Tor Browser 10 Is Released

From LinuxReviews
Jump to navigationJump to search
Tor.png

The Tor project has released a new version of their Tor browser bundle based on today's Firefox 78.3.0 ESR release. The Tor Browser 10 bundle comes with a modified and buggy Firefox 78.3.0 build, NoScript 11.0.44, HTTPS everywhere and Tor version 0.4.4.5.

written by 권유리 (Kwon Yu-ri). published 2020-09-23last edited 2020-09-23

Tor-browser-10.jpg
Tor Browser 10. You get that fine gray padding around the web page if you re-size it's window. It doesn't seem like anyone bothered to test it before they shipped it.

The "Tor Browser" is actually a bundle that includes a heavily modified Mozilla Firefox Extended Support Release version, the Tor anonymity network client and the NoScript and HTTPS everywhere Firefox extensions.

A quick test of Tor Browser 10 reveals that the Tor project team managed to add some odd bugs to their special Mozilla Firefox build. That's immediately apparent if you simply re-size the browser window; some odd gray bars appear around the area the web page should fill. The regular non-Tor Firefox 78.3.0 ESR does not have that problem.

The Tor Browser for Linux is only available as a .tar.xz archive, there is no Flatpak or AppImage available at the torproject.org/download/ page.

The Tor Browser archive containes a bundled Tor client version 0.4.4.5. You can simply use that if you don't already have a Tor client installed and/or you don't want to install the Tor client your distribution ships.

You can use a non-bundled Tor client with the Tor Browser but that's not all that straightforward. The bundled Browser/start-tor-browser script does have some vague instructions for how you are supposed to do that but they aren't all that helpful.

The first thing you absolutely have to do if you want to use a system-installed Tor with the Tor browser is to start it without enabling any system-installed Tor. It will show a box saying "Waiting for Tor to start..." with nothing but a Quit button if you don't. The Tor developers who didn't get fired earlier this year, supposedly due to "COVID19", seem to have forgotten that there are people who run Linux and know how to install a Tor client from their distribution's repository.

You have to begin enabling a system-installed Tor by starting the Tor Browser. Then, go to about:config and change the following:

  • Change network.proxy.socks_port from 9150 to 9050
  • Change extensions.torlauncher.control_port from 9151 to 9050
  • Set extensions.torlauncher.start_tor to false

Next, create a hashed password by running

tor --hash-password mypassword

That outputs 16:D79C279C427FEBC26026CEB3A90DCF9F1E800DD7621D0D7EED11BF96DE. Add that to a HashedControlPassword line in /etc/tor/torrc:

File: /etc/tor/torrc
HashedControlPassword 16:D79C279C427FEBC26026CEB3A90DCF9F1E800DD7621D0D7EED11BF96DE

Next, restart tor and open the Browser/start-tor-browser script from the unpacked Tor tar.xz archive and go all the way down to line 337 where there is a setControlPortPasswd variable. Change that to your plain-text password in double quotes:

File: start-tor-browser
# Either set `TOR_CONTROL_PASSWD` before running ./start-tor-browser, or put
# your password in the following line where the word “secret” is:
setControlPortPasswd ${TOR_CONTROL_PASSWD:='"mypassword"'}

Using a hashed password in the Tor launcher script will not work, it has to be plain-text. That's probably because of .. security. Or lack thereof. You be the judge.

You should be able to launch Tor Browser 10 with the bundled start-tor-browser start-up script and have it use the system-installed Tor client if you followed these instructions.

Tor Browser bundles for Windows, macOS and a .tar.xz for Linux can be acquired from torproject.org/download/. Tor Browser 10 is broken garbage, so going there and downloading it may not be worth it.

3.00
(3 votes)

avatar

Anonymous user #1

27 days ago
Score 1++
The grey padding is called letterboxing, and is an anti-fingerprinting technique to make it harder to detect the window's dimensions.
Add your comment
LinuxReviews welcomes all comments. If you do not want to be anonymous, register or log in. It is free.