New Release: Tor Browser 8.0.9

by boklm | May 6, 2019

Tor Browser 8.0.9 is now available from the Tor Browser Download page and also from our distribution directory.

This release fixes the issue which caused NoScript and all other Firefox extensions signed by Mozilla to be disabled.

If you used the workaround mentioned in our previous blog post, don't forget to set the xpinstall.signatures.required entry in about:config back to true after installing this update.

Note: We did not bump the Firefox version number to be able to build faster, thus it will still show 60.6.1esr as the Firefox version.

The full changelog since Tor Browser 8.0.8 is:

  • All platforms
    • Update Torbutton to 2.0.13
      • Bug 30388: Make sure the updated intermediate certificate keeps working
    • Backport fixes for bug 1549010 and bug 1549061
      • Bug 30388: Make sure the updated intermediate certificate keeps working
    • Update NoScript to 10.6.1
      • Bug 29872: XSS popup with DuckDuckGo search on about:tor

Comments

Please note that the comment area below has been archived.

There may actually be some good news buried in this messy story.

It seems that the cert which caused the inadvertent (presumably) disabling of NoScript expired late Fri 3 May 2019, and Mozilla apparently became aware of the situation within minutes or hours. They then were able to find a quick fix which was implemented in a few days, which allowed Tor Project and Tails Project to issue emergency bugfix versions in a very short time.

This means that the Tor user community was not affected during May Day, a time when some at risk users are all likely to be attacked by multiple US/EU agents who suspect us of involvement in street protests.

I was alerted to the problem by a popup which everyone who booted TB this weekend should have seen, and knew enough to come to this blog to look for more information. The main worry now seems to be that some at risk users might not have known they should come here and may not have understood the instructions (or rebelled, quite naturally, at instructions telling them to disable sig verification).

Hopefully this incident will serve as wake-up call to Mozilla that they need to work harder to prevent their cert chains from falling over.

May 06, 2019

Permalink

1. New bridge values is not being issued when "tor is censored in my country" is selected. If I select 'request a bridge from torporject.org" The bridge is always XX.XX.XX.XX:PPPPP etc.. which is not open so will not complete a circuit,

2. I use tor browser for the Mac OS and if I select scramblesuit from https://bridges.torproject.org/ It will work but why doesn't the tor browser itself have the scramblesuit built in to the browser like obs4, obs3 and meek-azure. is scramblesuit deprecated?

I wondered the same thing. I searched the support site, manuals and trac wiki. The doc page about pluggable transports has the best answer I could find. "obfs4 is currently the most effective transport to bypass censorship. We are asking volunteers to run bridges for it." meek is designed for bridges hosted on a CDN. obfs4 is good for bridges hosted anywhere. The other PT's shown on BridgeDB are not recommended anymore in documentation.

Then fte, scramblesuit, and none should be removed from the selection box on BridgeDB. They are removed from the built in selection box in TBB 8.5 but BridgeDB website continues to offer selecting them.

May 06, 2019

Permalink

NoScript is BACK! :)

Note: Microsoft Edge does not have the ability to disable scripts, so an XSS exploit can be successful!

May 06, 2019

Permalink

Thank you sooooooooooooooooooooooooooooooooooooooo much

May 06, 2019

Permalink

How about fixing vulnerability that allows for massive DDOS attacks??????
Now THAT would be a real help.

May 07, 2019

In reply to gk

Permalink

Hello, is there any ETA on when the DDOS issue will be fixed? Any ETA at all even if its really rough. It would help SO much to have any sort of time frame. Will it be fixed this month do you think?

May 06, 2019

Permalink

A single guard entry server for 2-3 months is enough time to capture every user's behavior on the TOR network. I am not satisfied with esoteric arguments and research papers presented, favoring the guard entry server architecture. It seems to me that TOR is totally compromised and there is really no way to escape prying eyes. And the dependency on Google finances that The TOR Project has grown accustomed to, only seals the privacy fate of the TOR user.

> the dependency on Google finances that The TOR Project has grown accustomed to,

I share your concern but...

> only seals the privacy fate of the TOR user.

I think you are too pessimistic. The solution is to move Tor Project toward a funding model which relies principally on user donations, similar to EFF, rather than corporate/govt largesse.

Please consider making regular donations as I and others here do.

> It seems to me that TOR is totally compromised and there is really no way to escape prying eyes.

Too pessimistic. Enemies such as NSA have frightful powers to harm people, but they have problems of their own. Exploits are often frangible (fail when a new version is introduced, even if the devs never knew about the hole), they are drowning in information (much of it duplicated in hard to notice ways), their systems tend to be in a state of near chaos, their own opsec is poor, and their very size and complexity ensures that they suffer from some systemic weaknesses which we can exploit to prevent them from getting too far ahead in the arms race.

Further, we have many enemies, but most of them are far less capable and far more focused on particular populations than NSA.

May 06, 2019

Permalink

i got a leakage W32 file in this update which was detected by my antivirus. maybe take a look at that Tor?
what it said exactly :
W32/Malware

but coming from Tor i am also suspecting it to be a false posetive ?
if not. i suspect you work hard on fixing it ASAP.
thanks.

There is nothing we can do about your antivirus. Our updates are signed (otherwise they would not get applied), thus everything we ship comes from us (we make sure we get exactly the same build results on different machines to better guard against build machine compromise). You need to get back to your antivirus vendor or, better, if you really think you need antivirus/firewall software then use Microsoft's own tools and nothing else.

Probably false positive. 8.0.9 was very new when you posted. Wait for a day or two until your vendor updates its virus signature files, and scan again. ("Virus signatures" have nothing to do with cryptographic signatures.)

Meanwhile, you might verify Tor Browser's cryptographic signature in its sig file.
https://support.torproject.org/#how-to-verify-signature
https://2019.www.torproject.org/docs/verifying-signatures.html.en

May 07, 2019

In reply to gk

Permalink

Isn't it strictly forbidden to update the permanent add-ons (HTTPS Everywhere, NoScript, Torbutton and Torlauncher) ?
In fact I have once or twice accidentally updated them. How to cancel it, is it possible without re-installing?
Perhaps they could be protected in future? How about approving some add-ons, if adblocking was done by the exit, loading ads but not sending, there would be no fingerprint problem.

It is important to keep Tor Browser updated, as this ensures that you have the important security updates. Tor Browser currently has automatic updates enabled by default for these add-ons.The add-ons will also be updated whenever you install an update to Tor Browser. You do not need to install other updates to these add-ons, as the updates included in TB are vetted by the development team to ensure compatibility with the browser.

What we don't recommend is installing other add-ons (i.e. any add-ons that don't come pre-installed with Tor Browser).

May 08, 2019

In reply to wayward

Permalink

I'm pretty sure they were asking about the add-ons that are pre-installed with Tor Browser receiving updates that are not included in TB. For example, TB 8.0.9 has NoScript 10.6.1. TB checks addons.mozilla.org and finds NoScript 10.6.2. What happens? Are post-install updates from addons.mozilla.org or eff.org vetted by TB developers? Since automatic third-party updates of pre-installed add-ons are not bundled or signed by TP, vetting of those updates is meaningless. Does TB reject non-vetted automatic third-party updates of vetted pre-installed add-ons?

> if adblocking was done by the exit, loading ads but not sending, there would be no fingerprint problem.

Exits can log all your traffic. You want them to control filters on your traffic too? Some exits already try to.

Effective ad-blocking can't be done by routers to end-to-end HTTPS. They can only see IP and domains, so it blocks too little or too much. Filters on the user's machine are the most effective.

But... if every user had the same filters and did not update from the filter publisher, their fingerprints would be identical if everything else in the fingerprints was identical. I think. Comparisons of fingerprints of Tor Browser to regular browsers are not meaningful. Comparisons of fingerprints of Tor Browser to other Tor Browser instances are meaningful. So if all Tor Browsers come with the same things and no leaks from them, they would all look alike. But it's also very hard to review filter lists.

May 06, 2019

Permalink

Hey,
this time time span from discovery to 'repair' is great!

All Tor folks (this time with a focus on Tor browser) are doing really great work!!!

Many thanks!

May 06, 2019

Permalink

Since 8.0.8 I'm constantly getting NoScript popups, mostly for requests to a very small set of omnipresent domains like twitter. Considering all your efforts in recent months to make TBB more marketable, it seems this salvo of popups does not help you at all at keeping new users.

Is there any plan to block such common requests by default? Each user curating their block list on their own is not good for anonymity.

The problem is an underlying Firefox bug (https://bugzilla.mozilla.org/show_bug.cgi?id=1532530) which caused large uploads to fail which is dangerous for whistleblowsers for instance. The workaround was to tweak NoScript which unfortunately results in more false positive XSS popups delivered by that extension. The Mozilla bug is fixed and we should get back to normal XSS warnings next week with Tor Browser based on ESR 60.7.0. Sorry for the inconvenience.

It's an additional fix that would have made that critical release even more complex. Besides that it would not have had immediate effect as we need a new NoScript release afterwards as well, so that the changes can take effect.

May 07, 2019

Permalink

Great job fixing the desktop version!

Keep in mind that the android version of the Guardian Projects Fdroid repository was not updated yet and still contains this certificate problem.

May 07, 2019

In reply to boklm

Permalink

Certainly not asking this with any entitlement or expectation, please only answer if you have the time, but is there an outlook on the alpha release update? I'm very fond of the noscript preference retention in that! :-)

May 07, 2019

Permalink

Hi Tor Developers

How is your progress against fixing the ddos issue within the tor onion services?

The ddos attack against all tor networks is going very strong.
Please fix it as soon as possible or it will all be over soon...

May 07, 2019

Permalink

Thanks so much to everyone who helped respond so quickly to this emergency!

TP was placed in a really bad position by Mozilla's goof and handled it pretty well I think.

May 07, 2019

Permalink

Does this release use the new Mozilla certificate or did you seize the opportunity and create your own?

May 07, 2019

Permalink

How are jobs to prevent DDOS attacks on Tor's onion servers.
You visit a TOR Onion site, and tomorrow it is closed because of the Onion attacks.
If nothing is done, I see that soon everything will end.

May 07, 2019

Permalink

Has anyone used Tor Browser on a 4K monitor? (1000x1000 window size, I mean)

Is it a problem if I change Tor Browser's font size? (I never use JavaScript)

May 07, 2019

Permalink

Hi, can som1 from tor , give us any info on the DDoS fix or even if its possible as this is a major topic right now , The ATTACKS have definitely got worse as even clearnet sites are being hit now bad . So looks even more of an issue than before

May 07, 2019

Permalink

8.0.x
Update to: Tor Browser does not terminate correctly (2019-04-26).
https://blog.torproject.org/comment/280960#comment-280960

Setup of Tor Browser 7.56, 8.0 ... 8.09 x32 and x64 inside a fresh Win81x64 VMware WS guest. No config changes, no antivirus, no firewall. Just launching the browser an then closing.
Results: Tor Browser 7.56 works without any problems.
All 8.0x (32/64) versions do not close properly. About 60s ore more after closing a system error message appears.
With Process explorer one can track the increasing memory consumption.
No problems with linux version in a Debian 9 guest on the same host.

May 07, 2019

Permalink

Can someone explain why TBB says Win32 for System Info but TAILS says Linux?

I thought you folks would be synchronized in that sense but it appears not. The complaint is an obvious one regarding fingerprinting. Any help in keeping your Sys Info the same across platforms?

May 07, 2019

Permalink

All of the different suggestions to change assorted settings can't be hygienic for the user base. I think it would help everyone if there was publicity for a permanent guide on the Tor Project website or wiki for how to do a backup and clean install.

May 07, 2019

Permalink

Why did the creator of JavaScript and co-founder of Mozilla abandon Firefox and its engine Gecko and chose Chromium and its engines (Blink and V8) for his Brave browser? Maybe the reality is, Mozilla has become a MESS and the Google engines became better over time, and now they are the best. We hate it because we don't want to admit that something coming from Google is the best, even if it's open source. I don't know, but if people don't trust Mozilla anymore, they won't trust Tor either. Tor might die in the next five years. It's sad, really. I guess people expect a serious project like Tor to have its own browser and features should be part of such browser. Relying on third-party solutions like engines is ok, but on browsers and "extensions" seems a cheap solution for such serious project.

May 07, 2019

Permalink

Mozilla has had improper handling his signing infrastructure for addons in the past,
unbelievable handling this thing for webextensions in present, i'am waiting for the future mozilla is .....handling this.
May delete the user can change "xpinstall.signatures.required" for, mozilla will say,
more security. This is dangerous.

May 07, 2019

Permalink

On Android don't Is possible installing addons. Always corrupted files noticed from admin of circuit. BTW. Is not possible setting up excluding Country and or nodes in setting. Bad. Best old Orbot and Orfox. I am sorry.

May 08, 2019

Permalink

There is also a problem obtaining bridges via Email. when sending a request for obs4 bridges to bridges@bridges.torproject.org I get the below response.

Here are your bridges:

(no bridges currently available)

To enter bridges into Tor Browser, first go to the Tor Browser download
page [0] and then follow the instructions there for downloading and starting
Tor Browser.

When the 'Tor Network Settings' dialogue pops up, click 'Configure' and follow
the wizard until it asks:

Does your Internet Service Provider (ISP) block or otherwise censor connections
to the Tor network?

Select 'Yes' and then click 'Next'. To configure your new bridges, copy and
paste the bridge lines into the text input box. Finally, click 'Connect', and
you should be good to go! If you experience trouble, try clicking the 'Help'
button in the 'Tor Network Settings' wizard for further assistance.

[0]: https://www.torproject.org/projects/torbrowser.html

COMMANDs: (combine COMMANDs to specify multiple options simultaneously)
get bridges Request vanilla bridges.
get transport [TYPE] Request a Pluggable Transport by TYPE.
get help Displays this message.
get key Get a copy of BridgeDB's public GnuPG key.
get ipv6 Request IPv6 bridges.

Currently supported transport TYPEs:
fte
obfs3
obfs4
scramblesuit

--
<3 BridgeDB

May 08, 2019

In reply to boklm

Permalink

This is important without bridges anonymity can be compromised. thats why the Torproject provides 3 methods of obtaining bridges. 1. Email 2. tor bridge web site (https://bridges.torproject.org/) and 3. built in defaults

Should I be informing another forum?

May 08, 2019

Permalink

Hi, can somone from tor , give us any info on the DDoS fix or even if its possible as this is a major topic right now , The ATTACKS have definitely got worse as even clearnet sites are being hit now bad . So looks even more of an issue than before. PLEASE ANSWER ME. Thanks in advance...

May 08, 2019

Permalink

Hey guys. Every time I input a captcha answer on an onion link it fails and reloads a new onee to completevery time. Any idea why?

May 08, 2019

Permalink

Two days after mozilla-tor-noscript-"bugfix", the noscript-Icon is gone again and browser says "all firefox addons disabled. WTF??? Should we go back to "about:config-false"again?

May 08, 2019

Permalink

I just installed the new Tor browser yesterday, but every time I try to open it, it says, "Tor browser is already running, but not responding." I have tried completely removing all the old Tor info and cleaned up my computer of "Tor" stuff. I then redownloaded Tor (8.0.9) and tried a "fresh" install but still get that screen, any ideas?

May 08, 2019

Permalink

On May 8, 2019 Mozilla released a patch for the above bug. The version of the non-ESR browser stands at 66.0.5. Mozilla plans to release a patch for the ESR browser by May 9.

Tor users should expect an update to Tor Browser Bundle. The updated Tor Browser Bundle's version should be 8.0.10.

May 08, 2019

Permalink

ALERT!!!!!

Check NoScript default Per-site-permissions!!! My default "trusted" websites: google.com bootstrapcdn.com gstatic.com hotmail.com neflix.com paypal.com yahoo.com youtube.com and 30-40 more

Security slider "safest". Update/install yesterday, version 8.0.9.
Yet they have full permissions by default (trusted). Had to remove manually.
Behavior different than before Mozilla muckup. Please investigate!

PS, Noscript “General” tab default setting allows “fetch” and “other”
IIRC those should not be enabled.

PPS, Loaded this page without scripts infinite loop reloading. Stopped when turn on scripts.
Have seen other weird behavior from TOR since Mozilla muckup. Stay safe everyone.

> PPS, Loaded this page without scripts infinite loop reloading. Stopped when turn on scripts.

Your final point is a long-standing bug, not new. The blog expects JavaScript enabled. It loads well on "safest", but it reloads infinitely if you load/refresh on "safer" and then go to "safest" and refresh.

> PS, Noscript “General” tab default setting allows “fetch” and “other” IIRC those should not be enabled.

"fetch" and "other" are enabled for Default in the older 8.0.8. All are except "media". You say "should not". I do not know if they were meant to be or not.

May 09, 2019

Permalink

I have a question for Tor developers.

For 99% of the time that I use TBB, my security level is set to Safest.

During the time when NoScript and all other Firefox extensions signed by Mozilla were disabled, I did the following:

I typed about:config in the address bar.
I toggled javascript.enabled to false.

What I did achieved the same result as using the NoScript add-on, right??

According to my understanding the answer is "No", since NoScript provides protections other than simply disabling Javacript in some situations. Also, rolling your own fix to the issue (now fixed in TB 8.0.9) is likely to make you more individually recognizable to web trackers.

"According to my understanding the answer is "No""

Your understanding is based on the other protections that you claim NoScript provides.

"....since NoScript provides protections other than simply disabling Javacript in some situations"

What are these other protections that NoScript provides?

They have been mentioned in blog posts but I never claimed to undrestand the details. For those I must refer you to the Tor team. Please bear in mind that they are busy people.

May 09, 2019

Permalink

For users of very old versions who don't upgrade and accept the risk, "Someone pointed me to a fix for older FF's and it seems to work! reddit.com/r/firefox/comments/bkspmk/addons_fix_for_5602_older/ " Found on Mozilla Firefox bug tracker, #1549078.

May 09, 2019

Permalink

TB 8.0.9 seems to be working fine for me both under Debian 9.9 and in Tails 3-13-2.

Thanks again to Tor and Tails team for your rapid and effective response to the NoScript debacle.

May 09, 2019

Permalink

Thanks again for fixing the NoScript problem.

Just wanted to warn that TP should make ready for possible state-sponsored cyberassaults on Tor coming up in a few weeks:

theguardian.com
Tiananmen Square: China steps up curbs on activists for 30th anniversary
Government’s critics say controls are more severe: ‘They know the 30th anniversary means a lot’
Lily Kuo in Beijing
9 May 2019

wired.com
Inside China's Massive Surveillance Operation
Isobel Cockerell
9 May 2019

(For example, having people on standby to deal with a new crisis.)

May 10, 2019

Permalink

don't forget to

For mission-critical commands like this, say "remember to," or start with the command word: "Set the..."

"Warning statements should be written in the active voice, not the passive voice, and, when possible, using affirmative statements instead of negative statements. In several studies, active sentences were found to be verified faster than passive sentences, affirmative faster than negative, and true faster than false. The exception is a common warning instruction where a prohibition is required, such as “No Smoking.”

Negative and passive words in warning statements require more effort to interpret correctly. Statements having these features require a larger capacity of immediate memory than do otherwise identical statements lacking these negative and passive features."

Affirmative Warnings (Do This) May Be Better Understood Than Negative Warnings (Do Not Do That)
https://www.ncbi.nlm.nih.gov/pmc/articles/PMC3989081/

May 10, 2019

Permalink

thank you all for your efforts!

hope you get the ddos situation under control soon

Yes, about:tbupdate, Learn More opens "How do circuits work?", a guide in the browser about the circuit display in the padlock icon. I don't know if it is a good idea to open DuckDuckGo suddenly from clicking to Learn More. Tor Project also runs many onions.

May 11, 2019

Permalink

@ Tails users:

I tried to use the auto upgrade to upgrade two USB sticks to Tails 3.13.2 but the upgrade failed for one of them. But an alternative procedure works and is more efficient if you have several Tails USB sticks: use wget to obtain the ISO image (yes, this is in itself an issue since wget had a bug in Tails 3.13.1), verify it, burn it to a DVD, boot laptop with DVD, once Tails is entirely ready, insert USB stick, choose Tails -> Tails Installer. The location of the USB stick should appear and you should use the default "clone running Tails". Click "Upgrade". This preserves the persistent volume and installs new Tails OS over old one in the unencrypted boot area of USB.

If you have trouble with wget read the man page for some helpful options. If your computer lacks memory you can call wget from a directory on a data USB stick (assuming you have enough space and at least two USB ports and a DVD drive).

May 11, 2019

Permalink

Let me start by saying that i have been a massive supporter of the tor network for many of years.

But its becoming impossible to use due to the constant DDoS attacks. The bug in the Tor software needs to be fixed and it needs to be fixed quickly.

The bug also potentially opens up possibility for large hidden services to be deanonymized too.

This is a serious problem which needs the Tor developers undivided attention.

May 19, 2019

In reply to gk

Permalink

Your software it blatantly un secure until you fix this. It should have been done yesterday unless you are working with the government

> But its becoming impossible to use due to the constant DDoS attacks. The bug in the Tor software needs to be fixed and it needs to be fixed quickly.

I think you are talking about onion sites, yes?

I have been able to use TB to surf to clearnet sites without any problems, but I sometimes notice problems with the Debian onion mirrors. Speaking of which, these include Buster for those who want to get ahead of the curve on the rollover from Stretch to Buster as the new Debian stable.

May 11, 2019

Permalink

I am using TB 8.0.9 in Tails 3.13.2 but I just got the "all extensions have been disabled" yellow bar when I tried to surf to this duckduckgo.com

Toggling xpinstall.signatures.required to FALSE appears to fix this but I am sure what is the best way to disable unsigned autoupdates. In particular, can't find the option to prevent unsigned NoScript updates.

F/U: the problem only happened once and has not recurred since (a day later). Noscript and Ublock have been working again for me. I boot Tails from a DVD burned from the current ISO (verifed sig) which includes TBB 8.0.9 which should fix the expired cert issue. Maybe a sig check simply took longer than expected which temporarily disabled my add-ons? If that is possible, that would not be good.

On the bright side, at least I can confirm that users are alerted by a message in a yellow bar in TB that add-ons have been disabled.

> what is the best way to disable unsigned autoupdates. In particular, can't find the option to prevent unsigned NoScript updates.

Read this comment thread on page 1. To prevent add-on autoupdates, https://support.mozilla.org/en-US/kb/how-update-add-ons The only way to prevent only unsigned add-on updates is to toggle xpinstall.signatures.required back to true.

May 14, 2019

Permalink

HI,
Few minutes ago I downloaded a file from a website in our country that is 24/7 under surveillance by the Government,
Mistakenly It was not the latest version of TOR. Means after updating, I didn't restart the browser and I enter and downloaded the file from the previous version of TOR
I entered from the laptop.
After downloading the file, I immediately restarted and updated my Tor browser.
Can they trace me? or will i face any problem?

Download Tor Browser from torproject.org, not from other websites. Tor Browser downloads updates when it finds them and notifies you to restart, but Tor Browser does not install the update until you restart the browser. Tor Browser installs the update when you fully close the browser and open it again, not before. Thus, you could not have updated it if you didn't restart the browser.

I think you are as safe as you normally are if you downloaded the files through Tor Browser, used sig files to verify signatures, and (if the file was a document) did not open documents downloaded through Tor while online. But I cannot answer confidently because I don't fully understand your English.

May 16, 2019

Permalink

I haven't got any problem with and without this update. I am disabled and I just find normal things but around the world. Please, don't laught about me but I usually use Duckduckgo Browser and I don't found any difference and I know it must exist.

P.D. Sorry, if my english is not too correct but I'm spanish... ;-|

May 16, 2019

Permalink

I will use torbrowser as long doesn't add nodejs or add any supplementary dependency ... But I have the feeling it will follow the madness of Firefox.

May 19, 2019

Permalink

Tor is basically unusable to a big numb r r of us . We have a political Web site and the GOP activist are ddosing our anti trump page. We had to take it down. Can you olea as e fix this? It hold be your #1 priority

May 21, 2019

Permalink

First seen new behaviour. Every new tab looks like to be send to 31.31.78.49 by Tor, b u t the Guard is another IP and I've never seen always another IP than the Guard, or sometimes another IP for a second Guard, but now, this second IP is always there, new tab and appears, CR and appears, than traffic only through the Guard, next click, 31.31.78.49 appears but traffic through the Guard as usual. What' going on, is the ok?

May 21, 2019

In reply to gk

Permalink

Some more details. After start, there are some connections done by TOR. Later on, may 2 or 3 staying alive, the others are closed. As usual, there is the Guard, and is some kind of fixed. So the traffic runs through the Guard and sometimes are keep alive from the 2 or 3 other connection made by TOR. That was always the case, the traffic is between the LAN IP and the Guard, and sometimes one keep alive from the others, but only sometimes. Now there was this second IP. It was easy to see, that all traffic runs through the Guard shown under (i) site information, but always after CR, there was this second IP once, one data packet, after every click, but what was the data and where did they go. This one data packet send to the second IP must be for reason, but who is the recipient? It is impossible to see, where this second connection ends. You said, this IP belongs to a Guard relay, but why is TOR doing this second line, never seen before, is some kind of weird. Looks like as if it sends my visited web pages somewhere.

May 22, 2019

Permalink

Further infos. As I've written, it happens for the first time, that there was a second Guard relay active and after every CR or every click it appeard with one data packet, one packet was send from TOR somewhere through the second Guard and it disappeard after that, but all alive connections made by TOR. It was easy to see, all traffic runs through the Guard as shown under (i) site information as it should be. Also to see, other alive connections are there and made by TOR, but never seen before, such second 'Guard' and TOR sending datas once after any click. Captured traffic is from inside the windows system an from outside out of the 'wire', out of the switch, to check, if there are some differences. TOR is always downloaded for every session. The system is all new for every session, no traces of previous sessions, no trojans, automated system, fast setup. Next try yesterday with version 8.0.9 behaviour as usual, one Guard active, all traffic between LAN IP and active Guard, no second IP, only keep alive rarely from other hold connections. What was going on? Why there was this second parallel route/connection and it was impossible to see, what was the destination, no infos about the parallel line. Looked weird.

May 23, 2019

Permalink

hi
can you please make sure the adverts content doesnt cover the browser content? my iphone tor browser has ads cover the bottom of the screen so i cant use any navigation, rendering the app useless!
thanks