New Release: Tor Browser 9.0a4
Tor Browser 9.0a4 is now available from the Tor Browser Alpha download page and also from our distribution directory.
Note: this is an alpha release, an experimental version for users who want to help us test new features. For everyone else, we recommend downloading the latest stable release instead.
This release features important security updates to Firefox.
Tor Browser 9.0a4 contains updates to a number of bundle parts, most importantly Firefox (60.8.0esr) and Tor (0.4.1.3-alpha).
In our ongoing efforts to reach more users with Tor Browser, we include native Macedonian bundles for the first time and ship Tor Browser for the aarch64 architecture on mobile (note: the aarch64 build is not currently available on Google Play. You can however download it from our distribution directory, along with its signature). Additionally, we have implemented fixes for accessibility support on Windows systems (big thanks to Richard Pospesel for the hard work here), which now deserve a wider testing. Finally, letterboxing is now being enabled by default. Please give it a try if you can, so we can iron out bugs before we ship it to all users starting with Tor Browser 9.
Similarly to the stable series we include a fundraising banner to help us getting more donations. Please donate if you can!
The full changelog since Tor Browser 9.0a3 is:
- All platforms
- Windows + OS X + Linux
- Windows
- OS X
- Bug 30631: Blurry Tor Browser icon on macOS app switcher
- Android
- Bug 28119: Tor Browser for aarch64
Comments
Please note that the comment area below has been archived.
Donation banner hides "Tor…
Donation banner hides "Tor Browser 9.0a4 View Changelog"
Indeed. I guess we should…
Indeed. I guess we should take that for future banners into account, thanks. I added a respective comment to https://trac.torproject.org/projects/tor/ticket/30783.
how do I access the dark web
how do I access the dark web
First I wanna say THANK YOU…
First I wanna say THANK YOU for all your work!! :-))
After updating my Browser to 9.0a4 (Linux 64) I notized this annoying white border around the browser window and changed it by setting "privacy.resistFingerprinting.letterboxing" (via about:config) to false.
Yes, it is planned to ship…
Yes, it is planned to ship this on by default to provide a solution to the problem of fingerprinting you by your screen dimensions. Do you have some ideas on how we could make letterboxing better so you would not disable it?
Dislike of white border…
Dislike of white border sounds like dislike of changes to "View Image" background color.
There is not a preference to set the colour in the UI or
about:config
. To view the current colour, view the background's CSS. Right-click on an image (such as the Tor logo on this page), View Image, right-click on the grey background, Inspect Element, click<body>
and look at the Rules tab to the right. Then, click<img ...>
and look at the Rules tab again.Go to, also, Mozilla Bug 1407366 for letterboxing, and "Find in this page" (Ctrl+F) the text, "color". Btw, displaying a tooltip when the mouse is hovered on the margin area was a good idea. Unfortunately, tooltips don't display on touchscreens.
I havent taken a look at the…
I havent taken a look at the alpha yet, but I'd imagine that a user should never see the letter box if they're in windows mode at the default resolution (as the browser should automatically be sized to the letterbox).
If they've gone full screen, the browser should disable letterboxing as the user does not cre about their screen resoltuoon being tracked (hence ignoring the existing warning at the top).
If the user resizes their window to a nonstandard size, a warning similar to the one when you go full screen explaining what the white boxes are (with a simple option to disable it) would be ideal.
This may be how it's implemented currently and I'm not contributing anything worthwhile, but this would be my ideal UX :)
Well, right now we just have…
Well, right now we just have white margins in case any resizing/maximizing/fullscreening is happening. Thanks for the feedback!
> If they've gone full…
> If they've gone full screen, the browser should disable letterboxing as the user does not care about their screen resolution being tracked (hence ignoring the existing warning at the top).
Disagreed. The user may care. They may fullscreen or maximize the window by habit or accident. Display an explanation, learn more link (containing how to disable it, so they have to actually read the Learn More page), and OK/x to close the message. Stop warning after a number of times by adding a preference like the current
extensions.torbutton.maximize_warnings_remaining
.> If the user resizes their window to a nonstandard size, a warning similar to the one when you go full screen explaining what the white boxes are (with a simple option to disable it) would be ideal.
Agreed except that the option to disable it shouldn't be on the warning itself because it's a major privacy feature, and the preference is intentionally not easy to access, buried in advanced
about:config
. What Iwould
like to see on the message/warning is a button that resizes the window back to the default size. I've wanted one for years. It's painful to start a new identity because of simply dragging a border.I too had the same initial…
I too had the same initial reaction but then I realized it was probably for a good privacy reason.
In answer to your question though, maybe the white border is too thick? All that extra white space round the edges can be off putting. It doesn't bother me personally but with laptop and cell phone makers trying to increase screen space to the n-th degree, TOR Browser comes along and does the opposite. Might make older people feel like they're back in the 90s, when they're trying desperately to keep up with the youth of today. Wonder if that's just a male inadequacy type of response thing? Y'know, like those who by circumstance are forced to drive family cars and hate teens for having spoilers on their cars, 'cause secretly that's what they want to be doing.
Also, I don't know how many people have been caught doing something they shouldn't be, simply because of the size of their screen. Have you got any real world examples? This might help persuade those who want to turn it off. It's a trade off then: if more screen, then will take the small risk (if there even is one) for my personal attack vector.
> a male inadequacy type of…
> a male inadequacy type of response thing?
You mean FOMO? (and affecting all genders and ages) Facebook and social media in general gorge on that emotion.
> Have you got any real world examples?
Visit any browser fingerprinting check website. Unique window dimension numbers (1234 x 567) make you stand out as you browse and become tagged by tracking algorithms. It's worse if you set the same customized size in every browsing session.
Improve letterboxing: add a …
Improve letterboxing: add a 'dark mode' to fill the white background with black to reduce contrast/accommodate for those who prefer darker backgrounds. Thanks for considering. (maybe even a simple pallet of colors to choose from...)
You go out of your way to…
You go out of your way to find a browser for privacy and go so far as to install an alpha version of it, but then you dig through advanced preferences hidden on the UI to disable something explicitly named "privacy.resistFingerprinting..." for aesthetic reasons? Seriously?
"... so you don't have to…
"... so you don't have to disable it"
Nope, sorry Sir. I'm just a dumb user (mariner).
Greetings from Sweden :-)
Thanks for the tip. I…
Thanks for the tip. I thought the build was broken when I got that annoying white border inside of the window
>Tor Browser 9.0a4 contains…
>Tor Browser 9.0a4 contains updates to a number of bundle parts, most importantly Firefox (60.8.0esr) and Tor (0.4.1.3-alpha).
*bundled
Donation banner. What the…
Donation banner. What the hell is that triangle thing under the onion supposed to be? I'm stumped. The onion has stick figure feet? Smoke rising from ashtrays? Masonic symbolism??? Whoever makes your recent images isn't very good at it....
I run Ubuntu and have…
I run Ubuntu and have followed the small guides from https://www.torproject.org/ but Tor still doesn't run properly.
On console, "$ torbrowser-launcher" returns "Not all keys were imported successfully!".
It then outputs "Refreshing local keyring..." and freezes.
BUT, if I open HTOP and kill /usr/bin/tor, then Tor launches immediately and automatically through my previously mentionned console and outputs : "Launching './Browser/start-tor-browser --detach'..."
>My question therefor is : what happens when this is going on ; in particular, does this remove the anonimity features of Tor ?
Also, could I possibly launch Tor more conviniently, without having to kill a random software ?
Thanks for reading and considering an answer. ;)
I guess that could be what…
I guess that could be what others said about a GPG key bug.
https://blog.torproject.org/comment/283074#comment-283074
https://blog.torproject.org/comment/282998#comment-282998
https://blog.torproject.org/comment/282445#comment-282445
>Bug 31059: Enable…
>Bug 31059: Enable Letterboxing
Maximize the browser window and back. Then see what's happening.
I did, looks good for me…
I did, looks good for me. What's happening for you?
Maximizing warning. And it…
Maximizing warning. And it cropped the default height when returned from maximizing.
s/macedonian/Macedonian s…
s/macedonian/Macedonian
s/Additionaly/Additionally
s/Similarly to the stable series/Similarly to the stable series,
s/to help us getting/to help us get
https://languagetool.org/
Tor(+meek) is experiencing…
Tor(+meek) is experiencing the following problem, the geo location is China and I also tested it on version 8.5.4 and 8.0.2 and similar problem showed up. It seems the network status file was tampered!
7/11/19, 09:07:40.319 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
7/11/19, 09:07:46.989 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
7/11/19, 09:07:46.989 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
7/11/19, 09:07:46.989 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
7/11/19, 09:07:46.989 [NOTICE] Opening Socks listener on 127.0.0.1:9150
7/11/19, 09:07:46.989 [NOTICE] Opened Socks listener on 127.0.0.1:9150
7/11/19, 09:07:47.951 [WARN] Managed proxy at 'TorBrowser\Tor\PluggableTransports\terminateprocess-buffer.exe' reported: 2019/07/11 09:07:47 running firefox command ["C:\\Users\\alex\\Desktop\\Tor Browser\\Browser\\firefox.exe" "--invisible" "-no-remote" "-profile" "C:\\Users\\joe\\Desktop\\Tor Browser\\Browser\\TorBrowser\\Data\\Browser\\profile.meek-http-helper"]
7/11/19, 09:07:47.952 [WARN] Managed proxy at 'TorBrowser\Tor\PluggableTransports\terminateprocess-buffer.exe' reported: 2019/07/11 09:07:47 firefox started with pid 6352
7/11/19, 09:07:47.952 [WARN] Managed proxy at 'TorBrowser\Tor\PluggableTransports\terminateprocess-buffer.exe' reported: 2019/07/11 09:07:47 running meek-client command ["TorBrowser\\Tor\\PluggableTransports\\meek-client.exe" "--helper" "127.0.0.1:62510"]
7/11/19, 09:07:47.953 [WARN] Managed proxy at 'TorBrowser\Tor\PluggableTransports\terminateprocess-buffer.exe' reported: 2019/07/11 09:07:47 meek-client started with pid 7028
7/11/19, 09:07:47.954 [WARN] Managed proxy at 'TorBrowser\Tor\PluggableTransports\terminateprocess-buffer.exe' reported: 2019/07/11 09:07:47 using helper on 127.0.0.1:62510
7/11/19, 09:07:47.954 [WARN] Managed proxy at 'TorBrowser\Tor\PluggableTransports\terminateprocess-buffer.exe' reported: 2019/07/11 09:07:47 listening on 127.0.0.1:62511
7/11/19, 09:07:47.954 [NOTICE] Bootstrapped 1% (conn_pt): Connecting to pluggable transport
7/11/19, 09:07:47.957 [NOTICE] Bootstrapped 2% (conn_done_pt): Connected to pluggable transport
7/11/19, 09:07:47.957 [NOTICE] Bootstrapped 10% (conn_done): Connected to a relay
7/11/19, 09:07:57.191 [NOTICE] Bootstrapped 14% (handshake): Handshaking with a relay
7/11/19, 09:08:02.731 [NOTICE] Bootstrapped 15% (handshake_done): Handshake with a relay done
7/11/19, 09:08:02.733 [NOTICE] Bootstrapped 20% (onehop_create): Establishing an encrypted directory connection
7/11/19, 09:08:09.500 [NOTICE] Bootstrapped 25% (requesting_status): Asking for networkstatus consensus
7/11/19, 09:08:09.918 [NOTICE] Delaying directory fetches: No running bridges
7/11/19, 09:08:15.383 [NOTICE] Bootstrapped 30% (loading_status): Loading networkstatus consensus
7/11/19, 09:08:33.529 [WARN] Refusing to apply consensus diff because the base consensus doesn't match the digest as found in the consensus diff header.
7/11/19, 09:08:33.529 [WARN] Expected: 76E018869D8B463A6F60A8D9E8E212AFC7AC0F178B91E9FE00C48745A02C5866; found: BF36C88874750FE072CB06CA3DC52494BEEF53624BBCDD2F82B4323191A078D0
7/11/19, 09:08:33.529 [WARN] Could not apply consensus diff received from server '0.0.2.0:2'
7/11/19, 09:09:09.460 [WARN] Refusing to apply consensus diff because the base consensus doesn't match the digest as found in the consensus diff header.
7/11/19, 09:09:09.461 [WARN] Expected: 76E018869D8B463A6F60A8D9E8E212AFC7AC0F178B91E9FE00C48745A02C5866; found: BF36C88874750FE072CB06CA3DC52494BEEF53624BBCDD2F82B4323191A078D0
7/11/19, 09:09:09.461 [WARN] Could not apply consensus diff received from server '0.0.2.0:2'
7/11/19, 09:09:09.461 [WARN] Refusing to apply consensus diff because the base consensus doesn't match the digest as found in the consensus diff header.
7/11/19, 09:09:09.461 [WARN] Expected: 76E018869D8B463A6F60A8D9E8E212AFC7AC0F178B91E9FE00C48745A02C5866; found: BF36C88874750FE072CB06CA3DC52494BEEF53624BBCDD2F82B4323191A078D0
7/11/19, 09:09:09.461 [WARN] Could not apply consensus diff received from server '0.0.2.0:2'
7/11/19, 09:09:38.240 [WARN] Refusing to apply consensus diff because the base consensus doesn't match the digest as found in the consensus diff header.
7/11/19, 09:09:38.240 [WARN] Expected: 76E018869D8B463A6F60A8D9E8E212AFC7AC0F178B91E9FE00C48745A02C5866; found: BF36C88874750FE072CB06CA3DC52494BEEF53624BBCDD2F82B4323191A078D0
7/11/19, 09:09:38.241 [WARN] Could not apply consensus diff received from server '0.0.2.0:2'
7/11/19, 09:09:38.730 [WARN] Refusing to apply consensus diff because the base consensus doesn't match the digest as found in the consensus diff header.
7/11/19, 09:09:38.732 [WARN] Expected: 76E018869D8B463A6F60A8D9E8E212AFC7AC0F178B91E9FE00C48745A02C5866; found: BF36C88874750FE072CB06CA3DC52494BEEF53624BBCDD2F82B4323191A078D0
7/11/19, 09:09:38.732 [WARN] Could not apply consensus diff received from server '0.0.2.0:2'
7/11/19, 09:10:11.889 [WARN] Refusing to apply consensus diff because the base consensus doesn't match the digest as found in the consensus diff header.
7/11/19, 09:10:11.889 [WARN] Expected: 76E018869D8B463A6F60A8D9E8E212AFC7AC0F178B91E9FE00C48745A02C5866; found: BF36C88874750FE072CB06CA3DC52494BEEF53624BBCDD2F82B4323191A078D0
7/11/19, 09:10:11.889 [WARN] Could not apply consensus diff received from server '0.0.2.0:2'
7/11/19, 09:10:12.389 [WARN] Refusing to apply consensus diff because the base consensus doesn't match the digest as found in the consensus diff header.
7/11/19, 09:10:12.390 [WARN] Expected: 76E018869D8B463A6F60A8D9E8E212AFC7AC0F178B91E9FE00C48745A02C5866; found: BF36C88874750FE072CB06CA3DC52494BEEF53624BBCDD2F82B4323191A078D0
7/11/19, 09:10:12.390 [WARN] Could not apply consensus diff received from server '0.0.2.0:2'
7/11/19, 09:10:39.942 [WARN] Refusing to apply consensus diff because the base consensus doesn't match the digest as found in the consensus diff header.
7/11/19, 09:10:39.942 [WARN] Expected: 76E018869D8B463A6F60A8D9E8E212AFC7AC0F178B91E9FE00C48745A02C5866; found: BF36C88874750FE072CB06CA3DC52494BEEF53624BBCDD2F82B4323191A078D0
7/11/19, 09:10:39.942 [WARN] Could not apply consensus diff received from server '0.0.2.0:2'
7/11/19, 09:10:39.942 [WARN] Refusing to apply consensus diff because the base consensus doesn't match the digest as found in the consensus diff header.
7/11/19, 09:10:39.942 [WARN] Expected: 76E018869D8B463A6F60A8D9E8E212AFC7AC0F178B91E9FE00C48745A02C5866; found: BF36C88874750FE072CB06CA3DC52494BEEF53624BBCDD2F82B4323191A078D0
7/11/19, 09:10:39.942 [WARN] Could not apply consensus diff received from server '0.0.2.0:2'
7/11/19, 09:11:07.939 [WARN] Refusing to apply consensus diff because the base consensus doesn't match the digest as found in the consensus diff header.
7/11/19, 09:11:07.940 [WARN] Expected: 76E018869D8B463A6F60A8D9E8E212AFC7AC0F178B91E9FE00C48745A02C5866; found: BF36C88874750FE072CB06CA3DC52494BEEF53624BBCDD2F82B4323191A078D0
7/11/19, 09:11:07.940 [WARN] Could not apply consensus diff received from server '0.0.2.0:2'
7/11/19, 09:11:08.459 [WARN] Refusing to apply consensus diff because the base consensus doesn't match the digest as found in the consensus diff header.
7/11/19, 09:11:08.459 [WARN] Expected: 76E018869D8B463A6F60A8D9E8E212AFC7AC0F178B91E9FE00C48745A02C5866; found: BF36C88874750FE072CB06CA3DC52494BEEF53624BBCDD2F82B4323191A078D0
7/11/19, 09:11:08.459 [WARN] Could not apply consensus diff received from server '0.0.2.0:2'
7/11/19, 09:11:29.281 [WARN] Refusing to apply consensus diff because the base consensus doesn't match the digest as found in the consensus diff header.
7/11/19, 09:11:29.281 [WARN] Expected: 76E018869D8B463A6F60A8D9E8E212AFC7AC0F178B91E9FE00C48745A02C5866; found: BF36C88874750FE072CB06CA3DC52494BEEF53624BBCDD2F82B4323191A078D0
7/11/19, 09:11:29.281 [WARN] Could not apply consensus diff received from server '0.0.2.0:2'
7/11/19, 09:12:02.446 [WARN] Refusing to apply consensus diff because the base consensus doesn't match the digest as found in the consensus diff header.
7/11/19, 09:12:02.446 [WARN] Expected: 76E018869D8B463A6F60A8D9E8E212AFC7AC0F178B91E9FE00C48745A02C5866; found: BF36C88874750FE072CB06CA3DC52494BEEF53624BBCDD2F82B4323191A078D0
7/11/19, 09:12:02.446 [WARN] Could not apply consensus diff received from server '0.0.2.0:2'
7/11/19, 09:12:02.447 [WARN] Refusing to apply consensus diff because the base consensus doesn't match the digest as found in the consensus diff header.
7/11/19, 09:12:02.447 [WARN] Expected: 76E018869D8B463A6F60A8D9E8E212AFC7AC0F178B91E9FE00C48745A02C5866; found: BF36C88874750FE072CB06CA3DC52494BEEF53624BBCDD2F82B4323191A078D0
7/11/19, 09:12:02.447 [WARN] Could not apply consensus diff received from server '0.0.2.0:2'
Thanks for the bug report…
Thanks for the bug report. This is https://trac.torproject.org/projects/tor/ticket/31149.
This is the message I got…
This is the message I got when going to youtube without signing in because google was taking forever and will not sign me in...I am using the updated tor 9.0.a4
Our systems have detected unusual traffic from your computer network. Please try your request again later. Why did this happen?
This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the Terms of Service. The block will expire shortly after those requests stop.
This traffic may have been sent by malicious software, a browser plug-in, or a script that sends automated requests. If you share your network connection, ask your administrator for help — a different computer using the same IP address may be responsible. Learn more
Sometimes you may see this page if you are using advanced terms that robots are known to use, or sending requests very quickly.
Tor Project Support FAQ: A…
Tor Project Support FAQ:
Old General FAQ:
Tor Bug Tracker & Wiki:
Is their a bug ? Tor Browser…
Is their a bug ?
Tor Browser 8.5.4 updated July 9 2019
Every time i visit ' YouTube ' In the address bar, i have grey lock with an orange triangle. Mixed content is not blocked not secure. I have to reload each page to have HTTPS Green Secure Connection. Before this latest update, their was always a green lock for a fully secure page. I never had to keep reloading the same page.
Could you give me steps to…
Could you give me steps to reproduce your problem starting from a clean, new Tor Browser 8.5.4? On which operating system are you on? Do you have modified Tor Browser in any way?
There is an unwanted…
There is an unwanted whitespace (border or frame) in the tab viewing area that surrounds all the pages. Get rid of it!
https://www.zdnet.com…
https://www.zdnet.com/article/firefox-to-add-tor-browser-anti-fingerpri…
Latest update to TOR Browser…
Latest update to TOR Browser breaks or blocks .onion version of pirate bay. I started up TOR Browser this morning, and went to http://uj3wazyk5u4hnvtk.onion/. I surfed through a couple of pages before I noticed the “blinking” onion warning me that there was an update. I clicked it and clicked check for updates and then restarted my computer.
When I restarted TOR Browser, I saw a popup stating that the updates were being applied (update to 9.0a4). When it finally started, I tried to go back to http://uj3wazyk5u4hnvtk.onion/ and this time I get the message that “The connection has timed out.” I checked another .onion site, https://3g2upl4pq6kufc4m.onion/ (which is the duckduckgo search engine) and it is working fine.
My guess is that TOR Browser is now actively blocking TPB’s onion site since it was working just prior to the update and has not worked since then.
If this is true, (and I hope I'm wrong) I have to say I don't think Tor should be in the business of censorship in any way shape or fashion. It goes against everything that I thought Tor stood for - namely freedom of expression in the face of censorship.
If I'm wrong, then I apologize, but it's very suspicious at the very least and someone who knows the inner workings of Tor should look into it to keep its reputation intact.
There is no Pirate Bay…
There is no Pirate Bay blocking by Tor Browser. No need to apologize, I guess the onion service just was or still is offline.
The sites are up for me on…
The sites are up for me on TBB 8.5.4. Must've been the site was down. Some onions often go offline or throttle traffic or become victims of DoS or something. TBB restricts features not domains although exit nodes can, but onion traffic doesn't exit the network.
hello Tor project is the…
hello
Tor project is the best
i wanna report a problem
when you remove " obfs3 " in new update, i have a real problem in loading pages!
" obfs3 " were so fast , and obfs4 is so secure(but slow)
let any body to choice what kind of condition is required
please give back "obfs3"
obfs3 is no longer…
obfs3 is no longer recommended because, most of all, it doesn't resist active probing:
"The basic obfs3 protocol is completely vulnerable to active probing, as the client has zero requirements to prove that it knows that the server accepts obfs3 connections. This approach is currently used by the Chinese state firewall to censor obfs3 Bridges, and anecdotal evidence suggests that the delayed probing results in connections to previously unknown obfs3 bridges being terminated after approximately 10 minutes."
thank you for all the work…
thank you for all the work you have put into this new version.. so far everything works great. no problems or anything.
i notice it starts up a lot faster and i dont get the log page . i'm not sure if this is good or bad..
i would like to see canvas data extraction and share scree blocked by default rather than always ask.. just makes me feel better i hate surprises and looking up and seeing a share screen icon is a surprise i don't really want ..
Thanks for the information.
Thanks for the information.
Hi. In new version: The site…
Hi. In new version: The site is not shown on the entire area of the browser window. There are empty spaces and unnecessary scroll. See an example.
How to disable it? I think this is probably VERY necessary protection( :) ), but I would prefer to turn it off. May I?
https://i110.fastpic.ru/big/2019/0713/d2/d092cec03bb23d87f278e705699334…
privacy.letterboxing.enabled…
privacy.letterboxing.enabled
in yourabout:config
is your friend. And, surely may you, it is your browser. :) (If not, then this would be a bug)hey when you go to show site…
hey when you go to show site information , show connection details, more information , and permissions icon open it up i'm not so happy with some of the default settings.. the extract canvas is set to (always ask) by default , and the (share screen) is the same . if you uncheck the default and check the (block) circle on both it just goes right back to default when you go to a different website. i would like those 2 settings to stay at block unless i want to use them.. i hate surprises.. the other thing tor won't run in a sandbox broke the sandbox everytime ..
great job guy really that is the only problem i have run across that could be considered a bug with 9.4..
Which sandbox tool are you…
Which sandbox tool are you using?
I'm using the latest version…
I'm using the latest version of TOR to log on to my Wordpress blog.
However, Wordpress recently recognizes my PC, rendering TOR completely transparent.
Previously, when I visited the blog without logging on, it was counted as a unique visit each time. But that is no longer the case.
How do I hide my ID from Wordpress again?
Between visits, close the…
Between visits, close the browser or click the onion icon -> New Identity (warning: closes tabs). You are experiencing a form of browser fingerprinting. When you close Tor Browser or start a New Identity, your cookies are removed, preferences by default are reset to default values, and tor creates a new circuit giving you a different public exit node IP address.
How do I know that I’m…
How do I know that I’m navigating on tor, the download says successful but how can I be sure?
You could network forensic…
You could network forensic tools like Wireshark and monitor your traffic to be extra sure.
I'm using Android There's no…
I'm using Android
There's no way to click a file and "save as" .
Also no way to see version or Tor with help/about, only gives Firefox info.
Other than those 2 things it works great. Thanks
Thanks! Yeah, we have two…
Thanks! Yeah, we have two bugs open for those issues but did not have time to fix them (not sure if your first item actually matches the first bug below, though):
https://trac.torproject.org/projects/tor/ticket/31013
https://trac.torproject.org/projects/tor/ticket/30943
a week ago suddenly I can't…
a week ago suddenly
I can't open site: http://nyaa.si via tor
Can you help me?
Not really. If the site…
Not really. If the site owner does not like Tor anymore they can easily block it. Please reach out to them to get this fixed. Thanks.
(Not op) I went to ask them…
(Not op) I went to ask them. Here's what they said. Tor Project, your outreach team should read it.
Wow, that's really sad to…
Wow, that's really sad to read. Sorry for that experience. I fear outreach won't help here much, though. :(
RED ALERT Tor Project's…
RED ALERT
Tor Project's certificate is poisoned.
https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f
For a specific example, take a look at the Tor Project signing key:
$ apt-key adv --recv-keys --keyserver keys.gnupg.net 886DDD89
gpg: requesting key 886DDD89 from hkp server keys.gnupg.net
gpg: packet(13) too large
gpg: read_block: read_error: invalid packet
gpg: Total number processed: 0
gpg: no valid OpenPGP data found.
This SKS keyserver poisoning is going to destroy the entire PGP system:
https://www.gentoo.org/news/2019/07/03/sks-key-poisoning.html
Impact of SKS keyserver poisoning on Gentoo (Jul 3, 2019)
The SKS keyserver network has been a victim of certificate poisoning attack lately. The OpenPGP verification used for repository syncing is protected against the attack. However, our users can be affected when using GnuPG directly. In this post, we would like to shortly summarize what the attack is, what we did to protect Gentoo against it and what can you do to protect your system.
Good key copies not poisoned…
Good key copies not poisoned:
0xEE8CBC9E886DDD89
0x4E2C6E8793298290
Is this why GET-TOR appears…
Is this why GET-TOR appears to have stopped working? You apparently can't get links for downloading TOR by email, at least if you use the CarNET web-mail.
Will Tor Project give users…
Will Tor Project give users any advice on how to verify future releases of Tor Browser without breaking their GPG keyring? See the posts by RJH and DKG at their blogs on the keyspamming attacks on themselves and on Tor Project.
Key from Torproject…
Key from Torproject/Torbrowser in the TAILS keyring would be a clever way for users interested in security?
Hi! What did you do with…
Hi!
What did you do with view of comments at this bolg? They become look ugly and unreadable.
(Tor Browser 8.5.4 Win7 32bit)
WTF???
We fixed Drupal security…
We fixed Drupal security issues which in turn messed with our blog layout. See: https://trac.torproject.org/projects/tor/ticket/31114.
beautiful
beautiful
Letterboxing is random size…
Letterboxing is random size per page load? It guess it should be, but it seems fixed?
Tor Browser has lately…
Tor Browser (8.5.4) has become unusable for me, because it crashes after a while and also crashes my entire system (no mouse or keyboard input possible anymore). My system is Arch Linux with XFCE. Never had this problem before, have been using Tor Browser for years.
Is that reproducible? If so,…
Is that reproducible? If so, what would be good steps for us to do so? Do the older Tor Browser versions that used to run on your system still run on the current one? (see: https://archive.torproject.org/tor-package-archive/torbrowser/ for older versions)
how to use tor browser
how to use tor browser
See: https://tb-manual…
See: https://tb-manual.torproject.org/ for our manual. Hope it helps.
The brige generator https:/…
The brige generator https://bridges.torproject.org/, does not generate any bridges for fte
Could be that no one is…
Could be that no one is currently running FTE bridges, hence there are none to actually give out.
Default Moat on default…
Default Moat on default Windows 10:
[07-23 04:57:10] TorLauncher WARN: meek client stderr: 2019/07/23 04:57:10 running firefox command ["C:\\Tor Browser\\Browser\\firefox.exe" "--invisible" "-no-remote" "-profile" "C:\\Tor Browser\\Browser\\TorBrowser\\Data\\Browser\\profile.moat-http-helper"]
[07-23 04:57:10] TorLauncher WARN: meek client stderr: 2019/07/23 04:57:10 firefox started with pid 14832
[07-23 04:57:12] TorLauncher WARN: meek client stderr: 2019/07/23 04:57:12 running meek-client command ["TorBrowser\\Tor\\PluggableTransports\\meek-client.exe" "--helper" "127.0.0.1:50861"]
[07-23 04:57:13] TorLauncher WARN: meek client stderr: 2019/07/23 04:57:13 meek-client started with pid 4896
[07-23 04:57:13] TorLauncher WARN: meek client stderr: 2019/07/23 04:57:13 using helper on 127.0.0.1:50861
[07-23 04:57:13] TorLauncher WARN: meek client stderr: 2019/07/23 04:57:13 listening on 127.0.0.1:50862
[07-23 04:57:20] TorLauncher WARN: meek client stderr: 2019/07/23 04:57:20 status code was 500, not 200; trying again after 30 seconds (9)
[07-23 04:57:50] TorLauncher WARN: meek client stderr: 2019/07/23 04:57:50 error reading from local: EOF
Moat is still unusable (Tor…
Moat is still unusable (Tor is broken):
Tor NOTICE: Switching to guard context "bridges" (was using "default")
Tor NOTICE: Delaying directory fetches: No running bridges
Tor WARN: Pluggable Transport process terminated with status code 0 [07-23 05:03:36] Torbutton NOTE: no SOCKS credentials found for current document.
Tor NOTICE: new bridge descriptor 'Unnamed' (fresh): $XXX~Unnamed at XX.XX.XX.XX
Tor NOTICE: Our directory information is no longer up-to-date enough to build circuits: We're missing descriptors for 1/2 of our primary entry guards (total microdescriptors: 6328/6328).
Tor WARN: Proxy Client: unable to connect to XX.XX.XX.XX:33189 ("general SOCKS server failure")
Tor WARN: Proxy Client: unable to connect to XX.XX.XX.X:40353 ("general SOCKS server failure")
[07-23 05:04:01] Torbutton NOTE: no SOCKS credentials found for current document.
Tor NOTICE: Application request when we haven't used client functionality lately. Optimistically trying known bridges again.
Moderators, please redact…
Moderators, please redact the bridge fingerprint (unhashed) and 3 IP addresses from the "Moat" comment. OP, please keep information that identifies a bridge except its hashed fingerprint a secret.
Hello! Our phones must stop…
Hello!
Our phones must stop being gadgets spying on us!
"Stealth mode" for mobile phones.
When this mode is activated, the phone does not receive or send any signals.
Police mode and all such things should be turned off.
This mode can also be added to smart watches, heart rate monitors, cars, etc.
And it will help sell new models of smartphones.
But I doubt that Apple and other IT-companies will stop cooperating with the state.
Most likely the stealth mode in their phones will be incomplete.
That poisoned keys are the…
That poisoned keys are the reason GET-TOR has stopped working? Apparently, gettor@torproject.org doesn't respond to e-mails from the CarNET web-mail (and it should, since I am not asking for bridges, but for download links).
"HELL YEAH" I'll say "THANK…
"HELL YEAH" I'll say "THANK YOU" better believe it, you guys pored heart, mind, soul, blood, sweat & tears,into this upgraded version of tor,,, it seems to be sportier model it fly's through the internet or, outernet (yeah i know "Inter" "enter") I digress, wear was I? OH!! "all the nets out there" super fast! Thank you very much & best wishes
Hello, since I have…
Hello,
since I have download the torbrowser on this site, I have two trojanes on my pc. Is it possible that the filous (agents/police), from france works secretly in your community and did this ?
C:\Users\Benutzername\Downloads\torbrowser-install-win64-8.5.3_de.exe: Win.Malware.Nymeria-6913499-0 FOUND
C:\Windows\System32\SearchIndexer.exe: [Win.Trojan.Agent-7015311-0] FALSE POSITIVE FOUND
Win.Malware.Nymeria-6913499…
Win.Malware.Nymeria-6913499-0 in torbrowser-install-win64-8.5.4_en-US.exe found!
NoScript detected a…
NoScript detected a potential Cross-Site Scripting attack
from https://www.comss.ru to https://disqus.com.
Suspicious data:
Error: Exceeded 20000ms timeout,(URL)
The tor-project is…
The tor-project is infiltrated by secret service agents! I found this malware here on site and my comment is not published!
C:\Users\Benutzername\Downloads\torbrowser-install-win64-8.5.3_de.exe: Win.Malware.Nymeria-6913499-0 FOUND
Each forum that does not publish the comments instantly, makes censorship because they works for ouer enemies!
Please calm down. There is…
Please calm down. There is no one censoring your posts here, just devs that are overloaded. That said: what you found is likely either a false positive of your antivirus program or some infection you got from somewhere else. Do you download the .exe files from our website and check that you actually got what you downloaded?
> Do you check that you…
> Do you check that you actually got what you downloaded?
Hard to do in the wake of certificate flooding. Your answer about false positives or third-party infection should be followed by "How can I verify Tor Browser's signature?" and substitute 0x4E2C6E8793298290 that isn't flooded. Then, reinstall the verified exe and "My antivirus or malware protection is blocking me from accessing Tor Browser."
When something wrong happens…
When something wrong happens with tor, it stalls loading tpo in Tor Browser and changes guard node after some time. But there's no reason to do that: tpo is ok, net is ok, guard is ok - https://metrics.torproject.org/rs.html#details/E37724D8AD87B149EAD2F3DF…
The only thing it logs to console is:
Tor NOTICE: We tried for 15 seconds to connect to '[scrubbed]' using exit $9C5AFD49AAE4E0272BAD780C6DD71CE1A36012A6~coffswifi4 at 82.223.14.245. Retrying on a new circuit.
which is a bad notice.
You said it changes the…
You said it changes the guard node, but your log says it changed the circuit and exit node. Tor is supposed to change exit nodes every 10 minutes if the circuit is idle. Tor is not supposed to change your guard node until months have passed. Are you sure the IP address of your guard node in the circuit display panel is changing?
Tor is still able to be…
Tor is still able to be fingerprinted according to https://www.nothingprivate.ml/
Why is this and is it getting fixed?
What result do you get? And…
What result do you get? And how can I reproduce that?
i try to disable torLauncher…
i try to disable proxy (orbot?) on launch brouser but it back it everytime after restart.
i dont have a root so i cant delete this pluguin in extensions folder. i want use it as general brouser but more "clear".
if devs read this, please fix this problem that we have possible to disable orbot with about:config and it not back into "1" after restart
What are you trying to do?…
What are you trying to do? There is no Orbot or Tor Launcher shipped with Tor Browser for Android. I guess you mean https://trac.torproject.org/projects/tor/ticket/28786?
A fresh install of Ubuntu is…
A fresh install of Ubuntu is unable to run Tor Browser from the repositories because of the SKS key poisoning attack. Don't you think the Tor team should have a blog post on this detailing an official work around? This is very bad.
Not sure what you mean are…
Not sure what you mean are you downloading Tor Browser from our website and you run into the problem? Or are you using
torbrowser-launcher
? The latter is not supported by the Tor Project.For the Debian/Ubuntu…
For the Debian/Ubuntu repository, follow these instructions. As it says, a minimal copy of the key is on deb.torproject.org.
Good copies:
0xEE8CBC9E886DDD89
0x4E2C6E8793298290
In alpha versions 9.a03 - 9…
In alpha versions 9.a03 - 9.a05 android there is a problem posing a threat!
Description of the problem:
I am going through authorization, logging in to the account, I am on the site, closing the page past the "exit" button; After closing the page, I clear the browser cache. I go back to the site, the following happens: I see that I am logging in to my account without authorization. This means that the browser cache is not completely cleared, which can in some cases pose a serious threat.
How are you clearing the…
How are you clearing the browser cache? What happens if you make sure Tor Browser is not running anymore on your device and restart it?
There is a option to enable…
There is a option to enable DNS over HTTPS and add DoH resolvers in Firefox 62 and later which seems to be not available in this Tor version though its based on Firefox 68.
First, Tor, tor, and Tor…
First, Tor, tor, and Tor Browser are all different things. Capital Tor is the network of volunteer relays. Lowercase tor is the small "expert" binary (exe) configured using a torrc file. The Tor Browser Bundle comes in a large installer containing tor and the Tor Browser based on Firefox ESR.
Second, "this Tor (Browser) version" is not "based on Firefox 68". The post you replied to says, "Update Firefox to 60.8.0esr".
Third, DoH is controversial. Understand it before enabling it.
Hi, it seems to crash on…
Hi, it seems to crash on MacOS catalina on start. Makes it a bit further than the stable 8.5.4 release and asks to reopen windows or not and crashes right after.
Process: firefox [1002]
Path: /Applications/Tor Browser.app/Contents/MacOS/firefox
Identifier: org.torproject.torbrowser
Version: 9.0a4 (6019.4.1)
Code Type: X86-64 (Native)
Parent Process: ??? [1]
Responsible: firefox [1002]
User ID: 501
Date/Time: 2019-08-12 19:46:59.798 -0400
OS Version: Mac OS X 10.15 (19A526h)
Report Version: 12
Bridge OS Version: 3.0 (14Y904)
Anonymous UUID: EC1D2359-242C-7D12-66A8-232AC60E0C2F
Time Awake Since Boot: 760 seconds
System Integrity Protection: enabled
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: EXC_I386_GPFLT
Exception Note: EXC_CORPSE_NOTIFY
Termination Signal: Segmentation fault: 11
Termination Reason: Namespace SIGNAL, Code 0xb
Terminating Process: exc handler [1002]
That's a macOS bug, see:…
That's a macOS bug, see: https://trac.torproject.org/projects/tor/ticket/31316. Should be fixed in the next macOS beta.
i cant find a.proper version…
i cant find a.proper version o TOR browser for my tablet running windows 8.1 32bit. What can i do
On the download page, the…
On the download page, the first installers you see in the purple circles are 64 bit. You need the 32 bit version. Under the circles, click "Download in another language or platform." On that page, find your language, and click "32-bit". If that doesn't help, reply with details of the problem.
For other help, read the Tor Browser User Manual, Support FAQ, old General FAQ, and old documentation overview.
Can anyone help me With…
Can anyone help me With joining?? ive been trying to get on all day and for some reason its not allowing it. ive downloaded a bunch of different browsers, all end up in the same result..
Tor Project controls the…
Tor Project controls the torproject.org domain. If you are trying to access another domain, ask the webmasters of that domain. Search for a service that checks if a site is down for everyone or if it's just you.
Hi tor, just letting you…
Hi tor, just letting you know that when I go to a local news site it won't allow me to access, it says that am from another country and gives a phone number to call locally..also one other website says too much traffic is coming from my pc when I use the tor browser.
The Tor network consists of…
The Tor network consists of relay servers operated by volunteer users around the world. Your local copy of tor chooses circuits through the network and exit relays that connect your traffic to the normal internet. When your traffic exits the network, it appears to come from the location of the exit node which can be in another country. To see your circuit for a site, click on the padlock or circled "i" icon in the address bar.
General FAQ:
Support FAQ:
I just got on Tor,…
I just got on Tor, downloaded the browser and all but i cant "browse." How do i actually use the browser?
What are you doing and what…
What are you doing and what exactly is happening?