Tor Browser 8.0a2 is released

Tor Browser 8.0a2 is now available from the Tor Browser Project page and also from our distribution directory.

This release includes Tor 0.3.3.2-alpha. In addition we update HTTPS Everywhere to 2018.1.29, NoScript to 5.1.8.4, meek to 0.29, and we include various other fixes and improvements.

The full changelog since Tor Browser 8.0a1 is:

  • All Platforms
    • Update Tor to 0.3.3.2-alpha
    • Update Torbutton to 1.9.9
      • Bug 24159: Version check does not deal with platform specific checks
      • Bug 25016: Remove 2017 donation banner
      • Translations update
    • Update Tor Launcher to 0.2.15
      • Bug 25089: Special characters are not escaped in proxy password
      • Translations update
    • Update HTTPS Everywhere to 2018.1.29
    • Update NoScript to 5.1.8.4
    • Update meek to 0.29
    • Bug 25215: Revert bug 18619 (we are not disabling IndexedDB any longer)
    • Bug 19910: Rip out optimistic data socks handshake variant (#3875)
    • Bug 22659: Changes to `intl.accept.languages` get overwritten after restart
    • Bug 25000: Add [System+Principal] to the NoScript whitelist
    • Bug 15599: Disable Range requests used by pdfjs as they are not isolated
    • Bug 22614: Make e10s/non-e10s Tor Browsers indistinguishable
    • Bug 13575: Disable randomised Firefox HTTP cache decay user tests
    • Bug 25020: Add a tbb_version.json file
    • Bug 24995: Include git hash in tor --version
  • OS X
    • Bug 22794: Don't open AF_INET/AF_INET6 sockets when AF_LOCAL is configured
  • Linux
    • Bug 22794: Don't open AF_INET/AF_INET6 sockets when AF_LOCAL is configured
  • Windows:
    • Bug 25266: PT config should include full names of executable files
  • Build System
    • Windows
      • Bug 25111: Don't compile Yasm on our own anymore for Windows Tor Browser
Anonymous

February 23, 2018

Permalink

EXECUTE PATCH TorBrowser/Data/Tor/torrc-defaults
LoadSourceFile: destination file size 1063 does not match expected size 1017
LoadSourceFile failed
### execution failed

Modified config and bye bye partial update, huh?

Anonymous

February 23, 2018

Permalink

Partial update failed, full update succeeded, but
Bug 25000: Add [System+Principal] to the NoScript whitelist
wasn't added.

Anonymous

February 23, 2018

Permalink

Bug 13575: Disable randomised Firefox HTTP cache decay user tests
You should override user pref in update.

Anonymous

February 23, 2018

Permalink

A lot of
Torbutton INFO: controlPort >> 650 STREAM 64 CLOSED 12 [2620:12a:8000::2]:443 REASON=END REMOTE_REASON=CONNRESET
fun fun

Anonymous

February 23, 2018

Permalink

Thankyou again for all your hard work in helping keep us safe(r) on the Internet.
Nothing is perfect but it's a damn sight better than not having a Tor Browser.
The NSA and their cronies don't sleep, neither should we.

Anonymous

February 24, 2018

Permalink

We hope the dev can use vimeo / daily motion and youtube (.onion) domain video sharing website

to educate and Certificate degree likes I.T exam to teaching the non - tech elder 60 year+ to use

the privacy protection internet web bower , in the suppress regime (part of North Korea ) , the browser under surveillance with real internet protocol address/ real passport identify number leak competitor have

1. UC web browser

2.cheetah browser

3. three hundred and sixty browser

4. QQ browser (ten-cent) (ICQ clone)

5. SO-GO (the dog searching ) browser

6: Bai-du ( searching for hundred times) browser

7.the cloud traveler browser (regional developer ) (not list in stock exchange )

8. greed tea browser (regional developer ) (not list in stock exchange )

9. Quark Browser (regional developer ) (not list in stock exchange )

10. VIA browsers (regional developer ) (not list in stock exchange )

Anonymous

February 24, 2018

Permalink

TypeError: window.location is null[Learn More] popup.js:247:7
TypeError: this.contentWindow is null[Learn More] ExtensionChild.jsm:781:5

Could you post a link to pdfs with non-isolated requests?

I believe pretty much all PDFs suffered that issue. If you want one that was affected for sure, look at the bug report for #15599. It has some links.

> doesn't feel good at loading :(

True, that why it's only enabled in alpha for now, to see if it's worth the trade-off.

Anonymous

February 24, 2018

Permalink

browser.ownerGlobal is null ext-utils.js:800
getBrowserId chrome://browser/content/ext-utils.js:800:9
chrome://browser/content/ext-tabs.js:79:26
runSafeSyncWithoutClone resource://gre/modules/ExtensionUtils.jsm:71:14
emit/promises< resource://gre/modules/ExtensionUtils.jsm:384:55
from self-hosted:595:17
emit resource://gre/modules/ExtensionUtils.jsm:383:20
WebRequestEventManager/register/listener chrome://extensions/content/ext-webRequest.js:51:7
runChannelListener resource://gre/modules/WebRequest.jsm:721:24
onStopRequest resource://gre/modules/WebRequest.jsm:841:5
onStopRequest resource://gre/modules/WebRequest.jsm:351:5
[02-24 16:37:52] Torbutton WARN: Version check failed! Web server error: 0
[02-24 16:37:52] Torbutton INFO: controlPort >> 650 STREAM 951 CLOSED 111 [2620:0:6b0:b:1a1a:0:26e5:4810]:443 REASON=END REMOTE_REASON=CONNRESET

I wish Tor Project would at least attempt to official warn users when this happens, but I too experienced difficulties, and in another thread in this blog, a reliable source confirmed that Tor network and the torproject.org site were under attack this weekend. No word on who might be responsbible.

Anonymous

February 25, 2018

Permalink

This may be a dumb question, but I'll go ahead and ask it: I wonder if there would be any value in creating web-browser extensions for mainstream browsers (Firefox and Chrome) that falsely, though convincingly (mis)identifies the browser as a Tor user? Would hundreds of thousands of false Tors provide some cover for true Tors?

To obfuscate the spotting of Tor users (sans VPNs) by ISPs and others, would there be any value in having every mainstream browser appear to be a Tor user by downloading an extension on the Chrome or Firefox browser? Could there be a false Tor network the extension visits that appears just convincing enough to appear real without actually using the actual Tor systems?

Making Tor look like normal traffic should be done by modifying Tor (and not by modifying the rest of the normal traffic) or by usage of pluggable transport that obfuscate the traffic such as with meek-amazon, snowflake, obfs4, et cetera

Anonymous

February 26, 2018

Permalink

09:55:18.514 A promise chain failed to handle a rejection. Did you forget to '.catch', or did you forget to 'return'?
See https://developer.mozilla.org/Mozilla/JavaScript_code_modules/Promise.j…

Date: Mon Feb 26 2018 09:54:33 GMT+0000 (UTC)
Full Message: [object Object]
Full Stack: JS frame :: resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js :: PendingErrors.register :: line 194
JS frame :: resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js :: this.PromiseWalker.completePromise :: line 715
JS frame :: resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js :: Handler.prototype.process :: line 968
JS frame :: resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js :: this.PromiseWalker.walkerLoop :: line 813
JS frame :: resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js :: this.PromiseWalker.scheduleWalkerLoop/< :: line 747 1 (unknown)

Not likely, this is the "test" version to work out the kinks using random volunteers as test subjects. You won't ever see the real TOR browser that the U.S. intel has to deploy in other countries.

I would like to see a Ukrainian TOR ED

To my knowledge, yes it does. The release notes for 7.5 have some screenshots that show how to do it. You'll have to use a certain transports though (the ones marked works in China).

Anonymous

February 26, 2018

Permalink

Yea -- this was a dumb question. You can tell I am not technically-inclined. I appreciate you indulging my inquiry.

Anonymous

February 28, 2018

Permalink

TOR browser is unable to connect to any site: Secure Connection Failed. Server reset. Is TOR browser down?

Anonymous

February 28, 2018

Permalink

Now it is 2nd or 3rd day when all bandwidth values in cached-microdesc-consensus file have Unmeasured=1 flag. Many tor nodes have bandwidth=10000. (tor 0.3.2.9). Is it some attack? Were DA nodes compromised?

Anonymous

March 02, 2018

Permalink

Why is the first Tor relay address static? Every time a user requests for a new Tor circuit, the first relay address does not change compared to last time.

Thank you and Best Regards

Anonymous

March 02, 2018

Permalink

win64
partial update failed:
failed: 19
calling QuitProgressUI
hrm...

Join the discussion...

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

4 + 2 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.