New Release: Tor Browser 9.0a1

Tor Browser 9.0a1 is now available from the Tor Browser Alpha download page and also from our distribution directory.

Note: this is an alpha release, an experimental version for users who want to help us test new features. For everyone else, we recommend downloading the latest stable release instead.

This release features important security updates to Firefox.

Tor Browser 9.0a1 is the first release in the 9.0 alpha series. It contains all the improvements and fixes from the 8.5 release as well as other new features:

  • Tor Launcher is getting tighter integrated into the browser as a preparation step for the switch to Firefox 68 ESR. That results in it not showing up anymore on the about:addons page while still being available (and we don't need to make a code-signing exception for it either anymore, which is nice). See the underlying proposal for this decision for full details.
  • We backported Mozilla's Letterboxing feature which allows us to finally tackle the problem of not properly rounded screen dimensions in case users start to maximize or otherwise resize the browser window. Letterboxing is off by default for now, although we plan to enabled it in one of the upcoming alpha releases. If you want to check it out and report issues please add the privacy.resistFingerprinting.letterboxing preference on about:config and set it to true. Many thanks to Tom Ritter and anyone else at Mozilla who has been working on that problem and designing the current approach.

The full changelog since Tor Browser 8.5a12 is:

  • All platforms
    • Update Firefox to 60.7.0esr
    • Update Torbutton to 2.1.9
      • Bug 30069: Use slider and about:tor localizations
      • Bug 30115+27449+25145: Map browser + domain -> credentials to fix UI issues
      • Bug 30171: Don't sync cookie.cookieBehavior and firstparty.isolate
      • Bug 30425: Revert armagadd-on-2.0 changes
      • Bug 30497: Add Donate link to about:tor
      • Bug 30464: Add WebGL to safer descriptions
      • Translations update
    • Update HTTPS Everywhere to 2019.5.6.1
    • Bug 24622: Proper first-party isolation of s3.amazonaws.com
    • Bug 30425: Revert armagadd-on-2.0 changes
  • Windows + OS X + Linux
    • Update Tor Launcher to 0.2.19
      • Bug 28044: Integrate Tor Launcher into tor-browser
      • Bug 29627: Moat: add support for obfsproxy's meek_lite
      • Bug 30139: Remove FTE bits
      • Translations update
    • Bug 28044: Integrate Tor Launcher into tor-browser
    • Bug 30372: Backport letterboxing (bug 1538130)
    • Bug 28369: Stop shipping pingsender executable
    • Bug 30457: Remove defunct default bridges
    • Bug 29045: Ensure that tor does not start up in dormant mode
    • Bug 29641: Try to connect over IPv6 if needed
  • Windows
  • OS X
    • Bug 30241: Bump snowflake version to d11e55aabe
  • Linux
  • Android
    • Bug 29982: Force single-pane UI on Tor Preferences
    • Bug 30086: Prevent Sync-related crashes on Android
    • Bug 30214: Kill background thread when Activity is null
    • Bug 30239: Render Fragments after crash
    • Bug 30136: Use 'Tor Browser' as brand name on mobile, too
    • Bug 30069: Use slider and about:tor localizations
    • Bug 30371: Stop hard-coding the content provider name in tor-android-service
    • Bug 30162: Tor Browser bootstrap process got stuck after interrupting it
    • Bug 30166: If specified, only use custom bridges for connecting
    • Bug 30518: Add SocksPort flags for consistency across platforms
    • Bug 30284: Fix broken start-up on KitKat devices
    • Bug 30489: Remove Unused Resources from tor-android-service
  • Build System
    • Windows
      • Bug 29307: Use Stretch for cross-compiling for Windows
      • Bug 29731: Remove faketime for Windows builds
    • Linux
      • Bug 30377: Remove selfrando from our build system
      • Bug 30448: Strip Browser/gtk2/libmozgtk.so
    • Android
      • Bug 29981: Add option to build without using containers
      • Bug 30169: Switch to our tor-android-service repo
      • Bug 30404: Remove Orbot Project
      • Bug 30280: Wrong SHA-256 sum for j2objc-annotations-1.1.jar
Anonymous

May 25, 2019

Permalink

  1. Tor WARN: Problem bootstrapping. Stuck at 5% (conn): Connecting to a relay. (Network is unreachable [WSAENETUNREACH ]; NOROUTE; count 2; recommendation warn; host 9B24B2149631167704362E07356A9E9BFC1F0F05 at 2a01:4f9:2a:3d9:200::201:9001)<br />
  2. Tor WARN: 1 connections have failed:<br />
  3. Tor WARN: 1 connections died in state connect()ing with SSL state (No SSL object)

It looks like Tor tries IPv6 in IPv4 network...

Anonymous

May 26, 2019

Permalink

Certain web pages keep asking for HTML5 canvas access. How can one set the default to block?

Anonymous

May 27, 2019

Permalink

With every update, torbrowser "sucks" more - in particular memory and cpu. The new version on a 3,5GB-memory 64Bit machine is considerably slower than the 1 year old version was on my 1,5GB-32Bit machine.

Torbrowser wants to support activists around the world. What hardware do you think the majority of these activists have available? You think they're all equipped like Silicon Valley geeks? Even some of my friends in The North still run old 32Bit-Thinkpads for their political activism.

Frustrating by the way that the 32Bit-Linux version doesn't run (and seemingly isn't supposed to run) on a 64Bit machine.

A lightweight variant or a much lighter Torbrowser is urgently needed if Torbrowser is intended to be put to the uses it claims to be intended for!!!

Hello!

>> torbrowser "sucks" more - in particular memory and cpu.
Meanwhile I did not had observations of slowdowns of TBB, but I did not checked specially.
Have to say that mentioned by Mr. "exit" situation really may appear.
So I would like to prevent it.
Dear TBB-developpers! - Please keep the hand on the pulse!!!

>> Torbrowser wants to support activists around the world.
>> What hardware do you think the majority of these activists have available?
>> You think they're all equipped like Silicon Valley geeks?
>> Even some of my friends in The North still
>> run old 32Bit-Thinkpads for their political activism.

Absolutely.
Recently I saw discussion at https://www.opennet.ru/opennews/art.shtml?num=50638 - why Tails is not 32-bit. Like for me Tails-developers just cut their expanses (time, money,efforts, etc ) by dropping 32-bit users. Very sad.

Dear tor team ,

could u add translate sites in tor browser .

thanks for Tor teams .

What do you have in mind?

Developer! Hello! Now you have made the first final release of the program "Tor Browser" for android devices, and further develop this project, this is good. Very happy. You have developed the program "Tor" for os Wndows, linux ..
In this regard, the question;
Do you plan to develop a similar program "Tor" for android devices based on the program "Orbot"?

We don't plan to work on a replacement for Orbot, no.

rc7:
NoScript detected a potential Cross-Site Scripting attack

from https://mysite to https://s7.addthis.com.

Suspicious data:

Error: Exceeded 20000ms timeout,(URL)

08:32:55.251 Got a mutation for an unexpected actor: server1.conn1.child1/domnode63, please file a bug on bugzilla.mozilla.org! 1 inspector.js:307:11
08:32:55.252 console.trace(): 1 inspector.js:309
WalkerFront<.getMutations

What do you mean with "doesn't work"? What is supposed to happen?

security slider gone. now click click to access. minorly inconvenient

How so? The amount of clicks you need for changes the level does not have changed (previously 2, now 2) and the amount of clicks you need to see on which level you are on has improved (previously 2, now 0).

About Tor Browser dialog:
15:36:12.897 Invalid string label 1 (unknown)
and when pressing the button to update.

Hello Tor developers & users!

How can I easily know and understand the differences
between the various Tor Browser (TB) versions
(for example current v8.0.9, v8.5.1 and v9.0a1)?

Which preferences and about:config settings values is common
and which is vary in all these TB variants?

Where can I read about this more, in clearly explained form?

(I'm unexperienced TB user, began using it this New Year.)

Thanks in advance.

(sorry for possible double posting - there was a browser glitch.)

There is no clear explanation on the exact differences between stable and alpha versions. You have to diff the respective components' source code. The alpha, in general, contains features and bug fixes that need a bit more testing time than what we already give them and/or those things that a basically too invasive for a stable series (like toolchain changes).