Tor Browser 8.0a5 is released

Tor Browser 8.0a5 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This release updates Firefox to 52.7.3esr. In addition, we are updating HTTPS Everywhere, fixing some issues in the Snowflake pluggable transport and exempting .onion domains from mixed content warnings.

The full changelog since Tor Browser 8.0a4 is:

  • All platforms
    • Update Firefox to 52.7.3esr
    • Update HTTPS Everywhere to 2018.3.13
    • Bug 23439: Exempt .onion domains from mixed content warnings
  • OS X
    • Update Snowflake
  • Linux
    • Update Snowflake
Anonymous

March 26, 2018

Permalink

How long until TOR makes a release the default setting for building circuits using the New Encryption ??????????

With an inconvience to update this in time, why even bother with a release if this is all the "WORK" you have to show?

I don't understand your first question: which "New Encryption"?

For the second question, the goal of this release is to fix an important security issue in firefox, so it was important to do it even if there are not many other changes.

Anonymous

March 27, 2018

Permalink

what is the real reliable Tor Browser. From one site I read 8.0a5 and from another Version 7.5.3 (2018-03-26) .
I am confused. Is someone of these two fake?

Anonymous

March 27, 2018

Permalink

Sorry about the miscommunication........

Since, TOR 0.3.2.9 it is built using Newer encryption but still defaults to the older encryption. I think it should default to build circuits using the same crypto as the Hidden Service Version 3 as opposed to the older crypto by default.

I know TOR can only be building older crypto circuits even though I choose New Exit Nodes that supports HSV3 encryption and the newer crypto engines because when I check the Entry and Middle nodes it chooses still many many older crypto nodes that have not updated to the newer crypto. I know it is not scientific explaination, but I can rule out it using the newer crypto because if the entry or middle node don't even support the newer crypto how can TOR be building circuits using newer crypto with them?

I am asking for TOR to default to building full path circuits using the newer crypto and get rid entirely of the older crypto except for older .Onion domains resolution.

There are enough newer nodes to do this now without effecting the network. More than enough time has elapsed since the introduction of the TOR 0.3.2.9 Node.

Anonymous

March 27, 2018

Permalink

I think if Mozilla is causing a Major TOR release to be done due to this, maybe Qupzilla would be a better option for TBB?

I know it might effect the collaborative effort of Mozilla and TOR, but Firefox as a browser is just like using Google Chrome. Qupzilla has a much better future written in C++

Just change the name to TOR GoogleFox browser than no one will need to have to move a dot slightly a few spaces in their brains to figure it out.

Than we can start the whole game over again about the "Open Source" versus closed source debate until Qupzilla turned into the current Firefox engine after much "collaboration". At which time the real "open source" workers will have moved onto another project rather than support the "Mozilla Foundation".

Anonymous

March 27, 2018

Permalink

Sorry, Qupzilla looks like won't work either.........changing to Falkon 3.0?????? I don't know.......I don't like no alternatives to 2 choices just like Political systems. Than offer fake 3rd choice for "flavor".

Anonymous

March 27, 2018

Permalink

Ever since I updated to the 8.0a5 youtube videos won't play. Why is this happening? Am I the only one?

youtube overloads 2 cores! Dummy NoScript doesn't show blocked a/v, so you need tricks to allow them. Videos stall at the beginning as they think you machine is dead. It's a madness!

Still includes the bug affecting customize toolbar.

Yes, because as the changelog implies it has not been fixed yet. This is planned for the regular next alpha. So far we needed to keep up with security updates done by Mozilla on a weekly basis over the last three weeks. The bug you want to track is: https://trac.torproject.org/projects/tor/ticket/25458.

since by and large, all i ever see in these comments, are people bitching at you guys for not fixing this, or approaching a problem the "wrong" way, or for not changing a feature fast enough, etc etc...

i thought i would take a moment to do what nobody else seems to ever do - and THANK YOU for putting in countless hours of your time, so that the rest of us can enjoy some sense of security while we browse the web, and enjoy the freedoms that go along with it. without you guys, the world would be a vastly different place - and not for the better, so regardless of whether or not you got around to fixing some feature that some dickhead doesn't like... i ... excuse me... WE, very much appreciate what you do. keep kickin ass...

Thanks! Much appreciated.

I'll wholeheartedly second that notion (although sometimes I'm one of the complainers). Thank you for all of the hard work you do!

here here!

A bit late now, but sorry for my negative comment. I took a look at the bug description and discovered that most functionality for the customize toolbar still is working despite the bug.

Thanks for all your job making the Tor Browser project possible!

When will we be able to run snowflake as a browser add-on?

We don't plan to do that right now. What would be the benefit of it anyway as the user would need Tor as well?

I think he meant this: https://bugs.torproject.org/23888 https://github.com/glamrock/cupcake/issues/24 (i.e. running a snowflake bridge by just installing an addon)

Why the base of Mozilla Firefox used lags - current 52.7 in Tor however 59 is the latest

Firefox 52.7.3 is the latest Firefox version, too, but of the ESR series which is mainly meant for enterprises and other environments where rapid changes via the normal release channel are problematic. We are on that ESR channel, too, as it makes it easier for us to audit all the code and write new patches to be sure our releases adhere to our security and privacy requirements.

thank you for the work.

New version does not work.
"Unable to start TOR. Failed to get hashed password."

When I try to install an older version, it automatically updates to the newest version, still get
"Unable to start TOR. Failed to get hashed password."

Can this be fixed on this end?

I'm currently using Orfox for Android. I can't look up anything adult related. It says no results. Is there any way to change or fix this?

I can't download the proper Tor browser as I saw information saying the description (The Tor Project) was fake and not to download it ,instead it said download (Tor Project)was the correct download

Where did you see that information?

Running on macos high sierra 10.13.3 (up to date).
Tor Browser Bundle 7.5.2, 7.5.3, and 8.0a5 is affected by a bug where almost every action in browser, mainly cut-copy-paste commands, results in a solid second of spinning beach ball and freeze. This might sound like a non issue, but it completely renders browser unusable. Especially if you rely on password managers.

Is that a new Tor Browser behavior? What are the easiest way to reproduce the problem starting with a clean, new Tor Browser downloaded from our website?

new httpse, heh
11:03:44.440 NS_ERROR_NOT_AVAILABLE: Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIDOMWindowUtils.isParentWindowMainWidgetVisible] 1 nsPrompter.js:350

aaaaand?!!
11:03:44.441 Error: Script terminated by timeout at:
ArrayBufferToString@moz-extension://%uuid%/background-scripts/util.js:72:3
verifyAndStoreNewRulesets/

11:12:59.542 Cannot send message: Other side disconnected: ["MessageChannel:Response", {result:4, messageName:"36659-0", recipient:{}, error:{message:"Message manager disconnected", result:(void 0)}}] 1 ExtensionUtils.jsm:1091
sendAsyncMessage resource://gre/modules/ExtensionUtils.jsm:1091:5
_handleMessage/deferred.promise< resource://gre/modules/MessageChannel.jsm:671:9

Could you comment on why there isn't any adblocker company that will work with you enough for you to endorse them? I say this based on TAILS using a blocker built-in that they feel still gives them good anonymity whereas TOR does not.

Thank you so much for your work; I'm looking for a place to donate some of my time to on the project. I'm not a coder so that makes it a little more difficult.

what do you think about the tools "add-ons" of the browser [brave.com], which is a good way to anonymity, and still have rout to (⛩)=Tor...

Youtube 240p videos lag as hell on Core 2!!! Fuck the Mozilla and its lamers who ruins Firefox and all the great work done by other mozillians!

After installing Tor Browser Bundle 7.5.2, 7.5.3, and 8.0a5, I get a message Tor Browser has stopped working.

Any ideas why? Same on a different i7 machine...

Win10 Pro, i7, 32 GB RAM, SSD, Webroot SecureAnywhere

Is there a problem with traffic analysis when i posting in https://blog.torproject.or?
After 'Save' or 'Preview' the post, the site still reloads and reloads endlessly.
Security Settings 'Safest', Javascript off.

>Bug 23439: Exempt .onion domains from mixed content warnings

They are really insecure. Again: DOT ONION IS NOT SECURE, IT RELIES ON INSECURE CRYPTO.

Thanks for all the good work.

Do you envision a time when TOR will include an ad or tracking blocker like TAILS does?