New Release: Tor Browser 9.0.1

Tor Browser 9.0.1 is now available from the Tor Browser download page and also from our distribution directory.

Tor Browser 9.0.1 is the first bugfix release in the 9.0 series and aims to mostly fix regressions and provide small improvements related to our 9.0 release. Additionally, we are adding a banner on the starting page for our fundraising campaign Take Back the Internet with Tor.

Known Issue

For each new release, two members from our team are building the release separately and compare the result to make sure that it is reproducible. For the 9.0 and 9.0.1 releases, however, an issue that we are still investigating is making our build not completely deterministic. As a workaround for this issue, we had to do multiple builds until we got matching builds. You might need to do the same if you are trying to reproduce our build.

Note: due to some delay with the signing, the Android version is not yet available. We expect to be able to publish the signed Android version in a few hours. Update: the Android version has been published.

ChangeLog

The full changelog since Tor Browser 9.0 is:

  • All Platforms
    • Update NoScript to 11.0.4
      • Bug 21004: Don't block JavaScript on onion services on medium security
      • Bug 27307: NoScript marks HTTP onions as not secure
    • Bug 30783: Fundraising banner for EOY 2019 campain
    • Bug 32321: Don't ping Mozilla for Man-in-the-Middle-detection
    • Bug 27268: Preferences clean-up
  • Windows + OS X + Linux
    • Update Tor Launcher to 0.2.20.2
      • Bug 32164: Trim each received log line from tor
      • Translations update
    • Bug 31803: Replaced about:debugging logo with flat version
    • Bug 31764: Fix for error when navigating via 'Paste and go'
    • Bug 32169: Fix TB9 Wikipedia address bar search
    • Bug 32210: Hide the tor pane when using a system tor
    • Bug 31658: Use builtin --panel-disabled-color for security level text
    • Bug 32188: Fix localization on about:preferences#tor
    • Bug 32184: Red dot is shown while downloading an update
  • Android
    • Bug 32342: Crash when changing the browser locale

Welcome! Yes, Tor Browser is able to block some ads and trackers if you click the shield icon to raise the security level. It is not bundled with a normal type of adblocker. Please read the Tor Browser User Manual as well as the Support FAQ and Documentation pages linked in the top header of torproject.org. Near the top of the Documentation page, you can find the old Overview and old General FAQ.

Anon

November 10, 2019

Permalink

Tor was running fine. Now when i open Tor all i get is 'Gah! Your tab just crashed'. I uninstalled, reinstalled Tor. Problem still exists every attempt to use Tor.

Anon

November 10, 2019

Permalink

I am getting error "firefox.exe"
"Te application was unable to start correctly (0xc000007) Click OK to close the application"

Does this mean the Tor Browser 9.01 is not portable anymore?

I am running Windows 7
I tried both
torbrowser-install-9.0.1_en-US
and torbrowser-install-win64-9.0.1_en-US

Tor Browser 9.0.1 is supposed to work on Windows 7.

A possibility is that a missing Windows update is causing this issue. At least that's what searching this error in a search engine seems to indicate. You can try to install the latest Windows updates if they are not installed yet.

It's not that Avira isn't good, per say. When this happens, it's usually the case that the Tor Browser version was too new for scanners to recognize it. A few days after this version was released, the scanner providers updated their virus definitions and found that Tor Browser, while it may contain what looks like it could be something suspicious to a heuristic scanner, is actually clean. Its first incorrect reaction is called a "false positive". Most of the time, it is resolved simply by waiting a few days and then scanning it again. Regardless, it is recommended to always verify Tor Browser's cryptographic signature for integrity and authenticity which you can do immediately.

If you still want to change you scanner, look at professional research comparisons of them:
https://www.av-comparatives.org/
https://www.av-test.org/
https://www.virusbulletin.com/testing/

Request to access cookie or storage on “https://....” was blocked because we are blocking
all third-party storage access requests and content blocking is enabled.

...many websites still not loading properly, especially thumbnails are missing.

image.http.accept ; */*
image.webp.enabled ; false
...seems to be the solution.

How can I configure settings (torrc) for strict exit country?

you could try to RTFM - or - if you followed this blog you would have stumbled upon this:
https://blog.torproject.org/comment/283682#comment-283682

add limited svg support on safest as tbb has
SVGSupport: true

Why isn't this release available for download on GitHub or GitLab?

How to join in anonymous

Lurk moar. Don't feed the trolls. Stay classy. Be an hero for great justice.

How can I export TBB's bookmark without internet? Before version run /tor-browser_en-US/Browser/firefox --safe-mode, but now can't

You can backup the SQLite bookmarks database and later overwrite the database in Tor Browser when you want to restore from your backup. When you restore the backup, this procedure overwrites all bookmarks in Tor Browser with your backup copy. Tor Browser must be closed before these procedures, or the database file could become corrupted. I don't know of an easy way to export and import bookmarks by HTML in Tor Browser without internet.

Backup:
Close Tor Browser. Open the folder where tor-browser was installed. Go to ./Browser/TorBrowser/Data/Browser/ Copy places.sqlite to a folder outside of the Tor Browser folder.

Restore:
Close Tor Browser. Go to that folder inside the tor-browser folder. Copy your backup places.sqlite into that folder and overwrite the file there.

Why not use the built-in functionality? Menu -> Library -> Bookmarks -> Show All Bookmarks [at the bottom] -> Import and Backup [at the top] -> Export Bookmarks to HTML...

because they said it wouldn't run (TB doesn't open) without internet. the library UI is not accessible.

please, raise the prio of https://trac.torproject.org/projects/tor/ticket/32238
seems to be a cloudflare crap again

When you open it in full screen, there are empty areas around the edges, how to remove them?

This is intentional. Please see the section "Letterboxing" on the 9.0 release blog post: https://blog.torproject.org/comment/284595#comment-284595 and the reply here: https://blog.torproject.org/comment/284595#comment-284595

The is the letterboxing feature. See the section about this in the 9.0 blog post:
https://blog.torproject.org/new-release-tor-browser-90

Hello torproject,

what's the reason for, everytime clicking on the Security level icon, want to see Optoins,
the tor Logs, the Tor Browser is Phoning Home to torproject. For what? Why? Is phoning home, telemetry the new must have?

What do you mean exactly by "phoning home"? There should not be phoning home when changing the security level.

I'm not you(-: but i have the same problem.
All updates within about:config are off but Torbrowser is phoning home in the same form to aus1.torproject.org .
Phoning home is ALL unwanting automated connection, all unwanted automatic updating to a server/machine you don't want and you can't switch it off. Switch it off without tricks, without hack the programm. Try to switch off all phoning home -unwanted telemetry- in MicrosoftWindows10, and you know what i mean with phoning home, hardcore.
Torbrowser/FirefoxESR should not going the same way. I am really not the only one who think so. A lot of professionals think so too, because its logic.

Tor Browser includes an internal updater, and connects to aus1.torproject.org to find if an update is available.

"find if an update"

Thats Ok when you want it, automated updating. But it's not you can't switch off. Normal browser interaction start this updating -not ok.

In other words, you all want it to "phone home" as you call it, only when you tell it to phone home? There are too many misunderstandings here to sort through. Your traffic is mixed in the Tor network. It's not like regular internet routing. "Phoning home" implies sending your data to them, but it doesn't do that. The worst I see from it is a regular timed heartbeat through the exit relays that, if all exits in all countries are ever monitored by the same group which is not feasible anyway, could merely estimate how long that browser has been open and predict when the next beat will occur. The heartbeat looks exactly like everyone else's except shifted by a unique phase time. I don't know if its phase shifts when the browser starts a new identity or how much randomness is added by the browser, the Tor protocol, and the network. If it's triggered when the user opens the Preferences tab as comments said, that's more randomness.

Tor browser 9.0.1 is connecting to:

firefox.settings.services.mozilla.com:443

It connects consistently to this address. Seems to be some kind of hardcoded telemetry. This needs to be fixed.
There is also a mozilla CDN connection that happens sometimes but couldn't copy url fast enough.

The connection to firefox.settings.services.mozilla.com is to update the addons blocklist:
https://support.mozilla.org/en-US/kb/add-ons-cause-issues-are-on-blockl…

See this comment for a description of the Mozilla services Tor Browser connects to:
https://trac.torproject.org/projects/tor/ticket/21200#comment:4

>Tor browser 9.0.1 is connecting to:
>firefox.settings.services.mozilla.com:443

Easy to solve yet unlike the problem with unwanted automated updating.
about:config, delete these entries.Solved.

Tor Browser 9.01 only works in safe mode. When I star tor browser normaly the application hang

Depósito con errores , tipo 0
Nombre de evento: AppHangB1
Respuesta: No disponible
Identificador de archivo .cab: 0

Firma del problema:
P1: firefox.exe
P2: 68.2.0.7031
P3: 00000000
P4: c966
P5: 67246080
P6:
P7:
P8:
P9:
P10:

What do you mean by "safe mode"? Is it a new issue with 9.0.1, or did it happen with previous versions too? Also, what version of Windows are you using?

hold Shift key while run tor browser,

How to fix the proxy

What is the issue?

In response to Boklm’s comment on November 8, in relation to the NoScript toolbar button that “not all options from this button are safe to use”
A user asked the question:
“Which options are not safe and why?
Could I request that, if you or your colleagues are going to state such things, esp. warnings, in the future could you/they expand on what they are saying so that users are better informed and can take action?”

Apart from the specific subject of that user’s question, the user has raised a good point in relation to apparent ‘warnings’.
Could Boklm please respond to the specific point and anyone who offers ‘advice’ please say exactly what they mean, with examples?

Thanks

Noscript comes with a myriad of configuration options and it's unclear which ones are safe to use. So we plan to replace it with a new button providing a limited set of options.

You can read the proposal for more details about this:
https://gitweb.torproject.org/tor-browser-spec.git/tree/proposals/101-s…

And the latest discussions on the ticket about per-site security settings support:
https://trac.torproject.org/projects/tor/ticket/30570

That's a really good idea, given NoScript's behavior contributes to browser fingerprint, it is hard to stay indistinguishable with such fine-tuning. Actually, NoScript also learns unique behavior eg,when one decides to "always block this potential XSS" in the popup dialog. As unbiggest NoScript fan I'm hoping for replacement with some simple (High/Medium/Low/Trusted IE style) reputable (can't forgive NoScript hacking other extension's data) control for JS execution

REALLY unhappy about this update. Some servers are blocking exit nodes in the nasty way - by spewing an error page for the GET request (eg. Cisco, anything running varsnish etc etc). But... if page summary presented by eg. DuckDuckGo is really promising, one can roll the dice by clicking "new curcuit" button in the UI provided by Torbutton, so given much enough desire (read patience and time wasted) to read the contents, one could actually reach the page in question. Life's pretty bad, isn't it?
But I stumbled upon catastrophically worse case: firewall.cx decided to be even more nasty to tor users - they are firewalling exit nodes and... there is no UI to try a luck at another node! Torbutton doesn't recognizes an Firefox's internal "problem loading" page as "site" for which it could request a new virtual circuit!
And the worst: the issue described above also applies to usual cases when your randomly selected exit node having some network health issues, so there is no escape, site becomes inaccessible until MaxCircuitDirtiness timeout expires (or you have to do "new identity" or restart tor)

The well known ad blocking extension uBlockOrigin for Firefox starts using the DNS permission of the Mozilla DNS JavaScript API to block a new form of embedded ads. (1,2)

Is this extension now making DNS requests still safe to use with torbrowser?

1: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/…
2: https://github.com/uBlockOrigin/uBlock-issues/issues/780

What's happened to the F-droid update for android?

It seems we forgot to upload it. It should be there soon.

I keep getting the error message "x was blocked because we are blocking all third-party storage access requests and content blocking is enabled." It caused an infinite loop and prevented me from logging into Facebook comments plugin. How do I disable blocking of third-party cookies?