New Release: Tor Browser 9.0.4

Tor Browser 9.0.4 is now available from the Tor Browser download page and also from our distribution directory.

This release fixes a critical security issue in Firefox: CVE-2019-17026.

The full changelog since Tor Browser 9.0.3 is:

  • All Platforms
    • Update Firefox to 68.4.1esr

What is your reason for going down the path of disabling updates? Perhaps there is a better solution if we understood your situation. Do you know that Tor Browser downloads and verifies the hashes of its automatic updates by going through the Tor network as it always does?

so what? do i need a reason for deciding for my self?
you claim to want to "free" people, but you are being totalitarian in that you and you only decide what people cannot, must not be allowed to. Your arguments sounds so much like chinese leaders claiming they know what the people need. I bet your next "argument" will be like: "find another browser". Little by little you are becoming what you claim to fight against.
And, oh Winrar works, by the way.

My reason is irrelevant. Your argument about how it goes through tor network is also irrelevant.
The only relevant question is why, why, why are users not allowed to choose for themselves?
Why is it necessary to take away peoples freedom of choice? You sound exactly like the Trump´s of the world, you have all the reasons why you need to be in control for the good of the people. How hard can it be to let people choose for themselves?
And, oh Winrar works, by the way.

You are free to do what you want, and you could even take the source code and build your own version with the changes you want.

You don't have to give any reason if you don't want to, but explaining why you want to do something can help us decide if that's a use-case we want to use some of our time to support.

I did actually give my reason.
I want to be able to make the choice myself.
It should be an option to disable any kind of update, and those who wants auto-updating can choose that, that can even be the default setting.
You should never take away peoples right to choose for themselves. That is never a good solution however appealing to the ease of your work.
May i suggest working on a way to reintroduce policies without the proxy-issues?

You haven´t tried or you would know it doesn´t work, of course Tor tries any possible attempt to "phone home", those steps are easily overruled by some hidden settings, possibly in omni.ja? (i´m definitely not an expert). I find it too complicated to edit omni.ja for every update, and i also haven´t found anything in there that stops it from looking for updates. Every time you open options, when you scroll to updates you see (i can see it) it tries to look for updates, and it just keeps on, because it can´t find it.
That´s what happens when you point to a wrong adress, it just keeps looking, endlessly apparently. It should be the users choice to decide whether to look or not.
And, oh... policies are forbidden in Tor, that used to be a good solution.

You haven´t tried or you would know it doesn´t work, of course Tor tries any possible attempt to "phone home", those steps are easily overruled by some hidden settings, possibly in omni.ja? (i´m definitely not an expert). I find it too complicated to edit omni.ja for every update, and i also haven´t found anything in there that stops it from looking for updates. Every time you open options, when you scroll to updates you see (i can see it) it tries to look for updates, and it just keeps on, because it can´t find it.
That´s what happens when you point to a wrong adress, it just keeps looking, endlessly apparently. It should be the users choice to decide whether to look or not.
And, oh... policies are forbidden in Tor, that used to be a good solution.

Anonymous

January 13, 2020

Permalink

TOR as been working strange,despite the new update that took place recently the browser has not been displaying the webpage's images/information. I've tried to restart and re-downloaded the browser however the problem still remains the same.Any idea on my why this might be happening?

Anonymous

January 13, 2020

Permalink

mega.nz shows my real platform:
BrowserID: mozilla/5.0 (x11; linux x86_64; rv:68.0) gecko/20100101 firefox/68.0
(javascript active)

Intent to Deprecate and Freeze: The User-Agent string

Summary

We want to freeze and unify (but not remove) the User Agent string in HTTP requests as well as in `navigator.userAgent`

Motivation

The User-Agent string is an abundant source of passive fingerprinting information about our users. It contains many details about the user’s browser and device as well as many lies ("Mozilla/5.0", anyone?) that were or are needed for compatibility purposes, as servers grew reliant on bad User Agent sniffing.

Some parts of it, such as the browser version and the OS version, can be frozen without any backwards compatibility implications. Values that worked in the past will continue to work in the future.

https://groups.google.com/a/chromium.org/forum/m/#!msg/blink-dev/-2JIRN…

Anonymous

January 13, 2020

Permalink

streaming doesn't work anymore on pornhub or xhamster
but download works suddenly - which was tricky on pornhub.

Anonymous

January 13, 2020

Permalink

Hello, I don't know if this was covered. In numerous sites for the past 4 months or so, that yellow "pop-down" is saying do you want a site to post a page or wait or stop it. This happens whether I am looking at email or Courage.org or Reuters or several other sites. This disrupts the using of the computer more and more. Anything I could do to lessen this happening? Thank you so much in advance.

To _okim (my letter _ is fried in my computer): Thank you for asking. The yellow _anner that "pops down" from the top states- "A we_ page is .slowing down your _rouser. What would you like to do? Stop it // Wait // . Sometimes it still pops down when I answer it! (Perhaps it doesn't like my answer). Any ideas how to lessen this happening? Thanks! PS Usually I choose Stop it, although I have tried them all including the X for hiding the thing.

Your broken B key is terrible for your privacy. I've been able to look in old posts and find you every time no matter what name you post as. Use your OS's virtual keyboard or keep Character Map open to copy "b" into your clipboard so you can paste it. Basic keyboards are not expensive as far as parts go. You can find used ones at secondhand stores, ebay, craigslist, from friends, or even in trash bins sometimes. If you have a laptop, there are portable USB ones. Or you could open it up to try and repair it.

Anonymous

January 13, 2020

Permalink

after the update, tor become seriously slow. i try back to 9.02 but it also slow. Something happen to TOR network especially obs4.

Anonymous

January 14, 2020

Permalink

The link from the download page points to 9.0.2, but I changed everything to 9.0.4 and found it, hope that's safe. Just fyi so you can change the link

Anonymous

January 14, 2020

Permalink

Many thanks to Mozilla and the Tor Browser team for this critical security update!

But the most lethal threats to Tor may be legal, not technical. The DOJ backed away from their first attempt to force Apple to write malware to unlock a dead terrorist's phone, but now they are trying again:

thehill.com
Apple rejects Barr claim that company has given no 'substantive assistance' in Pensacola shooting probe
Justin Wise
13 Jan 2020

> Apple is refuting Attorney General William Barr's claim that the company has not given federal investigators "any substantive assistance" in its investigation into a December shooting at a Pensacola, Fla., military base that left three dead. The company also reiterated its stance on protecting encrypted devices in wake of Barr's push for law enforcement to gain access to the gunman's iPhone communications. Barr leveled the accusations against the Silicon Valley giant during a press conference Monday in which he detailed the findings of an investigation into the massacre, which was carried out by a member of the Royal Saudi Air Force who had enrolled in the Naval Air Station Pensacola training program. Lt. Mohammed Saeed Alshamrani killed three U.S. sailors and wounded eight others after entering the naval station grounds on Dec. 6.

One of the most frustrating aspects of this insanity is that DOJ has not even attempted to explain in rational terms what it expects to learn if it could decrypt the phone. However numerous NCTC and FBI documents (published at sites like publicintelligence.net) show that USG is obsessed with discovering "predictors" for which persons will commit terrorist acts in the future, a goal which is almost certainly quite impossible, given the extreme rarity of actual terrorists (i.e. not journalists and civil rights workers who are often absurdly labeled "terrorists" by governments and their media shills, offended CEOs, angry cops, etc).

Anonymous

January 14, 2020

Permalink

Has this been addressed?

https://winaero.com/blog/update-mozilla-firefox-to-fix-a-critical-flaw/

Update Mozilla Firefox to fix a critical flaw
Mozilla has advised all users of its Firefox browser to update to the latest version in order to fix a highly critical security flaw that could allow attackers to take over your computer.
Firefox Quantum Logo BannerThe company revealed that a "security firm [called] Qihoo 360 reported a vulnerability that was used as part of targeted attacks on a local network". and that they released the patch on Wednesday morning. The flaw is a memory bug that would allow hackers to execute code on a hacked system that would allow them to take it over.

The CISA has also advised all users and administrators to perform an update to their Firefox installations, saying that they should "review the Mozilla Security Advisory". Standard users can simply update Firefox over the air, although the browser may have applied updates automatically, as it is set to do.

Check your Firefox version number
It's simple to check if the version of Firefox you're running is up to date. To see what version you are on, simply type about:support in the omnibox (main search bar) and look under 'Application Basics' for the version number. If you are on Firefox 72.0 or earlier, you're at risk to the fatal bug. Version 72.0.1 and later are protected.

try wikipedia, and try a search of
vpn vs tor

tor should give better privacy.

I've never used a vpn.

as i understand:

For tor browser, the route "out" is: your PC, then the ISP you are connected to, then through three tor "nodes", then the website that your browser shows you.
The locations of the three tor nodes change at times.
So, your ISP (of wherever you are) sees changing IPs of the first tor node.
Each website sees the changing IPs of the third tor node.

For vpn, the route "out" is: your PC, then the ISP you are connected to, then the vpn, then the website that your browser shows you.
The vpn's IP is the same (Other than they might use more than only one IP address).
So, your ISP (of wherever you are) sees the IP of the vpn.
Each website sees the IP of the vpn.

Some businesses have vpn for employees to connect to from home, or from elsewhere away from the business location.

People who use vpn often (try to) choose one with server located in a legally "safer" country. (stronger privacy laws)

I believe those are the most significant differences.

Anonymous

January 16, 2020

Permalink

GRRRR ... here we go again ... How do you put tabs below address bar ?
this has been a continuous complaint for over 10 yrs and firefox coders still won't give the option of switching it to where we want/need it as part of regular settings! Why?

Major browsers haven't had tabs below the address bar for a very long time. Tabs below is not intuitive from a user experience perspective. Each tab loads its own URL, so when a user clicks on a different tab, the state of that tab including its URL should be inside the frame of that tab; therefore, URL under the tab button. As for whether there should be an option to move it back, ask Mozilla (on bugzilla) and every other major browser because it's outside of the scope of Tor Project.

Anonymous

January 18, 2020

Permalink

B"H

Hello

The new Tor 904 version doesn't open on my computer, but does leave a Firefox.exe process running.

Please fix this.

Sincerely, Dovid

Anonymous

January 18, 2020

Permalink

Improve the indicators of a new version.

Most of the time, I start a new identity rather than close Tor browser. Today, I closed it to fix a taskbar problem. When I reopened Tor browser, I watched it install an update, and after it started, about:tor said 9.0.2. I opened Help -> About Tor Browser, and it had a button to restart and apply an update even though I just did. I clicked, it closed, installed an update, and said 9.0.2 again. I went to About Tor Browser, and it had the button again. It wasn't updating. I had more than enough space free. Maybe I ran out of space at some point weeks ago, but I had enough now. There wasn't any indication that versions above 9.0.2 were released. What caught my attention was the progress bar showing that Tor browser always installed an update every time I opened it. To a novice, that's all they would see. They wouldn't know they should open Help menu or the website or blog. They would think 9.0.2 was the latest version and be stuck on it none the wiser.

Linux 64, Cinnamon

I deleted the folder and installed 9.0.4 from scratch. About Tor Browser says "up to date". I'll remember to watch if it auto-updates to future versions properly. In blog posts for 9.0.1 to 9.0.3, a few comments talked about red screens, "Something went wrong", and problems updating. I never saw a red screen. I don't think my problem had something to do with to theirs.

If you still have a copy of the non-working 9.0.2, you can help us debug the issue, by setting the pref app.update.log to true, and starting the browser with the `--debug` option. You might also be able to find some update logs in the updates/ directory.

Join the discussion...

We encourage respectful, on-topic comments. Comments that violate our Code of Conduct will be deleted. Off-topic comments may be deleted at the discretion of the post moderator. Please do not comment as a way to receive support or report bugs on a post unrelated to a release. If you are looking for support, please see our support portal or ways to get in touch with us.

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

13 + 4 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.