New Release: Tor Browser 8.5a8

Tor Browser 8.5a8 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

The main change in this new release is the update of Firefox to 60.5.1esr, fixing some vulnerabilities in the Skia library.

Note: We usually make sure that the build of each Tor Browser release is reproducible by having two separate people building it before we publish a new release. However, due to some people being unavailable this week, we are having some delays doing this verification for this alpha release. Because this release includes an important security fix that we want to release quickly, we will be checking the reproducibility of the build afterward. If you are interested in reproducing our build, you can find information about that on our wiki page. Update: we have now reproduced the build.

Note 2: The download link for the Android version is still pointing to 8.5a7 as we have not yet signed the 8.5a8 build. We plan to fix this soon. Update: This is now fixed.

The full changelog since Tor Browser 8.5a7 is:

  • All platforms
    • Update Firefox to 60.5.1esr
    • Update HTTPS Everywhere to 2019.1.31
    • Bug 29378: Remove from default bridges
    • Bug 29349: Remove network.http.spdy.* overrides from meek helper user.js
  • Build System
    • All Platforms
      • Bug 29235: Build our own version of python3.6 for HTTPS Everywhere
      • Bug 29167: Upgrade go to 1.11.5
    • Linux
      • Bug 29183: Use linux-x86_64 langpacks on linux-x86_64

February 15, 2019


Link on the download page is wrong for Android (or the proper android build is missing). There is no tor-browser-8.5a8-android-armv7-multi.apk in the download directory, only tor-browser-8.5a8-android-armv7-multi-qa.apk. Is this build OK to use?


February 15, 2019


I want to join in this project

This page has some information about contributing to the project:

I m new

Hello Tor Project devs!
Thanks for your hard work. I was wondering what happen to Tor Browser 8.5a8 for Android. I can't seem to download it directly from Tor Project website

in tor browser android, if i use bridges it fails to start

I tried several obfs4 and obfs3 ones

How are you configuring those bridges and what happens?


This humor is not funny any more:

We've detected that you have connected over Tor. There appears to be an issue with the Tor Exit Node you are currently using. Please recreate your Tor circuit or restart your Tor browser in order to fix this.

If this error persists, please let us know:

i dont know this thing work

im new

No comète

still destroys the clipboard!

If Tor is dynamically linked, is that less secure ?

Is it a possibility that someone could introduce a custom library that looks 'binary the same' to one used dynamically by Tor, but calls off into another custom code, by somehow placing it on disk ?

Or is this nonsense ? (quietly hoping so)

Hello, world

Hi all,
I used to use Tor on my Mac but it doesn't run anymore. As soon as I click on it, it seems it wants to open but the logo disappears and doesn't open. I have tried all different versions but I can not open either of them. Can you help?

Which version of Mac OS are you using?

I have literally the exact same problem. OS version 10.13.6

How do I access the fucked up part of the dark web. Eg; cannabalism

The request could not be satisfied.
Request blocked.

Generated by cloudfront (CloudFront)
Request ID: HD5uUKwkEb86hGxCv0FDXvEIC6MEVaGyoTW9pCeuXGFvttsbdUqquQ==

Choose another circuit


the browser is not starting if bridges are used.
is that normal?

No. It might be that the bridge you are trying to use is offline.

Do you have some error logs?

I tried many it doesnt even start and if I remove bridges it starts normally

I also have a separate orbot with bridges and vpn mode enabled

do you think this is the reason? maybe only one can run with bridges and the other not? I dont understand what is wrong

How are you configuring bridges in Tor Browser?

I do it manually the same way used in orbot

1- click on use bridges slider button in the main interface
2- go to options and tick the box use bridges (i dont know why you need to enable twice but maybe its another unrelated bug)
3- enter the bridges obtained earlier from bridges site and click ok to save
4- try to start (it doesnt)

what to do now?

Where do you get stuck? What is the log saying (you can swipe to the left on the right side to get it into view)?

Okay, so I looked closer at that. It seems for some reason we a) don't get pluggable transport support stemming from Orbot for free even though we are compiling and using it and b) even if you want to use normal Tor bridges (no pluggable transport) this is only possible if you have PT support available as Orbot checks this case and only proceeds if it finds the obfs4proxy binary, which is rather unfortunate. I am sorry, but for now this is not working (as you found out :) ). I am working on getting this fixed for the next release, though.

the strange thing is bridges work just fine with normal orbot, so I hope in the next release both could work with bridges

do you have a ticket for this and when is the next release?

I think I added the relevant bits in which should give us parity to standalone Orbot. The next release is likely happening in 2 weeks.

I am new here . I want to know this How to work

I hope any conflicts with standalone orbot are investigated and resolved, testing all options to see if that breaks anything. There is a wide userbase that still use orbot. I'm interested to see any tickets in that regard. Thank you all.

There should not be any conflicts with the standalone Orbot given that Tor Browser is using differnent SOCKS and Control Ports. Do you have something specific in mind? In general our mobile related tickets are tagged with tbb-mobile, so… gives you an overview of all the mobile related issues we are currently aware of.

What is the purpose of VPN functionality in Tor Browser if one is already available in Orbot? What happens if both are activated? Can VPN mode in Tor Browser control other apps as well? If it does, what happens after Tor Browser is closed?

Lastly, if VPN mode in Tor Browser's own Orbot has no purpose then why not remove it all together?

This is confusing for the average user and I couldn't find answers in the Documentation Section.

On a side note, the design of having Tor Browser start with its Orbot means it has to connect to Tor all over again each time Tor Browser is started. Before that was introduced, Orbot used to run conveniently in the background and Tor Browser can be opened any number of times without having to reconnect.

There is no VPN functionality in Tor Browser. We have disabled it. We did not remove it yet because we are still changing the underlying architecture to switch to the Tor Onion Proxy Library ( and after that is done all the UI is getting cleaned up accordingly.

This is an alpha version and things are still in flux. :)

Tor Browser starting with Orbot establishing a connection first is modeling the desktop Tor Browser because that's the most convenient/secure solution we have found so far: you can be sure to have a Tor/Orbot ready once you want to use the browser and don't have to wait for that getting weird proxy-connection-refused errors or delayed page loading, not knowing why this is happening.

We might be able to do better, in particular on mobile. But the model we have right now will be the baseline we start from exploring things further.

Tor Browser 8.5a8 is based on Firefox 60.5.1ESR. But when I checked the latest Firefox, it seems like Firefox version is 65.0.1. 60.5.1 = 65.0.1? Outdated or typing error?

Neither! :) Mozilla has two different release trains: the "normal" one and the "enterprise" one. Tor Browser is on the latter and it is based on Firefox 60 (hence, 60.5.1) while the "normal" one is currently 65.0.1.

Am using Linux, and this is the result:

User-Agent Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0

Passive, SYN Linux 2.2.x-3.x (no timestamps) | Language: Unknown | Link: Ethernet or modem | MTU: 1500 | Distance: 14 Hops

It has been like this for a few iterations of the Tor browser, will it ever going to be fixed?

That's not a Tor Browser bug (and is likely not a bug at all) and you get it on Windows machines, too. What is happening is that this test is trying to find out the OS of the machine the request came from. But that is not your computer. Rather, it's the exit relay that gets fingerprinted instead. It seems that in your case it is running Linux, which is not much surprising...