Since over a year, I have successfully been using /etc/torbrowser.d/user.js as least-invasive method to let TBB’s security slider default to “Hardest” mode (Qubes-Whonix):
With latest TBB update, this unfortunately does not work anymore. Some observations:
Setting seems to haved changed to browser.security_level.security_slider, hasn’t it?
, but still does not work.
The user.jsis successfully copied from /etc/torbrowser.d/user.js to ~/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/user.js with disposable start. If Browser is closed and restarted (without killing the whole disposable), then security slider is set correctly to “Hardest”.
Hence I assume some sort of race condition between:
copy user.js over to TBB config folder
TBB start
Might anybody confirm, reject or suggest a possible fix?
That I find highly unlikely. The copy operation is “guaranteed” to have completed before Tor Browser is started. You could reproduce that manually to confirm.
Find out how to customize Tor Browser using a settings file prior ever a Tor Browser first start. Without Whonix being involved. For example on Debian.
Once potential bugs have been reported, fixed upstream in Tor Browser, once it’s clear how to do this manually, it would be likely be easy to update tb-updater to do the same.
Thanks for the quick reply @Patrick .
And you are right, this is a more general issue. I tested with vanilla Tor Browser wihout any Whonix participation.
On the first (fresh) start of Tor Browser, an existent user.js inside profile.default (which at this point is almost empty) is ignored. Any subsequent start of Tor Browser (with now fully initialized profile) will consider user.js though. I am wondering
if there had been a change since TBB 12
if TBB is supposed to support default configurations via user.js with fresh profile, which is important for Qubes disposable templates, as each time a new fresh profile is created
Before v12 everything worked for. Having had a look at an earlier post from you (*1) and the script in Whonix /usr/bin/torbrowser, I assume this basically is supposed to work?
Do you have more info on the topic? If helpful, will also request clarification in the tor forums.
How to pre-configure Tor Browser using a configuration file before Tor Browser’s first start?
How to set the Tor Browser security slider to maximum using a configuration file before Tor Browser’s first start?
I don’t know if upstream, the developers of Tor Browser are considering this the user.js / set security slider to maximum using a settings file use case. user.js is probably a feature by upstream’s upstream, which is Mozilla Firefox which hasn’t been considered / tested to not being broken by the Tor Browser developers.
It used to work but /usr/bin/torbrowser cannot do any black magic. It can only automate which at least in principle can also be done manually. If it cannot be done manually, then I cannot help to make it more comfortable / automated.
This could be related to the way the Tor Browser built-in (it’s no longer an add-on nowadays) security slider is initialized, it it respects user.js or Browser/defaults/pref.