New Release: Tor Browser 8.5a9

Tor Browser 8.5a9 is now available from the Tor Browser Project page and also from our distribution directory.

Note: this is an alpha release: an experimental version for users who want to help us test new features. For everyone else, we recommended downloading the latest stable release instead.

This release features important security updates to Firefox.

This new Tor Browser version picks up Firefox security bug fixes coming with Firefox 60.6.0esr and ships the second alpha in Tor's 0.4.0 series, 0.4.0.2-alpha. Besides those and other regular component updates (e.g. OpenSSL to 1.0.2r), we are proud to give three major features wider testing in our alpha series:

  • Firstly, for our desktop users, we redesigned our security controls, exposing the security slider state directly on our reorganized toolbar. The current code implements large parts of proposal 101, and we hope we make the overall experience less confusing that way, especially for inexperienced users. Thanks to Richard for all the hard work on this!
  • Secondly, we redesigned our bootstrapping interface for Tor Browser on Android, giving what we hope is a similar experience to the one provided for desktop versions. This is the first big part in our efforts to drop our dependency on Orbot while still making bootstrapping progress and bridge/pluggable transport configuration easily accessible. Thanks to Matt for all the work on this feature!
  • Thirdly, we implemented pluggable transport support for our mobile users, allowing them to bypass censorship with the help of obfs3, obfs4, and meek. It is possible to use both built-in bridges and custom ones, which users can obtain e.g. from BridgeDB or friends.

The full changelog since Tor Browser 8.5a8 is:

  • All platforms
    • Update Firefox to 60.6.0esr
    • Update Torbutton to 2.1.5
      • Bug 25658: Replace security slider with security level UI
      • Bug 28628: Change onboarding Security panel to open new Security Level panel
      • Bug 29440: Update about:tor when Tor Browser is updated
      • Bug 27478: Improved Torbutton icons for dark theme
      • Bug 29021: Tell NoScript it is running within Tor Browser
      • Bug 29239: Don't ship the Torbutton .xpi on mobile
      • Translations update
    • Bug 29120: Enable media cache in memory
    • Bug 29445: Enable support for enterprise policies
  • Windows + OS X + Linux
    • Update Tor to 0.4.0.2-alpha
      • Bug 29660: XMPP can not connect to SOCKS5 anymore
    • Update OpenSSL to 1.0.2r
    • Update Tor Launcher to 0.2.18.1
      • Bug 29328: Account for Tor 0.4.0.x's revised bootstrap status reporting
      • Bug 22402: Improve "For assistance" link
      • Translations update
    • Bug 25658+29554: Replace security slider with security level UI
    • Bug 28885: notify users that update is downloading
    • Bug 29180: MAR download stalls when about dialog is opened
    • Bug 27485: Users are not taught how to open security-slider dialog
    • Bug 27486: Avoid about:blank tabs when opening onboarding pages
    • Bug 29440: Update about:tor when Tor Browser is updated
    • Bug 23359: WebExtensions icons are not shown on first start
    • Bug 28628: Change onboarding Security panel to open new Security Level panel
  • Android
    • Bug 28329: Design Tor Browser for Android configuration UI
    • Bug 28802: Support PTs in Tor Browser for Android
    • Bug 29794: Update TBA built-in bridges
    • Bug 27210: Add support for x86 on Android
    • Bug 29809: Only ship tor binary for .apk architecture
    • Bug 29633: Don't ship pdnsd anymore
    • Bug 28708: about:tor is not the default homepage after upgrade
    • Bug 29626: Application name is now "Always-On Notifications"
    • Bug 29467: Backport fix for arc4random_buf bustage
  • Build System
    • All platforms
      • Bug 25876: Generate source tarballs during build
      • Bug 28685: Set Build ID based on Tor Browser version
      • Bug 29194: Set DEBIAN_FRONTEND=noninteractive
    • Linux
      • Bug 26323+29812: Build 32bit Linux bundles on 64bit Debian Wheezy
      • Bug 29758: Build firefox debug symbols for linux-i686
    • Android
Anonymous

March 21, 2019

Permalink

It would seem Firefox mobile versions prior to 66 don't work on the Android Q beta. Including the v60 bundled here with Tor.

Anonymous

March 21, 2019

Permalink

Great,

Q. Is there any deferent between the play store version, and the website one?

Anonymous

March 21, 2019

Permalink

This is your periodic reminder that the new Tor Browser logos suck unfortunately compared to the previous iterations, please revise their design and have a nice fiscal year!

Anonymous

March 21, 2019

Permalink

I use the latest version of tor browser for android(alpha) but this version has a problem. Twitter videos are not being played and the program stops. Please fix this problem soon

I can confirm this is happening to me also at random
I just hit new identity and it works again
the security setting I used is set to minimum
I think it has something to do with noscript but not sure

as a second thought I think that other than noscript it could be that twitter is not friends with some tor exit nodes so some functionalities are affected because of that. however the rest of the page loads fine it is just some videos on some pages that fail to load which is wierd. But as I said previously I keep doing"new identity" and reload the page till videos work, and they do, eventually.

what made me think it might be noscript is that when that twitter page loads there is a small red number 1 appearing on the noscript icon, but maybe that is not the reason.

is there any work done so far regarding this?

Anonymous

March 21, 2019

Permalink

I have no idea why are you silent about Germany's new anti-Tor law. Surely you should say something about it soon!

I run the program TB android. The program opens. I see the onion. Connect button. I see the settings button "gear" click on the settings. I see the settings of bridges. I see the "gear" in the upper right corner, click on the settings menu further does not open. There are no settings as in the orbot program.

android 6.0 and I dont know if this is reproducable or not because I only have 1 device

what other information is needed and is there a private way to send them?

please check with the android version above, maybe that is enough to test this bug

I tested on Android 6.0 and could not reproduce that on my device. No need to test on a different device. I was just wondering whether you can see this problem every time you try to open the settings on your device or whether that happens intermittently.

https://www.torproject.org/about/corepeople.html.en#GeKo

That page is 404. The whole damn site changed. I guess look here and text search for GeKo.
https://www.torproject.org/about/people/#core

Off topic: Why does the new About in the header not go to the overview anymore? Why is the history on the About page not on a page called History? After some digging, I found the links are broken because they were moved and prefixed with 2019.
https://2019.www.torproject.org/about/overview.html.en
https://2019.www.torproject.org/about/corepeople.html.en#GeKo

The new homepage gained a massive amount of empty space and pointless ad-like graphics and lost a massive amount of relevant, quickly navigable content.

Let's try to deal with the low-hanging fruit first trying to narrow down the problematic version: Did you try any earlier version of Tor Browser on your device? If so, which is the first version that shows the problem? If not, could you test older versions?

A first batch is here: https://archive.torproject.org/tor-package-archive/torbrowser/mobile/ (you still need a separate Orbot for those.

Then we have newer ones outlined at: https://trac.torproject.org/projects/tor/ticket/29906#comment:13

all versions before this one I am commenting on worked fine
now since I cant access settings and tor browser crashes immediately, how can I edit settings manually?
ok.. let me just follow your instructions in order
what do you suggest that I do now?

So, which settings are you talking about? The ones coming with the browser after the bootstrap is done where you can select your browser language etc.? Or are those some extensions related settings you want to configure... Or?

it is on the first screen, the one shaped like a cog at upper right. when I click it I get a white page and an android message saying tor browser stopped working and when I click ok on that message tor browser crashes.

I would like a private way to send you a message with more details please and we will communicate further that way

is that ok?

I am checking the updates on the ticket frequently and reading comments there and here on this thread

Anonymous

March 21, 2019

Permalink

NI:
05:13:13.062 TypeError: stopOpenSecuritySettingsObserver is not a function 1 torbutton.js:1967:5
torbutton_close_window chrome://torbutton/content/torbutton.js:1967:5

Anonymous

March 21, 2019

Permalink

Cool

Anonymous

March 21, 2019

Permalink

I use the standard release, but...

https://trac.torproject.org/projects/tor/ticket/28628#comment:10
A purple shield? Firefox already displays a shield in the address bar for Content Blocking and Tracking Protection. Won't another shield icon confuse newbies? Will one be hidden? Will the preferences for Content Blocking be hidden? The ticket looks like it does replace Firefox's Security & Privacy preferences UI with a Tor Browser Security Preferences screen.
https://support.mozilla.org/en-US/kb/what-happened-tracking-protection

The onboarding dialog ("New to Tor Browser? Let's get started.") shows a picture on each slide, but they all appear simply decorative, not remarkably descriptive, and so pointless and distracting to the eye. The one definitive image that inevitably comes up in Tor introduction guides/tutorials is the EFF's 9-device square. If you want a descriptive image, that is the one to use or base a revision on. You even use them in your About Tor overview in the torproject.org site header as one of the first things new users see.
https://www.torproject.org/about/overview

Neat color/opacity theme effect on the TorButton icon.

We don't enabled Content Blocking/Tracking Protection as we don't want to be part of the filtering the web business. Rather we want to deliver privacy by design. Thus, there won't be another shield to confuse users, just the one we ship. And the Security & Privacy preferences UI won't get replaced with our preferences screen. Rather, that will be folded into the former. You can try it out with 8.5a9. :)

Yes, *you* should be free to filter whatever content you want and block that. Tor Browser is not preventing you from that. However, *we* should be careful to ship filtering enabled by default for all of our users, in particular filtering that is organized by some third party.

Anonymous

March 22, 2019

Permalink

Thanks for the update. Quick question about the Android version: is it normal that when I install it, it has the Orfox icon, but when I look at it on the Play Store, it has the regular green Tor Browser icon?

Anonymous

March 22, 2019

Permalink

Hi,

I'm very unhappy with the latest version of Torbrowser for Android. Since the latest update it's impossible to change the country you are from. Via Orbot you could easily change the country from USA to Germany etc. Since the latest update you always appear with a steady country when you check your IP. Please correct this failure immediately. Now you will never be able to enter Google France when you have a steady USA identity! You will never see French search results with a US identity!

Anonymous

March 22, 2019

Permalink

Is there a preference or setting that can be enabled to prevent the new Android build from trying to launch Tor, and instead use a system Tor (e.g. currently running Orbot) instead? On desktop we have the TOR_SKIP_LAUNCH env var but as far as I know env vars can't be used with Android apps in that way. A checkbox in the settings would be ideal.

This new build won't let you skip Tor launch, which means the app needs direct internet access. I'm sure I'm not the only one who had a firewall set up so Tor Browser could only talk to Orbot on localhost, since Mike Perry did a blog post to set up something similar. I know that these non-default setups are not your target audience, and I support that completely.

Anonymous

March 22, 2019

Permalink

Hi,

The TOR project seems to designing the Tor Browser to help Google more than users of TOR. Here's why.

a) On Google.com with the lastest version 8.5a9, you can't submit a query that does not require a captcha to be solved; and if you have the safest level of security selected, then the captcha is toast. So no Google for you.

b) On Youtube.com with the latest version 8.5a9, you can't even see the main page of Youtube, if you have the safest level of security of selected.

The behavior described above by the browser has happened recently.

The TOR browser is designed to keep people from using Google sites, as this basically compromises Google's ability to collect data that is not fudged. This is happening, IMHO, due to the funding of TOR by Google. There is a huge problem if the world's largest internet search company allows TOR users to freely use its sites - as a public company Alphabet (Google) would compromise their ability to deliver targeted advertising and thereby affect revenue streams.

And if you select a different safety level for your TOR browsing experience, you are bound to be identified. Go ahead give it a try.

TOR is a bitch and its owned by Google. Don't say you weren't warned.