New Release: Tor Browser 9.0.9

Tor Browser 9.0.9 is now available from the Tor Browser download page and also from our distribution directory.

This release updates Firefox to 68.7.0esr, NoScript to 11.0.23, and OpenSSL to 1.1.1f.

Also, this release features important security updates to Firefox.

The full changelog since Tor Browser 9.0.8 is:

  • All Platforms
    • Update Firefox to 68.7.0esr
    • Bump NoScript to 11.0.23
    • Bug 33630: Remove noisebridge01 default bridge
  •  Windows + OS X + Linux
    • Bug 33771: Update some existing licenses and add Libevent license
    • Bug 33723: Bump openssl version to 1.1.1f
  • Windows

If the TOR community starts sharing a single user's traffic data to the world, it's the beginning of the end. USA is not the only place where governors are tempted by dystopia, unfortunately. Plus, ISPs and big software companies are damn intrusive.
@developers: huge THANK YOU for your work. Just keep the project to its original spirit.

Anonymous

April 18, 2020

Permalink

new to Tor..
I thought that Tor will have a built in ad blocker but i still get them..
also, the Tor project FAQ recommends not installing add-ons including the ad blocker ones..
how do i safely get rid of ads?

Tor Browser does not currently includes any ad blocker by default, so adding one will make your fingerprint differ from most other Tor Browser users.

There has been some discussion on this topic on this ticket: https://trac.torproject.org/projects/tor/ticket/17569

If you still decide to install one, you might want to use the same that is included in Tails: ublock origin.

Just to clarify: Tails is a full Debian-based system you boot from a live DVD or live USB, which should not leave any traces on your physical device of what you read or said while using Tails. It includes the latest Tor Browser with a few extra privacy-enhancing tweaks including ublock origin. See tails.boum.org for more.

> how do i safely get rid of ads?

Change your security level to Safest. That will disable Javascript that would load most types of ads, but it may disable some functions on a webpage that you need and make pages look ugly. You can search for the many discussions in the past about ads and blockers on this blog, the bug tracker, and other development channels.

Anonymous

April 18, 2020

Permalink

How may I please start TBB every time to prefer ipv4 connections? By default it starts with prefer ipv6 and I have ipv6 disabled. Why? Because it's my preference. TIA.

Prefer IPv4 for which types of connections? "How do I use Tor from an IPv6 only host/computer?" https://2019.www.torproject.org/docs/faq.html.en#IPv6 "I'm supposed to "edit my torrc". What does that mean?" https://support.torproject.org/tbb/tbb-editing-torrc/

Start by reading about ClientUseIPv6 in the tor daemon manual. https://2019.www.torproject.org/docs/tor-manual.html.en#ClientUseIPv6 Next, Find every place the text "ipv" is on the page.

Anonymous

April 20, 2020

Permalink

Hi Torproject!

Why did you stop updating the "geoip", "geoip6" files? (torbrowser-install-9.0.9)
(# Last updated based on December 3 2019 Maxmind GeoLite2 Country)

Are you seriously? It's been 4 months already.
Please update the files in the next release!

Anonymous

April 20, 2020

Permalink

Are there any plans to remove the "Standard" security level. I have yet to find any site that works in standard mode and breaks in Safer mode. Nearly every website is HTTPS now, and you'd have to be nuts to enable JS over HTTP over Tor. I never use standard mode, because I haven't found a need for it, and the risks are high enough already on Safer mode. Besides WebGL/HTML5 related exploits and such, it is probably not hard to fingerprint physical hardware or perform side channel attacks when browsing with font rendering and JS optimizations etc. are enabled as they are in Standard mode. Also because each security level is a fingerprintable category of users, so the fewer the better.

> Nearly every website is HTTPS now, and you'd have to be nuts to enable JS over HTTP over Tor.

And websites in autocratic regimes? Sites in less wealthy nations? Sites in Africa? Old unmaintained sites? Prototype sites? I am opposed to removing Standard. I think it would be better if the default was Safer with just-in-time tutorials about the slider and media permissions. Some maps require WebGL as well. Adding more and more little exceptions to Safer, and it might as well be Standard.

Anonymous

April 21, 2020

Permalink

Seen twice so far when trying to access this page using Tor Browser 9.0.9:

> Page Could Not Be Loaded
>
> The web page you were looking for could not be delivered.

Why? What does it mean?

Never seen this error before the past few days.

Anonymous

April 21, 2020

Permalink

Very sorry to hear about the layoffs at Tor Project. I hope you will be able to rehire them very soon.

@ other Tor users: seems this would be a good time to make a donation if you are able.

Anonymous

April 23, 2020

Permalink

@ other Tor users: what on Earth will we do if Tor suddenly vanishes? If we cannot access the internet (because we only use TB), how will we even get the official word from TP (in this blog?) that Tor Project has ceased all operations?

@ Tor Project employees: please stay strong and keep up all your good work, people need Tor!

I hope there is still some employee looking into possible issues with the Tor network.

In recent days while visiting this blog using TB 4.0.9 in Tails ("safer"), I have repeatedly seen:

o "page could not be loaded" error when trying to load this very page (an error message never seen before)

o on reloading, new circuit has exit node from the same large family of Tor nodes which I fear might be misbehaving

I don't know what is causing this but it seems that it could suggest that the Tor network is starting to break, possibly as the result of malicious actions by our many many state and corporate sponsored enemies.

Anonymous

April 26, 2020

Permalink

Hi. Is there a way to disable the tor connection? I have a VPN and I need to be seen in certain countries but Tor randomly pics a country which isn't good for me. I recall in previous versions you could disable it? I am running Windows. Thanks

Anonymous

April 27, 2020

Permalink

Every 32-bit version for windows has only Arabic and Farsi - and nothing else - when I want to install the program. I wonder if anybody could help...

Anonymous

April 27, 2020

Permalink

Hey ho,
istn't there a dedicated support website? All I find is https://github.com/TheTorProject/gettorbrowser

Here is my issue: after updating torbrowser-launcher today from debian repositories, TorBrowser has been installed again. Now, all my bookmarks are gone.
Can I restore them with a backupped profile.default foldert? And if so, how?

Kind regards, Ronnya

Anonymous

April 27, 2020

Permalink

I am having trouble connecting to the Internet. Why, why, why? It was working fine, now, nothing. I, just installed Tor with a VPN, after one day it says it cannot connect through the DNS. Something about an error. Help, please.

Anonymous

April 27, 2020

Permalink

Can one tiny glimmer of sunshine be glimpsed amidst the lowering storm clouds?

thehill.com
Lawmakers introduce legislation to combat global censorship, boost internet freedom
Maggie Miller
27 Apr 2020

> A bipartisan group of House lawmakers on Monday introduced legislation intended to expand global internet freedom and cut down on social media and news censorship by governments in countries such as China and Russia.
>
> The Open Technology Fund Authorization Act would authorize the existing nonprofit Open Technology Fund (OTF) as an independent group under the U.S. Agency for Global Media, which also includes media groups such as Voice of America and Radio Free Europe.

RFE is one of the entities which has funded Tor Project in the past. Advocates for human rights workers, vaccination workers, journalists, political dissidents, union organizers, and ordinary citizens need allies in the US Congress rather desperately.

I urge US voters to ask their Congressional representatives to support this bill--- assuming groups like FOTP, RSF, HRW, Amnesty do not spot some major problem I missed.

Anonymous

April 30, 2020

Permalink

Regarding censorship, there have been quite a few developments during the past week. Suddenly the political tide in the US seems to be running against the authoritarian onslaught, a trend which we must certainly hope continues.

The GOP has put forth a pro-privacy bill on digital contact tracing which on the basis of this story seems like a welcome protection:

thehill.com
Key Republican senators to introduce coronavirus-related data privacy legislation
Chris Mills Rodrigo
30 Apr 2020

> A group of key Republican senators announced Thursday they intend to introduce legislation aimed at protecting consumer data privacy during the coronavirus pandemic. The COVID-19 Consumer Data Protection Act would require companies to have consumers opt in before having their data used to track the spread of coronavirus and allow them to opt out at any point. The legislation would also direct companies to tell consumers how their data would be used, to whom it might be transferred and for how long it would be held.

And here's an intriguing revelation: turns out that back in 2015, current FBI Director Chris Wray, then working for a private law firm, *defended* WhatsApp encryption:

theguardian.com
Documents reveal FBI head defended encryption for WhatsApp before becoming fierce critic
Christopher Wray defended encryption in 2015 as a lawyer, contradicting his current opposition to the practice
Stephanie Kirchgaessner
30 Apr 2020

Former G.W. Bush administration OLC lawyer Jack Goldsmith coauthored an editorial praising CN government censorship during the pandemic, and Mike Masnick is not about to let him get away with that:

techdirt.com
How Can Anyone Argue With A Straight Face That China's Approach To Speech Online Is Better Than The US's During A Pandemic
Free Speech
from the authoritarian-nonsense dept
Mike Masnick
30 Apr 2020

One of the intriguing pieces of this puzzle is that the CN authorities actually arrested the doctor in Wuhan who first identified COVID-19 illness for "spreading rumors" when she tried to warn the public about the public health threat, then exonerated after she herself died from the illness. And there is a virology lab of Wuhan (a huge city so no surprise there) where researchers had been studying mammals such as bats in hope of preventing an epidemic analogous to SARS or MERS, a fact which American trolls have exploited to convince many that China actually engineered COVID-19 as a bioweapon and then accidently released it in their own country:

theatlantic.com
The Coronavirus Conspiracy Boom
Nearly a third of the people we polled believe that the virus was manufactured on purpose. Why?
Joseph E. Uscinski and Adam M. Enders
30 Apr 2020

Weird as it feels to agree with USIC, I tend to think their assessment that this rumor is without merit is probably good advice--- unfortunately, it does not fit with how Drump wants to shape public opinion about who is to blame for the pandemic:

theguardian.com
US intelligence agencies under pressure to link coronavirus to Chinese labs
Senior Trump administration figures said to be demanding evidence on virus’s origins
Patrick Wintour
30 Apr 2020

Mike Masnick also has high praise for this essay by a leading "fake news" researcher:

brookings.edu
How to cope with an infodemic
Kate Starbird
27 Apr 2020

Anonymous

May 02, 2020

Permalink

Hi, the (startpage) search engine have started to go nuts over tor. Why is that? cant even use it anymore because it keep spamming CHAPTCHA every times i try using it. would be much appreciated if this could be fixed somehow. i do have the latest updates from tor. however the version says 9.0.9 and not 9.5. could that be the issue? i rather not use unstable versions since ive had issues with that before. thanks in advance and thanks for all your hard work keeping us safe out there.

Anonymous

May 04, 2020

Permalink

Hi, I have downloaded the TOR 9.0.9, so I can bypass the ISP block to many sites like Facebook, Twitter, YouTube and so on. When I go to YouTube and click on a video clip, the Tor prompts me with a warning message "
Our systems have detected unusual traffic from your computer network. Please try your request again later", hence, making access to any content on YouTube impossible. Any idea, how to get around this?

Thanks

Anonymous

May 04, 2020

Permalink

In a welcome development well worth celebrating, one potential existential threat to TorProject.org (emphasis on dot org) has been eliminated:

eff.org
Victory! ICANN Rejects .ORG Sale to Private Equity Firm Ethos Capital
Karen Gullo and Mitch Stoltz
30 Apr 2020

> In a stunning victory for nonprofits and NGOs around the world working in the public interest, ICANN today roundly rejected Ethos Capital’s plan to transform the .ORG domain registry into a heavily indebted for-profit entity. This is an important victory that recognizes the registry’s long legacy as a mission-based, non-for-profit entity protecting the interests of thousands of organizations and the people they serve.

Anonymous

May 24, 2020

Permalink

Any idea about this? Freshly started Tor Browser, no other page visited, 'Temporarily allow all this page'. From where all these DNS servers are coming up in the Tor Browser's JavaScript context?

https://browserleaks.com/dns

---

Home Page
IP Address
JavaScript
WebRTC Leak Test
Canvas Fingerprint
WebGL Report
Font Fingerprinting
SSL Client Test
Geolocation API
Features Detection
Content Filters
Java Applet
Flash Player
Silverlight
More Tools
Settings

DNS Leak Test

With insufficient configuration, it is possible that the browser's DNS requests will be sent to the ISP DNS server directly, and not sent through the VPN or Proxy. Thus, a malicious website will be able to find out the name of your real ISP, and the ISP will know your endpoint IP and which sites you visit.

DNS Leak Test shows which DNS servers your browser uses to resolve domain names. This test attempts to resolve 100 randomly generated domain names asynchronously, 50 with A record (IPv4-only) and 50 with both A and AAAA records (IPv4+IPv6).
Your IP Address
IP Address
45.95.235.86
ISP Virtual Systems LLC
Location Russia
DNS Leak Test
Test Results Found 51 Servers, 1 ISP, 2 Locations
Your DNS Servers
IP Address : ISP : Location :
172.217.33.129 GOOGLE United States
172.217.33.130 GOOGLE United States
172.217.33.131 GOOGLE United States
172.217.33.132 GOOGLE United States
172.217.33.193 GOOGLE United States
172.217.33.194 GOOGLE United States
172.217.33.195 GOOGLE United States
172.217.33.196 GOOGLE United States
172.217.34.1 GOOGLE United States
172.217.34.2 GOOGLE United States
172.217.34.3 GOOGLE United States
172.217.34.4 GOOGLE United States
172.217.34.5 GOOGLE United States
172.253.194.1 GOOGLE United States
172.253.194.3 GOOGLE United States
172.253.194.5 GOOGLE United States
172.253.195.1 GOOGLE United States
172.253.195.3 GOOGLE United States
172.253.195.5 GOOGLE United States
172.253.197.1 GOOGLE United States
172.253.197.2 GOOGLE United States
172.253.197.3 GOOGLE United States
172.253.197.4 GOOGLE United States
172.253.197.5 GOOGLE United States
172.253.198.5 GOOGLE United States
172.253.199.1 GOOGLE United States
172.253.199.2 GOOGLE United States
172.253.199.3 GOOGLE United States
172.253.199.4 GOOGLE United States
172.253.199.5 GOOGLE United States
172.253.246.33 GOOGLE United States
172.253.246.34 GOOGLE United States
172.253.246.35 GOOGLE United States
172.253.246.36 GOOGLE United States
2a00:1450:4001:c00::101 GOOGLE Ireland
2a00:1450:4001:c00::104 GOOGLE Ireland
2a00:1450:4001:c00::105 GOOGLE Ireland
2a00:1450:4001:c01::102 GOOGLE Ireland
2a00:1450:4001:c01::103 GOOGLE Ireland
2a00:1450:4001:c01::104 GOOGLE Ireland
2a00:1450:4001:c02::102 GOOGLE Ireland
2a00:1450:4001:c02::104 GOOGLE Ireland
2a00:1450:4001:c03::101 GOOGLE Ireland
2a00:1450:4001:c03::102 GOOGLE Ireland
2a00:1450:4001:c03::103 GOOGLE Ireland
2a00:1450:4001:c03::104 GOOGLE Ireland
2a00:1450:4001:c03::105 GOOGLE Ireland
2a00:1450:4001:c04::103 GOOGLE Ireland
2a00:1450:4001:c04::104 GOOGLE Ireland
2a00:1450:4025:2::103 GOOGLE Ireland
2a00:1450:4025:2::104 GOOGLE Ireland
Leave a Comment (2)
BrowserLeaks © 2011-2020 All Right Reserved
moc.skaelresworb@nimda