New Release: Tor Browser 9.0

Update [7:30 UTC]: Clarified the amount of locales we support. It's 32 with Tor Browser 9.0.

Update [10:45 UTC]: Added a section about letterboxing.

Tor Browser 9.0 is now available from the Tor Browser download page and also from our distribution directory.

This release features important security updates to Firefox.

Tor Browser 9.0 is the first stable release based on Firefox 68 ESR and contains a number of updates to other components as well (including Tor to and OpenSSL to 1.1.1d for desktop versions and Tor to for Android).

In addition to all the needed patch rebasing and toolchain updates, we made big improvements to make Tor Browser work better for you.

We want everyone in the world to be able to enjoy the privacy and freedom online Tor provides, and that's why over the past couple years, we've been working hard to boost our UX and localization efforts, with the biggest gains first visible in Tor Browser 8.0.

In Tor Browser 9.0, we continue to build upon those efforts with sleeker integration and additional localization support.

Goodbye, Onion Button

We want your experience using Tor to be fully integrated within the browser so how you use Tor is more intuitive. That's why now, rather than using the onion button that was in the toolbar, you can see your path through the Tor network and request a New Circuit through the Tor network in [i] on the URL bar.

Tor Browser - circuit display - dark theme


Hello, New Identity Button

Tor Browser - Toolbar - New Identity Button

Instead of going into the onion button to request a New Identity, we've made this important feature easier to access by giving it its own button in the toolbar.

Tor Browser - New Identity

You can also request a New Identity, and a New Circuit, from within the [=] menu on the toolbar.

Torbutton and Tor Launcher Integration

Now that both extensions are tightly integrated into Tor Browser, they'll no longer be found on the about:addons page.

Tor Browser - about preferences

We redesigned the bridge and proxy configuration dialogs and include them directly into the browser's preference settings as well.

Rather than being a submenu behind the onion button, Tor Network Settings, including the ability to fetch bridges to bypass censorship where Tor is blocked, are easier to access on about:preferences#tor.


Tor Browser, in its default mode, is starting with a content window rounded to a multiple of 200px x 100px to prevent fingerprinting the screen dimensions. The strategy here is to put all users in a couple of buckets to make it harder to single them out. That worked until users started to resize their windows (e.g. by maximizing them or going into fullscreen mode). Tor Browser 9 ships with a fingerprinting defense for those scenarios as well, which is called Letterboxing, a technique developed by Mozilla and presented earlier this year. It works by adding white margins to a browser window so that the window is as close as possible to the desired size while users are still in a couple of screen size buckets that prevent singling them out with the help of screen dimensions.

Better Localization Support

If we want all people around the world to be able to use our software, then we need to make sure it's speaking their language. Since 8.0, Tor Browser has been available in 25 languages, and we added 5 locales more in Tor Browser 8.5. Today, we add support for two additional languages: Macedonian (mk) and Romanian (ro), bringing the number of supported languages to 32.

We also fixed bugs in our previously shipped localized bundles (such as ar and ko).

Many thanks to everyone who helped with these, in particular to our translators.

Known Issue

As usual when preparing Tor Browser releases, we verified that the build is bit-for-bit reproducible. While we managed to get two matching builds, we found that in some occasions the builds differ (we found this happening on the Linux i686 and macOS bundles). We are still investigating the cause of this issue to fix it.

Give Feedback

If you find a bug or have a suggestion for how we could improve this release, please let us know. Thanks to all of the teams across Tor, and the many volunteers, who contributed to this release.


The full changelog since Tor Browser 8.5.6 is:

  • All Platforms
    • Update Firefox to 68.2.0esr
    • Bug 31740: Remove some unnecessary RemoteSettings instances
    • Bug 13543: Spoof smooth and powerEfficient for Media Capabilities
    • Bug 28196: about:preferences is not properly translated anymore
    • Bug 19417: Disable asmjs on safer and safest security levels
    • Bug 30463: Explicitly disable MOZ_TELEMETRY_REPORTING
    • Bug 31935: Disable profile downgrade protection
    • Bug 16285: Disable DRM/EME on Android and drop Adobe CDM
    • Bug 31602: Remove Pocket indicators in UI and disable it
    • Bug 31914: Fix eslint linter error
    • Bug 30429: Rebase patches for Firefox 68 ESR
    • Bug 31144: Review network code changes for Firefox 68 ESR
    • Bug 10760: Integrate Torbutton into Tor Browser directly
    • Bug 25856: Remove XUL overlays from Torbutton
    • Bug 31322: Fix about:tor assertion failure debug builds
    • Bug 29430: Add support for meek_lite bridges to bridgeParser
    • Bug 28561: Migrate "About Tor Browser" dialog to tor-browser
    • Bug 30683: Prevent detection of locale via some *.properties
    • Bug 31298: Backport patch for #24056
    • Bug 9336: Odd wyswig schemes without isolation for
    • Bug 27601: Browser notifications are not working anymore
    • Bug 30845: Make sure internal extensions are enabled
    • Bug 28896: Enable extensions in private browsing by default
    • Bug 31563: Reload search extensions if extensions.enabledScopes has changed
    • Bug 31396: Fix communication with NoScript for security settings
    • Bug 31142: Fix crash of tab and messing with about:newtab
    • Bug 29049: Backport JS Poison Patch
    • Bug 25214: Canvas data extraction on local pdf file should be allowed
    • Bug 30657: Locale is leaked via title of link tag on non-html page
    • Bug 31015: Disabling SVG hides UI icons in extensions
    • Bug 30681: Set security.enterprise_roots.enabled to false
    • Bug 30538: Unable to comment on The Independent Newspaper
    • Bug 31209: View PDF in Tor Browser is fuzzy
    • Translations update
  • Windows + OS X + Linux
    • Update Tor to
    • Update OpenSSL to 1.1.1d
      • Bug 31844: OpenSSL 1.1.1d fails to compile for some platforms/architectures
    • Update Tor Launcher to
      • Bug 28044: Integrate Tor Launcher into tor-browser
      • Bug 32154: Custom bridge field only allows one line of input
      • Bug 31286: New strings for about:preferences#tor
      • Bug 31303: Do not launch tor in browser toolbox
      • Bug 32112: Fix bad & escaping in translations
      • Bug 31491: Clean up the old meek http helper browser profiles
      • Bug 29197: Remove use of overlays
      • Bug 31300: Modify Tor Launcher so it is compatible with ESR68
      • Bug 31487: Modify moat client code so it is compatible with ESR68
      • Bug 31488: Moat: support a comma-separated list of transports
      • Bug 30468: Add mk locale
      • Bug 30469: Add ro locale
      • Bug 30319: Remove FTE bits
      • Translations update
    • Bug 32092: Fix Tor Browser Support link in preferences
    • Bug 32111: Fixed issue parsing user-provided bridge strings
    • Bug 31749: Fix security level panel spawning events
    • Bug 31920: Fix Security Level panel when its toolbar button moves to overflow
    • Bug 31748+31961: Fix 'Learn More' links in Security Level preferences and panel
    • Bug 28044: Integrate Tor Launcher into tor-browser
    • Bug 31059: Enable Letterboxing
    • Bug 30468: Add mk locale
    • Bug 30469: Add ro locale
    • Bug 29430: Use obfs4proxy's meek_lite with utls instead of meek
    • Bug 31251: Security Level button UI polish
    • Bug 31344: Register SecurityLevelPreference's 'unload' callback
    • Bug 31286: Provide network settings on about:preferences#tor
    • Bug 31886: Fix ko bundle bustage
    • Bug 31768: Update onboarding for Tor Browser 9
    • Bug 27511: Add new identity button to toolbar
    • Bug 31778: Support dark-theme for the Circuit Display UI
    • Bug 31910: Replace meek_lite with meek in circuit display
    • Bug 30504: Deal with New Identity related browser console errors
    • Bug 31929: Don't escape DTD entity in ar
    • Bug 31747: Some onboarding UI is always shown in English
    • Bug 32041: Replace = with real hamburguer icon ≡
    • Bug 30304: Browser locale can be obtained via DTD strings
    • Bug 31065: Set network.proxy.allow_hijacking_localhost to true
    • Bug 24653: Merge into torbutton.dtd
    • Bug 31164: Set up default bridge at Karlstad University
    • Bug 15563: Disable ServiceWorkers on all platforms
    • Bug 31598: Disable warning on window resize if letterboxing is enabled
    • Bug 31562: Fix circuit display for error pages
    • Bug 31575: Firefox is phoning home during start-up
    • Bug 31491: Clean up the old meek http helper browser profiles
    • Bug 26345: Hide tracking protection UI
    • Bug 31601: Disable recommended extensions again
    • Bug 30662: Don't show Firefox Home when opening new tabs
    • Bug 31457: Disable per-installation profiles
    • Bug 28822: Re-implement desktop onboarding for ESR 68
  • Windows
    • Bug 31942: Re-enable signature check for language packs
    • Bug 29013: Enable stack protection for Firefox on Windows
    • Bug 30800: ftp:// on Windows can be used to leak the system time zone
    • Bug 31547: Back out patch for Mozilla's bug 1574980
    • Bug 31141: Fix typo in font.system.whitelist
    • Bug 30319: Remove FTE bits
  • OS X
    • Bug 30126: Make Tor Browser compatible with macOS 10.15
    • Bug 31607: App menu items stop working on macOS
    • Bug 31955: On macOS avoid throwing inside nonBrowserWindowStartup()
    • Bug 29818: Adapt #13379 patch for 68esr
    • Bug 31464: Meek and moat are broken on macOS 10.9 with Go 1.12
  • Linux
    • Bug 31942: Re-enable signature check for language packs
    • Bug 31646: Update abicheck to require newer
    • Bug 31968: Don't fail if /proc/cpuinfo is not readable
    • Bug 24755: Stop using a heredoc in start-tor-browser
    • Bug 31550: Put curly quotes inside single quotes
    • Bug 31394: Replace "-1" with "−1" in start-tor-browser.desktop
    • Bug 30319: Remove FTE bits
  • Android
    • Update Tor to
    • Bug 31010: Rebase mobile patches for Fennec 68
    • Bug 31010: Don't use addTrustedTab() on mobile
    • Bug 30607: Support Tor Browser running on Android Q
    • Bug 31192: Support x86_64 target on Android
    • Bug 30380: Cancel dormant by startup
    • Bug 30943: Show version number on mobile
    • Bug 31720: Enable website suggestions in address bar
    • Bug 31822: Security slider is not really visible on Android anymore
    • Bug 24920: Only create Private tabs in permanent Private Browsing Mode
    • Bug 31730: Revert aarch64-workaround against JIT-related crashes
    • Bug 32097: Fix conflicts in mobile onboarding while rebasing to 68.2.0esr
  • Build System
    • All Platforms
      • Bug 30585: Provide standalone clang 8 project across all platforms
      • Bug 30376: Use Rust 1.34 for Tor Browser 9
      • Bug 30490: Add cbindgen project for building Firefox 68 ESR/Fennec 68
      • Bug 30701: Add nodejs project for building Firefox 68 ESR/Fennec 68
        • Bug 31621: Fix node bug that makes large writes to stdout fail
      • Bug 30734: Add nasm project for building Firefox 68 ESR/Fennec 68
      • Bug 31293: Make sure the lo interface inside the containers is up
      • Bug 27493: Clean up mozconfig options
      • Bug 31308: Sync mozconfig files used in tor-browser over to tor-browser-build for esr68
    • Windows
      • Bug 29307: Use Stretch for cross-compiling for Windows
      • Bug 29731: Remove faketime for Windows builds
      • Bug 30322: Windows toolchain update for Firefox 68 ESR
        • Bug 28716: Create mingw-w64-clang toolchain
        • Bug 28238: Adapt firefox and fxc2 projects for Windows builds
        • Bug 28716: Optionally omit timestamp in PE header
        • Bug 31567: NS_tsnprintf() does not handle %s correctly on Windows
        • Bug 31458: Revert patch for #27503 and bump mingw-w64 revision used
      • Bug 9898: Provide clean fix for strcmpi issue in NSPR
      • Bug 29013: Enable stack protection support for Firefox on Windows
      • Bug 30384: Use 64bit containers to build 32bit Windows Tor Browser
      • Bug 31538: Windows bundles based on ESR 68 are not built reproducibly
      • Bug 31584: Clean up mingw-w64 project
      • Bug 31596: Bump mingw-w64 version to pick up fix for #31567
      • Bug 29187: Bump NSIS version to 3.04
      • Bug 31732: Windows nightly builds are busted due to mingw-w64 commit bump
      • Bug 29319: Remove FTE support for Windows
    • OS X
      • Bug 30323: MacOS toolchain update for Firefox 68 ESR
      • Bug 31467: Switch to clang for cctools project
      • Bug 31465: Adapt tor-browser-build projects for macOS notarization
    • Linux
      • Bug 31448: gold and lld break linking 32bit Linux bundles
      • Bug 31618: Linux32 builds of Tor Browser 9.0a6 are not matching
      • Bug 31450: Still use GCC for our ASan builds
      • Bug 30321: Linux toolchain update for Firefox ESR 68
        • Bug 30736: Install yasm from wheezy-backports
        • Bug 31447: Don't install Python just for Mach
      • Bug 30448: Strip Browser/gtk2/
    • Android
      • Bug 30324: Android toolchain update for Fennec 68
        • Bug 31173: Update android-toolchain project to match Firefox
        • Bug 31389: Update Android Firefox to build with Clang
        • Bug 31388: Update Rust project for Android
        • Bug 30665: Get Firefox 68 ESR working with latest android toolchain
        • Bug 30460: Update TOPL project to use Firefox 68 toolchain
        • Bug 30461: Update tor-android-service project to use Firefox 68 toolchain
      • Bug 28753: Use Gradle with --offline when building the browser part
      • Bug 31564: Make Android bundles based on ESR 68 reproducible
      • Bug 31981: Remove require-api.patch
      • Bug 31979: TOPL: Sort dependency list
      • Bug 30665: Remove unnecessary build patches for Firefox

October 22, 2019


can there be a downgrade option, many bugs in 9.0. might just move back to not using Tor browser at all when its like this.

It seems a lot of people don't understand how the changelog works. Maybe the blog post should explicitly say that what's listed are fixes and features. Part of the misunderstanding has probably to do with using the word "Bug" for every ticket on trac, even for user's feature suggestions and the team's own goals and discussions.

Ideally the changelog would be replaced by a written summary of what was fixed and added with a link to the actual changelog at the end.

Commit messages (for example, descriptions of bug patches) are written in imperative mood, not past tense. Some novices might misunderstand this standard practice. If readers misunderstood the word "Bug", they could have clicked on them and found every ticket is labeled "Fixed".

How can a list so varied and gigantic be summarized? On some posts for releases in the past, some changes were simply omitted. And this is a major point release, 9.0. I prefer the link to the actual changelog at the beginning of the summary or list so I don't have to scroll through incomplete paragraphs to reach the original document.

> How can a list so varied and gigantic be summarized?

161 bugs in the previous version have been fixed in Tor Browser 9.0, as follows:

Bug 31740: Remove some unnecessary RemoteSettings instances
Bug ...

17 major updates from previous versions are included in Tor Browser 9.0, as follows:

Update Firefox to 68.2.0esr

You get the idea. As an overall guidance, I think these announcements should cater to ordinary users more than power users, but should offer details for power users who want them, after offering an overview for ordinary users.

> You get the idea.

I don't. They said, "Ideally the changelog would be replaced by a written summary of what was fixed and added." In other words, they want paragraphs, no list and nothing as unhelpful as one total number. Although, it would get the message across better to say "updates" or "fixes" or "bugs fixed/patched" instead of "bugs".

> It seems a lot of people don't understand how the changelog works. Maybe the blog post should explicitly say that what's listed are fixes and features.

Good point. It seems likely that most Tor users will not have prior experience reading FOSS type changelogs.

Just look at about:preferences#privacy and see that there is no UI to block cookies, unlike in normal Firefox.

I haven't used Firefox 68 ESR but at some point Firefox intricated the cookie controls with the tracking protection controls. Maybe ESR or Tor browser removed the whole thing, and with this went the ability to block cookies.

I don't want to help sites to do even anonymous session tracking, especially when I use something like Tor browser. This is disappointing.

Yes, this got integrated into Tracking Protection. That UI is misleading in a Tor Browser context, though, as it claims the browser provides privacy by blocking. We don't believe that's actually the case in general and definitely not in Tor Browser's context. That's why we decided to hide the UI.

Now, the functionality is still there. If you need to change the cookie settings just adapt the network.cookie.cookieBehavior preference to the value you prefer.

Sites store cookie-files in the user's machine for many reasons. A main one reason is for obtaining behavior and preferences from the users, and so use these or even sell them to who can pay for them. It's so an obvious violation of privacy unless the user have agreed with such. The clear question is: "Did this 9.0 tor version remove this kind of privacy?" Yes or No?

Moreover, about the sugested manual alteration in "network.cookie.cookieBehavior". How is that done? That is, default value set is "1". Could please be specified what is the value and/or modification that should be set to recover the feature like was in the previous version of Tor?

Cookies are sometimes required for websites to properly function regardless of JavaScript. If you block all or create a personalized filter, eavesdroppers can identify your traffic as different from other Tor Browser users across browsing sessions. Instead, click the New Identity button or close the browser to erase all cookies between sessions.

You may be interested in "first-party isolation" and Firefox Containers.

Some of the cookie UI in Firefox was removed in Tor Browser. In Preferences, open "Privacy & Security" in the side menu, find the section at the top titled "Cookies and Site Data", read what it says there, and click the button "Manage Permissions...". To find hidden preferences, open a new blank tab, type about:config, and type "cookie" in the search box in that tab. Your question mostly relates to "network.cookie.cookieBehavior". I repeat, changing cookie preferences from Tor Browser defaults will lower your privacy.

Well, this "solution" (i.e. removing the option from the Tor menu) is terribly unpractical to the users. This should be something like an easy doing as always used to be (but not anymore in this version 9). No site at all should have freedom to send or store cookies into our devices, unless explicitly authorized by the users, even if they are temporary or deleted in the end of session. Please, we ask to the Tor team, to return the option to block/unblock all cookies and particular types of cookies..

The cookie settings were made "unpractical" as you call it because users shouldn't be customizing things away from privacy defaults rigorously studied and chosen in their best interests. Users need to be allowed but dissuaded from tweaking and customizing their traffic because doing so actually degrades privacy while they are part of the network and want their traffic to be camouflaged among other Tor Browser users. You would have known that if you cared as much as you claim to do about the topic to actually browse the Tor Project site to research why the developers of Tor Browser did what they did. In short, calm down and RTFM.

"your choice of whitelisted websites acts as a sort of cookie that makes you recognizable (and distinguishable), thus harming your anonymity."

So, it is claimed that when a user blocks cookies to some sites, this may expose his white-list?! In this case, how is this worse than making his machine a cook-container (as is the default set of this 9.0 version) which stores all kind of garbage during the sessions until finally he closes the browser or changes identity? In what way this could offer a better privacy? Obviously this cannot. And only cannot, as indeed makes the opposite since cookies (and so scripts) allow to extract the user's profile, preferences, etc. that is, the user be can be more easily identified.

> when a user blocks cookies to some sites, this may expose his white-list?!

Their white-list is not directly exposed, but sites can indirectly learn what their whitelist is by comparing the behavior of their browser to other Tor Browsers.
Read these:

Please could someone inform an address (or link) to a previous version (or any earlier version such as 8.5.5, 8.0, etc.) of Tor download? I will return to a previous version.


October 22, 2019


Absolutely loving the new Dark theme on Windows, also the GUI redesign. As always, a great job done by guys & gals at TOR; also, that is one massive list of improvements.

Have not tried the updated version on Android, but here's to hoping that bookmark import-export is coming soon.

Thank you people of TOR for the hard work and bringing us this update.

Is the builtin dark theme being used in the screenshots in the post? While the author was talking about features, it would have been nice to slip in if it was.


October 22, 2019


Seems that rss is broken ... xml problem, apart from this it's beautiful.
thank you all.

Hi boklin, I can see that also (I didn't try a fresh install).

At least, it appears a default RSS rendering stylesheet is gone missing, now they get presented in Firefox' raw XML browser.

Also, clicking the RSS link at the bottom of this blog does brings the file download dialogue. That must be a different issue, but it feels wrong too.

FWIW about the former, please just open these in any previous release.
or even

This would be a major feature loss : many many content gets so much "lighter" that way _hence_ accessible at all, over bad networks or hardware. Special thoughts to Google News and others, whose standard web "pages" are so bloated they just will not get entirely loaded or readable _ever_.

RSS FTW! (Tor Project if you hear me, please publish RSS feeds everywhere you can and you haven't yet, starting with this comment feed maybe? Thanks!)

\o/ \o/ \o/ \o/ \o/ \o/ \o/ \o/ \o/ \o/ \o/ \o/ \o/
\o/ \o/ \o/ ONE-CLICK NEW ID \o/ \o/ \o/
\o/ \o/ \o/ \o/ \o/ \o/ \o/ \o/ \o/ \o/ \o/ \o/ \o/
\o/ \o/ \o/ \o/ \o/ \o/ \o/ \o/ \o/ \o/ \o/ \o/ \o/
\o/ \o/ THANK YOUUUUUUUUU \o/ \o/
\o/ \o/ \o/ \o/ \o/ \o/ \o/ \o/ \o/ \o/ \o/ \o/ \o/

Thank you to point upstream's removal. Mozilla advertises a "curated addons collection" to replace this feature, but this collection is now empty. So so.

The addon "RSSPreview" does restore the feature, it feels just like the original (simple and light).

No idea about its code quality or security. As an immediate response, I see no better option. Other addons exist, but they look a lot heavier.


October 22, 2019


I do not always use browsers full screen. This latest release displays pages as if they are in a window leaving the page with scroll bars inside a whitespace border.

For those who use Debian "Buster" and update from the onion mirrors via the version of Tor which comes from Debian with apt-transport-tor, and who also want to use Tor Browser from, is it better or worse to follow the directions in the link the other commentator provided?

> is it better or worse

In other words, should you re-torify Tor Browser to go through Debian's tor binary package (repackaged Expert Bundle)?

My 2 cents: Under normal circumstances, I would leave it the way it is: minimal reliance on Debian's tor and less to reconfigure in Tor Browser. From my perspective, disadvantages include primarily that your device holds open a few more network connections, and your ISP can see that. But things are different in an enterprise network or if a dedicated machine runs tor for a LAN for example.

Have since recognized that some of the problems I have experienced using the Debian mirror may be due to clock issues. Has anyone at TP studied what can go wrong if the system clock is failing? Maybe we need to be able to adjust the clock faster using NTP while connecting to Tor network? Also a large clock skew is de-anonymizing even for ordinary browsing. I don't understand why my system clock is so far off even after I have reset it manually.

> what can go wrong if the system clock is failing?

Many asynchronous encryption protocols depend on your system clock to be set to accurate time to determine when a key or signature was created, modified and if it is valid, expired, revoked, etc. In a word, it's metadata. This is true for browser TLS/SSL/HTTPS and keys in PGP/GPG. NTP is not usually encrypted, and that has interesting implications for all of those encryption systems that depend on NTP. It shouldn't be necessary to adjust the clock "faster"; just make sure your system time is set before using cryptography. Check your time-zone, and install system updates for time-zones if government laws change (daylight saving time) or if you travel to other countries. If your computer is more than 4 years old and not keeping the time after you reboot, check its CMOS battery that powers the real-time clock when the system is powered off. If you use the NTP Pool project (Debian and Ubuntu do), use a public pool or a secondary (stratum 2) server:


October 22, 2019


Hey, my interface is broken.

My browser window has a white border inside it.

When I use the default window size, there are two stripes on the top and bottom of the window, about two centimeters in size each.

When I maximise the window, the white border becomes a square, with two centimeters of white space on each side of the window.

OS: Fedora 29, Gnome desktop environment, Wayland window manager