New Release: Tor Browser 9.5.4
Tor Browser 9.5.4 is now available from the Tor Browser download page and also from our distribution directory.
This version is expected to be the final version of the Tor Browser 9.5 series. Watch for Tor Browser 10.0 near the end of September.
This release updates Firefox to 68.12.0esr, NoScript to 11.0.38, and HTTPS Everywhere to 2020.08.13.
Also, this release features important security updates to Firefox.
Note: The Tor Browser OpenPGP signing key was recently updated. Be sure you have the updated version when verifying the OpenPGP signatures
The full changelog since Tor Browser 9.5.3 is:
Comments
Please note that the comment area below has been archived.
When is it expected to…
When is it expected to upgrade to 78ESR?
On 22 September (we are…
On 22 September (we are currently testing this on the alpha series).
NoScript Why are the…
NoScript Why are the default boxes in NS ticked? The first thing I do is to go into default and delete the ticks leaving the option blank with the exception of the first otherwise the web pages do not work. There is probably a simple answer which I do not know as I am not a technician
cheers
PS for those who read my unanswered question in the 9.5.3 update FF v80 is working outside TOR when V79 did not work for me
cheers again
The default options of…
The default options of NoScript change when you change your security level in the shield icon. Do not change the options through NoScript's interface unless you accept that it will make your traffic look less like other users and more trackable. The "first tick", widely called a checkbox, allows JavaScript and is ticked by default when you change your security level to Standard or Safer. Change your security level rather than changing NoScript.
Since long ago, Tor Browser hides NoScript's icon in fresh installations because it was the source of many problems including that novice users were unwittingly making themselves less anonymous and that NoScript is very complicated at first to use. Its icon can be dragged onto the toolbar by selecting "Customize..." in the main menu or right-click menu on the toolbar.
I can't update my TOR it…
I can't update my TOR it says: "you cannot perform further updates"
Which operating system are…
Which operating system are you using and which version is it?
TOR 9.5.3 - win 7 32b
TOR 9.5.3 - win 7 32b
When will Tor allow us to…
When will Tor allow us to edit our "OS strings" before this was possible to do by going straight into the "about:config" settings and editing the strings so our operating system and version info would not show. This is a privacy and security risk and has been for awhile now and still nothing has been done about it?
It is not a privacy risk,…
It is not a privacy risk, your computer is in the same bucket as every other user with the same operating system. The security argument is very minimal - yes, you can lie and maybe you will be sent a vulnerability exploit for another OS (or arch), but this likely makes you unique among all Tor Browser users.
What happened to my comment?…
What happened to my comment? I'll try again. Don't censor me please, after your long delay verifying. You're 'unique' as soon as you log into a service, etc anyway. Many Tor users use add-ons and about:config tweaks such as https://github.com/ghacksuserjs/ghacks-user.js/blob/master/user.js anyway. It would be better if the browser didn't require so many changes to work securely. You have 'safest' mode without javascript, yet it's not the default and of course nothing works properly without javascript.
What happened to…
What happened to rqef5a5mebgq46y5.onion as a mirror for the https://dist.torproject.org/ server? It is not anymore listed on https://onion.torproject.org/
This happened after 9.5.3 release. I did not know until my custom download/local distribution script broke for Tor Browser 9.5.4. Thanx.
The attempt to create human…
The attempt to create human readable addresses by partly centralizing the service is just a slippery slope towards the status-quo of the clearnet.
How about just integrating eschalot into Tor Browser's home page? When someone opens the browser they might get an option to generate an address like so...
fledarmyusertvmu.onion
wifefeelkillwovk.onion
ladyfirehikehs66.onion
woodcubabitenem2.onion
MORE INFO HERE - https://security.stackexchange.com/questions/29772/how-do-you-get-a-spe…
There are ways to easily deal with this problem that do not require centralized authorities.
Yes, thank you.
Yes, thank you.
Hello. Sorry, I think I lost…
Hello. Sorry, I think I lost my comment here. I'll try again. I installed TBB 9.5.4 and had the same problem that I did with TBB 9.5.3. That is: "The bookmarks and history system will not be functional because one of Firefox's files is in use by another application. Some security software can cause this problem.". Bookmarks and history were not present. The same fix worked for TBB 9.5.4 as it did for TBB 9.5.3. I deleted the browser folder, disabled my antivirus and reinstalled TBB 9.5.4. All was well with the new installation, antivirus was re-enabled and no more problems were found. Thanks for the new TBB.
It would help if you link to…
It would help if you link to your original comment. I assume this is it.
https://blog.torproject.org/comment/288886#comment-288886
> disabled my antivirus
Yes, someone else reported that disabling their virus scanner resolved the problem for them, too.
https://blog.torproject.org/comment/288901#comment-288901
Other people quoted the error message but apparently didn't read it, didn't understand it, or didn't follow through with disabling their security software as it implied.
https://blog.torproject.org/comment/288854#comment-288854
https://blog.torproject.org/comment/288912#comment-288912
https://blog.torproject.org/comment/288914#comment-288914
Oddly, Mozilla's support page for the error doesn't suggest doing what the error itself implies. Namely, disable security software.
https://support.mozilla.org/en-US/kb/fix-bookmarks-and-history-will-not…
But the problem continued for you in 9.5.4, so this Tor blog post needs a note added to it.
After the update, I can't…
After the update, I can't download anything. The browser crashes after selecting Save File.
Hi I love Tor but ever since…
Hi, Tor is great but ever since updating I can't enable javascript with NoScript. I try to click the button in NoScript that says "Override Tor Browsers Security slider level preset", but there's nothing that works. I tried to use NoScript on a colleague's machine with different OS but the same happens.
Please fix.
Read starting from …
Read starting from "Javascript always..." here: https://blog.torproject.org/comment/289425#comment-289425
When i try to download 32bit…
When i try to download 32bit Windows version i got this:
ESET Internet Security
Threat removed
A threat (Suspicious) was found when Firefox tried to access a website (dist.torproject.org).
The access has been blocked.
Windows 64bit version is OK to download. What's the problem with 32 bit version?
It could be a false positive…
It could be a false positive. 32-bit anything are not popular downloads, so they are reviewed less in virus signature databases than 64-bit programs. Add Tor Browser's firefox in your antivirus whitelist, and use GPG to verify the PGP signature of the 32-bit exe installer.
https://support.torproject.org/tbb/antivirus-false-positive/
Hi Team, When I select …
Hi Team,
When I select "Temp. TRUSTED" in NoScript extension, the page reloads as expected, but the Javascript for the page doesn't work. I've tried multiple things. There's a little checkbox to tell Tor to override settings but that isn't working either. Maybe I am I doing something wrong? Or is this normal? I want to be able to continue to block Cloudflare, Google, Amazon, Facebook and Microsoft from loading scripts, as well as others that serve little use.
Isn't this fair and simple use of NoScript a good thing for privacy, especially if it reduces the tor traffic that might be used to track or identify me?
> When I select "Temp…
> When I select "Temp. TRUSTED" in NoScript, the Javascript for the page doesn't work
https://blog.torproject.org/comment/289453#comment-289453
And on the download page for Tor Browser, under the 4 operating systems, is a note that says, "Disabling Javascript: Please read the latest blog post for more information."
> checkbox to tell Tor to override settings
Developers should rewrite that checkbox to say "(dangerous)" like it says on the checkbox to "Disable restrictions globally" in NoScript's general options. Your comment is the 3rd I've seen talking about overriding settings. Set your security level to "safer" or "standard" instead.
> I want to be able to continue to block Cloudflare, Google, Amazon, Facebook and Microsoft from loading scripts, as well as others that serve little use. Isn't this fair and simple use of NoScript a good thing for privacy, especially if it reduces the tor traffic that might be used to track or identify me?
No. Customizing NoScript makes your traffic patterns distinguishable, trackable, and stand out from other Tor Browser users. Anonymity loves company because a group camouflages one another. To reset your browser fingerprint, change your security setting to reset NoScript, and use "New Identity" or restart the browser. Trackers will obviously identify you if you give out personal information in a session or if you log in to an account associated to your real identity or an account you logged into from a normal non-Tor browser.
https://2019.www.torproject.org/docs/faq.html.en#TBBJavaScriptEnabled
https://support.torproject.org/faq/staying-anonymous/
https://support.torproject.org/about/no-data-scrubbing/
https://tb-manual.torproject.org/secure-connections/
https://blog.torproject.org/browser-fingerprinting-introduction-and-cha…
https://blog.torproject.org/noscript-temporarily-disabled-tor-browser
When I go to the Tor…
When I go to the Tor download page for android it downloads the 9.5.3 apk and not the 9.5.4 apk.
Please fix this.
It looks like they fixed it…
It looks like they fixed it. Thanks.
Can you please put a short…
Can you please put a short version of the signing key on the site for download? There's like a bajillion signatures on it and my phone has been importing for 20 minutes now...
It has been on the site a…
It has been on the site a long time. Read this question in the support FAQ. For related information, read this thread, and starting from "The keyring-bombing problem..." in this comment.
I am running the latest…
I am running the latest version of Whonix. The TOR autoupdate from 9.5.3 to 9.5.4 resulted in my logins.json becoming logins.json.corrupted and I lost all of my logins and passwords. Lucky I have a backup of some....
This was not a good experience :D
Making the browser…
Prioritizing onion sites is a real pain in the ass when someone wants to share links.
NoScript auto-updated today,…
NoScript auto-updated today, September 7, and interrupted my traffic. Please show a notice mark or a confirmation now/wait before it updates if its permissions are customised and will be suddenly reset in the middle of an identity session.
Another thing, the lines of per-site permissions in the icon were not showing after it updated unless I moved my cursor over them. After I restarted tor browser, the lines showed all at once properly. They may have done so if I had started a new identity which I didn't try. Linux 64-bit.
If you clear history on…
If you clear history on android bookmarks are not deleted.
Hello Ive just installed…
Hello
Ive just installed this version on Android.
Id like to know how to edit the torcc file.
Ive already been through several websites, unfortunately didnt any efficient way to do this.
Thanks for your help.
Hello, editing the torrc…
Hello, editing the torrc file on Android is not possible at this time.
BONJOUR lorsque l on …
BONJOUR lorsque l on utilise ' tor ' on est """ soit disant "" non repérable
ce qui n est pas exact
je vais sur un site (coco.fr ) et suis identifié de suite , ,,, ? ¨
je tenais avous le faire savoir
Can you provide more details?
Can you provide more details?