New Release: Tor Browser 9.0

Update [7:30 UTC]: Clarified the amount of locales we support. It's 32 with Tor Browser 9.0.

Update [10:45 UTC]: Added a section about letterboxing.

Tor Browser 9.0 is now available from the Tor Browser download page and also from our distribution directory.

This release features important security updates to Firefox.

Tor Browser 9.0 is the first stable release based on Firefox 68 ESR and contains a number of updates to other components as well (including Tor to 0.4.1.6 and OpenSSL to 1.1.1d for desktop versions and Tor to 0.4.1.5 for Android).

In addition to all the needed patch rebasing and toolchain updates, we made big improvements to make Tor Browser work better for you.

We want everyone in the world to be able to enjoy the privacy and freedom online Tor provides, and that's why over the past couple years, we've been working hard to boost our UX and localization efforts, with the biggest gains first visible in Tor Browser 8.0.

In Tor Browser 9.0, we continue to build upon those efforts with sleeker integration and additional localization support.

Goodbye, Onion Button

We want your experience using Tor to be fully integrated within the browser so how you use Tor is more intuitive. That's why now, rather than using the onion button that was in the toolbar, you can see your path through the Tor network and request a New Circuit through the Tor network in [i] on the URL bar.

Tor Browser - circuit display - dark theme

 

Hello, New Identity Button

Tor Browser - Toolbar - New Identity Button

Instead of going into the onion button to request a New Identity, we've made this important feature easier to access by giving it its own button in the toolbar.

Tor Browser - New Identity

You can also request a New Identity, and a New Circuit, from within the [=] menu on the toolbar.

Torbutton and Tor Launcher Integration

Now that both extensions are tightly integrated into Tor Browser, they'll no longer be found on the about:addons page.

Tor Browser - about preferences

We redesigned the bridge and proxy configuration dialogs and include them directly into the browser's preference settings as well.

Rather than being a submenu behind the onion button, Tor Network Settings, including the ability to fetch bridges to bypass censorship where Tor is blocked, are easier to access on about:preferences#tor.

Letterboxing

Tor Browser, in its default mode, is starting with a content window rounded to a multiple of 200px x 100px to prevent fingerprinting the screen dimensions. The strategy here is to put all users in a couple of buckets to make it harder to single them out. That worked until users started to resize their windows (e.g. by maximizing them or going into fullscreen mode). Tor Browser 9 ships with a fingerprinting defense for those scenarios as well, which is called Letterboxing, a technique developed by Mozilla and presented earlier this year. It works by adding white margins to a browser window so that the window is as close as possible to the desired size while users are still in a couple of screen size buckets that prevent singling them out with the help of screen dimensions.

Better Localization Support

If we want all people around the world to be able to use our software, then we need to make sure it's speaking their language. Since 8.0, Tor Browser has been available in 25 languages, and we added 5 locales more in Tor Browser 8.5. Today, we add support for two additional languages: Macedonian (mk) and Romanian (ro), bringing the number of supported languages to 32.

We also fixed bugs in our previously shipped localized bundles (such as ar and ko).

Many thanks to everyone who helped with these, in particular to our translators.

Known Issue

As usual when preparing Tor Browser releases, we verified that the build is bit-for-bit reproducible. While we managed to get two matching builds, we found that in some occasions the builds differ (we found this happening on the Linux i686 and macOS bundles). We are still investigating the cause of this issue to fix it.

Give Feedback

If you find a bug or have a suggestion for how we could improve this release, please let us know. Thanks to all of the teams across Tor, and the many volunteers, who contributed to this release.

Changelog

The full changelog since Tor Browser 8.5.6 is:

  • All Platforms
    • Update Firefox to 68.2.0esr
    • Bug 31740: Remove some unnecessary RemoteSettings instances
    • Bug 13543: Spoof smooth and powerEfficient for Media Capabilities
    • Bug 28196: about:preferences is not properly translated anymore
    • Bug 19417: Disable asmjs on safer and safest security levels
    • Bug 30463: Explicitly disable MOZ_TELEMETRY_REPORTING
    • Bug 31935: Disable profile downgrade protection
    • Bug 16285: Disable DRM/EME on Android and drop Adobe CDM
    • Bug 31602: Remove Pocket indicators in UI and disable it
    • Bug 31914: Fix eslint linter error
    • Bug 30429: Rebase patches for Firefox 68 ESR
    • Bug 31144: Review network code changes for Firefox 68 ESR
    • Bug 10760: Integrate Torbutton into Tor Browser directly
    • Bug 25856: Remove XUL overlays from Torbutton
    • Bug 31322: Fix about:tor assertion failure debug builds
    • Bug 29430: Add support for meek_lite bridges to bridgeParser
    • Bug 28561: Migrate "About Tor Browser" dialog to tor-browser
    • Bug 30683: Prevent detection of locale via some *.properties
    • Bug 31298: Backport patch for #24056
    • Bug 9336: Odd wyswig schemes without isolation for browserspy.dk
    • Bug 27601: Browser notifications are not working anymore
    • Bug 30845: Make sure internal extensions are enabled
    • Bug 28896: Enable extensions in private browsing by default
    • Bug 31563: Reload search extensions if extensions.enabledScopes has changed
    • Bug 31396: Fix communication with NoScript for security settings
    • Bug 31142: Fix crash of tab and messing with about:newtab
    • Bug 29049: Backport JS Poison Patch
    • Bug 25214: Canvas data extraction on local pdf file should be allowed
    • Bug 30657: Locale is leaked via title of link tag on non-html page
    • Bug 31015: Disabling SVG hides UI icons in extensions
    • Bug 30681: Set security.enterprise_roots.enabled to false
    • Bug 30538: Unable to comment on The Independent Newspaper
    • Bug 31209: View PDF in Tor Browser is fuzzy
    • Translations update
  • Windows + OS X + Linux
    • Update Tor to 0.4.1.6
    • Update OpenSSL to 1.1.1d
      • Bug 31844: OpenSSL 1.1.1d fails to compile for some platforms/architectures
    • Update Tor Launcher to 0.2.20.1
      • Bug 28044: Integrate Tor Launcher into tor-browser
      • Bug 32154: Custom bridge field only allows one line of input
      • Bug 31286: New strings for about:preferences#tor
      • Bug 31303: Do not launch tor in browser toolbox
      • Bug 32112: Fix bad & escaping in translations
      • Bug 31491: Clean up the old meek http helper browser profiles
      • Bug 29197: Remove use of overlays
      • Bug 31300: Modify Tor Launcher so it is compatible with ESR68
      • Bug 31487: Modify moat client code so it is compatible with ESR68
      • Bug 31488: Moat: support a comma-separated list of transports
      • Bug 30468: Add mk locale
      • Bug 30469: Add ro locale
      • Bug 30319: Remove FTE bits
      • Translations update
    • Bug 32092: Fix Tor Browser Support link in preferences
    • Bug 32111: Fixed issue parsing user-provided bridge strings
    • Bug 31749: Fix security level panel spawning events
    • Bug 31920: Fix Security Level panel when its toolbar button moves to overflow
    • Bug 31748+31961: Fix 'Learn More' links in Security Level preferences and panel
    • Bug 28044: Integrate Tor Launcher into tor-browser
    • Bug 31059: Enable Letterboxing
    • Bug 30468: Add mk locale
    • Bug 30469: Add ro locale
    • Bug 29430: Use obfs4proxy's meek_lite with utls instead of meek
    • Bug 31251: Security Level button UI polish
    • Bug 31344: Register SecurityLevelPreference's 'unload' callback
    • Bug 31286: Provide network settings on about:preferences#tor
    • Bug 31886: Fix ko bundle bustage
    • Bug 31768: Update onboarding for Tor Browser 9
    • Bug 27511: Add new identity button to toolbar
    • Bug 31778: Support dark-theme for the Circuit Display UI
    • Bug 31910: Replace meek_lite with meek in circuit display
    • Bug 30504: Deal with New Identity related browser console errors
    • Bug 31929: Don't escape DTD entity in ar
    • Bug 31747: Some onboarding UI is always shown in English
    • Bug 32041: Replace = with real hamburguer icon ≡
    • Bug 30304: Browser locale can be obtained via DTD strings
    • Bug 31065: Set network.proxy.allow_hijacking_localhost to true
    • Bug 24653: Merge securityLevel.properties into torbutton.dtd
    • Bug 31164: Set up default bridge at Karlstad University
    • Bug 15563: Disable ServiceWorkers on all platforms
    • Bug 31598: Disable warning on window resize if letterboxing is enabled
    • Bug 31562: Fix circuit display for error pages
    • Bug 31575: Firefox is phoning home during start-up
    • Bug 31491: Clean up the old meek http helper browser profiles
    • Bug 26345: Hide tracking protection UI
    • Bug 31601: Disable recommended extensions again
    • Bug 30662: Don't show Firefox Home when opening new tabs
    • Bug 31457: Disable per-installation profiles
    • Bug 28822: Re-implement desktop onboarding for ESR 68
  • Windows
    • Bug 31942: Re-enable signature check for language packs
    • Bug 29013: Enable stack protection for Firefox on Windows
    • Bug 30800: ftp:// on Windows can be used to leak the system time zone
    • Bug 31547: Back out patch for Mozilla's bug 1574980
    • Bug 31141: Fix typo in font.system.whitelist
    • Bug 30319: Remove FTE bits
  • OS X
    • Bug 30126: Make Tor Browser compatible with macOS 10.15
    • Bug 31607: App menu items stop working on macOS
    • Bug 31955: On macOS avoid throwing inside nonBrowserWindowStartup()
    • Bug 29818: Adapt #13379 patch for 68esr
    • Bug 31464: Meek and moat are broken on macOS 10.9 with Go 1.12
  • Linux
    • Bug 31942: Re-enable signature check for language packs
    • Bug 31646: Update abicheck to require newer libstdc++.so.6
    • Bug 31968: Don't fail if /proc/cpuinfo is not readable
    • Bug 24755: Stop using a heredoc in start-tor-browser
    • Bug 31550: Put curly quotes inside single quotes
    • Bug 31394: Replace "-1" with "−1" in start-tor-browser.desktop
    • Bug 30319: Remove FTE bits
  • Android
    • Update Tor to 0.4.1.5
    • Bug 31010: Rebase mobile patches for Fennec 68
    • Bug 31010: Don't use addTrustedTab() on mobile
    • Bug 30607: Support Tor Browser running on Android Q
    • Bug 31192: Support x86_64 target on Android
    • Bug 30380: Cancel dormant by startup
    • Bug 30943: Show version number on mobile
    • Bug 31720: Enable website suggestions in address bar
    • Bug 31822: Security slider is not really visible on Android anymore
    • Bug 24920: Only create Private tabs in permanent Private Browsing Mode
    • Bug 31730: Revert aarch64-workaround against JIT-related crashes
    • Bug 32097: Fix conflicts in mobile onboarding while rebasing to 68.2.0esr
  • Build System
    • All Platforms
      • Bug 30585: Provide standalone clang 8 project across all platforms
      • Bug 30376: Use Rust 1.34 for Tor Browser 9
      • Bug 30490: Add cbindgen project for building Firefox 68 ESR/Fennec 68
      • Bug 30701: Add nodejs project for building Firefox 68 ESR/Fennec 68
        • Bug 31621: Fix node bug that makes large writes to stdout fail
      • Bug 30734: Add nasm project for building Firefox 68 ESR/Fennec 68
      • Bug 31293: Make sure the lo interface inside the containers is up
      • Bug 27493: Clean up mozconfig options
      • Bug 31308: Sync mozconfig files used in tor-browser over to tor-browser-build for esr68
    • Windows
      • Bug 29307: Use Stretch for cross-compiling for Windows
      • Bug 29731: Remove faketime for Windows builds
      • Bug 30322: Windows toolchain update for Firefox 68 ESR
        • Bug 28716: Create mingw-w64-clang toolchain
        • Bug 28238: Adapt firefox and fxc2 projects for Windows builds
        • Bug 28716: Optionally omit timestamp in PE header
        • Bug 31567: NS_tsnprintf() does not handle %s correctly on Windows
        • Bug 31458: Revert patch for #27503 and bump mingw-w64 revision used
      • Bug 9898: Provide clean fix for strcmpi issue in NSPR
      • Bug 29013: Enable stack protection support for Firefox on Windows
      • Bug 30384: Use 64bit containers to build 32bit Windows Tor Browser
      • Bug 31538: Windows bundles based on ESR 68 are not built reproducibly
      • Bug 31584: Clean up mingw-w64 project
      • Bug 31596: Bump mingw-w64 version to pick up fix for #31567
      • Bug 29187: Bump NSIS version to 3.04
      • Bug 31732: Windows nightly builds are busted due to mingw-w64 commit bump
      • Bug 29319: Remove FTE support for Windows
    • OS X
      • Bug 30323: MacOS toolchain update for Firefox 68 ESR
      • Bug 31467: Switch to clang for cctools project
      • Bug 31465: Adapt tor-browser-build projects for macOS notarization
    • Linux
      • Bug 31448: gold and lld break linking 32bit Linux bundles
      • Bug 31618: Linux32 builds of Tor Browser 9.0a6 are not matching
      • Bug 31450: Still use GCC for our ASan builds
      • Bug 30321: Linux toolchain update for Firefox ESR 68
        • Bug 30736: Install yasm from wheezy-backports
        • Bug 31447: Don't install Python just for Mach
      • Bug 30448: Strip Browser/gtk2/libmozgtk.so
    • Android
      • Bug 30324: Android toolchain update for Fennec 68
        • Bug 31173: Update android-toolchain project to match Firefox
        • Bug 31389: Update Android Firefox to build with Clang
        • Bug 31388: Update Rust project for Android
        • Bug 30665: Get Firefox 68 ESR working with latest android toolchain
        • Bug 30460: Update TOPL project to use Firefox 68 toolchain
        • Bug 30461: Update tor-android-service project to use Firefox 68 toolchain
      • Bug 28753: Use Gradle with --offline when building the browser part
      • Bug 31564: Make Android bundles based on ESR 68 reproducible
      • Bug 31981: Remove require-api.patch
      • Bug 31979: TOPL: Sort dependency list
      • Bug 30665: Remove unnecessary build patches for Firefox

> Are you sure Wired's SecureDrop site is up to date with security patches?

No. And I have not had much joy urging news organizations to perform even a casual audit of their own SecureDrop sites. Maybe you can help by joining the effort to check up?

> Maybe you can help by joining the effort to check up?

SecureDrop.org's list is supposed to hide obsolete instances. If you click under "Want to get your instance listed?" to go to the submission form, it says "Freedom of the Press Foundation may perform routine, automated tests against your SecureDrop .onion service and your landing page, to verify uptime and version information, and to perform basic security checks against our landing page recommendations." Basically, contact SecureDrop or Freedom of the Press Foundation.

I checked the onion addresses given in the directory at SecureDrop.org against the onion addresses given in landing pages where these were available with security "highest" (The Washington Post messed up even that simple requirement), and the addies: I checked seem to all be OK:

Al Jazeera
aljazeerafo4sau2.onion

Buzzfeed
ndg43ilvrrj465ix.onion

Daily Beast
bcwyjiwj25t44it6.onion

Gizmodo
gmg7jl25ony5g7ws.onion

Global Witness
37fmdxug33hhyi2g.onion

HuffingtonPost
rbugf2rz5lmjbfun.onion

Lucy Parsons Labs
qn4qfeeslglmwxgb.onion

Public Intelligence
arujlhu2zjjhc3bw.onion

The Guardian
33y6fjyhs3phzfjj.onion

TheIntercept
intrcept32ncblef.onion

Vice Media
e3v3x57ykz25uvij.onion

It is not obvious which of these are running the latest version of SecureDrop. It seems that sometimes when a news org does take the trouble of updating their SecureDrop (obviously it would be unwise to trust one which doesn't!), this results in a new onion address being generated, but the news org may then sometimes forget to tell SecureDrop.org about the change.

Thanks to all reporters who try to goad their editors into letting them cover human rights stories!

> It's not listed in the SecureDrop directory

I am told by someone who claims to work for one of the listed publications that this directory is itself out of date, and he appears to be correct.

I think the problem is that SecureDrop depends upon news orgs to be sufficiently organized :-/ to update their entry in the directory when they change their onion, but there is no reason to think they are doing that. Sigh...

SecureDrop uses cron-apt to pull its update and 16.04 LTS security updates nightly. Config here:
https://github.com/freedomofpress/securedrop/tree/develop/install_files…

Wired's instance is on the latest SecureDrop version, 1.1.0, according to this public endpoint:
http://k5ri3fdr232d36nb.onion/metadata

This would indicate that cron-apt is running. Beyond that, nobody but the Wired SecureDrop admin would have any (legitimate) visibility into the state of the system.

Securedrop instances aren't always listed in the directory - sometimes they don't want to be, don't know about it, or don't meet criteria around the landing page or the instance setup as listed here:
https://securedrop.org/directory/submit/

I don't think I stated what I was told very well, which is not inconsistent with what you just said. This is very helpful, and I hope more potential whistleblowers and sources will try SecureDrop.

Particularly valuable for US publications would be inside information on how FBI is abusing JTTF in various cities to harrass peaceful protesters and political dissidents. Also on the new CBP Fusion Center which accesses NSA databases apparently including recordings of phone calls and text messages.

FPF human here! With some probably not entirely satisfactory answers:

SecureDrop uses cron-apt to pull its update and 16.04 LTS security updates nightly. Config here for the interested:
https://github.com/freedomofpress/securedrop/tree/develop/install_files…

Wired's instance is on the latest SecureDrop version, 1.1.0, according to this public endpoint:
http://k5ri3fdr232d36nb.onion/metadata

This would indicate that cron-apt is running. Beyond that, nobody but the Wired SecureDrop admin would have any (legitimate) visibility into the state of the system. If there were failures in applying Ubuntu security updates however, I would expect the SecureDrop application version to lag behind.

Securedrop instances aren't always listed in the directory - sometimes they don't want to be, don't know about it, or don't meet criteria around the landing page or the instance setup as listed here:
https://securedrop.org/directory/submit/

Potential whistleblowers should always do some anonymous research first (preferably via Tor Browser, on a device they control, and on a network they're not previously associated with) on the organizations they plan to contact. A SecureDrop directory listing is a strong indicator that a given org is taking the setup of their instance seriously, but it's not definitive and there may be orgs that are a good choice to leak to that are not listed there.

Anonymous

October 22, 2019

Permalink

Over the last few years this seems like the biggest improvement between major versions, both in performance and UI design. It's wonderful. Hopefully we'll see the number of users increase.

According to https://browserspy.dk/headers.php , the new Tor Browser 9.0 reveals my user-agent on the wire as:

Mozilla/5.0 (X11; Linux x86_64; rv:67.0) Gecko/20100101 Firefox/67.0

Reveals platform in HTTP header (even in Safest security mode, no JS). Also, wrong Firefox version.

about:support properly says:
Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0

Workaround: I used about:config to set general.useragent.override to the same value as about:support says. Tested, seems to work.

Please fix. Thanks.

This is not what the user agent is supposed to be. It should be "Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0".

Do you have the same user-agent in a new install of Tor Browser 9.0?

DAMMMNN!! Hopefully firefox allows/themes on the preferences page soon. Want dark theme all around. Nice work :D

Avast just quarantined mozavutil.dll and nssdbm3.dll when updating to torbrowser 9.0 as Evo-gen !!! Are they essential??

yes

Sorry. But i don't like these white borders inside the tor browser. shit on fingerprinting. Is there a place where i can switch this off?
I mean... Sorry. But when not... Maybe this is time to choose another browser...

Sure there is an option to do that but it is not recommended if you are resizing your windows: privacy.resistFingerprinting.letterboxing is the preference governing this feature.

Letterboxing is great at softening the fingerprint in those rare cases where you accidentally resize or maximize a window. However doesn't it decrease the uniformity if people start using it intentionally, given all the possible window and height combinations?

Is using the default window size still recommended?

Yes, the default size is still recommended. But, if users are resizing their window they should get some protection now. Before that we only had the notification bar popping up and essentially saying "Don't do that! Danger!" which was kind of lame. Now, we have something better to offer which fits more to our privacy-by-design goal.

Maybe you should still display the pop-up, although to be honest it seem ineffective, people have understandably just gotten too used to annoying popups and notifications and instinctively close or ignore them. I see people maximizing their Tor browser all the time out of habit.

> Maybe you should still display the pop-up

+1. But rewrite its message to explain letterboxing. It won't get in the way like before, either, because there's now empty space due to letterboxing above the page area. Hell, if you could make the whole letterbox border all around flash yellow three times, it might grab their attention long enough that they'd actually read it. It's ridiculous the lengths we have to go to get people to look into a pitifully simple message, "Danger. This harms you and your fellow community. Please don't do it." I mean, I might as well be talking about climate change! Convenience and coveting seem to be conquering every other decisonal factor.

And thank you very much, from one of your loyal users who complained loudly about the old bad way of handling accidental resizing.

Just to be sure: this new letterboxing feature will still provide some anti-fingerprinting protection regardless of which security setting ("safest", "safer") you are using, right?

Yes. The security trade-offs users make are orthogonal to the privacy protections the browser offers and that's important.

Can TP seek funding from Raspbian.org or RaspberryPi.org to

o make a Tor Browser for the Pi?

o make the Raspbian repo into an onion?

o design a Pi to Pi secure chat? (Would be very useful in places like Santiago and Hong Kong, where neighbors need to talk to neighbors.)

o offering a battery making the Pi mobile?

If it helps, I use Pi-3 and have heard that Pi-4 has some problems with overheating.

I don't have an answer for designing a Pi to Pi secure chat, but...

> Tor Browser for the Pi?

There is a more active comment thread about Tor for Pi in this blog post and ticket #12631 for ARM architecture.

> make the Raspbian repo into an onion?

You seek Peter Palfrader. He manages the onions for both Tor Project and Debian (name in footers at bottom). While you're asking Tor Project to reach out, ask Raspbian to reach out to TP at the same time, too. Coordinate introducing them.

> a battery making the Pi mobile?

Could've done a web search before asking. Those exist. Bookmark stores that sell electronics components:
https://duckduckgo.com/?q=adafruit+similar
https://www.reddit.com/r/arduino/comments/1zocsq/alternatives_to_make_a…
https://www.quora.com/What-are-some-other-popular-websites-similar-to-S…

For good measure, also bookmark "maker" sites, hobbyist robotics sites, hackaday.com, and "single board computers".

> You seek Peter Palfrader. He manages the onions for both Tor Project and Debian (name in footers at bottom). While you're asking Tor Project to reach out, ask Raspbian to reach out to TP at the same time, too. Coordinate introducing them.

Would if I could but have been unable to contact any of the suggested entities.

Thanks for the tip about Pi batteries.

Thank you for this nice update, nothing will ever be 100% but 99.999%, threats are renewed every hour, just a question to those who criticize: Who is able to do better than the Tor Project on time current?
Simplicity, security, development, freedom of speech to users, speed to fill the gaps, seriousness in the realization ...? Nobody!
It's very very hard for them, how many different platforms and configurations for each of us? a lot ... they have enormous pressure, do not forget that they carry our lives at arm's length ...

Thank you Tor Project

Plus one.

I add a shout-out to Tails Project too. I rely on Tor and Tails because I use Tails for just about everything I do on-line, and many things I do off-line too!

Is there any way to disable the letterboxing feature or change the size or color of the border area?

> change the size or color of the border area?

Size? Yes, drag the window borders. Maximized or fullscreen? Not without recompiling. The dimensions of the inner area snap to intervals of 200 px by 100 px. It's intentional so everyone's browser fingerprints will look more alike, but leaving the window at its starting size is best for privacy. For more information, scan yourself on a browser fingerprinting site such as EFF's panopticlick, but note that Tor Browser's traffic is designed to appear as similar as possible to other Tor Browsers. It isn't practical and is basically pointless for Tor Browser's traffic, coming from the Tor network, to look like normal "clearnet" browsers.

Color? They're working on it: Bug #32220. Stay tuned.

Tor browser no longer launching after this update. Tried both upgrading from 8.5.5 and installing a fresh one. I'm using Trisquel 8 x86.

What error messages are you getting if you start it from the commandline like ./start-tor-browser.desktop --debug?

Thanks very much for the update.

I'm having the same problem as Dustin. Updated from v8.5.5 and then tried fresh install and it won't start.

My OS is Kubuntu 14.04.6 LTS i686 (I know, I should upgrade).

Starting it from command line I get:

user@computer:/opt/tor-browser_en-US/Browser$ ./start-tor-browser --debug
./firefox.real: error while loading shared libraries: libatomic.so.1: cannot open shared object file: No such file or directory
user@computer:/opt/tor-browser_en-US/Browser$

(Permissions, owner and so on are fine, it was working correctly up to v8.5.5)

Looks like it's working after installing package libatomic1:i386 (4.8.4-2ubuntu1~14.04.4). Couldn't find libatomic.so.1 anywhere in my file system (apparently isn't installed by default) and that package seems to provide the library.

Thanks! I've filed https://trac.torproject.org/projects/tor/ticket/32259 to fix that issue. Sorry for the inconvenience.

Confirmed working again after installing the said package. Thanks to user@computer for the workaround.

Launching './Browser/start-tor-browser --detach --debug'...
./firefox.real: error while loading shared libraries: libatomic.so.1: cannot open shared object file: No such file or directory

Congratulations on #9!

Looks pretty okay over here. No complaints yet. Still, I'm going to wait until the first wave of bug fixes before I settle in.

Going to 68 is a big jump!

After update! Tor browser is just complete black... i use parrot os/Debian

Are you using torbrowser-launcher? If so, then https://trac.torproject.org/projects/tor/ticket/32215#comment:1 might help you.

after the upgrade (8.5 -> 9.0 ), when starting up, the error message "Startup is not possible because api-ms-win-crt-convert-L1-1-0.dll is missing on the computer. Try reinstalling the program."
(use a online translate :\ )

Win 7.

Hey! This is a security software, and it is not intended to be used on an OS without security updates.

Tor Browser 9 leak my OS!
On https://ipleak.net/ I see "Platform: Linux x86_64". This is true! But I like to see Windows NT 10.0 there.
User Agent is okay. Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0

I am using Tor Browser 9.0 under Tails 4.0, with security set to "safer".

I just tested this and got the same result reported above:

> Your User Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
> Platform: Linux x86_64

No idea whether this is a serious issue.

On the bright side, the IP shown is that of the exit router, and the test site reports no DNS leaks either. No leaks about plugins or mime either.

Used TB 9.0 under Tails 4.0 with security set to "safest", which disables Javascript.

Then IPleaks is unable to detect anything but the fact that my circuit used a particular exit node and the fact that I followed a link from this blog.

Of course this setting may make some sites less functional.

Same here IPLeak is showing my correct Platform :(

Crashes before it can even start for me. Error 0xc0000005. I had to roll back to 8.5.5.

Do you have some anti-virus/firewall software installed that could interfere here? If so, which? Could you test whether uninstalling it (disabling is often not enough) gets Tor Browser working again?

Where are the cookie options to block all cookies?

It is not recommended to change cookie options from Tor Browser defaults. Just use the security level shield and New Identity features. Customization of network behavior (such as which cookies you accept and reject) will make your traffic conspicuous from other Tor Browser users and easier to be tracked. New Identity clears cookies. If you accept the risks and want to change cookie options anyway, find them in the Preferences menu.

Join the discussion...

We encourage respectful, on-topic comments. Comments that violate our Code of Conduct will be deleted. Off-topic comments may be deleted at the discretion of the post moderator. Please do not comment as a way to receive support or report bugs on a post unrelated to a release. If you are looking for support, please see our support portal or ways to get in touch with us.

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

3 + 0 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.