New Release: Tor Browser 9.5.1

Tor Browser 9.5.1 is now available from the Tor Browser download page and also from our distribution directory.

This release updates Firefox to 68.10.0esr and NoScript to 11.0.32.

Also, this release features important security updates to Firefox.

The Windows installer is now code signed with a new Authenticode certificate. Please report any issues you encounter with this version.

The full changelog since Tor Browser 9.5 is:

  • All Platforms
    • Update Firefox to 68.10.0esr
    • Update NoScript to 11.0.32
    • Translations update
    • Bug 40009: Improve tor's client auth stability
  •  Windows + OS X + Linux
    • Bug 34361: "Prioritize .onion sites when known" appears under General
    • Bug 34362: Improve Onion Service Authentication prompt
    • Bug 34369: Fix learn more link in Onion Auth prompt
    • Bug 34379: Fix learn more for Onion-Location
    • Bug 34347: The Tor Network part on the onboarding is not new anymore

my firewall is blocking everything except the traffic to my entrynodes.
tor is trying to connect to a random node once - no retry - short after launch and
before the firefox window pops up. happens within 'Bootstrapped 15%'.
there is no error message in the console. it looks like tor tries to send a ping. not listed in torstatus not listed in torstatus

Could you explain what you mean by "offline relay"? Do you mean that if a node drops off Tor Network a few minutes before a Tor client neccessarily using partially out of date information tries to reach out to it, that could appear suspicious to someone worried about "phoning home"?

Browser Console error message:
[Exception... "Component returned failure code: 0x80004001 (NS_ERROR_NOT_IMPLEMENTED) [nsIAppStartup.secondsSinceLastOSRestart]" nsresult: "0x80004001 (NS_ERROR_NOT_IMPLEMENTED)" location: "JS frame :: resource:///modules/BrowserGlue.jsm
:: _collectStartupConditionsTelemetry :: line 1547" data: no]...............................BrowserGlue.jsm:1547:9

_collectStartupConditionsTelemetry resource:///modules/BrowserGlue.jsm:1547
BG__onFirstWindowLoaded resource:///modules/BrowserGlue.jsm:1649
BG_observe resource:///modules/BrowserGlue.jsm:847
_delayedStartup chrome://browser/content/browser.js:2127
_delayedStartup self-hosted:1003

_collectStartupConditionsTelemetry ???
are you collecting startup conditions information over a random tor circuit?

The default behavior of Firefox is to collect telemetry on users. Tor Browser disables that behavior, or at least tries to.

With every new Firefox release the telemetry gets more invasive. Tor team must review the code each time to remove the telemetry. While it is possible they might have missed something (because humans are fallible) simply having the word 'telemetry' in an output string doesn't mean its actually connecting to anything. They probably just forgot to remove that output.

More testing amongst many users would be good, to verify this is the case.

i configured my entrynodes. they were not selected randomly. i edited torrc and the state-file to:
Guard in=default rsa_id=...........nickname=example1.......
Guard in=default rsa_id=...........nickname=example2.......
Guard in=restricted rsa_id=......nickname=example1.......
Guard in=restricted rsa_id=......nickname=example2.......
there was no additional (or random) traffic necessary to fetch the concensus and this worked over years.
(i know a state-file in a fresh install is different to my one.)
my firewall (IP-based) is blocking this mysterious traffic. nothing else than my entrynodes are allowed.
happens on a fresh install too. it must have to do with your recent changes in 9.5.1. i never had this before.
either tor is trying to send a ping or tor is trying to send data to a collector service or tor tries to fetch some
additional information. TBB works properly without this traffic and i would like to know what it is and how to turn it

This sounds like expected behavior. I'm surprised you haven't seen this previously. The way you are configuring the entry nodes does not enforce only using those nodes. Occasionally tor connects to other entry nodes (in addition to the nodes listed in the state file).

I am not sure about Tor Browser on some OS such as Windows, but Tails certainly expects users to use onion sites, for which it is important that the clock be accurate, so in past editions, when starting Tails, one could see NTP protocol while the Tor client was connecting to the Tor network. In more recent editions, everything seems to be going through Tor, so perhaps trying Tails ( will alleviate these "phone home" concerns.


July 01, 2020


Are updates automatically installed over the Tor network? Does the update installer honor configuration like bridges and proxies?

Downloading an update requires multiple steps. Every server is contacted as a DNS hostname (or IP address) over HTTPS, none of them use onion services (yet).…

1) Tor Browser contacts server "A" and asks if an update is available. If there is an update, then server "A" responds with metadata about the update file (a URL for that file, the size of the file, the SHA512 hash of the file).
2) Tor Browser follows the provided URL and connects to server "B" and downloads the file
3) Tor Browser verifies the size of the file and sha512 hash of the file are as expected
4) Tor Browser verifies the cryptographic signature on the file. Tor Browser has two public keys hard-coded for which signatures on updates will be accepted.

The update is installed after all checks pass.


July 01, 2020


This site glitches if I try posting a comment on the safest security level. I'm on Windows and using 9.5.1, but this issue has been around since 9.5.

This is unlikely to be fixed anytime soon (just as it hasn't been fixed in the last 3 years). Moving to a new blog platform is more likely. Javascript is a de facto requirement on the web now. If you don't want to browse the web with javascript enabled, then that is your choice. The Tor Project puts a lot of effort into making its websites operate seamlessly without javascript available, but sometimes that isn't possible. Unfortunately Drupal is a beast, and solving this problem is not easy. If you want to leave a comment but you don't want to enable javascript, then you should investigate using Tails.

(Not the OP)

I am using Tails 4.8 and just to be clear, to avoid getting caught in an endless loop in which the blog software tries to continually reload the page, you need to drop down from "Safest" to "Safer" in the Tor Browser.

However, I second the recommendation to use Tails (see Journalists, activists, political staffers, local and regional government officials, high school students, employees of companies fond of spying on their workforce, all kinds of people should use Tails for everything online (and probably many things offline too).


July 01, 2020


For quite a while now, the Windows' Torbrowser seems to forget/erase DuckDuckGo searches, so that if a link is clicked in a search and it proves no good, when the browser back button is clicked to go back to the search, DuckDuckGo reverts to a blank starting page, not the previous search results. Very annoying and inconvenient. Is this a cache thing or is there some setting in config that can be changed?

(It does not affect the Android version of TorBrowser, strangely enough)

Join the discussion...

We encourage respectful, on-topic comments. Comments that violate our Code of Conduct will be deleted. Off-topic comments may be deleted at the discretion of the post moderator. Please do not comment as a way to receive support or report bugs on a post unrelated to a release. If you are looking for support, please see our support portal or ways to get in touch with us.

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

8 + 5 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.