New Release: Tor Browser 8.0

 

Update (09/07 10:15 UTC): We received reports of Tor Browser 8.0 crashing during start-up on older (10.9.x) macOS systems. This is tracked in bug 27482. The current Tor stable version, 0.3.3.9, is missing a patch to make it compatible with that old and unsupported (by Apple) macOS version. This will be fixed in the planned Tor Browser 8.0.1 release. Meanwhile, users affected by this bug can try the almost identical alpha release, 8.5a1, which is shipping a newer Tor version with this bug fixed. Sorry for the inconvenience.

For the past year, we have been collecting feedback on how we can make Tor Browser work better for you.

Tor Browser 8.0, our first stable release based on Firefox 60 ESR, is now available from the Tor Browser Project page and also from our distribution directory. This release is all about users first.

Tor Browser 8.0 comes with a series of user experience improvements that address a set of long-term Tor Browser issues you’ve told us about. To meet our users' needs, Tor Browser has a new user onboarding experience; an updated landing page that follows our styleguide; additional language support; and new behaviors for bridge fetching, displaying a circuit, and visiting .onion sites.

New User Onboarding

For the most part, using Tor is like using any other browser (and it is based on Firefox), but there are some usage differences and cool things happening behind the scenes that users should be aware of. Our new onboarding experience aims to better let you know about unique aspects of Tor Browser and how to maximize those for your best browsing experience.

Improved Bridge Fetching

For users where Tor is blocked, we have previously offered a handful of bridges in the browser to bypass censorship. But to receive additional bridges, you had to send an email or visit a website, which posed a set of problems. To simplify how you request bridges, we now have a new bridge configuration flow when you when you launch Tor. Now all you have to do is solve a captcha in Tor Launcher, and you’ll get a bridge IP. We hope this simplification will allow more people to bypass censorship and browse the internet freely and privately.

Better Language Support

Millions of people around the world use Tor, but not everyone has been able to use Tor in their language. In Tor Browser 8, we’ve added resources and support for nine previously unsupported languages: Catalan, Irish, Indonesian, Icelandic, Norwegian, Danish, Hebrew, Swedish, and Traditional Chinese.

Apart from those highlights, a number of other component and toolchains got an update for this major release. In particular, we now ship Tor 0.3.3.9 with OpenSSL 1.0.2p and Libevent 2.1.8. Moreover, we switched to the pure WebExtension version of NoScript (version 10.1.9.1) which we still need to provide the security slider functionality. Additionally, we start shipping 64bit builds for Windows users which should enhance Tor Browser stability compared to the 32bit bundles.

Providing this many improvements for our users could only be possible with collaboration between the Tor Browser team and Tor's UX team, Community team, Services Admin team, and our volunteers. We would like to thank everyone for working hard over the past year to bring all these new features to our users.

Known Issues

We already collected a number of unresolved bugs since Tor Browser 7.5.6 and tagged them with our ff60-esr keyword to keep them on our radar. The most important ones are listed below:

  • WebGL is broken right now.
  • We disable Stylo on macOS due to reproducibility issues we need to investigate and fix. This will likely not get fixed for Tor Browser 8, as we need some baking time on our nightly/alpha channel before we are sure there are no reproducibility/stability regressions. The tentative plan is to get it ready for Tor Browser 8.5.

 

Note: This release is signed with a new GPG subkey as the old one expired a couple of days ago. You might need to refresh your copy of the public part of the Tor Browser signing key before doing the verification. The fingerprint of the new subkey is 1107 75B5 D101 FB36 BC6C 911B EB77 4491 D9FF 06E2.

Give Feedback

This is only the beginning of our efforts to put users first. If you find a bug or have a suggestion for how we could improve this release, please let us know.

Changelog

The full changelog since Tor Browser 7.5.6 is:

  • All platforms
    • Update Firefox to 60.2.0esr
    • Update Tor to 0.3.3.9
    • Update OpenSSL to 1.0.2p
    • Update Libevent to 2.1.8
    • Update Torbutton to 2.0.6
      • Bug 26960: Implement new about:tor start page
      • Bug 26961: Implement new user onboarding
      • Bug 26962: Circuit display onboarding
      • Bug 27301: Improve about:tor behavior and appearance
      • Bug 27214: Improve the onboarding text
      • Bug 26321: Move 'New Identity', 'New Circuit' to File, hamburger menus
      • Bug 26100: Adapt Torbutton to Firefox 60 ESR
      • Bug 26520: Fix sec slider/NoScript for TOR_SKIP_LAUNCH=1
      • Bug 27401: Start listening for NoScript before it loads
      • Bug 26430: New Torbutton icon
      • Bug 24309: Move circuit display to the identity popup
      • Bug 26884: Use Torbutton to provide security slider on mobile
      • Bug 26128: Adapt security slider to the WebExtensions version of NoScript
      • Bug 27276: Adapt to new NoScript messaging protocol
      • Bug 23247: Show security state of .onions
      • Bug 26129: Show our about:tor page on startup
      • Bug 26235: Hide new unusable items from help menu
      • Bug 26058: Remove workaround for hiding 'sign in to sync' button
      • Bug 26590: Use new svg.disabled pref in security slider
      • Bug 26655: Adjust color and size of onion button
      • Bug 26500: Reposition circuit display relay icon for RTL locales
      • Bug 26409: Remove spoofed locale implementation
      • Bug 26189: Remove content-policy.js
      • Bug 26490: Remove the security slider notification
      • Bug 25126: Make about:tor layout responsive
      • Bug 27097: Add text for Tor News signup widget
      • Bug 21245: Add da translation to Torbutton and keep track of it
      • Bug 27129+20628: Add locales ca, ga, id, is, nb, da, he, sv, and zh-TW
      • Translations update
    • Update Tor Launcher to 0.2.16.3
      • Bug 23136: Moat integration (fetch bridges for the user)
      • Bug 25750: Update Tor Launcher to make it compatible with Firefox 60 ESR
      • Bug 26985: Help button icons missing
      • Bug 25509: Improve the proxy help text
      • Bug 26466: Remove sv-SE from tracking for releases
      • Bug 27129+20628: Add locales ca, ga, id, is, nb, da, he, sv, and zh-TW
      • Translations update
    • Update HTTPS Everywhere to 2018.8.22
    • Update NoScript to 10.1.9.1
    • Update meek to 0.31
      • Bug 26477: Make meek extension compatible with ESR 60
    • Update obfs4proxy to v0.0.7 (bug 25356)
    • Bug 27082: Enable a limited UITour for user onboarding
    • Bug 26961: New user onboarding
    • Bug 26962: New feature onboarding
    • Bug 27403: The onboarding bubble is not always displayed
    • Bug 27283: Fix first-party isolation for UI tour
    • Bug 27213: Update about:tbupdate to new (about:tor) layout
    • Bug 14952+24553: Enable HTTP2 and AltSvc
      • Bug 25735: Tor Browser stalls while loading Facebook login page
    • Bug 17252: Enable TLS session identifiers with first-party isolation
    • Bug 26353: Prevent speculative connects that violate first-party isolation
    • Bug 26670: Make canvas permission prompt respect first-party isolation
    • Bug 24056: Use en-US strings in HTML forms if locale is spoofed to english
    • Bug 26456: HTTP .onion sites inherit previous page's certificate information
    • Bug 26561: .onion images are not displayed
    • Bug 26321: Move 'New Identity', 'New Circuit' to File, hamburger menus
    • Bug 26833: Backport Mozilla's bug 1473247
    • Bug 26628: Backport Mozilla's bug 1470156
    • Bug 26237: Clean up toolbar for ESR60-based Tor Browser
    • Bug 26519: Avoid Firefox icons in ESR60
    • Bug 26039: Load our preferences that modify extensions (fixup)
    • Bug 26515: Update Tor Browser blog post URLs
    • Bug 26216: Fix broken MAR file generation
    • Bug 26409: Remove spoofed locale implementation
    • Bug 25543: Rebase Tor Browser patches for ESR60
    • Bug 23247: Show security state of .onions
    • Bug 26039: Load our preferences that modify extensions
    • Bug 17965: Isolate HPKP and HSTS to URL bar domain
    • Bug 21787: Spoof en-US for date picker
    • Bug 21607: Disable WebVR for now until it is properly audited
    • Bug 21549: Disable wasm for now until it is properly audited
    • Bug 26614: Disable Web Authentication API until it is properly audited
    • Bug 27281: Enable Reader View mode again
    • Bug 26114: Don't expose navigator.mozAddonManager to websites
    • Bug 21850: Update about:tbupdate handling for e10s
    • Bug 26048: Fix potentially confusing "restart to update" message
    • Bug 27221: Purge startup cache if Tor Browser version changed
    • Bug 26049: Reduce delay for showing update prompt to 1 hour
    • Bug 26365: Add potential AltSvc support
    • Bug 9145: Fix broken hardware acceleration on Windows and enable it
    • Bug 26045: Add new MAR signing keys
    • Bug 25215: Revert bug 18619 (we are not disabling IndexedDB any longer)
    • Bug 19910: Rip out optimistic data socks handshake variant (#3875)
    • Bug 22564: Hide Firefox Sync
    • Bug 25090: Disable updater telemetry
    • Bug 26127: Make sure Torbutton and Tor Launcher are not treated as legacy extensions
    • Bug 13575: Disable randomised Firefox HTTP cache decay user tests
    • Bug 22548: Firefox downgrades VP9 videos to VP8 for some users
    • Bug 24995: Include git hash in tor --version
    • Bug 27268+27257+27262+26603 : Preferences clean-up
    • Bug 26073: Migrate general.useragent.locale to intl.locale.requested
    • Bug 27129+20628: Make Tor Browser available in ca, ga, id, is, nb, da, he, sv, and zh-TW
      • Bug 12927: Include Hebrew translation into Tor Browser
      • Bug 21245: Add danish (da) translation
  • Windows
    • Bug 20636+10026: Create 64bit Tor Browser for Windows
      • Bug 26239+24197: Enable content sandboxing for 64bit Windows builds
      • Bug 26514: Fix intermittent updater failures on Win64 (Error 19)
      • Bug 26874: Fix UNC path restrictions failure in Tor Browser 8.0a9
      • Bug 12968: Enable HEASLR in Windows x86_64 builds
    • Bug 26381: Work around endless loop during page load and about:tor not loading
    • Bug 27411: Fix broken security slider and NoScript interaction on Windows
    • Bug 22581: Fix shutdown crash
    • Bug 25266: PT config should include full names of executable files
    • Bug 26304: Update zlib to version 1.2.11
    • Update tbb-windows-installer to 0.4
      • Bug 26355: Update tbb-windows-installer to check for Windows7+
    • Bug 26355: Require Windows7+ for updates to Tor Browser 8
  • OS X
    • Bug 24136: After loading file:// URLs clicking on links is broken on OS X
    • Bug 24243: Tor Browser only renders HTML for local pages via file://
    • Bug 24263: Tor Browser does not run extension scripts if loaded via about:debugging
    • Bug 22794: Don't open AF_INET/AF_INET6 sockets when AF_LOCAL is configured
  • Linux
    • Bug 22794: Don't open AF_INET/AF_INET6 sockets when AF_LOCAL is configured
    • Bug 25485: Unbreak Tor Browser on systems with newer libstdc++
    • Bug 20866: Fix OpenGL software rendering on systems with newer libstdc++
    • Bug 26951+18022: Fix execdesktop argument passing
    • Bug 24136: After loading file:// URLs clicking on links is broken on Linux
    • Bug 24243: Tor Browser only renders HTML for local pages via file://
    • Bug 24263: Tor Browser does not run extension scripts if loaded via about:debugging
    • Bug 20283: Tor Browser should run without a `/proc` filesystem.
    • Bug 26354: Set SSE2 support as minimal requirement for Tor Browser 8
  • Build System
    • All
      • Bug 26362+26410: Use old MAR format for first ESR60-based stable
      • Bug 27020: RBM build fails with runc version 1.0.1
      • Bug 26949: Use GitHub repository for STIX
      • Bug 26773: Add --verbose to the ./mach build flag for firefox
      • Bug 26319: Don't package up Tor Browser in the `mach package` step
      • Bug 27178: add support for xz compression in mar files
      • Clean up
    • Windows
      • Bug 26203: Adapt tor-browser-build/tor-browser for Windows
      • Bug 26204: Bundle d3dcompiler_47.dll for Tor Browser 8
      • Bug 26205: Don't build the uninstaller for Windows during Firefox compilation
      • Bug 26206: Ship pthread related dll where needed
      • Bug 26396: Build libwinpthread reproducible
      • Bug 25837: Integrate fxc2 into our build setup for Windows builds
      • Bug 27152: Use mozilla/fxc2.git for the fxc2 repository
      • Bug 25894: Get a rust cross-compiler for Windows
      • Bug 25554: Bump mingw-w64 version for ESR 60
      • Bug 23561: Fix nsis builds for Windows 64
        • Bug 13469: Windows installer is missing many languages from NSIS file
      • Bug 23231: Remove our STL Wrappers workaround for Windows 64bit
      • Bug 26370: Don't copy msvcr100.dll and libssp-0.dll twice
      • Bug 26476: Work around Tor Browser crashes due to fix for bug 1467041
      • Bug 18287: Use SHA-2 signature for Tor Browser setup executables
      • Bug 25420: Update GCC to 6.4.0
      • Bug 16472: Update Binutils to 2.26.1
      • Bug 20302: Fix FTE compilation for Windows with GCC 6.4.0
      • Bug 25111: Don't compile Yasm on our own anymore for Windows Tor Browser
      • Bug 18691: Switch Windows builds from precise to jessie
    • OS X
      • Bug 24632: Update macOS toolchain for ESR 60
      • Bug 9711: Build our own cctools for macOS cross-compilation
      • Bug 25548: Update macOS SDK for Tor Browser builds to 10.11
      • Bug 26003: Clean up our mozconfig-osx-x86_64 file
      • Bug 26195: Use new cctools in our macosx-toolchain project
      • Bug 25975: Get a rust cross-compiler for macOS
      • Bug 26475: Disable Stylo to make macOS build reproducible
      • Bug 26489: Fix .app directory name in tools/dmg2mar
    • Linux

> During the last hours my computer crashed FOUR times.

> I'm sure I will destroy my computer with this.

Are you seeing crashes when you try non-Tor browsing, or doing something offline on your computer? One possible cause for multiple crashes requiring reboots is that some hardware is failing.

Anonymous

September 07, 2018

Permalink

I need to sync between two Tors.
Is it possible to re-enable firefox sync menu/button/about: in TOR 8?
Thanks a lot.
(I understand it's a security risk but I need to sync bookmarks)

Based on ticket 26058, setting the pref identity.fxaccounts.enabled to true should do the trick.

Instructions:

  1. visit the url about:config
  2. search for identity.fxaccounts.enabled
  3. double click to enable
  4. restart browser
Anonymous

September 07, 2018

Permalink

Is there an IDM alternative you can suggest I can use? Or a way to make it work? Cause its not working anymore

Anonymous

September 07, 2018

Permalink

Just thought I'll mention, but after updating to the latest version I'm unable to get the QR Code from the http://web.whatsapp.com link. It briefly appears then disappears.

Not sure if that option got disabled in the new version.

Anonymous

September 07, 2018

Permalink

Switched OFF automatic Update doesn't work

- Tor Browser 8.0 doesn't work with DisQus
- Tor Browser 7 does work well with DisQus

If i install previous version i set NEVER UPDATE, then few minutes later Tor Browser update itself to 8 ... :'-(

You should check why DisQus doesn't work on 8 and check the problem why doesn't care Tor Browser about its automatic update settings.

Thanks

Anonymous

September 07, 2018

Permalink

At least on Linux the .tar.xz packages are missing the TBB icon (Browser/browser/icons/mozicon128.png) which means no icon in various menus, panels, window lists, etc.

Simply extracting the Browser/browser/icons folder from an older (7.5.6) package over the 8.0 files fixes the issue.

Anonymous

September 07, 2018

Permalink

Is there any advantage of using the browser instead of using the Tor Expert Bundle? Im using both for crawling some Google results and it seems to me that using TOR Browser is easier/faster to find a functional IP for this purpose

Anonymous

September 07, 2018

Permalink

I recently updated my TB & here's my problems

1. User-agent is not manually spoofable
2. Cannot Run in a Sanbox Mode, using the latest firejail.

The UI is not interesting to me but the anonymity is very important. fix this dev's on your next update

Anonymous

September 07, 2018

Permalink

You now have to go to custom menu to add the upper right search bar? And when you do it is too wide so you have to add almost 16 flexible space objects from the same custom menu to the left of the search bar to get it like it was in all previous versions.

Looks like someone is intentionally trying to make it complicated by design for anyone, especially the "new onboarded" users to use anything but Duck Duck Go as their Tor search tool (the only one permitted in the only provided central search bar), possibly arising out of some direct or indirect sponsor relationship with Tor. I use StartPage as default because its servers are not in US jurisdiction and you can secondary proxy from it so requiring it to be manually dropped was a dimly viewed tactic. Downside is that it only uses Google which censors anything so will give only Google results.

The 1/2 inch tabs are not very user friendly either.

I have always gone into about:config and disabled keyword searches from URL bar which I am going to do that also with this release as it seems very unnatural for PC users that have plenty of real-estate on their browsers.

Anonymous

September 07, 2018

Permalink

How do I block all Javascript globally with the new NoScript version?

Anonymous

September 07, 2018

Permalink

Why are you calling that spoofing ?

  1. <br />
  2. -const SPOOFED_APPNAME = "Netscape";<br />
  3. -const SPOOFED_APPVERSION = "5.0 (Windows)";<br />
  4. -const SPOOFED_PLATFORM = "Win64";<br />
  5. -const SPOOFED_OSCPU = "Windows NT 6.1; Win64; x64";<br />
  6. +const SPOOFED_APPNAME = "Netscape";<br />
  7. +<br />
  8. +const SPOOFED_APPVERSION = {<br />
  9. + linux: "5.0 (X11)",<br />
  10. + win: "5.0 (Windows)",<br />
  11. + macosx: "5.0 (Macintosh)",<br />
  12. + android: "5.0 (Android 6.0)",<br />
  13. + other: "5.0 (X11)",<br />
  14. +};<br />
  15. +const SPOOFED_PLATFORM = {<br />
  16. + linux: "Linux x86_64",<br />
  17. + win: "Win64",<br />
  18. + macosx: "MacIntel",<br />
  19. + android: "Linux armv7l",<br />
  20. + other: "Linux x86_64",<br />
  21. +};<br />
  22. +const SPOOFED_OSCPU = {<br />
  23. + linux: "Linux x86_64",<br />
  24. + win: "Windows NT 6.1; Win64; x64",<br />
  25. + macosx: "Intel Mac OS X 10.13",<br />
  26. + android: "Linux armv7l",<br />
  27. + other: "Linux x86_64",<br />
  28. +};<br />
  29. +const SPOOFED_UA_OS = {<br />
  30. + linux: "X11; Linux x86_64",<br />
  31. + win: "Windows NT 6.1; Win64; x64",<br />
  32. + macosx: "Macintosh; Intel Mac OS X 10.13",<br />
  33. + android: "Android 6.0; Mobile",<br />
  34. + other: "X11; Linux x86_64",<br />
  35. +};<br />

Anonymous

September 07, 2018

Permalink

Thank you for all of your hard work tor devs!

I know the FF60 migration is a doozy. Kudos for handling in a relatively smooth manner.
Everyone: There will be a bit of pain, but you will settle into the new UX after a short time.

A question about noscript:
The transition to FF quantum and webextensions add-ons seems to have neutered much of noscript's other features such as ABE and ClearClick. As is, noscript is strictly inferior to uMatrix.
uMatrix allows users to trust or deny cookies, css, scripts, http-requests, and more globally or on a per-site basis. (https://github.com/gorhill/uMatrix/wiki/The-popup-panel)

Would the developers be interested in replacing NoScript with uMatrix, now that we must use the trimmed-down WebExtension version?

There seems to be an issue open already for uMatrix and uBlock Origin, but it appears to be dead (I understand why the TBB devs don't want to ship an adblocker. uBlock is an adblocker, but uMatrix is not).

There are only two issues that I can anticipate:
1. I don't know how easily uMatrix can be scripted to interface with tor browser button.
2. From a UX perspective, uMatrix has a lot of knobs. That said, NoScript of yesterday had a lot of knobs as well (they were just hidden behind the settings dialogue). That said, the documentation for uMatrix is great (see the link above), and it can be customized to be disabled by default (permitting all JS, that is).

Again, thank you for all that you do! Much love!

I don't anything about uMatrix but having knobs for things seems rather dangerous. Wouldn't you risk being easier to fingerprint by having a unique set of allowed CSS, scripts, cookies, etc.?

Anonymous

September 07, 2018

Permalink

Soo much new nice stuff, BUT: for me, every next torbrowser update seems to add a bit of weight, making it ever heavier and slower over time...

Isn't there stuff thta can be easily thrown away, making torbrowser both safer and lighter?

Agree that TBB8 seems noticably slower than TBB7, presumably because the underlying FF has gotten much slower.

Anyone (devs or users) have any ideas for ways to speed it up (eg conf tweaks) to make it more usable, without compromising security?

Anonymous

September 07, 2018

Permalink

CrashHang
On this particular 'new-release-tor-browser-80'-page my new Tails system (with this new mzzlah kind of a prod) is completely freezing over and over again while I can browse other large websites (like Nyt.com) without any problem.
So there must be something serious code going on this website.
Are you hacked?
Very annoying to start Tails over and over again.

Please, don't blame Tails to quickly :)

I bet that's the exact same bug I'm seeing here right now, on Stretch/Xfce if that matters (with Tor Browser 7.x or 8.0, same thing). And for the records I remember this bug in the past, also on Tor Blog, exclusively! But then I had no time to even start looking at the issue.

So. It's the damn GIFs!

Memory leaks at a rate of 200 MB/sec, soon bringing the OS to swap, until tab is closed. With (much) time, Tor Browser eventually releases up to a third of the wasted memory. Closing the app releases it entirely.

And it's probably not Tor Browser's fault: at least Thunar thumbnailer (tumblerd) has the issue with the same files saved locally.

Within Tor Browser, there's apparently no way to right-click these GIFs, for example to 'Inspect Element" directly, but with such a memory leak speed, there would be no time to load these tool anyway. If the OS starts to swap "too far", there's no escape from limbo.

Even more interesting in my view, while Tor Browser honors site (no) permission for still images, it does not affect these GIF, so they are still rendered.

"Of course" I spent much time trying to figure if NoScipt could be any useful for this (or at all ?). May I join the immense flows of those hoping to see it recovering in a near future :)

"Nuke Anything" addon works for me, selecting text around all 3 GIF at once and right-clicking to remove the selection.

Browsing all comments pages until here was sport, since the whole article is rendered on each comment page, including the GIF which I had to remove each time, growing the memory leak up to new limits :)

This statement of mine:

Within Tor Browser, there's apparently no way to right-click these GIFs,

is now false, I can right-click these GIFs. Not sure exacty which release/component update made a difference but I'm certain I could not before the upgrade to Tor Browser 8.0.

Like I wrote, memory leak is too fast anyway so there is no time to nuke each GIF one after another and nuking the selection remains the only solution I found to date. Everything else also stands true.

Site preference to block images (and which is not applied to GIFs), is not saved, just the same as all NoScript site preferences.

So, lots of steps are necessary to follow this comments thread. More than ever before, I wish there were some way to follow it as easily as mailing lists archives, or tickets (with some summary or a clear chronology, to find new comments easily).

Agree this is not likely to be an issue with Tails, since I am using Tails 3.9 and haven't noticed anything strange on this blog.

@OP: did you try moving the security slider to "medium" or "high"?
Another possibility, perhaps, is that you are suddenly seeing issues suggesting your machine is low on memory because one of your memory cards (if you have several) is failing.

> So there must be something serious code going on this website.

I am using Tails 3.9 (the latest, released same time as Tor Browser 8.0) and haven't noticed anything strange here or at other sites. A little slower, but that is likely due to the critical security fixes which help keep Tails safe from speculative execution attacks.

Anonymous

September 07, 2018

Permalink

Torbutton functionality ???

You just removed two of the most important functions (well 4 actually) from Torbutton.
I just cannot believe it and it is just a disaster!

1) New identity was very useful, used it all the time when browsing
2) As well as new circuit because not all circuits are working as well, and some exit-nodes give trouble.

Now I have to completely close the whole browser in Tails and lose my other settings!

3) Privacy and security settings & 4) Network setting also just removed?!!

Why why why do products always have to change change change meaning loosing functionality!
This is really making me go back to the old ESR / using an older Tails version again.

The forget button is not an alternative because it is not, I repeat, not resetting / clearing history : it is not clearing the caches and you cannot enter a website from an other exit-node without closing the browser which has nothing to do with protecting privacy (au contraire).

This is not userfriendly.

Please calm down. We just moved the functionality out of the Torbutton menu. For the circuit display/new circuit for this site. We tried three times to inform you about it. First on this very blog post. Please read about the changes above. Second on the first page loaded after the update and third on our new onboarding showing the new features in the upper left corner. It moved to the "i" (identity) box on the left of the URL bar. And into the hamburger menu together with the "New Identity" button. That one will be available as a standalone button on the toolbar soon, as it is important, as you say.

Thanks missed it tree times
- enourmous blog post with enroumous much information that especially visual handicapped will not all catch but thats is not your fault.
- ther eis no update torbrowser message on tails when installing a fresh new copy of tails
- I am sorry I do not understand unboarding in this context, in the upper left the totbutton only gives two options.

Now for the use ot the other places, the regular browser, firefox uses it in another way so it is not to expect to find the functions there, but thank you for answering and pointing out at the i-button place.
Again, for for visual handicapped poeple (dislexia and son) these big interface changes where everything is different and lots of functionalitity is removed (like in noscript), this is a real hard time especially in combination with frustration about mozilla policies.

thank you for you efforts and hard work.

Correct, the poster is not calm. He has a poorly presented point. The transition launch was slightly botched. Your team provided no transition guide to show your existing users where you hid key functions you used to. How is the average user suppose to notice where you secretly hid the new identity feature? You do great work. We love the torproject. New languages support are great, but not very useful to the million existing users you have. What is more useful is a concise transition guide showing where you hid features like new identity to make the 8.0 transition smoother. A blog post "3 things you need to know when transitioning to Tor Browser Bundle 8.0" would have served all sides better.

1) Click on the icon left of http in the URL bar to create a new circuit
2) We hid new identity under the top right menu that looks like three parallel lines
3) Holding Control and Shift while pressing the L key also gives you a new circuit. Holding Control and Shift while pressing the U key also gives you a new identity.

Clear, concise. What every regular tor browser user does all the time. People tune out the other corporate marketing intern type speak. Keep up the good work, we love it.

Reviewing the comments, some (one from me) are slightly frenzied. It occurred to me that one way to think about this is that it shows how much so many people rely on Tor Browser, and also that they are used to it "just working" and are unnerved when suddenly something stops working.

We appreciate all your work, and we really really need Tor to survive FBI's "Going Dark" monomania.

Not the same user here, but I'd like to point out that that fuctionality is 'kind of' important for Tor users. Having to look for it in a frantic search was... 'quite the experience' for me. Maybe the update-list should mention 'where' the functionality was 'moved to'.
There's still time. ;)

Anonymous

September 07, 2018

Permalink

torbrowser-install-8.0_en-US.exe is signed with key ID D9FF06E2. This ID is NOT listed on your page of keys. Hence I need to assume you have been hacked and your servers are compromised.

Anonymous

September 07, 2018

Permalink

macOS 10.13.6

Whatever I try, the (growl a-like) browser notifications are no longer working.
Kinda sucks when using webmail :/

Anonymous

September 07, 2018

Permalink

Thank you again for all your hard work Tor devs, impressive Quantum migration very smooth.

Is all the previous hard work on ASLR applicable in these new releases code-base?

Sandboxed-tor-browser is better than nothing as you note, alas it no longer functions.
Key is hard-coded and update fails, when key-check successful other fatal errors are reported.

Segmentation of users via OS user-agent string splits all users into obvious separate groups defeating the point of Tor.
Passively reveals data on user for exploits whereby active detectable measures were previously used by remote site to find angles of attack.

Standardized post-quantum crypto has not been mentioned in a while.

Love+Fishes

Anonymous

September 07, 2018

Permalink

Hi.

I don't know if this has been discussed before, but is there a reason why DDG is the default search engine?
Apparently, DDG has trackers on their homepage, they track the ads you click and it has a few other issues in terms of privacy. At least according to the developer of the Privacy Browser for android (https://www.stoutner.com/new-default-homepage-and-search-engine/)

For privacy concerned users, these are pretty much red flags which would prompt a reconsideration and search for alternatives.