Anyone tested Tor in China recently? Back when I was making regular business trips there, I not only tested and reported bugs, but I shared it with many locals who were interested in what an open Internet experience was like. (Sadly, wanting facebook access as the #1 reason, a reliable gmail/google was #2)

Over the years I watched a fascinating arms race unfold. From it working out of the box, to needing a bridge, then obfs, obfs2, obfs3, obfs4... On my last trip, even obfs4 wasn't working.

In Shanghai I'm able to connect through the meek-azure bridge, but everything is incredibly slow. I'm still having the best results using Shadowsocks on a VPS (although I'm on a 200Mbps China Telecom line at home). Commercial VPN offerings, such as ExpressVPN and Astrill, were slow in comparison.

Thank you for your work in testing and sharing the software in China, and risking your freedom to do so.

Is it supposed to leak OS in the user agent string now? Or is it just a bug?

> "Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0"

EDIT: Noscript user experience is also broken, discouraging its use.

Yeah, they decided against spoofing user agent anymore: https://blog.torproject.org/comment/275941#comment-275941

That's really unfortunate. It seems like a big loss of privacy with weak arguments in favor.

(1) They could easily spoof one UA for mobile and one for desktop -- user chooses.

(2) Why are they worried about the experience of Google Docs over Tor??? More generally why focus on the use case where people enable all kinds of unsafe javascript to do fancy OS-specific things?

It's like advertising your lightweight speed-focused track racing bicycle, then putting massive tires on it because some users had trouble going off-road.

How much of a difference does it make in practice? Just the platform does not seem like that much more information.

Further, I'd wonder if, while the actual OS is fingerprintable (as the various discussions seem to suggest), reporting one OS whilst actually being on another flags the user as interesting/has something to hide (i.e. they are probably using Tor Browser, not just Firefox).

There's also usability to consider - if this results in more people using Tor Browser, or not disabling things to try and work around it, that might be a net gain.

> flags the user as interesting/has something to hide (i.e. they are probably using Tor Browser, not just Firefox).

Tor nodes are known and it's trivial to detect users using Tor.

> There's also usability to consider - if this results in more people using Tor Browser, or not disabling things to try and work around it, that might be a net gain.

I'm sorry, but that's just ridiculous. Sharp corners on tabs most certainly won't attract more users.

EDIT: Ok I saw the issue with mobile users and some other edge cases. I would still agree with bo1024, it's a weak argument.

How is Noscript UX broken?

I think what was meant is that the NoScript UX had a huge overhaul and it is difficult to use. I personally find the new NoScript interface difficult to use too.

> Noscript user experience is also broken, discouraging its use.

Yeah, it's very slow, it doesn't ask for defaults and rather unfriendly towards casual use of tbb, where you don't necessarily remember the user interface and have to rediscover everything each time, only to come across cryptic icons.

Noscript was broken on the last version for me. It didn't actually block scripts, so I had to disable them in the browser settings instead, which of course meant I couldn't whitelist.

Well, the UX had a huge overhaul because Firefox decided that prioritizing grandma's safe experience on Facebook was more important than features. So they removed them. The great extension holocaust. NoScript was big enough to get special attention from Moz but even it is severely gimped now.

Is it just me or did the "New identity" functionality disappear from the Tor Button? That was pretty useful when a certain circuit wasn't working.

They put the details here: https://3g2upl4pq6kufc4m.onion (looks like it only works on the "Tor Browser updated" page, though. You can find the button in the location bar by clicking the icon to the left of the address, or in `about: tor`

Yeah, I had to look for it too. It's in the firefox hamburger menu, where you'll find the add-ons, preferences, etc.

If you click the green onion next to the site URL, you're able to view it too. You can create a new site identity from that too.

There's also a blue button if you click the i to the left of the current address.

Sometimes there's a problem with the identity which hinders the use of all sites. The solution was usually "new identity" or Tor restart. The first one is a little more accessible.

That's only "New circuit for this site", which is different from "New Identity".

This is probably the worst update I have ever seen. If they fix the NoScript UI and remove the user agent leaking, I'll be happy. I use Whonix, so the Quantum design looks funky.