in ,

New Release: Tor Browser 9.0, Hacker News

Update [7:30 UTC]:Clarified the amount of locales we support. It’s 32 with Tor Browser 9.0.

Update [10:45 UTC]: Added a section about letterboxing.

Tor Browser 9.0 is now available from theTor Browser download pageand also from ourdistribution directory.

This release features importantsecurity updatesto Firefox.

Tor Browser 9.0 is the first stable release based on Firefox 68 ESR and contains a number of updates to other components as well (including Tor to0.4.1.6and OpenSSL to 1.1.1d for desktop versions and Tor to0.4.1.5for Android).)

In addition to all the needed patch rebasing and toolchain updates, we made big improvements to make Tor Browser work better for you.

We want everyone in the world to be able to enjoy the privacy and freedom online Tor provides, and that’s why over the past couple years, we’ve been working hard to boost our UX and localization efforts, with the biggest gains first visible inTor Browser 8.0.

In Tor Browser 9.0, we continue to build upon those efforts with sleeker integration and additional localization support.

Goodbye, Onion Button

We want your experience using Tor to be fully integrated within the browser so how you use Tor is more intuitive. That’s why now, rather than using the onion button that was in the toolbar, you can see your path through the Tor network and request a New Circuit through the Tor network in [i] on the URL bar.

Tor Browser - circuit display - dark theme

Hello, New Identity Button

Tor Browser - Toolbar - New Identity Button

Instead of going into the onion button to request a New Identity, we’ve made this important feature easier to access by giving it its own button in the toolbar.

Tor Browser - New Identity

You can also request a New Identity, and a New Circuit, from within the [=] menu on the toolbar.

Torbutton and Tor Launcher Integration

Now that both extensions are tightly integrated into Tor Browser, they’ll no longer be found on theabout: addonspage.

Tor Browser - about preferences

We redesigned the bridge and proxy configuration dialogs and include them directly into the browser’s preference settings as well.

Rather than being a submenu behind the onion button, Tor Network Settings, including the ability to fetch bridges to bypass censorship where Tor is blocked, are easier to access onabout: preferences # tor.


Tor Browser in its default mode is starting with a content window rounded to a multiple of (px x 100 px to prevent fingerprinting the screen dimensions. The strategy here is to put all users in a couple of buckets to make it harder to single them out. That worked so far until users started to resize their windows (e.g. by maximizing them or going into fullscreen mode). Tor Browser 9 ships with a fingerprinting defense for those scenarios as well, which is calledLetterboxing, a technique developed by Mozilla and presentedearlier this year. It works by adding white margins to a browser window so that the window is as close as possible to the desired size while users are still in a couple of screen size buckets that prevent singling them out with the help of screen dimensions.

Better Localization Support

If we want all people around the world to be able to use our software, then we need to make sure it’s speaking their language.Since 8.0, Tor Browser has been available in 25 languages ​​and we added 5 locales more in Tor Browser 8.5. Today, we add support for two additional languages: Macedonian (mk) and Romanian (ro), bringing the number of supported languages ​​to 32.

We also fixed bugs in our previously shipped localized bundles (such as ar and ko).

Many thanks to everyone who helped with these, in particular toour translators.

Known Issue

As usual when preparing Tor Browser releases, we verified that the build isbit-for-bit reproducible. While we managed to get two matching builds, we found that in some occasions the builds differ (we found this happening on the (Linux i) andmacOSbundles). We are still investigating the cause of this issue to fix it.

Give Feedback

If you find a bug or have a suggestion for how we could improve this release,please let us know. Thanks to all of theteams across Tor, and the many volunteers, who contributed to this release.


The full (changelog) since Tor Browser 8.5.6 is:

  • All Platforms
    • Update Firefox to 2.0ESR
    • Bug 31740: Remove some unnecessary RemoteSettings instances
    • (Bug) : Spoof smooth and powerEfficient for Media Capabilities
    • Bug 28196: about: preferences is not properly translated anymore
    • Bug : Disable asmjs on safer and safest security levels
    • Bug 30463: Explicitly disable MOZ_TELEMETRY_REPORTING
    • Bug : Disable profile downgrade protection
    • Bug 16285: Disable DRM / EME on Android and drop Adobe CDM
    • Bug : Remove Pocket indicators in UI and disable it
    • Bug 31914: Fix eslint linter error
    • Bug : Rebase patches for Firefox 68 ESR
    • Bug 31144: Review network code changes for Firefox 68 ESR
    • (Bug) : Integrate Torbutton into Tor Browser directly
    • Bug 25856: Remove XUL overlays from Torbutton
    • (Bug) : Fix about: tor assertion failure debug builds
    • (Bug) : Add support for meek_lite bridges to bridgeParser
    • (Bug) : Migrate “About Tor Browser” dialog to tor- browser
    • (Bug) : Prevent detection of locale via some * .properties
    • Bug 31298: Backport patch for # 24056
    • Bug 9336: Odd wyswig schemes without isolation for
    • (Bug) : Browser notifications are not working anymore
    • Bug 30845: Make sure internal extensions are enabled
    • Bug 28896: Enable extensions in private browsing by default
    • Bug 31563: Reload search extensions if extensions.enabledScopes has changed
    • (Bug) : Fix communication with NoScript for security settings
    • Bug 31142: Fix crash of tab and messing with about: newtab
    • (Bug) : Backport JS Poison Patch
    • Bug 25214: Canvas data extraction on local pdf file should be allowed
    • Bug 30657: Locale is leaked via title of link tag on non-html page
    • Bug 31015: Disabling SVG hides UI icons in extensions
    • (Bug) : Set security.enterprise_roots.enabled to false
    • Bug 30538: Unable to comment on The Independent Newspaper
    • (Bug) : View PDF in Tor Browser is fuzzy
    • Translations update
  • Windows OS X Linux
      (Update Tor to

    • Update OpenSSL to 1.1.1d
      • Bug 31844: OpenSSL 1.1.1d fails to compile for some platforms / architectures
    • Update Tor Launcher to 0.2. 20
      • (Bug) : Integrate Tor Launcher into tor-browser
      • (Bug) : Custom bridge field only allows one line of input
      • Bug 31286: New strings for about: preferences # tor
      • (Bug) : Do not launch tor in browser toolbox
      • (Bug) : Fix bad & escaping in translations
      • (Bug) : Clean up the old meek http helper browser profiles
      • (Bug) : Remove use of overlays
      • (Bug) : Modify Tor Launcher so it is compatible with ESR 68
      • (Bug) : Modify moat client code so it is compatible with ESR 68
      • (Bug) : Moat: support a comma-separated list of transports
      • Bug: Add mk locale
      • (Bug) : Add ro locale
      • Bug 30319: Remove FTE bits
      • Translations update
    • (Bug) : Fix Tor Browser Support link in preferences
    • Bug 32111: Fixed issue parsing user -Provided bridge strings
    • (Bug) : Fix security level panel spawning events
    • Bug 31920: Fix Security Level panel when its toolbar button moves to overflow
    • (Bug) 31961: Fix ‘Learn More’ links in Security Level preferences and panel
    • Bug 28044: Integrate Tor Launcher into tor-browser
    • Bug : Enable Letterboxing
    • Bug: Add mk locale
    • (Bug) : Add ro locale
    • (Bug) : Use obfs4proxy’s meek_lite with utls instead of meek
    • Bug 31251: Security Level button UI polish
    • Bug : Register SecurityLevelPreference’s ‘unload’ callback
    • Bug 31286: Provide network settings on about: preferences # tor
    • Bug 31886: Fix ko bundle bustage
    • Bug : Update onboarding for Tor Browser 9
    • Bug 27511: Add new identity button to toolbar
    • Bug : Support dark-theme for the Circuit Display UI
    • Bug 31910: Replace meek_lite with meek in circuit display
    • (Bug) : Deal with New Identity related browser console errors
    • Bug 31929: Don’t escape DTD entity in ar
    • (Bug) : Some onboarding UI is always shown in English
    • (Bug) : Replace=with real hamburguer icon ≡
    • (Bug) : Browser locale can be obtained via DTD strings
    • (Bug) : Set network.proxy.allow_hijacking_localhost to true
    • Bug 24653: Merge into torbutton.dtd
    • Bug 31164: Set up default bridge at Karlstad University
    • (Bug) : Disable ServiceWorkers on all platforms
    • Bug 31598: Disable warning on window resize if letterboxing is enabled
    • Bug 31562: Fix circuit display for error pages
    • Bug 31575: Firefox is phoning home during start-up
    • (Bug) : Clean up the old meek http helper browser profiles
    • (Bug) : Hide tracking protection UI
    • Bug 31601: Disable recommended extensions again
    • (Bug) : Don’t show Firefox Home when opening new tabs
    • Bug 31457: Disable per-installation profiles
    • Bug 28822: Re -implement desktop onboarding for ESR 68
  • Windows
    • Bug 31942: Re-enable signature check for language packs
    • (Bug) : Enable stack protection for Firefox on Windows
    • Bug 30800: ftp: // on Windows can be used to leak the system time zone
    • (Bug) : Back out patch for Mozilla’s bug 1574980
    • Bug 31141: Fix typo in font.system.whitelist
    • Bug 30319: Remove FTE bits
  • OS X
    • Bug 30126: Make Tor Browser compatible with macOS 10. 15
    • Bug 31607: App menu items stop working on macOS
    • (Bug) : On macOS avoid throwing inside nonBrowserWindowStartup ()
    • Bug 29818: Adapt # (patch for) ************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************ (ESR)
    • (Bug) : Meek and moat are broken on macOS 10 .9 with Go 1. 12
  • Linux
    • Bug 31942: Re-enable signature check for language packs
    • (Bug) : Update abicheck to require newer libstdc .so.6
    • (Bug) : Don’t fail if / proc / cpuinfo is not readable
    • (Bug) : Stop using a heredoc in start-tor-browser
    • (Bug) : Put curly quotes inside single quotes
    • (Bug) : Replace ” -1 “with” −1 “in start-tor-browser.desktop
    • Bug 30319: Remove FTE bits
  • Android
      (Update Tor to

    • (Bug) : Rebase mobile patches for Fennec 68
    • (Bug) : Don’t use addTrustedTab () on mobile
    • Bug: Support Tor Browser running on Android Q
    • (Bug) : Support x 86 _ (target on Android)
    • Bug 30380: Cancel dormant by startup
    • (Bug) : Show version number on mobile
    • Bug 31720: Enable website suggestions in address bar
    • (Bug) : Security slider is not really visible on Android anymore
    • Bug 24920: Only create Private tabs in permanent Private Browsing Mode
    • (Bug) : Revert aarch 64 – workaround against JIT-related crashes
    • Bug 32097: Fix conflicts in mobile onboarding while rebasing to (************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************. 2.0ESR
  • Build System
    • All Platforms
      • (Bug) : Provide standalone clang 8 project across all platforms
      • Bug 30376: Use Rust 1. (for Tor Browser 9)
      • Bug : Add cbindgen project for building Firefox (ESR / Fennec)
      • Bug 30701: Add nodejs project for building Firefox (ESR / Fennec)
        • Bug 31621: Fix node bug that makes large writes to stdout fail
      • Bug 30734: Add nasm project for building Firefox (ESR / Fennec)
      • Bug : Make sure the lo interface inside the containers is up
      • Bug 27493: Clean up mozconfig options
      • (Bug) : Sync mozconfig files used in tor-browser over to tor-browser-build for esr 68
    • Windows
      • (Bug) : Use Stretch for cross-compiling for Windows
      • (Bug) : Remove faketime for Windows builds
      • (Bug) : Windows toolchain update for Firefox 68 ESR
        • Bug 28716: Create mingw-w 64 – clang toolchain
        • (Bug) : Adapt firefox and fxc2 projects for Windows builds
        • (Bug) : Optionally omit timestamp in PE header
        • Bug 31567: NS_tsnprintf () does not handle% s correctly on Windows
        • Bug 31458: Revert patch for # 27503 and bump mingw-w 64 revision used
      • (Bug) : Provide clean fix for strcmpi issue in NSPR
      • (Bug) : Enable stack protection support for Firefox on Windows
      • Bug 30384: Use 64 bit containers to build 32 bit Windows Tor Browser
      • Bug 31538: Windows bundles based on ESR 68 are not built reproducibly
      • Bug 31584: Clean up mingw-w 64 project
      • (Bug) : Bump mingw-w 64 version to pick up fix for # 31567
      • Bug 29187: Bump NSIS version to 3. 04
      • (Bug) : Windows nightly builds are busted due to mingw-w 64 commit bump
      • Bug 29319: Remove FTE support for Windows
    • OS X
      • (Bug) : MacOS toolchain update for Firefox (ESR)
      • Bug 31467: Switch to clang for cctools project
      • (Bug) : Adapt tor-browser-build projects for macOS notarization
    • Linux
      • (Bug) : gold and lld break linking 32 bit Linux bundles
      • (Bug) : Linux 32 builds of Tor Browser 9.0a6 are not matching
      • Bug 31450: Still use GCC for our ASan builds
      • (Bug) : Linux toolchain update for Firefox ESR 68
        • (Bug) : Install yasm from wheezy-backports
        • (Bug) : Don’t install Python just for Mach
      • Bug 30448: Strip Browser / gtk2 /
    • Android
      • Bug 30324: Android toolchain update for Fennec 68
        • Bug 31173: Update android- toolchain project to match Firefox
        • (Bug) : Update Android Firefox to build with Clang
        • (Bug) : Update Rust project for Android
        • (Bug) : Get Firefox 68 ESR working with latest android toolchain
        • (Bug) : Update TOPL project to use Firefox (toolchain)
        • (Bug) : Update tor-android-service project to use Firefox 68 toolchain
      • Bug: Use Gradle with –offline when building the browser part
      • (Bug) : Make Android bundles based on ESR 68 reproducible
      • Bug 31981: Remove require-api.patch
      • (Bug) : TOPL: Sort dependency list
      • (Bug) : Remove unnecessary build patches for Firefox

Brave Browser
Read More

What do you think?

Leave a Reply

Your email address will not be published.

GIPHY App Key not set. Please check settings

Two Factor Auth List, Hacker News

Two Factor Auth List, Hacker News

Chirag Shetty, Satwiksairaj Rankireddy enter French Open finals – Times of India, The Times of India

Chirag Shetty, Satwiksairaj Rankireddy enter French Open finals – Times of India, The Times of India