New Release: Tor Browser 10.5a6
Tor Browser 10.5a6 is now available from the Tor Browser Alpha download page and also from our distribution directory.
Note: This is an alpha release, an experimental version for users who want to help us test new features. For everyone else, we recommend downloading the latest stable release instead.
This release updates Firefox to 78.6.0esr for desktop and Firefox for Android to 84.1.0. Additionally, we update Tor to 0.4.5.2-alpha for desktop users (Android users got that already with 10.5a5) and OpenSSL to 1.1.1i for everyone. This release includes important security updates both for desktop and Android users.
This version brings back a functioning meek bridge, and also allows users to automatically get bridges within Tor Browser again.
Note: Tor Browser 10.5 does not support CentOS 6.
The full changelog since Tor Browser 10.5a4 (desktop) and 10.5a5 (Android) is:
Comments
Please note that the comment area below has been archived.
Thanks for the new builds! …
Thanks for the new builds!
What is the timeline for the extra unnecessary permissions removal on Android, aka issue #40109?
We have put it on our radar…
We have put it on our radar for the next major release, 10.5, which is due in Q2 2021. So, I hope the dev work for that can start during the first weeks next year.
June 2021 is a long time…
June 2021 is a long time away. Since the release of 10.0 in October 2020, one of the issues with the most complaints and loss of trust in Tor Browser has been about Android's permissions.[1][2][3][4][5][6][7][8][9][10] Until the resolution is released, it would help everyone if Tor Project, in the app's descriptions on the app stores (Google Play and F-Droid), adds or links to an explanatory statement like your (gk's) comment and/or the replies by other Tor Project developers, some of which are in references 1-10 from the Tor blog.
Most people have already…
Most people have already uninstalled and moved away from what I hear. Its not possible to actually tell because creating metric data for the number of Android based update requests is probably also too much of a burden for the devs. The best option now (and apparently for a while) would be a premium VPN which does multi hop connections, a free web proxy and a security/privacy focused browser like Brave, it lets you block scripts and has fingerprint protection by default. Click on the red lion icon in the URL bar to check your settings. Its far from trustworthy and the premium payment method will create a strong link but its better than anything Tor will be putting out for many months to come. Safest wishes for 2021 all
Thank you for your reply gk…
Thank you for your reply gk. I hope alpha versions would start to see the changes sooner. Happy holidays!
This version can not user…
This version can not user bridge on win/MacOS
I replace tor with 0.4.5.1-alpha.
It's ok
What is happening with 0.4.5…
What is happening with 0.4.5.2-alpha compared to 0.4.5.1-alpha? What errors do you get? Could you give us some steps to reproduce your issues so we can take a closer look?
The same on linux , both 32…
The same on linux , both 32 and 64 bit
Log complains about not setting the ClientTransportPlugin line before specifying the bridges' addresses , so I had to remove bridges lines form torrc , set UserBridge to 0 and remove the bridge preference set by torlauncher in pref.js to make torborwser connect directly to the tor network and make it works again
Thank you for the work you…
Thank you for the work you do!
PLease focus on UI and UX of…
PLease focus on UI and UX of the app and gives safari like Ui
torbrowser - defunct 10.5a6 …
torbrowser - defunct 10.5a6 / win 10 pro 19042.685 german / 32 and 64 / portable / update or fresh portable install
Hi there,
Didn't find any related bug(s) filed at
https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues
Description
Starting after updating a portable version (both 32 and 64) from 10.5a4 to 10.5a6 on windows 10 doesn't work.
Relevant parts from update.log:
...
ensure_remove: failed to remove file: C:\Port\TBrowser\Browser/updater.exe.moz-backup, rv: -1, err: 13
backup_discard: unable to remove: updater.exe.moz-backup
...
ensure_remove: failed to remove file: C:\Port\TBrowser\Browser/softokn3.dll.moz-backup, rv: -1, err: 13
backup_discard: unable to remove: softokn3.dll.moz-backup
...
ensure_remove: failed to remove file: C:\Port\TBrowser\Browser/nss3.dll.moz-backup, rv: -1, err: 13
backup_discard: unable to remove: nss3.dll.moz-backup
...
ensure_remove: failed to remove file: C:\Port\TBrowser\Browser/mozglue.dll.moz-backup, rv: -1, err: 13
backup_discard: unable to remove: mozglue.dll.moz-backup
...
ensure_remove: failed to remove file: C:\Port\TBrowser\Browser/freebl3.dll.moz-backup, rv: -1, err: 13
backup_discard: unable to remove: freebl3.dll.moz-backup
...
calling QuitProgressUI
NS_main: unable to remove directory: tobedeleted, err: 41
Removing directory tobedeleted manually doesn't solve the issue.
Relevant parts from tor-connect log:
12/19/20, 14:31:18.380 [WARN] Bridge line with transport obfs4 is missing a ClientTransportPlugin line
12/19/20, 14:31:18.380 [ERR] set_options(): Bug: Acting on config options left us in a broken state. Dying. (on Tor 0.4.5.2-alpha 135b8eea36edd992)
Also fresh portable installs of 32 and 64 don't remedy the issue.
Regards
+1
+1
Hello! Please make a…
Hello!
Please make a torrent download solution for the Tor Browser.
Thank's!
It's not recommended to…
It's not recommended to torrent over Tor as it adds unnecessary strain on the network, though I hope this changes in the future, as torrents offer valuable information irrespective of mainstream junk. You can use Torify to run some applications over Tor, though most torrent clients don't appear to support this.
If possible, use OnionShare…
If possible, use OnionShare instead. The networking protocols of BitTorrent leak information that can identify you, and the protocols were not designed by Tor Project, and the Tor network can't handle the load of normal BitTorrent activity. Read the section "Don't torrent over Tor". Then, read "How can I share files anonymously through Tor?". Then, read the paragraph starting with "The default exit policy allows".
One of the channels through…
One of the channels through with you can get tor is the Internet Archive. Each item on there has a torrent e.g. torbrowser-install-win64-10.0_en-US.exe_archive.torrent.
Is it possible to remove …
Is it possible to remove "Paste & Go" from the right-click context menu in the address bar? I don't see any benefit for it, and it's dangerous. "Paste" is there separately, and that should be all anyone needs.
You should be able to do…
You should be able to do this manually by entering:
#paste-and-go { display: none !important; }
into: tor-browser_en-US/Browser/profile.default/chrome/userChrome.css
Would be good to have an option to only allow matches of HTTPS / onion URLs in the address bar.
OS:Debian Gnu/Linux 10.7…
OS:Debian Gnu/Linux 10.7
Kernel: 5.9.6-1~bpo10+1 (2020-11-19) x86_64 GNU/Linux
Tor:10.5a6
The Tor exited during startup. This might be due to an error in your torrc file, a bug in Tor or another program on your system, or faulty hardware. Until you fix the underlying problem and restart Tor, Tor Browser will not start.
Tor unexpectedly exited. This might be due to a bug in Tor itself, another program on your system,or faulty hardware. Until you restart Tor, the Tor Browser will not able to reach any wersites.if the problem persists, please send a copy of your Tor Log to the support team.
Restarting Tor will not close your browser tabs.
You should get more info by…
You should get more info by starting Tor Browser in your tor-browser_$$ directory on the command line with:
./start-tor-browser.desktop --debug
. What is shown there?Dec 23 10:44:29.817 [notice]…
Dec 23 10:44:29.817 [notice] Tor 0.4.5.2-alpha (git-135b8eea36edd992) running on Linux with Libevent 2.1.12-stable, OpenSSL 1.1.1i, Zlib 1.2.11, Liblzma N/A, Libzstd N/A and Glibc 2.28 as libc.
Dec 23 10:44:29.817 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://decvnxytmk.oedi.net/download/download#warning
Dec 23 10:44:29.817 [notice] This version is not a stable Tor release. Expect more bugs than usual.
Dec 23 10:44:29.817 [notice] Read configuration file "/home/birdofprey/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser/Data/Tor/torrc-defaults".
Dec 23 10:44:29.817 [notice] Read configuration file "/home/birdofprey/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser/Data/Tor/torrc".
Dec 23 10:44:29.819 [notice] Opening Control listener on 127.0.0.1:9151
Dec 23 10:44:29.819 [notice] Opened Control listener connection (ready) on 127.0.0.1:9151
Dec 23 10:44:29.819 [notice] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
Dec 23 10:44:29.000 [warn] Bridge line with transport snowflake is missing a ClientTransportPlugin line
Dec 23 10:44:29.000 [err] set_options(): Bug: Acting on config options left us in a broken state. Dying. (on Tor 0.4.5.2-alpha 135b8eea36edd992)
Dec 23 10:44:29.000 [err] Reading config failed--see warnings above.
These issue seem to have the…
These issue seem to have the same cause/root:
https://vbdvexcmqi.oedi.net/comment/290793#comment-290793
https://vbdvexcmqi.oedi.net/comment/290796#comment-290796
https://vbdvexcmqi.oedi.net/comment/290803#comment-290803
and how to --debug the start of windows install & portable versions of tor-browser?
The relevant logs : Dec 27…
The relevant logs :
This is a debian sid 64 bits. Tor browser is installed in the $HOME directory and it is the default version given on tp website
Yes. That is https://gitlab…
Yes. That is https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/402…. We forgot to pick up an unreleased tor patch for 10.5a6, sorry for that.
In the last fev days all the…
In the last fev days all the first connects for the tor network across any obsf4 bridge failed for first only the second attempt was succeeded.
I tested the connection and maybe some ipv6 leaks is maybe. After I tried to search obsf4 bridges with ipv6 support but this link doesn't work (https://bridges.torproject.org/options) I got red alert everytime.
In same time I have experienced some other interesting things by these I have an idea and I have a question:
What do you think or what do you know is possible all network traffic (Tor) of a user take into a virtual sandbox or into some other similar environment? And is the attacker able to check and manipulate the packets and to hijack the traffic in this "virtual box" before these arrive for the user? The list of my experiences are too long to write these down sorry.
Some website arrive for me with missing elements (scripts), these elements are importants and this is not accident it's hundred percent sure.
I will make more tests, if somebody has ideas please share with me. Thank's.
It looks like the packages…
Is the signing key expired?
$ gpg --verify '/home/user/Desktop/tor-browser-linux64-10.0.7_en-US.tar.xz.asc'
gpg: directory '/home/user/.gnupg' created
gpg: keybox '/home/user/.gnupg/pubring.kbx' created
gpg: assuming signed data in '/home/user/Desktop/tor-browser-linux64-10.0.7_en-US.tar.xz'
gpg: Signature made Sun 13 Dec 2020 07:07:39 AM UTC
gpg: using RSA key EB774491D9FF06E2
gpg: Can't check signature: No public key
$ gpg --keyserver hkp://keyserver.ubuntu.com --recv-key EB774491D9FF06E2
gpg: /home/user/.gnupg/trustdb.gpg: trustdb created
gpg: key 4E2C6E8793298290: public key "Tor Browser Developers (signing key) " imported
gpg: Total number processed: 1
gpg: imported: 1
$ gpg --verify '/home/user/Desktop/tor-browser-linux64-10.0.7_en-US.tar.xz.asc'
gpg: assuming signed data in '/home/user/Desktop/tor-browser-linux64-10.0.7_en-US.tar.xz'
gpg: Signature made Sun 13 Dec 2020 07:07:39 AM UTC
gpg: using RSA key EB774491D9FF06E2
gpg: Good signature from "Tor Browser Developers (signing key) " [unknown]
gpg: Note: This key has expired!
Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
Subkey fingerprint: 1107 75B5 D101 FB36 BC6C 911B EB77 4491 D9FF 06E2
$ gpg -kv
gpg: using pgp trust model
gpg: Note: signature key 2E1AC68ED40814E0 expired Fri 25 Aug 2017 11:26:30 AM UTC
gpg: Note: signature key 7017ADCEF65C2036 expired Fri 25 Aug 2017 11:23:23 AM UTC
gpg: Note: signature key D1483FA6C3C07136 expired Fri 24 Aug 2018 11:26:24 AM UTC
gpg: Note: signature key EB774491D9FF06E2 expired Sat 19 Dec 2020 02:52:33 AM UTC
/home/user/.gnupg/pubring.kbx
-----------------------------
pub rsa4096 2014-12-15 [C] [expires: 2025-07-21]
EF6E286DDA85EA2A4BA7DE684E2C6E8793298290
uid [ unknown] Tor Browser Developers (signing key)
sub rsa4096 2014-12-15 [S] [expired: 2017-08-25]
sub rsa4096 2014-12-15 [S] [expired: 2017-08-25]
sub rsa4096 2016-08-24 [S] [expired: 2018-08-24]
sub rsa4096 2018-05-26 [S] [expired: 2020-12-19]
sub rsa4096 2014-12-15 [] [revoked: 2015-08-26]
It got extended, please…
It got extended, please refresh the local copy you have.
Does tor stop EDNS Client…
Does tor stop EDNS Client Subnet from leaking local addresses to resolvers?
Red line through the lock…
Red line through the lock next to https: for the website ipcheck.info and anonymouse.org
This browser is not secure. If I use firefox or chrome, there is no redline through the lock.
I'm on Android 10 on a moto…
I'm on Android 10 on a moto g⁷ power (XT1955-7)
Tor updated yesterday via PlayStore and now can't even open at all.
Tor: Version 10.0.7 (84.1.0-Release)
Suggestion: Update In the…
Suggestion: Update
In the settings page I did not see alternative:
-- I'll check manually for updates.
I'd like to have this alternative because
-- I don't want my browser to make a trail of connection each time I start it.
There are always someone (with big resources) interested to gather such data.
sometimes i see this on…
sometimes i see this on clearnet sites:
Onionsite Has Disconnected
The most likely cause is that the onionsite is offline. Contact the onionsite administrator.
Details: 0xF2 — Introduction failed, which means that the descriptor was found but the service is no longer connected to the introduction point. It is likely that the service has changed its descriptor or that it is not running.
-- Why would this be displayed on a clearnet (non-onion) domain? Odd.
[01-04 06:31:37] Torbutton…
[01-04 06:31:37] Torbutton NOTE: Exception on control port [Exception... "Component returned failure code: 0x804b000e (NS_ERROR_NET_TIMEOUT) [nsIBinaryInputStream.readBytes]" nsresult: "0x804b000e (NS_ERROR_NET_TIMEOUT)" location: "JS frame :: chrome://torbutton/content/torbutton.js :: torbutton_socket_readline :: line 467" data: no]
Even on a fast machine.