i'm not a developer and i don't know how to report bugs. i only know that after today's forced (and usually welcome) upgrade of the tor browser bundle to version 8.5 all my tabs haven't been recovered and my saved logins don't work. this means i can't even access my mail and i lost all tabs i had open. i don't want to start a discussion about how insecure it is to save passwords or browser history, i just want to have an usable tor browser, at this point security is no longer a priority and i'd rather have a working insecure browser rather than an unusable secure browser. can someone please help me learn how i can roll back to the previous version of the tor browser bundle? this is the first time the tor browser breaks for me after an upgrade and i'm quite desperate now
thanks
Trac: Username: rollback-question
Designs
Child items
...
Show closed items
Linked items
0
Link issues together to show that they're related.
Learn more.
just for clarity, in the preferences the box "Remember logins and passwords for websites" is still checked, but the Saved Logins window is now empty after the upgrade. saved logins have survived all tor browser upgrades for many many years, ever since it exists. also tabs got always recovered after a crash (or if the browser got killed) while now they are not, even if the settings are the same. something has changed, maybe on purpose to make it more secure, but if these settings are forced on me i'll have to quit using the browser or just use a vanilla firefox connecting to a tor deamon. i understand this is a lot less secure but usability is also very important to me
the upgraded version is the Tor Browser version 8.5 based on Mozilla Firefox 60.7.0esr 64-bit
running on Linux 64bit
i have been able to reproduce the same issue on another instance (different PC) that also got upgraded today and all saved logins are gone there too. let me know if i can provide any more information. i hope this is a bug and not a feature!
Looking over the Changelog again nothing comes to mind and I don't remember us touching anything that could affect you. Admittedly, yours is not a use case we are particularly well-prepared for yet, so we might have accidentally broken things for you. Sorry for the inconvenience.
I'd need some steps to reproduce from you, in particular how you are modifying your Tor Browser in the beginning before the update.
Trac: Keywords: N/Adeleted, tbb-8.5-issues added Status: new to needs_information Version: Tor: unspecified toN/A
thanks for looking into it. the config changes i've done after the initial install are:
in Browser Privacy:
Forms & Passwords
X Remember logins and passwords for websites (selected)
History
Tor browser will Remember history
Accept cookies and site data from websites
Keep until I close Tor Browser
Accept third-party cookies and site data Never
Security Level Safest
in General:
When Tor Browser starts
Show your windows and tabs from last time
then in about:config -> javascript.enabled set to false
i also changed recently xpinstall.signatures.required to false due to the well known issue of the addons getting disabled
i think that is all i have changed. i'll try to install the previous version 8.0.9 in a separate directory later today and copy the contents of Browser/TorBrowser/Data/Browser/profile.default over to see if i can roll back and have everything working again. i hope this is safe and all "customized" data including passwords and history are recovered
TLDR: You should be able to get your logins back by opening about:config page, looking for security.nocertdb pref, setting it to false, and restarting the browser.
For the saved logins issue, we think we know what happened. It's a bit long to explain:
In Tor Browser there is a preference security.nocertdb that is set to true by default, in order to make the browser intermediate certificate store memory only (no persistence to disk). This is also used for saved logins, so these will not work if security.nocertdb = true.
When you select Tor browser will Remember history we flip this preference to false, to make it consistent with "keep history" mode and also to enable features like saving logins to work. Internally, this pref change to security.nocertdb = false is saved in the browser profile as user preference (prefs.js file), to override the browser defaults.
In order to fix the Firefox addons being uninstalled issue (see https://bugzilla.mozilla.org/show_bug.cgi?id=1548973), we had to change the browser default and set security.nocertdb = false. We did not expect that in your case, since the browser default value now matched your user chosen value, the prefs.js pref override would be removed for being redundant. This eventually meant that when upgrading to 8.5, where we switched the default to true, this pref was also wrongly switched to true for your case.
So switching security.nocertdb = false should fix this.
For the tabs issue, I still cannot reproduce. Can you verify if after switching this it still happens? Is it persistent (tabs are never kept on browser start) or it just happened once (when browser upgraded?)
Note: using sticky_pref() instead of pref() in 000-tor-browser.js should have prevented this behaviour (the pref would not have been removed from user.js when it matched the default value).
flipping security.nocertdb to false fixed the issue on both instances, logins and passwords appear again and functionality is again normal
thank you very much to all for your help and specially to acat for the detailed explanation and the patch
the issue with the tabs still persists on the first TBB i upgraded, not only after upgrading but also if i restart or kill the tor browser now (i tried many times). the browser history is here, but tabs are never recovered and only a plain tor tab is shown. it makes no difference if i exit cleanly (quit the program) or if i kill it. what is strange is that the second TBB i upgraded on a different PC doesn't have the issue and tabs are recovered from before the upgrade (and also new tabs opened after the upgrade)
i have tried copying Browser/TorBrowser/Data/Browser/profile.default to a fresh install of a version 8.0.9 and i get an error related to the TBB upgrade but i can open new tabs that get recovered on restart - just not the older ones, these seem to have been lost
i wish there was an easy way to roll back to a previous version for such situations, or at least know what directories should be copied to make a manual backup and if it's safe to overwrite a new install with them to restore the backup (of course it would be also nice to have an option to "export" or backup all local settings, history, passwords, etc from the tor browser GUI itself). i only have a 1 year old "full directory" backup which is too old :( but that is my fault
the first TBB i upgraded that doesn't recover tabs (left screenshot) is now on version 8.5 but based on firefox version 60.6.1esr - it shows a "Restart to update Tor Browser" button, when pressed the tor browser gets restarted but with the same version and still showing the same button again
the second TBB i upgraded that recovers the tabs without problem (right screenshor) is on version 8.5 but based on firefox version 60.7.0esr and doesn't show any button and works fine
i don't know how i ended up with this difference. i don't think i have messed with the first TBB during the upgrade in any way and they have the same settings.. one works fine the other doesn't
the first TBB i upgraded that doesn't recover tabs (left screenshot) is now on version 8.5 but based on firefox version 60.6.1esr - it shows a "Restart to update Tor Browser" button, when pressed the tor browser gets restarted but with the same version and still showing the same button again
Huh, yes. That looks broken. You should not be on Tor Browser 8.5 and Firefox 60.6.1esr at the same time. If you open about:config and set app.update.log to true and check your browser console (Ctrl+Shift+J) while doing the update are there any error messages showing up that could give some clues about what is going on?
the second TBB i upgraded that recovers the tabs without problem (right screenshor) is on version 8.5 but based on firefox version 60.7.0esr and doesn't show any button and works fine
Note: using sticky_pref() instead of pref() in 000-tor-browser.js should have prevented this behaviour (the pref would not have been removed from user.js when it matched the default value).
Looks good to me. Merged to master with commit 6406662331d900d7218cccb82b3e6bd7065e04f4.
Leaving this ticket open for a bit to figure out whether we need to file a new bug for the update issue.
the first TBB i upgraded that doesn't recover tabs (left screenshot) is now on version 8.5 but based on firefox version 60.6.1esr - it shows a "Restart to update Tor Browser" button, when pressed the tor browser gets restarted but with the same version and still showing the same button again
Huh, yes. That looks broken. You should not be on Tor Browser 8.5 and Firefox 60.6.1esr at the same time. If you open about:config and set app.update.log to true and check your browser console (Ctrl+Shift+J) while doing the update are there any error messages showing up that could give some clues about what is going on?
Another question: what happens if you just close the browser manually and then open it again. Does that change things?
i've set app.update.log to true but unlike with the second TBB that works fine and shows the console i can't open the browser console with Ctrl+Shift+J on the first TBB that is broken. it does not appear in Tools - Web Developer either, i only see Page Source there and nothing else. i've searched for update logs and found the following in Browser/TorBrowser/UpdateInfo/updates/0/
TBB 1 (first upgraded, the broken one, left screen capture)
$ ls -al Browser/TorBrowser/UpdateInfo/updates/0
total 11116
drwxr-xr-x 2 4096 may 24 01:08 .
drwxr-xr-x 3 4096 may 7 15:18 ..
-rw-r--r-- 1 7597 may 24 00:05 update.log
-rw------- 1 11146198 may 21 16:23 update.mar
-rwxr-xr-x 1 177592 may 21 20:15 updater
-rw-r--r-- 1 689 may 21 20:15 updater.ini
-rw-r--r-- 1 2153 may 21 20:15 updater.png
-rw-r--r-- 1 10 may 21 20:15 update.status
-rw-r--r-- 1 4 may 21 16:23 update.version
somehow the broken one says "succeded" and the working one "applying". i don't know what else to look for or how to make the browser console appear in the broken one :/
if i close the browser manually and open it again it is still the same, only the "About Tor" tab appears (as shown in the screen capture from yesterday) but it doesn't fix it. i've tried deleting all /tmp files, just in case, and rebooting, but it's still the same
There is a lot to analyze here... thanks for sharing so much data. Two questions come to mind right now:
Can you extract all of the app.update prefs from Browser/TorBrowser/Data/Browser/profile.default/prefs.js and attach the values to this ticket? (for both browsers)
Please tell us what happens to the broken browser if you exit, move the following two directories aside, and then restart (please keep the contents of the directories because they may be useful in the future for debugging the cause of this problem).
Browser/TorBrowser/Data/Browser/profile.default/startupCache/
Browser/TorBrowser/UpdateInfo/
after moving the directories away and starting the TBB 1 again nothing changed, i saw in the "about" window that a download was triggered but it lasted only a few seconds. then the bubtton to restart the tor browser appeared and it started all over again, still based on Firefox 60.6.1esr and showing the button to restart the tor browser every time i restart it
attached file Browser/TorBrowser/UpdateInfo/active-update.xml from TBB 1 that seems relevant due to the modification date and the mention of statusText="Install Pending" and CompleteUpdate="false". not sure if it's useful
VERY SIMILAR (& related) ISSUE (seems to be a somewhat deeper root cause at work here):
NO PASSWORDS ARE SAVED AT ALL
new/clean install of
torbrowser-install-win64-8.5_en-US.exe
about:preferences#privacy
Forms & Passwords
ON Remember logins and passwords for websites
Saved Logins ALWAYS STAY blank/empty
History
Use custom settings for history
OFF Always use private browsing mode
OFF Remember my browsing and download history
OFF Remember search and form history
ON Clear history when Tor Browser closes (all 7 suboptions ON)
security.nocertdb = true (box to save the password does not appear at all)
security.nocertdb = false (box does appear, but password is not saved)
32-bit version (at least 8.0.8) works properly ...
Thanks for looking into this.
JUST TO ADD (for torbrowser-install-win64-8.5_en-US.exe):
logins.json is being written to/populated, but every/each site has multiple "id":
created (seems one for each/every login) with new/different "guid":
FURTHER ADDITION (for torbrowser-install-win64-8.5_en-US.exe):
replaced key4.db, logins.json with working ones from 32-bit version -- works OK
for already saved sites, anything added/new is NOT WORKING AT ALL
-- THIS FEATURE IS FULLY BROKEN
please also see #30209
(logins.json data is added unencrypted, maybe that's why people have problems with saved login data)
VERY SIMILAR (& related) ISSUE (seems to be a somewhat deeper root cause at work here):
NO PASSWORDS ARE SAVED AT ALL
new/clean install of
torbrowser-install-win64-8.5_en-US.exe
about:preferences#privacy
Forms & Passwords
ON Remember logins and passwords for websites
Saved Logins ALWAYS STAY blank/empty
History
Use custom settings for history
OFF Always use private browsing mode
OFF Remember my browsing and download history
OFF Remember search and form history
ON Clear history when Tor Browser closes (all 7 suboptions ON)
security.nocertdb = true (box to save the password does not appear at all)
security.nocertdb = false (box does appear, but password is not saved)
32-bit version (at least 8.0.8) works properly ...
Thanks for looking into this.
JUST TO ADD (for torbrowser-install-win64-8.5_en-US.exe):
logins.json is being written to/populated, but every/each site has multiple "id":
created (seems one for each/every login) with new/different "guid":
FURTHER ADDITION (for torbrowser-install-win64-8.5_en-US.exe):
replaced key4.db, logins.json with working ones from 32-bit version -- works OK
for already saved sites, anything added/new is NOT WORKING AT ALL
-- THIS FEATURE IS FULLY BROKEN
please also see #30209
(logins.json data is added unencrypted, maybe that's why people have problems with saved login data)
Please file a different ticket with clear steps to reproduce your problem. This ticket already contains two different bug reports and adding a third one does not make it easier for us to work on it, thanks!
I can't figure out how your broken browser got into the state it is in. The updater should never update some of the browser files and not other files.
For the broken browser, do you have a last-update.log file? If one exists, it should be in Browser/TorBrowser/UpdateInfo/updates/last-update.log
For the broken browser, can you try the following in a shell (or similar commands) when the app.update.log preference value is true:
cd tor-browser_en-US
mv Browser/TorBrowser/UpdateInfo ~/UpdateInfo-setaside
mv Browser/TorBrowser/Data/Browser/profile.default/startupCache ~/startupCache-setaside
./start-tor-browser.desktop --log /tmp/tb.log
Then open the about box and let it try to update (including the restart step).
Then exit the browser and attach the contents of /tmp/tb.log to this ticket (please sanitize to remove paths, etc. if you would like to do so).
Another idea is to find out what files are different between your broken browser and the one that correctly updated to 8.5. To do that you would need to do a recursive diff of the two installations.
thanks for your help mcs and sorry for not answering earlier. there was no Browser/TorBrowser/UpdateInfo/updates/last-update.log and i tried moving away the directories Browser/TorBrowser/UpdateInfo and Browser/TorBrowser/Data/Browser/profile.default/startupCache and launched the (broken) tor browser with the --log option, output attached. as you can see the log file doesn't contain any useful information and that is why i didn't post here until now, i was wondering if there is a way to increase the logging level before coming back with empty hands..
but today everything changed, the working TBB got updated and i had again hope that it could force the broken one to update again, this time successfully. but it didn't, i got the same "about" window with the button to restart but without changing anything when pressed. but then i renamed again the directories Browser/TorBrowser/UpdateInfo and Browser/TorBrowser/Data/Browser/profile.default/startupCache and launched the tor browser and there it was, downloading a 77MB file. btw clicking on the tor icon and selecting "Check for Tor Browser Update" did nothing. but after it finished the download the broken TBB restarted and everything is back to normal now, with the exception of the lost tabs that were never recovered. but it's functional, new tabs are now restored, there is no longer an icon to restart the browser in the "about" window, it shows now it's running version 8.5.1 (based on Mozilla Firefox 60.7.0esr) (64-bit) and everything looks good now! btw it was also running with the --log argument when the upgrade was successful but the log file is as useless as the one i just posted
thanks again mcs, gk, acat and everyone else for the help, and please let me know if i should post anything else (logs, etc) now that it is fixed. and also thanks for resolving the problem with the saved passwords (i see it in the change notice of the new build) and your great work that makes the tor browser possible! i can't thank you enough. but if you ever attend the CCC congress in germany (i know some tor developers do) please bring/put a donations box with you like other groups do (FSF, EFF, etc). i miss every year the opportunity to make an anonymous donation in cash to the project
Thanks so much. In case you come to to the CCC camp this year, there will be a bunch of Tor folks around. Let's close this ticket. Please open a new one if this is happening again (ideally with the output mcs asked about in the previous comments).
Trac: Status: needs_information to closed Resolution: N/Ato fixed