New Release: Tor Browser 8.5

[Update 5/22/2019 8:18 UTC: Added issue with saved passwords and logins that vanished to Known Issues section.]

Tor Browser 8.5 is now available from the Tor Browser download page and also from our distribution directory. The Android version is also available from Google Play and should be available from F-Droid within the next day.

This release features important security updates to Firefox.

After months of work and including feedback from our users, Tor Browser 8.5 includes our first stable release for Android plus many new features across platforms.

It's Official: Tor Browser is Stable on Android

Tor Browser 8.5 is the first stable release for Android. Since we released the first alpha version in September, we've been hard at work making sure we can provide the protections users are already enjoying on desktop to the Android platform. Mobile browsing is increasing around the world, and in some parts, it is commonly the only way people access the internet. In these same areas, there is often heavy surveillance and censorship online, so we made it a priority to reach these users.

Tor Browser for Android

We made sure there are no proxy bypasses, that first-party isolation is enabled to protect you from cross-site tracking, and that most of the fingerprinting defenses are working. While there are still feature gaps between the desktop and Android Tor Browser, we are confident that Tor Browser for Android provides essentially the same protections that can be found on desktop platforms.

Thanks to everyone working on getting our mobile experience into shape, in particular to Antonela, Matt, Igor, and Shane.

Note: Though we cannot bring an official Tor Browser to iOS due to restrictions by Apple, the only app we recommend is Onion Browser, developed by Mike Tigas with help from the Guardian Project.

Improved Security Slider Accessibility

Our security slider is an important tool for Tor Browser users, especially for those with sensitive security needs. However, its location behind the Torbutton menu made it hard to access.

Tor Browser Security

During the Tor Browser 8.5 development period, we revamped the experience so now the chosen security level appears on the toolbar. You can interact with the slider more easily now. For the fully planned changes check out proposal 101.

A Fresh Look

We made Tor Browser 8.5 compatible with Firefox's Photon UI and redesigned our logos and about:tor page across all the platforms we support to provide the same look and feel and improve accessibility.

Tor Browser icons

The new Tor Browser icon was chosen through a round of voting in our community.

We'd like to give a big thanks to everyone who helped make this release possible, including our users, who gave valuable feedback to our alpha versions.

Known Issues

Tor Browser 8.5 comes with a number of known issues. The most important ones are:

  1. While we improved accessibility support for Windows users during our 8.5 stabilization, it's still not perfect. We are in the process of finishing patches for inclusion in an 8.5 point release. We are close here.
  2. There are bug reports about WebGL related fingerprinting which we are investigating. We are currently testing a fix for the most problematic issue and will ship that in the next point release.
  3. The upgrade to Tor Browser 8.5 broke saved logins and passwords. We are investigating this bug and hope to provide a fix in an upcoming point release.

We already collected a number of unresolved bugs since releasing Tor Browser 8 and tagged them with our tbb-8.0-issues keyword to keep them on our radar. Check them out before reporting if you find a bug.

Give Feedback

In addition to the known issues, we are always looking for feedback about ways we can make our software better for you. If you find a bug or have a suggestion for how we could improve this release, please let us know.

Full Changelog

The full changelog since Tor Browser 8.0.9 is:

  • All platforms
    • Update Firefox to 60.7.0esr
    • Update Torbutton to 2.1.8
      • Bug 25013: Integrate Torbutton into tor-browser for Android
      • Bug 27111: Update about:tor desktop version to work on mobile
      • Bug 22538+22513: Fix new circuit button for error pages
      • Bug 25145: Update circuit display when back button is pressed
      • Bug 27749: Opening about:config shows circuit from previous website
      • Bug 30115: Map browser+domain to credentials to fix circuit display
      • Bug 25702: Update Tor Browser icon to follow design guidelines
      • Bug 21805: Add click-to-play button for WebGL
      • Bug 28836: Links on about:tor are not clickable
      • Bug 30171: Don't sync cookie.cookieBehavior and firstparty.isolate
      • Bug 29825: Intelligently add new Security Level button to taskbar
      • Bug 29903: No WebGL click-to-play on the standard security level
      • Bug 27290: Remove WebGL pref for min capability mode
      • Bug 25658: Replace security slider with security level UI
      • Bug 28628: Change onboarding Security panel to open new Security Level panel
      • Bug 29440: Update about:tor when Tor Browser is updated
      • Bug 27478: Improved Torbutton icons for dark theme
      • Bug 29239: Don't ship the Torbutton .xpi on mobile
      • Bug 27484: Improve navigation within onboarding (strings)
      • Bug 29768: Introduce new features to users (strings)
      • Bug 28093: Update donation banner style to make it fit in small screens
      • Bug 28543: about:tor has scroll bar between widths 900px and 1000px
      • Bug 28039: Enable dump() if log method is 0
      • Bug 27701: Don't show App Blocker dialog on Android
      • Bug 28187: Change tor circuit icon to torbutton.svg
      • Bug 29943: Use locales in AB-CD scheme to match Mozilla
      • Bug 26498: Add locale: es-AR
      • Bug 28082: Add locales cs, el, hu, ka
      • Bug 29973: Remove remaining stopOpenSecuritySettingsObserver() pieces
      • Bug 28075: Tone down missing SOCKS credential warning
      • Bug 30425: Revert armagadd-on-2.0 changes
      • Bug 30497: Add Donate link to about:tor
      • Bug 30069: Use slider and about:tor localizations on mobile
      • Bug 21263: Remove outdated information from the README
      • Bug 28747: Remove NoScript (XPCOM) related unused code
      • Translations update
      • Code clean-up
    • Update HTTPS Everywhere to 2019.5.6.1
    • Bug 27290: Remove WebGL pref for min capability mode
    • Bug 29120: Enable media cache in memory
    • Bug 24622: Proper first-party isolation of s3.amazonaws.com
    • Bug 29082: Backport patches for bug 1469916
    • Bug 28711: Backport patches for bug 1474659
    • Bug 27828: "Check for Tor Browser update" doesn't seem to do anything
    • Bug 29028: Auto-decline most canvas warning prompts again
    • Bug 27919: Backport SSL status API
    • Bug 27597: Fix our debug builds
    • Bug 28082: Add locales cs, el, hu, ka
    • Bug 26498: Add locale: es-AR
    • Bug 29916: Make sure enterprise policies are disabled
    • Bug 29349: Remove network.http.spdy.* overrides from meek helper user.js
    • Bug 29327: TypeError: hostName is null on about:tor page
    • Bug 30425: Revert armagadd-on-2.0 changes
  • Windows + OS X + Linux
    • Update OpenSSL to 1.0.2r
    • Update Tor Launcher to 0.2.18.3
      • Bug 27994+25151: Use the new Tor Browser logo
      • Bug 29328: Account for Tor 0.4.0.x's revised bootstrap status reporting
      • Bug 22402: Improve "For assistance" link
      • Bug 27994: Use the new Tor Browser logo
      • Bug 25405: Cannot use Moat if a meek bridge is configured
      • Bug 27392: Update Moat URLs
      • Bug 28082: Add locales cs, el, hu, ka
      • Bug 26498: Add locale es-AR
      • Bug 28039: Enable dump() if log method is 0
      • Translations update
    • Bug 25702: Activity 1.1 Update Tor Browser icon to follow design guidelines
    • Bug 28111: Use Tor Browser icon in identity box
    • Bug 22343: Make 'Save Page As' obey first-party isolation
    • Bug 29768: Introduce new features to users
    • Bug 27484: Improve navigation within onboarding
    • Bug 25658+29554: Replace security slider with security level UI
    • Bug 25405: Cannot use Moat if a meek bridge is configured
    • Bug 28885: notify users that update is downloading
    • Bug 29180: MAR download stalls when about dialog is opened
    • Bug 27485: Users are not taught how to open security-slider dialog
    • Bug 27486: Avoid about:blank tabs when opening onboarding pages
    • Bug 29440: Update about:tor when Tor Browser is updated
    • Bug 23359: WebExtensions icons are not shown on first start
    • Bug 28628: Change onboarding Security panel to open new Security Level panel
    • Bug 27905: Fix many occurrences of "Firefox" in about:preferences
    • Bug 28369: Stop shipping pingsender executable
    • Bug 30457: Remove defunct default bridges
  • Windows
    • Bug 27503: Improve screen reader accessibility
    • Bug 27865: Tor Browser 8.5a2 is crashing on Windows
    • Bug 22654: Firefox icon is shown for Tor Browser on Windows 10 start menu
    • Bug 28874: Bump mingw-w64 commit to fix WebGL crash
    • Bug 12885: Windows Jump Lists fail for Tor Browser
    • Bug 28618: Set MOZILLA_OFFICIAL for Windows build
    • Bug 21704: Abort install if CPU is missing SSE2 support
  • OS X
    • Bug 27623: Use MOZILLA_OFFICIAL for our builds
  • Linux
    • Bug 28022: Use `/usr/bin/env bash` for bash invocation
    • Bug 27623: Use MOZILLA_OFFICIAL for our builds
  • Android
  • Build System
    • All platforms
      • Bug 25623: Disable network during build
      • Bug 25876: Generate source tarballs during build
      • Bug 28685: Set Build ID based on Tor Browser version
      • Bug 29194: Set DEBIAN_FRONTEND=noninteractive
      • Bug 29167: Upgrade go to 1.11.5
      • Bug 29158: Install updated apt packages (CVE-2019-3462)
      • Bug 29097: Don't try to install python3.6-lxml for HTTPS Everywhere
      • Bug 27061: Enable verification of langpacks checksums
    • Windows
    • OS X
    • Linux
      • Bug 26323+29812: Build 32bit Linux bundles on 64bit Debian Wheezy
      • Bug 26148: Update binutils to 2.31.1
      • Bug 29758: Build firefox debug symbols for linux-i686
      • Bug 29966: Use archive.debian.org for Wheezy images
      • Bug 29183: Use linux-x86_64 langpacks on linux-x86_64
    • Android
      • Bug 29981: Add option to build without using containers
Anonymous

May 22, 2019

Permalink

Great, thanks for the Improved Security Slider Accessibility! I love it this way.

One problem is big with Tor browser for a while, Google Captcha challenge aren't working properly. You enter the right solution but Google Captcha say wrong. Is there a fix or a work around? Thanks

Anonymous

May 22, 2019

Permalink

I have not posted here for the last 3 or 4 releases as I appreciate what you do and didn't wish to complain. I do miss from 4 changes ago the 8? squared section allowing you to choose search engines at your fingertip even though I know it is gone for security reasons. Also, I see that the next release, if I understand correctly, will stop the NoScript flash page that overshadows the screen and is relentless as a damn captcha. I do so much miss the, literally, iconic logo icon that said TOR. I loved looking at that Tor icon. It was pure class. Thanks anyway for Tor!

> 8? squared section allowing you to choose search engines at your fingertip

Type keywords in the address bar, and search engine icons fall under it. Press Enter for the default search engine. Another way, customize the toolbar and drag "Search" box. Click the magnifying glass to see search engine icons. Another way, open hamburger menu, Preferences, Search, and pick a default, enable, disable, or reorder.

Anonymous

May 22, 2019

Permalink

I miss that green onion logo. My fault for not voting. Green onions are more versatile than purple onions; just riffing... Again, thank you for your constant work on Tor.

I would like to use it as my main browser on Android. However you can not download images and downloads can not be canceled and sometimes the tabs that I have open are blank or reload.

Does this still happen with the stable release? Which Android version and device do you have? Do you have an example link which we could test the download issues with?

For the hard work of the Tor team and delivering.

  • Multiple issues; Android:
  1. Cannot transfer bookmarks (I have moved from OrFox to TorBrowser ALPHA to TorBrowser 8.5 final)
    1. Maybe an extension/plug-in to import and export bookmarks can resolve this problem
  • Windows:
  1. Without mouse gesture support (doesn't work in TorBrowser), it's a pain using several windows with many tabs open in each of those windows (doing research requires many tabs/windows).
    1. Maybe another browser for Tor could be the solution; Vivaldi for an example has a lot of the functionality of Firefox extensions built right in (although it's 'invert color' filter is not as nice as DarkMode extensions, at least it's built in).
  2. Recommending that we do not update extensions that are shipped with TB (like Torbutton, TorLauncher, HTTPS Everywhere and NoScript) and yet leave Auto-update on by default!
    1. If possible, maybe disable Auto-update just for just the extensions that are shipped with TB.

Anyway, thank you again for this great update.

Regarding the issue with transferring bookmarks, that is a problem. We're still considering the best solution here because Firefox Sync is not available on Android. We were more concerned with stabilizing Tor Browser on Android, so that was our priority. Now we'll concentrate on solving bugs and making the browser more usable (including migrating bookmarks from the Alpha version to Stable). We still have a lot of work in front of us.

People actually voted for that logo? It's terribly bland, generic, and meaningless.

I was initially taken aback also, but after using 8.5 for an hour or so I decided I like the new icons, the new security slider, and can live with the absence of the ferocious NoScript symbol in the tool bar.

By the way, some Tor Browser newbies found it very offputting that when they tried to watch a youtube video they saw the NoScript icon which they misinterpreted I think as some nasty hacker messing with them, not as a the good guys preventing their browser from doing something dangerous. I think it would be very useful if Tor Project posts in this blog an explanation of how to watch youtube videos as safely as possible using Tor Browser. If this is in fact possible to do, of course--- some people tell me it is. The post should explain why watching youtube videos without protections can be dangerous, in particular why NoScript is likely to object.

when they tried to watch a youtube video they saw the NoScript icon which they misinterpreted I think as some nasty hacker

Indeed. The icon of NoScript on click-to-play yellow sheets does not look like any icons of Mozilla or Tor Project. As Tor Project hid the icon from the toolbar, it is not introduced anymore as a bundled component, but jarringly introduced when browsing casually.

They should ask people on deviantArt.

A contest commending their strengths could raise interest about Tor Project and increase collaboration with communities less aware of privacy tools and practices.

why are there to versions on f-droid ? which is the right one ?

There is an alpha version ("Alpha" in the name) and a stable one. If you feel like trying to find bugs and test out the latest features use the alpha one, otherwise sticking to the stable one sounds like a good idea.

So it will only be on the guardianproject repo? Not regular F-droid?

I noticed some small issues with the current F-droid listing, the license link is 404 and the "Alpha" still says it requires Orbot.

A changelog link would be nice also.

We should have Tor Browser in regular F-Droid soon, see: https://trac.torproject.org/projects/tor/ticket/27539.

Great job! Thank you.

Is it known that this and the previous versions of TOR does not work while within a sandbox?

"DLL Initialization Failed.

C:\program files\sandbox\SbieDll.dll failed. The process is terminating abnormally."

I have tried opening a bug report, but something is broken about it and it refuses to let me log into it. Sorry.

sandboxie worked properly until TBB 7.5.x
i searched the (old) forum, could read 'sandboxie does not support TorBrowser' and nothing about this dll-error.
finally i moved to Linux to be able to use a sandbox.

I am excited about the first Android Tor Browser release! When are you going to update the TBB manual? It is not for mobile but only for desktop.

I would like to introduce my mum to TBB - she attended a conference, discovered the Internet is a weird place and now feels the need of some protection - but I hesitate to do that until there will be a proper Tor Browser Manual for Android. Why?

Simply because she is close to 70, she loves her tablet (the only technological devices she uses in order to surf the Internet) but her mind is not exactly elastic with technology (an example: she has a bunch of post-it where she wrote the whole procedure in order... to print a document :-D ). So, she needs a kind of support for when I am not there (and I do not want she feel mortified or not smart enough when something goes wrong: for her this would mean giving up immediately with TBB and going back to something else).

Thanks.

We have plans in the works to get an Android manual up and running, though I don't have a specific ETA to give you. Thanks for your feedback!

Popup-GUI from HTTPSEverywhere2019.5.6.1 more blurry, than versions before.
If this is intentional, why not asking Facebook&Co, masters of practical gui for users... .

HTTPS Everywhere is not made by Tor Project. It's made by Electronic Frontier Foundation, EFF.

For the first - New icon is not bad and nice, thanks, BUT

1) I do not understand - WHAT DOWS ITS IMAGE ACTUALLY MEAN??? Onions??? O-O-O-O-O.... ?? )))
2) so - PLEASE BACK OLD GOOD GREEN ALL-WORLD ICON - as it is clear and already usual for Tor-users!

and Really, -
* new icon - does not brings any EXTRA value to users
* new icon - brings disharmony to stable users' perception of TBB
* new icon - is aligined with new logos\colors of site only (users do not care about)

* old icon - is usual
* old icon - is good for VISUAL observation as it was GREEN (green is known good color for sedation - it is about Human Psychology!)
* old icon - shows the World map - not some strange circles (regualar users know nothing about onion-circles, they need stability and protection - Green World is normal symbol of such things)

My vote is for OLD ICON! (purpule colors of site and browser you may keep - they are traditional for now already)

NEW ICON: "You are the target" (Shooting target)

OLD ICON: "You are [probably] not alone!" (The world is not ending at your country - just look)

No no, Tor users are not being targeted for mind control by TP, which would be bad; rather, the world is about to be torified, which will be good. Let me explain.

The purple icon indicates that Tor Project is plotting to take over University of Washington. And ComicCon. Then Microsoft Research. Then Microsoft itself. Then the Amazon globe. Which means taking over the entire freakin' world! Yeah!

(I confess I initially panicked over the purple, which is probably why I now find purple-hating angst funny. Maybe laughing at our own tendency to over-react is part of trying to maintain our sanity. On another level we know that looking out for minor visual discrepancies really can be a clue that Something Has Gone Seriously Wrong, so we should forgive ourselves for sometimes panicking when suddenly things look a little different from what we are used to.)

If given only those two options, I would go with the green globe as well. A target doesn't give the right impression, nor represents "internet", but a simple globe for "internet" is maybe too generic.

Hi
I am new to Tor , and not that tech savvy . My issue is that after installing Tor on Linux , thur the pen drive , Tor will get connected once on the linux system but the moment I close the window the Tor disappears and there is no Icon can be seen on the main page. Yes of course there is file which I some how extracted by watching few you tube videos. Now how can I install on the pen drive ?
Kindly advise
Regards

Could you elaborate? What do you mean by the main page? Do you mean the desktop area? Are you running Linux from the USB pen drive or just Tor Browser from the pen drive?

I downloaded and installed Tor Browser for Windows, but now I can't find it.

You can install Tor Browser on the pen drive by extracting or moving the tor-browser folder to the pen drive before you first open Tor Browser. The browser won't work if you move the folder after you first open the browser. Open the tor-browser folder, and open the file named start-tor-browser.

The Tor Browser tar.xz on Linux might not install a desktop icon because there are many varieties of Linux desktop environments that configure icons differently. Search the web for help to configure your desktop environment (GNOME, Cinnamon, KDE, Xfce, ...) main menu icons.

Bug 25013: Integrate Torbutton into tor-browser for Android

Why for Android only?

Because we only needed it for Android included directly. It was the least amount of work while working on a more generic solution for the ESR 68 transition.

Bug 29903: No WebGL click-to-play on the standard security level

Hey, we don't want that fingerprinter active by default!

I kinda hate the security levels altogether. Id like to be able to manually control permissions by tracker like I always have without having to go into my addon settings, go to noscript and make an exception manually for each domain or page or override the security settings of all pages. Noscript is allowed to override, but at safest, scripts are greyed out on the trusted setting. Sometimes a site just won't work without scripts, but I always stay at safest by default. So a temp trust would be useless if it needs scripts. Can I please get noscript back on the toolbar? This feels like tor browser with training wheels.

Yes, you can. Just customize your toolbar as you wish.

Bug 28002: Fix the precomplete file in the en-US installer
Bug 29868: Fix installation of python-future package

and, probably, many others have already been backported to 8.0.9, so the changelog is not correct.

Thanks, fixed.

Hello, is there a way to change the logo to the old one?

No, unless you mess with the code every time you get a Tor Browser update.

Tor Browser is Stable on Android? Time to update https://support.torproject.org/#tormobile

Security Level replaced Security Slider? Time to update https://tb-manual.torproject.org/security-slider/

Information on the new security settings UI can be found here: https://tb-manual.torproject.org/security-settings/

Thanks for the reminder to delete the security-slider page, though - I'll file a trac report for that.

I don't know if you should outright delete it. Sometimes people comment that they are on old systems that can't support updated builds. Archiving may be better.

Hello I'm kind of confused with this stable alpha version of tor browser out do I still need orbot and orfox it seems to run fine when i dont have either installed ?

Orfox is the older version of Tor Browser. In the near future, Orfox users will receive an update pointing them to Tor Browser.

Regarding Orbot, it app is not needed if you only use Tor Browser (because Tor Browser includes its own tor, and it doesn't need an additional app). If you use other apps that need Orbot or if you use other features of Orbot (like the VPN mode), then you still need Orbot for this (Tor Browser does not replace Orbot).