Can AppArmor worsen the fingerprint of Tor Browser?

Hi, I enabled kernel opts for my whonix-ws-16 to apparmor=1 security=apparmor, I was wondering if this has any effect on the tor browser footprint?
And what does this setting do, i couldn’t find any description on the wiki page except that it enables Apparmor, although without this setting my tor browser wouldn’t let me go into home folders when saving some files, i understand these were Apparmor limitations? But how did they work if the kernel settings weren’t enabled?

Same as Debian / Linux.

Because Qubes might enable AppArmor by default nowadays:

For those using

That probably all templates from Qubes templates repository?

…Which includes Qubes-Whonix templates.

So Whonix wiki might be outdated in so far that these instructions are no longer needed. Therefore AppArmor was enabled all along and applying these instructions didn’t make any difference. Will check and update wiki.

Technical nitpick: apparmor=1 security=apparmor alone should have a very very low impact on fingerprinting risk that just enables AppArmor in the kernel but no AppArmor profile that affects Tor Browser.

However since GitHub - Kicksecure/apparmor-profile-torbrowser: AppArmor profile for The Tor Browser Bundle (TBB) - - for better security (hardening). is installed by default, the Tor Browser AppArmor profile will be active by default, that is a risk for browser fingerprinting.

That’s difficult to answer because both,

  • A) Tor Browser fingerprint, and
  • B) browser fingerprinting

aren’t exhaustively researched and documented concepts, techniques.

To my knowledge no research, development is in progress or planned.

On the subject of fingerprinting vs security:

If Tor Browser would attempt to access some file which influences the rendering of pages (perhaps a built-in or system font) and the AppArmor profile blocking that, then yes, could be fingerprintable in theory.

If AppArmor blocks something that shouldn’t be blocked can be monitored:
AppArmor chapter AppArmor Notifications in Kicksecure wiki

Even without the AppArmor profile. Even using an uncommon operating system such as Qubes (which is based on Xen) or Linux or any Linux kernel settings in theory could result in something which can be fingerprinted by remote web servers. And no negative can be proven.

You cannot be anonymous without being secure. Therefore decision was made the confine Tor Browser in Whonix over fingerprinting risks.

Similar projects such as Tails also confine Tor Browser with their own AppArmor profiles.
(Tails - Update Tor Browser's AppArmor policy)
That same goes for torbrowser-launcher.
(torbrowser-launcher/apparmor at main · micahflee/torbrowser-launcher · GitHub)