roll back to previous version of TBB - saved logins and tabs lost after tor browser bundle upgrade (8.5)
hi devs,
i'm not a developer and i don't know how to report bugs. i only know that after today's forced (and usually welcome) upgrade of the tor browser bundle to version 8.5 all my tabs haven't been recovered and my saved logins don't work. this means i can't even access my mail and i lost all tabs i had open. i don't want to start a discussion about how insecure it is to save passwords or browser history, i just want to have an usable tor browser, at this point security is no longer a priority and i'd rather have a working insecure browser rather than an unusable secure browser. can someone please help me learn how i can roll back to the previous version of the tor browser bundle? this is the first time the tor browser breaks for me after an upgrade and i'm quite desperate now
thanks
Trac:
Username: rollback-question
Activity
just for clarity, in the preferences the box "Remember logins and passwords for websites" is still checked, but the Saved Logins window is now empty after the upgrade. saved logins have survived all tor browser upgrades for many many years, ever since it exists. also tabs got always recovered after a crash (or if the browser got killed) while now they are not, even if the settings are the same. something has changed, maybe on purpose to make it more secure, but if these settings are forced on me i'll have to quit using the browser or just use a vanilla firefox connecting to a tor deamon. i understand this is a lot less secure but usability is also very important to me
Trac:
Username: rollback-question-
the upgraded version is the Tor Browser version 8.5 based on Mozilla Firefox 60.7.0esr 64-bit running on Linux 64bit
i have been able to reproduce the same issue on another instance (different PC) that also got upgraded today and all saved logins are gone there too. let me know if i can provide any more information. i hope this is a bug and not a feature!
Trac:
Username: rollback-question 
Looking over the Changelog again nothing comes to mind and I don't remember us touching anything that could affect you. Admittedly, yours is not a use case we are particularly well-prepared for yet, so we might have accidentally broken things for you. Sorry for the inconvenience.
I'd need some steps to reproduce from you, in particular how you are modifying your Tor Browser in the beginning before the update.
Trac:
Keywords: N/A deleted, tbb-8.5-issues added
Status: new to needs_information
Version: Tor: unspecified to N/A-
thanks for looking into it. the config changes i've done after the initial install are:
in Browser Privacy:
Forms & Passwords X Remember logins and passwords for websites (selected)
History Tor browser will Remember history
Accept cookies and site data from websites Keep until I close Tor Browser Accept third-party cookies and site data Never
Security Level Safest
in General:
When Tor Browser starts Show your windows and tabs from last time
then in about:config -> javascript.enabled set to false i also changed recently xpinstall.signatures.required to false due to the well known issue of the addons getting disabled
i think that is all i have changed. i'll try to install the previous version 8.0.9 in a separate directory later today and copy the contents of Browser/TorBrowser/Data/Browser/profile.default over to see if i can roll back and have everything working again. i hope this is safe and all "customized" data including passwords and history are recovered
Trac:
Username: rollback-question TLDR: You should be able to get your logins back by opening
about:configpage, looking forsecurity.nocertdbpref, setting it tofalse, and restarting the browser.For the saved logins issue, we think we know what happened. It's a bit long to explain:
In Tor Browser there is a preference
security.nocertdbthat is set to true by default, in order to make the browser intermediate certificate store memory only (no persistence to disk). This is also used for saved logins, so these will not work ifsecurity.nocertdb = true.When you select
Tor browser will Remember historywe flip this preference to false, to make it consistent with "keep history" mode and also to enable features like saving logins to work. Internally, this pref change tosecurity.nocertdb = falseis saved in the browser profile as user preference (prefs.jsfile), to override the browser defaults.In order to fix the Firefox addons being uninstalled issue (see https://bugzilla.mozilla.org/show_bug.cgi?id=1548973), we had to change the browser default and set
security.nocertdb = false. We did not expect that in your case, since the browser default value now matched your user chosen value, theprefs.jspref override would be removed for being redundant. This eventually meant that when upgrading to 8.5, where we switched the default to true, this pref was also wrongly switched to true for your case.So switching
security.nocertdb = falseshould fix this.For the tabs issue, I still cannot reproduce. Can you verify if after switching this it still happens? Is it persistent (tabs are never kept on browser start) or it just happened once (when browser upgraded?)
There's a patch for torbutton to fix the saved logins here https://github.com/acatarineu/torbutton/commit/30565.
Note: using
sticky_pref()instead ofpref()in000-tor-browser.jsshould have prevented this behaviour (the pref would not have been removed fromuser.jswhen it matched the default value).-
flipping security.nocertdb to false fixed the issue on both instances, logins and passwords appear again and functionality is again normal
thank you very much to all for your help and specially to acat for the detailed explanation and the patch
the issue with the tabs still persists on the first TBB i upgraded, not only after upgrading but also if i restart or kill the tor browser now (i tried many times). the browser history is here, but tabs are never recovered and only a plain tor tab is shown. it makes no difference if i exit cleanly (quit the program) or if i kill it. what is strange is that the second TBB i upgraded on a different PC doesn't have the issue and tabs are recovered from before the upgrade (and also new tabs opened after the upgrade)
i have tried copying Browser/TorBrowser/Data/Browser/profile.default to a fresh install of a version 8.0.9 and i get an error related to the TBB upgrade but i can open new tabs that get recovered on restart - just not the older ones, these seem to have been lost
i wish there was an easy way to roll back to a previous version for such situations, or at least know what directories should be copied to make a manual backup and if it's safe to overwrite a new install with them to restore the backup (of course it would be also nice to have an option to "export" or backup all local settings, history, passwords, etc from the tor browser GUI itself). i only have a 1 year old "full directory" backup which is too old :( but that is my fault
again thanks everyone for the help!
Trac:
Username: rollback-question -
i found a difference between them,
the first TBB i upgraded that doesn't recover tabs (left screenshot) is now on version 8.5 but based on firefox version 60.6.1esr - it shows a "Restart to update Tor Browser" button, when pressed the tor browser gets restarted but with the same version and still showing the same button again
the second TBB i upgraded that recovers the tabs without problem (right screenshor) is on version 8.5 but based on firefox version 60.7.0esr and doesn't show any button and works fine
i don't know how i ended up with this difference. i don't think i have messed with the first TBB during the upgrade in any way and they have the same settings.. one works fine the other doesn't
Trac:
Username: rollback-question -
Closed #30581 (moved) as a duplicate.
Trac:
Cc: acat to acat, agnox -
Replying to rollback-question:
i found a difference between them,
the first TBB i upgraded that doesn't recover tabs (left screenshot) is now on version 8.5 but based on firefox version 60.6.1esr - it shows a "Restart to update Tor Browser" button, when pressed the tor browser gets restarted but with the same version and still showing the same button again
Huh, yes. That looks broken. You should not be on Tor Browser 8.5 and Firefox 60.6.1esr at the same time. If you open
about:configand setapp.update.logtotrueand check your browser console (Ctrl+Shift+J) while doing the update are there any error messages showing up that could give some clues about what is going on?the second TBB i upgraded that recovers the tabs without problem (right screenshor) is on version 8.5 but based on firefox version 60.7.0esr and doesn't show any button and works fine
That's the expected behavior.
-
Replying to acat:
There's a patch for torbutton to fix the saved logins here https://github.com/acatarineu/torbutton/commit/30565.
Note: using
sticky_pref()instead ofpref()in000-tor-browser.jsshould have prevented this behaviour (the pref would not have been removed fromuser.jswhen it matched the default value).Looks good to me. Merged to
masterwith commit 6406662331d900d7218cccb82b3e6bd7065e04f4.Leaving this ticket open for a bit to figure out whether we need to file a new bug for the update issue.
-
Replying to gk:
Replying to rollback-question:
i found a difference between them,
the first TBB i upgraded that doesn't recover tabs (left screenshot) is now on version 8.5 but based on firefox version 60.6.1esr - it shows a "Restart to update Tor Browser" button, when pressed the tor browser gets restarted but with the same version and still showing the same button again
Huh, yes. That looks broken. You should not be on Tor Browser 8.5 and Firefox 60.6.1esr at the same time. If you open
about:configand setapp.update.logtotrueand check your browser console (Ctrl+Shift+J) while doing the update are there any error messages showing up that could give some clues about what is going on?Another question: what happens if you just close the browser manually and then open it again. Does that change things?
