New Release: Tor Browser 10.0.14

Tor Browser 10.0.14 is now available from the Tor Browser download page and also from our distribution directory.

This version updates Desktop Firefox to 78.9.0esr. In addition, Tor Browser 10.0.14 updates NoScript to 11.2.3, and Tor to 0.4.5.7. This version includes important security updates to Firefox for Desktop.

Note: An update for Android Tor Browser is not included in this release.

The full changelog since Desktop Tor Browser 10.0.13 is:

  • Windows + OS X + Linux
    • Update Firefox to 78.9.0esr
    • Update NoScript to 11.2.3
    • Update Tor to 0.4.5.7
    • Bug 40031: Remove survey banner on TB-stable
  • Build System
    • Windows
      • Bug 40249: Bump mingw-w64 and clang for Firefox 78.9
Anonymous

March 25, 2021

Permalink

Since 10.0.14 on Windows OS, I am detected in 998x699 pixels by websites
Before, I was in 1000x700
Is it a Windows OS version bug ? I am always detected in 1000x700 in Mac OS version and Tails OS version.
Thank you for your incredible work !

Yes, this is a question about uniqueness. Tor Browser tries to reduce the measurable differences across all users. An alternative approach is introducing randomness into every feature, and making everyone look different, but everyone's uniqueness changes over time. Historically, Tor Browser prefers sameness over uniqueness.

Anonymous

March 25, 2021

Permalink

Why remove the survey banner so soon? It was present for only 1 version (or 2 or linux), wouldn't you get more feedback if it wasn't removed?

Anonymous

March 25, 2021

Permalink

The default duckduckgo search is still not working with the security level set to "safest"...

Anonymous

March 25, 2021

Permalink

In reply to a comment to the post for 10.0.13, sysrqb said:
"bookmarks could be used as a tracker if the page you bookmark is somehow unique/special to you"

To clarify to users, web pages cannot read the bookmarks in your Library as far as I know. I assume one of the things that sysrqb meant are addresses that are appended with unique parameters like &var=UN1QU3V151TC0D3 or strings of random characters. Some of those kinds of parameters are there for the web site to track your browser as you click from one page to another. Some might be for tracking your actions. Some might be used to verify you if you log in somewhere. Some might not be used to track you but rather used to indicate a page name or content on the server. Read about add-ons like ClearURLs and Neat URL, but you're strongly discouraged from installing add-ons in Tor Browser. If you save a bookmark that contains parameters that mark you as unique and then you start a New Identity, if you open that bookmark, those parameters can be used to continue tracking you in your New Identity.

The person whom sysrqb was answering, onan, sounded like English wasn't their first language, so I cringed at the answer that could be interpreted as if web sites can read your folders of bookmarks even if you don't open them. However, bookmarks are saved on your computer drives, so users should consider physical security and drive encryption because drives can be seized, lost, stolen, given away, thrown in the trash, intercepted in travel, sent for repairs, or be out of your vicinity for other reasons. A safer but less practical method would be to use a live DVD/USB operating system like Tails that doesn't save data to disk by default.

In onan's second question, the "option to restore past bookmarked pages" is located in the Library window when you click "Show All Bookmarks". Firefox (and Tor Browser) save up to 15 backup files as *.jsonlz4 in the /[profile]/bookmarkbackups folder. Tor Browser supports saving, importing, and exporting bookmarks.

Onan then said, "this could be a problem in a public computer, when many persons want to use same account." It sounds like a kiosk or an Internet café. That is an interesting new persona to study, Community Team!! (to Gus, et al.) Usually though, public computers are configured for a guest account and/or to automatically log out after a period of time and delete the guest account's files.

Anonymous

March 25, 2021

Permalink

As you don't show the survey option in this update, I would be interested in what you have learnt from the survey replies. Maybe you could include a separate report sometime regarding the response and replies

All the best

cheers

Anonymous

March 25, 2021

Permalink

https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.ht…

https://twitter.com/FiloSottile/status/1375088690729517059
"CVE-2021-3449 looks like it could have been found easily if anyone figured out how to fuzz renegotiation, but renegotiation is sadness.
Anyway, sounds like you can crash most OpenSSL servers on the Internet today."

Apps that use a vulnerable OpenSSL version should upgrade to OpenSSL 1.1.1k as soon as possible.

Anonymous

March 27, 2021

Permalink

The last apk files (10.0.12) of Tor Browser for Android isn't available anymore on a server. Is that means what new release is coming?

Anonymous

March 28, 2021

Permalink

Where can I find some simple tips for troubleshooting debugging Tor Browser on Android? It's been crashing a lot recently, but it doesn't give me any details other than "Tor Browser has stopped." On desktop, a quick and simple trick is to run it in a terminal so you can hopefully see some output after a crash.

As far as I know, Android only has logcat and adb, both of which present a pretty high bar for the average user. I would like to be able to provide helpful bug reports, but I don't have the time or the knowledge to set up an Android debugging environment. Isn't there a simple way to at least get debug output, or a stack trace, or something, without jumping through hoops?

Anonymous

April 06, 2021

Permalink

Hi, I am using latest Torbrowser for Android 9 and Windows 8. Android version works with snowflake. Windows version lacks snowflake and doesn't work in China. How do I get snowflake on windows? Thanks.