Since over a year, I have successfully been using
/etc/torbrowser.d/user.js as least-invasive method to let TBB’s security slider default to “Hardest” mode (Qubes-Whonix):
With latest TBB update, this unfortunately does not work anymore. Some observations:
Setting seems to haved changed to
browser.security_level.security_slider, hasn’t it?
, but still does not work.
user.js is successfully copied from
~/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/user.js with disposable start. If Browser is closed and restarted (without killing the whole disposable), then security slider is set correctly to “Hardest”.
Hence I assume some sort of race condition between:
user.js over to TBB config folder
- TBB start
Might anybody confirm, reject or suggest a possible fix?
That I find highly unlikely. The copy operation is “guaranteed” to have completed before Tor Browser is started. You could reproduce that manually to confirm.
Generic Bug Reproduction might be required here.
“Forget” about Whonix.
Find out how to customize Tor Browser using a settings file prior ever a Tor Browser first start. Without Whonix being involved. For example on Debian.
Once potential bugs have been reported, fixed upstream in Tor Browser, once it’s clear how to do this manually, it would be likely be easy to update tb-updater to do the same.
Thanks for the quick reply @Patrick .
And you are right, this is a more general issue. I tested with vanilla Tor Browser wihout any Whonix participation.
On the first (fresh) start of Tor Browser, an existent
profile.default (which at this point is almost empty) is ignored. Any subsequent start of Tor Browser (with now fully initialized profile) will consider
user.js though. I am wondering
- if there had been a change since TBB 12
- if TBB is supposed to support default configurations via
user.js with fresh profile, which is important for Qubes disposable templates, as each time a new fresh profile is created
Before v12 everything worked for. Having had a look at an earlier post from you (*1) and the script in Whonix
/usr/bin/torbrowser, I assume this basically is supposed to work?
Do you have more info on the topic? If helpful, will also request clarification in the tor forums.
Probably the Tor Browser developers changed something.
The question to ask as per https://www.whonix.org/wiki/Free_Support_Principle would be kinda like:
How to pre-configure Tor Browser using a configuration file before Tor Browser’s first start?
How to set the Tor Browser security slider to maximum using a configuration file before Tor Browser’s first start?
I don’t know if upstream, the developers of Tor Browser are considering this the
user.js / set security slider to maximum using a settings file use case.
user.js is probably a feature by upstream’s upstream, which is Mozilla Firefox which hasn’t been considered / tested to not being broken by the Tor Browser developers.
It used to work but
/usr/bin/torbrowser cannot do any black magic. It can only automate which at least in principle can also be done manually. If it cannot be done manually, then I cannot help to make it more comfortable / automated.
policies.json (which is also a Firefox feature) (which was mentioned here Tor Browser Customization using user.js (for example for i2pbrowser)) could be used as a replacement for
tor-browser/Browser/defaults/pref might be an option too nowadays. In context of Qubes-Whonix that translates to:
But I couldn’t make that work either.
This could be related to the way the Tor Browser built-in (it’s no longer an add-on nowadays) security slider is initialized, it it respects