New Release: Tor Browser 8.5a5
Tor Browser 8.5a5 is now available from the Tor Browser Project page and also from our distribution directory.
Starting with this alpha release, we are releasing both the Android and desktop versions on the same day, with similar versioning schemes.
On the desktop side, we included a new Tor alpha version (0.3.5.5-alpha) to help with stabilizing the networking code. Furthermore, we managed to fix two longstanding first party isolation bugs: Both PDF range requests and saving links, images or similar resources using the context menu are now properly isolated to the URL bar domain.
On the Android side, we reached another milestone in our efforts to bring Tor Browser for Android into stable shape. From now on it is not necessary anymore to download Orbot in order to use Tor Browser. We implemented a similar solution to our desktop Tor Browser flavors by shipping and using Orbot in Tor Browser directly. We plan to refine our approach for an even smoother user exprience in the future, so stay tuned. Please note, this release is only supported on armv7 devices (most Android phones and tablets), but x86 devices are not supported (such as Chromebooks).
Additionally, we included the mobile build into our official Tor Browser build infrastructure. The build artifacts are not reproducible yet (although we are pretty close reaching that goal). But fixing that is one of the top priorities for our next big milestone for the Android app.
The full changelog since Tor Browser 8.5a4 is:
- All Platforms
- Update Torbutton to 2.1.2
- Bug 25013: Integrate Torbutton into tor-browser for Android
- Bug 27111: Update about:tor desktop version to work on mobile
- Bug 28093: Update donation banner style to make it fit in small screens
- Bug 28543: about:tor has scroll bar between widths 900px and 1000px
- Bug 28039: Enable dump() if log method is 0
- Bug 27701: Don't show App Blocker dialog on Android
- Bug 28187: Change tor circuit icon to torbutton.svg
- Bug 28515: Use en-US for english Torbutton strings
- Translations update
- Update Tor Launcher to 0.2.18
- Bug 28039: Enable dump() if log method is 0
- Translations update
- Update HTTPS Everywhere to 2018.10.31
- Update NoScript to 10.2.0
- Bug 22343: Make 'Save Page As' obey first-party isolation
- Bug 26540: Enabling pdfjs disableRange option prevents pdfs from loading
- Update Torbutton to 2.1.2
- Windows
- OS X
- Linux
- Update Tor to 0.3.5.5-alpha
- Bug 28310: Don't build obfs4 with module versioning support
- Bug 27827: Update Go to 1.11.1
- Bug 27827: Build snowflake reproducibly
- Bug 28258: Don't look for webrtc headers under talk/
- Bug 28185: Add smallerRichard to Tor Browser
- Bug 28657: Remove broken FTE bridge from Tor Browser
- Android
- Bug 28051: Fix up Orbot for inclusion into Tor Browser
- Bug 26690+25765: Port padlock states for .onion services to mobile
- Bug 28507: Delete private data in the browser startup
- Bug 27111+25013: Configure Tor Browser for mobile to load about:tor
- Bug 27256: Enable TouchEvents on Android
- Bug 28640: Use system add-on and distributed preferences
- Build System
- Bug 27977: Build Orbot inside tor-browser-build
- Bug 27443: Update Firefox RBM config and build for Android
- Bug 27439: Add android target for rust compiler
- Bug 28469: Fix unsupported libbacktrace in Rust 1.26
- Bug 28468: Modify Android toolchain to support Orbot
- Bug 28483: Modify Android Toolchain API Version
- Bug 28472: Add Android Makefile Rules
- Bug 28470: Add fetch gradle dependency script to common project
- Bug 28144: Update projects/tor-browser for Android
Comments
Please note that the comment area below has been archived.
At startup after update: 02…
At startup after update:
02:41:23.944 NS_ERROR_NOT_AVAILABLE: Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIWebNavigation.loadURIWithOptions] 1 browser-child.js:359
> Bug 27111: Update about…
> Bug 27111: Update about:tor desktop version to work on mobile
So that it doesn't work on desktop, hah. (links & search bar focus)
Oh, it happens only after…
Oh, it happens only after going through the onboarding tour when the globe becomes grey.
It doesn't look like what…
It doesn't look like what you expected to see:
[12-04 02:57:23] Torbutton INFO: tor SOCKS: https://www.amnestyusa.org/pdfs/sscistudy1.pdf via
torproject.org:81b72ce8f47cb929d0cbe86003b2ed96
[12-04 02:57:24] Torbutton INFO: New tab
[12-04 02:57:24] Torbutton INFO: tor SOCKS: https://www.amnestyusa.org/pdfs/sscistudy1.pdf via
amnestyusa.org:403b89615d679d59173aa0df13896ae0
hrm... [12-04 03:07:38]…
hrm...
[12-04 03:07:38] Torbutton INFO: tor SOCKS: ftp://ftp.adobe.com/pub/adobe/reader/win/11.x/11.0.20/misc/AdbeRdrUpd11… via
torproject.org:81b72ce8f47cb929d0cbe86003b2ed96
[12-04 03:07:38] Torbutton INFO: controlPort >> 650 STREAM 63 NEW 0 ftp.adobe.com:21 SOURCE_ADDR=127.0.0.1:56522 PURPOSE=USER
images: [12-04 03:09:27]…
images:
[12-04 03:09:27] Torbutton INFO: tor SOCKS: https://www.w3schools.com/html/img_logo.gif via
torproject.org:81b72ce8f47cb929d0cbe86003b2ed96
[12-04 03:09:27] Torbutton INFO: controlPort >> 650 STREAM 67 NEW 0 www.w3schools.com:443 SOURCE_ADDR=127.0.0.1:56527 PURPOSE=USER
Thanks! I've filed https:/…
Thanks! I've filed https://trac.torproject.org/projects/tor/ticket/28719 for those issues. There is quite some chance that Torbutton's logging is showing you a message which is not corresponding to any request but we'll have a look trying to figure out what is actually going on.
NoScript doesn't realize it…
NoScript doesn't realize it's blocking video on Safer:
https://developer.mozilla.org/samples/video/chroma-key/index.xhtml
That's indeed a (pretty old)…
That's indeed a (pretty old) NoScript regression, thanks for reporting. I opened: https://trac.torproject.org/projects/tor/ticket/28720 on our side.
NoScript is still blocking…
NoScript is still blocking some scripts on any security level, but nobody cares :(
Which scripts? Do you have…
Which scripts? Do you have steps to reproduce that?
Comments pagination is…
Comments pagination is broken on
https://rutube.ru/video/57f17a241652a720d6a736942f623df1/
What do you mean by "broken"…
What do you mean by "broken"? Looks okay to me.
It was a HTTPS-Everywhere…
It was a HTTPS-Everywhere bug. Now fixed.
The person initiating the…
The person initiating the comment maybe could watch what the browser logs in Web Console? (in Tools menu, Web Developer)
The scripts are on sites…
The scripts are on sites which can't be disclosed. But there are some links on NoScript's forum. Of course, this is reproducible.
save link as... irc:irc…
save link as... irc:irc.mozilla.org :
03:25:36.089 : Component returned failure code: 0x805e0006 [nsIChannel.asyncOpen2] 1 nsContextMenu.js:1204
saveHelper chrome://browser/content/nsContextMenu.js:1204:5
saveLink chrome://browser/content/nsContextMenu.js:1214:5
oncommand chrome://browser/content/browser.xul:1:1
FIX IT ASAP! CAUSE WE HAVE…
FIX IT ASAP! CAUSE WE HAVE NO ACCESS!
[12-04 04:05:44] Torbutton INFO: controlPort >> 650 STREAM 43 FAILED 7 vbdvexcmqi.oedi.net:443 REASON=END REMOTE_REASON=CONNECTREFUSED
Can you give more details…
Can you give more details about the issue? What are you doing when you get this message?
Your blog is unavailable,…
Your blog is unavailable, and the only way to solve the problem is to restart the browser.
See https://trac.torproject…
See https://trac.torproject.org/projects/tor/ticket/7870
Some stupid trash remains in…
Some stupid trash remains in GPU process and uses ~20% of CPU for a long time after all tabs are closed on Windows 7.
I would run EventVwr.msc…
I would run EventVwr.msc
Look for "suspicious" events by comparing them at times (clock time):
1. when tbb startup,
2. when you close the last tbb tab,
3. and when the "trash" process "dies".
OR (also?)
1. open Task Manager window, Processes tab, before shutting down tbb.
2. when you shutdown tbb, look for werfault to appear in the processes list.
WerFault was the sign of a broken shutdown problem that existed throughout tbb ver 7.x
> WerFault was the sign of a…
> WerFault was the sign of a broken shutdown problem that existed throughout tbb ver 7.x
It is still a problem, maybe, because of absent NSS patches, maybe not.
> Update Tor to 0.3.5.5…
> Update Tor to 0.3.5.5-alpha
What's the reason of not doing it for Android alpha?
The build of tor itself is…
The build of tor itself is not yet integrated in our build process. But we are currently working on it:
https://trac.torproject.org/projects/tor/ticket/28704
Tornetwork Network is…
Tornetwork
Network is browser related so I am posting a warning question overhere.
Is it really really a very big coincidence today that no matter what kind of webmail service url I choose (after completely renewing te circuits) I over and over and over end up with same country entry node and exitnode, all three nodes from same country and finally endup with variations with two same country nodes + one nabor country node.
Is it possible that on certain very important url's countries and their surveillance services are rederecting traffic in a way that they are able to analyse traffic leading to personal identification?
I tested a whole bunch and I already had a slight suspicion that this behaviour is going on for a while with other kind of technical or privacy related websites and some big countries in Europe.
More and more countries are taking over the local internet by monitoring traffic country wide or even continent wide by well known eyes-cooperations.
Why do you still accept connections like, 3 on a row in the same country, same country entry exit node, or another annoying one : no giving option to refuse an entry connection to certain countries.
The last one is also a big threat because it is a reason, could be a reason for trouble when traveling to that country : 'alarmbells' ringing, torbrowser user in the hall coming to the gates.
Torproject delivers grat product but maybe some thing should change because the world is changing, also called globalism!
Maybe a kind of a system should be thinkable that connections always travel between three continents and or have a minimum avoidance of moere than one hop per country+nabor country.
Metadata network traffic analysis can be a threat to anonymous communications, for instance with anonymous communication to projects like Torproject.
> Is it really really a very…
> Is it really really a very big coincidence today that no matter what kind of webmail service url I choose (after completely renewing te circuits) I over and over and over end up with same country entry node and exitnode
Is your computer and the webmail server you are trying to reach both in country A? If so, your circuits will probably look like A-X-A because Tor tries to find an entry Node "near" (in Internet geometry terms) your computer and an exit node "near" (in Internet geometry terms) your destination server. If A is in the EU, X might often also be in the EU simply because so many Tor nodes are in either the US or the EU. That could perhaps explain some of what you report seeing.
Tor also tries to avoid choosing two nodes of the three from the same domain or from the same known family, I believe, but I am not familiar with the details.
> Maybe a kind of a system…
> Maybe a kind of a system should be thinkable that connections always travel between three continents and or have a minimum avoidance of moere than one hop per country+nabor country.
Over the years such suggestions have often been made (sometimes by me!), but it turns out that such schemes would probably make it *easier*, not harder, for intelligence agencies (especially NSA) to spy on our browsing.
What's needed is the greatest possible diversity of Tor nodes, in terms of legal jurisdictions, geolocations, company ownerships, political allegiances of voting stockholders, etc., etc., which needless to say is hard to measure much less achieve.
But don't forget: NSA has problems of its own (drowning in information, existing variety of software and hardware leading to "fragility" of their latest and bestest spy schemes, etc.), so in the end We the People just might win the War on US.
To provide higher anonymity…
To provide higher anonymity guarantees than other services (VPNs in particular) Tor routes traffic through server operated by independent organizations and individuals. This makes it harder to deanonymize traffic because an adversary needs to operate in several jurisdictions and has to deal with many operators. Getting a warrant or convincing a single operator to hand over all data simply doesn't work. However, running Tor nodes is only popular in a handful of countries. Check out the by-country bubble map and you'll notice that the majority of server is located in just a handful of countries. Likely, they countries you see most in the circuit display.
The goal is certainly to have relays all around the world. If anyone known how to get people to run relays in other countries, please let me and the Tor team know.
i like the freedom of tor…
i like the freedom of tor browser
gk you have led the Tor…
gk you have led the Tor Browser team so perfectly across all these years without showing any shred of tiredness, May God bless you!
(Signed: a Tor user who can't visit a single website without the Tor Browser lest the privacy be slaughtered)
Thanks for your kind words…
Thanks for your kind words. There is a great team behind this work, so let me extend your thanks to all of us.
Please thank everyone for me…
Please thank everyone for me too! All your (plural) work is much appreciated!
has the issue of inability…
has the issue of inability of copy pasting in android been fixed?
Try it out. :) Yes, this…
Try it out. :) Yes, this should have been resolved.
Thanks for sharing all of…
Thanks for sharing all of this information.
No sound in YouTube with…
No sound in YouTube with this update. I uninstalled the entire browser - the update auto-installed even though I had the 'update' option disabled. I didn't appreciate it.
Also, I recommend that if the 'auto-install' is now to be a default, and the option to choose when to update is now no longer active, that a reverse-update option be available to users.
Why not give users a chance to decide for themselves when to update? It sounds like you are forcing us to update without any choice in the matter.
I was forced to delete the entire version since there was no way to reverse the auto installed update. Again, YouTube, and other sites will not work with the update - there is video but there is absolutely no sound. B'H
We do not force updates on…
We do not force updates on anyone in the sense that you can't disable updates. However, you must disable the updating *before* the update process starts to see any affect. And the update check and download happens *before* you see any window, early on browser start-up.
That said looking over the changelog for Tor Browser 8.5a5 I don't see a fix that should impact your audio. On which platform are you on? A clean Tor Browser 8.5a4 works for you but a clean Tor Browser 8.5a5 does not? (see: https://archive.torproject.org/tor-package-archive/torbrowser for older bundles to test)
Latest Tor browser (Alpha)…
Latest Tor browser (Alpha) crashes on Android when downloading any file. I don't know if it is just me (Android 7.1.1). I've tried manually granting the storage permission from settings but no change.
I don't think this is just…
I don't think this is just you. We have https://trac.torproject.org/projects/tor/ticket/28705 for that and will fix it in the 8.5a7 release (the time to 8.5a6 was too short to investigate, test and deploy a fix, alas).
Avira delete tor.exe coz it…
Avira delete tor.exe coz it is a virus!
I think your Avira is…
I think your Avira is mistakenly flagging tor.exe as a virus. This is very likey a false positive.
Cyren JS/Heuristic-JEX…
Cyren JS/Heuristic-JEX!Eldorado
Basic Properties
MD5 066e29116baad0042fa21c20b32db6af
SHA-1 263900dee6ee2896c7df8a4f13ad3ae52254f796
Authentihash 69742cb82c7f9804de0653eaea09d411429143242b5d3634dccb85937b7f0b9d
Imphash f27c44789c5773d07955d684f2ea3830
File Type Win32 EXE
Magic PE32+ executable for MS Windows (GUI)
SSDeep 1572864:3TE6b9Ki7PCvHM2OPdQmDnuYe6oVRZHfvT3E:3XAuQodjDnuY9oVRZ3jE
TRiD Win64 Executable (generic) (82%)
OS/2 Executable (generic) (6%)
Generic Win/DOS Executable (5.9%)
DOS Executable Generic (5.9%)
File Size 53.99 MB
I am very new to Tor Browser…
I am very new to Tor Browser (the last couple of days) and so apologise if the questions I ask have already been addressed previously
1. it appears to me that the use of Google is rendered impossible because by loggin in from different locations (to protect privacy and avoid tracking - all worth while outcomes). Google notes the activity as different and puts the user through the horribly frustrating Photo ticking exercise...CAPTCHA is there a way around this annoying software?.....Am I correct?
2. As some one wanting to watch a video posted on cricket in Australia, the web sites blocks me because .....they dont allow acess to computers outside Australia....Can I somehow use a default at least temporarily that is based in Australia and specificy this?
Regards
Tony (very new Tor client)
> (very new Tor client) Or…
> (very new Tor client)
Or rather, Tor user ("client" and "server" are technical terms).
The two problems you mention are well known and have proven hard to solve.
Generally, trying to log into a social media account you created while not using Tor is problematic because it looks to the provider of the social media service like some crook is trying to impersonate you in order to steal information or money.
More and more countries are trying to block connections from outside their boundaries, whether because they don't want "non-Australians" (if your Tor circuit happens to end with an exit circuit in Germany, the sports video company is likely to assume you are a German) using their "national TV", or because they don't want any news coming into their country from the big bad outside world.
A third problem is that many websites block all Tor exit nodes, just because they don't want to wrestle with any challenging technical issues, such as allowing innocuous Tor traffic while blocking DDOS attacks.
Some Tor users report that hitting "new circuit for this site" a few times sometimes resolves some of these problems. If not you might want to consider replacing using Google with some more Tor-friendly social media company.
Hope this helps.
Can not download files or…
Can not download files or images on Android. I hope you can fix that in the next versions.
What is happening in your…
What is happening in your case? How can we reproduce that? And which Android version are you on?
No way to block javascript…
No way to block javascript for non-advance user
Provided NoScript is configured in a way, that almost guarantees any script to be run at least once before user can block it. This allows "calling home" attacks, that probably are the only easy way to compromise TOR.
So, as there is no way to block scripts for non-advanced users (advanced can go into NoScript settings and understood settings), and only top-level available options are various releasing event those poor restrictions that may be active, Tor Browser should not be used with TOR network (but otherwise it is very good browser).
Expected solution - add button "block javascript" to make browsing at least theoretically safe.
Well, we have the security…
Well, we have the security slider (check out the onboarding tutorial) which blocks JavaScript on the highest level. That is the recommended way of blocking JavaScript if you think you need that.
On Android, if you select a…
On Android, if you select a download link, Android will ask for permission to save, when you hit allow, app crashes. If you try to open app back up, it will tell you over and over that the app suddenly closed. Only way to fix this is to uninstall then reinstall or clear all data on Android. I can verify cut and paste works fine for me. I have Android version 7.0
We have https://trac…
We have https://trac.torproject.org/projects/tor/ticket/28705 for that and will fix it in the 8.5a7 release (the time to 8.5a6 was too short to investigate, test and deploy a fix, alas).
Tor blog's pagination is…
Tor blog's pagination is busted again :(
Is Android version affected…
Is Android version affected?
https://bugzilla.mozilla.org/show_bug.cgi?id=1482055
MUSTREAD!!!https://www…
MUSTREAD!!!
https://www.zeldman.com/2018/12/07/browser-diversity-starts-with-us/
Bug 26690+25765: Port…
*services
Thanks, fixed.
Thanks, fixed.
03:04:13.436 TypeError:…
03:04:13.436 TypeError: event.originalTarget.getAttribute is not a function 1 tabbrowser.xml:1299:30
onxbldragover chrome://browser/content/tabbrowser.xml:1299:30
NoScript is still buggy: 06…
NoScript is still buggy:
06:35:12.485 TypeError: ev.target.closest is not a function 1 PlaceHolder.js:76:29
can someone help me out, im…
can someone help me out, im new to this part and have no clue which file to download for windows. they give you the option of choosing windows (8.0.3) 32/64-bit (sig) or 64-bit (sig) and then the next option is the windows (8.5a5) so how do i know which one to download? id appreciate some help asap
Comments counter on your…
Comments counter on your blog seems to count and display not only the number of visible comments, but also of some not-yet-approved comments/spam. This has a drawback in case when we see this thread has 60 comments and then 58 comments later that looks like you're censoring/deleting comments.
Does this version work with…
Does this version work with OS X Mojave? If not, when will that happen?
Thanks!
As far as we know, yes, it…
As far as we know, yes, it works with Mojave. If you encounter issues, please report them on our bug tracker (https://bugs.torproject.org). Thanks!
This is my first time on Tor…
This is my first time on Tor...
Hi, I want to change my IP…
Hi,
I want to change my IP to Iran IP, please help me to find out how to do that.
Cheers
hallo.I need some help from…
hallo.I need some help from pro. about dl.free.fr