Launcher Oreo 8.1 V1.9 AdFree APK
Niki Wienberg
Tor Browser 9.0.1 is the first bugfix release in the 9.0 series and aims to mostly fix regressions and provide small improvements related to our 9.0 release. Additionally, we are adding a banner on the starting page for our fundraising campaign Take Back the Internet with Tor.
For each new release, two members from our team are building the release separately and compare the result to make sure that it is reproducible. For the 9.0 and 9.0.1 releases, however, an issue that we are still investigating is making our build not completely deterministic. As a workaround for this issue, we had to do multiple builds until we got matching builds. You might need to do the same if you are trying to reproduce our build.
Note: due to some delay with the signing, the Android version is not yet available. We expect to be able to publish the signed Android version in a few hours. Update: the Android version has been published.
Are you sure apparmor is causing that? The icons for NoScript and HTTPS Everywhere were moved from the toolbar a long time ago. Open the 3-lines "hamburger" menu --> Customize --> Drag the icons you want into the toolbar.
>Avira detected a trojan (TR/Crypt.XPACK.Gen3) in file qipcap.dll on updating to 9.0.1
Confirmed.
Could you lovely Tor developers please make sure to thoroughly scan all files with the major current virus scanners and make sure that everything is actually clean and also shows up as clean. You're completely ruining the reputation of Tor if you don't. Thank you
On a related point, someone said that if you DL TB from torproject.org, an antivirus flag should be a false positive which can be ignored, which reminds me of something I have been wondering about: how often to people DL "TB" (?) from a site other than torbrowser.org and why would they do that? Because censorship regimes prevent their reaching torproject.org?
It means "download Tor Browser". (Also, TBB means "Tor Browser Bundle" which is technically the correct name and description of the combined package of tor.exe binary + browser application instead of simply the browser.) You asked good questions about other sites and censorship; I haven't seen them discussed. Users for whom this torproject.org website is censored are urged to use GetTor or a mirror.
In an ideal world, this would clearly be a good idea. But in the real world, virus scanners cost money, as does developer time, and Tor Project does not have nearly as much money as it would in an ideal world. (If you happen to be a billionare, I guess you can help change that!)
I hope it's not as bad as that. I use Linux so am spared from worrying about antivirus (partly because in principle Linux is somewhat "immune" to viruses, partly because Linux security tools tend to lag behind--- hopefully because there is less need!) but you have my sympathy because I often feel frustrated by cybersecurity shortcomings. I try to keep in mind that cybersecurity is a process, not a state, and that we are all involuntarily engaged in an arms race. Some days we get a bit ahead, other days we fall behind.
We used to upload new Tor Browser releases to which scans them with many anti-virus. However it's unclear whether that really helps. It allows us to see that some antivirus detect it as a virus, but then there is not much we can do to fix that. Some antivirus also flag as suspicious any program that has not been seen by many of their users. Maybe uploading to virustotal helps with that, but not sure how much.
Linux and BSD are basically developed by hackers -- as in the general tinkering definition of the word. I find that most people interested in bugs in Linux spend their time sharing their findings and actually fixing them precisely because it has a usually welcoming share-alike community that accepts their energy and reciprocates it for usually positive general interests. It's organic and inviting. Further, the licenses they and other free-libre open source developers invented have played a huge role in refining general attitudes and ideals over time.
why have you released 9.0 and 9.0.1 if the builds are not reproducible? the point of building by two different persons is to not release anything and investigate if the builds are different
also you could consider having more than two people and two builds, two are easy to bribe
The build is still reproducible. The issue is that it can take more than one build to get a matching build. That's not ideal as it makes reproducing the build more difficult, but not releasing anything would not be a good idea as 9.0 includes important security fixes, and fixing the build issue is going to take some time.
> The issue is that it can take more than one build to get a matching build. That's not ideal as it makes reproducing the build more difficult, but not releasing anything would not be a good idea as 9.0 includes important security fixes, and fixing the build issue is going to take some time.
For me two things are a little inconvenient in TB9:
1. Cookie preference is no more in Tools Options. Though you can still edit network.cookie.cookieBehavior manually, I think there are many users who disable all cookies by default and enable cookies temporarily only when they have to.
2. You can no longer open a new window as Blank page & go to your Home page by hitting the Home page button. This change has rendered the Home page button totally useless.
1. If there really are many users customizing their cookie permissions, they are making other users less safe and should be dissuaded. Cookies are enabled by default because many websites don't work properly without them. Many other patches such as first-party isolation have been developed and applied to mitigate most of the dangers of enabled cookies. More patches are coming soon for per-tab security levels. I think they include Javascript isolation. If you have ideas, please tell the developers.
2. Do you mean a New Window opens a page different from your Home button? I have never heard of them being different in any browser. If it was possible before, then it's from Firefox and Mozilla is who changed it. Tor Project most likely would not change that sort of thing. Be careful setting an uncommon URL because it could be noticed by exit eavesdroppers to discover your traffic in a new identity. Every site goes through a new circuit, so an uncommon URL probably is safe, but if a bug is found that makes it unsafe, it's better if chance favors Tor Browser's principles. The Home button was not rendered useless, it opens your home page at any time no matter what is open in your tab.
arstechnica.com
Actively exploited bug in fully updated Firefox is sending users into a tizzy
Fraudulent tech-support sites cause Firefox to freeze while displaying scary message.
Dan Goodin
5 Nov 2019
No it is not. www.distillvideo.com is currently showing the bug most times if you click anywhere on the screen, even the scrollbars, or the search box. Only way out is the Vulcan nerve pinch (Ctrl+Alt+Del)
> Bug 21004: Don't block JavaScript on onion services on medium security
Warning: This webmail service requires Javascript! In order to use it please enable Javascript in your browser's settings.
Great stuff 9.0.1 ...... only one problem, it doesn't fucking work Blank screen, or a window that is transparent with nothing in it, I've tried to go back to a previous version 4 times but every time it keeps updating the damn thing. So what is going wrong?
after a quick look i noticed the black dark theme, i had nothing against the purple one.
however since you guys have minimized the full window size there are white edges on the sides, those two i would happily and much appreciate to see as black rather than white. it really kills the eyes when sitting in the dark and the only white/light thing are those two edges.
"For the 9.0 and 9.0.1 releases, however, an issue that we are still investigating is making our build not completely deterministic."
Windows builds are not affected, because they're still -O2, right?
For watching videos, you might want to look at Tails (see tails.boum.org), a free open source Linux distribution which provides current Tor Browser and many other useful things in an amnesia way. I think this may provide a significantly safer way to watch videos or do anything else which possibly requires dropping to "Standard" setting in Tor Browser.
I don't understand what you mean. Is that an observation or a request? Anyway, Invidio simply embeds videos from googlevideo.com, AKA YouTube's CDN. In NoScript, you have to allow "media" from invidio.us and googlevideo.com. Hamburger menu -> Customize -> Drag the NoScript icon to your toolbar. -> Refresh an invidio player page. -> Click the NoScript icon -> Click "Temp. Trusted" for both sites, or click "Custom" and allow "media" for both sites.
NoScript's click-to-play blue popup might not allow them to play because its Options enable "Cascade top document's restrictions to subdocuments." On youtube.com, you only have to enable "media" for youtube.com. But on domains that embed youtube videos, you have to enable "media" on the first-party domain. Click-to-play might not offer an option for the first-party domain and therefore be misleading and not work.
I just had that happen on a different site. This is important, developers. "Cascade top" and click-to-play are incompatible when media is embedded. Click-to-play should allow the embedded third-party and first-party together if "cascade" is checked. It doesn't play unless you allow both parties.
Is this an issue that is new with version 9.0.1, or did you have it with previous versions too? Is it an issue that happens every time you open the browser, or only sometimes? Do you have the issue on other pages than about:tor?
Why should Tor Browser report the real OS to sites? In terms of privacy, it doesn't make sense, and I don't care if the GNU/Linux "market share" "shrinks" as a result of more protection against fingerprinting.
7fc3f7cf58