New Release: Tor Browser 8.5

[Update 5/22/2019 8:18 UTC: Added issue with saved passwords and logins that vanished to Known Issues section.]

Tor Browser 8.5 is now available from the Tor Browser download page and also from our distribution directory. The Android version is also available from Google Play and should be available from F-Droid within the next day.

This release features important security updates to Firefox.

After months of work and including feedback from our users, Tor Browser 8.5 includes our first stable release for Android plus many new features across platforms.

It's Official: Tor Browser is Stable on Android

Tor Browser 8.5 is the first stable release for Android. Since we released the first alpha version in September, we've been hard at work making sure we can provide the protections users are already enjoying on desktop to the Android platform. Mobile browsing is increasing around the world, and in some parts, it is commonly the only way people access the internet. In these same areas, there is often heavy surveillance and censorship online, so we made it a priority to reach these users.

Tor Browser for Android

We made sure there are no proxy bypasses, that first-party isolation is enabled to protect you from cross-site tracking, and that most of the fingerprinting defenses are working. While there are still feature gaps between the desktop and Android Tor Browser, we are confident that Tor Browser for Android provides essentially the same protections that can be found on desktop platforms.

Thanks to everyone working on getting our mobile experience into shape, in particular to Antonela, Matt, Igor, and Shane.

Note: Though we cannot bring an official Tor Browser to iOS due to restrictions by Apple, the only app we recommend is Onion Browser, developed by Mike Tigas with help from the Guardian Project.

Improved Security Slider Accessibility

Our security slider is an important tool for Tor Browser users, especially for those with sensitive security needs. However, its location behind the Torbutton menu made it hard to access.

Tor Browser Security

During the Tor Browser 8.5 development period, we revamped the experience so now the chosen security level appears on the toolbar. You can interact with the slider more easily now. For the fully planned changes check out proposal 101.

A Fresh Look

We made Tor Browser 8.5 compatible with Firefox's Photon UI and redesigned our logos and about:tor page across all the platforms we support to provide the same look and feel and improve accessibility.

Tor Browser icons

The new Tor Browser icon was chosen through a round of voting in our community.

We'd like to give a big thanks to everyone who helped make this release possible, including our users, who gave valuable feedback to our alpha versions.

Known Issues

Tor Browser 8.5 comes with a number of known issues. The most important ones are:

  1. While we improved accessibility support for Windows users during our 8.5 stabilization, it's still not perfect. We are in the process of finishing patches for inclusion in an 8.5 point release. We are close here.
  2. There are bug reports about WebGL related fingerprinting which we are investigating. We are currently testing a fix for the most problematic issue and will ship that in the next point release.
  3. The upgrade to Tor Browser 8.5 broke saved logins and passwords. We are investigating this bug and hope to provide a fix in an upcoming point release.

We already collected a number of unresolved bugs since releasing Tor Browser 8 and tagged them with our tbb-8.0-issues keyword to keep them on our radar. Check them out before reporting if you find a bug.

Give Feedback

In addition to the known issues, we are always looking for feedback about ways we can make our software better for you. If you find a bug or have a suggestion for how we could improve this release, please let us know.

Full Changelog

The full changelog since Tor Browser 8.0.9 is:

  • All platforms
    • Update Firefox to 60.7.0esr
    • Update Torbutton to 2.1.8
      • Bug 25013: Integrate Torbutton into tor-browser for Android
      • Bug 27111: Update about:tor desktop version to work on mobile
      • Bug 22538+22513: Fix new circuit button for error pages
      • Bug 25145: Update circuit display when back button is pressed
      • Bug 27749: Opening about:config shows circuit from previous website
      • Bug 30115: Map browser+domain to credentials to fix circuit display
      • Bug 25702: Update Tor Browser icon to follow design guidelines
      • Bug 21805: Add click-to-play button for WebGL
      • Bug 28836: Links on about:tor are not clickable
      • Bug 30171: Don't sync cookie.cookieBehavior and firstparty.isolate
      • Bug 29825: Intelligently add new Security Level button to taskbar
      • Bug 29903: No WebGL click-to-play on the standard security level
      • Bug 27290: Remove WebGL pref for min capability mode
      • Bug 25658: Replace security slider with security level UI
      • Bug 28628: Change onboarding Security panel to open new Security Level panel
      • Bug 29440: Update about:tor when Tor Browser is updated
      • Bug 27478: Improved Torbutton icons for dark theme
      • Bug 29239: Don't ship the Torbutton .xpi on mobile
      • Bug 27484: Improve navigation within onboarding (strings)
      • Bug 29768: Introduce new features to users (strings)
      • Bug 28093: Update donation banner style to make it fit in small screens
      • Bug 28543: about:tor has scroll bar between widths 900px and 1000px
      • Bug 28039: Enable dump() if log method is 0
      • Bug 27701: Don't show App Blocker dialog on Android
      • Bug 28187: Change tor circuit icon to torbutton.svg
      • Bug 29943: Use locales in AB-CD scheme to match Mozilla
      • Bug 26498: Add locale: es-AR
      • Bug 28082: Add locales cs, el, hu, ka
      • Bug 29973: Remove remaining stopOpenSecuritySettingsObserver() pieces
      • Bug 28075: Tone down missing SOCKS credential warning
      • Bug 30425: Revert armagadd-on-2.0 changes
      • Bug 30497: Add Donate link to about:tor
      • Bug 30069: Use slider and about:tor localizations on mobile
      • Bug 21263: Remove outdated information from the README
      • Bug 28747: Remove NoScript (XPCOM) related unused code
      • Translations update
      • Code clean-up
    • Update HTTPS Everywhere to 2019.5.6.1
    • Bug 27290: Remove WebGL pref for min capability mode
    • Bug 29120: Enable media cache in memory
    • Bug 24622: Proper first-party isolation of s3.amazonaws.com
    • Bug 29082: Backport patches for bug 1469916
    • Bug 28711: Backport patches for bug 1474659
    • Bug 27828: "Check for Tor Browser update" doesn't seem to do anything
    • Bug 29028: Auto-decline most canvas warning prompts again
    • Bug 27919: Backport SSL status API
    • Bug 27597: Fix our debug builds
    • Bug 28082: Add locales cs, el, hu, ka
    • Bug 26498: Add locale: es-AR
    • Bug 29916: Make sure enterprise policies are disabled
    • Bug 29349: Remove network.http.spdy.* overrides from meek helper user.js
    • Bug 29327: TypeError: hostName is null on about:tor page
    • Bug 30425: Revert armagadd-on-2.0 changes
  • Windows + OS X + Linux
    • Update OpenSSL to 1.0.2r
    • Update Tor Launcher to 0.2.18.3
      • Bug 27994+25151: Use the new Tor Browser logo
      • Bug 29328: Account for Tor 0.4.0.x's revised bootstrap status reporting
      • Bug 22402: Improve "For assistance" link
      • Bug 27994: Use the new Tor Browser logo
      • Bug 25405: Cannot use Moat if a meek bridge is configured
      • Bug 27392: Update Moat URLs
      • Bug 28082: Add locales cs, el, hu, ka
      • Bug 26498: Add locale es-AR
      • Bug 28039: Enable dump() if log method is 0
      • Translations update
    • Bug 25702: Activity 1.1 Update Tor Browser icon to follow design guidelines
    • Bug 28111: Use Tor Browser icon in identity box
    • Bug 22343: Make 'Save Page As' obey first-party isolation
    • Bug 29768: Introduce new features to users
    • Bug 27484: Improve navigation within onboarding
    • Bug 25658+29554: Replace security slider with security level UI
    • Bug 25405: Cannot use Moat if a meek bridge is configured
    • Bug 28885: notify users that update is downloading
    • Bug 29180: MAR download stalls when about dialog is opened
    • Bug 27485: Users are not taught how to open security-slider dialog
    • Bug 27486: Avoid about:blank tabs when opening onboarding pages
    • Bug 29440: Update about:tor when Tor Browser is updated
    • Bug 23359: WebExtensions icons are not shown on first start
    • Bug 28628: Change onboarding Security panel to open new Security Level panel
    • Bug 27905: Fix many occurrences of "Firefox" in about:preferences
    • Bug 28369: Stop shipping pingsender executable
    • Bug 30457: Remove defunct default bridges
  • Windows
    • Bug 27503: Improve screen reader accessibility
    • Bug 27865: Tor Browser 8.5a2 is crashing on Windows
    • Bug 22654: Firefox icon is shown for Tor Browser on Windows 10 start menu
    • Bug 28874: Bump mingw-w64 commit to fix WebGL crash
    • Bug 12885: Windows Jump Lists fail for Tor Browser
    • Bug 28618: Set MOZILLA_OFFICIAL for Windows build
    • Bug 21704: Abort install if CPU is missing SSE2 support
  • OS X
    • Bug 27623: Use MOZILLA_OFFICIAL for our builds
  • Linux
    • Bug 28022: Use `/usr/bin/env bash` for bash invocation
    • Bug 27623: Use MOZILLA_OFFICIAL for our builds
  • Android
  • Build System
    • All platforms
      • Bug 25623: Disable network during build
      • Bug 25876: Generate source tarballs during build
      • Bug 28685: Set Build ID based on Tor Browser version
      • Bug 29194: Set DEBIAN_FRONTEND=noninteractive
      • Bug 29167: Upgrade go to 1.11.5
      • Bug 29158: Install updated apt packages (CVE-2019-3462)
      • Bug 29097: Don't try to install python3.6-lxml for HTTPS Everywhere
      • Bug 27061: Enable verification of langpacks checksums
    • Windows
    • OS X
    • Linux
      • Bug 26323+29812: Build 32bit Linux bundles on 64bit Debian Wheezy
      • Bug 26148: Update binutils to 2.31.1
      • Bug 29758: Build firefox debug symbols for linux-i686
      • Bug 29966: Use archive.debian.org for Wheezy images
      • Bug 29183: Use linux-x86_64 langpacks on linux-x86_64
    • Android
      • Bug 29981: Add option to build without using containers

You can't change about:tor, but you can type search words in the address bar and click one of the engine icons that appear under it. Press Enter to use the default search engine. You can change the default engine in about:preferences -> side column: Search. Or you can add a search box to the toolbar at the top of that preferences Search page.

Anonymous

June 02, 2019

Permalink

I could swear that when I last used Tor quite a while ago, there was a link to a list of trusted and legitimate onion websites (such as email websites) and I cannot find anything. I'm nervous to do anything on Tor at the moment because I'm not sure what is legitimate or secure.

> I could swear that when I last used Tor quite a while ago, there was a link to a list of trusted and legitimate onion websites (such as email websites) and I cannot find anything

Are you using Tor Browser installed in your Microsoft/Apple/Linux system? Or in Tails? The version in Tails offers a few bookmarks (to clearnet webmail sites such as Riseup).

> I'm nervous to do anything on Tor at the moment because I'm not sure what is legitimate or secure.

Did you install Tor Browser 8.5 after verifying the detached signature of the tarball obtained from torproject.org? Or burn a Tails DVD after verifying the detached signature of the ISO image obtained from tails.boum.org? If so your Tor Browser should be *legitimate*.

*Secure* is a much more difficult quality to estimate and is also time dependent. As a practical matter, users must rely upon incomplete knowledge to make the best guesses they can based upon what they know and whom they trust.

It is probably helpful to think about security/anonymity citizen tools like Tor Browser (and Tails) as being the good guys in an arms race with a host of dangerous and well resourced but not truly omniscient or omnipotent bad guys like NSA/TAO. Our worst enemies are far better funded than Tor Project but we must bear in mind that they have problems too (drowning in information, barraged by demands for urgent "solutions" to issues which might not affect most Tor users at all, hampered by concern about their own poor OpSec and sometimes about trying to avoid attributability, confused by myriads of software and hardware which can make finding zero day exploits more of a challenge even for initial stages of compromise, etc).

There is a great deal of misinformation (some of it very possibly manufactured by our enemies) constantly being promoted in mainstream media and other sources, which tends to deter potential Tor users from trying to learn more about Tor, and tends to distract from issues which may pose the greatest risk to the most endangered people. For example, the recent Mozilla issue has highlighted one of the most difficult problems which confronts the Tor community: Tor Project software is open source and TP tries to audit it, so obvious "backdoors" are unlikely to appear in binaries produced by TP, but Tor software incorporates code from other open source projects which may not receive as much scrutiny; even worse, security critical components such as pseudorandom number generators have parameters which can be subtly altered to cripple them.

But the single biggest risk to most Tor users is probably security vulnerabilities in the system on which they are running Tor Browser (or another TP product). Tails is an excellent choice for a convenient and easy to use Linux system (based on Debian) booted from DVD or USB, which tries to implement many basic protections against unknown vulnerabilities or accidental leaks, such as modest AppArmor and a stringent Tor-friendly firewall. But Tails also has long standing issues with using persistent entry nodes (counter-intuitively, this is desirable for better anonymity) and, some users fear, with ensuring excellent entropy (for stream encryption).

(Tails can be used with a commercial entropy source but independent tests suggest these devices produce poor quality pseudorandom bitstreams.)

It would be wonderful if Tor Project kept in a visible place a few handy links to the best sites which can help ordinary people--- these days the list of endangered people includes reporters, diplomats, lawyers, telecom engineers, small business owners, election officials, social workers, medical providers, i.e. just about anyone--- such as ssd.eff.org. I particularly recommend that anyone who suspects they may become a target for corporate or state-sponsored cyberespionage or cyberwar actions start here:

https://ssd.eff.org/en/module/your-security-plan

Hope this helps!

Anonymous

June 03, 2019

Permalink

In tar : tor-browser-linux64-8.5_en-US.tar.xz

File : tor-browser_en-US/Browser/.config/gtk-3.0/settings.ini

Add Lines :
gtk-recent-files-max-age=0
gtk-recent-files-limit=0

To prevent file : ~/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/.local/share/recently-used.xbel

Being populated with a complete record of all files downloaded.

Thank you.

Anonymous

June 03, 2019

Permalink

On previous versions of Tor, I used to notice a drop down which appeared that said, "Will you allow [website name] to use your HTML5 canvas image data? This may be used to uniquely identify your computer." With this newest version of Tor that drop down no longer appears on many of the same websites it used to. I'm not as technically literate as many of the people in this discussion, so I was wondering if someone can explain why this canvas fingerprinting drop down longer appears, and whether or not my anonymity in the way of canvas fingerprinting is as secure as it was in previous versions?

Maybe it has to do with the about:config setting privacy.resistFingerprinting.autoDeclineNoUserInputCanvasPrompts

Woops sorry I asked this dumb question. Like I said I'm not very technically literate lol. I answered my question for myself after opening my eyes a bit for the new version: canvas fingerprinting management no longer drops down on its own by default... You now have to click the little canvas icon around the left side of the Tor address bar that looks like a little mountain and a sun; the one that says "manage canvas extraction permission" when you hover the cursor over it. After clicking it you can see the notice "Will you allow [website name] to use your HTML5 canvas image data? This may be used to uniquely identify your computer." to select allow data access or not.

After the update, I can not go through the browser to "localhost". And I can not run my sites on the tor network

Could you give us steps to reproduce your problems? And what does "can not run my sites on the tor network" mean?

Since updating the Tor Browser to version 8.5, I can no longer play videos or audio. I thought that the Tor browser had gotten corrupted when updating so I did a fresh install, but I still have the problem. I also cannot run the browser sandboxed in Sandboxie. Are these intentional changes? Such problems certainly limit the usability of this browser.

Could you give us steps to reproduce you video playing issues? (on what operating system, what Tor Browser modifications did you do...) For the sandboxing issues, see: https://trac.torproject.org/projects/tor/ticket/30660. You could help us tracking down the issue by following up on the two questions I asked.

The video issues have something to do with the webgl setting in NoScript. I prefer to disable webgl unless I absolutely need it. Up until I updated to Tor Browser v 8.5, I used to disable (uncheck) webgl in the NoScript settings for all 3 categories, "default," "trusted," and "untrusted." When I unchecked the webgl setting in v. 8.5, I could not get videos to play even if I re-checked off (enabled) webgl in all three categories. However, if I exited the Tor Browser and relaunched it, the videos would play as long as I did not disable the webgl setting in any category. I would like to be able to disable webgl, and still play videos, because I believe that webgl is a security risk.

I have not made any Tor Browser modifications. My operating system is Windows 10 Home Edition, Version 1803, OS Build 17134.765.

As for the sandboxing issues, I left a comment on the ticket you linked to.

Okay, so you took a clean, new Tor Browser 8.5 and watching Youtube videos worked? Does setting the security state to "safer" and (doing the click-to-play dance on Youtube) still get you working videos? Or does that already break? What do you set exactly in a clean Tor Browser 8.5 in NoScripts settings menu to make video playback break?

I've been doing some testing, and this problem appears to be more complex than I first thought. I have been able to reproduce the problem by taking the following steps: I start the Tor Browser and YouTube videos will play as long as I do not touch the settings in NoScript or change the security level from "Standard." If I uncheck either "scripts" or "WebGL" in the NoScript Default tab, videos will stop playing. All I see is a circle spinning in the middle of the video player. Re-enabling "scripts," when that has been unchecked alone, does not fix the problem. In other words, there is no way to re-enable the playing of videos once anything has been unchecked in NoScript.

If I change the Tor Browser security level to "safer," the videos stop playing and there is no way to enable them. Again, all I see is the spinning circle even if I try to set NoScript to allow YouTube to play. Even disabling script blocking for the YouTube tab will not allow the videos to play. So, the problem seems to have something to do with how NoScript is allowing or blocking scripts running on the page. But, there is no way to customize this, as I used to do by preventing scripts and WebGL from running on the Default tab and then just enabling scripts on sites I trust.

Another observation I made (which may or may not be related to the video playing problem) is that the browser seems to be using more memory than it did in the previous version. Closing tabs, even down to one tab, does not release any memory. When this memory issue occurs, the pages in the tabs do not render immediately when I click on the tab. What I see is a circle of bars spinning around for a long time before the page displays. And if the problem gets bad enough, only the top half of the page will display and the bottom half is blank.

I occasionally get the warning message that a script is slowing down Tor Broswer and asking me if I want to stop it. This makes me think that both problems, the videos not playing and the high memory usage, are related to script blocking.

Thanks for the investigation: If you change the Tor Browser security level to "safer" do you mean changing it during the video playing or are you seeing the problem after setting the settings to "safer" and then trying to play the video?

Is there a way to migrate bookmarks on Tor Browser Android? I don't wont to use Sync.
On Windows you can copy the json file, or do a backup, I can't seem to find anything on Android.
THANKS

There are some users that managed to copy some saved bookmarks over, but there is no good in app solution for that yet, alas.

Is there an issue with saving images on Android using Tor Browser - Save image.

Screenshot doesn't work as well. I guess must be a big privacy issue.

What happens if you try to save images? How can we reproduce your problem? Regarding the screenshot, yes, this is currently disabled as it is a privacy issue. We want to provide a better solution here, though, see: https://trac.torproject.org/projects/tor/ticket/27904.

Nothing happens, when you Click Save Image (on Android), the prompt just disappears. and you assume the image is being downloaded but nothing shows in the download manager,
Storage permission is allowed by the way.

gk said:

What happens if you try to save images? How can we reproduce your problem? Regarding the screenshot, yes, this is currently disabled as it is a privacy issue. We want to provide a better solution here, though, see: https://trac.torproject.org/projects/tor/ticket/27904.

terrible. doing same as mozilla did firefox. bury functionality and options in more screens
REMOVED security slider.
REMOVED NOSCRIPT

shame

The slider did not get removed. In fact, it did not even get buried in more screens. The level of screens stayed the same. Yes, we removed NoScript from the toolbar. If you think you really need it and take the risk of navigating its user interface properly, feel free to add it back to the toolbar (while we are working on exposing the per-site security settings directly in the browser: https://trac.torproject.org/projects/tor/ticket/30570). It's still there. However, the NoScript interface is not needed for everyone else and just confusing which is why we hid it.

Why not use Ocserv(Openconnect) and Wireguard which work well in China to make new kinds of bridge?

I guess mainly because nobody has investigated whether it is possible to use those for pluggable transports. It's probably hard to look like Wireguard traffic on the wire but even if it was possible to blend in, it might be possible for censors to just block that kind of traffic and be done with this pluggable transport. We might need better strategies in that case.

China goverment has blocked Wireguard website but Wireguard still work normally in China. They know Wireguard but they have no idea for blocking it in short time. And how about Openconnect? It works normally in China (Not only Anyconnect client,but Openconnect-gui) for ten years more.

On a Linux computer, Tor warns that maximizing the browser is a security risk as it can publicize your screen size, but on mobile, Tor takes up one's entire screen. I'm just a layman, but is it possible for Tor to run on only part of a screen on a mobile device? If not, how much of a risk does this present?

I am not sure whether it's possible to just use a part of the mobile screen. But we have a ticket to investigate that and provide the same screen size related fingerprinting protections to mobile: https://trac.torproject.org/projects/tor/ticket/27083. We just did not get to that yet.

Tor Android doesn't show a Tor button and there is no icon to check the circuit. Do I need to use the desktop version for this?
Thanks.

Yes, there are a bunch of features not implemented yet on mobile which are available on desktop. We try to get that set reduced over the coming months, but so far you can check out what we already have on our radar by following tickets with the tbb-parity keyword: https://trac.torproject.org/projects/tor/query?status=accepted&status=a….

(The missing circuit display on mobile is among them)

Dear developers,
I'm still experimenting but I think that Windows 10 is "spying" on the TOR browser. With Linuxes didn't see the problem. Two times I experimented with a visit to sites about 'Dating' and the other one about 'Health', with TOR browser, but NEVER with ordinary browsers.
I always deny most of the cookies in ordinary browsers.
I was looking at news on 'Microsoft Edge' and dating ads appeared, also a few days back had also health ads.
If I see my that ads about my third experiment comes up, I will post here again.

how may I download the Desktop icons?

Trademark/Copyright FAQ
Option 1: In your tor-browser folder, icons are in this folder: /Browser/browser/chrome/icons/default
Option 2: Browse the git tree. Click official, alpha, or nightly folder. Click "plain" at the end of the row for one of the icon image files.

Other icons in the Tor Project style guide.
Icons that were in the round of voting for the current icon

ваш тор все хуже и хуже, вообще в говно превратили браузер, куда дели настройки, которые были под луковичкой в верхнем левом углу? зачем убрали возможность сменить IP для отдельной страницы, не перегружая весь браузер? Дерьмо. Верните все назад, как было. Этим уже нельзя пользоваться.

We moved that a while ago to the information box (you get to it by clicking the "i" icon in your toolbar).