New Release: Tor Browser 10.0.2

Tor Browser 10.0.2 is now available from the Tor Browser download page and also from our distribution directory.

This release updates Firefox to 78.4.0esr and NoScript to 11.1.3. This release includes important security updates to Firefox.

Note: Now Javascript on the Safest security level is governed by NoScript again. It was set as false when on Safest in 9.5a9. The javascript.enabled preference was reset to true for everyone using Safest beginning in Tor Browser 10.0 and you must re-set it as false if that is your preference.

The full changelog since Tor Browser 10.0.1 is:

  • Windows + OS X + Linux
    • Update Firefox to 78.4.0esr
    • Update NoScript to 11.1.3
    • Bug 40192: Backport Mozilla Bug 1658881
    • Translations update
  • Linux
Søborg

October 22, 2020

Permalink

I am unable to locate the torrc file at all with this version. Although Tor seems to be listening on 9150, I would want to change that to a static port of choice, for instance. All that I am seeing in my (Catalina - 10.15.7 & Tor 10.0.2) `Applications/Tor Browser.app/Contents/Resources/TorBrowser/Tor` are the below files:

  1. -rw-rw----@ 1 admin admin 4913550 Oct 22 13:11 geoip<br />
  2. -rw-rw----@ 1 admin admin 3156350 Oct 22 13:11 geoip6<br />
  3. -rwxrwx---@ 1 admin admin 735 Oct 22 13:11 tor*<br />
  4. -rw-rw----@ 1 admin admin 1232 Oct 22 13:11 torrc-defaults

the torrc-defaults is nothing like what is mentioned here

I would also want to be able to say set the control port password, which I used to be able to do earlier with the torrc.

Where do I find the torrc file ??
Also, if it helps the only 2 locations I find any file by the name torrc on my system are these:

  1. `/System/Volumes/Data/Users/admin/Library/Application\ Support/TorBrowser-Data/Tor/`
  2. `/Users/admin/Library/Application\ Support/TorBrowser-Data/Tor/`

https://support.torproject.org/tbb/tbb-editing-torrc/

Your 1. or 2. are likely deep within a symbolic link to the other, represented by an l as the first letter of the permission lines output by ls -l and an arrow near the end of the line showing where the link points. Notice they are identical after /System/Volumes/Data/. Tor Browser.app is the installer that you downloaded whereas ~/Library contains the directory where you installed it. Look in ~/Library as the support answer explains.

That's what the support link suggests.

On macOS:

The torrc is in the Tor Browser Data directory at ~/Library/Application Support/TorBrowser-Data/Tor.
Note the Library folder is hidden on newer versions of macOS. To navigate to this folder in Finder, select "Go to Folder..." in the "Go" menu.
Then type "~/Library/Application Support/" in the window and click Go.

This ~/Library/Application Support/TorBrowser-Data/Tor however does not have the torrc!

Søborg

October 22, 2020

Permalink

Eure Version ab 10. wird von AVAST als Virus eigeordnet und damit ist TOR-Browser unbenutzbar.

Ist gerade nur einmal möglich, da 9er Version zurückgespielt, aber blödes TOR(Firfox)update zwangsweise gleich TOR unbrauchbar macht!

Hilfe nirgends sichtbar, geschweige durch neue TOR-Version behoben. Danke AVAST, die auch mail.de blocken! Datenverrat ab Legislativen für und von Unternehmen in Deutschland leider LEGITIMIERT!

https://support.torproject.org/de/tbb/tbb-10/
https://support.torproject.org/de/tbb/antivirus-false-positive/

Have you updated the virus definition files of your antivirus scanner? Some scanners are not able to recognize new software until a few days after the software is released and you update your scanner. You commented on October 22, and Tor Browser 10.0.2 was released on October 20.

Søborg

October 23, 2020

Permalink

With version 10.0.2 I am having lots of crashes (2/3 per day) by just opening links in new tabs (wheel button).
This didn't happen in 10.0.1 and before. It was a few years I didn't see crashes on Tor.
From the comments looks like it happens only to me / my configuration (win10 updated).
I also noticed that https kicks in randomly on .onion sites: shouldn't make sense, isn't it?

Still crashes each time I use Tor. Only happens on click on link with middle mouse button to open a new tab. But totally random, couldn't find a pattern. Really annoying.

Søborg

October 23, 2020

Permalink

Hallo Torproject,
is Torbrowser needing "network.proxy.enable_wpad_over_dhcp:true" or is this a problem of privacy?

Søborg

October 24, 2020

Permalink

The javascript note is very confusing.
>Now Javascript on the Safest security level is governed by NoScript again. It was set as false when on Safest in 9.5a9. The javascript.enabled preference was reset to true for everyone using Safest beginning in Tor Browser 10.0 and you must re-set it as false if that is your preference.
>and you must re-set it as false if that is your preference.
>if that is your preference.
This is worded strangely.
1. Am I not "really" preferring javascript to be disabled in Security Level: Safest?
2a. Wouldn't ticking javascript.enabled to 'false' be a potential vector for deanonymization?
2b. Or are you saying that this about:config option has been made irrelevant due to the privileging of NoScript settings completely over those of the browser?

This is saying that NoScript controlling whether javascript is executed should be as safe as disabling javascript via the |javascript.enabled| pref in about:config. We know there are Tor Browser users who use the Safest level but they selectively enable javascript on some sites. This is not a behavior Tor Browser should prevent. However, if you never want javascript enabled on any site or you don't trust NoScript, then you may change |javascript.enabled| in about:config.

This announcement in the blog post was needed because when we originally forced disabling javascript via the preference on the Safest level, we did not save if Tor Browser had |javascript.enabled| as |false| already. Therefore, now when moving users back to disabling javascript via NoScript, all users must be moved because Tor Browser doesn't remember if you previously manually set the preference.

Søborg

October 25, 2020

Permalink

It always starts with http, 9.54 has no problem with starting with https. Why is it apparently impossible to start with https in Tor10.x.x?

What happens if i use?:
dom.security.https_only_mode = true
dom.security.https_only_mode_ever_enabled = true
dom.security.https_only_mode.upgrade_local = true
dom.security.https_only_mode.upgrade_onion = true

If i do and open qrmfuxwgyzk5jdjz.onion, i.e., it says:Secure Connection Unavailable - You’re browsing in HTTPS-Only Mode and i have to "accept the risk", because qrmfuxwgyzk5jdjz.onion is http-only. But it doesn´t do the same for http-only-non-onion sites.

Søborg

October 25, 2020

Permalink

Cannot comment here with 10.0.2, it goes into an endless loop, but 9.54 has no problem. To the best of my knowledge, all my settings are the same in both versions.

Søborg

October 30, 2020

Permalink

Change text "Firefox" to "Tor Browser" in "Unable to connect" error message

"Unable to connect"
"Firefox can't establish a connection to the server at"
"www.[domain].com"
Blue Mozilla small dinosaur holding two plugs.
"Try Again" blue button
[Three bullets] The third one correctly says: "If your computer or network is protected by a firewall or proxy, make sure that Tor Browser is permitted to access the Web."

Søborg

November 04, 2020

Permalink

I have noticed that sometimes on Onion services (v3) the back-up guard node takes over from the guard. I have not seen this happen on non-onion services.

Have you any thoughts on why this is happening?

Thank you.