Tor Browser 8.0a2 is released

Tor Browser 8.0a2 is now available from the Tor Browser Project page and also from our distribution directory.

This release includes Tor In addition we update HTTPS Everywhere to 2018.1.29, NoScript to, meek to 0.29, and we include various other fixes and improvements.

The full changelog since Tor Browser 8.0a1 is:

  • All Platforms
    • Update Tor to
    • Update Torbutton to 1.9.9
      • Bug 24159: Version check does not deal with platform specific checks
      • Bug 25016: Remove 2017 donation banner
      • Translations update
    • Update Tor Launcher to 0.2.15
      • Bug 25089: Special characters are not escaped in proxy password
      • Translations update
    • Update HTTPS Everywhere to 2018.1.29
    • Update NoScript to
    • Update meek to 0.29
    • Bug 25215: Revert bug 18619 (we are not disabling IndexedDB any longer)
    • Bug 19910: Rip out optimistic data socks handshake variant (#3875)
    • Bug 22659: Changes to `intl.accept.languages` get overwritten after restart
    • Bug 25000: Add [System+Principal] to the NoScript whitelist
    • Bug 15599: Disable Range requests used by pdfjs as they are not isolated
    • Bug 22614: Make e10s/non-e10s Tor Browsers indistinguishable
    • Bug 13575: Disable randomised Firefox HTTP cache decay user tests
    • Bug 25020: Add a tbb_version.json file
    • Bug 24995: Include git hash in tor --version
  • OS X
    • Bug 22794: Don't open AF_INET/AF_INET6 sockets when AF_LOCAL is configured
  • Linux
    • Bug 22794: Don't open AF_INET/AF_INET6 sockets when AF_LOCAL is configured
  • Windows:
    • Bug 25266: PT config should include full names of executable files
  • Build System
    • Windows
      • Bug 25111: Don't compile Yasm on our own anymore for Windows Tor Browser

February 23, 2018


EXECUTE PATCH TorBrowser/Data/Tor/torrc-defaults
LoadSourceFile: destination file size 1063 does not match expected size 1017
LoadSourceFile failed
### execution failed

Modified config and bye bye partial update, huh?


February 23, 2018


Partial update failed, full update succeeded, but
Bug 25000: Add [System+Principal] to the NoScript whitelist
wasn't added.


February 23, 2018


Bug 13575: Disable randomised Firefox HTTP cache decay user tests
You should override user pref in update.

A lot of
Torbutton INFO: controlPort >> 650 STREAM 64 CLOSED 12 [2620:12a:8000::2]:443 REASON=END REMOTE_REASON=CONNRESET
fun fun

How many could quit the browser

you guys were doing great until quite recently in tracking the FF release calendar. what happened?

We are still tracking the firefox release calendar. But we are also doing some additional releases, especially on the alpha channel to give move testing to the alpha tor releases and the other new features.

Thankyou again for all your hard work in helping keep us safe(r) on the Internet.
Nothing is perfect but it's a damn sight better than not having a Tor Browser.
The NSA and their cronies don't sleep, neither should we.

Well put!

We hope the dev can use vimeo / daily motion and youtube (.onion) domain video sharing website

to educate and Certificate degree likes I.T exam to teaching the non - tech elder 60 year+ to use

the privacy protection internet web bower , in the suppress regime (part of North Korea ) , the browser under surveillance with real internet protocol address/ real passport identify number leak competitor have

1. UC web browser

2.cheetah browser

3. three hundred and sixty browser

4. QQ browser (ten-cent) (ICQ clone)

5. SO-GO (the dog searching ) browser

6: Bai-du ( searching for hundred times) browser

7.the cloud traveler browser (regional developer ) (not list in stock exchange )

8. greed tea browser (regional developer ) (not list in stock exchange )

9. Quark Browser (regional developer ) (not list in stock exchange )

10. VIA browsers (regional developer ) (not list in stock exchange )

Are you writing from North Korea as a teacher? If so, welcome!

TypeError: window.location is null[Learn More] popup.js:247:7
TypeError: this.contentWindow is null[Learn More] ExtensionChild.jsm:781:5

Bug 15599: Disable Range requests used by pdfjs as they are not isolated
doesn't feel good at loading :(
Could you post a link to pdfs with non-isolated requests?

Could you post a link to pdfs with non-isolated requests?

I believe pretty much all PDFs suffered that issue. If you want one that was affected for sure, look at the bug report for #15599. It has some links.

> doesn't feel good at loading :(

True, that why it's only enabled in alpha for now, to see if it's worth the trade-off.

browser.ownerGlobal is null ext-utils.js:800
getBrowserId chrome://browser/content/ext-utils.js:800:9
runSafeSyncWithoutClone resource://gre/modules/ExtensionUtils.jsm:71:14
emit/promises< resource://gre/modules/ExtensionUtils.jsm:384:55
from self-hosted:595:17
emit resource://gre/modules/ExtensionUtils.jsm:383:20
WebRequestEventManager/register/listener chrome://extensions/content/ext-webRequest.js:51:7
runChannelListener resource://gre/modules/WebRequest.jsm:721:24
onStopRequest resource://gre/modules/WebRequest.jsm:841:5
onStopRequest resource://gre/modules/WebRequest.jsm:351:5
[02-24 16:37:52] Torbutton WARN: Version check failed! Web server error: 0
[02-24 16:37:52] Torbutton INFO: controlPort >> 650 STREAM 951 CLOSED 111 [2620:0:6b0:b:1a1a:0:26e5:4810]:443 REASON=END REMOTE_REASON=CONNRESET


An error has occured while trying to browse to url(!

It's not letting me download the new version because I get this message instead:

This site can’t be reached took too long to respond.

Torsite's gone. What's wrong? down since yesterday or even longer. No way to download Tor-Browser-Bundle or anything.

I wish Tor Project would at least attempt to official warn users when this happens, but I too experienced difficulties, and in another thread in this blog, a reliable source confirmed that Tor network and the site were under attack this weekend. No word on who might be responsbible.

This may be a dumb question, but I'll go ahead and ask it: I wonder if there would be any value in creating web-browser extensions for mainstream browsers (Firefox and Chrome) that falsely, though convincingly (mis)identifies the browser as a Tor user? Would hundreds of thousands of false Tors provide some cover for true Tors?

You mean as a Tor Browser user? The first tricky part is to "simulate" sending your traffic over the Tor network while not doing so as I don't see how an extension could achieve that. How would you want to do that?

To obfuscate the spotting of Tor users (sans VPNs) by ISPs and others, would there be any value in having every mainstream browser appear to be a Tor user by downloading an extension on the Chrome or Firefox browser? Could there be a false Tor network the extension visits that appears just convincing enough to appear real without actually using the actual Tor systems?

Making Tor look like normal traffic should be done by modifying Tor (and not by modifying the rest of the normal traffic) or by usage of pluggable transport that obfuscate the traffic such as with meek-amazon, snowflake, obfs4, et cetera

09:54:33.300 Web Console getCachedMessages error: invalid state. 1 webconsole.js:3294

09:55:18.514 A promise chain failed to handle a rejection. Did you forget to '.catch', or did you forget to 'return'?

Date: Mon Feb 26 2018 09:54:33 GMT+0000 (UTC)
Full Message: [object Object]
Full Stack: JS frame :: resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js :: PendingErrors.register :: line 194
JS frame :: resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js :: this.PromiseWalker.completePromise :: line 715
JS frame :: resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js :: Handler.prototype.process :: line 968
JS frame :: resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js :: this.PromiseWalker.walkerLoop :: line 813
JS frame :: resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js :: this.PromiseWalker.scheduleWalkerLoop/< :: line 747 1 (unknown)

Can this Tor Browser circumvent the Great Firewall?

Not likely, this is the "test" version to work out the kinks using random volunteers as test subjects. You won't ever see the real TOR browser that the U.S. intel has to deploy in other countries.

I would like to see a Ukrainian TOR ED

To my knowledge, yes it does. The release notes for 7.5 have some screenshots that show how to do it. You'll have to use a certain transports though (the ones marked works in China).

Using the meek-amazon pluggable transport, then maybe. :)

YES, make sure you use meek pluggable transport.

Yea -- this was a dumb question. You can tell I am not technically-inclined. I appreciate you indulging my inquiry.

What is wrong with the certificate? TLS 1.0? Why did it change?

Dose anyone tell me why on and is set TLS 1.2 but on is TLS 1.0? Is it some kind of phishing?

TOR browser is unable to connect to any site: Secure Connection Failed. Server reset. Is TOR browser down?

Now it is 2nd or 3rd day when all bandwidth values in cached-microdesc-consensus file have Unmeasured=1 flag. Many tor nodes have bandwidth=10000. (tor Is it some attack? Were DA nodes compromised?

No. But had issues with our bandwidth authorities but they should be solved by now.

Thank you! Indeed, later I found discussion of this issue in tor mailing lists. Now tor stat is OK.

Why is the first Tor relay address static? Every time a user requests for a new Tor circuit, the first relay address does not change compared to last time.

Thank you and Best Regards

partial update failed:
failed: 19
calling QuitProgressUI

Does the full update work for you? FWIW: Error 19 means CERT_VERIFY_ERROR. Not sure how this can happen in your case, though. Can you reproduce that with an older Tor Browser alpha version (8.0.a1 e.g.

Yes. Cert of partial update was corrupted or what? Is this related to that SHA-1 is "unsupported" now? It was clean 8.0.a1 -> a2.