New Release: Tor Browser 8.5.6

Tor Browser for Android 8.5.6 is now available from the Tor Browser Download page and also from our distribution directory. This version is for Android only, the latest version for Linux, macOS and Windows is still 8.5.5.

This update is fixing an issue with the aarch64 version, mostly on Android 9 which was causing a crash on every launch.

Note: Due to some issue with Google Play's new requirement for 64bit versions, we have not yet been able to publish the Android x86 and x86_64 versions on Google Play. We plan to fix this in the next release. In the meantime the x86 version can be downloaded from our website.

The full changelog since Tor Browser 8.5.5 is:

  • Android
    • Update Torbutton to 2.1.14
      • Bug 31616: Fix JIT related crashes on aarch64

September 09, 2019


Didn't understand about the explanation of x86 or x64. Is there no x64 or aarch64 type still available on playstore, only armv7 ? The problem of aarc64 type crashing got fixed or not ?

Is the below explanation correct ?

1. The problem , the nasty problem of aarch64 type crashing got solved , but it is not being published to playstore.

2. Armv7 types are publishing in playstore. How can that be if google playstore is only allowing aarch64 types. ?

3. Users wanting x86 bit can download from website & dist. repo always.Cause google isn't allowing x86 versions on playstore.

8.5.5 introduced the aarch64 version, causing armv7 users with hardware supporting it to be updated to this version. Unfortunately this aarch64 version was not working correctly, which is fixed by version 8.5.6. So there should now be a working aarch64 version on Google Play.

For x86_64 we don't have a working build yet (we plan to have it with Tor Browser 9.0 on October 22), but we have an x86 one. However Google Play does not allow us to upload a x86 build if we don't provide an x86_64 one at the same time.


September 09, 2019


I found a security bug in the Tor Browser Bundle. Is there a way to disclose it without having to use Email?

Kind regards

The best way is to use email with GPG. See "Report a security issue" on the contact page:

If you don't want to use email, you can encrypt details about the bug using the key from someone in the Tor Browser team (you can find keys on, and post the encrypted text as a comment here.

Thank you for offering this alternative!

I am not the O.P. but if I ever (shudder) think I've discovered a serious bug I'll try this method.

Here is an alternative idea I've tried to suggest: follow the lead of Tails Project by adopting Whisperback for security bug reports. This uses an onion send an email, hopefully anonymous, to Tails. It would be very wise to audit Whisperback first, of course.

Here is a third idea which I've tried to suggest previously, so far without success: OnionShare is a very natural tool for sharing anything which needs to be kept private, and also has the potential for communication (e.g. with Tor Project) which is hard for the bad guys to attribute to an individual honest citizen. The roadblock for using OnionShare is safely and anonymously communicating the temporary onion address to the party you wish to communicate with. But surely if tor devs but their minds to it, some good ways tor users would feel comfortable with using can be found.

By default a file shared via OnionShare can only be shared *once*, so the hope is that if you see that someone grabbed the file and then confirm "out of band" that the intended party has it, you can be confident (we hope) that only the intended party has the sensitive information.

One way which is certainly technically possible with minimal effort would be to persuade Tails Project to put the standard accounts back in Tails 4.0 (forthcoming, based on Debian 10 "Buster"), and to create a #tor-vulns chatroom. Then users who have found a sensitive bug can use Tails to send via OTP text message to a special tor user the url of the onion address together with a unique confirmation code. After they see that someone grabbed the file, they can check a page at to see that their confirmation code is listed as having been received by the tor devs.

(Using OnionShare is easier if you don't need to make the communication anonymous even to spooks, e.g. if you need to share a file with your doctor: you can simply read the onion address over the phone. Once you see that someone took the file, and your party says "got it", you can be confident, we hope, that only the intended party has the sensitive file.)

I want to remind everyone that, quite contrary to widely published reports earlier this year that NSA had allegedly "abandoned" the phone and email dragnet, which were based on an off-the-cuff comment by a staffer for a conservative M.O.C., last month NSA formally demanded that Congress renew these programs, not simply for another "term", but *indefinitely*. And the Snowden leaks confirm that one function of the Utah Data Center (and its backup in San Antonio) is to store *indefinitely* NSA's copies of all the encrypted packets it did not yet try to break, including all encrypted emails as well as all encrypted bitstreams (e.g. tor circuits).

Which poses a dilemma for friends of tor: it would be utterly inappropriate to discuss a new bug in an unencrypted email, but sending an encrypted email raises a red flag. Hence the need to communicate anonymously. But email cannot be anonymized if you are sending from an account you created yourself (even an "anonymous" free account).

Here's the report.
I hope I was clear enough, but if there are questions, I will be looking at this thread for replies.
This key has been used to encrypt the report: `8B90 4624 C5A2 8654 E453 9BC2 E135 A8B4 1A7B F184`


To be more specific about the key to use, please use either my key:…
Or GeKo's key:…

Please don't use the key (except when sending emails to that address) as we cannot easily decrypt that.


Hi. You can always post the bug here. Bye

I seem to keep encountering nodes whose name includes "nifty". How can I check they are a declared family?

Are we confident these are friendly nodes, i.e. not operated by NSA or GRU or some such agency?

You can get information about a relay on

We can never be completely sure that a relay is good, which is why we use 3 of them in each circuit. If you find one that seems to be bad, you can report it:

Thanks for replying! But...

> Please enable JavaScript to use this service. If you are using Tor Browser on High Security mode, it is possible to enable JavaScript to run only on this page. Click the NoScript icon on your address bar and select "Temporarily allow all on this page". Relay Search only uses JavaScript resources that are hosted by the Tor Metrics team.

... what Noscript button on the address bar (url bar)? I don't see any such. At the moment I am using Tails 3.16 which I believe incorporates the latest version of Tor Browser.

Tor still crashes after the update. Cant even launch it

Which version of Android and which architecture are you using? Was it working before version 8.5.5 ?

I have android 9 on honor play. Dont know about architecture.

I was working before the update. However, it stopped working before the update after i lowered the security settings from "high" to "low" (i was trying to solve a captcha). After that it kept on crashing. Before this it never crashed. Then i updated and it still wont work

Update: i tried clearing the cache but it didnt help. Then i cleared the data and it works again

In your distribution directory, what's the difference between multi and multi-qa?

The difference is that the multi-qa .apk is signed with a debug key that allows for testing the .apk (and ensuring that we've built the .apk reproducibly) but that needs to get replaced by a signature done with a key for the Google Play store which is then the multi.apk.

I need recovery please

I'm on gnu/linux slackware 14.2 x86_64.
I've downloaded saturday last version of tor browser bundle 8.5.5.
The 8.5.4 version works well.
But 8.5.5 crash at start with this internal error log:

[notice] Tor (git-439ca48989ece545) running on Linux with
Libevent 2.1.8-stable, OpenSSL 1.0.2s, Zlib 1.2.11, Liblzma N/A, and Libzstd N/A.
[notice] Read configuration file "tor-browser_en-US/Browser/TorBrowser/Data/Tor/torrc-defaults".
[notice] Read configuration file "tor-browser_en-US/Browser/TorBrowser/Data/Tor/torrc".
[notice] Opening Control listener on
[notice] Opened Control listener on
[notice] DisableNetwork is set. Tor will not make or accept non-control network connections.
Shutting down all existing connections.
[notice] Parsing GEOIP IPv4 file /PATH_TO/tor-browser_en-US/Browser/TorBrowser/Data/Tor/geoip.
[notice] Parsing GEOIP IPv6 file /PATH_TO/tor-browser_en-US/Browser/TorBrowser/Data/Tor/geoip6.
[notice] Bootstrapped 0% (starting): Starting [notice] Starting with guard context "default"
[notice] Delaying directory fetches: DisableNetwork is set.
[notice] New control connection opened from
[notice] DisableNetwork is set. Tor will not make or accept non-control network connections.
Shutting down all existing connections.
[notice] New control connection opened from
[notice] DisableNetwork is set. Tor will not make or accept non-control network connections.
Shutting down all existing connections.
[notice] DisableNetwork is set. Tor will not make or accept non-control network connections.
Shutting down all existing connections.
[notice] DisableNetwork is set. Tor will not make or accept non-control network connections.
Shutting down all existing connections.
[notice] Opening Socks listener on
[notice] Opened Socks listener on

= T= 1567790158 INTERNAL ERROR:
Raw assertion failed at src/lib/malloc/map_anon.c:218:
noinherit_result == tor-browser_en-US/Browser/TorBrowser/Tor/tor(dump_stack_symbols_to_error_fds+0x33)
[0x55ff75f58743] tor-browser_en-US/Browser/TorBrowser/Tor/tor(tor_raw_assertion_failed_msg_+0x86)
[0x55ff75f58e26] tor-browser_en-US/Browser/TorBrowser/Tor/tor(tor_mmap_anonymous+0xca)
[0x55ff75f57f3a] tor-browser_en-US/Browser/TorBrowser/Tor/tor(crypto_fast_rng_new_from_seed+0x35)
[0x55ff75f009f5] tor-browser_en-US/Browser/TorBrowser/Tor/tor(crypto_fast_rng_new+0x2b)
[0x55ff75f00a9b] tor-browser_en-US/Browser/TorBrowser/Tor/tor(get_thread_fast_rng+0x45)
[0x55ff75f00c35] tor-browser_en-US/Browser/TorBrowser/Tor/tor(circuit_reset_sendme_randomness+0x21)[0x55ff75e02fb1] tor-browser_en-US/Browser/TorBrowser/Tor/tor(+0x8342b)
[0x55ff75dd142b] tor-browser_en-US/Browser/TorBrowser/Tor/tor(origin_circuit_new+0x8f)
[0x55ff75dd3aef] tor-browser_en-US/Browser/TorBrowser/Tor/tor(origin_circuit_init+0x22)
[0x55ff75dcceb2] tor-browser_en-US/Browser/TorBrowser/Tor/tor(circuit_establish_circuit+0x37)[0x55ff75dcf877] tor-browser_en-US/Browser/TorBrowser/Tor/tor(circuit_launch_by_extend_info+0x9c)[0x55ff75de6b2c] tor-browser_en-US/Browser/TorBrowser/Tor/tor(+0x99859)
[0x55ff75de7859] tor-browser_en-US/Browser/TorBrowser/Tor/tor(connection_ap_handshake_attach_circuit+0x321)
[0x55ff75de8251] tor-browser_en-US/Browser/TorBrowser/Tor/tor(connection_ap_attach_pending+0x1b0)[0x55ff75dec6b0] ./TorBrowser/Tor/
[0x7fdac04cc395] ./TorBrowser/Tor/
[0x7fdac04ccc6f] tor-browser_en-US/Browser/TorBrowser/Tor/tor(do_main_loop+0xe5)
[0x55ff75dbce95] tor-browser_en-US/Browser/TorBrowser/Tor/tor(tor_run_main+0x1225)
[0x55ff75daa8d5] tor-browser_en-US/Browser/TorBrowser/Tor/tor(tor_main+0x3a)
[0x55ff75da7d5a] tor-browser_en-US/Browser/TorBrowser/Tor/tor(main+0x19)
[0x55ff75da78b9] /lib64/
[0x7fdabf6497d0] tor-browser_en-US/Browser/TorBrowser/Tor/tor(+0x59909)

Thanks for the report. I've opened Please follow up there if possible and if we need some help tracking the bug down.

hello, i dowloaded and verified 8.5.6. from the tor website on September 9th. Filesize 4.47MB. F-Droid now offers me to upgrade to 8.5.6., but shows me 8.5.6. as installed. The difference is in filesize. 4.4MB installed, 4.6MB upgrade. This happens for the first time. What is the difference between the versions. Should there be any? Just downloaded again from tor website, filesize like the allready installed version. Could you please clarify?

Do you have a link to the f-droid version you downloaded?

This version now works on Blackberry 10 OS. This is great!

After a week, on the site there is old version 8.5.5.
Please update to 8.5.6.

That is okay. Tor Browser 8.5.6 is only for mobile while those bundles on that page are for our desktop platforms which stay on 8.5.5.

Hi, on Android version on bootup when you swipe right to check logs it says version rc, this should be changed supposedly

Actually, no. The Tor version Tor Browser bundles is while the whole bundle, including the browser, pluggable transports, Tor etc. is 8.5.6, so that is fine.


gk said:

September 16, 2019

In reply to hello, i dowloaded and… by Anonymous (not verified)

Do you have a link to the f-droid version you downloaded?

hello gk, unfortunately no link. i have to admit that i don't really know how to generate a link to the respective file from the fdroid app. I could provide a screenshot out of fdroid-app if that helps

Hello, any plans in the future to switch the duckduckgo URL used for searches to the onion address ?

No immediate plans. We have a ticket for that request, though:

Join the discussion...

We encourage respectful, on-topic comments. Comments that violate our Code of Conduct will be deleted. Off-topic comments may be deleted at the discretion of the post moderator. Please do not comment as a way to receive support or report bugs on a post unrelated to a release. If you are looking for support, please see our ​support portal or ways to get in touch with us.

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

8 + 4 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.