New Release: Tor Browser 9.0a2

by boklm | June 11, 2019

Tor Browser 9.0a2 is now available from the Tor Browser Alpha download page and also from our distribution directory.

Note: this is an alpha release, an experimental version for users who want to help us test new features. For everyone else, we recommend downloading the latest stable release instead.

This release is fixing regressions and providing small improvements similarly to our 8.5.1 release. Additionally, we update Tor to 0.4.1.2-alpha, OpenSSL to 1.1.1c, we disable the WebGL readPixel() fingerprinting vector, add the ro locale, and start updating our toolchains in prevision to the planned migration to Firefox 68 ESR.

The full changelog since Tor Browser 9.0a1 is:

  • All platforms
    • Update Torbutton to 2.2
      • Bug 30565: Sync nocertdb with privatebrowsing.autostart at startup
      • Bug 30469: Add ro translation
      • Translations update
    • Update NoScript to 10.6.2
      • Bug 29969: Remove workaround for Mozilla's bug 1532530
    • Update HTTPS Everywhere to 2019.5.13
    • Bug 30541: Disable WebGL readPixel() for web content
    • Bug 30712: Backport fix for Mozilla's bug 1552993
    • Bug 30469: Add locale ro
  • Windows + OS X + Linux
    • Update Tor to 0.4.1.2-alpha
    • Update OpenSSL to 1.1.1c
    • Update Tor Launcher to 0.2.19.1
      • Bug 30469: Add locale ro
      • Translations update
    • Bug 30639: Revert IPv6 support test
    • Bug 30560: Better match actual toolbar in onboarding toolbar graphic
    • Bug 30571: Correct more information URL for security settings
  • Linux
    • Bug 30451: Compile go-webrtc with a non executable stack
  • Android
    • Bug 24920: Only create Private tabs in permanent Private Browsing Mode
    • Bug 30635: Sync mobile default bridges list with desktop one
  • Build System
    • All platforms
      • Bug 30480: Check that signed tag contains expected tag name
      • Bug 30536: Update Go to 1.12.5
    • OS X
      • Bug 30491: Move our macOS builds to Debian Stretch
    • Linux
      • Bug 25930: Update GCC to 8.3.0 for our Linux builds

Comments

Please note that the comment area below has been archived.

June 12, 2019

Permalink

Why is there two versions on F-droid? Which one should users use? And why is the Play Store seemingly getting more updates?

There is an alpha and a stable version. If you want to help us find bugs in new features use the alpha one and the stable otherwise. The Play Store is getting updates faster as this is a process controlled directly by us. For F-Droid we still need to ask the Guardian Project folks to upload new versions for us which is a manual process and costs time. But we work on fixing that: https://trac.torproject.org/projects/tor/ticket/27539

June 13, 2019

Permalink

bridges are such a pain now. when picking auto ones it is very slow, plus there is only 3 bridge lines for maual input. can that be increased to something like orbot where a user can put more than 3? I had several issues where all 3 bridges I got manually are either very slow (1-2 kbps) or just not working and this goes for all bridge types.

final question: in manual input it says address:port, so does that mean for obfs4 bridge lines there is no need for the rest of the line?

thank you

June 15, 2019

In reply to gk

Permalink

then it should say so because it is confusing now. And I hope you would consider bridge spaces in the future and make it just like orbot where its possible to put more than 3 in case all 3 are not working which is happening to me now and also not to have to paste the lines one by one, a single space for all bridges is much better and time saving.

by the way bridgedb is still fetching non working bridges and its sooo time consuming to get a working one and the default bridges in torbrowser are not working

for people relying on bridges this is like a total tor outage, hope you could do something about it

What is your operating system? I am able to enter as many as I want on desktop version. The vertical size of the box is 3 lines, but press Enter after 3 lines, and a scroll bar displays. Go on typing.

Only obfs4 and meek are recommended right now, and meek is basically for users in China.

TorButton --> Tor Network Settings --> "Provide a bridge I know" does say "type address:port (one per line)". Good point. I was not able to find an answer in the documentation manuals or support or old site except for one page in BridgeDB that says, "copy and paste the bridge lines into the text input box." Paste the entire line into the box. TorButton's description in the empty text box should be improved.

June 14, 2019

Permalink

What about the DDos Vulnerabilities of onion websites? Is that going to get fixed?

June 14, 2019

Permalink

Cloudflare Ray ID: 4e6fef96eda72a7d Your IP: 2405:8100:8000:5ca1::319:45eb Performance & security by Cloudflare

June 14, 2019

Permalink

Hello, please, help me. I have a Linux laptop and want to run a free virtual machine (prefer a hypervisor) for commercial use. Highly important privacy.
1. What a matches have? (If I right understood, Proxmox will delete all data from the host machine. No need.)
2. Is there any matches without a GPL, Apache or like it license?
3. What exactly goals have TAILS? What a negative points it have? It can be run without a USB-device?
4. How to recognize, what a system I have, 64 or 86? If hypervisor made for x86 (like KVM) it possible to run this vm on the x64 computer? Can I run bhyve on the Linux laptop? How I can find usual info about system?
5. Where I can anonymously ask any questions like that? (Better if without a registration and with Tor-safest enabled.)

1. This is not the place to ask. This site is about Tor Project.

2. GPL and Apache are notably different. Learn about free/open source licenses. Running the software is not the same as redistributing, modifying, or linking libraries.
https://en.wikipedia.org/wiki/Free_software_license#Definition_conflicts
https://en.wikipedia.org/wiki/Comparison_of_free_and_open-source_softwa…
https://en.wikipedia.org/wiki/Public-domain-equivalent_license

3. Tails is not managed by Tor Project. Go to Tails Help & Support. It can be run from a DVD, USB, or as an ISO file if mounted to boot in a virtual machine manager.

4. You wrote that whole comment but didn't type a few keywords in a search engine right there in your browser. Show some effort. Example results 1, 2. In general, the width of memory addresses is not backwards-compatible. Most end-user hardware such as laptops since the middle 2000's decade are 64-bit. Old devices and some small ones are still 32-bit. A 64-bit machine can run 32 or 64 bit software. A 32-bit machine can run only 32-bit software unless the processor supports VT-x/AMD-V for running a 64-bit virtual machine.

5. IRC and other chat services, technology imageboards... It's very hard to find websites that don't demand javascript and registration anymore.

June 15, 2019

Permalink

The new v3 addresses are great, but is there any official support for "link shorteners"? Or any other suggestions for human memorable onion domains? This is for sites where the content is hosted anonymously, but not illegal so people may access it via a tor2web type gateway.

Be aware that tor2web gateways are able to log visits and log what content the visitor accesses. It's best to use Tor Browser to access onions if you can install it.

June 15, 2019

Permalink

Is Windows 10 up to something? I cannot get Tor to work, it says another is running and needs to be shut down. I have re-downloaded it and have to do it every time. When it says copy log to Tor, then it says 0 log entries so have nothing to copy. It just will not start. Even with a fresh download. I am new using Asus Laptop with Windows 10. Am I being sabotaged by Win 10? I have used Tor for years but it seems W10 doesn't want it?

So, a fresh copy is working for you but as soon as you try to start that a second time it fails? Do you delete the old version first or are you installing the new Tor Browser just over the old one? Or a you putting each new Tor Browser into its own directory?

June 17, 2019

Permalink

What does that mean? How to solve this problem?

*/**/**, **:**:**.*** [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
*/**/**, **:**:**.*** [NOTICE] Switching to guard context "bridges" (was using "default")
*/**/**, **:**:**.*** [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
*/**/**, **:**:**.*** [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections.
*/**/**, **:**:**.*** [NOTICE] Opening Socks listener on ***.*.*.*:****
*/**/**, **:**:**.*** [NOTICE] Opened Socks listener on ***.*.*.*:****
*/**/**, **:**:**.*** [NOTICE] Renaming old configuration file to "/sysroot/folder/tor browser folder/Data/Tor/torrc.orig.1"
*/**/**, **:**:**.*** [NOTICE] Bootstrapped 5%: Connecting to directory server
*/**/**, **:**:**.*** [NOTICE] Bootstrapped 10%: Finishing handshake with directory server
*/**/**, **:**:**.*** [WARN] Proxy Client: unable to connect to bridge ("general SOCKS server failure")
*/**/**, **:**:**.*** [WARN] Proxy Client: unable to connect to bridge ("general SOCKS server failure")

June 17, 2019

Permalink

Thanks for the great work you do!

For the few situations when Tor can't be used, and yet TorBrowser's benefits are still desired, what's the best way to disable Tor Launcher?
There are old suggestions online, but since Tor Launcher is recently removed from the FF "Add-ons" list, and hence can't be disabled there easily, Tor Launcher reverts the TB proxy settings on each restart.

Thanks.

June 17, 2019

Permalink

WHEN YOU WILL FINALLY RESOLVE THE VULNERABILITY THAT CAUSING THE ISSUE OF REPEATING DDOS ATTACKS ON TOR BASED WEBSITES ?

June 17, 2019

Permalink

Hi to you all .I am not here to speek about ttb android, because I am not seeing issues. Well just reporting that is good .
Does anyone know tell me something about Icecat web browser for mobile, ? On fdroid it sponsored not that it can use tor ,but once opening setup you can find a tor button. Like private browser more or less. But it does not works trough orbot and not by itself :( .Thx.

June 18, 2019

Permalink

Any thoughts on #27590? I think informing the user about the alt-svc header is valuable. I've noticed several sites doing it, in addition to Cloudflare.

June 19, 2019

Permalink

I would love to help run relays or whatever I can to help but honestly I'm not up to par on coding like you guys are. Wanna teach a newbie, im game.

June 20, 2019

Permalink

Alpha working perfect. I ONLY use Orbot and also Quantum Flare (for tracker & malware protection), and never had to root my droid devices.

Long live Tor!