New Release: Tor Browser 8.0.2

by gk | October 3, 2018

Tor Browser 8.0.2 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox. We picked up the necessary patches, but because we needed to start building before Mozilla was ready with a first candidate build, we did not bump the Firefox version to 60.2.2esr. Thus, users are fine with Tor Browser 8.0.2 even though the Firefox version is 60.2.1esr.

Known Issues

We already collected a number of unresolved bugs since Tor Browser 7.5.6 and tagged them with our tbb-8.0-issues keyword to keep them on our radar. The most important current issues are:

The full changelog since Tor Browser 8.0.1 is:

  • All platforms
    • Update Firefox to 60.2.1esr
    • Backport fix for Mozilla bug 1493900 and 1493903
  • OS X
    • Backport fix for Mozilla bug 1489785 for macOS 10.14 compatibility

Comments

Please note that the comment area below has been archived.

October 02, 2018

Permalink

Don't know what happened but I upgraded from 7.5.x to 8.0.2 and since, I got a ton of Cloudflare pages telling me to solve lots of Google Captcha because I need to "run an anti-virus scan on [my] device to make sure it is not infected with malware". But whatever I try, the problem is still there : anti-virus, anti-malware, reinstalling TBB, and so on. I even tried to reset my W10 and to install a full TBB 8.02 archive : the problem is still there. I cannot beleive the problem is on my side, but since you don't report such a problem, I'm wondering what's going on ? :/

No, don't do that. It would make you fingerprintable.

The proper workaround when you see a Cloudflare CAPTCHA is to press Ctrl+Shift+L ("New Tor Circuit for this Site") until it goes away.

This is the only thing that works without making me extremely homicidal towards Google and Cloudflare, but it is not a sustainable solution, as the list of accepted TOR exit nodes must get smaller all the time (due to abuse, or just being flagged as TOR exit nodes - ask Cloudflare how it works).

This is precisely why I learned the shortcut.
Another way is to use archive.org or another service to access the site, which is no problem if you know the page is years/months/weeks old anyway. Or find another way.
Some sites don't work at all no matter how much you try a "New tor circuit", those are sites that throw an Error 403 or a raw text page to that effect. Even sites where you may need to download Windows drivers. Be careful there I only trust drivers from the original manufacturer website.

I agree insofar that the Tor project could have/should have done this themselves. They have tested this beforehand and must have noticed this issue.

It doesn't matter how "secure" your browser is if it doesn't work half of the time. I'll stick to using Tor 7.5.6 until the 8.x Tor browser works reliably. And in that I include a summary that doesn't start with "Known Issues: WebGL is broken right now." I get it: WebGL is not very good. And FireFox itself has been getting worse and worse with every update. Maybe the Tor project should dial the Firefox version back a bit and just apply the updates concerning privacy/security.

This is nothing to do with viruses, malware or the update, or your system. Cloudflare simply has a list of tor exit nodes and applies the captcha globally to them. That can be adjusted individually by each website which uses cloudflare. Lots of websites block tor exit nodes by default.
You can use bing or startpage cache / proxy to read some websites, without solving a captcha. Google itself has a captcha on tor.
If you don't believe me then install tor browser 7.5.x on a different computer, then look at the same websites on both.

I get the same. Also the captcha seems to be poor quality? It takes a lot of clicks to get verified. All I can assume is the circuit you are given is on their blacklist of sites - but its very common.

October 02, 2018

Permalink

New version screws up my fave sites (Win 7) asking for captcha and can not solve the captcha. I system restored old Tor version and now all is OK. But Tor updates automatically, so next time I restart I'll be hooped again! Please fix so no captcha required for sites, such as YIFY movies

Since xul to webextensions was the biggest change when ff went quantum, I'd *suspect* that loss of noscript functionality causes these tor browser 8 site "incompatibilities".

But why even have Quantum then? You know what I mean? It's not like Mozilla owns torproject. The core concepts of Tor (as far as I'm aware) are anonymity through a daisy chain of proxies and everybody looking the same. Just stick to a pre-Quantum Firefox - or even an entirely different browser. I bet the Linux community would have a few lovely browser suggestions that are neither Firefox nor Google's Chrome. While I would miss the addons, I would be happy to have a Tor browser that delivers a... smoother experience. I mean 8.0 was released in early September but every time I check the current version, everything's ... kind of a mess, really. It honestly feels to me like an alpha version was pushed to live as part of a joke but the rest of the team took it at face value and now the person responsible doesn't dare to speak up...

This worked for me in Windows. Re-install the old version. In the Tor Browser folder, navigate to \Browser\TorBrowser\UpdateInfo. Delete the folder UpdateInfo. Or, alternatively, open UpdateInfo and delete the file "active-update.xml". Then navigate on to "*\updates\0" and delete the files "update.mar", "update.status", and "update.version". Use the hamburger stack to open Options, then set the update preference to "Never check for updates (not recommended)". If you don't mind being nagged by a popup, enable "Check for updates but let you choose to install them". Close your browser and restart it. If the delete folder "UpdateInfo" option was chosen, that folder should be regenerated upon restart. But it will be empty, and your TBB version should persist as your old version.

October 03, 2018

Permalink

I second the comment above about Cloudflare problems.

I also have huge problems with Cloudflare captchas since the upgrade to TBB 8.0 at the beginning of September, 2018. I use TBB on both Win10 and Ubuntu, and the Cloudflare problems occur on both.

Cloudflare has been a big problem for us TBB users for a long time, but the situation had gotten a bit better throughout 2017 and 2018, even without any "privacy pass". But starting exactly with the TBB 8.0 upgrade, huge numbers of websites became unusable because of Cloudflare captcha loops (you're shown captcha after captcha, but it never acknowledges that you solve the captcha correctly, and the loop never ends).

How many sites you find which are now inaccessible depends on your browsing habits of course, so I can only give my situation. I read many sites every day, covering a big range of topics. In my case, I now find around 30-40 different sites per day where TBB is completely blocked by Cloudflare. Even for heavy internet use, it's a lot. Since most are sites I visit regularly, I'm certain that they were not blocked before the 8.0 upgrade.

October 03, 2018

Permalink

After upgrading to 8.0.1. my system seems overwhelmed. I am not too savvy but prior to upgrade I would have one firefox.exe open for each tab that was open. Now I may gave as many as 3 for each tab open. I am using an older laptop running windows 7 and at my age not too inclined to spend the money to stay with the newest platforms. I used TOR because it was not a resource hog but that has changed. Is there something I can do to fix this?

Go into the options and under "Performance" disable "Use hardware acceleration when available" and change "Content process limit" to 1. For me, this reduces memory usage considerably. There are reasons why the default settings are good, but for me they aren't worth the cost.

October 03, 2018

Permalink

I'm running LinuxMint 19.0 and Tor browser 8.0.2
Tor onion circuit menu still not available
what's going on?

I think you are looking at the wrong place. We moved the circuit display to the URL bar (more specifically it is now behind the "i" icon which you get when loading a web page) which we announced in our Tor Browser 8.0 blog post, both with some animations and in the blog post text.

October 03, 2018

In reply to gk

Permalink

That's it.

October 03, 2018

In reply to gk

Permalink

The circuit display is not there when we click the 'i' icon - Only displayed is ''secure connection'' and ''permissions'' - this is for windows 43 bit and windows 64 bit too.

Please sort it out r update us here when it has been fixed.

What operating system and security slider level is that? Do you get errors if you look at the log output in the browser console (Ctrl + Shift + J)? Does that happen with a clean, new Tor Browser installed to a different location?

October 03, 2018

In reply to gk

Permalink

Windows 10, 64 bit, tried it with 32bit and same issue, same issue when security level is at low or high. download and refreshed and installed it 3 times and same issue no circuit displayed at all.

I installed the tor browser on a new machine a few days ago and just realized it doesn't show the circuit hops anymore. (I'm not sure if that was the case from the moment it was installed.) It's running on Ubuntu 18.04. The security slider level is standard.

October 22, 2018

In reply to arma

Permalink

I'm referring to the same issue as SMITHY is showing on the screen shot.
I have been using 8.0.2 since it has been released and know the circuits were displayed in a new place. It's a different problem:
When I use a bridge, the circuit is not displayed (I get the same information as SMITHY)
when I don't use a bridge the circuit is displayed.
I only noticed that yesterday because I didn't use a bridge before and I think it's confusing.

October 22, 2018

In reply to gk

Permalink

It actually desn't happen with the built-in bridges that successfully connected to the network no matter the type.

I forgot:

nodeData[i].ip is undefined tor-circuit-display.js:297
updateCircuitDisplay chrome://torbutton/content/tor-circuit-display.js:297:11
onLocationChange chrome://torbutton/content/tor-circuit-display.js:326:25
callListeners chrome://browser/content/tabbrowser.js:704:18
_callProgressListeners chrome://browser/content/tabbrowser.js:727:7
_callProgressListeners chrome://browser/content/tabbrowser.js:4230:12
onLocationChange chrome://browser/content/tabbrowser.js:4577:7
_callProgressListeners resource://gre/modules/RemoteWebProgress.jsm:144:11
receiveMessage resource://gre/modules/RemoteWebProgress.jsm:237:7

October 03, 2018

In reply to gk

Permalink

That was driving me freaking crazy, not being able to find the circuit info. Thought it had been removed and I was going to downgrade back to 7.

October 03, 2018

Permalink

The 'Reload Every' option for each tab seems to have disappeared over the last couple of updates. Why has this been removed, and can it be placed back again?

October 03, 2018

Permalink

receive you device does not have permission to access file no matter how many times i download it

Since these updates to version 8, version 8.0.1 and 8.0.2 there has been nothing but problems,

October 03, 2018

In reply to gk

Permalink

Yes got McAfee, but that has never been an issue before, and McAfee doesn't seem to be the thing interrupting it.. I download 32 bit and it works ok now. apart from no circuit display :(

October 03, 2018

Permalink

In the old version of tor (less than 8.0) i could download the source code and recompile it( change the number of nodes for example) and create a new tor.exe file and switch it with the tor.exe file that create with tor installation.
but now, in the new version of tor the 8.0 and above when im doing that i'm having error- 0xc00007b-which means that i'm working with 32 bit on 64 bit or 64 bit on 32 bit. i found work around way that i can install an old version of tor(less then 8.0 version) do the update to 8.0.2 and then i can change the tor.exe file without any error.
why this thing happens?

October 03, 2018

Permalink

is the bug fixed when i have tor browser in veracrypt and lock vera crypt and open, the torlauncher and torbutton wont start, is that fixed?

October 03, 2018

Permalink

Latest McAfee is Quarantining the firefox.exe file stating the threat is
Real Protect-LS!8AC8CAD041C5

When searching McAfee's own site this is not found ?

Having looked into a wide variety of Antiviruses and I think as far as free options go Avira's Antivirus has the best combination of protection and respectful privacy settings. You've just got to live with one self advertising popup every two days.
That being said: I am a random person on the internet. You can take my advice as a point to check out, but you should do your own research into reading privacy policies as well as test results. ;)

October 03, 2018

Permalink

This new update has McAfee quarantined the update AGAIN. This happened with the last update 8.1 too and I left a comment about it then. I restored this quarantined thing just now and rebooted but McAfee still quarantined it again when I tried opening the browser. I'm now using TBB version 8.0 because that's the only downloader I hadn't deleted yet. I'm using Windows 10 64-bit.

http://imageupper.com/i/?S1100010100011R153858960765664

October 03, 2018

Permalink

while remaining on ver 7.5.6 for now, I want to note that you guys have a really hard job to do and it isn't reasonable to expect it to be done quickly or without new problems arising

October 03, 2018

Permalink

I didn't see these addressed so I'll add them:
- Tor still doesn't remember the size of the browser window, so those of us who have the menu bar open, or addons for tabs, always end up with a unique sized window that is read read by whatever tab happens to be loading.
- I can't login to disqus. I have added it to the whitelist, to no avail.
- I wish you could get sync back.

I have those issues with Tor under Windows 7 SP1, Linux Ubuntu 16.04, and Linux Ubuntu 18.04.

Thank you

Personally I don't care about that AddOn either, BUT: An AddOn not working might be an indicator of something else that's broken in the Tor browsers' code. For all we know this could be highly valuable feedback for the devs. Hence giving feedback shouldn't be discouraged. ;) It's still at least [i]related[/i] to the issues at hand.

October 16, 2018

In reply to gk

Permalink

Heh. You should have your own tests, guys! ;)
But, okay. Try to search something on youtube (Safest). You then have to enable Script on that page to see anything, but try to enable also Media and Fetch (beforehand, as they are not colored red yet). And you get in the console:
element has no “src” attribute. Media resource load failed. results
All candidate resources failed to load. Media load paused.

Also click on the first found video, and you get empty rectangle instead of media player on its page.

October 04, 2018

Permalink

NoScript is also getting reset to allow-all every time TorBrowser is relaunched. This is a serious breach of controls, please ensure this is fixed!

October 04, 2018

Permalink

new update (Tor Browser 8.0.2) color changing make feel worst. older green is feels good. specifically tabs (current tabs and other tabs) colors makes very bad. chrome only behave aggressively like this. now i am worrying and some bad hand interfere tor....

October 04, 2018

Permalink

Hello! After upgrade to version 8.0 (x64) I cannot resize main window, only maximize or minimize. How I can resize browser?

Websites can easily see the exact size of your browser window, so if you are using anything other than the Tor Browser default, they may be able to identify you, possibly even uniquely identify you. For this reason, TB discourages you from trying to resize the window. Since different devices (e.g. laptops, tablets) have differently sized and shaped "maximized" windows, TB suggests that you not maximize the window either.

October 04, 2018

Permalink

This might be OT but i have a question, a new version of tor has been released, but i remember the previous one was showing where you were connected, like germany-france-usa. I cannot find this option anymore. Has it been removed or is it still there? Thanks.

October 04, 2018

Permalink

A minor improvement of TBB8: I can reply to more than one comment here.
With previous TBB, vbdvexcmqi.oedi.net's newer commenting software allowed only one reply, then the page disabled or hid the "Reply" link on every comment. The "Reply" links showed again after TBB restart. But as I recall, the faster workaround was to clear cookies or something else that did not require TBB restart.

Odd, I haven't been seeing that at all. In my recent experience at this blog (using the latest Tails, which uses the latest Tor Browser), as long as I set the slider below "Safest", and answer the captcha, the comment appears to be submitted properly (but presumably was nixed by the moderator, in cases where it never appears).

October 04, 2018

Permalink

Why does Tor look different after the 8.0.2 update? The opening (Start Up) page is purple and there isn't a bookmark for check to make sure your using tor

October 04, 2018

Permalink

Ever since I updated to 8.0.2 the start up page is different. The page is purple and completely different than the last version that I had where I could check to make sure I was connected to Tor. Is this normal or have I been bugged?

October 04, 2018

Permalink

Hello torproject,
why one can not unpack the browser-dir( [0] ) in the TBB-64bit-install.exe-file?

October 04, 2018

In reply to boklm

Permalink

He asks why Win64 bundle is a normal PE+ (with [0] section inside) which cannot be extracted by common archiver (7z, etc) while Win32 bundle is a normal SFX archive.

October 05, 2018

In reply to boklm

Permalink

I used to do this too. You could open the executable installer as an archive with 7-zip or other tools and extract it, and running it from the extracted folder would work the same as if you properly ran the installer to copy the browser into a folder. Not running executables from the web just seemed like the properly paranoid thing to do. I think I stopped because of a warning in the installation and usage instructions that any deviation from them means that the security benefits promised by TorBrowser can't be guaranteed.

October 04, 2018

Permalink

Access denied. Your IP address is blacklisted. If you feel this is in error please contact your hosting provider's abuse department.

October 05, 2018

In reply to boklm

Permalink

I forget to select "Clear History When Tor Browser Close", maybe it's my fault.

October 04, 2018

Permalink

how to create a custom .onion domain name . i try a make domain name .onion but its not working :-(

October 05, 2018

Permalink

I Just hate Captcha, but what we do its all about search engine algorithm.some where the main reason is security.

October 05, 2018

Permalink

WTF happened to noscrpt? Now it's on ALLOW ALL by default! Brilliant.

Is there no way to set this back to BLOCK by default? I tried and each time I open the browser, back to ALLOW ALL.

October 06, 2018

Permalink

you added an annoying glowing (!) mark in the onion logo to force the users to update the browser even if my updates are turned off shame on you I switch to epic browser asap. you became worse than the multi national companies with their scams and user hacks

SHAME ON YOU!!!!!!!!!!

October 06, 2018

Permalink

Hello Tor Project Team,
I've had some trouble conserving TBB 8.0.1 as a backup to 8.0.2. After doing several re-installations, TBB 8.0.1 had continued to force an update to TBB 8.0.2 in spite of enabling either:

1. "Check for updates but let you choose to install them", or
2. "Never check for updates (not recommended)" ... using the hamburger stack:
"Options>General>Allow Firefox to".

I have discovered that a file named "active-update.xml" has appeared in v.8.0.1 Tor Browser\Browser\Torbrowser\UpdateInfo. Checking Tor Browser\Browser\Torbrowser\UpdateInfo\updates\0 reveals three more files:

1. "update.mar" (a Microsoft Access Report Shortcut, as per checking file properties)
2. "update.status" (Opening in Notepad shows "pending")
3. "update.version" (Opening in Notepad shows "8.0.2"

Deleting each of these four files, or the entire UpdateInfo folder before exiting TBB 8.0.1 prevents the forced update to TBB 8.0.2 when restarting TBB 8.0.1 . The UpdateInfo folder is regenerated as an empty folder after a restart. So ... I feel better. And you, chupta? Thank you for your dedication, and the good things that you provide us all with.

October 07, 2018

Permalink

noscript does not work correctly:

example:

with the security-slider set on "high"

go on: https://metager.de/

1. noscript is on "standard" - you won't see the icons for "Web", "News/Politik", "Wissenschaft" ... "settings" and so on around the search field are not visible = normal behaviour

2. click on "temp. TRUSTED" and reload the page: icons become visible. This noscript setting alone should not allow icons to be displayed as the security slider is still on "high". Do noscript and the security slider no longer interact correctly???

3. click on "delete temporary permissions" (icon "clock icon" on the rightmost) and reload the page. Now, the icons on the metager.de-site around the search field should not appear - just like in point 1. "standard" as noscript should block the icons. However, the icons around the search field are still displayed.
4. click on "MISSTRUST" in noscript. The icons on metager.de should not be displayed. However, they are definitely displayed.

Am I doing something wrong in noscript? Or is noscript doing something wrong?

Another question concerning noscript:
How can you get directly to noscript.net? In the old versions of TBB you just had to open "addons" and click on the link under "NoScript". This link is missing now. Or is there another way to get to noscript.net now?

Another problem:
https-everywhere:
When installing TBB, the https-everywhere-icon does not appear, you have to click on "customize" in the browser menu and drag and drop the https-everywhere-icon manually - just like in many versions of TBB before. For some versions this problem was solved, but now it reoccurs.

And finally, another point:
In the German version of TBB, on the introductory page, there are three different translations for the English "circuit". There is: 1. Circuit-Ansicht (which is no translation!). 2. In the explanatory text there is "Zeige deinen Pfad" - here "circuit" becomes "Pfad" (= "path") and users are told to "choose"( = "wählen", which should be "click on" = "klicken auf" - not "choose") "Neuer Pfad für diese Seite". 3. If you do so and click on the "Informations-Symbol" which is the padlock, you will not get "Neuer Pfad für diese Seite", but "Neuen Kanal für diese Seite". (By the way: this should be: "NeueR Pfad" (nominative) instead of "NeueN Pfad" (accusative) - but this is only a minor mistake.)

So you have three names for the English word "circuit": 1. circuit, 2. Pfad, 3. Kanal

On the right, at the bottom of the introduction. you will read "Pfad" again. If you click on that field, you will get to Duck Duck Go and you will read "Circuits" again, and:"Relays". In the old version of TBB you used "Relais" as translation for "relay". And if you click on the green padlock, "relay" is translated as "Verteiler".

First and foremost, this is not a question of translation, but a question of logical thinking. Even with not knowing German at all, you can easily realise that there must be something wrong with so many different tranlations for one thing. And the correct translations had been available from older versions of TBB.

This is not explanatory at all, on the contrary - it is confusing.

On the introductory page you have a link "FAQ", and there you will find a link "NoScript FAQ", which will open the FAQ for the old noscript version(s). There is no official documentation for noscript. All you can get is a link to a blog writer giving "basic" information about the new noscript. This is very basic indeed and not an official documentation.
Another link will redirect you to a page inteding to give an overview of the new noscript in a nutshell. A nutshell is not enough for understanding the new noscript - as you can see from the "226 Responses to “NoScript, "Quantum" vs "Legacy" in a nutshell”.

You have to provide a clear official guide to the new version of noscript.

Everything has become difficult enough. But do we really have to plough through a white text on a black background? Do you really want us to spoil our eyes?
Has everything to be put upside down now?

For me, all that is a complete mess. Sorry, but I really tried to give my very best to come to grips with all the novelties and tried to find information, read and understand. But now I'
ve come to the conclusion that any effort will always lead to the point that there is no clear information.

Please, do your homework and make things clear and understandable

October 07, 2018

Permalink

Hi, would someone mind to explain what EXACTLY the "Safest" option adds over the "Safer" one ?

In complete technical terms. What is blocked that wasn't previously, when you go from Safer to Safest ?

For example, at same NoScript configuration, Safest doesn't play videos on YouTube or PornHub, but Safer does. For this particular case, what is being blocked ? It doesn't seem to be Mediasource, from a quick look at about:config.

I would rather downgrade Safest a little through NoScript than upgrade Safer, if possible, because I want to be..safest, while watching a video.

For example, at same NoScript configuration, Safest doesn't play videos on YouTube or PornHub, but Safer does.

No guarantees at all.
As an example of taken over exit nodes. Several exit nodes from indonesia will prevent you from accessing certain sites anyway. If you are lucky you will be redirected to a page that is telling you why access is blocked, a legal notice page telling you that what you are doing is forbidden.
NoScript will not help you with this.

Beside this kind of governmental educating interferences, maybe you should consider other technical solutions for your certain needs, like using VPN.
Using VPN for your happy video consuming needs will be faster and will not be unnecessary heavy using Tor network that is essentially mend for serious exchange of information.

In other words, don't block people that need Tor network for their human existence in places where there is lack of sufficient human rights with happy over consuming video downloading, file sharing etc.
Be social and consider using VPN solutions for that.

At first I thought you were trying to reply but didn't understand the question. Then I got that you wanted to just bar video from Tor.

Hopefully someone else knows the difference between Safer and Safest: It appears that with identical NoScript configurations, videos only work on the former.

There are more differences obviously, and I'm looking for a full technical list of them.

(Disclaimer: I'm not trying to ignore or marginalize the bigger problem here, but I thought I could help at least a little.)
You can remove Indonesia from the list of nodes chosen for you by editing the "torrc" file with a text editor and adding the line "ExcludeNodes {ID}" at the end. It's absolutely not recommended by the Tor project to do so because it will make it very slightly easier to track users that way. Personally, I'm not too keen on using nodes in countries that might confiscate or add trackers to their Tor nodes at any time.

October 08, 2018

Permalink

Can not move torbrowser directory. When I move the torbrowser directory it stops working. Is this normal behavior?

October 17, 2018

In reply to gk

Permalink

Not a solution, but a workaround: Disabling and enabling torbutton and torlauncher again solves this issue for me after moving or renaming the Tor Browser directory. Also, other than your ticket implies, copying instead of moving works for me on Debian testing, at least as long as the directory of origin is not removed. After doing so, the torbutton and torlauncher problem turns up again for some reason..

And while I'm already here: Thank you very much for your work!

Not familiar with that site, but FWIW I often visit sites which show up as blank pages. In such cases I usually assume that the problem is that the site assumes every visitor's browser has Javascript enabled, but with the security slider set to "safest" (or even "safer"?) that's not true about Tor Browser.

Someone please correct me if that's not correct!

Same with Tor 7.5.6 set to safest - but the safer setting seems to work fine. I guess that's yidio's "This page requires JavaScript to work properly, because we want it to look fancy." message... You should consider writing them an email and ask them what the hell they were thinking.

Not familiar with that site, but FWIW I often see such messages, and generally assume that the problem is that some website operators (or more likely a third party CDN) simply block all traffic from the (known) list of Tor exit nodes.

A related possibility is that CDNs may run software which rather stupidly expects to track any browser as it the owner surfs from site to site, but TB resists that, so the software "fails bad" and we see a blank page. For example, the operators might intend to let visitors see a few pages or videos for free, but after that tries to ask them to register an account. But if your requests come through a Tor exit node, others have exhausted the software's patience before you came along. Possibly.

October 09, 2018

Permalink

I tried the "request a bridge from torproject.org" and received a group of bridges however I was not able to connect through any of the proxies. Does it work? below is the log which the ports of all the proxies I tried where not open.

Well, it's hard to say what the issue is as there are multiple pieces involved here. First, all of the bridges you got could be down. Second, they could be up and running but a censor could have blocked them.

Does the meek pluggable transport work for you?

October 13, 2018

In reply to gk

Permalink

No the meek azure does not work. I have tried at least 9 bridges and none worked. Only obfs3 and obfs4 work.

I think I found the problem. On my Mac when the new bridges did not work I closed Tor to reopen the app but it would not reopen. I noticed 2 running tor process (even though thelaunchpad show the process closed). I closed the 2 tor process and the bridges worked. There appears to be a problem with "tor browser" process when switching to the newly acquired bridges continuing to run..

October 10, 2018

Permalink

Getting a boat load of messages

"Bad Request

Your browser sent a request that this server could not understand."

from Startpage and DuckDuckGo when searching using normal keywords like "running shorts" using the searchbar.

Search process seems to be breaking for some reason.

This just happens part of the time, probably more than thirty percent though.

October 10, 2018

Permalink

Hi, it seems that 8.0.2 is signed with a newly created subkey, but I'm having a hard time finding it in key servers. Did you forget to upload the modified public key with the new subkey attached?

October 12, 2018

Permalink

Since updating to Tor v. 8.0.2, the "suggest" feature of the address bar no longer works. When I type characters into the address bar, no suggestions appear. In the options, I have "bookmarks" and "open tabs" checked as the sources for the suggestions. This feature worked right up until I updated the browser. If anyone knows how to fix this problem, please let me know. If not, I will assume that it is a bug and will hope that it is fixed soon, as browsing without it is slow and tedious.

Thanks for your reply. I finally fixed this problem, but not without a lot of struggling. I believe that my bookmark file got corrupted when the Tor update took place.To correct the problem, I closed the browser. Then, I renamed the bookmark file (places.sqlite). Afterwards, I attempted to create a new bookmark file by reopening the browser. After repeated attempts, I managed to import one of my backup bookmark files into the new bookmark file and now everything is working properly. I hope that this experience was just a fluke and that I will not have to repeat the above steps each time I update the Tor browser. I guess I'll find out whether this will be an ongoing problem when the next update becomes available.

October 12, 2018

Permalink

I use Windows 7 64.

So that I could verify the signatures for the latest package (8 0 2) I copied the information shown on https://decvnxytmk.oedi.net/docs/verifying-signatures.html.en and after installing GnuPG, I followed the instructions given. Since the present TOR package is specifically mentioned within those instructions I thought everything I saw would match exactly what appears in your instructions.

However, I got widely differing results.

You say:

“You should see:
pub rsa4096/0x4E2C6E8793298290 2014-12-15 [C] [expires: 2020-08-24]
Key fingerprint = EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
uid [ unknown] Tor Browser Developers (signing key)
sub rsa4096/0xD1483FA6C3C07136 2016-08-24 [S] [expires: 2018-08-24]
Key fingerprint = A430 0A6B C93C 0877 A445 1486 D148 3FA6 C3C0 7136
sub rsa4096/0xEB774491D9FF06E2 2018-05-26 [S] [expires: 2020-09-12]
Key fingerprint = 1107 75B5 D101 FB36 BC6C 911B EB77 4491 D9FF 06E2”

What I did see:

“pub rsa4096 2014-12-15 [C] [expires: 2020-08-24]
EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
uid [ unknown] Tor Browser Developers (signing key)
sub rsa4096 2018-05-26 [S] [expires: 2020-09-12]”

AND

“The output should say "Good signature":

gpg: assuming signed data in 'torbrowser-install-8.0.2_en-US.exe'
gpg: Signature made Wed 15 Nov 2017 05:52:38 PM CET
gpg: using RSA key 0xD1483FA6C3C07136
gpg: Good signature from "Tor Browser Developers (signing key) " [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
Subkey fingerprint: A430 0A6B C93C 0877 A445 1486 D148 3FA6 C3C0 7136
Currently valid subkey fingerprints are:
1107 75B5 D101 FB36 BC6C 911B EB77 4491 D9FF 06E2”

What the output DID say:

“gpg: assuming signed data in 'C:\Users\MYNAME\Desktop\torbrowser-install-win64-8.0.2_en-US.exe'
gpg: Signature made 10/03/18 00:24:04 GMT Daylight Time
gpg: using RSA key EB774491D9FF06E2
gpg: Good signature from "Tor Browser Developers (signing key) " [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
Subkey fingerprint: 1107 75B5 D101 FB36 BC6C 911B EB77 4491 D9FF 06E2”

I realise that you are all very busy but you can judge when a divergence in information matters and when it doesn’t. Most of us users cannot, therefore we are reliant on the information you give us being accurate and up-to-date.

Please reissue the instructions for verification.

Thank you.

The problem here is that the output depends on the particular GnuPG configuration on your system (among other things). We only have space to give output for one possible configuration but not for all of them. That said, the output you got seems fine.

October 16, 2018

In reply to gk

Permalink

I've been having trouble finding a version of the signing key sufficiently recent to include the subkey used to sign the current Tor Browser bundle.

Why the duckduckgo people thought any particular Tor exit node was "doing something wrong", I can only speculate, but did you try following their advice by pressing "New Circuit" or "New Identity" (i.e. "restart your Tor browser")?

I've seen a similar message a few times, and choosing a new identity seemed to fix the problem.

October 14, 2018

Permalink

Hi,

is it possible to download an installer for the last 7.x version of the tor browser? I know that i should always use the newest version but i would like to compare some behavior i have remarked to an older version.

October 16, 2018

Permalink

Tor 8.0.2
Windows 7 Ultimate

I installed updates to NoScript and HTTPS Everywhere manually.

NoScript overwrote the old version but HTTPS Everywhere did not.

I now have two versions of HTTPS Everywhere installed.

Version HTTPS Everywhere 2018.8.22 (the one that came with Tor 8.0.2) and HTTPS Everywhere 2018.9.18
Why did it not overwrite the older version?.

If you updated from Tor 8.0.1 to Tor 8.0.2 I have no idea.
If you updated from Tor 7.x to Tor 8.0.2 my [b]guess[/b] would be that it's because of the leap in Firefox versions/editions ("Mozilla Firefox - The next version is always the worst...").

As for fixing this, you should backup/export your settings for HTTPS Everywhere (the one that has your actual settings and preferences) remove both versions, install a fresh version of HTTPS Everywhere and import your settings.
I hope this helps.

It was a fresh install of Tor 8.0.2 not an update.
The behaviour seemed odd as I expected it to just overwrite the older version of HTTPS Everywhere.
I just uninstalled both versions of HTTPS Everywhere in the end then I manually installed HTTPS Everywhere 2018.9.19 again.
I had no saved settings so that didn't matter.

October 17, 2018

Permalink

I thought that Tor Browser is to protect and not destroy? I installed Tor Browser from a different website which encrypted all my files. The ICFKB-DECRYPT note gave the Tor Project address: https://decvnxytmk.oedi.net/. I downloaded and installed Tor 8.0.2. I started the Tor Browser which launched but could not take me to the configured Congratulation page. Thus, I cannot use the link: http://gandcrabmfe6mnef.onion/625478cda2b77312 that is supposed to give me instructions to decrypt my files. I use HP mini which is not compatible with higher versions of Tor Browser. Please assist me. Please decrypt my files in line with your objective of ensuring privacy and protecting us

October 18, 2018

Permalink

Hello torproject,
Iain Learmonth form torproject wrotes
https://lists.torproject.org/pipermail/tor-talk/2018-October/044572.html
"Can you provide some examples of things you can do with torstatus that
you can't do with Tor Metrics' tools?
Perhaps they are easy to implement."

Eehmm, are you serious?
There is NO service on .torproject.org you can
compare with torstatus e.g. torproject.blutmagie.de.
Especially the birds-eye view.

It would be really bad to loose this.

October 19, 2018

Permalink

Tor Browser seems to have lost the ability to send a username and password to a socks5 proxy. I get lots of this in tor log file:

[WARN] Could not create SOCKS args string.

(If I connect to a socks5 server that doesn't require a username and password, it does work.)

October 19, 2018

Permalink

noscripts has no option "Forbid Scripts Globally". How to disable scripts globally in Tor Browser 8.0.2?

October 19, 2018

Permalink

The website tunnelblick.net produces a message "connection not secure" and connectivity is not possible. Tunnelblick say there site should be accessible via Tor

October 21, 2018

Permalink

When I start the Tor browser, the default settings allows all. That is the case since I installed it. On the option page, when I click on reset, I am alerted that it will revert to the default values. After clicking ok, only "frame", "fetch" and "other" are enabled.
After restart, all is enabled again, which is consistant with the noscript bug in the known issues above.
But the default setting after installation and the default values after reset should be the same, and they are not.
Adding up these faults with the new noscript skin and the less options, I feel that the Tor browser is now less safe than before. And it should install with the safer options and not with the unsafest.

See: https://jqlsbiwihs.oedi.net/en-US/#tor-browser-js-enabled-default for why e.g. JavaScript is enabled by default.

I guess, those values should indeed be default but then, on the other hand, you should not need to mess with NoScript's settings either. :) We'll solve the latter at least by redesigning our security controls and removing the NoScript toolbar button from the toolbar in https://trac.torproject.org/projects/tor/ticket/25658.

October 22, 2018

In reply to gk

Permalink

Thanks for the reply.
But why are the default values different? If the default is "all enabled", then the reset to the default values should enable all as well. But it doesn´t.
That is confusing, and since it reverts to all enabled after restart, misleading as well.

That's because you are resetting to NoScripts default *as NoScript designs that* by clicking on the NoScript options. Tor Browser has a different understanding of default settings.

October 22, 2018

In reply to gk

Permalink

MAY it's ok for
"NoScript + https everywhere icons are going to be removed"
as default, but full removing NoScript + https everywhere Gui for all, with all it's
features?
Would be a very very ....strange move. Incomprehensible?
It's not usefull to remove all helpfull feature cause few people say they need a browser best with 1 button for all, chrome or so.
To understate, like going to Mc Donalds because all other food tastes to much ... .

October 22, 2018

Permalink

When retrieving new bridges are ports 12445, 38339, and 9443 the only ports? Those are the only ports I see.

October 24, 2018

Permalink

Many times I used to connect to the TOR network and the circuit display would show "outdated software" on a node - this circuit display has been deleted! It looks like TOR is dumbing-down the software? That is *bad*

November 04, 2018

Permalink

Hello,
With vpn cyberghost and Tor Browser, its not possible to send mail with guerillamail.com.
Google capcha secure is out of good validation.
A solution ??
Thank's