New Release: Tor Browser 8.0.6

Tor Browser 8.0.6 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

The main change in this new release is the update of Firefox to 60.5.1esr, fixing some vulnerabilities in the Skia library.

The full changelog since Tor Browser 8.0.5 is:

  • All platforms
    • Update Firefox to 60.5.1esr
    • Update HTTPS Everywhere to 2019.1.31
    • Bug 29378: Remove 83.212.101.3 from default bridges
  • Build System
    • All Platforms
      • Bug 29235: Build our own version of python3.6 for HTTPS Everywhere

I think that's due to a policy on some Windows 10 machines that make folders in locations like the desktop (which the Tor Browser installer offers by default) as read-only. I think we have a comment about that in one of our tickets but I can't find it right now...

1. try ctrl+D to see if the create bookmark comes up. crtl+D

2. try to recall an URL that you have bookmarked.
- manually enter that URL into a tab and go there.
- is the star blue? Does ctrl+d bring up the " 'Edit this bookmark' window" but confirming/implying that the URL is already bookmarked (though inaccessible in any TBB GUI, such as sidebar ctrl+b)

zoobab

February 18, 2019

Permalink

During the update, I had an error dialog box pop up saying:

Error Version 6.0.1 not compatible with Version 6.0.0

Obviously part of the update has NOT worked Correctly !

zoobab

February 18, 2019

Permalink

what is the best privacy browser, i use duck duck go, but i see in the comments that it is not as secure as i thought

zoobab

February 18, 2019

Permalink

This is not cause for panic but should interest Android phone owners who use Tor

zdnet.com
Tor traffic from individual Android apps detected with 97 percent accuracy
New machine learning algorithm can detect when you're using a specific app, such as YouTube, Instagram, Spotify, others.
Catalin Cimpanu for Zero Day
18 Feb 2019

> Italian academics say they've developed an algorithm that can detect the patterns of Android app activity inside Tor traffic with an accuracy of 97 percent. The algorithm isn't a deanonymization script, as it can't reveal a user's real IP address or other identifying details. However, it will reveal if a Tor user is using an Android app... With the algorithm trained, they were then able to point it at Tor traffic and detect whenever the user was utilizing one of the ten apps. Test results showed an algorithm accuracy of 97.3 percent. However, the mechanism they devised isn't as perfect and efficient as it sounds. For starters, it can only be used when there's no background traffic noise on the communication channel, meaning it only works when the user is using his mobile device with one app, and nothing else. If there are too many apps communicating at the same time in the phone's background, TCP traffic patterns get muddled up, and the algorithm's efficiency drops.

zoobab

February 18, 2019

Permalink

I know a similar issue has been reported elsewhere, but in case anyone is interested, I cannot get Tor 8.0.6 running on Linux Mint 16 in turn running on a lenovo z61m. I can download the install file and run it. No errors are reported and the Launching comment appears, but then Tor 8.0 opens along with the message that a new version is available.

FYI it may be a machine issue, because I am also unable to upgrade Linux Mint to a later version, despite an extended conversation in the Mint community.

zoobab

February 20, 2019

Permalink

good

zoobab

February 21, 2019

Permalink

hi
i use tor browser as proxy server in my lan.
my problem start after update tor browser to 8.0.6 version.
problem : android device can not connect to telegram with socks5
before update tor browser work correctly.
my setting in torrc file is:
SocksPort 192.168.0.11:9150
SocksPolicy accept 192.168.0.0/24
help me plz

This problem just for Android devices
another device like (Telegram Desktop Windows, Apple Device)work correctly.
Tor Browser run on the windows.
Is there a way to solve this problem?
Thanks a lot .

If #29175 is the right bug, then it may be possible for an application to smooth over the issue if it lets you supply a SOCKS5 username and password. Open Telegram's proxy options, and see if you can enter a username and password for SOCKS5. You can type anything for them, but it's safer if they're unique from the proxy u+p in other apps so that IsolateSOCKSAuth creates a circuit different from your browser circuits. It's probably a good idea to enter a unique u+p in every app that uses tor as a proxy server because other apps may leak fingerprintable metadata and don't have a New Identity feature. As the Tor FAQ says, "since Tor reuses circuits for multiple TCP connections, it is possible to associate non anonymous and anonymous traffic at a given exit node, so be careful about what applications you run concurrently over Tor. Perhaps even run separate Tor clients for these applications."
https://www.torproject.org/docs/faq.html.en#AttacksOnOnionRouting

Search for "IsolateSOCKSAuth" in the manual:
https://www.torproject.org/docs/tor-manual.html.en

zoobab

February 21, 2019

Permalink

Hi
Why can't TBB be started from xterm before I installed the File Manager Pcmanfm?

I installed the following:
debian-9.7.0-amd64-netinst. ISO, base system only, on Newformat SSD disk
Xorg
JWM (Joe Windows Manager)
Sudo
In xterm not as root:
unpacks TBB with command "Tar -xvjf tor-browser-linux64-8.0.6 _en-us. tar. XZ "
cd tor-browser_en-US
sudo chmod + x
start-tor-browser./start-tor-browser.desktop
But no thing happens and there are no error messages

Thank you for your reply.
When I execute the command suggested by you in xterm, I get this error message:

XPCOMGlueLoad error for file /home/hans/Downloads/tor-browser-linux64-8.0.6_en-US/tor-browser_en-US/Browser/libmozgtk.so:
libgtk-3.so.0: cannot open shared object file: No such file or directory
Couldn't load XPCOM.

Which is probably due to the fact that when installing Deb v 9.7, xorg and JWM nothing GTK3 is installed.
Should the whole GTK3 be installed or can I settle for a few things?

zoobab

February 22, 2019

Permalink

"Fixed a frequent crash when reading various Reuters news articles (bug 1505844)"

TBB/FF update necessary cause of Reuters/dianomi or wait for next?

zoobab

February 24, 2019

Permalink

I have been pondering this for some time in my feeble novice brain; if I use both a VPN AND the TOR service, will it strengthen my anonymity, weaken it, or basically have no effect?

same question for Windows.
Will TBB use ....System32\drivers\etc\hosts"-file to get ip?
Is it possible to use tor's "mapping" functionality to avoid DNS query?

zoobab

February 27, 2019

Permalink

Win7,32bit - TBB8.0.6 - seems like strange behavior; here is the repro-steps:
1) visit https://www.dnsleaktest.com/
2) press any of two "-Test" button ("Extended Test" is more demonstrative actually)
3) quickly press "(i)" i.e. "Show site information" - the round icon at address-bar
---
You WILL see "animation" how address of ExitNodes changes!

So, please tell :
* Is the described\observed behavior erroneous or normal???
* Why ExitNodes changes at "test"-time??? What if such behavior may lead to deanon\tracking?

Probably. But it means all they have to do is just to "switch" user's circuits as was shown - up to the moment the chain (which is only 3 nodes long!!) will at least for one moment contain only "friendly" nodes (that collects ip-logs). Some sites also lead to "switching"\building circuits I saw such.

So, Does not it lead to decreasing of anonymity? or May be I miss some knowledge how good\bad circuits may affect to anonymity?

zoobab

February 27, 2019

Permalink

I got a very strange issue:

Putting Tor Browser folder into newly created folder and renaming this new folder leads to complete mess of Tor Browser

Before downloading TBB from torproject.org I usually create a new folder on my USB stick, for example a folder named „Tor 8.0.5“. When Tor Browser is updated I usually change the name of the folder. In the past, with older versions of Windows and TBB, I never got any problems when changing the folder's name. However, I'm using Windows 10 Pro Version 1803 (64 bit) now.

I updated Tor Browser and changed the name of the folder where I saved Tor Browser. After reopening Tor Browser, it was completely messed up. (The same happens when downloading the latest version of Tor Browser putting it into a newly created folder.)

1. the smaller window telling that the relays are being loaded didn't appear
2. The Browser opened, but didn't show the usual violet welcome page, but just an empty window
3. When clicking on “help” in order to get that smaller black window (“about Tor Browser”) with the information about the versions numbers of Tor Browser and Firefox, I didn't get the „about Tor“ window with the green globe, but the following: “Firefox Quantum 8.0.2 (based on Mozilla Firefox 60.2.1esr) (64-bit) with the regular Firefox icon instead of Tor Browsers green globe
4. I then tried to open some pages, but Tor Browser told that there's a problem: proxy denies connexion.
5. So, I had a look at the add-ons: The names of the add-ons, like HTTPS Everywhere, NoScript, Torbutton and TorLauncher where still there, and the boxes next to the respective add-ons said that all of them are enabled, which couldn't be the case, because the browser could open any page. Moreover, the icons of the add-ons on the left had disappeared.
6. Then I deactivated all the add-ons, restarted Tor Browser and activated all add-ons again, and finally restarted Tor Browser. Result: I got the usual violet welcome page and I could open any website as usual as well as onion sites. I also checked the browser with jondonym's anonymity test (https://anonymous-proxy-servers.net/) and it said “You are using Tor” and the test showed the usual results for Tor Browser. So far so good. However, the icons in the add-ons window still didn't reappear, except for the onion icon for the Torbutton. Apart from that the “about Tor Browser” window showed “Tor Browser” with the green globe, but not saying “about Tor Browser”, but “about Firefox” - a mixture of the regular firefox “about” window and Tor Browser's “about” window.
7. Everything was messed up, only by changing the name of the folder where Tor Browser is located? (By the way, I did not change the name of the actual Tor Browser folder. I also tried creating a new folder and copy and paste the Tor Browser folders into the new one. Doing so everything was ok!)

Is all this due to Windows 10? Or to Tor Browser? I don't have the slightest clue what is wrong.

Maybe one of you has got an idea why changing the name of the folder leads to such a messy mishmashing Tor Browser with the regular Firefox?

Thanks for the answer. I don't feel at ease with workarounds which need changes within programs etc., because I'm not a computer techie. I feel even less at ease if I read “probably” and “seem to” like in the workaround suggested in your link: https://trac.torproject.org/projects/tor/ticket/27604

However, as far as I can see, what seems to be working (without messing everything up) is to copy the folder “Tor Browser” from the old folder and paste it into a newly created folder (on a Windows 10 system).

At least, in doing so, Tor Browser looks like it should and works fine. Everything seems to be identical (entry node; bookmarks and preferences I had set; customisations etc).

Would that be safe? Will I get a completely identical copy of Tor Browser? Or will something be messed up which I just don't realise?

If it is ok to copy from the old folder and paste into a new one, perhaps this is an easier and safer way to work around the problem instead of changing/deleting any folders within Tor Browser – for non-techies like me?

Thanks for your answer!

Both folders are on the same USB-Stick.

1. First, I created a folder, named “Tor 25.02.2019”.
2. Secondly, I downloaded the Tor installation file from https://www.torproject.org/projects/torbrowser.html.en#downloads
3. Thirdly, I installed Tor Browser in the same folder (“Tor 25.02.2019”).
4. Thus, there were the installation file and the “Tor Browser” folder – both in “Tor 25.02.2019”
5. I created a new folder on the same USB stick named “Tor 25.02.2019 copy”
6. I copied the Tor Browser folder and pasted it into the new folder, which is to say into “Tor 25.02.2019 copy”
7. Finally, I tried both Tor Browsers. As far as I can see, both Tor Browser work absolutely fine. Obviously, the two Tor Browsers are identical twins. Example: If I open one of the Tor Browsers and create a new bookmark, close this Tor Browser and open the other “twin Tor Browser”, the created bookmark is on this “twin Tor Browser” as well.
8. I also tried changing the security slider in one of the twins and changing the settings for accepting cookies. Everything I change in one of the Tor Browser (original and copy) is changed in the other one automatically and exactly identically. It doesn't matter if I change something in the original or in the copy – it works in both directions. What is changed in one of the twin is changed in the other twin. It' reciprocal.

I don't know how this “twin behaviour” works, but it's as I have described above. As I've already mentioned, I'm not a computer techie, but maybe this twin behaviour is due to paths?

Other than moving copying Tor Browser works for me as well (I'm on Linux tho), however, it stops working after removing the initial Tor Browser directory for some reason.

If you don feel comfortable to remove the the extensions.json file you can also work around by disabling and re-enabling torbutton and torlauncher after moving the directory/folder.

zoobab

February 27, 2019

Permalink

I'm not sure if this was related to the update but today when I tried to use messages.android.com, the browser prompted a permission. I declined that permission but after declining the permission, it will not display a QR code to continue. Does anyone know where I can find that specific permission and allow it this time? When I refresh, it no longer works.