New Release: Tor Browser 8.5

[Update 5/22/2019 8:18 UTC: Added issue with saved passwords and logins that vanished to Known Issues section.]

Tor Browser 8.5 is now available from the Tor Browser download page and also from our distribution directory. The Android version is also available from Google Play and should be available from F-Droid within the next day.

This release features important security updates to Firefox.

After months of work and including feedback from our users, Tor Browser 8.5 includes our first stable release for Android plus many new features across platforms.

It's Official: Tor Browser is Stable on Android

Tor Browser 8.5 is the first stable release for Android. Since we released the first alpha version in September, we've been hard at work making sure we can provide the protections users are already enjoying on desktop to the Android platform. Mobile browsing is increasing around the world, and in some parts, it is commonly the only way people access the internet. In these same areas, there is often heavy surveillance and censorship online, so we made it a priority to reach these users.

Tor Browser for Android

We made sure there are no proxy bypasses, that first-party isolation is enabled to protect you from cross-site tracking, and that most of the fingerprinting defenses are working. While there are still feature gaps between the desktop and Android Tor Browser, we are confident that Tor Browser for Android provides essentially the same protections that can be found on desktop platforms.

Thanks to everyone working on getting our mobile experience into shape, in particular to Antonela, Matt, Igor, and Shane.

Note: Though we cannot bring an official Tor Browser to iOS due to restrictions by Apple, the only app we recommend is Onion Browser, developed by Mike Tigas with help from the Guardian Project.

Improved Security Slider Accessibility

Our security slider is an important tool for Tor Browser users, especially for those with sensitive security needs. However, its location behind the Torbutton menu made it hard to access.

Tor Browser Security

During the Tor Browser 8.5 development period, we revamped the experience so now the chosen security level appears on the toolbar. You can interact with the slider more easily now. For the fully planned changes check out proposal 101.

A Fresh Look

We made Tor Browser 8.5 compatible with Firefox's Photon UI and redesigned our logos and about:tor page across all the platforms we support to provide the same look and feel and improve accessibility.

Tor Browser icons

The new Tor Browser icon was chosen through a round of voting in our community.

We'd like to give a big thanks to everyone who helped make this release possible, including our users, who gave valuable feedback to our alpha versions.

Known Issues

Tor Browser 8.5 comes with a number of known issues. The most important ones are:

  1. While we improved accessibility support for Windows users during our 8.5 stabilization, it's still not perfect. We are in the process of finishing patches for inclusion in an 8.5 point release. We are close here.
  2. There are bug reports about WebGL related fingerprinting which we are investigating. We are currently testing a fix for the most problematic issue and will ship that in the next point release.
  3. The upgrade to Tor Browser 8.5 broke saved logins and passwords. We are investigating this bug and hope to provide a fix in an upcoming point release.

We already collected a number of unresolved bugs since releasing Tor Browser 8 and tagged them with our tbb-8.0-issues keyword to keep them on our radar. Check them out before reporting if you find a bug.

Give Feedback

In addition to the known issues, we are always looking for feedback about ways we can make our software better for you. If you find a bug or have a suggestion for how we could improve this release, please let us know.

Full Changelog

The full changelog since Tor Browser 8.0.9 is:

  • All platforms
    • Update Firefox to 60.7.0esr
    • Update Torbutton to 2.1.8
      • Bug 25013: Integrate Torbutton into tor-browser for Android
      • Bug 27111: Update about:tor desktop version to work on mobile
      • Bug 22538+22513: Fix new circuit button for error pages
      • Bug 25145: Update circuit display when back button is pressed
      • Bug 27749: Opening about:config shows circuit from previous website
      • Bug 30115: Map browser+domain to credentials to fix circuit display
      • Bug 25702: Update Tor Browser icon to follow design guidelines
      • Bug 21805: Add click-to-play button for WebGL
      • Bug 28836: Links on about:tor are not clickable
      • Bug 30171: Don't sync cookie.cookieBehavior and firstparty.isolate
      • Bug 29825: Intelligently add new Security Level button to taskbar
      • Bug 29903: No WebGL click-to-play on the standard security level
      • Bug 27290: Remove WebGL pref for min capability mode
      • Bug 25658: Replace security slider with security level UI
      • Bug 28628: Change onboarding Security panel to open new Security Level panel
      • Bug 29440: Update about:tor when Tor Browser is updated
      • Bug 27478: Improved Torbutton icons for dark theme
      • Bug 29239: Don't ship the Torbutton .xpi on mobile
      • Bug 27484: Improve navigation within onboarding (strings)
      • Bug 29768: Introduce new features to users (strings)
      • Bug 28093: Update donation banner style to make it fit in small screens
      • Bug 28543: about:tor has scroll bar between widths 900px and 1000px
      • Bug 28039: Enable dump() if log method is 0
      • Bug 27701: Don't show App Blocker dialog on Android
      • Bug 28187: Change tor circuit icon to torbutton.svg
      • Bug 29943: Use locales in AB-CD scheme to match Mozilla
      • Bug 26498: Add locale: es-AR
      • Bug 28082: Add locales cs, el, hu, ka
      • Bug 29973: Remove remaining stopOpenSecuritySettingsObserver() pieces
      • Bug 28075: Tone down missing SOCKS credential warning
      • Bug 30425: Revert armagadd-on-2.0 changes
      • Bug 30497: Add Donate link to about:tor
      • Bug 30069: Use slider and about:tor localizations on mobile
      • Bug 21263: Remove outdated information from the README
      • Bug 28747: Remove NoScript (XPCOM) related unused code
      • Translations update
      • Code clean-up
    • Update HTTPS Everywhere to 2019.5.6.1
    • Bug 27290: Remove WebGL pref for min capability mode
    • Bug 29120: Enable media cache in memory
    • Bug 24622: Proper first-party isolation of
    • Bug 29082: Backport patches for bug 1469916
    • Bug 28711: Backport patches for bug 1474659
    • Bug 27828: "Check for Tor Browser update" doesn't seem to do anything
    • Bug 29028: Auto-decline most canvas warning prompts again
    • Bug 27919: Backport SSL status API
    • Bug 27597: Fix our debug builds
    • Bug 28082: Add locales cs, el, hu, ka
    • Bug 26498: Add locale: es-AR
    • Bug 29916: Make sure enterprise policies are disabled
    • Bug 29349: Remove network.http.spdy.* overrides from meek helper user.js
    • Bug 29327: TypeError: hostName is null on about:tor page
    • Bug 30425: Revert armagadd-on-2.0 changes
  • Windows + OS X + Linux
    • Update OpenSSL to 1.0.2r
    • Update Tor Launcher to
      • Bug 27994+25151: Use the new Tor Browser logo
      • Bug 29328: Account for Tor 0.4.0.x's revised bootstrap status reporting
      • Bug 22402: Improve "For assistance" link
      • Bug 27994: Use the new Tor Browser logo
      • Bug 25405: Cannot use Moat if a meek bridge is configured
      • Bug 27392: Update Moat URLs
      • Bug 28082: Add locales cs, el, hu, ka
      • Bug 26498: Add locale es-AR
      • Bug 28039: Enable dump() if log method is 0
      • Translations update
    • Bug 25702: Activity 1.1 Update Tor Browser icon to follow design guidelines
    • Bug 28111: Use Tor Browser icon in identity box
    • Bug 22343: Make 'Save Page As' obey first-party isolation
    • Bug 29768: Introduce new features to users
    • Bug 27484: Improve navigation within onboarding
    • Bug 25658+29554: Replace security slider with security level UI
    • Bug 25405: Cannot use Moat if a meek bridge is configured
    • Bug 28885: notify users that update is downloading
    • Bug 29180: MAR download stalls when about dialog is opened
    • Bug 27485: Users are not taught how to open security-slider dialog
    • Bug 27486: Avoid about:blank tabs when opening onboarding pages
    • Bug 29440: Update about:tor when Tor Browser is updated
    • Bug 23359: WebExtensions icons are not shown on first start
    • Bug 28628: Change onboarding Security panel to open new Security Level panel
    • Bug 27905: Fix many occurrences of "Firefox" in about:preferences
    • Bug 28369: Stop shipping pingsender executable
    • Bug 30457: Remove defunct default bridges
  • Windows
    • Bug 27503: Improve screen reader accessibility
    • Bug 27865: Tor Browser 8.5a2 is crashing on Windows
    • Bug 22654: Firefox icon is shown for Tor Browser on Windows 10 start menu
    • Bug 28874: Bump mingw-w64 commit to fix WebGL crash
    • Bug 12885: Windows Jump Lists fail for Tor Browser
    • Bug 28618: Set MOZILLA_OFFICIAL for Windows build
    • Bug 21704: Abort install if CPU is missing SSE2 support
  • OS X
    • Bug 27623: Use MOZILLA_OFFICIAL for our builds
  • Linux
    • Bug 28022: Use `/usr/bin/env bash` for bash invocation
    • Bug 27623: Use MOZILLA_OFFICIAL for our builds
  • Android
    • Bug 5709: Ship Tor Browser for Android
  • Build System
    • All platforms
      • Bug 25623: Disable network during build
      • Bug 25876: Generate source tarballs during build
      • Bug 28685: Set Build ID based on Tor Browser version
      • Bug 29194: Set DEBIAN_FRONTEND=noninteractive
      • Bug 29167: Upgrade go to 1.11.5
      • Bug 29158: Install updated apt packages (CVE-2019-3462)
      • Bug 29097: Don't try to install python3.6-lxml for HTTPS Everywhere
      • Bug 27061: Enable verification of langpacks checksums
    • Windows
    • OS X
    • Linux
      • Bug 26323+29812: Build 32bit Linux bundles on 64bit Debian Wheezy
      • Bug 26148: Update binutils to 2.31.1
      • Bug 29758: Build firefox debug symbols for linux-i686
      • Bug 29966: Use for Wheezy images
      • Bug 29183: Use linux-x86_64 langpacks on linux-x86_64
    • Android
      • Bug 29981: Add option to build without using containers

May 21, 2019


Thank you very much Tor for your work. But how is Orbot going to go on from now on? The development has been slow even so far and now, is it in any way going to be replaced with Tor Browser? For me, living in Iran, Orbot and it's features have been essential as more of a filtering circumvention tool than a privacy tool.

There is no plan to replace Orbot with Tor Browser as they provide different features. Orbot will continue to be developed by the Guardian Project. Orfox however will no longer be developed, and Orfox users should migrate to Tor Browser.

It's insane to try to have multiple instances of Tor running on a phone (assuming it works correctly at all). It will result in nobody having the slightest idea of what's configured for what or what's using which instance for what. It will also make traffic analysis easier by putting some traffic over one ingress connection and other traffic over a different ingress connection. The fact that it's a waste of both local and network resources, while true, is perhaps less important.

The whole business of bundling Tor with a browser has caused UNTOLD user confusion about what does what. Judging by the sorts of questions it generates on Reddit and similar, has probably led to people shooting themselves in the foot. Removing any distinction even in the name has made things far worse.

How do you use the orbot app if you have tor browser for android installed? It seems orbot is integrated into the tor browser but i don't see a way to route all traffic to from other apps through the tor network using the orbot built into tor browser for android.

Hi ,where I live lately tor is having issues. Normally access was not closed, simply launchig orbot and a circuit were fixed in a bit.Now just clicking on orbot bridge a premade you can choose which and anything it may be able to run .
Moreover behind a vpn a good one.
Nice to met you.


May 21, 2019


I still can watch real OS from javascript. Try navigator. Why you can't fix this? This is serious security problem.
Cool new logo.

Your OS can be detected in various ways. It's pointless to try and hide it. Your OS reacts differently to many things than another OS would, and they're trivial to detect using Javascript for example.

I have been using Tor since the days of privoxy, or even earlier, and I can confirm that the long standing and apparently intractable issue with OS detection despite using TB has often been discussed over the years and is (or should be) well known to every long time user.

Some technical issues are very hard to solve, and I think that TP is wise to spend its intellectual capital on devising ameliorations of more serious deanonymization and cybersecurity vulnerabilities.

Speaking of which, a million thanks to the hard working Tails team for promptly patching against the latest round of attacks leveraging speculative execution and other hard wired CPU flaws. The most dangerous has even been specifically confirmed to be usable in real world attacks on Tor Browser users, so the rapid fix was terribly important.

(People who use TB under Debian and who have just updated their Debian should be fine too I think; not sure about other popular OS's.)


May 21, 2019


'The new Tor Browser icon was chosen through a round of voting in our community'
where, what and who is this community? where did you call for voting?

So the design team at Tor Project posted an anonymous survey, interpreted it as a community vote, dropped the colors in favor of monochrome, dropped the the onion outer shape in favor of a circle, made half circles for the inner pattern so to be even farther from an onion's anatomy, checked how many companies/apps have the same logo with sightly different color, and then picked this one.

I confess that I initially misunderstood the icons and panicked, so for five minutes earlier today I somewhat agreed with you, but by now I've been using 8.5 all day and I have decided that I like the new icons and the new security slider. And I am overjoyed (overjoyed!) that TP now has an offical and apparently working version for one of the major brands of smart phones (Android).

Anonymous survey: how else can TP get feedback from the user community? Because we are anons not registered voters.*

Sometimes I get the impression that some posters do everything they can to think of something anything negative to say about anything Tor Project does, but maybe you just panicked like I did because if you weren't ready for it one could have thought someone had fooled us into installing a malicious modification of TB.

[Edit: slightly cut the post to stay on topic, -GK]

the titlebar icon is ok, but I would have subtracted one of the concentric half-rings.
IMO, it is more distinguishable than tbb's recent faded green FF icon.
I don't notice any other change, though I see the bland b&w "new tor circuit for his site" icon in the "hamburger" menu.

The UI defects are FF/mozilla's - though because Moz has contracted Googlechrome Disease.
(Has any moz designer wondered why FF's urlbar/addressbar possess both overflow *and* a 'hamburger' expander/dropdown menus *adjacent to each other* ?)

Considering usability of most gui apps, icon and toolbar design has declined since macos 8/9 and xp/ie6/food.

I missed the election (after GCHQ attacked my email I have good reason to avoid mailing lists which means I am excluded from many things, so a small win for the bad guys there) and like most users I initially thought the new TB look suggested someone messing with the supply chain.

FWIW I have been using 8.5 all day and decided I like the new icons just fine :-)


May 21, 2019


Awesome news, love the fresh look. Noticed there's a Nightly icon, are the nightly builds public and if so where can i grab em?

The nightly builds are public, and you can find the link to download them on:…

Currently the nightly builds don't have automatic updates available, so you will have to manually download and install new versions. However we are planning to fix this in the future:

Onion sites are thought to be safer than clearnet sites, in the sense of being less susceptible to various ways in which bad guys can mess with DNS. So being sent to an onion means someone did you a favor.

To avoid possible confusion: the exit node does the DNS lookup if you surf to a clearnet site using Tor Browser, but the exit node can fall victim to the same attacks which might misdirect your browser if you were using FF on your own computer. Onions bypass many of these serious DNS issues.

I am an ordinary Tor user not a dev, so if I said anything wrong above I welcome correction.

(I hope to someday soon see a post in this blog explaining the virtues of onions for cybersecurity. There are no magic bullets but onions can blunt many threats, it seems to me, suggesting that the web would be safer for everyone if every website were an onion site. Of course, we'll have to gracefully grow the volunteer Tor network by several orders of magnitude before that becomes practical. But it seems like a good goal to keep in mind.)


May 21, 2019


Cool, thank you. It works like a charm.

I have a couple of questions.

1 - Do you plan to implement letterboxing into TBB? If yes, when?

2- Why the new Tor release has not been implemented into TBB? Or did I miss something in the changelog (if so, apologies)

3 - Why you have not yet uploaded the deb packages of the last Tor release (4.0.x) on your repos?


1 - Do you plan to implement letterboxing into TBB? If yes, when?

Yes. It will be included in the next alpha (9.0a1) which we will be releasing tomorrow.

2- Why the new Tor release has not been implemented into TBB? Or did I miss something in the changelog (if so, apologies)

We first need to test the 0.4.x series in an alpha release before including in the stable Tor Browser.

3 - Why you have not yet uploaded the deb packages of the last Tor release (4.0.x) on your repos?

I see that has version

Exactly. Linux kernel updates also remain on the branch you first installed until you view all packages and select a different one. Thank you.

OK, but then the question does not change (OK, it changes a little): why hasn't the Tor repository file been updated yet? I am not saying this is necessarily wrong. Not at all. I just do not understand the reason (I do not recall any other situation where this happened) nor I can find any "statement" about this.

Cheers. stable was released on May 3, but all of the distro suite names only offer 0.3.5.x. To make your package manager list 0.4.0.x, edit your package manager's software sources configuration (repositories, sources.list) to download from one of the distributions (suites) named "tor-experimental-0.4.0.x-*" as seen here:


May 21, 2019


The security level indicator is a huge improvement, thank you very much for implementing this!
However I was quite surprised to see that the slider (radio buttons now) has been still hidden away in the settings tab. I was expecting to see the option to change the security level right in the toolbar icon's menu itself, instead of merely a further explanation. Any plans to implement this as well?
Again, thank you for all the improvements!

OCSP stapling is set as enabled and required in about:config, so if a cert uses OCSP, the browser must only contact the cert owner's website, not CAs or issuers. So it has that going for it.

Yes, OCSP is enabled (and this is good, would you prefer trusting a revoked certificate?). OCSP stapling helps a little here, but it certainly is not enough and I see many OCSP queries during my normal usage every day. There is some information leakage because the browser queries whatever URL is provided in the certificate, but these queries are first-party isolated, so querying the same CA for different sites (first parties) should not be linkable. As the Tor Browser Design Document says:

OCSP requests go to Certificate Authorities (CAs) to check for revoked certificates. They are sent once the browser is visiting a website via HTTPS and no cached results are available. Thus, to avoid information leaks, e.g. to exit relays, OCSP requests MUST go over the same circuit as the HTTPS request causing them and MUST therefore be isolated to the URL bar domain. The resulting cache entries MUST be bound to the URL bar domain as well. This functionality is provided by setting privacy.firstparty.isolate to true.

It took 2 clicks when it was in TorButton. I takes 2 clicks now. I wouldn't say placement makes it harder to find. On the contrary, the new shield icon for security level visually changes shading, indicating the level without having to click anything. Nevertheless, there is always room for improvement.

No, we don't have plans. The reason for the current design is that the button on the toolbar is not meant to easily toggle the slider state. It's meant to show you your current state and to offer the option to (re-)set the level if you really need to. It's a global feature affecting the whole browser session and could lead to surprises if used to just change the level for site X.

> It's a global feature affecting the whole browser session and could lead to surprises if used to just change the level for site X.

So are NoScript and its options, and people want those easily accessible too.