New Release: Tor Browser 9.0a1
Tor Browser 9.0a1 is now available from the Tor Browser Alpha download page and also from our distribution directory.
Note: this is an alpha release, an experimental version for users who want to help us test new features. For everyone else, we recommend downloading the latest stable release instead.
This release features important security updates to Firefox.
Tor Browser 9.0a1 is the first release in the 9.0 alpha series. It contains all the improvements and fixes from the 8.5 release as well as other new features:
- Tor Launcher is getting tighter integrated into the browser as a preparation step for the switch to Firefox 68 ESR. That results in it not showing up anymore on the about:addons page while still being available (and we don't need to make a code-signing exception for it either anymore, which is nice). See the underlying proposal for this decision for full details.
- We backported Mozilla's Letterboxing feature which allows us to finally tackle the problem of not properly rounded screen dimensions in case users start to maximize or otherwise resize the browser window. Letterboxing is off by default for now, although we plan to enabled it in one of the upcoming alpha releases. If you want to check it out and report issues please add the
privacy.resistFingerprinting.letterboxingpreference on about:config and set it to
true. Many thanks to Tom Ritter and anyone else at Mozilla who has been working on that problem and designing the current approach.
The full changelog since Tor Browser 8.5a12 is:
- All platforms
- Update Firefox to 60.7.0esr
- Update Torbutton to 2.1.9
- Bug 30069: Use slider and about:tor localizations
- Bug 30115+27449+25145: Map browser + domain -> credentials to fix UI issues
- Bug 30171: Don't sync cookie.cookieBehavior and firstparty.isolate
- Bug 30425: Revert armagadd-on-2.0 changes
- Bug 30497: Add Donate link to about:tor
- Bug 30464: Add WebGL to safer descriptions
- Translations update
- Update HTTPS Everywhere to 2019.5.6.1
- Bug 24622: Proper first-party isolation of s3.amazonaws.com
- Bug 30425: Revert armagadd-on-2.0 changes
- Windows + OS X + Linux
- Update Tor Launcher to 0.2.19
- Bug 28044: Integrate Tor Launcher into tor-browser
- Bug 30372: Backport letterboxing (bug 1538130)
- Bug 28369: Stop shipping pingsender executable
- Bug 30457: Remove defunct default bridges
- Bug 29045: Ensure that tor does not start up in dormant mode
- Bug 29641: Try to connect over IPv6 if needed
- OS X
- Bug 30241: Bump snowflake version to d11e55aabe
- Bug 29982: Force single-pane UI on Tor Preferences
- Bug 30086: Prevent Sync-related crashes on Android
- Bug 30214: Kill background thread when Activity is null
- Bug 30239: Render Fragments after crash
- Bug 30136: Use 'Tor Browser' as brand name on mobile, too
- Bug 30069: Use slider and about:tor localizations
- Bug 30371: Stop hard-coding the content provider name in tor-android-service
- Bug 30162: Tor Browser bootstrap process got stuck after interrupting it
- Bug 30166: If specified, only use custom bridges for connecting
- Bug 30518: Add SocksPort flags for consistency across platforms
- Bug 30284: Fix broken start-up on KitKat devices
- Bug 30489: Remove Unused Resources from tor-android-service
- Build System
Please note that the comment area below has been archived.
So much work! Thank you so…
So much work! Thank you so much to the Tor Browser team + UX team (antonela o/) and also the hard working people at Mozilla (especially those contributing to antifingerprinting and 1stpartyisolation)!
I can't find privacy…
I can't find privacy.resistFingerprinting.letterboxing in about:config
You have to manually add it …
You have to manually add it (same with vanilla Firefox 67). Left click to add a new boolean value and set it to true.
You have to add a new …
You have to add a new (boolean) key and set it to true.
It's a hidden pref same as…
It's a hidden pref same as FF67
The "add" is key. To quote…
The "add" is key. To quote from the blog post, "… add the privacy.resistFingerprinting.letterboxing preference …". Try right click in the list, "new" and then "boolean".
Is it recommended that we…
Is it recommended that we enable this?
Why is it not enabled by default?
Because it is highly…
Because it is highly experimental at this stage. We plan to enable it by default in one of the next alpha releases provided no blockers have shown up by then.
Integrate Tor Launcher into…
I make I2p browser from Tor Browser. How me off Tor Launcher and Tor Button?
See the underyling proposal…
Letterboxing is now enabled…
Letterboxing is now enabled. Does it mean that we can finally browse in fullscreen mode with TBB?
It's not enabled by default…
It's not enabled by default yet (see blog post for instructions on how to do so) but, yes, it should give you some protections when running in fullscreen mode.
Yes, that's what I meant. So…
Yes, that's what I meant. So far so good. Finally, I do not even have the feeling that I am browsing anonymously :-) How can I report a problem if I discover it?
Ideally, you would file a…
Ideally, you would file a ticket in our bug tracker at https://trac.torproject.org/projects/tor. But there are a number of ways to reach us: https://trac.torproject.org/projects/tor/wiki/doc/community/HowToReport…. Just pick the one which is most comfortable for you. :)
Does this update fix the…
Does this update fix the ddos exploitation?Tor is unsafe until this is fixed. How could you tell people they are safe with this bug. You all should be ashamed . Please fix this problem NOW or discontinue tor
Entitled much? How about…
How about doing some basic reading on the issue before commenting?
You're commenting on a blog post about the Tor Browser release, but the issue needs to be fixed within Tor, so your comment is completely displaced here. So is your wording.
It's also not some trivial bug which can be fixed on the fly because you told so, solving this will need fundamental changes within the tor protocol itself, which naturally needs to take the possible consequences in account.
And yes, they're working on it. Parent ticket here: https://trac.torproject.org/projects/tor/ticket/29999
It's just annoying to have every single Tor Browser release announcement spammed with this shit - even more with that attitude dear..
I can't even download it.
I can't even download it. This Tor.
What happens in your case?
What happens in your case?
No one cares about these…
No one cares about these little fucking fixes. People are being Deanonomized by kid hackers in 10 minutes with little resource using tor . PLEASE STOP TELLING PEOPLE THEY ARE SAFE OR FIX THE FUCKING CRYPTO BUG that allow children to bring down government sites with ease? How can you even allow people to download this software
> People are being…
> People are being Deanonomized by kid hackers in 10 minutes with little resource
Letterboxing sounds like an…
Letterboxing sounds like an awesome feature.
Selfrando was a big news…
Selfrando was a big news. No hope for this protection on Linux?
We don't plan to move forward with Selfrando deployment as it is not much more work for a browser attacker to bypass it [...] All in all I think the gains for our alphas are not worth the effort.
(from https://trac.torproject.org/projects/tor/ticket/30377 above)
That ticket states one opinion and no team discussion. Was this a well-researched conclusion?
Not sure what you mean with…
Not sure what you mean with well-researched but it took into account the issues we were facing with selfrando + possible protections we gain from it + investigations done by external parties (Mozilla).
How do you invert the colors…
How do you invert the colors on Tor Browser? I tried changing the text and background values here, but the background is still a blinding white.
Preferences | Fonts & Colors | Colors | Text and Background
Would changing these values make it easier for trackers to id my browser?
On that dialog window,…
On that dialog window, choose Override | Always. Don't know if it makes it easier for trackers to fingerprint your browser, but fingerprint scan websites may be able to tell you if other people don't know or reply. Please report your findings.
Unfortunately Overrride |…
Unfortunately Overrride | Always didn't work for me. I found a comment elsewhere that said changing the background color doesn't work on some operating systems. Compton was suggested so I used that.
So many of us are waiting to…
So many of us are waiting to get a standalone APK for Tor Browser for Adnroid without Orbot? Please make it happen soon.
There is no Orbot included…
There is no Orbot included anymore, so we are there. \o/ If you mean "no included Tor" that won't happen and is done so by design.
I guess you misunderstood…
I guess you misunderstood or maybe I did. Could you please take a look again at this Reddit post?
I tested the 8.5 version on Android and it starts with another instance of Orbot in the background just like it had been since last year release. So please forgive me to ask this again, but how this release gives us a separate Tor Browser APK that can work with The Guardian Project's standalone Orbot APK?
Please shade some lights.
The only separate Tow Browser APK I found to be working is 60.2.1 version of Tor Browser for Android (Alpha), which was released last year before new release got merged with Orbot.
This is an open ticket we…
This is an open ticket we have on our list - https://trac.torproject.org/projects/tor/ticket/28786
Thank you for that info. But…
Thank you for that info. But isn't that request something a bit different than requested here? There, the user does not want to use Orbot while here it's the main requirement along with a separate Tor Browser apk.
Earlier I thought this request to be solved sooner since @gk looked promising to push it in the upcoming release. Biggest disadvantage of current release is losing Android's Always-on VPN function. Which prevents data leaks and forces all apps to pass through Tor.
I am hopeful that Tor devs will come out with some solution soon.
If I understand you…
If I understand you correctly, you either want a Tor Browser APK that doesn't contain the tor binary, or you want an option to disable Tor Browser Bundle's tor binary and tell Tor Browser to use Orbot's tor binary. Orbot basically is the tor binary packaged by Guardian Project. If the first one is what you meant, then gk answered your question. "If you mean "no included Tor [binary]" that won't happen and is done so by design." If the second one is what you meant, then the ticket sysrqb pasted is a bit unclear about which Orbot-- Tor Browser Bundle's at the time or Guardian Project's --the ticket wants to disable. The ticket says "built-in Orbot" which, if it means TBB's, is the second of my two guesses about what you meant. If the ticket means Guardian Project's, then you should create a new ticket.
Names need clarity if there are multiple meanings. Tor (capital T), tor (lowercase t), Tor Browser, Tor Browser Bundle, Tor Project, and which Orbot.
Back then it was Orbot, I'll…
Back then it was Orbot, I'll adjust the ticket title. What is meant is making an option to use Orbot (or whatever provides you with a non-Tor Browser-tor) instead of the tor we ship.
I just updated to version 9…
I just updated to version 9.0a 1, everything`s fine. But now I can`t open the stable version any more. Trying to do this I get the following message:
Error: proxy server denies connection
Firefox has been configured to use a proxy server that rejects the connection.
What can I do to be able to use both the stable version and the alpha version?
You should be able to run…
You should be able to run both versions, if you don't run them at the same time. If you want to run both at the same time, you need to change the ports used by one of the two so it doesn't conflict with the other:
I didn't express myself…
I didn't express myself correctly: After updating the alpha version I can't use the stable version even after closing the first one. The above message will be displayed.
Which operating system are…
Which operating system are you on? And where did you install the stable and alpha respectively?
I am using macOS Mojave 10…
I am using macOS Mojave 10.14.5 and have both versions installed in my MacBook Pro application folder.
About 2 years ago the described problem occurred already once. At that time, the solution was to completely delete and reinstall both versions of TorBrowrser.
Where do you have both…
Where do you have both versions installed, too? The problem is probably that you just installed them as usual into /Applications. But that very likely breaks as now the first Tor Browser is getting installed there and the user profile is created in
/Application\ Support/TorBrowser-Data/. If you install the second one (say, the alpha) at the same location the user profile does not get overwritten and you are using the one for Tor Browser stable which could cause all sorts of issues.
I decided to only use the…
I decided to only use the stable version in the future because I don't have the time to get involved with this problem. I have removed the alpha version, since then there are no more problems.
Thanks for your efforts.
A lot of changes for Android…
A lot of changes for Android, and there's no update on Google Play.
There's a new stable Tor release available, but you shipped old 0.4.0.4-rc.
Something is definitely wrong with your Release Management.
Thanks for the report. I see…
Thanks for the report. I see 9.0a1 on Google Play. Does it show up for you now? Yes, we could have shipped 0.4.0.5. However, this is an alpha channel and 0.4.0.4-rc was the last Tor alpha release. Thus, you could argue we are good here as well. Anyway, a new alpha got released two days ago and we will pick that one up in the next point release.
Now yes. But where is the…
Now yes. But where is the link to it in this blog post and in the download page?
No, you are not good with testing new Tor features using rc when stable is available.
And it's not good to pick up 0.4.1.x Tor, when you are preparing to ship 0.4.0.x to stable.
The alpha is used for a…
The alpha is used for a bunch of purposes. One is to test the next Tor Browser stable, yes. But at the same time it is used for the network team to find client side bugs as good as possible which is why it is important to ship new Tor alphas in Tor Browser's alpha series to give them a wider testing.
5/23/19, 17:38:45.720 …
5/23/19, 17:38:45.720 [NOTICE] Bootstrapped 10% (conn_done): Connected to a relay
5/23/19, 17:38:46.480 [NOTICE] Bootstrapped 14% (handshake): Handshaking with a relay
5/23/19, 17:38:46.225 [NOTICE] Bootstrapped 15% (handshake_done): Handshake with a relay done
5/23/19, 17:38:46.227 [NOTICE] Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
5/23/19, 17:38:46.230 [NOTICE] Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
5/23/19, 17:38:46.232 [NOTICE] Bootstrapped 95% (circuit_create): Establishing a Tor circuit
5/23/19, 17:38:52.746 [WARN] Problem bootstrapping. Stuck at 95% (circuit_create): Establishing a Tor circuit. (Network is unreachable [WSAENETUNREACH ]; NOROUTE; count 1; recommendation warn; host 9B24B2149631167704362E07356A9E9BFC1F0F05 at 2a01:4f9:2a:3d9:200::201:9001)
5/23/19, 17:38:52.758 [NOTICE] Bootstrapped 100% (done): Done
5/23/19, 17:38:52.761 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150
5/23/19, 17:38:52.761 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
5/23/19, 17:38:52.761 [NOTICE] Delaying directory fetches: DisableNetwork is set.
Does Tor Browser work for…
Does Tor Browser work for you after that error log? What is the experience like if not?
As it's written in the log,…
As it's written in the log, Tor Browser got stuck during boot and asked to reconfigure it. Then after pressing Connect, it worked as usual.
Okay, I've filed https:/…
Okay, I've filed https://trac.torproject.org/projects/tor/ticket/30639 to investigate that on the Tor side. I assume this is some fallout of our fix for https://trac.torproject.org/projects/tor/ticket/29641.
Seen same 5/31/19, 17:30:48…
5/31/19, 17:30:48.736 [WARN] Problem bootstrapping. Stuck at 30% (loading_status): Loading networkstatus consensus. (Network is unreachable; NOROUTE; count 2; recommendation warn; host B84F248233FEA90CAD439F292556A3139F6E1B82 at 2a00:1298:8011:212::164:9004)
Some reason it tries IPv6 address.
Tor WARN: Problem…
It looks like Tor tries IPv6 in IPv4 network...
Certain web pages keep…
Certain web pages keep asking for HTML5 canvas access. How can one set the default to block?
There is no such option yet,…
There is no such option yet, alas. See: https://trac.torproject.org/projects/tor/ticket/18027.
8.5 appears to default block…
8.5 appears to default block. similar comment. Bug tickets #18027 and #29028 to name two.
With every update,…
With every update, torbrowser "sucks" more - in particular memory and cpu. The new version on a 3,5GB-memory 64Bit machine is considerably slower than the 1 year old version was on my 1,5GB-32Bit machine.
Torbrowser wants to support activists around the world. What hardware do you think the majority of these activists have available? You think they're all equipped like Silicon Valley geeks? Even some of my friends in The North still run old 32Bit-Thinkpads for their political activism.
Frustrating by the way that the 32Bit-Linux version doesn't run (and seemingly isn't supposed to run) on a 64Bit machine.
A lightweight variant or a much lighter Torbrowser is urgently needed if Torbrowser is intended to be put to the uses it claims to be intended for!!!
Hello! >> torbrowser …
>> torbrowser "sucks" more - in particular memory and cpu.
Meanwhile I did not had observations of slowdowns of TBB, but I did not checked specially.
Have to say that mentioned by Mr. "exit" situation really may appear.
So I would like to prevent it.
Dear TBB-developpers! - Please keep the hand on the pulse!!!
>> Torbrowser wants to support activists around the world.
>> What hardware do you think the majority of these activists have available?
>> You think they're all equipped like Silicon Valley geeks?
>> Even some of my friends in The North still
>> run old 32Bit-Thinkpads for their political activism.
Recently I saw discussion at https://www.opennet.ru/opennews/art.shtml?num=50638 - why Tails is not 32-bit. Like for me Tails-developers just cut their expanses (time, money,efforts, etc ) by dropping 32-bit users. Very sad.
in the new update we cannot…
in the new update we cannot see the relay nodes like bofore, i am not feeling safe in tor 8.5
Where are you looking for…
Where are you looking for the relay nodes? And does this happen for every website you visit? If not do you have steps to reproduce your problem?
Sure you can, you just click…
Sure you can, you just click the i in a circle and the lock, it displays it in there.
Dear tor team , could u add…
Dear tor team ,
could u add translate sites in tor browser .
thanks for Tor teams .
What do you have in mind?
What do you have in mind?
Developer! Hello! Now you…
Developer! Hello! Now you have made the first final release of the program "Tor Browser" for android devices, and further develop this project, this is good. Very happy. You have developed the program "Tor" for os Wndows, linux ..
In this regard, the question;
Do you plan to develop a similar program "Tor" for android devices based on the program "Orbot"?
We don't plan to work on a…
We don't plan to work on a replacement for Orbot, no.
rc7: NoScript detected a…
NoScript detected a potential Cross-Site Scripting attack
from https://mysite to https://s7.addthis.com.
Error: Exceeded 20000ms timeout,(URL)
08:32:55.251 Got a mutation…
08:32:55.251 Got a mutation for an unexpected actor: server1.conn1.child1/domnode63, please file a bug on bugzilla.mozilla.org! 1 inspector.js:307:11
08:32:55.252 console.trace(): 1 inspector.js:309
What do you mean with "doesn…
What do you mean with "doesn't work"? What is supposed to happen?
security slider gone. now…
security slider gone. now click click to access. minorly inconvenient
How so? The amount of clicks…
How so? The amount of clicks you need for changes the level does not have changed (previously 2, now 2) and the amount of clicks you need to see on which level you are on has improved (previously 2, now 0).
About Tor Browser dialog: 15…
About Tor Browser dialog:
15:36:12.897 Invalid string label 1 (unknown)
and when pressing the button to update.
Hello Tor developers & users…
Hello Tor developers & users!
How can I easily know and understand the differences
between the various Tor Browser (TB) versions
(for example current v8.0.9, v8.5.1 and v9.0a1)?
Which preferences and about:config settings values is common
and which is vary in all these TB variants?
Where can I read about this more, in clearly explained form?
(I'm unexperienced TB user, began using it this New Year.)
Thanks in advance.
(sorry for possible double posting - there was a browser glitch.)
There is no clear…
There is no clear explanation on the exact differences between stable and alpha versions. You have to diff the respective components' source code. The alpha, in general, contains features and bug fixes that need a bit more testing time than what we already give them and/or those things that a basically too invasive for a stable series (like toolchain changes).