New Release: Tor Browser 8.0.2

Tor Browser 8.0.2 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox. We picked up the necessary patches, but because we needed to start building before Mozilla was ready with a first candidate build, we did not bump the Firefox version to 60.2.2esr. Thus, users are fine with Tor Browser 8.0.2 even though the Firefox version is 60.2.1esr.

Known Issues

We already collected a number of unresolved bugs since Tor Browser 7.5.6 and tagged them with our tbb-8.0-issues keyword to keep them on our radar. The most important current issues are:

The full changelog since Tor Browser 8.0.1 is:

  • All platforms
    • Update Firefox to 60.2.1esr
    • Backport fix for Mozilla bug 1493900 and 1493903
  • OS X
    • Backport fix for Mozilla bug 1489785 for macOS 10.14 compatibility

It was a fresh install of Tor 8.0.2 not an update.
The behaviour seemed odd as I expected it to just overwrite the older version of HTTPS Everywhere.
I just uninstalled both versions of HTTPS Everywhere in the end then I manually installed HTTPS Everywhere 2018.9.19 again.
I had no saved settings so that didn't matter.

k239

October 17, 2018

Permalink

I thought that Tor Browser is to protect and not destroy? I installed Tor Browser from a different website which encrypted all my files. The ICFKB-DECRYPT note gave the Tor Project address: https://www.torproject.org/. I downloaded and installed Tor 8.0.2. I started the Tor Browser which launched but could not take me to the configured Congratulation page. Thus, I cannot use the link: http://gandcrabmfe6mnef.onion/625478cda2b77312 that is supposed to give me instructions to decrypt my files. I use HP mini which is not compatible with higher versions of Tor Browser. Please assist me. Please decrypt my files in line with your objective of ensuring privacy and protecting us

k239

October 18, 2018

Permalink

Hello torproject,
Iain Learmonth form torproject wrotes
https://lists.torproject.org/pipermail/tor-talk/2018-October/044572.html
"Can you provide some examples of things you can do with torstatus that
you can't do with Tor Metrics' tools?
Perhaps they are easy to implement."

Eehmm, are you serious?
There is NO service on .torproject.org you can
compare with torstatus e.g. torproject.blutmagie.de.
Especially the birds-eye view.

It would be really bad to loose this.

k239

October 19, 2018

Permalink

Tor Browser seems to have lost the ability to send a username and password to a socks5 proxy. I get lots of this in tor log file:

[WARN] Could not create SOCKS args string.

(If I connect to a socks5 server that doesn't require a username and password, it does work.)

k239

October 19, 2018

Permalink

noscripts has no option "Forbid Scripts Globally". How to disable scripts globally in Tor Browser 8.0.2?

k239

October 19, 2018

Permalink

The website tunnelblick.net produces a message "connection not secure" and connectivity is not possible. Tunnelblick say there site should be accessible via Tor

Pages with Hindi script are not viewable in my Tor browser. 8.0.2 (based on Mozilla Firefox 60.2.1esr) (32-bit)

e.g https://www.bbc.com/hindi

Where the Hindi fonts are there are only square boxes

Windows 10? Works on Windows 7.

When I start the Tor browser, the default settings allows all. That is the case since I installed it. On the option page, when I click on reset, I am alerted that it will revert to the default values. After clicking ok, only "frame", "fetch" and "other" are enabled.
After restart, all is enabled again, which is consistant with the noscript bug in the known issues above.
But the default setting after installation and the default values after reset should be the same, and they are not.
Adding up these faults with the new noscript skin and the less options, I feel that the Tor browser is now less safe than before. And it should install with the safer options and not with the unsafest.

See: https://support.torproject.org/en-US/#tor-browser-js-enabled-default for why e.g. JavaScript is enabled by default.

I guess, those values should indeed be default but then, on the other hand, you should not need to mess with NoScript's settings either. :) We'll solve the latter at least by redesigning our security controls and removing the NoScript toolbar button from the toolbar in https://trac.torproject.org/projects/tor/ticket/25658.

Thanks for the reply.
But why are the default values different? If the default is "all enabled", then the reset to the default values should enable all as well. But it doesn´t.
That is confusing, and since it reverts to all enabled after restart, misleading as well.

That's because you are resetting to NoScripts default *as NoScript designs that* by clicking on the NoScript options. Tor Browser has a different understanding of default settings.

MAY it's ok for
"NoScript + https everywhere icons are going to be removed"
as default, but full removing NoScript + https everywhere Gui for all, with all it's
features?
Would be a very very ....strange move. Incomprehensible?
It's not usefull to remove all helpfull feature cause few people say they need a browser best with 1 button for all, chrome or so.
To understate, like going to Mc Donalds because all other food tastes to much ... .

We won't remove NoScript or HTTPS-Everywhere. They just won't show up by default on the toolbar anymore occupying precious space.

When retrieving new bridges are ports 12445, 38339, and 9443 the only ports? Those are the only ports I see.

No. In general it depends on the bridge operator deciding which port to use.

8.0.2 Terrible update, loads no scriptwith all permissions enabled, what a mess

Many times I used to connect to the TOR network and the circuit display would show "outdated software" on a node - this circuit display has been deleted! It looks like TOR is dumbing-down the software? That is *bad*

Ok, it is fine

Hello,
With vpn cyberghost and Tor Browser, its not possible to send mail with guerillamail.com.
Google capcha secure is out of good validation.
A solution ??
Thank's