New Release: Tor Browser 8.0

 

Update (09/07 10:15 UTC): We received reports of Tor Browser 8.0 crashing during start-up on older (10.9.x) macOS systems. This is tracked in bug 27482. The current Tor stable version, 0.3.3.9, is missing a patch to make it compatible with that old and unsupported (by Apple) macOS version. This will be fixed in the planned Tor Browser 8.0.1 release. Meanwhile, users affected by this bug can try the almost identical alpha release, 8.5a1, which is shipping a newer Tor version with this bug fixed. Sorry for the inconvenience.

For the past year, we have been collecting feedback on how we can make Tor Browser work better for you.

Tor Browser 8.0, our first stable release based on Firefox 60 ESR, is now available from the Tor Browser Project page and also from our distribution directory. This release is all about users first.

Tor Browser 8.0 comes with a series of user experience improvements that address a set of long-term Tor Browser issues you’ve told us about. To meet our users' needs, Tor Browser has a new user onboarding experience; an updated landing page that follows our styleguide; additional language support; and new behaviors for bridge fetching, displaying a circuit, and visiting .onion sites.

New User Onboarding

For the most part, using Tor is like using any other browser (and it is based on Firefox), but there are some usage differences and cool things happening behind the scenes that users should be aware of. Our new onboarding experience aims to better let you know about unique aspects of Tor Browser and how to maximize those for your best browsing experience.

Improved Bridge Fetching

For users where Tor is blocked, we have previously offered a handful of bridges in the browser to bypass censorship. But to receive additional bridges, you had to send an email or visit a website, which posed a set of problems. To simplify how you request bridges, we now have a new bridge configuration flow when you when you launch Tor. Now all you have to do is solve a captcha in Tor Launcher, and you’ll get a bridge IP. We hope this simplification will allow more people to bypass censorship and browse the internet freely and privately.

Better Language Support

Millions of people around the world use Tor, but not everyone has been able to use Tor in their language. In Tor Browser 8, we’ve added resources and support for nine previously unsupported languages: Catalan, Irish, Indonesian, Icelandic, Norwegian, Danish, Hebrew, Swedish, and Traditional Chinese.

Apart from those highlights, a number of other component and toolchains got an update for this major release. In particular, we now ship Tor 0.3.3.9 with OpenSSL 1.0.2p and Libevent 2.1.8. Moreover, we switched to the pure WebExtension version of NoScript (version 10.1.9.1) which we still need to provide the security slider functionality. Additionally, we start shipping 64bit builds for Windows users which should enhance Tor Browser stability compared to the 32bit bundles.

Providing this many improvements for our users could only be possible with collaboration between the Tor Browser team and Tor's UX team, Community team, Services Admin team, and our volunteers. We would like to thank everyone for working hard over the past year to bring all these new features to our users.

Known Issues

We already collected a number of unresolved bugs since Tor Browser 7.5.6 and tagged them with our ff60-esr keyword to keep them on our radar. The most important ones are listed below:

  • WebGL is broken right now.
  • We disable Stylo on macOS due to reproducibility issues we need to investigate and fix. This will likely not get fixed for Tor Browser 8, as we need some baking time on our nightly/alpha channel before we are sure there are no reproducibility/stability regressions. The tentative plan is to get it ready for Tor Browser 8.5.

 

Note: This release is signed with a new GPG subkey as the old one expired a couple of days ago. You might need to refresh your copy of the public part of the Tor Browser signing key before doing the verification. The fingerprint of the new subkey is 1107 75B5 D101 FB36 BC6C 911B EB77 4491 D9FF 06E2.

Give Feedback

This is only the beginning of our efforts to put users first. If you find a bug or have a suggestion for how we could improve this release, please let us know.

Changelog

The full changelog since Tor Browser 7.5.6 is:

  • All platforms
    • Update Firefox to 60.2.0esr
    • Update Tor to 0.3.3.9
    • Update OpenSSL to 1.0.2p
    • Update Libevent to 2.1.8
    • Update Torbutton to 2.0.6
      • Bug 26960: Implement new about:tor start page
      • Bug 26961: Implement new user onboarding
      • Bug 26962: Circuit display onboarding
      • Bug 27301: Improve about:tor behavior and appearance
      • Bug 27214: Improve the onboarding text
      • Bug 26321: Move 'New Identity', 'New Circuit' to File, hamburger menus
      • Bug 26100: Adapt Torbutton to Firefox 60 ESR
      • Bug 26520: Fix sec slider/NoScript for TOR_SKIP_LAUNCH=1
      • Bug 27401: Start listening for NoScript before it loads
      • Bug 26430: New Torbutton icon
      • Bug 24309: Move circuit display to the identity popup
      • Bug 26884: Use Torbutton to provide security slider on mobile
      • Bug 26128: Adapt security slider to the WebExtensions version of NoScript
      • Bug 27276: Adapt to new NoScript messaging protocol
      • Bug 23247: Show security state of .onions
      • Bug 26129: Show our about:tor page on startup
      • Bug 26235: Hide new unusable items from help menu
      • Bug 26058: Remove workaround for hiding 'sign in to sync' button
      • Bug 26590: Use new svg.disabled pref in security slider
      • Bug 26655: Adjust color and size of onion button
      • Bug 26500: Reposition circuit display relay icon for RTL locales
      • Bug 26409: Remove spoofed locale implementation
      • Bug 26189: Remove content-policy.js
      • Bug 26490: Remove the security slider notification
      • Bug 25126: Make about:tor layout responsive
      • Bug 27097: Add text for Tor News signup widget
      • Bug 21245: Add da translation to Torbutton and keep track of it
      • Bug 27129+20628: Add locales ca, ga, id, is, nb, da, he, sv, and zh-TW
      • Translations update
    • Update Tor Launcher to 0.2.16.3
      • Bug 23136: Moat integration (fetch bridges for the user)
      • Bug 25750: Update Tor Launcher to make it compatible with Firefox 60 ESR
      • Bug 26985: Help button icons missing
      • Bug 25509: Improve the proxy help text
      • Bug 26466: Remove sv-SE from tracking for releases
      • Bug 27129+20628: Add locales ca, ga, id, is, nb, da, he, sv, and zh-TW
      • Translations update
    • Update HTTPS Everywhere to 2018.8.22
    • Update NoScript to 10.1.9.1
    • Update meek to 0.31
      • Bug 26477: Make meek extension compatible with ESR 60
    • Update obfs4proxy to v0.0.7 (bug 25356)
    • Bug 27082: Enable a limited UITour for user onboarding
    • Bug 26961: New user onboarding
    • Bug 26962: New feature onboarding
    • Bug 27403: The onboarding bubble is not always displayed
    • Bug 27283: Fix first-party isolation for UI tour
    • Bug 27213: Update about:tbupdate to new (about:tor) layout
    • Bug 14952+24553: Enable HTTP2 and AltSvc
      • Bug 25735: Tor Browser stalls while loading Facebook login page
    • Bug 17252: Enable TLS session identifiers with first-party isolation
    • Bug 26353: Prevent speculative connects that violate first-party isolation
    • Bug 26670: Make canvas permission prompt respect first-party isolation
    • Bug 24056: Use en-US strings in HTML forms if locale is spoofed to english
    • Bug 26456: HTTP .onion sites inherit previous page's certificate information
    • Bug 26561: .onion images are not displayed
    • Bug 26321: Move 'New Identity', 'New Circuit' to File, hamburger menus
    • Bug 26833: Backport Mozilla's bug 1473247
    • Bug 26628: Backport Mozilla's bug 1470156
    • Bug 26237: Clean up toolbar for ESR60-based Tor Browser
    • Bug 26519: Avoid Firefox icons in ESR60
    • Bug 26039: Load our preferences that modify extensions (fixup)
    • Bug 26515: Update Tor Browser blog post URLs
    • Bug 26216: Fix broken MAR file generation
    • Bug 26409: Remove spoofed locale implementation
    • Bug 25543: Rebase Tor Browser patches for ESR60
    • Bug 23247: Show security state of .onions
    • Bug 26039: Load our preferences that modify extensions
    • Bug 17965: Isolate HPKP and HSTS to URL bar domain
    • Bug 21787: Spoof en-US for date picker
    • Bug 21607: Disable WebVR for now until it is properly audited
    • Bug 21549: Disable wasm for now until it is properly audited
    • Bug 26614: Disable Web Authentication API until it is properly audited
    • Bug 27281: Enable Reader View mode again
    • Bug 26114: Don't expose navigator.mozAddonManager to websites
    • Bug 21850: Update about:tbupdate handling for e10s
    • Bug 26048: Fix potentially confusing "restart to update" message
    • Bug 27221: Purge startup cache if Tor Browser version changed
    • Bug 26049: Reduce delay for showing update prompt to 1 hour
    • Bug 26365: Add potential AltSvc support
    • Bug 9145: Fix broken hardware acceleration on Windows and enable it
    • Bug 26045: Add new MAR signing keys
    • Bug 25215: Revert bug 18619 (we are not disabling IndexedDB any longer)
    • Bug 19910: Rip out optimistic data socks handshake variant (#3875)
    • Bug 22564: Hide Firefox Sync
    • Bug 25090: Disable updater telemetry
    • Bug 26127: Make sure Torbutton and Tor Launcher are not treated as legacy extensions
    • Bug 13575: Disable randomised Firefox HTTP cache decay user tests
    • Bug 22548: Firefox downgrades VP9 videos to VP8 for some users
    • Bug 24995: Include git hash in tor --version
    • Bug 27268+27257+27262+26603 : Preferences clean-up
    • Bug 26073: Migrate general.useragent.locale to intl.locale.requested
    • Bug 27129+20628: Make Tor Browser available in ca, ga, id, is, nb, da, he, sv, and zh-TW
      • Bug 12927: Include Hebrew translation into Tor Browser
      • Bug 21245: Add danish (da) translation
  • Windows
    • Bug 20636+10026: Create 64bit Tor Browser for Windows
      • Bug 26239+24197: Enable content sandboxing for 64bit Windows builds
      • Bug 26514: Fix intermittent updater failures on Win64 (Error 19)
      • Bug 26874: Fix UNC path restrictions failure in Tor Browser 8.0a9
      • Bug 12968: Enable HEASLR in Windows x86_64 builds
    • Bug 26381: Work around endless loop during page load and about:tor not loading
    • Bug 27411: Fix broken security slider and NoScript interaction on Windows
    • Bug 22581: Fix shutdown crash
    • Bug 25266: PT config should include full names of executable files
    • Bug 26304: Update zlib to version 1.2.11
    • Update tbb-windows-installer to 0.4
      • Bug 26355: Update tbb-windows-installer to check for Windows7+
    • Bug 26355: Require Windows7+ for updates to Tor Browser 8
  • OS X
    • Bug 24136: After loading file:// URLs clicking on links is broken on OS X
    • Bug 24243: Tor Browser only renders HTML for local pages via file://
    • Bug 24263: Tor Browser does not run extension scripts if loaded via about:debugging
    • Bug 22794: Don't open AF_INET/AF_INET6 sockets when AF_LOCAL is configured
  • Linux
    • Bug 22794: Don't open AF_INET/AF_INET6 sockets when AF_LOCAL is configured
    • Bug 25485: Unbreak Tor Browser on systems with newer libstdc++
    • Bug 20866: Fix OpenGL software rendering on systems with newer libstdc++
    • Bug 26951+18022: Fix execdesktop argument passing
    • Bug 24136: After loading file:// URLs clicking on links is broken on Linux
    • Bug 24243: Tor Browser only renders HTML for local pages via file://
    • Bug 24263: Tor Browser does not run extension scripts if loaded via about:debugging
    • Bug 20283: Tor Browser should run without a `/proc` filesystem.
    • Bug 26354: Set SSE2 support as minimal requirement for Tor Browser 8
  • Build System
    • All
      • Bug 26362+26410: Use old MAR format for first ESR60-based stable
      • Bug 27020: RBM build fails with runc version 1.0.1
      • Bug 26949: Use GitHub repository for STIX
      • Bug 26773: Add --verbose to the ./mach build flag for firefox
      • Bug 26319: Don't package up Tor Browser in the `mach package` step
      • Bug 27178: add support for xz compression in mar files
      • Clean up
    • Windows
      • Bug 26203: Adapt tor-browser-build/tor-browser for Windows
      • Bug 26204: Bundle d3dcompiler_47.dll for Tor Browser 8
      • Bug 26205: Don't build the uninstaller for Windows during Firefox compilation
      • Bug 26206: Ship pthread related dll where needed
      • Bug 26396: Build libwinpthread reproducible
      • Bug 25837: Integrate fxc2 into our build setup for Windows builds
      • Bug 27152: Use mozilla/fxc2.git for the fxc2 repository
      • Bug 25894: Get a rust cross-compiler for Windows
      • Bug 25554: Bump mingw-w64 version for ESR 60
      • Bug 23561: Fix nsis builds for Windows 64
        • Bug 13469: Windows installer is missing many languages from NSIS file
      • Bug 23231: Remove our STL Wrappers workaround for Windows 64bit
      • Bug 26370: Don't copy msvcr100.dll and libssp-0.dll twice
      • Bug 26476: Work around Tor Browser crashes due to fix for bug 1467041
      • Bug 18287: Use SHA-2 signature for Tor Browser setup executables
      • Bug 25420: Update GCC to 6.4.0
      • Bug 16472: Update Binutils to 2.26.1
      • Bug 20302: Fix FTE compilation for Windows with GCC 6.4.0
      • Bug 25111: Don't compile Yasm on our own anymore for Windows Tor Browser
      • Bug 18691: Switch Windows builds from precise to jessie
    • OS X
      • Bug 24632: Update macOS toolchain for ESR 60
      • Bug 9711: Build our own cctools for macOS cross-compilation
      • Bug 25548: Update macOS SDK for Tor Browser builds to 10.11
      • Bug 26003: Clean up our mozconfig-osx-x86_64 file
      • Bug 26195: Use new cctools in our macosx-toolchain project
      • Bug 25975: Get a rust cross-compiler for macOS
      • Bug 26475: Disable Stylo to make macOS build reproducible
      • Bug 26489: Fix .app directory name in tools/dmg2mar
    • Linux

I agree with you, but please note that (if I understand correctly) it was Mozilla's stupid decision, not Tor devs.

I am not hopeful about persuading Mozilla devs to make sane decisions, but I am hopeful that Tor devs will produce a workaround for TBB.

Like Tor Project, Mozilla faces threats from USG to legally mandate "backdoors", i.e. breakage by design. I suspect otherwise incomprehensible decisions which reduce security may represent some kind of compromise with FBI. But once the camel puts his toe inside our tent, he'll keep pushing further and further in, until he owns the damn tent. So I agree, no compromise! No backdoors!

Anonymous

September 07, 2018

Permalink

Congratulations for the new way to get bridges, this is a real innovation ! It perfectly works !

You rule guys !

All the best !

Anonymous

September 08, 2018

Permalink

I am sorry to be stupid about this, but where did you put the list of websites that was previously maintained manually as a list of Trusted Sites? You have some kind of mini-gadget in the top right corner that now deals with trust on the current tab only, but I don't see any way from that UI to get to a list of all trusted websites.

Anonymous

September 08, 2018

Permalink

With the version of NoScript available with TOR 7.5.6 I could access, check and (if necessary) amend the settings under Whitelist, Embeddings and Advanced.

How do I access these settings with the current version of NoScript under TOR 8?

Please let me and others know.

Thanks

It's not, it's still in a tab under NoScript global preferences.

In Tor Browser 7.x, NoScript global preferences were persistent. Content types default restrictions could also be more finely tuned. There was a global per-site list in there also, but I never used it in Tor Browser, so I don't know if it was working. Either way, Javascript could then be allowed on-demand while browsing, on a per-site basis. And NoScript button menu could include options to make such permissions, permanent.

In Tor Browser 8, NoScript global preferences are no longer persistent (this is a temporary bug, I hope? see https://trac.torproject.org/projects/tor/ticket/27175). Currently, it's like if all preferences were wiped at each application start (maybe even at each new identity?). I can see this includes the list of per-site permissions, since for the first time in Tor Browser, I tried to set a permamnent restriction (cf. GIF issue on this blog).

What I can tell is that on Stretch, Firefox+NoScript were also upgraded. NoScript global preferences were not lost (including my per-site list) and NoScript content-types preferences are still persistent, as expected.

So, if some of Tor Browser Users were relying on such a list in 7.x, my guess is that the current bug wiped it indeed. But it might not be lost? And it might even be possible to re-import it again in a near future?

NoScript "Export" button is also broken here, nothing happens after accepting to download the file. But there is a "debug" frame under the last tab of NoScript global options, which produces some json. Haven't tried to play with it as yet, don't know if the "Import" button would work, either.

Anonymous

September 08, 2018

Permalink

I've run into two problems with the new tor browser update for Linux.
1. Tor no longer remembers window size. Every time I open a new window, It is very small and I have to resize it.

2. Tor does not respect previous gtk3 settings. I previously used dconf-editor to make the file browser (that appears when saving files) always show directories first. Tor browser ignores my settings and jumbles the files and folders together. What's worse is that Tor Browser also changes the global setting, so it messes up all programs that use those gtk3 settings. I'm getting tired of constantly having to reset my option to sort directories first in dconf-editor after every time I use the Tor browser.

Hm. No, Tor Browser is not messing with GTK3 settings, at least not intentionally. Could you check whether Firefox 60.2.0esr does the same on your machine? (You'll find bundles here: https://www.mozilla.org/en-US/firefox/organizations/all/)

Could you check your first issue with this downloaded Firefox version as well? You need to set privacy.resistFingerprinting in your about:config to true. We use essentially the same patch as Firefox for the window size, so let's see whether that's a Firefox bug.

Anonymous

September 08, 2018

Permalink

Hello Tor developers. Tor Browser 8 does not support the IDM (internet download manager) integration add-on that I always download and install from:
https://getidmcc.com/
It is not integrated in the browser at all even though it says the add-on is enabled and when I restart the Tor Browser, Windows 10 shows Tor browser running in the task manager, but the Tor browser window is invisible, so I have to End Task from task manager and reinstall Tor. I tried it several times with new installations and the problem occurs every time. Whenever I install the IDM add-on for "Firefox 53 and newer" Tor 8 window no longer appears on the Desktop or even in the taskbar or with Alt+Tabing, not to mention the fact that the IDM add-on is not even integrated into the browser. I'm using Internet Download Manager version 6.31, which is the latest version, so the problem is with Tor 8.

I downloaded and installed Tor 7.5.6 and was able to again integrate IDM add-on for "Firefox 52 and older" from the above mentioned website and IDM integration worked like before, but Tor browser is automatically updated to Tor 8 and the same problem occurs even though I disabled automatic update from the Options. Please make Tor 8 work with IDM integration, otherwise we won't be able to download any videos from blocked websites. Thank you. I will check back to see if you have looked into the problem and if there is a way around this problem.

Anonymous

September 08, 2018

Permalink

The Tor Browser Bundle does not start, if it's folder is moved to another machine. Running ./start-tor-browser --verbose(in the Browser directory) gives me this Segmentation fault: ./Browser/start-tor-browser: line 373:  1236 Segmentation fault      (core dumped) TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" -profile TorBrowser/Data/Browser/profile.default "${@}" < /dev/null.
Both machines run fedora 28.
Steps to reproduce:
- Download Tor Browser Bundle version 8.0
- Unpack and run it in terminal with ./start-tor-browser.desktop
- Click connect and close it, once it has successfully started.
- Copy the directory containing 'Browser/' and 'start-tor-browser.desktop' over to another machine(also running fedora 28).
- If you now try to run the Tor Browser with ./start-tor-browser.desktop it doesn't do anything and doing ./start-tor-browser --verbose yields the Segmentation fault above.

Anonymous

September 08, 2018

Permalink

In "preferences" menu I have choice with 2 buttons: "Use the address bar for search and navigation" and "Add search bar in toolbar". When choose the 2nd, I expect that input of address bar will no longer be sent to search engines, i.e. it will always be interpreted as address. However, its behavior is the same as without separate search bar. It is confusing.

Another problem: "about:tor" page suggests me a help link, where "new identity" is still located in old place. You should update that manual.

Have you checked whether Firefox has the same problem (re address bar)? I doubt this is a thing Tor Browser is doing. Regarding your second point, yes, we are a bit late on updating our user manual but should have fixed that soon.

Have you checked whether Firefox has the same problem (re address bar)? I doubt this is a thing Tor Browser is doing.
I can test only my old firefox 52.9.0 on Linux. You are right, that version does the same thing (however, it doesn't yet have an option to hide/show search box).

I think in Mozilla's firefox they have this behavior for a long time now. Blocking of sending anything to search engines (that cannot be parsed as address) may be good for security. Maybe it should be fixed in upstream.

Anonymous

September 08, 2018

Permalink

In preferences in "privacy & security" there is a new option "location" (with microphone, camera, etc). How it is related to anonymity, etc? What does this option mean? I understand that tor browser may be used as normal browser too, so may be in some cases this options can be used with some sites, but still it is hard to imagine. Should this option be removed from menu as privacy unfriendly and confusing?

Anonymous

September 08, 2018

Permalink

A Privacy Product designed for deployment on affordable laptop computers
Typical for the underprivaleged and economically excluded, such as disabled and low income
Older midrange general purpose laptoos, such as Dell 3GiB memory default.

A Whonix VM variant with 1215MiB memory worked Fine. It updated from tb7.5 to this HORRIBLE 8.0
To those here complaining about updates never completing: Patience and Vigilance! :-
Observe the disk *writes* as it sorts itself out. WAIT TILL DONE. Then ( and only then ) restart

Did it work? Yeah. *BADLY*. No chance of multiple tabs, one of which was this very Blog.
The complicated moving images built into this blog is a MISTAKE. On a low bandwidth (Mobile)
saving pages EATS egregious amounts of bandwidth, just to get the extra comments as I save
each page. A mode to have ONE page with ALL the coments would be very much appreciated.

Its eaten huge gobs of time - like hours - instead of an expected 20+ mins on a high resource
machine.

Needs WORK people. And a Focus on KISS. Eliminate all of the fancy stuff back to a FAST classic
menu system that is NOT contect sensitive.

I wont comment on teh UX changes, but they are NOT good, when compared with my own main
Workstation. That will be staying with tb7 while I figure out how to Migrate away from this mess.

CRUCIAL to me is the ability to manage and observe What SSL certs and connections get made
Certificate Patrol is HISTORY thanks to this mess.

Suggestions on alternative extensions to effect the same controls are invited.

Posting this - on a Development Worktstation - From tb7 Final. Damn screen keeps jumping around
as the pagelength changes.

There is NO way I'll ever convince anyone to use such a system to preserve critical privacy
( such as challenging illegal surveillance and looking up stuff when fighting some state (under)funded
service that decides to screw them. Without giving away all their plans ( for legal support etc ) to the
Government Dept that REALLY wants to win a case...

LOCKUP and Swapfest when trying to SAVE pages or content for later processing.

Is there ANY WAY of simplifying the GUI to eliminate all this Good look but otherwise HORRIBLY
resource consuming Sh*t? To make the core firefox resource demands Sane Again?

Do Tell!

Anonymous

September 08, 2018

Permalink

Where on earth is the "Take Screenshot" function??? Firefox 60.2.0esr on Debian (recently updated) has it right there under "..." next to the browser bar, while missing from Tor Browser 8.

This is driving me bonkers because the "screenshot --fullpage" console option is gone too.

Also, when I go to "Customize" and "Reset Defaults" for the toolbar, it resets to FF defaults, not TB defaults.

It does work overall, but goddamnit.

Anonymous

September 08, 2018

Permalink

I love the new update but the noscript settings aren't saved so I cannot whitelist sites.

Also, the website notifications are no longer working in OSX. Setting permissions have no effect. They just don't show anymore.

Anonymous

September 08, 2018

Permalink

Note: This release is signed with a new GPG subkey as the old one expired a couple of days ago. You might need to refresh your copy of the public part of the Tor Browser signing key before doing the verification. The fingerprint of the new subkey is 1107 75B5 D101 FB36 BC6C 911B EB77 4491 D9FF 06E2.
> it was not possible (no server available with hkps and other server : bug in gpg ?), i used curl (D9FF06E2) then gpg --refresh and all is fine : version 8 runs like a charm (no error).

Anonymous

September 08, 2018

Permalink

Hey,

I just wanted to say that one bug seems fixed. I've posted in here that EMET crashed TBB when "remote.autostart" was on.
With TBB 8 everything works fine.

So thank you.

Anonymous

September 08, 2018

Permalink

is it just my machine or is noscript 10.1.9.1 not working

default for all sites is to allow scripts and options changed cannot be saved - any whitelisted site is gone on next session - settings cannot be exported

Anonymous

September 09, 2018

Permalink

I used to handle with torcheck.xenobite.eu. It was easy to change the IP address (bad exit nodes and so on). Why does the site torcheck xenobite not function anymore? There come maybe 3 addresses and then no connection.
With duckduckgo and the tor circuit it is more difficult. Why don't you set torcheck xenobite in action again????
greetings

Anonymous

September 09, 2018

Permalink

Why did you release Tor Browser 8.0? It is far from ready to be released.
People may be hurt because you have exposed their identity!
Tor Network may also be affected as a result.
Let's face it, since certain purges and certain changes to the internal structure of tor staff it is no longer looking like a project worthy of my money.

Anonymous

September 09, 2018

Permalink

hey, there's something wrong with the javascript.enabled config setting. I disabled it through the about config settings, now I can't turn it back on. Webpage says javascript disabled, even though the setting has been set back to true.

Anonymous

September 09, 2018

Permalink

By using tor 8.o my computer (windows 7) is freezing again and again must must be restarted. What's the problem with it. Unfortunatley I can't get back to the previous tor version.

Not sure. Maybe some Antivirus/Firewall software on your computer is causing that? You could try to uninstall it for testing purposes (disabling is often not enough). Another issue could be that you are using the 32bit Tor Browser. We have a 64bit version on our download page now and it is said that Firefox on Windows is runner much more stable with that one. Could you try that out?

Anonymous

September 09, 2018

Permalink

No XP support, and Intel's 8th generation drivers don't support Windows 7 or 8. Thanks for forcing me to soon move to Win10.

Anonymous

September 10, 2018

Permalink

In Firefox-TBB i see "Cookies and Site Data" in about:preferences#privacy, in vanilla Firefox i don't.
Is that normal or have it misconfigured? When, how?

Anonymous

September 10, 2018

Permalink

no fixes work, waiting for new version. meanwhile force upgrade kills my tor every day, and for that reason i unpack older version over it each day.

What is your issue? And the problem with disabling the updater is that you need to do that before it is checking/starting the update. Thus, you need to modify a preferences file in your Tor Browser profile (I think prefs.js should suffice) setting the app.update.enabled preference to false. I guess you could as well set the preference to false in your about:config but make sure you download the updated files before the update got applied. I have not tried the latter, though.

Anonymous

September 10, 2018

Permalink

How do I force Tor Browser 8.0 to use the local system installed tor instead of the bundled one? Previous versions of Tor Browser, it was possible to set the preferences of extensions.torlauncher.start_tor and extensions.torlauncher.prompt_at_startup to false, but I am unsure if that works here as well.

Anonymous

September 10, 2018

Permalink

JavaScript error: jar:file:///home/****/T%C3%A9l%C3%A9*****/tor-browser_en-US/Browser/omni.ja!/components/FeedProcessor.js, line 1274: NS_ERROR_NOT_AVAILABLE: Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIChannel.contentType]

getting this error on rss feeds surprisingly only through http://www.lemonde.fr/rss/une.xml and http://www.aljazeera.com/xml/rss/all.xml in my feeds.

By the way, how do i know, not related to this release, witch circuits those rss are connected to,
i mean if the sense of the "show site information" button ?

Keep on rocking Tor, cause we like it !

Hm. I am not exactly sure how feeds are working here. But I guess feed updates go over the "catch-all" circuit given that there is no URL bar domain attached to them anymore once they are subscribed to. If that's the case we probably should be smarter than that and load the updates of different feeds over different circuits. You could check the behavior by looking at the Torbutton log output after setting extensions.torbutton.loglevel to 3 (it should be visible in the browser console; if you want to have the output in your terminal flip extensions.torbutton.logmethod to 0).

Okay, I opened https://trac.torproject.org/projects/tor/ticket/27633 for further investigation.

Anonymous

September 10, 2018

Permalink

How can we now prevent pages to reload themselves? This preference was removed with this release and I failed to find any about:config setting that would do the job, is there any?

When posting a comment, the page gets reloaded in a loop every couple of seconds, forever. Stopping and reloading manually does not help. I deleted the set of cookies, cache, active connexions and offline data, only then I could load the page normally again. Not sure if the comment was submitted, so I repeated, also after a fresh application restart and this appears reproducible (third time in two comments). This might be yet-another-unrelated-bug, but not being able to prevent automatic reloading is an issue (also) in this case.

I would regard this as a massive user experience regression, especially for with few hardware resources or little/unreliable bandwitch. Quite a few sites are abusing this "feature", e.g. to update the set of adverts they serve, or whatever other reason.

Same stand for NoScript automatic reloading after amending site preferences one way or another: until this release, it was possible to change them and not reload the page automatically, until we (the User) decided to reload the page whenever we see fit. This was also precious while disabling some permissions after contents had been fetched: terminating javascript execution, without loosing the resulting rendering.

This alone gives me a very frustrating UX on this release. :/

Thanks for forcing me to complete my homework :)

For NoScript itself, we had a clear option in the GUI and I think the preference was noscript.autoReload (default: true), I had that orphan setting in my profiles after upgrading. That functionality seems to have been entirely dropped: no GUI option, reload are now automatic when exiting the dynamic menu, if any permission was changed (no matter if added or removed).

For site refreshes on the Mozilla side, GUI option was under Accesibility and named "Warn me when websites try to redirect or reload the page". This one has been removed but the preference is still there and active, sorry: accessibility.blockautorefresh (default: false).

What happens is that it is less effective as the time goes. Feature itself may (?) have been limited to accomodate Google Translate or others, and/or more and more sites apparently use other techniques, even without javascript. Still effective with e.g. OpenWRT landings with luci-ssl, see also the test page linked below. Now helpless with e.g. Panopticlick redirects, your Drupal comment post bug here on Tor Blog, and too many sites to my taste.

Mozillazine: http://kb.mozillazine.org/Accessibility.blockautorefresh
GTranslate: https://bugzilla.mozilla.org/show_bug.cgi?id=1386910
Test page: http://www.searchtools.com/test/redirect/
Tutorial: https://techdows.com/2017/10/firefox-56-warn-me-when-websites-try-to-re…
Genesis: https://bugzilla.mozilla.org/show_bug.cgi?id=465303

I had tested various redirect blockers from AMO, had most of them disabled in one of my Firefox profiles, but they all appear obsolete since the WebExtensions move (didn't search again, just yet).

Anonymous

September 10, 2018

Permalink

no more search field and sites preview when open new tab.
search in config but cant find. no way to back it anymore?it was very useful..im cry..

Join the discussion...

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

6 + 13 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.