New Release: Tor Browser 9.0.4

Tor Browser 9.0.4 is now available from the Tor Browser download page and also from our distribution directory.

This release fixes a critical security issue in Firefox: CVE-2019-17026.

The full changelog since Tor Browser 9.0.3 is:

  • All Platforms
    • Update Firefox to 68.4.1esr

Intent to Deprecate and Freeze: The User-Agent string

Summary

We want to freeze and unify (but not remove) the User Agent string in HTTP requests as well as in `navigator.userAgent`

Motivation

The User-Agent string is an abundant source of passive fingerprinting information about our users. It contains many details about the user’s browser and device as well as many lies ("Mozilla/5.0", anyone?) that were or are needed for compatibility purposes, as servers grew reliant on bad User Agent sniffing.

Some parts of it, such as the browser version and the OS version, can be frozen without any backwards compatibility implications. Values that worked in the past will continue to work in the future.

https://groups.google.com/a/chromium.org/forum/m/#!msg/blink-dev/-2JIRN…

Ferri

January 13, 2020

Permalink

streaming doesn't work anymore on pornhub or xhamster
but download works suddenly - which was tricky on pornhub.

Ferri

January 13, 2020

Permalink

Hello, I don't know if this was covered. In numerous sites for the past 4 months or so, that yellow "pop-down" is saying do you want a site to post a page or wait or stop it. This happens whether I am looking at email or Courage.org or Reuters or several other sites. This disrupts the using of the computer more and more. Anything I could do to lessen this happening? Thank you so much in advance.

To _okim (my letter _ is fried in my computer): Thank you for asking. The yellow _anner that "pops down" from the top states- "A we_ page is .slowing down your _rouser. What would you like to do? Stop it // Wait // . Sometimes it still pops down when I answer it! (Perhaps it doesn't like my answer). Any ideas how to lessen this happening? Thanks! PS Usually I choose Stop it, although I have tried them all including the X for hiding the thing.

Ferri

January 13, 2020

Permalink

after the update, tor become seriously slow. i try back to 9.02 but it also slow. Something happen to TOR network especially obs4.

Ferri

January 14, 2020

Permalink

The link from the download page points to 9.0.2, but I changed everything to 9.0.4 and found it, hope that's safe. Just fyi so you can change the link

Ferri

January 14, 2020

Permalink

Many thanks to Mozilla and the Tor Browser team for this critical security update!

But the most lethal threats to Tor may be legal, not technical. The DOJ backed away from their first attempt to force Apple to write malware to unlock a dead terrorist's phone, but now they are trying again:

thehill.com
Apple rejects Barr claim that company has given no 'substantive assistance' in Pensacola shooting probe
Justin Wise
13 Jan 2020

> Apple is refuting Attorney General William Barr's claim that the company has not given federal investigators "any substantive assistance" in its investigation into a December shooting at a Pensacola, Fla., military base that left three dead. The company also reiterated its stance on protecting encrypted devices in wake of Barr's push for law enforcement to gain access to the gunman's iPhone communications. Barr leveled the accusations against the Silicon Valley giant during a press conference Monday in which he detailed the findings of an investigation into the massacre, which was carried out by a member of the Royal Saudi Air Force who had enrolled in the Naval Air Station Pensacola training program. Lt. Mohammed Saeed Alshamrani killed three U.S. sailors and wounded eight others after entering the naval station grounds on Dec. 6.

One of the most frustrating aspects of this insanity is that DOJ has not even attempted to explain in rational terms what it expects to learn if it could decrypt the phone. However numerous NCTC and FBI documents (published at sites like publicintelligence.net) show that USG is obsessed with discovering "predictors" for which persons will commit terrorist acts in the future, a goal which is almost certainly quite impossible, given the extreme rarity of actual terrorists (i.e. not journalists and civil rights workers who are often absurdly labeled "terrorists" by governments and their media shills, offended CEOs, angry cops, etc).

Ferri

January 14, 2020

Permalink

Has this been addressed?

https://winaero.com/blog/update-mozilla-firefox-to-fix-a-critical-flaw/

Update Mozilla Firefox to fix a critical flaw
Mozilla has advised all users of its Firefox browser to update to the latest version in order to fix a highly critical security flaw that could allow attackers to take over your computer.
Firefox Quantum Logo BannerThe company revealed that a "security firm [called] Qihoo 360 reported a vulnerability that was used as part of targeted attacks on a local network". and that they released the patch on Wednesday morning. The flaw is a memory bug that would allow hackers to execute code on a hacked system that would allow them to take it over.

The CISA has also advised all users and administrators to perform an update to their Firefox installations, saying that they should "review the Mozilla Security Advisory". Standard users can simply update Firefox over the air, although the browser may have applied updates automatically, as it is set to do.

Check your Firefox version number
It's simple to check if the version of Firefox you're running is up to date. To see what version you are on, simply type about:support in the omnibox (main search bar) and look under 'Application Basics' for the version number. If you are on Firefox 72.0 or earlier, you're at risk to the fatal bug. Version 72.0.1 and later are protected.

try wikipedia, and try a search of
vpn vs tor

tor should give better privacy.

I've never used a vpn.

as i understand:

For tor browser, the route "out" is: your PC, then the ISP you are connected to, then through three tor "nodes", then the website that your browser shows you.
The locations of the three tor nodes change at times.
So, your ISP (of wherever you are) sees changing IPs of the first tor node.
Each website sees the changing IPs of the third tor node.

For vpn, the route "out" is: your PC, then the ISP you are connected to, then the vpn, then the website that your browser shows you.
The vpn's IP is the same (Other than they might use more than only one IP address).
So, your ISP (of wherever you are) sees the IP of the vpn.
Each website sees the IP of the vpn.

Some businesses have vpn for employees to connect to from home, or from elsewhere away from the business location.

People who use vpn often (try to) choose one with server located in a legally "safer" country. (stronger privacy laws)

I believe those are the most significant differences.

Ferri

January 16, 2020

Permalink

GRRRR ... here we go again ... How do you put tabs below address bar ?
this has been a continuous complaint for over 10 yrs and firefox coders still won't give the option of switching it to where we want/need it as part of regular settings! Why?

Ferri

January 18, 2020

Permalink

B"H

Hello

The new Tor 904 version doesn't open on my computer, but does leave a Firefox.exe process running.

Please fix this.

Sincerely, Dovid

Ferri

January 18, 2020

Permalink

Improve the indicators of a new version.

Most of the time, I start a new identity rather than close Tor browser. Today, I closed it to fix a taskbar problem. When I reopened Tor browser, I watched it install an update, and after it started, about:tor said 9.0.2. I opened Help -> About Tor Browser, and it had a button to restart and apply an update even though I just did. I clicked, it closed, installed an update, and said 9.0.2 again. I went to About Tor Browser, and it had the button again. It wasn't updating. I had more than enough space free. Maybe I ran out of space at some point weeks ago, but I had enough now. There wasn't any indication that versions above 9.0.2 were released. What caught my attention was the progress bar showing that Tor browser always installed an update every time I opened it. To a novice, that's all they would see. They wouldn't know they should open Help menu or the website or blog. They would think 9.0.2 was the latest version and be stuck on it none the wiser.

Linux 64, Cinnamon

I deleted the folder and installed 9.0.4 from scratch. About Tor Browser says "up to date". I'll remember to watch if it auto-updates to future versions properly. In blog posts for 9.0.1 to 9.0.3, a few comments talked about red screens, "Something went wrong", and problems updating. I never saw a red screen. I don't think my problem had something to do with to theirs.

If you still have a copy of the non-working 9.0.2, you can help us debug the issue, by setting the pref app.update.log to true, and starting the browser with the `--debug` option. You might also be able to find some update logs in the updates/ directory.

Join the discussion...

We encourage respectful, on-topic comments. Comments that violate our Code of Conduct will be deleted. Off-topic comments may be deleted at the discretion of the post moderator. Please do not comment as a way to receive support or report bugs on a post unrelated to a release. If you are looking for support, please see our support portal or ways to get in touch with us.

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

15 + 5 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.