New Release: Tor Browser 10.0.17

Tor Browser 10.0.17 is now available from the Tor Browser download page and also from our distribution directory.

This version updates Firefox to 78.11esr. In addition, Tor Browser 10.0.17 updates NoScript to 11.2.8, HTTPS Everywhere to 2021.4.15, and Tor to This version includes important security updates to Firefox for Desktop.

Tor Browser will stop supporting version 2 onion services later this year. Please see the previously published deprecation timeline. Migrate your services and update your bookmarks to version 3 onion services as soon as possible.

Note: The Android Tor Browser update will be available next week.

The full changelog since Desktop Tor Browser 10.0.16:

  • Windows + OS X + Linux
    • Update Firefox to 78.11.0esr
    • Update HTTPS Everywhere to 2021.4.15
    • Update NoScript to 11.2.8
    • Update Tor to
    • Bug 27002: (Mozilla 1673237) Always allow SVGs on about: pages
    • Bug 40432: Prevent probing installed applications
    • Bug 40037: Announce v2 onion service deprecation on about:tor

June 08, 2021


Shortly after launch it tries to connect tcp 110 is pop3. Is this normal behaviour?

> this relay's operator chose port 110

These should be noted also:
-… -- "We recommend port 443 if that is not used by another daemon on your server already. ORPort 443 is recommended because it is often one of the few open ports on public WIFI networks. Port 9001 is another commonly used ORPort."
-… -- "Expose your Tor relay on port 443 (HTTPS) so that people whose firewalls restrict them to HTTPS can still get to it. Also, you should expose your directory mirror on port 80 (that even works if Apache is already listening there; but not working for a bridge)."
- -- "Avoid port 9001 because it's commonly associated with Tor and censors may be scanning the Internet for this port."
- -- "There are also rumors that some of Iran is blocking port 443, so putting your Tor server on strange ports is actually helpful for that too."


June 10, 2021


  1. // If a window is destroyed, and an incognito session existed, see if it still does.<br />
  2. detect_incognito_destruction: async function() {<br />
  3. if (state.incognito_session_exists) {<br />
  4. if (!(await any_incognito_windows())) {<br />
  5. state.incognito_session_exists = false;<br />
  6. this.onIncognitoDestruction();<br />
  7. }<br />
  8. }<br />
  9. },

this is null
during New Identity

@sysrqb An explanation like that or clearer should be on the app store pages because the app stores are where new mobile users ultimately decide whether to install it or not, and it's where most mobile users complain. Don't let ideas for FAQ answers languish in some blog comment.

Many questions you haven't bothered to answer and now can't even be bothered to find the thread? Does this mean ALL Android users will always be getting tracked because you can't bother to remove it? Do trackers get to see what hidden services we visit?

No, the trackers are disabled. Zero information about your browsing behavior should leave your device. If anyone finds this is not the case, then that is a bug and we will fix it. However, the fact that we didn't completely remove the trackers in the app does not mean they are enabled.


June 15, 2021


This error appeared in a red box above this blog post when I posted a comment:

Deprecated function: Function create_function() is deprecated in GeSHi->_optimize_regexp_list_tokens_to_string() (line 4698 of vendor/geshi/geshi/src/geshi.php).


June 15, 2021


Tor as covered by journalists. Hey ggus, add this to :

Shift - Living in the Digital Age, 2021-06-11
Deutsche Welle (DW)
about the darknet and Tor Project

See also:
DW's director general, Peter Limbourg, replies to how traditional media organizations can navigate digitalization and social media.…