New Release: Tor Browser 9.0a8

One Tor Browser quirk that's been quite annoying for the past few major releases is the way it interacts with dconf database on GNU/Linux. It seem this is because Tor Browser runs with only "partially" modified HOME environment variable which results in strange behavior.

It does not to read the values from the user's dconf database, which is of course how it should be. Because it can't find such database under modified HOME, the values used are the defaults. This is expected behavior. Yet at the same time it somehow manages to write these default values to user's dconf database under original HOME nonetheless. In effect, this results in user's dconf values (which are used outside of Tor Browser by other programs) being continuously reset by Tor Browser to defaults.

One noticeably example is the file dialog in Tor Browser (GTK3 FileChooser) which resets org.gtk.Settings.FileChooser values. In practice this means GTK3 file dialog is reset to its default behavior in all other programs that use it. For example, the window size of the dialog maxes out.

Another way to confirm this is by copying ~/.config/dconf/user to Browser/.config/dconf/user. What happens is that Tor Browser now reads values from this copied file and thus does not use default values, but it still writes values to the first original file in original HOME instead of the second one in modified HOME. So to reiterate, it reads (or tries to read) dconf values from the modified HOME, but then writes them to the original HOME. And for some things like the file dialog above this write operation is performed just by opening the dialog without actually doing anything with it.

Now in this narrow case of dconf this can all legitimately be dismissed as upstream's inconsistent use of the HOME variable. However in the long run I think a better approach should be developed that more thoroughly modifies and isolates the environment that Tor Browser runs in. I know there were some abandoned sandboxing attempts in the past, however even a dumb approach like using a "chroot jail" would be better in the meantime than the current situation.

What would you suggest as an isolation of Tor Browser that we can setup ourselves?

at startup:
XML Parsing Error: undefined entity
Location: moz-nullprincipal:{508267cc-699c-4b82-aa3f-645e54660f44}
Line Number 1, Column 143: {508267cc-699c-4b82-aa3f-645e54660f44}:1:143

about:plugins:
NS_NOINTERFACE: Component returned failure code: 0x80004002 (NS_NOINTERFACE) [nsIWebProgress.DOMWindow] WebNavigationContent.js:267

when moving a tab:
TypeError: event.originalTarget.getAttribute is not a function tabbrowser.xml:2310:34
onxblmouseover chrome://browser/content/tabbrowser.xml:2310

Bug 28196: about:preferences is not properly translated anymore:
" This brand name can be used in messages where the product name needs to
remain unchanged across different versions (Nightly, Beta, etc.). -->"
Why did you make all product names unchanged (not only mentioned above)?

If you click rapidly on Security level button several times, it stops functioning.

Bug 30463: Explicitly disable MOZ_TELEMETRY_REPORTING:
If you disable MOZ_SERVICES_HEALTHREPORT, then Mozilla claims it also "Removes the Data Collection Preferences UI".

Bug 31935: Disable profile downgrade protection:
Why do you disable this useful feature that prevents damage to Tor Browser? Didn't it detect a mess with esr60 & esr68 profiles on MacOS?

> Bug 31286: Provide network settings on about:preferences#tor
"Select a built-in bridge", etc allows to be saved as empty setting.

Bug 27511: Add new identity button to toolbar

When do you plan to remove it?

> Bug 29013: Enable stack protection for Firefox on Windows
-fstack-protector-strong appears 2 times in about:buildconfig

Bug 30504: Deal with New Identity related browser console errors

TypeError: win.gBrowser is undefined ProcessHangMonitor.jsm:418:18

The new icon for new identity projects an image of something being merely cleaned or cleared. What's missing is the idea of restarting the session, that is to say, as if Tor Browser itself restarted. The fact that all existing windows actually close and a new fresh window opens is a great way of signalling that, it gives the user the feeling that they started completely afresh in a new session. (Which is why the fact that windows close and open on newnym should not be "fixed" because it's too "brusque", it's a good UX feature.)

The old icon, despite its shortcomings (e.g. can be mistaken for the "reload page" icon), nevertheless had this advantage because the spin/circle arrow symbolized restarting of the session. It also fit somewhat nicely with the "New Tor Circuit" icon (Tor onion with the spin arrow) whereas the broom icon doesn't fit in very well with the rest of icons, it doesn't seem to be TBB-related.

Maybe you could base the new icon on a flat version of the TBB icon itself (half-open onion). I think just adding a plus emblem or a reload spin arrow to the half-open onion could work very well given the fact that TBB windows will actually close and a new window will appear, as if TBB itself has restarted afresh. The icon would more clearly signify what happens before being used the first time, and the user would more easily make the intuitive association on subsequent uses.

I'm more inclined towards the spin arrow though, because the plus emblem symbolizes an addition to the current state, whereas the spin arrow is more directly associated with restarting or reloading something i.e. the previous thing gets discarded and replaced by a new one in its stead.

security.sandbox.plugin.tempDirSuffix
New UUID for tracking users!

[10-16 13:30:38] Torbutton INFO: tor SOCKS: https://blog.torproject.org/themes/tor_bootstrap/favicons/android-chrom… via
--unknown--:c9b821f6728109c0dd2b810299820cf7
when switching from the guard to a bridge on the fly.

4pr? WTF?
10/16/19, 14:06:58.505 [NOTICE] Switching to guard context "bridges" (was using "default")
10/16/19, 14:06:58.506 [WARN] CreateProcessA() failed: The system cannot find the file specified.
10/16/19, 14:06:58.506 [WARN] Failed to start process: TorBrowser\Tor\PluggableTransports\obfs4pr
10/16/19, 14:06:58.506 [WARN] Managed proxy at 'TorBrowser\Tor\PluggableTransports\obfs4pr' failed at launch.