New Release: Tor Browser 10.0.2

Tor Browser 10.0.2 is now available from the Tor Browser download page and also from our distribution directory.
This release updates Firefox to 78.4.0esr and NoScript to 11.1.3. This release includes important security updates to Firefox.
Note: Now Javascript on the Safest security level is governed by NoScript again. It was set as false when on Safest in 9.5a9. The javascript.enabled preference was reset to true for everyone using Safest beginning in Tor Browser 10.0 and you must re-set it as false if that is your preference.
The full changelog since Tor Browser 10.0.1 is:
Android version?
Android version?
The Android version is not…
The Android version is not ready.
I sad
I sad
When will Snowflake be ready…
When will Snowflake be ready for the stable _Tor Browser release?
Most likely some time next…
Most likely some time next year.
On safest, "Donate Now" on…
On safest, "Donate Now" on about:tor is not visible. To test, change security level and refresh the page.
Thanks https://gitlab…
Thanks
https://gitlab.torproject.org/tpo/applications/torbutton/-/issues/40020
please back up the bridges
please back up the bridges
What do you mean? Bridges…
What do you mean? Bridges are preserved if you automatically update, so you don't need to do anything.
If you want to back up custom bridges you pasted in your Tor preferences, then open the preferences and copy them. Hamburger menu --> Preferences --> Tor --> Bridges. That GUI saves them in your torrc file.
However, if you use Tails, bridges are erased every time you shut down the OS. That could help or harm you depending on the fingerprintability of your hardware and whether you are mobile.
What about the top recent 0…
What about the top recent 0-day vulnerability with "external Fonts"? (0-day vulnerability via fonts - normally may contain PNG injections that can be specially prepared for evil; allegedly this vulnerability is already actively used!)
Does it affect this version??? Does NoScript prevent the issue or we have to use "browser.display.use_document_fonts" to stay safe???
PS. details: https://www.opennet.ru/opennews/art.shtml?num=53922
Requesting a new bridge does…
Requesting a new bridge does not prevent websites from loading in the background. The "Request a new bridge" button should work like a killswitch and prevent any background connections so the ISP can't know that someone is using tor. It'd also be nice to have a "reconnect to bridge" button because the only way to make tor + bridge work on an unstable internet without tor traffic being exposed to the ISP is to restart the whole browser which is annoying.
If you don't want your ISP…
If you don't want your ISP to know that you're using Tor, then configure a bridge when you open Tor Browser for the first time after installing but before the browser window opens and makes connections. Do this by clicking Configure on the Tor Launcher window. If you skipped that and connected to a guard node, you already made it known that you're using Tor. Once the browser is open, then you can request a new, different bridge if you want to in Preferences.
The tor daemon tries to reconnect to the Tor network using your Tor preferences whenever a torified program such as Tor Browser tries to re-establish a connection. You don't need a button. Watch the circuit diagram in your address bar on each tab.
It sounds like you are misunderstanding several things. Please review the Support website, Tor Browser manual, old General FAQ, and open the address
about:tor
and click the onion circle in the top left.Is it safe to use uBlock…
Is it safe to use uBlock Origin instead of NoScript?
NoScript XSS popups are just annoying
According to a Q&A on the…
According to a Q&A on the official Tor website, the answer is NO.
That's not recommended. You…
That's not recommended. You'd be in the minority of TBB users--your browser's fingerprint would stand out.
Tor Browser included in…
Tor Browser included in Tails uses uBlock Origin.
Yes, but for your…
Yes, but for your fingerprint to blend in with other users', it's better to use Tails than to install uBlock yourself.
> NoScript XSS popups are…
> NoScript XSS popups are just annoying
Those popups have an option to "Block all". I think (and hope) they reset when you start a new identity.
Why the Android version asks…
Why the Android version asks for new permissions?
By the way, comments here often don't work without JavaScript.
> comments here often don't…
> comments here often don't work without JavaScript.
https://blog.torproject.org/comment/289727#comment-289727
"Tor Browser 10.0.1 (based…
"Tor Browser 10.0.1 (based on Mozilla Firefox 78.3.0esr) (64-bit)" does not update to 10.0.2 . It answers with "Tor Browser is up to date". The initial installation was done with 'torbrowser-install-win64-9.0.9_en-US.exe'. Afterwards it was always updated to each latest release. But now it fails. Known issue?
Did not automatically or…
Did not automatically or manually update from within the app. I had to download and install.
Hi! Automatic updater does…
Hi!
Automatic updater does not seem to work on Linux (Debian and Whonix) as it usually does. I am stuck on Tor browser 10.0.1.
If I try to update manually (Burger Menu-> "Help" -> "About Tor Browser"), Tor Browser says: "Tor Browser is up to date".
This never occurred before.
Cheers.
This should be resolved now…
This should be resolved now. Please try again.
Yes it is. Thanks
Yes it is.
Thanks
On Oracle Linux 7 (64 bit)…
On Oracle Linux 7 (64 bit) it complains about not being able to install the latest version (even though it is indeed the latest version).
Hello, I have had this…
Hello, I have had this problem for about a month. I have tried various solutions but none were effective. Please, if you help me, I appreciate..
Nombre del evento de problema: APPCRASH
Nombre de la aplicación: firefox.exe
Versión de la aplicación: 78.3.0.7427
Marca de tiempo de la aplicación: 00000000
Nombre del módulo con errores: RPCRT4.dll
Versión del módulo con errores: 6.1.7600.16385
Marca de tiempo del módulo con errores: 4a5be035
Código de excepción: c0000005
Desplazamiento de excepción: 0000000000049518
Versión del sistema operativo: 6.1.7600.2.0.0.256.48
Id. de configuración regional: 11274
Información adicional 1: c44b
Información adicional 2: c44bb8e579ee3565939a4f25524d7059
Información adicional 3: c344
Información adicional 4: c344e560ffdc86336feb659194704a5f
Hello, I have had this…
Hello, I have had this problem for about a month. I have tried various solutions but none were effective. Please, if you help me, I appreciate..
Nombre del evento de problema: APPCRASH
Nombre de la aplicación: firefox.exe
Versión de la aplicación: 78.3.0.7427
Marca de tiempo de la aplicación: 00000000
Nombre del módulo con errores: RPCRT4.dll
Versión del módulo con errores: 6.1.7600.16385
Marca de tiempo del módulo con errores: 4a5be035
Código de excepción: c0000005
Desplazamiento de excepción: 0000000000049518
Versión del sistema operativo: 6.1.7600.2.0.0.256.48
Id. de configuración regional: 11274
Información adicional 1: c44b
Información adicional 2: c44bb8e579ee3565939a4f25524d7059
Información adicional 3: c344
Información adicional 4: c344e560ffdc86336feb659194704a5f
RPCRT4.dll is the Remote…
RPCRT4.dll is the Remote Procedure Call (RPC) API, used by Windows applications for network and Internet communication. source many of the errors from your log are also associated with dllhost.exe
Is windows updated? You can try removing/installing dotnet 4.0 or such, that might fix it.
how to turn off animations…
how to turn off animations/effects like it was with toolkit.cosmeticAnimations.enabled;false in previous version of firefox?
`ui.prefersReducedMotion` = …
`ui.prefersReducedMotion` = `1`. It's a hidden pref, so you need to create it. RFP covers this for web content, so you won't leak any entropy
Interesting, wouldn't it be…
Interesting, wouldn't it be a good idea to add an entropy warning to about:config settings that aren't covered? Also including something similar to TorZillaPrint (but more user friendly) into the browser rather than github that covers all these things, would seem like a good idea.
> wouldn't it be a good idea…
> wouldn't it be a good idea to add an entropy warning to about:config settings
Not practical: prefs come and go all the time. Long term the strategy would be to make RFP less susceptible to external factors - e.g. some RFP patches bypass/ignore prefs. Canvas spoofing, for example, doesn't expose the canvas to extensions.
That said, there's an "easier" way: lock extensions to only those bundled (I'd like to see this TBH, in release and unlocked for alpha), lock out about:config and ignore user.js + auto config on start. Hide everything in preferences needed to be hidden. But I don't think anyone wants to go down that road
That said, I think there are other more generic things that could be done: such as a warning for about:config that can't be disabled: not the "I accept the risk" warning that can be dismissed: I mean a bar across the top that says "Tor Browser says here be dragons - with a RESET button". And in the addons panel it could do the same re a warning. In preferences, some items could be tagged as "don't play with this".
I personally have never ever seen any message **in** Tor Browser that says not to mess with settings and not to install extensions - so NFI how new users are supposed to know. There's a at least a couple of open tickets dealing with these
I was thinking something…
I was thinking something like, a status page, perhaps included in about:tor that gives a basic status to show how unique your browser is, by loading something similar to TorZillaPrint, and give the user an easy way to fix the problems, disable add-ons, reset specific settings, etc.
It would seem to make sense to rather make the browser 'safe' by design rather than having expectations of users. I don't think it's a good idea to restrict the user, for example, I have to use many tweaks that likely make my browser more unique due to disabilities.
Just an example of some random ideas (have many). Load the web content, and only then, allow modifications to the content whilst disabling javascript, XHR connections, etc. These things cause breakage, but at least they would enable safer browsing.
Always a good idea to have more warnings. Though the adage of teaching 'why' and 'how' not just saying 'no', is a good one.
Thank you for the detailed reply.
about:config > image…
about:config > image.animation_mode > set to: none > save > close tab
> about:config > image…
> about:config > image.animation_mode > set to: none > save > close tab
I think that can be fingerprinted (as it affects web content) if I understand this correctly: https://www.npmjs.com/package/animated-gif-detector . See my earlier reply if you want to disable chrome/UI animations as per the old toolkit pref
Hi sysrqb, No Tor-project…
Hi sysrqb,
No Tor-project Blog announcement page for Tails 4.12 : https://blog.torproject.org/new-release-tails-412
They have their own web site…
They have their own web site:
https://tails.boum.org/news/version_4.12/index.en.html
Hi! What's the latest tor…
Hi! What's the latest tor browser User Agent string now? Has it changes since 9.x days?
Yes: User-Agent: Mozilla/5.0…
Yes:
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
https://wtfismyip.com/headers
Why does a blog page here…
Why does a blog page here never stops auto reloading after posting a comment? Opening a new tab with the page doesn't help either. Also, comment form is not shown while the page is in this auto reload zombie mode. This behaviour has been going on for over 2-3 months now. JavaScript is disabled on my side.
That shouldn't be happening…
That shouldn't be happening. Are you in safest mode? Any add-ons enabled?
about:config
accessibility.blockautorefresh;true
javascript.enabled;false
Does it fix with any of these options?
> JavaScript is disabled on…
> JavaScript is disabled on my side.
That's the problem. https://blog.torproject.org/comment/289727#comment-289727
Thanks for the link!
Thanks for the link!
Could you add an option to…
Could you add an option to block all background connections into Tor Browser? Thank you.
Is the privacy friendly…
Is the privacy friendly elemination of Firefox forced sending to
firefox.settings.services.mozilla.com
in Torbrowser applicable for everyone in vanilla Firefox?
Would be very nice.
When you finally fix that…
When you finally fix that bug with button that switches security levels??? It still doesn't work so we always forced to go in about:config to switch these levels.
Can you please be more…
Can you please be more specific about the bug you're experiencing?
I think he means the fact…
I think he means the fact that you can't change security levels anymore without going to about:preferences
If you're going to keep…
If you're going to keep using geoip at least update it. it's been how many months since maxmind changed their system just to opt-out california ip? in the meantime many of tor network nodes have changed jurisdiction.
you have other options for sourcing geoip files.. some of which require less processing than maxmind mmdb
fix it this isn't hard