New Release: Tor Browser 9.0

Update [7:30 UTC]: Clarified the amount of locales we support. It's 32 with Tor Browser 9.0.

Update [10:45 UTC]: Added a section about letterboxing.

Tor Browser 9.0 is now available from the Tor Browser download page and also from our distribution directory.

This release features important security updates to Firefox.

Tor Browser 9.0 is the first stable release based on Firefox 68 ESR and contains a number of updates to other components as well (including Tor to and OpenSSL to 1.1.1d for desktop versions and Tor to for Android).

In addition to all the needed patch rebasing and toolchain updates, we made big improvements to make Tor Browser work better for you.

We want everyone in the world to be able to enjoy the privacy and freedom online Tor provides, and that's why over the past couple years, we've been working hard to boost our UX and localization efforts, with the biggest gains first visible in Tor Browser 8.0.

In Tor Browser 9.0, we continue to build upon those efforts with sleeker integration and additional localization support.

Goodbye, Onion Button

We want your experience using Tor to be fully integrated within the browser so how you use Tor is more intuitive. That's why now, rather than using the onion button that was in the toolbar, you can see your path through the Tor network and request a New Circuit through the Tor network in [i] on the URL bar.

Tor Browser - circuit display - dark theme


Hello, New Identity Button

Tor Browser - Toolbar - New Identity Button

Instead of going into the onion button to request a New Identity, we've made this important feature easier to access by giving it its own button in the toolbar.

Tor Browser - New Identity

You can also request a New Identity, and a New Circuit, from within the [=] menu on the toolbar.

Torbutton and Tor Launcher Integration

Now that both extensions are tightly integrated into Tor Browser, they'll no longer be found on the about:addons page.

Tor Browser - about preferences

We redesigned the bridge and proxy configuration dialogs and include them directly into the browser's preference settings as well.

Rather than being a submenu behind the onion button, Tor Network Settings, including the ability to fetch bridges to bypass censorship where Tor is blocked, are easier to access on about:preferences#tor.


Tor Browser, in its default mode, is starting with a content window rounded to a multiple of 200px x 100px to prevent fingerprinting the screen dimensions. The strategy here is to put all users in a couple of buckets to make it harder to single them out. That worked until users started to resize their windows (e.g. by maximizing them or going into fullscreen mode). Tor Browser 9 ships with a fingerprinting defense for those scenarios as well, which is called Letterboxing, a technique developed by Mozilla and presented earlier this year. It works by adding white margins to a browser window so that the window is as close as possible to the desired size while users are still in a couple of screen size buckets that prevent singling them out with the help of screen dimensions.

Better Localization Support

If we want all people around the world to be able to use our software, then we need to make sure it's speaking their language. Since 8.0, Tor Browser has been available in 25 languages, and we added 5 locales more in Tor Browser 8.5. Today, we add support for two additional languages: Macedonian (mk) and Romanian (ro), bringing the number of supported languages to 32.

We also fixed bugs in our previously shipped localized bundles (such as ar and ko).

Many thanks to everyone who helped with these, in particular to our translators.

Known Issue

As usual when preparing Tor Browser releases, we verified that the build is bit-for-bit reproducible. While we managed to get two matching builds, we found that in some occasions the builds differ (we found this happening on the Linux i686 and macOS bundles). We are still investigating the cause of this issue to fix it.

Give Feedback

If you find a bug or have a suggestion for how we could improve this release, please let us know. Thanks to all of the teams across Tor, and the many volunteers, who contributed to this release.


The full changelog since Tor Browser 8.5.6 is:

  • All Platforms
    • Update Firefox to 68.2.0esr
    • Bug 31740: Remove some unnecessary RemoteSettings instances
    • Bug 13543: Spoof smooth and powerEfficient for Media Capabilities
    • Bug 28196: about:preferences is not properly translated anymore
    • Bug 19417: Disable asmjs on safer and safest security levels
    • Bug 30463: Explicitly disable MOZ_TELEMETRY_REPORTING
    • Bug 31935: Disable profile downgrade protection
    • Bug 16285: Disable DRM/EME on Android and drop Adobe CDM
    • Bug 31602: Remove Pocket indicators in UI and disable it
    • Bug 31914: Fix eslint linter error
    • Bug 30429: Rebase patches for Firefox 68 ESR
    • Bug 31144: Review network code changes for Firefox 68 ESR
    • Bug 10760: Integrate Torbutton into Tor Browser directly
    • Bug 25856: Remove XUL overlays from Torbutton
    • Bug 31322: Fix about:tor assertion failure debug builds
    • Bug 29430: Add support for meek_lite bridges to bridgeParser
    • Bug 28561: Migrate "About Tor Browser" dialog to tor-browser
    • Bug 30683: Prevent detection of locale via some *.properties
    • Bug 31298: Backport patch for #24056
    • Bug 9336: Odd wyswig schemes without isolation for
    • Bug 27601: Browser notifications are not working anymore
    • Bug 30845: Make sure internal extensions are enabled
    • Bug 28896: Enable extensions in private browsing by default
    • Bug 31563: Reload search extensions if extensions.enabledScopes has changed
    • Bug 31396: Fix communication with NoScript for security settings
    • Bug 31142: Fix crash of tab and messing with about:newtab
    • Bug 29049: Backport JS Poison Patch
    • Bug 25214: Canvas data extraction on local pdf file should be allowed
    • Bug 30657: Locale is leaked via title of link tag on non-html page
    • Bug 31015: Disabling SVG hides UI icons in extensions
    • Bug 30681: Set security.enterprise_roots.enabled to false
    • Bug 30538: Unable to comment on The Independent Newspaper
    • Bug 31209: View PDF in Tor Browser is fuzzy
    • Translations update
  • Windows + OS X + Linux
    • Update Tor to
    • Update OpenSSL to 1.1.1d
      • Bug 31844: OpenSSL 1.1.1d fails to compile for some platforms/architectures
    • Update Tor Launcher to
      • Bug 28044: Integrate Tor Launcher into tor-browser
      • Bug 32154: Custom bridge field only allows one line of input
      • Bug 31286: New strings for about:preferences#tor
      • Bug 31303: Do not launch tor in browser toolbox
      • Bug 32112: Fix bad & escaping in translations
      • Bug 31491: Clean up the old meek http helper browser profiles
      • Bug 29197: Remove use of overlays
      • Bug 31300: Modify Tor Launcher so it is compatible with ESR68
      • Bug 31487: Modify moat client code so it is compatible with ESR68
      • Bug 31488: Moat: support a comma-separated list of transports
      • Bug 30468: Add mk locale
      • Bug 30469: Add ro locale
      • Bug 30319: Remove FTE bits
      • Translations update
    • Bug 32092: Fix Tor Browser Support link in preferences
    • Bug 32111: Fixed issue parsing user-provided bridge strings
    • Bug 31749: Fix security level panel spawning events
    • Bug 31920: Fix Security Level panel when its toolbar button moves to overflow
    • Bug 31748+31961: Fix 'Learn More' links in Security Level preferences and panel
    • Bug 28044: Integrate Tor Launcher into tor-browser
    • Bug 31059: Enable Letterboxing
    • Bug 30468: Add mk locale
    • Bug 30469: Add ro locale
    • Bug 29430: Use obfs4proxy's meek_lite with utls instead of meek
    • Bug 31251: Security Level button UI polish
    • Bug 31344: Register SecurityLevelPreference's 'unload' callback
    • Bug 31286: Provide network settings on about:preferences#tor
    • Bug 31886: Fix ko bundle bustage
    • Bug 31768: Update onboarding for Tor Browser 9
    • Bug 27511: Add new identity button to toolbar
    • Bug 31778: Support dark-theme for the Circuit Display UI
    • Bug 31910: Replace meek_lite with meek in circuit display
    • Bug 30504: Deal with New Identity related browser console errors
    • Bug 31929: Don't escape DTD entity in ar
    • Bug 31747: Some onboarding UI is always shown in English
    • Bug 32041: Replace = with real hamburguer icon ≡
    • Bug 30304: Browser locale can be obtained via DTD strings
    • Bug 31065: Set network.proxy.allow_hijacking_localhost to true
    • Bug 24653: Merge into torbutton.dtd
    • Bug 31164: Set up default bridge at Karlstad University
    • Bug 15563: Disable ServiceWorkers on all platforms
    • Bug 31598: Disable warning on window resize if letterboxing is enabled
    • Bug 31562: Fix circuit display for error pages
    • Bug 31575: Firefox is phoning home during start-up
    • Bug 31491: Clean up the old meek http helper browser profiles
    • Bug 26345: Hide tracking protection UI
    • Bug 31601: Disable recommended extensions again
    • Bug 30662: Don't show Firefox Home when opening new tabs
    • Bug 31457: Disable per-installation profiles
    • Bug 28822: Re-implement desktop onboarding for ESR 68
  • Windows
    • Bug 31942: Re-enable signature check for language packs
    • Bug 29013: Enable stack protection for Firefox on Windows
    • Bug 30800: ftp:// on Windows can be used to leak the system time zone
    • Bug 31547: Back out patch for Mozilla's bug 1574980
    • Bug 31141: Fix typo in font.system.whitelist
    • Bug 30319: Remove FTE bits
  • OS X
    • Bug 30126: Make Tor Browser compatible with macOS 10.15
    • Bug 31607: App menu items stop working on macOS
    • Bug 31955: On macOS avoid throwing inside nonBrowserWindowStartup()
    • Bug 29818: Adapt #13379 patch for 68esr
    • Bug 31464: Meek and moat are broken on macOS 10.9 with Go 1.12
  • Linux
    • Bug 31942: Re-enable signature check for language packs
    • Bug 31646: Update abicheck to require newer
    • Bug 31968: Don't fail if /proc/cpuinfo is not readable
    • Bug 24755: Stop using a heredoc in start-tor-browser
    • Bug 31550: Put curly quotes inside single quotes
    • Bug 31394: Replace "-1" with "−1" in start-tor-browser.desktop
    • Bug 30319: Remove FTE bits
  • Android
    • Update Tor to
    • Bug 31010: Rebase mobile patches for Fennec 68
    • Bug 31010: Don't use addTrustedTab() on mobile
    • Bug 30607: Support Tor Browser running on Android Q
    • Bug 31192: Support x86_64 target on Android
    • Bug 30380: Cancel dormant by startup
    • Bug 30943: Show version number on mobile
    • Bug 31720: Enable website suggestions in address bar
    • Bug 31822: Security slider is not really visible on Android anymore
    • Bug 24920: Only create Private tabs in permanent Private Browsing Mode
    • Bug 31730: Revert aarch64-workaround against JIT-related crashes
    • Bug 32097: Fix conflicts in mobile onboarding while rebasing to 68.2.0esr
  • Build System
    • All Platforms
      • Bug 30585: Provide standalone clang 8 project across all platforms
      • Bug 30376: Use Rust 1.34 for Tor Browser 9
      • Bug 30490: Add cbindgen project for building Firefox 68 ESR/Fennec 68
      • Bug 30701: Add nodejs project for building Firefox 68 ESR/Fennec 68
        • Bug 31621: Fix node bug that makes large writes to stdout fail
      • Bug 30734: Add nasm project for building Firefox 68 ESR/Fennec 68
      • Bug 31293: Make sure the lo interface inside the containers is up
      • Bug 27493: Clean up mozconfig options
      • Bug 31308: Sync mozconfig files used in tor-browser over to tor-browser-build for esr68
    • Windows
      • Bug 29307: Use Stretch for cross-compiling for Windows
      • Bug 29731: Remove faketime for Windows builds
      • Bug 30322: Windows toolchain update for Firefox 68 ESR
        • Bug 28716: Create mingw-w64-clang toolchain
        • Bug 28238: Adapt firefox and fxc2 projects for Windows builds
        • Bug 28716: Optionally omit timestamp in PE header
        • Bug 31567: NS_tsnprintf() does not handle %s correctly on Windows
        • Bug 31458: Revert patch for #27503 and bump mingw-w64 revision used
      • Bug 9898: Provide clean fix for strcmpi issue in NSPR
      • Bug 29013: Enable stack protection support for Firefox on Windows
      • Bug 30384: Use 64bit containers to build 32bit Windows Tor Browser
      • Bug 31538: Windows bundles based on ESR 68 are not built reproducibly
      • Bug 31584: Clean up mingw-w64 project
      • Bug 31596: Bump mingw-w64 version to pick up fix for #31567
      • Bug 29187: Bump NSIS version to 3.04
      • Bug 31732: Windows nightly builds are busted due to mingw-w64 commit bump
      • Bug 29319: Remove FTE support for Windows
    • OS X
      • Bug 30323: MacOS toolchain update for Firefox 68 ESR
      • Bug 31467: Switch to clang for cctools project
      • Bug 31465: Adapt tor-browser-build projects for macOS notarization
    • Linux
      • Bug 31448: gold and lld break linking 32bit Linux bundles
      • Bug 31618: Linux32 builds of Tor Browser 9.0a6 are not matching
      • Bug 31450: Still use GCC for our ASan builds
      • Bug 30321: Linux toolchain update for Firefox ESR 68
        • Bug 30736: Install yasm from wheezy-backports
        • Bug 31447: Don't install Python just for Mach
      • Bug 30448: Strip Browser/gtk2/
    • Android
      • Bug 30324: Android toolchain update for Fennec 68
        • Bug 31173: Update android-toolchain project to match Firefox
        • Bug 31389: Update Android Firefox to build with Clang
        • Bug 31388: Update Rust project for Android
        • Bug 30665: Get Firefox 68 ESR working with latest android toolchain
        • Bug 30460: Update TOPL project to use Firefox 68 toolchain
        • Bug 30461: Update tor-android-service project to use Firefox 68 toolchain
      • Bug 28753: Use Gradle with --offline when building the browser part
      • Bug 31564: Make Android bundles based on ESR 68 reproducible
      • Bug 31981: Remove require-api.patch
      • Bug 31979: TOPL: Sort dependency list
      • Bug 30665: Remove unnecessary build patches for Firefox

October 24, 2019


Danger! TOR BROWSER version 9.0 Android -9.* ALPHA Android.

A vulnerability in the Tor Browser (Android) - version 9.0 / 9.*.* (alpha)

The problem description concerns Tor Browser version 9.0 / 9.*.* (alpha) for Android operating system!
The reason for the vulnerability: - after clearing the cache online, cookies and other identification data remain in the browser.

Detailed description of the actions performed and the presence of the problem:
I do not make any changes to the settings, I do not use add-ons.
Using a clean browser
After clearing the cache from the browser menu, necessarily change the tor ID.
And under such conditions, the result is sad.

My action:

1) launch Tor Browser
2) on the main page about:tor in the "address input field" window, I register the site address
3) click, activate the link
4) the site page opens
5) enter login and password
6) click, for the authorization process.
7) the page is reloaded, authorization occurs
8) I make any actions necessary for me on the site under my login and password.
9) the site page is open, do not click (do not click) on the exit button - do not touch anything.
10) click, browser menu
11) I go to the browser settings menu, click: "clear private data"
12) browser reports: "personal data deleted"
13) close the browser menu
14) in the opened main browser window (about: tor) in the address input field, I register the address of the site where I just was.
15) click
16) the site page is loaded and opened
17) I see on the opened main page of the site that I am authorized and online!
18) I click for example: on the link to enter the personal account, and freely enter without entering the login and password, I can perform any actions without authorization.

To FIX the PROBLEM, you need to BLOCK the AUTOMATIC link TRANSITION to the "PRIVATE MODE" (browser.privatebrowsing.autostart; false )

I do not recommend using version 9.0 / 9.* - (alpha).

In the about:config SETTINGS, FIND: browser.privatebrowsing.autostart SET TO; false (browser.privatebrowsing.autostart; false )

Опасность! TOR BROWSER версий 9.0 андроид -9.*ALPHA андроид.

Уязвимость в Tor Browser (андроид) - версий 9.0 / 9.*.* (alpha)

Описание проблемы касается Tor Browser версий 9.0 / 9.*.* (alpha) для операционной системы андроид!
Причина уязвимости: - после очистки кеша онлайн, в браузере остаются файлы куки и прочие идентификационные данные.

Подробное описание совершаемых действий и присутствие проблемы:
Никаких изменений настроек не совершаю, не использую дополнения.
Пользуясь чистым браузером
После очистки кеша из меню браузера, в обязательном порядке меняю идентификатор TOR.
И при таких условиях результат печальный.

Мои действия:

1) запускаю Tor Browser
2) на главной странице about:tor в окне "поле ввода адреса" прописываю адрес сайта
3) кликаю, активирую ссылку
4) открывается страница сайта
5) ввожу логин и пароль
6) кликаю, для процесса авторизации.
7) страница перезагружается, происходит авторизация
8) совершаю любые необходимые мне действия на сайте под своим логином и паролем.
9) страница сайта открыта, не кликаю (не нажимаю) на кнопку выход - ничего не трогаю.
10) кликаю, меню браузера
11) вхожу в меню настроек браузера, нажимаю: "clear private data"
12) браузер сообщает: "личные данные удалены"
13) закрываю меню браузера
14) в открывшемся главном окне браузера (about:tor) в поле ввода адреса вторично прописываю адрес сайта где только что был.
15) кликаю
16) загружается и открывается страница сайта
17) вижу на открывшейся главной странице сайта, что я авторизован и нахожусь в онлайне!
18) кликаю например: на ссылку входа в личный кабинет, и беспрепятственно вхожу не вводя логин и пароль, могу совершать любые действия без прохождения авторизации.


Не рекомендую использовать версии 9.0 / 9.* -(alpha).

В НАСТРОЙКАХ about:config НАЙДИТЕ ПУНКТ: browser.privatebrowsing.autostart УСТАНОВИТЕ ЗНАЧЕНИЕ; false ( browser.privatebrowsing.autostart ; false )


October 24, 2019


Hi, since i download the new version (3 days ago), i cannot open Tor now. I use an other computer with a old version, but i loose everythink i had in may page. A window opens and say :
" firefox.exe - System Error
api-ms-win-crt-convert-l1-1-0.dll is missing from your computer? try reinstalling the program to fix the problem. "

I did it but it's a new page. How can i get my page again (whith all my bookmarks ? Sorry for my poor english.

Old versions are here:
But it will immediately attempt to update, so you have to quickly disable your network connection and turn off automatic updates in Preferences. Do not overwrite the version you're using now. Install it in a different folder or completely delete the version you're using now. Old versions are not recommended for normal usage and do not receive security patches. Use them at your own risk.


October 24, 2019


Hi there!
I updated TBB to last version 9...

After that, many locked prefs in my mozilla.cfg I've made are ignored.

Before version 9 in TBB, no problems.

How can I fix that?

Please help, thanks!


October 24, 2019


- TorService is shutting down
- Orbot is deactivated
- updating settings in Tor service
- updating torrc custom configuration...
- success.
- checking binary version:
- Orbot is starting…
- Connecting to control port: 38327
- Connecting to control port: 39793
- SUCCESS connected to Tor control port.
- SUCCESS - authenticated tor control port.
- Took ownership of tor control port.
- adding control port event handler
- SUCCESS added control port event handler
- NOTICE: Opening Socks listener on
- NOTICE: Opened Socks listener on
- NOTICE: Opening DNS listener on
- NOTICE: Opened DNS listener on
- NOTICE: Opening Transparent pf/netfilter listener on
- NOTICE: Opened Transparent pf/netfilter listener on
- NOTICE: Opening HTTP tunnel listener on
- NOTICE: Opened HTTP tunnel listener on
- Starting Tor client… complete.
- WARN: Managed proxy at '/data/app/org.torproject.torbrowser-3z0YituDxSAMCEVO8PCYTQ==/lib/arm64/' reported: error: "/data/app/org.torproject.torbrowser-3z0YituDxSAMCEVO8PCYTQ==/lib/arm64/": executable's TLS segment is underaligned: alignment is 8, needs to be at least 64 for ARM64 Bionic
- WARN: Pluggable Transport process terminated with status code 6

Just wanted to add that while these sites can provide good information for non-Tor browsers, they are not designed with the special needs of Tor users in mind, so many of the things you see there may be technically true, but also seriously misleading in the context of using Tor Browser.


October 24, 2019


ok, I hope you will forgive me for not reading 6+ pages of comments bc yolo

How does it launch when you run a local tor client? This used to work without additional config: local tor client + TB

Now it segfaults when launching TB.
If I run TB exec binary it does not segfault--but then it shows Tor Launcher and "cannot find tor client"/"waiting for tor client" thus never loading browser.

is it a bug/reported?


October 24, 2019


[Moderator: please allow some more OT praise for Tails 4.0]

The blog post about Tails 4.0 does not allow comments, but I'd like to point out some more features which are working great:

o Tails starts noticeably faster and shuts down faster on laptops and desktops

o gedit working fine

o LibreOffice starts instantly instead of taking a minute to start

o Configuring a laserprinter in Tails 4.0 is a bit different but works fine

The best way to thank the developers (reward success!) follows :-)

(I have no affiliation with either Project other than as a user.)


October 24, 2019


Hi, I would like to have back the previous version. Could someone indicate the link (to old versions) where I can download this (before this 9.0)? Thanks.


October 24, 2019


> Bug 31740: Remove some unnecessary RemoteSettings instances
> Bug 13543: Spoof smooth and powerEfficient for Media Capabilities
> ...
> Bug 31979: TOPL: Sort dependency list
> Bug 30665: Remove unnecessary build patches for Firefox

Never have so few done so much for so many. You have the thanks of a grateful world.

And soon, dare I hope, individual donations from same! :-)


October 24, 2019


I figured out the problem with running a local tor client: the segfault was not a bug but instead a subtlety of abicheck that would not impact default config.

The issue with TB 9 is: no way to setup user prefs from tor launcher stage. Instead you must create user.js and place it in profile.default to apply the required preferences and continue TB9 startup past tor launcher, and TB9 needs to be launched specifying control port password.


October 24, 2019


PLEASE add a setting to turn off the letterboxing in fullscreen mode, it's so disgusting to look at.

People like you who go out of their way install a privacy browser but then set uniquely trackable dimensions for the window and disregarded the yellow warning for superficial aesthetic reasons are precisely who letterboxing was invented to help in the first place. Do you have some ideas on how to make letterboxing better so you would not disable it?


October 24, 2019


Tor 9.0 (Win64) setup file is infected with the virus Win64:Evo-gen. More specifically the file nssdbm3.dll, which belongs to its package of installation. Moreover also I returned to the 8.5 old-version Tor because this 9.0 release no more offer privacy (block) on cookies during the session.

The virus alert is very likely a false positive by your antirvirus product. Regarding your second point: there is no need to downgrade to an unsupported and vulnerable Tor Browser. You can adjust the cookie preferenences on about:config by setting the respective value for network.cookie.cookieBehavior. Possible values (among others) can be found at:


October 24, 2019


New the "Verifying Signatures" docs are missing a critical piece of information that used to be present in the old docs - the OUTPUT. I.e. the fingerprints. People can no longer check the fingerprints spit out by gpg against those in your "verifying signatures" section because there aren't any. Why would someone remove that?

> People can no longer check the fingerprints spit out by gpg against those in your "verifying signatures" section because there aren't any.

It is true that gpgv does not display fingerprints:
gpgv: invalid option "--fingerprint"
gpgv: invalid option "--with-fingerprint"

However, according to Tor Project's guide:
"After importing the key, you can save it to a file (identifying it by fingerprint here):"
gpg --output ./tor.keyring --export 0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290

That step is how to check the fingerprint. In that command, you type or paste the fingerprint of the key that you expect was used to sign the file. gpg searches its default keyring for that fingerprint, and if gpg finds the matching key, it outputs the key to the file ./tor.keyring. The next command passes that file containing either only the matching key or nothing at all to gpgv.

I admit it is a roundabout procedure compared to the usual way of calling gpg directly. Steps were changed (ticket #31296) after widespread certificate signature flooding attacks. I assume Tor Project chose gpgv in hopes it would reduce confusion or mistakes for newbies, but I don't understand why. Everything can be done with gpg alone, and it allows greater flexibility. Only one step involves gpgv. Substituting gpg for that step (replace FILE with your file):
gpg --no-default-keyring --keyring ./tor.keyring --verify FILE.asc FILE

Or to force displaying long keyIDs and fingerprints:
gpg --keyid-format 0xlong --fingerprint --no-default-keyring --keyring ./tor.keyring --verify FILE.asc FILE


October 24, 2019


I'm shocked at the proportion of comments asking to disable letterboxing. If it were only a few, their choice would basically impact themselves, but if the large proportion here is representative of the whole, then they are impacting the other users who are trying to use Tor Browser as advertised to blend in and maintain privacy. Is this proportion accurately representative of how many users were maximizing their browsers before letterboxing was released and we just didn't know? FP Central and TorZillaPrint are suddenly much more valuable.

Are there certain default newly-opened window dimensions that result in a letterboxed content area? Could it be that some complaints are because of a default letterboxed layout?

Many have complained about its color. It sounds to me as if many complaints are related to watching videos. Traditional letterboxing is black after all, and I remember an old comment talking about Mozilla going back and forth about grey backgrounds when displaying a single image. It's in the blog post about Tor Browser 9.0a4, the alpha that first enabled letterboxing. Many other comments under that post are helpful. Gk's question at that time is more important than ever: "Do you have some ideas on how we could make letterboxing better so you would not disable it?"

In hindsight, I think the yellow warning bar should not have been removed and actually be replaced until users have time to become accustomed to letterboxing. The text on it could have been amended with an explanation of the new letterboxing feature they are seeing. An introduction is especially important because they don't see letterboxing in other browsers by default.

> I'm shocked at the proportion of comments asking to disable letterboxing.

Me too, particularly since I was calling loudly for this feature in comments in previous threads.

> If it were only a few, their choice would basically impact themselves, but if the large proportion here is representative of the whole, then they are impacting the other users who are trying to use Tor Browser as advertised to blend in and maintain privacy.

I had the same thought just before I saw your comment!

> Is this proportion accurately representative of how many users were maximizing their browsers before letterboxing was released and we just didn't know?

I've been wondering about that too.

I think the concern about weird and possibly unwise "customization" by some (many?) TB users possibly harming other TB users is going to be very difficult to assess, much less to mitigate. Nonetheless it is important and deserves discussion.

In some of the other comments in this thread, I saw users mentioning

o being forced (?) to use computers which are not being updated,

o needing to use accessibility features (e.g. for visually impaired users)

o preferences for various browser extensions and plug-ins

o needing to use Tor to log in to various websites

While this is hard to quantify except in very general terms, it seems clear enough that the population of Tor users is very diverse, and while this would be very desirable if everyone could use TB the same way, that is obviously very far from being true. While we who want to keep ourselves and our friends and family safe(r) could try to argue with other users that cybersecurity and privacy and anonymity are too important to be thoughtlessly endangered simply to use some cute but not truly needed app or extension, we certainly do not want to turn away people who suffer from vision or hearing problems.

Nor, perhaps, do we want to make it hard for daring users to explore using Tor in ways the developers have not anticipated, because someone somewhere just might discover something that converts Tor into the Next Great Thing which suddenly everyone in the world decides they simply gotta have. Which would be great if it did not hopelessly clog the Tor network through a sudden surge in global Tor traffic for which the network is not prepared.

One reason why it is important to start thinking about these issues now is that as the Tor network continues to grow, as it must in order to have any hope of keeping anyone safe(r), the diversity of ways in which people use Tor in ways which are not and cannot be anticipated by the developers is sure to increase.

So how can we try to ensure that the coming explosion in user diversity will not do more harm than good to those endangered people who need Tor most?

> So how can we try to ensure that the coming explosion in user diversity will not do more harm than good?

Looking back, users had mixed feelings in the wake of hiding certain things in the main UI in favor of about:config, but most people grew to understand it was a good move toward their shared goals.

I think so too. Probably on the technical side Tor has never been so strong.

It is frustrating to see some reporters (not the most knowledgeable ones) still characterize Tor as "notoriously unreliable software", and that Tor Project never points potential users to articles such as the fairly recent one (in Wired) by Lily Hay Newman advising Internet denizens that there has never been a better time to try Tor.

Regular readers of Ars Technica have no doubt noticed how a veteran reporter, Sean Gallagher, has been seduced by a clever USG cyberwarrior PR offensive, well tailored to his personal background, into making bad judgments (uncritical promulgation of what US military cyberwarrior propaganda). It is unfortunate that Tor Project is not fighting back in the media, because we are all targets of the cyberwarriors.

I believe that currently the most dangerous threats from USG to TP--- despite such alarming incidents as the CMU SEI scandal and the abortive CIA infiltration of TP-- are political, not technical.


October 25, 2019


Hey Tor volunteers I just want to say that compared to the last major upgrade this one gave me no regressions or unpleasant surprises and I'm enjoying the improved performance of Firefox 68 (plus the letterboxing anti-fingerprint feature) that I'd been looking forward to for a long time. Great job.


October 25, 2019


Can I extract this Tbb xz package to the old directory and overwritten most of the old Tbb? After that the bookmark still there?

That's not recommended as it might break your setup in subtle ways. What you could do is backup your bookmarks in your bookmarks menu in your old browser and import them back via the same menu in your new browser.


October 25, 2019


Since TBB on version 9, many entries which I had set on
lockPref - false are ignored in my mozilla.cfg. The are all on default - true :-/ the folder /defaults/pref/auto-config.js

I set:
pref("general.config.filename", "mozilla.cfg");
pref("general.config.obscure_value", 0);

pref("general.config.sandbox_enabled", 0);
pref("media.cubeb.sandbox", false);

That brings me back a lot lockPref settings in my mozilla.cfg, but not all.

What is that? Any idea?

I want it back and have control over that.


October 25, 2019


I'm extremely grateful to everyone who made the Letterboxing feature available in Tor. I sometimes had to use other broswers just because the side bar (which I needed) kept giving away my browser size.
The usefulness of Tor Browser has reached a level I didn't even think was possible.
Thank you all, I'll be donating soon!

> the side bar (which I needed) kept giving away my browser size.

Well, now the window can be stretched so that the sidebar is open AND the content area is snapped to the exact size (fingerprint) that the window had on new identity when the sidebar was closed. :party_emoji: Win-win!

> The usefulness of Tor Browser has reached a level I didn't even think was possible.

And if the US Congress does not make personal privacy/cybersecurity illegal (e.g. by making uncompromising cryptography illegal), personal privacy/cybersecurity products (hardware and software both) may get even better rather soon!

I had high hopes for Tor Messenger and hope that this project will somehow be resurrected, perhaps in partnership with Signal. Better integration with the latest OnionShare could also have transformative effects in how ordinary people use Tor to get the word out about what is happening where they live.

Another area where I see enormous potential is growing a privacy industry which provides simple devices which do one thing but do it well, such as Stingray detection, high quality entropy provision, or high quality time signals, all of which could be very helpful to protesters in Hong Kong or Santiago or ....

Some of these suggestions are more ambitious than others. If Tor Project can continue to move away from government funding toward grassroots user funding, we can achieve our goals of making a better world for future generations to inherit. Or at least, of bequeathing a planetary environment in which is is physically possible for humans to exist. Lack of fresh water, food, sanitation, dry land, deadly heat waves, rampaging wildfires, forever wars, and radioactive fallout all threaten that rather modest but obviously desirable goal.


October 25, 2019


When using the available One-Click Search Engines field of TB 9.0 at a Debian 10.1 (buster, 64 bit) install, the submitted keywords for looking at the "Wikipedia (en)" engine aren't subsmitted to the real Wikipedia search engine. Instead, the search field at the Wikipedia site ( stays empty and the intended Wikipedia search isn't performed at all.

One needs to re-enter the submitted Wikipedia search keyword at the site again to do so. I'm not sure this is a new bug or just another new security and privacy feature in the new TB 9.0 (because of the fact, I suppose, that those keywords usually are mentioned in the URL, which may cause HTML-referer leaks). The other pre-installed Default Search Engine profiles work as one might expect. I hope this observation may clear this issue.