
Tor Browser 8.0 released - nachtigall
https://blog.torproject.org/new-release-tor-browser-80
======
slacka
Anyone tested Tor in China recently? Back when I was making regular business
trips there, I not only tested and reported bugs, but I shared it with many
locals who were interested in what an open Internet experience was like.
(Sadly, wanting facebook access as the #1 reason, a reliable gmail/google was
#2)

Over the years I watched a fascinating arms race unfold. From it working out
of the box, to needing a bridge, then obfs, obfs2, obfs3, obfs4... On my last
trip, even obfs4 wasn't working.

~~~
dstryr
In Shanghai I'm able to connect through the meek-azure bridge, but everything
is incredibly slow. I'm still having the best results using Shadowsocks on a
VPS (although I'm on a 200Mbps China Telecom line at home). Commercial VPN
offerings, such as ExpressVPN and Astrill, were slow in comparison.

------
zzzcpan
Is it supposed to leak OS in the user agent string now? Or is it just a bug?

> "Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0"

EDIT: Noscript user experience is also broken, discouraging its use.

~~~
r3bl
Yeah, they decided against spoofing user agent anymore:
[https://blog.torproject.org/comment/275941#comment-275941](https://blog.torproject.org/comment/275941#comment-275941)

~~~
bo1024
That's really unfortunate. It seems like a big loss of privacy with weak
arguments in favor.

(1) They could easily spoof one UA for mobile and one for desktop -- user
chooses.

(2) Why are they worried about the experience of Google Docs over Tor??? More
generally why focus on the use case where people enable all kinds of unsafe
javascript to do fancy OS-specific things?

It's like advertising your lightweight speed-focused track racing bicycle,
then putting massive tires on it because some users had trouble going off-
road.

~~~
stordoff
How much of a difference does it make in practice? Just the platform does not
seem like that much more information.

Further, I'd wonder if, while the actual OS is fingerprintable (as the various
discussions seem to suggest), reporting one OS whilst actually being on
another flags the user as interesting/has something to hide (i.e. they are
probably using Tor Browser, not just Firefox).

There's also usability to consider - if this results in more people using Tor
Browser, or not disabling things to try and work around it, that might be a
net gain.

~~~
emanreus
> flags the user as interesting/has something to hide (i.e. they are probably
> using Tor Browser, not just Firefox).

Tor nodes are known and it's trivial to detect users using Tor.

> There's also usability to consider - if this results in more people using
> Tor Browser, or not disabling things to try and work around it, that might
> be a net gain.

I'm sorry, but that's just ridiculous. Sharp corners on tabs most certainly
won't attract more users.

EDIT: Ok I saw the issue with mobile users and some other edge cases. I would
still agree with bo1024, it's a weak argument.

------
close04
Is it just me or did the "New identity" functionality disappear from the Tor
Button? That was pretty useful when a certain circuit wasn't working.

~~~
librexpr
Yeah, I had to look for it too. It's in the firefox hamburger menu, where
you'll find the add-ons, preferences, etc.

~~~
lnx01
There's also a blue button if you click the i to the left of the current
address.

~~~
close04
Sometimes there's a problem with the identity which hinders the use of all
sites. The solution was usually "new identity" or Tor restart. The first one
is a little more accessible.

------
otriv
This is probably the worst update I have ever seen. If they fix the NoScript
UI and remove the user agent leaking, I'll be happy. I use Whonix, so the
Quantum design looks funky.

