New Release: Tor Browser 9.0.1

Tor Browser 9.0.1 is now available from the Tor Browser download page and also from our distribution directory.

Tor Browser 9.0.1 is the first bugfix release in the 9.0 series and aims to mostly fix regressions and provide small improvements related to our 9.0 release. Additionally, we are adding a banner on the starting page for our fundraising campaign Take Back the Internet with Tor.

Known Issue

For each new release, two members from our team are building the release separately and compare the result to make sure that it is reproducible. For the 9.0 and 9.0.1 releases, however, an issue that we are still investigating is making our build not completely deterministic. As a workaround for this issue, we had to do multiple builds until we got matching builds. You might need to do the same if you are trying to reproduce our build.

Note: due to some delay with the signing, the Android version is not yet available. We expect to be able to publish the signed Android version in a few hours. Update: the Android version has been published.

ChangeLog

The full changelog since Tor Browser 9.0 is:

  • All Platforms
    • Update NoScript to 11.0.4
      • Bug 21004: Don't block JavaScript on onion services on medium security
      • Bug 27307: NoScript marks HTTP onions as not secure
    • Bug 30783: Fundraising banner for EOY 2019 campain
    • Bug 32321: Don't ping Mozilla for Man-in-the-Middle-detection
    • Bug 27268: Preferences clean-up
  • Windows + OS X + Linux
    • Update Tor Launcher to 0.2.20.2
      • Bug 32164: Trim each received log line from tor
      • Translations update
    • Bug 31803: Replaced about:debugging logo with flat version
    • Bug 31764: Fix for error when navigating via 'Paste and go'
    • Bug 32169: Fix TB9 Wikipedia address bar search
    • Bug 32210: Hide the tor pane when using a system tor
    • Bug 31658: Use builtin --panel-disabled-color for security level text
    • Bug 32188: Fix localization on about:preferences#tor
    • Bug 32184: Red dot is shown while downloading an update
  • Android
    • Bug 32342: Crash when changing the browser locale
fake name

November 09, 2019

Permalink

I am new to Tor. Could you tell me if it is able to block ad's on websites I'm viewing please?

Welcome! Yes, Tor Browser is able to block some ads and trackers if you click the shield icon to raise the security level. It is not bundled with a normal type of adblocker. Please read the Tor Browser User Manual as well as the Support FAQ and Documentation pages linked in the top header of torproject.org. Near the top of the Documentation page, you can find the old Overview and old General FAQ.

fake name

November 10, 2019

Permalink

Tor was running fine. Now when i open Tor all i get is 'Gah! Your tab just crashed'. I uninstalled, reinstalled Tor. Problem still exists every attempt to use Tor.

fake name

November 10, 2019

Permalink

I am getting error "firefox.exe"
"Te application was unable to start correctly (0xc000007) Click OK to close the application"

Does this mean the Tor Browser 9.01 is not portable anymore?

I am running Windows 7
I tried both
torbrowser-install-9.0.1_en-US
and torbrowser-install-win64-9.0.1_en-US

Tor Browser 9.0.1 is supposed to work on Windows 7.

A possibility is that a missing Windows update is causing this issue. At least that's what searching this error in a search engine seems to indicate. You can try to install the latest Windows updates if they are not installed yet.

It's not that Avira isn't good, per say. When this happens, it's usually the case that the Tor Browser version was too new for scanners to recognize it. A few days after this version was released, the scanner providers updated their virus definitions and found that Tor Browser, while it may contain what looks like it could be something suspicious to a heuristic scanner, is actually clean. Its first incorrect reaction is called a "false positive". Most of the time, it is resolved simply by waiting a few days and then scanning it again. Regardless, it is recommended to always verify Tor Browser's cryptographic signature for integrity and authenticity which you can do immediately.

If you still want to change you scanner, look at professional research comparisons of them:
https://www.av-comparatives.org/
https://www.av-test.org/
https://www.virusbulletin.com/testing/

fake name

November 11, 2019

Permalink

Request to access cookie or storage on “https://....” was blocked because we are blocking
all third-party storage access requests and content blocking is enabled.

...many websites still not loading properly, especially thumbnails are missing.

fake name

November 12, 2019

Permalink

How can I export TBB's bookmark without internet? Before version run /tor-browser_en-US/Browser/firefox --safe-mode, but now can't

You can backup the SQLite bookmarks database and later overwrite the database in Tor Browser when you want to restore from your backup. When you restore the backup, this procedure overwrites all bookmarks in Tor Browser with your backup copy. Tor Browser must be closed before these procedures, or the database file could become corrupted. I don't know of an easy way to export and import bookmarks by HTML in Tor Browser without internet.

Backup:
Close Tor Browser. Open the folder where tor-browser was installed. Go to ./Browser/TorBrowser/Data/Browser/ Copy places.sqlite to a folder outside of the Tor Browser folder.

Restore:
Close Tor Browser. Go to that folder inside the tor-browser folder. Copy your backup places.sqlite into that folder and overwrite the file there.

fake name

November 12, 2019

Permalink

When you open it in full screen, there are empty areas around the edges, how to remove them?

fake name

November 14, 2019

Permalink

Hello torproject,

what's the reason for, everytime clicking on the Security level icon, want to see Optoins,
the tor Logs, the Tor Browser is Phoning Home to torproject. For what? Why? Is phoning home, telemetry the new must have?

I'm not you(-: but i have the same problem.
All updates within about:config are off but Torbrowser is phoning home in the same form to aus1.torproject.org .
Phoning home is ALL unwanting automated connection, all unwanted automatic updating to a server/machine you don't want and you can't switch it off. Switch it off without tricks, without hack the programm. Try to switch off all phoning home -unwanted telemetry- in MicrosoftWindows10, and you know what i mean with phoning home, hardcore.
Torbrowser/FirefoxESR should not going the same way. I am really not the only one who think so. A lot of professionals think so too, because its logic.

In other words, you all want it to "phone home" as you call it, only when you tell it to phone home? There are too many misunderstandings here to sort through. Your traffic is mixed in the Tor network. It's not like regular internet routing. "Phoning home" implies sending your data to them, but it doesn't do that. The worst I see from it is a regular timed heartbeat through the exit relays that, if all exits in all countries are ever monitored by the same group which is not feasible anyway, could merely estimate how long that browser has been open and predict when the next beat will occur. The heartbeat looks exactly like everyone else's except shifted by a unique phase time. I don't know if its phase shifts when the browser starts a new identity or how much randomness is added by the browser, the Tor protocol, and the network. If it's triggered when the user opens the Preferences tab as comments said, that's more randomness.

fake name

November 14, 2019

Permalink

Tor browser 9.0.1 is connecting to:

firefox.settings.services.mozilla.com:443

It connects consistently to this address. Seems to be some kind of hardcoded telemetry. This needs to be fixed.
There is also a mozilla CDN connection that happens sometimes but couldn't copy url fast enough.

>Tor browser 9.0.1 is connecting to:
>firefox.settings.services.mozilla.com:443

Easy to solve yet unlike the problem with unwanted automated updating.
about:config, delete these entries.Solved.

fake name

November 14, 2019

Permalink

Tor Browser 9.01 only works in safe mode. When I star tor browser normaly the application hang

Depósito con errores , tipo 0
Nombre de evento: AppHangB1
Respuesta: No disponible
Identificador de archivo .cab: 0

Firma del problema:
P1: firefox.exe
P2: 68.2.0.7031
P3: 00000000
P4: c966
P5: 67246080
P6:
P7:
P8:
P9:
P10:

fake name

November 18, 2019

Permalink

In response to Boklm’s comment on November 8, in relation to the NoScript toolbar button that “not all options from this button are safe to use”
A user asked the question:
“Which options are not safe and why?
Could I request that, if you or your colleagues are going to state such things, esp. warnings, in the future could you/they expand on what they are saying so that users are better informed and can take action?”

Apart from the specific subject of that user’s question, the user has raised a good point in relation to apparent ‘warnings’.
Could Boklm please respond to the specific point and anyone who offers ‘advice’ please say exactly what they mean, with examples?

Thanks

Noscript comes with a myriad of configuration options and it's unclear which ones are safe to use. So we plan to replace it with a new button providing a limited set of options.

You can read the proposal for more details about this:
https://gitweb.torproject.org/tor-browser-spec.git/tree/proposals/101-s…

And the latest discussions on the ticket about per-site security settings support:
https://trac.torproject.org/projects/tor/ticket/30570

That's a really good idea, given NoScript's behavior contributes to browser fingerprint, it is hard to stay indistinguishable with such fine-tuning. Actually, NoScript also learns unique behavior eg,when one decides to "always block this potential XSS" in the popup dialog. As unbiggest NoScript fan I'm hoping for replacement with some simple (High/Medium/Low/Trusted IE style) reputable (can't forgive NoScript hacking other extension's data) control for JS execution

fake name

November 19, 2019

Permalink

REALLY unhappy about this update. Some servers are blocking exit nodes in the nasty way - by spewing an error page for the GET request (eg. Cisco, anything running varsnish etc etc). But... if page summary presented by eg. DuckDuckGo is really promising, one can roll the dice by clicking "new curcuit" button in the UI provided by Torbutton, so given much enough desire (read patience and time wasted) to read the contents, one could actually reach the page in question. Life's pretty bad, isn't it?
But I stumbled upon catastrophically worse case: firewall.cx decided to be even more nasty to tor users - they are firewalling exit nodes and... there is no UI to try a luck at another node! Torbutton doesn't recognizes an Firefox's internal "problem loading" page as "site" for which it could request a new virtual circuit!
And the worst: the issue described above also applies to usual cases when your randomly selected exit node having some network health issues, so there is no escape, site becomes inaccessible until MaxCircuitDirtiness timeout expires (or you have to do "new identity" or restart tor)

fake name

November 20, 2019

Permalink

I keep getting the error message "x was blocked because we are blocking all third-party storage access requests and content blocking is enabled." It caused an infinite loop and prevented me from logging into Facebook comments plugin. How do I disable blocking of third-party cookies?