New Release: Tor Browser 9.0.2
Tor Browser 9.0.2 is now available from the Tor Browser download page and also from our distribution directory.
This release features important security updates to Firefox.
This new stable release is picks up security fixes for Firefox 68.3.0esr and updates our external extensions (NoScript and HTTPS Everywhere) to their latest versions.
Apart from backports for patches that already landed in alpha releases and fixing an error in our circuit display and improving our letterboxing support, Tor Browser 9.0.2 provides properly localized Android bundles again as well.
Reproducible Builds
The issue with reproducible builds mentioned in the 9.0.1 blog post is still present in this release. We however made progress on understanding the issue and are getting closer to a fix.
ChangeLog
The full changelog since Tor Browser 9.0.1 is:
Comments
Please note that the comment area below has been archived.
I don't see this post listed…
I don't see this post listed on the main Tor Blog page:
https://vbdvexcmqi.oedi.net
I took a guess that the post might exist when I saw an update was available, then entered the URL of the previous update and made it end in a 2 instead of a 1.
I see the post listed under these tags:
https://vbdvexcmqi.oedi.net/category/tags/tbb
https://vbdvexcmqi.oedi.net/aggregation-feed-types/tbb-90
But not under this tag:
https://vbdvexcmqi.oedi.net/category/tags/tor-browser
In any case, thank you for the update!
There is some caching on the…
There is some caching on the blog, so it can take a few minutes before new posts appear on the main page.
Up and running smooth on W10…
Up and running smooth here on W10 thank you all very much.
Pictures not loading on…
Pictures not loading on websites.
This is this ticket:https:/…
This is this ticket:
https://trac.torproject.org/projects/tor/ticket/32238
Was this released on the 2nd…
Was the update released on the 2nd or the 3rd? This blog post lists the 2nd, but Mozilla lists the 3rd for 68.3esr release.
Was the update released on…
Was the update released on the 2nd or the 3rd? This blog post is from the 2nd, but Mozilla's site lists the 3rd.
This blog post was written…
This blog post was written on the 2nd but published on the 3rd. I have now fixed the date of the blog post.
Ty. Apologies for the double…
Ty. Apologies for the double post. After hitting submit, the blog post's page kept refreshing repeatedly and automatically without showing the comment. Even with a new identity, the comment didn't show up. I assumed it was bugged.
WARNING: When using the…
WARNING
When using the Backports torbrowser-laucher package at Debian GNU/Linux 10, make sure you backup your user Library bookmarks list first, as they'll be erased during the automatic Tor Browser update process. To make and restore the bookmarks backup, follow these steps:
Settings >> Library >> Bookmarks >> Show All Bookmarks (below the menu)
>> Import and Backup >> Backup...
The usual default setting of the Tor Browser $USER directory, when using Debian torbrowser-laucher, is:
~/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US
BEWARE
Because of the fact that the contents of the ../tor-browser-en-US/ directory will be cleared (the exact name depends on your particular language localisation, of course), you should place the bookmarks .JSON backup file at another elsewhere, otherwise you'll lose it.
lost all bookmarks and cant…
lost all bookmarks and cant even save a bookmark now think i will change browser now not happy
excellent, as always !
excellent, as always !
Usually the update is…
Usually the update is downloaded automatically in the background and then it prompts me to restart. But this time (9.0.1) I got a dialog with a "download update" button which just took me to the download page. Is something wrong with the updater?
OP here. Nevermind. I just…
OP here. Nevermind. I just ignored the update last night and left the browser open, and this morning it gave me the "Restart to update TB" prompt. So I guess it just took a while.
> But this time (9.0.1) I…
> But this time (9.0.1) I got a dialog with a "download update" button which just took me to the download page.
Open
about:config
and typeapp.update
. In a new tab, search the web for the meanings of those names. Notably, *.badge, *.doorhanger, *.notifyDuringDownload.uncaught exception:…
uncaught exception: 2147746065 SessionStore.jsm:1325:22
Error: listener not re-registered 8 ExtensionCommon.jsm:2318:24
Hello, usually I download…
Hello, usually I download the updates smoothly. In this 9.0.2 update, the screen stated "Something went wrong! Tor does not work...", etc., etc.,. So, instead of panicking, I went ahead and tried to access the current page. As with most of this evening's surfing, everything stalled and the constant tick-tock at the top of the page wouldn't load. Fed up, I took Tor off screen. I reloaded, and now I am here. So, does this mean I have a safe, okay Tor or do I need to download a new one? Please advise. Thank you.
ADDENDUM: I should have…
ADDENDUM: I should have said, I got the red page! Thank you and I will look for your response.
> etc., etc.,. Did what you…
> etc., etc.,.
Did what you left out give any specific technical information or numbers that could narrow down the issue? Which "current page"? What "tick-tock"? Do you mean the circular "loading" animation on tabs? The browser does not display a clock. I don't know if your system is "safe", but if there is no longer an issue with tor browser, that's good. If you want to download a new one, download it, export your bookmarks if you have any, delete the tor-browser folder, install the new one, and finally import your bookmarks.
https://jqlsbiwihs.oedi.net/tbb/how-to-verify-signature/
What did I "left out"? I…
What did I "left out"? I name the left/right tick-tock as it does that like a grandfather clock when page does not finish loading. If it was a clock, I would have identified it as one. In order of your suggestions, how does one download it without it automatically installing?
If you restarted Tor Browser…
If you restarted Tor Browser and it connected to the Tor network (like it did before the update), and you are able to load webpages, then it seems Tor Browser is working correctly. One common cause of errors like this come from the hard drive becoming full during upgrade. Tor Browser (and Firefox) do not handle this situation well.
To sysrq_ (letter _ is…
To sysrq_ (letter _ is fried in my computer)..... Thank you so much for your assurance! I appreciate it.
Me too, same error message…
Me too, same error message and red screen. Watching.
When I quit Tor there is a…
When I quit Tor there is a red box that says,"Tor browser quit unusually and Windows Runtime had errors in shutting down" and had some other jibberish below it. Should I be worried about this? I am in Korea and everybody tries to spy on you here.
Did this happen one time, or…
Did this happen one time, or does it happen every time you close Tor Browser? Also, what version of Windows are you using?
Where is the…
Where is the NoAutomaticUpdates option?
The impudence that Firefox is phoning home to aus1.torproject.org without
the easy option to switch off is .....think about.
And when you have found the hidden option(DisableAppUpdate.Prevent the browser from updating.) for in about:policies, playing games with users,
Enterprise Policies(what?Only for Enterprices), and the place for this ...funny thing,
mozilla write this:
view-source:jar:file:///X:/xxxxxxxx/omni.ja!/components/EnterprisePolicies.js
// Check if we are in automation *before* we use the synchronous
// nsIFile.exists() function or allow the config file to be overriden
// An alternate policy path can also be used in Nightly builds (for
// testing purposes), but the Background Update Agent will be unable to
// detect the alternate policy file so the DisableAppUpdate policy may not
// work as expected.
Unintentional phoning home or they call it telemetry is an unfriendly act.Point.
You're boring with your …
You're boring with your "phoning home" crap. Learn about automatic updates thing.
To be forced for, everytime…
To be forced for, everytime i open TB or other browser action, that is crap and nothing else.
Especially there is no need for to hide this -no automatic updates.
The boring thing was the flood of "my so old Torbrowser version need no update ever" troll campaign to bore the developers and nudge them to hide this option.
Generally, it's intuitively…
Generally, it's intuitively correct that people don't like phoning-home and auto-update checking, esp. forced updates, feeling it may have privacy issues (and at least it's psychologically invasive).
However, Tor Browser is somewhat exceptional. If you use Tor Browrse, you'll have to trust the whole Tor System (though you don't need to trust every single nodes). Hypothetically speaking, if its auto-update checking has privacy issues, its normal initial connection COULD have much bigger privacy problems, as it could record everything you do online (and possibly tells that to the government or something). In other words, the whole Tor system COULD be a honey pot. Hypothetically speaking, of course.
In reality, if one uses Tor, one has to trust torproject.org; if one thinks auto update-checking is suspicious, one can't (shouldn't) use Tor Browser in the first place. So you're right - it is reasonable to accept automatic update-checking in this case. On the other hand, it's obviously a bad idea to blindly believe every automatic update (in general, not about Tor Browser) is okay and privacy-aware.
I will add that you don't…
I will add that you don't have to trust blindly what we publish. The full source code of everything included in Tor Browser is available (this page has information about where to find it: https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking), and we do reproducible builds (see https://reproducible-builds.org/) which gives a verifiable path from source to binary code.
"you'll have to trust the…
"you'll have to trust the whole" "Hypothetically speaking," "In reality,[...], one has to trust"
Trust in? What? Why?
"if one thinks auto update-checking is suspicious, one can't (shouldn't) use Tor Browser" "obviously a bad idea to blindly believe"
O boy, more you/i show that full forced automatic updates, telemetry, isn't a good, popular idea, the comments against freedom of choice go more to a matter of faith and devotion.
If i want to believe in, e.g. may tot he church of Intel CPU security or pray to the telemetry of Microsoft?
Beside open source, the user can choose, can config what the software do and don't is base of trust.
Ask your information scientist next campus about software, security and believe *LOL*
How do I get rid of the…
How do I get rid of the donation banner? Hate it. Don't want to see a G-string when I open my browser.
Do you mean the page about…
Do you mean the page
about:tor
that displays a search bar in the middle? You can removeabout:tor
in 3-bar (≡) menu --> Preferences --> Home side menu.Malwarebytes Pro keeps…
Malwarebytes Pro keeps deleting ransomware when Tor opens
NODEFAMILY appears to be…
NODEFAMILY appears to be broken in this latest build
Can you describe what you…
Can you describe what you are doing and why you think it is broken? Thanks
Of course. NODEFAMILY now…
Of course. NODEFAMILY now seems to break TorBrowser when a country code matches the country of an entry guard or bridge.
Not trying to do anything in particular except for testing random command line options and client options to report on possible bugs. Not even sure if this qualifies as a bug, if it is expected behavior or not.
you cannot perform further …
you cannot perform further updates on this system
why this message
my system is 32 bit
Which operating system do…
Which operating system do you have?
I've noticed a big change…
I've noticed a big change recently, not with this TOR release, but in say, the last month, that the stupid Google captchas are failing out almost 50% of the time with the stupid, "received too many automated queries" message. This has gotten to the point now that I have to make 10 connections to find an IP on which the captcha will work. I've used TOR for years, and previously, this error was rare. Let's say perhaps 10% or less of the time.
First of all, why are so many websites using Google garbage. Google hates TOR. when you try to use Google with TOR you hit a captcha (not the familiar captcha I just mentioned, but another one), and sometimes it's an endless loop, where you solve it correctly and are bought right back to the same page. UploadBank seems to have a good non-Google captcha. Why isn't that being embraced? And why the Hell would a captcha system report an error for "too many automated queries" in the first place - it's designed to check whether you're human so it should be immune to noise packets.
Is this change something Google has done to make TOR users suffer, or is someone else to blame. Perhaps a State actor like China, attacking the captcha system to shut down or de-anonymize TOR users?
windows 7 32bit
windows 7 32bit
Android 4.2.1 appears to be…
Android 4.2.1 appears to be unsupported in the last 2 releases. Worked flawlessly before that.
Which architecture are you…
Which architecture are you using? I think 4.2.1 should work for armv7 and x86, but not aarch64 and x86_64.
When running version 9.0.2 …
When running version 9.0.2 (Android) the first few times it was possible to "start a new identity" whenever. Since yesterday the notice-bar Tor Browser, which also shows down- and uploading speed, is lacking this function to start a new identity. ???? Instead, but first after a while, Orbot tries to start (given notice by the tor browser bar) but fails later.
I think I downloaded my Tor Browser (under another name) a few years back from the Guardian site. Still I really don't know (remember) how the updating was working until it was done via Google Play. I also have some apps from Fdroid. They show my Tor Browser with the latest update but their version-history seems a bit odd!
Checking the Tor Browser's PGP signature seems almost impossible. The GnuPG does not work for Android (only Linux) and the Guardian Project version for Android is no longer updated or even possible to find. The closest link I found is this: https://github.com/guardianproject/gnupg-for-android, and being more or less a layman in computing I understand that there is no simple app to install onto my tablet to do the verifying process? Any suggestions? Installation of GPG via a terminal seems to involve the process of building apps. For app-developers and not for app-users? I have this terminal installed but GPG is not built into it!
Conclusion: The verification-process is part of Google Play and not the user! Right? Can I be sure? Or should I use the "workaround" with a public key?
Another odd thing. My tor browser use google as search engine as default. I read you use DuckDuckGo since 6.0.6. Strange! I have now changed.
For your info: My laptop and router have been compromised. I am not using the laptop and my router is factory restored after being hijacked (scripted). Still my router-values have been changed after reset. Also having dns-problems. Sitting behind a public fibernetwork and a switch run by a small ISP. My network consists of a cheap Asus wifi-router and a single Android 6.0.1 tablet device. I found a second internal ip-address in my network. Without any corresponding MAC-address. To find it I had to change my network settings in the wifi-settings in my tablet. No info under dhcp (dhcp in router btw) but when choosing static new info appeared. A new ip-address which involved google 8.8.8.8 and 8.8.4.4 instead of 9.9.9.9 (in router) . I guess google dns is default in Android but I do not understand the 2nd ip-address and why it is static? Under dhcp I could not see any dns-address! I had to choose static!
How to find logging for the browser's status in the Tor Network? When connecting the browser you can follow the process and read notices during the connection until GO. Then there is no way to check what is happening. When using Orbot and i.e DuckDuckGo I can always check status in orbot log.
A worried user,
when i start tor browser it…
when i start tor browser it pop up a weird mirror, fix it , instead of choice bridge and shit, it popup a weird mirror and after that the tor browser pops up, that mirror get my windows 10 bluescreen sometime.
you cannot perform further…
you cannot perform further updates !!
why i receive this message ? and cannot update
Do you have more details…
Do you have more details about the error? What OS are you using, and which version of Tor Browser are you updating from?
on Win7 32bit works fine!…
on Win7 32bit works fine! THNX
since I loaded the newest…
since I loaded the newest Tor not one single onion site will open, tried downloaded older version of Tor but nothing has worked in a month
I recently downloaded tor…
I recently downloaded tor and wish to install flash player on it. Can anyone tell me the procedure?
Flash is not safe to use in…
Flash is not safe to use in Tor Browser:
https://jqlsbiwihs.oedi.net/tbb/tbb-12/
Why does the comments look…
Why does the comments look ok only half way down the page?
https://trac.torproject.org…
https://trac.torproject.org/projects/tor/ticket/31114
I want to change the…
I want to change the assigned guard location. How do I do that
Opening regular tabs has…
Opening regular tabs has been broken in later Android builds leaving only the option to open private tabs which eats up more RAM. Any plans for a fix?
Why do you say private tabs…
Why do you say private tabs eats up more RAM?
Non-private tabs have been removed with this ticket:
https://trac.torproject.org/projects/tor/ticket/24920
Finally got updated on f…
68.3.0 (2015620377)
Added on 12/11/19
Repository: Guardian Project Official Releases
Size: 54.0 MiB
Android: 4.1+
Requires: armeabi-v7a
Why is tor not working any…
Why is tor not working any more on android 4.2.2?
You cannot expect that people buy the latest gadgets.
Which architecture are you…
Which architecture are you using?
We support api 16 (Android 4.1) for armv7 and x86, and api 21 (Android 5.0) for aarch64 and x86_64.
Redirected To https://update…
Redirected To update-torproject.org/en/
What is this.?
This looks like a fake…
This looks like a fake torproject website. Do not use it.
How did you get redirected there?
Why does it load "Index of /…
Why does it load "Index of /" on one of the sites I visit? And when I enter the address of the forum directly (IE http://www.somewebsite.com/forum or /forum/index.php) I get a file not found error.
This is a problem on the…
This is a problem on the website side.
Link "login" does not work…
Link "login" does not work on site blockchain.com
problem script-src
On MacOs, Noscript and HTTPS…
On Mac Os, Noscript and HTTPS Everywhere disappear on the right of security level. They are activated, but if I am in safest mode, I can't configure noscript. Must personalize the interface to have Noscript and HTTPS Everywhere on the right, not good.
Changing settings of…
Changing settings of Noscript and HTTPS Everywhere is discouraged, which is why we removed the icons from the toolbar by default.
Ok, but on my Linux Mint…
Ok, but on my Linux Mint computer (Tor Browser 9.0.2 too !) this icons are always in the toolbar. On Tails, the icons are removed since some months. Thank you for your answer.
Is there a way to request…
Is there a way to request a new identity and/or a new circuit on TOR Orbot for Android?
In the recent builds of tbb…
In recent builds of tbb including tor-laucher built-in I've noticed odd behavior when used with system tor process. Everything appears ok until the system tor process is unavailable. Unavailable could mean many things in this context including a crash of the process due to regression. When the system tor process becomes unavailable it appears tor-launcher may go a bit off-the-rails in scanning for the process. The tbb process utilization maxes out cpe use and does not recover gracefully when the system tor process is later available. This leaves the tbb process unusable until restarted. Known issue? Did not happen in prior builds having tor-launcher as an extension _which could be excluded_ meaning I have not tested tor-launcher present in those builds.
The new TorBrowser 9.0.3 for…
The new TorBrowser 9.0.3 for MSWindows is not signed?
It has not been released yet…
It has not been released yet, but will be soon.
WARNING: SHA1 is fully…
WARNING: SHA1 is fully broken!
https://eprint.iacr.org/2020/014.pdf
https://sha-mbles.github.io/
https://arstechnica.com/information-technology/2020/01/pgp-keys-softwar…
"Behold: the world's first known chosen-prefix collision of widely used hash function.
The new collision gives attackers more options and flexibility than were available with the previous technique. It makes it practical to create PGP encryption keys that, when digitally signed using SHA1 algorithm, impersonate a chosen target. More generally, it produces the same hash for two or more attacker-chosen inputs by appending data to each of them. The attack unveiled on Tuesday also costs as little as $45,000 to carry out."
Be prepared.
i updated to 9.0.2 version…
i updated to 9.0.2 version and every time i try to load any webpage with tor browser this error comes " Gah, Your tab just crashed” i reinstalled, changed " browser.tab.autstart to false" in about:config as suggested in some sites,ran in safe mode and yet this issue remains..the old tor ran with no issues..anyone have any solutions or know what's casuing it..i have no other version of tor running
Which operating system are…
Which operating system are you using, and which version of Tor Browser were you using before updating to 9.0.2?
Do you also have the same error if you do a new install (instead of an update)?