Opened 4 weeks ago

Closed 13 days ago

#30565 closed defect (fixed)

roll back to previous version of TBB - saved logins and tabs lost after tor browser bundle upgrade (8.5)

Reported by: rollback-question Owned by: tbb-team
Priority: Very High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-8.5-issues, tbb-regression, TorBrowserTeam201905, user-feedback, blog
Cc: acat, agnox Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

hi devs,

i'm not a developer and i don't know how to report bugs. i only know that after today's forced (and usually welcome) upgrade of the tor browser bundle to version 8.5 all my tabs haven't been recovered and my saved logins don't work. this means i can't even access my mail and i lost all tabs i had open. i don't want to start a discussion about how insecure it is to save passwords or browser history, i just want to have an usable tor browser, at this point security is no longer a priority and i'd rather have a working insecure browser rather than an unusable secure browser. can someone please help me learn how i can roll back to the previous version of the tor browser bundle? this is the first time the tor browser breaks for me after an upgrade and i'm quite desperate now

thanks

Child Tickets

Attachments (4)

tbb-diff.png (350.6 KB) - added by rollback-question 4 weeks ago.
tbb based on different firefox versions
update.log (7.4 KB) - added by rollback-question 4 weeks ago.
modification time: may 21 20:15 (file edited to remove paths)
active-update.xml (1.5 KB) - added by rollback-question 3 weeks ago.
Browser/TorBrowser/UpdateInfo/active-update.xml modified on may 21th
tb.log (7.3 KB) - added by rollback-question 2 weeks ago.
output of ./start-tor-browser.desktop --log tb.log (obfuscated)

Download all attachments as: .zip

Change History (32)

comment:1 Changed 4 weeks ago by rollback-question

just for clarity, in the preferences the box "Remember logins and passwords for websites" is still checked, but the Saved Logins window is now empty after the upgrade. saved logins have survived all tor browser upgrades for many many years, ever since it exists. also tabs got always recovered after a crash (or if the browser got killed) while now they are not, even if the settings are the same. something has changed, maybe on purpose to make it more secure, but if these settings are forced on me i'll have to quit using the browser or just use a vanilla firefox connecting to a tor deamon. i understand this is a lot less secure but usability is also very important to me

comment:2 Changed 4 weeks ago by rollback-question

the upgraded version is the Tor Browser version 8.5 based on Mozilla Firefox 60.7.0esr 64-bit
running on Linux 64bit

i have been able to reproduce the same issue on another instance (different PC) that also got upgraded today and all saved logins are gone there too. let me know if i can provide any more information. i hope this is a bug and not a feature!

comment:3 Changed 4 weeks ago by gk

Keywords: tbb-8.5-issues added
Status: newneeds_information
Version: Tor: unspecified

Looking over the Changelog again nothing comes to mind and I don't remember us touching anything that could affect you. Admittedly, yours is not a use case we are particularly well-prepared for yet, so we might have accidentally broken things for you. Sorry for the inconvenience.

I'd need some steps to reproduce from you, in particular how you are modifying your Tor Browser in the beginning before the update.

Last edited 4 weeks ago by gk (previous) (diff)

comment:4 Changed 4 weeks ago by Yoyo

I've got the same problem. And comments to the blog post indicates that there are others.

The only change to my Tor browser that I can think of is that I configured it so that NoScript remembers which sites I trust

comment:5 Changed 4 weeks ago by gk

Cc: acat added
Keywords: tbb-regression added
Priority: MediumVery High
Status: needs_informationnew

I think we might have enough info to at least look at the saved logins/passwords issue.

comment:6 Changed 4 weeks ago by rollback-question

thanks for looking into it. the config changes i've done after the initial install are:

in Browser Privacy:

Forms & Passwords
X Remember logins and passwords for websites (selected)

History
Tor browser will Remember history

Accept cookies and site data from websites
Keep until I close Tor Browser
Accept third-party cookies and site data Never

Security Level Safest

in General:

When Tor Browser starts
Show your windows and tabs from last time

then in about:config -> javascript.enabled set to false
i also changed recently xpinstall.signatures.required to false due to the well known issue of the addons getting disabled

i think that is all i have changed. i'll try to install the previous version 8.0.9 in a separate directory later today and copy the contents of Browser/TorBrowser/Data/Browser/profile.default over to see if i can roll back and have everything working again. i hope this is safe and all "customized" data including passwords and history are recovered

comment:7 Changed 4 weeks ago by acat

TLDR: You should be able to get your logins back by opening about:config page, looking for security.nocertdb pref, setting it to false, and restarting the browser.

For the saved logins issue, we think we know what happened. It's a bit long to explain:

In Tor Browser there is a preference security.nocertdb that is set to true by default, in order to make the browser intermediate certificate store memory only (no persistence to disk). This is also used for saved logins, so these will not work if security.nocertdb = true.

When you select Tor browser will Remember history we flip this preference to false, to make it consistent with "keep history" mode and also to enable features like saving logins to work. Internally, this pref change to security.nocertdb = false is saved in the browser profile as user preference (prefs.js file), to override the browser defaults.

In order to fix the Firefox addons being uninstalled issue (see https://bugzilla.mozilla.org/show_bug.cgi?id=1548973), we had to change the browser default and set security.nocertdb = false. We did not expect that in your case, since the browser default value now matched your user chosen value, the prefs.js pref override would be removed for being redundant. This eventually meant that when upgrading to 8.5, where we switched the default to true, this pref was also wrongly switched to true for your case.

So switching security.nocertdb = false should fix this.

For the tabs issue, I still cannot reproduce. Can you verify if after switching this it still happens? Is it persistent (tabs are never kept on browser start) or it just happened once (when browser upgraded?)

comment:8 Changed 4 weeks ago by acat

There's a patch for torbutton to fix the saved logins here https://github.com/acatarineu/torbutton/commit/30565.

Note: using sticky_pref() instead of pref() in 000-tor-browser.js should have prevented this behaviour (the pref would not have been removed from user.js when it matched the default value).

comment:9 Changed 4 weeks ago by acat

Status: newneeds_review

comment:10 Changed 4 weeks ago by nobell

BTW, if you want to get a review from the Tor Browser team, you should set TorBrowserTeam201905R keyword.

comment:11 Changed 4 weeks ago by gk

Keywords: TorBrowserTeam201905R added

comment:12 Changed 4 weeks ago by rollback-question

flipping security.nocertdb to false fixed the issue on both instances, logins and passwords appear again and functionality is again normal

thank you very much to all for your help and specially to acat for the detailed explanation and the patch

the issue with the tabs still persists on the first TBB i upgraded, not only after upgrading but also if i restart or kill the tor browser now (i tried many times). the browser history is here, but tabs are never recovered and only a plain tor tab is shown. it makes no difference if i exit cleanly (quit the program) or if i kill it. what is strange is that the second TBB i upgraded on a different PC doesn't have the issue and tabs are recovered from before the upgrade (and also new tabs opened after the upgrade)

i have tried copying Browser/TorBrowser/Data/Browser/profile.default to a fresh install of a version 8.0.9 and i get an error related to the TBB upgrade but i can open new tabs that get recovered on restart - just not the older ones, these seem to have been lost

i wish there was an easy way to roll back to a previous version for such situations, or at least know what directories should be copied to make a manual backup and if it's safe to overwrite a new install with them to restore the backup (of course it would be also nice to have an option to "export" or backup all local settings, history, passwords, etc from the tor browser GUI itself). i only have a 1 year old "full directory" backup which is too old :( but that is my fault

again thanks everyone for the help!

Changed 4 weeks ago by rollback-question

Attachment: tbb-diff.png added

tbb based on different firefox versions

comment:13 Changed 4 weeks ago by rollback-question

i found a difference between them,

the first TBB i upgraded that doesn't recover tabs (left screenshot) is now on version 8.5 but based on firefox version 60.6.1esr - it shows a "Restart to update Tor Browser" button, when pressed the tor browser gets restarted but with the same version and still showing the same button again

the second TBB i upgraded that recovers the tabs without problem (right screenshor) is on version 8.5 but based on firefox version 60.7.0esr and doesn't show any button and works fine

i don't know how i ended up with this difference. i don't think i have messed with the first TBB during the upgrade in any way and they have the same settings.. one works fine the other doesn't

comment:14 Changed 4 weeks ago by gk

Cc: agnox added

Closed #30581 as a duplicate.

comment:15 in reply to:  13 ; Changed 4 weeks ago by gk

Replying to rollback-question:

i found a difference between them,

the first TBB i upgraded that doesn't recover tabs (left screenshot) is now on version 8.5 but based on firefox version 60.6.1esr - it shows a "Restart to update Tor Browser" button, when pressed the tor browser gets restarted but with the same version and still showing the same button again

Huh, yes. That looks broken. You should not be on Tor Browser 8.5 and Firefox 60.6.1esr at the same time. If you open about:config and set app.update.log to true and check your browser console (Ctrl+Shift+J) while doing the update are there any error messages showing up that could give some clues about what is going on?

the second TBB i upgraded that recovers the tabs without problem (right screenshor) is on version 8.5 but based on firefox version 60.7.0esr and doesn't show any button and works fine

That's the expected behavior.

comment:16 in reply to:  8 Changed 4 weeks ago by gk

Replying to acat:

There's a patch for torbutton to fix the saved logins here https://github.com/acatarineu/torbutton/commit/30565.

Note: using sticky_pref() instead of pref() in 000-tor-browser.js should have prevented this behaviour (the pref would not have been removed from user.js when it matched the default value).

Looks good to me. Merged to master with commit 6406662331d900d7218cccb82b3e6bd7065e04f4.

Leaving this ticket open for a bit to figure out whether we need to file a new bug for the update issue.

comment:17 in reply to:  15 Changed 4 weeks ago by gk

Replying to gk:

Replying to rollback-question:

i found a difference between them,

the first TBB i upgraded that doesn't recover tabs (left screenshot) is now on version 8.5 but based on firefox version 60.6.1esr - it shows a "Restart to update Tor Browser" button, when pressed the tor browser gets restarted but with the same version and still showing the same button again

Huh, yes. That looks broken. You should not be on Tor Browser 8.5 and Firefox 60.6.1esr at the same time. If you open about:config and set app.update.log to true and check your browser console (Ctrl+Shift+J) while doing the update are there any error messages showing up that could give some clues about what is going on?

Another question: what happens if you just close the browser manually and then open it again. Does that change things?

comment:18 Changed 4 weeks ago by rollback-question

i've set app.update.log to true but unlike with the second TBB that works fine and shows the console i can't open the browser console with Ctrl+Shift+J on the first TBB that is broken. it does not appear in Tools - Web Developer either, i only see Page Source there and nothing else. i've searched for update logs and found the following in Browser/TorBrowser/UpdateInfo/updates/0/

  • TBB 1 (first upgraded, the broken one, left screen capture)

$ ls -al Browser/TorBrowser/UpdateInfo/updates/0
total 11116
drwxr-xr-x 2 <USER> <GROUP> 4096 may 24 01:08 .
drwxr-xr-x 3 <USER> <GROUP> 4096 may 7 15:18 ..
-rw-r--r-- 1 <USER> <GROUP> 7597 may 24 00:05 update.log
-rw------- 1 <USER> <GROUP> 11146198 may 21 16:23 update.mar
-rwxr-xr-x 1 <USER> <GROUP> 177592 may 21 20:15 updater
-rw-r--r-- 1 <USER> <GROUP> 689 may 21 20:15 updater.ini
-rw-r--r-- 1 <USER> <GROUP> 2153 may 21 20:15 updater.png
-rw-r--r-- 1 <USER> <GROUP> 10 may 21 20:15 update.status
-rw-r--r-- 1 <USER> <GROUP> 4 may 21 16:23 update.version

$ cat Browser/TorBrowser/UpdateInfo/updates/0/update.status
succeeded

update.log - does not show any errors, but i'll attach it anyway since it's the only log i can find

  • TBB 2 (last upgraded, the working one, right screen capture)

$ ls -al Browser/TorBrowser/UpdateInfo/updates/0
total 11108
drwxr-xr-x 2 <USER> <GROUP> 4096 may 21 21:41 .
drwxr-xr-x 3 <USER> <GROUP> 4096 may 20 20:27 ..
-rw------- 1 <USER> <GROUP> 11146198 may 21 21:26 update.mar
-rwxr-xr-x 1 <USER> <GROUP> 177592 may 21 21:41 updater
-rw-r--r-- 1 <USER> <GROUP> 689 may 21 21:41 updater.ini
-rw-r--r-- 1 <USER> <GROUP> 2153 may 21 21:41 updater.png
-rw-r--r-- 1 <USER> <GROUP> 8 may 21 21:41 update.status
-rw-r--r-- 1 <USER> <GROUP> 4 may 21 21:26 update.version

$ cat Browser/TorBrowser/UpdateInfo/updates/0/update.status
applying

there is no update.log

somehow the broken one says "succeded" and the working one "applying". i don't know what else to look for or how to make the browser console appear in the broken one :/

if i close the browser manually and open it again it is still the same, only the "About Tor" tab appears (as shown in the screen capture from yesterday) but it doesn't fix it. i've tried deleting all /tmp files, just in case, and rebooting, but it's still the same

Changed 4 weeks ago by rollback-question

Attachment: update.log added

modification time: may 21 20:15 (file edited to remove paths)

comment:19 Changed 4 weeks ago by mcs

There is a lot to analyze here... thanks for sharing so much data. Two questions come to mind right now:

Can you extract all of the app.update prefs from Browser/TorBrowser/Data/Browser/profile.default/prefs.js and attach the values to this ticket? (for both browsers)

Please tell us what happens to the broken browser if you exit, move the following two directories aside, and then restart (please keep the contents of the directories because they may be useful in the future for debugging the cause of this problem).

Browser/TorBrowser/Data/Browser/profile.default/startupCache/
Browser/TorBrowser/UpdateInfo/

comment:20 Changed 3 weeks ago by rollback-question

thank you very much for looking into it! here are the app.update prefs:

TBB 1 (broken one)

user_pref("app.update.download.attempts", 0);
user_pref("app.update.elevate.attempts", 0);
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1558952020);
user_pref("app.update.lastUpdateTime.background-update-timer", 1558951540);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1558951780);
user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1558470262);
user_pref("app.update.lastUpdateTime.experiments-update-timer", 1558951900);
user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1558951660);
user_pref("app.update.lastUpdateTime.xpi-signature-verification", 1558952140);
user_pref("app.update.log", true);
user_pref("app.update.postupdate", true);

TBB 2 (working one)

user_pref("app.update.download.attempts", 0);
user_pref("app.update.elevate.attempts", 0);
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1558913305);
user_pref("app.update.lastUpdateTime.background-update-timer", 1558715487);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1558913425);
user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1558913065);
user_pref("app.update.lastUpdateTime.experiments-update-timer", 1558913545);
user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1558913185);
user_pref("app.update.lastUpdateTime.xpi-signature-verification", 1558913428);

after moving the directories away and starting the TBB 1 again nothing changed, i saw in the "about" window that a download was triggered but it lasted only a few seconds. then the bubtton to restart the tor browser appeared and it started all over again, still based on Firefox 60.6.1esr and showing the button to restart the tor browser every time i restart it

Changed 3 weeks ago by rollback-question

Attachment: active-update.xml added

Browser/TorBrowser/UpdateInfo/active-update.xml modified on may 21th

comment:21 Changed 3 weeks ago by rollback-question

attached file Browser/TorBrowser/UpdateInfo/active-update.xml from TBB 1 that seems relevant due to the modification date and the mention of statusText="Install Pending" and CompleteUpdate="false". not sure if it's useful

comment:22 Changed 3 weeks ago by tw64_pass

VERY SIMILAR (& related) ISSUE (seems to be a somewhat deeper root cause at work here):
NO PASSWORDS ARE SAVED AT ALL

new/clean install of
torbrowser-install-win64-8.5_en-US.exe

about:preferences#privacy
Forms & Passwords
ON Remember logins and passwords for websites
Saved Logins ALWAYS STAY blank/empty
History
Use custom settings for history
OFF Always use private browsing mode
OFF Remember my browsing and download history
OFF Remember search and form history
ON Clear history when Tor Browser closes (all 7 suboptions ON)

security.nocertdb = true (box to save the password does not appear at all)
security.nocertdb = false (box does appear, but password is not saved)

32-bit version (at least 8.0.8) works properly ...

Thanks for looking into this.

---
JUST TO ADD (for torbrowser-install-win64-8.5_en-US.exe):
logins.json is being written to/populated, but every/each site has multiple "id":
created (seems one for each/every login) with new/different "guid":
---

---
FURTHER ADDITION (for torbrowser-install-win64-8.5_en-US.exe):

replaced key4.db, logins.json with working ones from 32-bit version -- works OK
for already saved sites, anything added/new is NOT WORKING AT ALL
-- THIS FEATURE IS FULLY BROKEN

please also see #30209
(logins.json data is added unencrypted, maybe that's why people have problems with saved login data)
---

Last edited 3 weeks ago by tw64_pass (previous) (diff)

comment:23 in reply to:  22 Changed 3 weeks ago by gk

Replying to tw64_pass:

VERY SIMILAR (& related) ISSUE (seems to be a somewhat deeper root cause at work here):
NO PASSWORDS ARE SAVED AT ALL

new/clean install of
torbrowser-install-win64-8.5_en-US.exe

about:preferences#privacy
Forms & Passwords
ON Remember logins and passwords for websites
Saved Logins ALWAYS STAY blank/empty
History
Use custom settings for history
OFF Always use private browsing mode
OFF Remember my browsing and download history
OFF Remember search and form history
ON Clear history when Tor Browser closes (all 7 suboptions ON)

security.nocertdb = true (box to save the password does not appear at all)
security.nocertdb = false (box does appear, but password is not saved)

32-bit version (at least 8.0.8) works properly ...

Thanks for looking into this.

---
JUST TO ADD (for torbrowser-install-win64-8.5_en-US.exe):
logins.json is being written to/populated, but every/each site has multiple "id":
created (seems one for each/every login) with new/different "guid":
---

---
FURTHER ADDITION (for torbrowser-install-win64-8.5_en-US.exe):

replaced key4.db, logins.json with working ones from 32-bit version -- works OK
for already saved sites, anything added/new is NOT WORKING AT ALL
-- THIS FEATURE IS FULLY BROKEN

please also see #30209
(logins.json data is added unencrypted, maybe that's why people have problems with saved login data)
---

Please file a different ticket with clear steps to reproduce your problem. This ticket already contains two different bug reports and adding a third one does not make it easier for us to work on it, thanks!

comment:24 Changed 3 weeks ago by mcs

Status: needs_reviewneeds_information

I can't figure out how your broken browser got into the state it is in. The updater should never update some of the browser files and not other files.

For the broken browser, do you have a last-update.log file? If one exists, it should be in Browser/TorBrowser/UpdateInfo/updates/last-update.log

For the broken browser, can you try the following in a shell (or similar commands) when the app.update.log preference value is true:

cd tor-browser_en-US
mv Browser/TorBrowser/UpdateInfo ~/UpdateInfo-setaside
mv Browser/TorBrowser/Data/Browser/profile.default/startupCache ~/startupCache-setaside
./start-tor-browser.desktop --log /tmp/tb.log

Then open the about box and let it try to update (including the restart step).
Then exit the browser and attach the contents of /tmp/tb.log to this ticket (please sanitize to remove paths, etc. if you would like to do so).

Another idea is to find out what files are different between your broken browser and the one that correctly updated to 8.5. To do that you would need to do a recursive diff of the two installations.

comment:25 Changed 3 weeks ago by wayward

Keywords: user-feedback blog added

comment:26 Changed 3 weeks ago by gk

Keywords: TorBrowserTeam201905 added; TorBrowserTeam201905R removed

Changed 2 weeks ago by rollback-question

Attachment: tb.log added

output of ./start-tor-browser.desktop --log tb.log (obfuscated)

comment:27 Changed 2 weeks ago by rollback-question

thanks for your help mcs and sorry for not answering earlier. there was no Browser/TorBrowser/UpdateInfo/updates/last-update.log and i tried moving away the directories Browser/TorBrowser/UpdateInfo and Browser/TorBrowser/Data/Browser/profile.default/startupCache and launched the (broken) tor browser with the --log option, output attached. as you can see the log file doesn't contain any useful information and that is why i didn't post here until now, i was wondering if there is a way to increase the logging level before coming back with empty hands..

but today everything changed, the working TBB got updated and i had again hope that it could force the broken one to update again, this time successfully. but it didn't, i got the same "about" window with the button to restart but without changing anything when pressed. but then i renamed again the directories Browser/TorBrowser/UpdateInfo and Browser/TorBrowser/Data/Browser/profile.default/startupCache and launched the tor browser and there it was, downloading a 77MB file. btw clicking on the tor icon and selecting "Check for Tor Browser Update" did nothing. but after it finished the download the broken TBB restarted and everything is back to normal now, with the exception of the lost tabs that were never recovered. but it's functional, new tabs are now restored, there is no longer an icon to restart the browser in the "about" window, it shows now it's running version 8.5.1 (based on Mozilla Firefox 60.7.0esr) (64-bit) and everything looks good now! btw it was also running with the --log argument when the upgrade was successful but the log file is as useless as the one i just posted

thanks again mcs, gk, acat and everyone else for the help, and please let me know if i should post anything else (logs, etc) now that it is fixed. and also thanks for resolving the problem with the saved passwords (i see it in the change notice of the new build) and your great work that makes the tor browser possible! i can't thank you enough. but if you ever attend the CCC congress in germany (i know some tor developers do) please bring/put a donations box with you like other groups do (FSF, EFF, etc). i miss every year the opportunity to make an anonymous donation in cash to the project

comment:28 Changed 13 days ago by gk

Resolution: fixed
Status: needs_informationclosed

Thanks so much. In case you come to to the CCC camp this year, there will be a bunch of Tor folks around. Let's close this ticket. Please open a new one if this is happening again (ideally with the output mcs asked about in the previous comments).

Note: See TracTickets for help on using tickets.