Invalid digital signature for tor-0.3.5.8-win32-brave-0

Description of the issue:
As of several days ago, my firewall blocks Brave’s Tor-mode from connecting to the internet, citing that the program’s digital signature has deprecated and is no longer valid.
While Tor-mode is presumably still as safe or risky to use as ever, since the current version was released less than a week ago(?), I was wondering if there was an ETA for the signature to be registered and recognized?

How can this issue be reproduced?

  1. Launch Brave
  2. Open a Tor window (Alt+Shift+N)
  3. Wait a split second for warning messages to start popping-up

Expected result:
The digital signature for tor-0.3.5.8-win32-brave-0 is recognized by my firewall

Brave Version:
Version 1.2.43 Chromium: 79.0.3945.130 (Official Build) (64-bit)
Windows 8.1

tor-0.3.5.8-win32-brave-0 was updated a few minutes ago, and the digital signature is now recognized once again.

Feel free to close this thread; and thanks, as always :slight_smile:

2 Likes

Okay, nope. One month later, start of the new month, same problem rears its head again.

Windows defender block Brave Tor network,
Version 1.4.96 Chromium: 80.0.3987.132 (Official Build) (64-bit)

Sans titre

This is being reported by others, too, and I swear I saw a dev acknowledge that they’re working on it but can’t find it now.

My Windows 10 machine’s not reporting this, and it’s puzzling because it’s the same version of the tor component (1.0.9). However, I just realized I had updates paused because of data loss reported from one of last month’s Windows updates from Microsoft, so I’ll follow up.

Here are two of the related threads:


2 Likes

https://www.virustotal.com/gui/file/e6cca452474b22bb1a8c45ffe6a1f77ce517fed964d18cd69eb019f411aed6d4/detection

And, indeed, it seems even before the update, Defender had quarantined tor-0.3.5.8-win32-brave-1, and did it again after update:
image

In an overabundance of caution, I told Defender to quarantine it, but every time I spawn a Private window with Tor, Defender yelps. @Mattches, is it safe to allow it? I’m guessing so, but have to play it safe.

This appears to break (on Windows 10 OS Version 1909 (Build 18363.657)):

  • Brave 1.4.96 Chromium: 80.0.3987.132 (Official Build) (64-bit)
  • Brave 1.5.108 Chromium: 80.0.3987.132 (Official Build) beta (64-bit)
  • Brave 1.6.58 Chromium: 80.0.3987.132 (Official Build) dev (64-bit)
  • Brave 1.7.44 Chromium: 80.0.3987.132 (Official Build) nightly (64-bit)

FWIW, Tor appears to be fine on my macOS Version 10.15.3 (Build 19D76) install with CleanMyMac and Apple’s antimalware using:

  • Brave 1.4.96 Chromium: 80.0.3987.132 (Official Build) (64-bit)
  • Brave 1.5.101 Chromium: 80.0.3987.116 (Official Build) beta (64-bit)
  • Brave 1.6.56 Chromium: 80.0.3987.122 (Official Build) dev (64-bit)
  • Brave 1.7.40 Chromium: 80.0.3987.132 (Official Build) nightly (64-bit)

I’m updating Beta (to 108), Dev (to 58), and Nightly (to 44) and will follow up if they break.

And I got an update again, a few minutes ago. And now it works again. I’m guessing this is going to be a monthly occurrence.
Maybe it could be solved by registering the updated digital signature a few days before releasing the patch?

Edit: For me the program isn’t quarantined, just cut off from connecting to any ports by my firewall.