to 0.4.2.5
- Update Tor Launcher to 0.2.20.5
- Bug 32636: Clean up locales shipped with Tor Launcher
- Android
- Bug 32405: Crash immediately after bootstrap on Android
- Build System
- Linux
- Bug 32676: Create a tarball with all Linux x86_64 language packs
- Linux
Comments
Please note that the comment area below has been archived.
see navigator.userAgent in…
see navigator.userAgent in linux
https://trac.torproject.org…
https://trac.torproject.org/projects/tor/ticket/28290
Hi, is there a tor browser…
Hi, is there a tor browser forum where we can discuss the browser performance vis-a-vis captcha detection of said browser? Irc is not working for me.
Facebook not allowing upload…
Facebook not allowing upload of photos and videos (all personal and copyright free), when using their .onion address over Tor. Only way around this is to use a node that has been previously used to sign in on the usual Facebook address.
And for this to work we need the option to specify our own nodes. Please bring the ability to select nodes.
You are crippling advanced users like me and more!
You can edit torrc to select…
You can edit torrc to select an exit node.
But doing that is bad for anonymity, so we won't be adding an option for that in the gui.
Well if you feel so advanced…
Well if you feel so advanced, edit the torrc, no GUI options for you any time soon.
But facebookcorewwwi.onion…
But, correct me if I am wrong, facebookcorewwwi.onion has no way of seeing what is your exit node, it just sees the last three nodes in your route, just like you see the first three.
Nothing showing in Google…
Nothing showing in Google pastor yet?
What is Google pastor?
What is Google pastor?
Are these sums correct? I…
Are these sums correct? I get different results from DDG engine. Please and thankyou
$ md5sum tor-browser-linux64-9.0.3_en-US.tar.xz
9faa33ed8e7398007464bbc831c73513 tor-browser-linux64-9.0.3_en-US.tar.xz
$ sha256sum tor-browser-linux64-9.0.3_en-US.tar.xz
8983d3784b9563b67e54ed46c74839aa486013fbc3568441cf1c3b09abbd5169 tor-browser-linux64-9.0.3_en-US.tar.xz
The sha256sum is correct. …
The sha256sum is correct.
You can also verify the gpg signature following the instructions from this page:
https://support.torproject.org/tbb/how-to-verify-signature/
> I get different results…
> I get different results from DDG engine.
See replies to your old message
https://blog.torproject.org/comment/285203#comment-285203
Tor never works within China…
Tor never works within China without upstream proxy,and year 2020 is just getting worse.
neither meek nor any obfs (including obfs4) works,they are useless behind GFW.
And about 'request for bridge' : I can get the CAPTCHA shows up but after entering the corrected one I don't get any bridges.
I see it in wireshark that when i click the 'request for bridge' and when the CAPTCHA shows up,the connenctions are fine.Even submitted the wrong one the connections works properly.
But after submmited the right CAPTCHA,the connection get TCP RST at the last 2 connections.
I tried several times and this always happens,so i am sure it is not coincidence
My guess is GFW can detect this and intercept bridges for sure.
I high suspect that GFW actually use this to get tor bridges and block them if someone in china tried to get a tor bridge without upstream proxy
unlike most and tor people believe that the GFW use manual or bots methods to get tor bridges blocked,i think in this case they are using this kind of MITM method to get tor bridges blocked
Also the GFW are getting stronger since 2020,many proxy/VPS/VPN are not working properly or not working at all even.
Even with luck that some connections do work,they only last like literally 1~10 minutes,some for like 1 hour or 3 hours at max but will surely be disconencted and blocked by GFW soon,then become unavailable
Which means tor is totally unavailable and useless to use in china let alone bypassing GFW.
For what is worse all ISP are directly controlled by CCP and GFW in china in case you don't know.
China is trully just a very huge prison actually.
The situation in China is really bad and getting worse and worse.
I only get to this website with mere luck and i am sure this connection will be lost within 10 minutes.
I can not contact others and have almost no hope to do so
if any of you read this please look into it and help.Atleast tell others.please
Please help.
Thank you in advance
Hi, thank you for sharing…
Hi, thank you for sharing your experiences with this. This information is helpful and we'll be sure to follow up on it. We are actively working on the GFW situation and we believe that private obfs4 bridges (those not distributed through BridgeDB) still work. We're also working on a new transport called Snowflake that has had mixed success in China.
We can send you a private bridge if you contact us directly on IRC or by email at cohosh@torproject.org or phw@torproject.org
What happens if you try to…
What happens if you try to connect to some website hosted on Microsoft Azure? It could be something is temporarily wrong with it. In fact, that's by orders of magnitude more likely than that GFW can somehow decipher your connections with Azure.
Media from 3rd party site…
Media from 3rd party site doesn't play until Media for the 1st party site is allowed on Safer :(
@boklm No option to do that…
@boklm
No option to do that on Android! Orbot had this.
You must take a look what…
You must take a look what was asked here before and how he got a false promise from @gk
This was not a promise, and…
This was not a promise, and the ticket is still open:
https://trac.torproject.org/projects/tor/ticket/28786
Although it is not currently high priority, so I don't know when it will be done, but it looks like something we want to do after the switch to fenix to avoid doing it twice.
Proxy server not connected…
Proxy server not connected issue in Android 9
What about CVE-2019-17026?
What about CVE-2019-17026?
A new Tor Browser release is…
A new Tor Browser release is currently being signed, and will be published soon, probably today.
Is this why the downloads…
Is this why the downloads pages aren't working?
No, thanks for reporting the…
No, thanks for reporting the issue with the website. It is now fixed.
Hi. i download 9.0.4 from…
Hi. i download 9.0.4 from other blog , its from your server , but on your offical website 9.0.3 is lastest version
its true? its offical version? its for everybody?
The version 9.0.4 on dist…
The version 9.0.4 currently on dist.torproject.org is the official version, however it is missing the signature. We uploaded it to speed up the final upload.
Hello, I rarely use Tor, but…
Hello,
I rarely use Tor, but today I opened it to try to access a pirate bay proxy.
It updated automatically, but right now it seems I cannot access the internet through a regular browser (neither chrome nor firefox works). Tor opens regular webpages as normal.
What might be the problem, and how should I fix it?
Thank you for your assistance.
this guess is probably…
my guess here is probably useless, but ....
Are there proxy settings for the regular chrome and firefox?
I'd expect this is not the problem, if only because chrome uses the os (windows.. inetcpl.cpl?) proxy setting, while firefox has its own proxy setting in preferences.
Yet *both* browsers aren't connecting correctly.
Why not in f-droid yet?
Why not in f-droid yet?
@boklm Yes, @gk did plan to…
@boklm
Yes, @gk did plan to release it. You can find that info here.
Don't you think this has taken more than enough time already to be addressed?
To release what?
To release what?
I'd guess that "release"…
I'd guess that "release" refers to 9.0.4 a few comments above
boklm Sorry, I was talking…
boklm
Sorry, I was talking about this.
The ticket is still open …
The ticket is still open (https://trac.torproject.org/projects/tor/ticket/28786), so this means it has not been done yet, but it is still planned to do it as some point, although we have other things which are higher priority, so there is no promise about when it will be done. Probably this will be done after the switch to fenix to avoid doing it twice.
Of course if anyone wants to help get that done faster, patches are welcome.
Still hoping for word on…
Still hoping for word on efficacy of Tor browser to be used in DDOS attacks :)
I don't understand what you…
I don't understand what you mean. What is the question?
@boklmThis.
@boklm
This.
You can follow any progress…
You can follow any progress on this ticket: https://trac.torproject.org/projects/tor/ticket/28786
In android there is a…
In android there is a problem with cookies.
If you have disabled them and after leave the browser, the next time you enter the browser they are enabled, even if they seem to be disabled.
To disable them, you should enable and after disable them.
Can you bring the old…
Can you bring the old homepage back? It looked cool
Just FYI, even though it isn…
Just FYI, even though it isn't the homepage now, the old one can still be accessed at https://2019.www.torproject.org/
I am on Android. Do you…
I am on Android. Do you recommend using i.e the new quad9 connect app? I am on it now i.e.
I think I read about using quad9 for dns query and resolving (servers) as ok but not cloudflare for tor exit servers!
https://www.fastcompany.com…
https://www.fastcompany.com/90450626/firefox-attacks-homeland-security-…
Firefox 72.0.1 build?
This is fixed with Tor…
This is fixed with Tor Browser 9.0.4:
https://blog.torproject.org/new-release-tor-browser-904
tor browser 9.0.3/4 for…
tor browser 9.0.3/4 for android (aarch64) leaks locale again on tablet running android7. on smartphone running android8 everything's fine
Hi! Can you describe how you…
Hi! Can you describe how you found this leak? There is a known leak in the HTTP header: https://trac.torproject.org/projects/tor/ticket/30605
Did you find a different leak? Thanks.
Hey trying to sign up for…
Hey trying to sign up for new Facebook account but just keeps coming up with "There was an error with your registration. Please try registering again." error...
Using Protonmail. Any suggestions?
Thanks!
i agree to this
i agree to this
Ahhh bad. Everything has…
Ahhh bad. Everything has been leaked. Is necessary a split tunneling on a vpn ? Lol . Where is gone anonymity. No setup in tor browser android. Like was on orbot. I tested on :browserleak : which has showed everything else model of phone. No cookie no js . Ipv6. Till adresse and city of server is a nsa joke? Tried last orbot same . So I consider again old orbot around version 1.5.1 and so on till 1.6.3 and tor browser android first release. Goodday
What is leaked exactly? Do…
What is leaked exactly? Do you have more details about the issue?