New Release: Tor Browser 8.5.1

Tor Browser 8.5.1 is now available from the Tor Browser Download page and also from our distribution directory.

Tor Browser 8.5.1 is the first bugfix release in the 8.5 series and aims at mostly fixing regressions and providing small improvements related to our 8.5 release. Additionally, we disable the WebGL readPixel() fingerprinting vector, realizing, though, that we need a more holistic approach when trying to deal with the fingerprinting potential WebGL comes with.

The full changelog since Tor Browser 8.5 is:

  • All platforms
    • Update Torbutton to 2.1.10
      • Bug 30565: Sync nocertdb with privatebrowsing.autostart at startup
      • Bug 30464: Add WebGL to safer descriptions
      • Translations update
    • Update NoScript to 10.6.2
      • Bug 29969: Remove workaround for Mozilla's bug 1532530
    • Update HTTPS Everywhere to 2019.5.13
    • Bug 30541: Disable WebGL readPixel() for web content
  • Windows + OS X + Linux
    • Bug 30560: Better match actual toolbar in onboarding toolbar graphic
    • Bug 30571: Correct more information URL for security settings
  • Android
    • Bug 30635: Sync mobile default bridges list with desktop one
  • Build System
    • All platforms
      • Bug 30480: Check that signed tag contains expected tag name
Anonymous

June 04, 2019

Permalink

Can you please add an advanced button that will enable us to directly select security level, javascript on/off, and images on/off? Just because you want low IQ grandmas to use Tor doesn't mean you should make all security options hidden and hard to use. If you want my opinion, hiding the security levels on the options page doesn't only make for better informed users, the reason given by the Tor developers for this change. It also ensures that the vast majority of users never get off Standard security. In other words, it ensures less security, not more.

Just my 2 cents.

Security level shield -> Advanced Security Settings Is no good? JavaScript on/off and images on/off are no more hidden or visible than they are in normal Firefox about:config. Customizing too much away from the 3 levels makes your fingerprint stand out. NoScript icon is absent. It can be replaced, but the answer is buried in "New to Tor Browser?" walkthrough that advanced users won't think will say so. Tor Browser Security level is no harder or easier to use than before, two clicks from toolbar icon. The wording on first click could be more instructive, imo. I think it does result in many never getting off Standard.

No. Tor Browser is secure out of the box. If you have to tweak settings to make Tor Browser secure then it's a flaw of Tor Browser. Standard security is actually really secure because Firefox is now hardened against exploits. If you can be exploited when you are on Standard then that's because the Tor Browser is broken, not because you fail to pick a higher security level. And exposing the option only creates a false sense of security.

> Just because you want low IQ grandmas to use Tor

Wow, what a mean-minded engine of complaint you are.

> Just my 2 cents.

You know that's not a raise, right? Not from 50 cents its not.

Love the new icon! Keep up the great work and security!

The shield or the half-covered target?

Plus one!

Idea: one way of understanding the shield icon (for security settings) viz the bullseye icon (for Tor Browser versions for major devices and OS's) might be that these serve as visual reminders that while Tor helps keep Tor users safe, everyone is a target, which implies that people who are not using Tor probably should be using Tor.

Not much to say, but I do want to emphasize on what "qw" and "Thomas Tank engine" mentioned, because these 2 are legit issues.

Old Tor0.3.5.8 in new Tor Browser 8.5.1?
Why not 0.4.0.5/(0.4.0.6)?

We still need to give dormant mode support in the alpha more testing but if nothing comes up we'll switch to 0.4.0.x in the next regular stable release.

"[...]give dormant mode support in the alpha more testing[...]"

Lack of logic?
4.0.5 is STABLE, torproject is testing in alpha and there are a lot of changes/bugfixes like padding.
Agencies needs no backdoors when torproject isn't introducing real improvements like padding faster.

No lack of logic, we need to test the changes in a *Tor Browser* alpha as we have to modify Tor Launcher as well to cope with the dormant mode introduced in the tor *stable*.

i just wanted to comment that i agree with everything Thomas Tank Engine has said. please consider implementing his idea.

Dah, it is now longer for users to go to temporarily change the security level.
If the bookmarks toolbar is shown, will change the screen size.

Can add the Preferences shortcut icon to nav bar (round gear or "sun" shape).
Two clicks & Preferences > Privacy & Security is open.
Share with comrades. Poka

How did you reach the conclusion that it's longer to click the Security Level shield icon, Advanced Security Settings than it is to open the general Preferences page, click the Privacy page, and manually scroll to find the 3 radio buttons?

For security, you don't find a shield icon to be more intuitive than an onion?

Security options are shown in the UI tour since TBB 8.0a10 with Ticket #25695 but the tour may be simplified for returning users. Clicking on the icon brings up about:preferences security options for me.

Just a reminder that users can open discussion about re-instating the security slider through bug report feedback:

In addition to the known issues, we are always looking for feedback about ways we can make our software better for you. If you find a bug or have a suggestion for how we could improve this release, please let us know.
New Release: Tor Browser 8.5

Information to consider...
Why was it removed in the first place? "[T]o make setting security options accessible and more usable for everyone".

Our security slider is an important tool for Tor Browser users, especially for those with sensitive security needs. However, its location behind the Torbutton menu made it hard to access.
Tor Browser Security
During the Tor Browser 8.5 development period, we revamped the experience so now the chosen security level appears on the toolbar. You can interact with the slider more easily now. For the fully planned changes check out proposal 101.
New Release: Tor Browser 8.5

The lead developer of Tor Browser, gk, clarifies a limitation not yet in the manual:

The reason for the current design is that the button on the toolbar is not meant to easily toggle the slider state. It's meant to show you your current state and to offer the option to (re-)set the level if you really need to. It's a global feature affecting the whole browser session and could lead to surprises if used to just change the level for site X.
gk

Thomas the Tank Engine is right. The slider was fine the way it was before.

My recommendations:
a) remove the word "Advanced" from the button "Advanced Security Settings".
b) on the Security setting page under the "Safest" option, append "(editing via NoScript may expose you to fingerprinting)
c) for the "Standard" option please consider having a "No javascript from the FACAAGY corporations" enabled by default", ie. Facebook, Apple, Cloudflare, Amazon, Akamai, Google, Yandex". When a site uses blocked JS, a small speech bubble type element would appear from the NoScript plugin. Informing the person that FACAAGY corporation JS is disabled and how to enable it. The user can click, Go to Security Settings or ignore this message in future.

b) If developers go that route, then Safer rather than Safest. Some sites have trouble on Safer which will cause some users to react by customizing NoScript. And click-to-play media simply adds custom entries to NoScript per-site permissions.
c) I doubt most people will have an idea what you mean by "FACAAGY". It sounds like you want a blocklist built in, but:

Should that be AGAFYCA? (Apple_Google-Amazon-Facebook-Yandex_Cloudflare-Akamai)

Regarding the Security Level. Why not make something similar to https everywhere? Click on the shield icon (which is a nice choice by the way) to show the three options "standard", "safer" and "safest" and besides those options an on/off button each. This would simplify choosing the security level, would be preferable to "Advanced Settings" and look better then a slider. Furthermore you would just need one click.

(Non English speaker; apologies for strange grammar)

They cannot have on/off buttons because the 3 security levels are "mutually exclusive". Appropriate UI widgets for the security levels are radio buttons, a drop-down list, or a slider. On/off buttons are another form of a checkbox. Checkboxes are not mutually exclusive to other checkboxes.

Beauty is not the only thing to design for. Radio buttons provide the most accessible interface for selecting between paragraph-sized descriptions of the levels. The text stays visible when the selection is changed. To its credit, the vertical slider makes the hierarchy relationship between the levels immediately understood, but its compact form demands for the text to be replaced when the user moves the slider.

Lastly, developers basically said in comments to the blog post for Tor Browser 8.5 that they didn't want the levels to be simpler to choose than the old slider location because the level should really only be chosen at the beginning of the New Identity session. A simpler Security UI might lead newbies to change the level frequently in the middle of a session which would make their browsing activity conspicuous. Experienced users know better how to be careful.

If there would exist a prize for high quality software protecting privacy on internet,
then tor-browser would get first prize!

Just one little suggestion.
In order to verify the signature of the tor-browser archive one must be used to work with a CLI
like terminal.
Might it be possible to avoid this and (just like Tails) include the verification of the archive automatically?

Best regards

Include the verification? Think hard about what you're asking. Will an unverified program always be honest in verifying itself? The chicken or the egg. Fox guarding hens. Catch 22. Think about the chain of trust for each verification method. Tails' second method, BitTorrent, verifies that the downloaded file hashes agree with the torrent file or magnet link, but who gave you the torrent file or magnet link? Is the hash algorithm and your torrent program secure? Tails' first method is for you to install a browser extension. Was a man-in-the-middle attack possible? Is their extension signed? Is their server located at a third party hosting datacenter or CDN? Who are you trusting in the chains? Etc.

Learn how a certificate authority (CA) works. Learn whose certificates Windows uses to verify signed installers by non-Microsoft developers. For a spice of history, lookup NSAKEY. Next, contrast the public key infrastructure (PKI) to how the PGP web-of-trust works. Then, ask yourself, "How do I verify the GPG program itself if I have to trust it to run on my system and to verify honestly in order for me to verify it?" Figure out several ways. Next, figure out the best compromise for the most trustworthy way that is within your ability and within your acceptable risk threshold (related to what's called the threat model you decide on). Then, figure out the most trustworthy way that someone who is under threat from leaders of the country they are in or from pervasive global adversaries could do it. Compare to what they did to verify communications before mobile phones and then before the telegraph. Next, reassess your top methods for the types and amounts of metadata each method leaks.

Two examples of point-and-click interfaces for GPG are GPA and Kleopatra. For Windows, they are in the Gpg4win bundle. For Linux, they are in official repositories for most distros. For macOS, GPGTools integrates with the macOS services context menu. Those interfaces were made to manage keys and process e-mail messages. When you verify files, you can import and manage keys in those interfaces, but it might not be possible to verify files except by typing that one "verify" command in a terminal command prompt.

Glorious. Screenshot.

In order to verify the signature of the tor-browser archive one must be used to work with a CLI
like terminal.
Might it be possible to avoid this and (just like Tails) include the verification of the archive automatically?

You only have to verify it manually the first time. You can update automatically after.

You can use graphical programs to verify signatures from the start: Gpg4win for Windows and GnuPG for macOS and Linux. After you install them, you can right-click and verify that two long sets of numbers match. No terminals necessary.

Seit wann wird die extra App Orbot nicht mehr benötigt?

Replying to Mlders:

Question (German):

Seit wann wird die extra App Orbot nicht mehr benötigt?

Question (English):

Since when is the extra Orbot app no longer needed?

Comments from New Release: Tor Browser 8.5:

Hello I'm kind of confused with this stable alpha version of tor browser out do I still need orbot and orfox it seems to run fine when i dont have either installed ?
Anonymous

Orfox is the older version of Tor Browser. In the near future, Orfox users will receive an update pointing them to Tor Browser.

Regarding Orbot, it app is not needed if you only use Tor Browser (because Tor Browser includes its own tor, and it doesn't need an additional app). If you use other apps that need Orbot or if you use other features of Orbot (like the VPN mode), then you still need Orbot for this (Tor Browser does not replace Orbot).
sysrqb (developer)

Answer (German):
Anscheinend wird es noch gebraucht.
Answer (English):
Apparently it is still needed.

First off, will you guys please add the HTTPS-EVERYWHERE and NOSCRIPT icons on the top bar by default (next to the Tor Button)? Those are important enough that they should be there by default without having to add it in customize.

Second, what was the point in changing the security settings UI from the old TorButton way of doing it? It's just adding an extra icon for no reason and less intuitive than the old settings. Also we should really have an an/tracking blocker like uBlock Origin added to TorBrowser by default as well.

You should NOT be changing any settings within these extensions on Tor Browser. They're hidden for the exact reason you want them to be there (people with no clue customizing things on a browser that's supposed to make you look the same as everyone else). If you want to use Tor Browser for anonymity, do not customize it. It very clearly says so.

About ad blocking: It's explained in the Tor documentary, why Tor Browser does not come with ad blocking. There are no "tracking blockers" that work, even if amateurs in forums may have convinced you otherwise. The fact that blacklisting of URLs doesn't work against tracking is why Tor Browser does not implement it and instead tries to solve the problem of tracking by creating separate circuits for different URLs and by making every Tor Browser user look about the same (excluding people like you, who change random settings because they think they know better, and who in turn stand out from the masses).

Your Logic is flawed, tell that to many people who have had their identity revealed trusting default settings in the TBB. Educate yourself and stop believing you are safe cause your using a privacy browser and thinking default settings are good enough.

P.S. Thanks Tor Developers and those who donate, You guys are helping everyone keep their information private. It isn't perfect, but Tor is the best we got for now.

It's not that ad blocking doesn't work against tracking. It works well for certain threat models and configurations, but present implementations are not yet adapted well for the high bar threat model and low false-positives Tor Browser is designed for. A normal browser's fingerprint entropy compared to other normal browsers is drastically reduced by disabling javascript for instance. Populations of Tor Browser users installing different varieties of add-ons compared to most Tor Browser users is yet another issue. Imagine another situation: a normal browser on a free wifi access point that is configured to share one external IP address along with a restaurant or lobby full of other patrons who may or may not agree to synchronize their browsers.

Also we should really have an an/tracking blocker like uBlock Origin added to TorBrowser by default as well.

Technically there is a ticket to add uBlock Origin to Tor Browser. uBlock Origin is a general-purpose blocker (also included with Tails) that can prevent WebRTC from leaking local IP addresses.

Anonymous is right: whitelist security is better than blacklist security.

This is important to mention:
The HTTPS EVERYWHERE icon on the top bar is MISSING SINCE A LONG TIME!

In the older releases it only appeared after some very long delay, but now it does not appear at all.

Even though I agree with removing the NoScript icon, I can not agree with removing the HTTPS EVERYWHERE icon, because it is absolutely needed for turning on HTTPS only mode, what is very very important because exit nodes can not and should not be trusted at all.

(By the way, I hope you have already solved the infinite loop problem what happens when posting here in high security mode, but anyway I posted here now, because the thing about HTTPS EVERYWHERE is very important)

Add it back to your toolbar is you think you need it: Right-click on the toolbar -> Customize... and drag the icon wherever you want to have it on your toolbar, done.

If you're worried about data you send being sniffed by a man in the middle and the site's owners don't enforce HTTPS, then why do you trust the site to protect your data in the first place? If you're worried that exits are logging the full http URL, not just https domain.xyz, ads log the full URL anyway regardless of HTTPS. In that case, start a new identity in the onion icon after you finish using the site.

After update to newest version on iMac Pro Mojave, Tor crashes, cannot roll back to older version, dead in the water, any advice?

What happens exactly when you try to run Tor Browser? Do you have some error message?

Does the same happen with a new install of Tor Browser?

I have the same problem with my macbook, TOR does not connect.

Do you have an error message?

I am running Tor Browser 8.5.1. When I try to set the Master Password, I get an error message that says "Password change failed', and "Unable to change master password".