New Release: Tor Browser 8.0.4

Tor Browser 8.0.4 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

Tor Browser 8.0.4 contains updates to Tor (0.3.4.9), OpenSSL (1.0.2q) and other bundle components. Additionally, we backported a number of patches from our alpha series where they got some baking time. The most important ones are

  • a defense against protocol handler enumeration which should enhance our fingerprinting resistance,
  • enabling Stylo for macOS users by bypassing a reproducibility issue caused by Rust compilation and
  • setting back the sandboxing level to 5 on Windows (the Firefox default), after working around some Tor Launcher interference causing a broken Tor Browser experience.

Moreover, we ship an updated donation banner for our year-end donation campaign.

The full changelog since Tor Browser 8.0.3 is:

  • All platforms
    • Update Firefox to 60.4.0esr
    • Update Tor to 0.3.4.9
    • Update OpenSSL to 1.0.2q
    • Update Torbutton to 2.0.9
      • Bug 28540: Use new text for 2018 donation banner
      • Bug 28515: Use en-US for english Torbutton strings
      • Translations update
    • Update HTTPS Everywhere to 2018.10.31
    • Update NoScript to 10.2.0
    • Bug 1623: Block protocol handler enumeration (backport of fix for #680300)
    • Bug 25794: Disable pointer events
    • Bug 28608: Disable background HTTP response throttling
    • Bug 28185: Add smallerRichard to Tor Browser
  • Windows
    • Bug 26381: about:tor page does not load on first start on Windows
    • Bug 28657: Remove broken FTE bridge from Tor Browser
  • OS X
    • Bug 26475: Fix Stylo related reproducibility issue
    • Bug 26263: App icon positioned incorrectly in macOS DMG installer window
  • Linux
    • Bug 26475: Fix Stylo related reproducibility issue
    • Bug 28657: Remove broken FTE bridge from Tor Browser
  • Build System
    • All Platforms
      • Bug 27218: Generate multiple Tor Browser bundles in parallel
khled.8@hotmai.com

January 05, 2019

Permalink

It would be nice to end this problem of every time I start Microsoft Windows 7 again, connect using OpenVPN (doesn't matter the service provider, happens with all) I always get, the first time I try to connect, the error window explaining that TorBrowser is not properly protecting the session. The only way to bypass the error is to close, and execute TorBrowser all over again. The second time I can always connect without problems.

This is happening at least since these new 8 version based on Firefox 60, in previous version I never had any problem.

I've read the same problem from other users in the past here in the Blog so I'm sure I'm not the only one having these problem.

But I don't know it they were connecting to normal Internet or to a OpenVPN service provider first like I'm doing it, to conceal the use of TorBrowser/ Onion use from the ISP (they don't have any problem with the use of ONION, they don't attempt to block it, but one can only guess that should the local government changes their mind in the future I would be immediately in their gray/ red/ black list for using Onion network).

khled.8@hotmai.com

January 05, 2019

Permalink

Why does the TorBrowser seems to only connect to EUA, Canada, Russia and European country's? There aren't any Onion servers on South and Central America country's? And also none in Africa?
It seems that almost all Onion servers are located in country's in 14 eyes (EUA promoted spying network) or with strong bonds with these country's.
It is very strange!

14 eyes and very closed friends: Australia, Canada, New Zealand, United States of America, Denmark, France, Netherlands, Norway, Germany, Belgium, Italy, Sweden, Spain, Israel, Singapore, South Korea, Japan, United Kingdom (including: Akrotiri and Dhekelia, Anguilla, Bermuda, British Antarctic Territory, British Indian Ocean Territory, British Virgin Islands, Cayman Islands, Falkland Islands, Gibraltar, Montserrat, Pitcairn, Henderson, Ducie and Oeno Islands, Saint Helena, Ascension and Tristan da Cunha, South Georgia and the South Sandwich Islands, Turks and Caicos Islands)

Tier B countries with which the Five Eyes have “focused cooperation” on computer network exploitation, including:
Austria, Belgium, Czech Republic, Denmark, Germany, Greece, Hungry, Iceland, Italy, Japan, Luxembourg, Netherland, Norway, Poland, Portugal, South Korea, Spain, Sweden, Switzerland and Turkey.

khled.8@hotmai.com

January 10, 2019

Permalink

http://browserspy.dk/gecko.php
User Agent Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
and should be
User Agent Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0

I really don't get this aversion to adblockers! The "concept" of not wanting to break websites would suggest that all websites could be trusted equally. They fucking can't and the only two things achieved with dropping Ublock is that websites take longer to load and my anonymity gets broken because I'll have to install it myself for a proper browsing experience.
But hey, I shouldn't be surprised, after all the most secure tor browser setting still allows frames of untrusted sites in noscript instead of fully blocking them and deprecating any such objects. Hence the connections to the sites still appear in https everywhere.

To my mind, you should really put umatrix in here instead of noscript with a proper setting that only allows the bare minimum like text, frame and css by standard in safe mode.

HELP NEEDED!!! VERY URGENT!!!

keeps on loading. and when finally in only half of each page visible. I AM EXTREMELY AGITATED ABOUT THIS!!!

804 not work

What do you mean? What is happening? Do you get errors If so, which? On which operating system are you on?

Are there any good search engines for Tor Browser?
SP and DDD suck, anyone knows ifGibiru is good?

Since Startpage changed their whole look, they are just inferior, results are just not what it used to be not displaying anything or slow, etc. etc...
DuckDuck is so slow, even their Onion version is even slower and buggy, all the time I get Error 400 or 500. and the CEO is all over the news, with BS, not sure if thats a good thing. THey are not saying they dont use supercookies for tracking, or scripts, fingerprints etc...

I have been searching for a while, and found 1 or 2
what do you guys think of this one www.gibiru.com ? seems fast, and claim the same as DDD or Startpage
no IP tracking no cookies. I wonder about supercookies, scripts etc.

another decent one is https://www.discretesearch.com/
any thoughts?

https://www.qwant.com is kind of slow and they are throttling traffic from TOR "too many searches from same IP"

I use 8.0.4.

I faced an error in mega.nz. My setting is that security setting is safer and script is enabled in NoScript.
The error is that
MEGA failed to load because of

The file "lang/en_foo.json" could not be loaded.

Please click OK to refresh and try again.

If the problem persists, please try disabling all third-party browser extensions, update your browser and MEGA browser extension to the latest version.If that does not help, contact support@mega.nz

BrowserID: mozilla/5.0 (macintosh; intel mac os x 10.13; rv:60.0) gecko/20100101 firefox/60.0

Static server: https://eu.static.mega.co.nz/3/

OS was not Windows but intel mac os x 10.13. My OS was revealed. Is this a bug or not?

Right now this is expected behavior, I think. But we have a plan to address this information leak, see: https://trac.torproject.org/projects/tor/ticket/28290.

I am looking forward to it.

"MEGA failed to load because of"

The same with k2s.cc, too?
This site isn't working with NoScript.