New Release: Tor Browser 10.0.17

Tor Browser 10.0.17 is now available from the Tor Browser download page and also from our distribution directory.

This version updates Firefox to 78.11esr. In addition, Tor Browser 10.0.17 updates NoScript to 11.2.8, HTTPS Everywhere to 2021.4.15, and Tor to 0.4.5.8. This version includes important security updates to Firefox for Desktop.

Warning:
Tor Browser will stop supporting version 2 onion services later this year. Please see the previously published deprecation timeline. Migrate your services and update your bookmarks to version 3 onion services as soon as possible.

Note: The Android Tor Browser update will be available next week.

The full changelog since Desktop Tor Browser 10.0.16:

  • Windows + OS X + Linux
    • Update Firefox to 78.11.0esr
    • Update HTTPS Everywhere to 2021.4.15
    • Update NoScript to 11.2.8
    • Update Tor to 0.4.5.8
    • Bug 27002: (Mozilla 1673237) Always allow SVGs on about: pages
    • Bug 40432: Prevent probing installed applications
    • Bug 40037: Announce v2 onion service deprecation on about:tor
Anonymous

June 02, 2021

Permalink

Do I change the fingerprint if I display the Menu Bar on top?

I go to View-Toolbars-Menu Bar ( checked)

Or if I remove the Bookmark Toolbar:
View-Toolbars-Bookmarks Toolbar

Thanks

Anonymous

June 02, 2021

Permalink

The new banner on about:tor, "Tor is ending support...," links to Learn More, but that page doesn't say anything about v2 or v3. The page does however give a v2 address, and only a v2 address, as a proper example of an onion service under the question, " I've heard about websites that are only accessible over Tor."

Please note the second part of that comment concerned that Support lists "only a v2 address". The GitLab issue in your reply does not mention it. Here are some support pages that mention "only a v2 address":

https://support.torproject.org/onionservices/onionservices-1/
https://tb-manual.torproject.org/onion-services/#troubleshooting
https://support.torproject.org/onionservices/onionservices-3/

Anonymous

June 02, 2021

Permalink

Regarding the deprecation of v2 onions, has there been any news from DuckDuckGo about upgrading their service to v3?

I have not sighted any news about this.

P.S. Why is the DuckDuckGo search not set to Onion by default? Is it due to their use of v2?

Anonymous

June 02, 2021

Permalink

Tor WARN: Received http status code 404 ("Consensus is too old") from server 78.47.103.109:443 while fetching consensus directory.

Anonymous

June 03, 2021

Permalink

Tor WARN: Received http status code 404 ("Consensus is too old") from server 78.47.103.109:443 while fetching consensus directory.
On every startup?

Anonymous

June 03, 2021

Permalink

EFF (Full): A new ruleset bundle has been released, but it is older than the extension-bundled rulesets it replaces.  Skipping.

Yes, that's because they don't update rulesets on their update channel. They stopped to accept new rulesets, but that doesn't mean the end of maintaining the existing ones. So, at least, a June update should exist.

Anonymous

June 03, 2021

Permalink

Hi, I'm from Iran, I cannot connect to Tor (with or without bridge) since yesterday even if I am using a proxy that changes my IP

There is a sharp increase in bridge users from Iran using obfs4 that started at the end of the month 2021-05 (May). The increase is nominal when compared to bridge users from all countries in the same time period.

Try changing your bridge. Try a different obfs4 bridge, or try a meek bridge. If you use a proxy or VPN in the chain before Tor, there could be an issue in that proxy. You could also try a bridge that uses a port that is usually open such as 443. If none of those help you, I guess it could be an issue in your ISP or country. Here's some more information about connecting from Iran.

Please supply more information if you find any. Read how to contribute to the Tor metrics timeline.

Anonymous

June 03, 2021

Permalink

DuckDuckGo founder and CEO: “We're delighted that EFF has now entrusted DuckDuckGo to power HTTPS Everywhere going forward, using our next generation Smarter Encryption dataset."
Where are the statements from the Tor Project? Have you silently entrusted DuckDuckGo too?

Anonymous

June 03, 2021

Permalink

Hi again, I posted a comment about 30 miniutes ago and said I cannot connect to Tor in Iran since yesterday, I downloaded the last Tor version and now I am able to connect to Tor network, Thank you guys!

Anonymous

June 03, 2021

Permalink

FYI:
* Last time - (16.05.2021 & TBB10.0.16) https://blog.torproject.org/comment/291807#comment-291807 - I had "10FVVUV & 99.01% unique".
* For now (04.06.2021 & TBB10.0.17) I got -
"0FVVVV - This is your identifier. It was seen 5002 times among 54006 tests so far.
That means it is 90.74% unique. Want to try again? We have generated your identifier based on 0 applications you have installed. Out of 24 applications in our database."

Is it a final solution?

> That means it is 90.74% unique.

I get 0FVVVV too on Tor Browser 10.0.17. The identifier has now been seen 6657 times among 64255 tests so far. That means it is 89.64% unique... based on 0 applications you have installed out of 24 applications in our database. It's looking better.

As long as that identifier is based only on detecting whether applications are installed, comparing it to identifiers retrieved from other browsers makes some sense but could be improved. It wouldn't make sense to compare browser fingerprints of regular browsers like Chrome and Safari with the fingerprints of Tor Browser because Tor Browser is made to stay as identical as possible in every installation, but regular browsers are not. Sites like EFF's panopticlick give comparisons that would be more meaningful if they compared Tor Browser with only other Tor Browsers to find anomalies in its intended uniformity. That is the goal of projects like TorZillaPrint.

Anonymous

June 06, 2021

Permalink

I just downloaded from here, the latest version for android, and now it is flooded with CaptCha, what's up with that?

"[...] never explicitly blocked"

Wrong. Till "Wed, 22 Jan 2020" it WAS working.
Read mozillas docs and you know why this is not working as it should be: "-pref("permissions.default.image", 1);[...], 3-dontAcceptForeign"
https://hg.mozilla.org/mozilla-central/rev/dea8bc3b320a
author pbz
Wed, 22 Jan 2020 10:45:15 +0000
changeset 511088 dea8bc3b320acdd689a27596a0a54eb794941333
parent 511087 74493854a1b6478d5a9c3674df1369788783eeee
child 511089 798234088fd904c05e9312a0f703980e284d3bf7
push id 37045
push user csabou@mozilla.com
push date Wed, 22 Jan 2020 21:48:55 +0000
#---------------------------------------------------------------------------
# Prefs starting with "permissions."
#---------------------------------------------------------------------------
+# 1-Accept, 2-Deny, Any other value: Accept
+- name: permissions.default.image
+ type: RelaxedAtomicUint32
+ value: 1
+ mirror: always
[...]
-pref("permissions.default.image", 1); // 1-Accept, 2-Deny, 3-dontAcceptForeign

> with TBB 10.0.17, you can't stop loading clearnet urls, non-onion, images with 'permissions.default.image'.

Note: that will affect your browser fingerprint

"that will affect your browser fingerprint"

Sure, if you define that as normal that .onion sites load tracker, clearnet-cdns like akamai, amazon, microsoft and the user is strangle enough prohibited to stop this.
When the TBB normally loading Flash and Java, to stop this "will affect your browser fingerprint", too.

Anonymous

June 07, 2021

Permalink

I updated my tor only to find my virus checker sees it as malware now ???
and puts it in quarantine

That support FAQ answer does not state that the error is usually because the virus scanner's maintainers have not updated its virus definition files to include the very new version of Tor Browser that's usually less than 3 days old when most complaints appear. Often, the user simply has to give them some time after Tor is released and then update their virus scanner. If the user doesn't want to wait, then yes, they can follow the linked answer as it's currently written to configure their scanner to ignore and never scan Tor Browser's EXE files. I personally don't like that answer.