Tor Browser 10 Is Released

From LinuxReviews
Jump to navigationJump to search

The Tor project has released a new version of their Tor browser bundle based on today's Firefox 78.3.0 ESR release. The Tor Browser 10 bundle comes with a modified and buggy Firefox 78.3.0 build, NoScript 11.0.44, HTTPS everywhere and Tor version

written by 권유리 (Kwon Yu-ri)  2020-09-23 - last edited 2021-10-28. © CC BY

Tor Browser 10. You get that fine gray padding around the web page if you re-size it's window. It doesn't seem like anyone bothered to test it before they shipped it.

The "Tor Browser" is actually a bundle that includes a heavily modified Mozilla Firefox Extended Support Release version, the Tor anonymity network client and the NoScript and HTTPS everywhere Firefox extensions.

A quick test of Tor Browser 10 reveals that the Tor project team managed to add some odd bugs to their special Mozilla Firefox build. That's immediately apparent if you simply re-size the browser window; some odd gray bars appear around the area the web page should fill. The regular non-Tor Firefox 78.3.0 ESR does not have that problem.

The Tor Browser for Linux is only available as a .tar.xz archive, there is no Flatpak or AppImage available at the page.

The Tor Browser archive containes a bundled Tor client version You can simply use that if you don't already have a Tor client installed and/or you don't want to install the Tor client your distribution ships.

You can use a non-bundled Tor client with the Tor Browser but that's not all that straightforward. The bundled Browser/start-tor-browser script does have some vague instructions for how you are supposed to do that but they aren't all that helpful.

The first thing you absolutely have to do if you want to use a system-installed Tor with the Tor browser is to start it without enabling any system-installed Tor. It will show a box saying "Waiting for Tor to start..." with nothing but a Quit button if you don't. The Tor developers who didn't get fired earlier this year, supposedly due to "COVID19", seem to have forgotten that there are people who run Linux and know how to install a Tor client from their distribution's repository.

You have to begin enabling a system-installed Tor by starting the Tor Browser. Then, go to about:config and change the following:

  • Change network.proxy.socks_port from 9150 to 9050
  • Change extensions.torlauncher.control_port from 9151 to 9051
  • Set extensions.torlauncher.start_tor to false

Next, create a hashed password by running

tor --hash-password mypassword

That outputs 16:D79C279C427FEBC26026CEB3A90DCF9F1E800DD7621D0D7EED11BF96DE. Add that to a HashedControlPassword line in /etc/tor/torrc:

File: /etc/tor/torrc
HashedControlPassword 16:D79C279C427FEBC26026CEB3A90DCF9F1E800DD7621D0D7EED11BF96DE

Next, restart tor and open the Browser/start-tor-browser script from the unpacked Tor tar.xz archive and go all the way down to line 337 where there is a setControlPortPasswd variable. Change that to your plain-text password in double quotes:

File: start-tor-browser
# Either set `TOR_CONTROL_PASSWD` before running ./start-tor-browser, or put
# your password in the following line where the word “secret” is:
setControlPortPasswd ${TOR_CONTROL_PASSWD:='"mypassword"'}

Using a hashed password in the Tor launcher script will not work, it has to be plain-text. That's probably because of .. security. Or lack thereof. You be the judge.

You should be able to launch Tor Browser 10 with the bundled start-tor-browser start-up script and have it use the system-installed Tor client if you followed these instructions.

Tor Browser bundles for Windows, macOS and a .tar.xz for Linux can be acquired from Tor Browser 10 is broken garbage, so going there and downloading it may not be worth it.

(3 votes)


Anonymous (8ea6db712f)

2 months ago
Score 0

instructions are wrong:

Change network.proxy.socks_port from 9150 to 9050 Change extensions.torlauncher.control_port from 9151 to 9050

you cannot set control_port to actually socksPort!
Add your comment
LinuxReviews welcomes all comments. If you do not want to be anonymous, register or log in. It is free.