New Release: Tor Browser 9.5a11

by sysrqb | April 9, 2020

Tor Browser 9.5a11 is now available from the Tor Browser Alpha download page and also from our distribution directory.

Note: This is an alpha release, an experimental version for users who want to help us test new features. For everyone else, we recommend downloading the latest stable release instead.

This release updates Firefox to 68.7.0esr, NoScript to 11.0.23, and OpenSSL to 1.1.1f.

This release features important security fixes to Firefox. In addition, this update includes improved usability for onion services.

The full changelog since Tor Browser 9.5a10 is:

  • All Platforms
    • Update Firefox to 68.7.0esr
    • Bump Https-Everywhere to 2020.3.16
    • Bump NoScript to 11.0.23
    • Translations update
    • Bug 33342: Avoid disconnect search addon error after removal
    • Bug 33482: Update about:tor donate string
  •  Android
    • Translations update
  •  Windows + OS X + Linux
    • Bug 19251: Show improved error pages for onion service errors
    • Bug 21952: Implement Onion-Location
    • Bug 28005: Implement .onion alias urlbar rewrites
    • Bug 33693: Bump Snowflake to ea01bf41c3
    • Bug 33707: Swap out onion icon in circuit display with new one
    • Bug 33723: Bump openssl version to 1.1.1f
    • Bug 33761: Remove unnecessary snowflake dependencies
    • Bug 33771: Update some existing licenses and add Libevent license
  •  Build System
    • Windows

Comments

Please note that the comment area below has been archived.

April 09, 2020

Permalink

I am getting a 404 Not Found error when trying to download this release. Also, I cannot update from the Tor Browser with the automatic update.

April 10, 2020

Permalink

Bonjour
(Désolé, je suis Francais!)

j'ai remarqué que Tor Browser ne fonctionne pas sur le Réseau Wifi collaboratif securisé Français de l'opérateur FREE.
Ce réseau (SSID : FreeWifi_secure), utilise une clef WPA2 tournante (grace au protocole EAP-SIM).
Bien que l'authentification wifi soit faite, TB ne réalise pas la poignée de main avec le réseau TOR, il y a échec entre 20 et 95%. Je n'avais pas ce problème avec Orfox ou Orweb !

Quelqu'un aurait-il déja rencontré ce problème ?
***
Hello
(Sorry, I'm french!)

I noticed that Tor Browser does not work on the French secure collaborative WiFi network of the operator FREE.
This network (SSID: FreeWifi_secure) uses a rotating WPA2 key (thanks to the EAP-SIM protocol).
Although wifi authentication is done, TB does not shake hands with the TOR network, there is failure between 20 and 95%. I didn't have this problem with Orfox or Orweb!

Has anyone ever encountered this problem?

> Je n'avais pas ce problème avec Orfox ou Orweb

C'est étrange. J'allais dire que le réseau ou votre routeur pourrait bloquer les ports de destination comme le font certains réseaux ouverts. Certains nœuds de sortie Tor ont des politiques de sortie (exit policy) personnalisées. Mais vous dites que vous n'avez pas de problème avec Orfox et Orweb.

https://jqlsbiwihs.oedi.net/fr/operators/exit-policies/
https://jqlsbiwihs.oedi.net/fr/abuse/exit-relay-expectations/
https://sgapqzbrdr.oedi.net/relay/setup/exit/

Cliquez sur « Préférences » dans le menu ≡ (menu principal), puis sur « Tor » dans la barre latérale pour accéder à ces options. En bas, vous trouverez les options « Avancées ». Essayez de cocher la case qui dit « Cet ordinateur passe par un pare-feu qui autorise uniquement les connexions à certains ports ». Si vous pouvez ouvrir la page de configuration de votre routeur, vérifiez si votre routeur bloque des ports.

https://jqlsbiwihs.oedi.net/fr/tbb/tbb-47/

Bonjour et merci de me répondre....

TB (Android) n'a pas toutes les options de configuration comme pour windows ou Linux...
Deplus, je vous confirme que je n'avais pa de problème avec Orfox & Orweb, c'était stable et sans influence du type de réseau et aujourd'hui sur des réseaux wifi ouvert, cela fonctionne plutot bien.

Je suis déconcerté par ce réseau "FreeWifi_secure" wpa2 (EAP-SIM) de l'Opérateur FREE !?!

j'ai essayé avec et sans pont, la case à cocher "Internet est censuré ici" ne fait que d'activer les ponts et j'ai essayé différents pont, (obs4, meek-, etc), cela ne change rien : La procedure de poigné de main échoue, de façon aléatoire entre 20~25% ou alors vers 95%.

April 10, 2020

Permalink

Bonjour
(Désolé, je suis Francais!)
Environnement Android...

j'ai remarqué que Tor Browser ne fonctionne pas sur le Réseau Wifi collaboratif securisé Français de l'opérateur FREE.
Ce réseau (SSID : FreeWifi_secure), utilise une clef WPA2 tournante (grace au protocole EAP-SIM).
Bien que l'authentification wifi soit faite, TB ne réalise pas la poignée de main avec le réseau TOR, il y a échec entre 20 et 95%. Je n'avais pas ce problème avec Orfox ou Orweb !

Quelqu'un aurait-il déja rencontré ce problème ?

Rq : Tout fonctionne bien cependant avec le réseau cellulaire ou un réseau wifi classique.

***

Hello
(Sorry, I'm french!)
Android environment ...

I noticed that Tor Browser does not work on the French secure collaborative WiFi network of the operator FREE.
This network (SSID: FreeWifi_secure) uses a rotating WPA2 key (thanks to the EAP-SIM protocol).
Although wifi authentication is done, TB does not shake hands with the TOR network, there is failure between 20 and 95%. I didn't have this problem with Orfox or Orweb!

Has anyone ever encountered this problem?

Aq: Everything works well however with the cellular network or a conventional wifi network.

April 10, 2020

Permalink

if this is just an alpha release why does it show up as an update in the tor browser? i thought you only released stable versions in the browser update.

anyways i did update and now i can only see half videos on youtube, half the screen just goes white if you move the mouse too high up on the video or if you pause the video. so now i have to back to the earlier version to get this fixed.

thanks for your hard work keeping us safe though. much appreciated.

April 10, 2020

Permalink

TorBrowser's NoScript settings set for everyone:
- UNTRUSTED zone - why allow "frames"? When the browser downloads the HTML documents (like frames), it still makes connections to such untrusted sites, thus leaving the unneeded fingerprints there.
- DEFAULT zone - why allow "frames" and "other"? I.e., why allow downloading frames from *all* websites by default? And what is allowed via the "other" category?
Thanks.

April 10, 2020

Permalink

Interesting work on the automatic .onion redirect. I'd still like to see a full Tor DNS replacement, but this is a good start.

https://jqlsbiwihs.oedi.net/tbb/antivirus-false-positive/

Update your virus scanner's signature files. Check the dates of release. If something you downloaded was released very recently when you scanned it, your scanner might not be able to recognize it yet. Wait a few days after it was released, update your scanner, and scan the file again. Compare scan results on virustotal.com. Or if you can verify it with GPG, do that instead.

April 12, 2020

Permalink

what is Onion ServicesPrioritize .onion sites when known?? in browser privacy??

April 12, 2020

Permalink

Snowflake and Meek-Azure connections still not working.

Will this ever get fixed?

Both of these have been non functional for quite a long time now....

April 16, 2020

Permalink

I can't get to the chat sites or download sites anymore . Like TORCHAT .what is the URL to it ? On the 11th of this month i copied the new URL . But something happened and it didn't stay .May I please get the new URL ?

April 17, 2020

Permalink

check of relnotes of noscript in about:addons gives:
Removing unsafe node. Element: meta. aboutaddonsCommon.js:108:21
Removing unsafe node. Element: title. aboutaddonsCommon.js:108:21

April 18, 2020

Permalink

this browser isn't any better than all the rest of the retail browsers that suck. forcing the public to buy a vpn that they direct you to. what a scam

April 18, 2020

Permalink

I'm having weird input problems since the update. Right after restarting for the update, I couldn't enter any text in the address bar or the DDG search box on the home page. Did a full close out and reopened, everything seemed to be working. Left it on for a while and now I can't paste in text copied from outside Tor. Which is important for using a password manager. I can't paste into the address or search bars, or text entry fields on websites. If I copy text in Tor, I am able to paste. It's strange because it was working last night then stopped working today.

Using linux version.

April 20, 2020

Permalink

I have tried to make tor my default browser but something is preventing me. I've gone to internet options and hit the default browser button but nothing happens. Could this be firefox preventing me? I've tried uninstalling firefox but then a deleted dll file stopped me loading tor so i had to re-install firefox. It's as though firefox keeps hijacking my settings and reinstalling google bing and other add-ons and plug ins. Can anyone help?

https://jqlsbiwihs.oedi.net/tbb/tbb-32/

> I've tried uninstalling firefox but then a deleted dll file stopped me loading tor

If I understand correctly, Tor Browser depends on system-wide dlls such as those in Windows Updates. Uninstalling Firefox should not stop Tor Browser loading unless you did something else.

> It's as though firefox keeps hijacking my settings and reinstalling google bing and other add-ons and plug ins.

You should be able to uninstall add-ons from Firefox in the main menu --> Add-ons, and then close and reopen Firefox. If you find evidence of hijacking, scan your system for viruses. Add-ons, by the way, are not the search engines in Preferences.

April 24, 2020

Permalink

My custom permissions in Noscript were reset in the middle of a session on April 22. Some other comments have mentioned this going back months on the blog. I opened up Add-ons Manager to check on Noscript, and it was updated to version 11.0.25 on April 22, that day. In other words, these issues recognizing unadministered resets of permissions could be due to add-ons independently updating automatically. Don't go by my word alone, though.

May 06, 2020

Permalink

Updated my browser, but when I visit sites like NYT or pro-publica (they have onion sites), I see no popup in my URL bar. I've even reinstalled the browser twice, per instructions from this site - no results.

May 31, 2020

Permalink

Pourquoi ne pas faire un plug in pour lire les scripts tel que CSS et JavaScript sans etre repéré