Having an intermittent problem with the Tor Browser. Currently my Security Level setting level is shown as “Safest”. However, when I run and IP check from check.torproject.org it shows that Javascript is enabled. The icon on the browser taskbar is all black. When I tested my browser with the Whonix Forum, I can see javascript is indeed enabled.
I seem to recall during one of the Whonix upgrades I received a message about how Tor Browser’s security level settings by default would be set to safest when opening. This is different from the default settings for Tor Browser. Was this a change initiated by Whonix?
The problem is intermittent. Sometimes when Tor Browser opens, and I do an IP Check, it shows javascript as disabled, with the Security Level setting at Safest. Yet other times, with the Security Level at that same setting, running an IP check at check.torproject.org shows javascript still enabled. Is this a Whonix issue or do I need to maybe create a bug report over at Tor? Sorry for my confusion here.
Just to add, I am now running the 15.0.0.6.6 tester version in KVM, but before I installed it, I was using an older, but updated version of Whonix 15 and I was seeing the same issue. I have noticed this for about a week or two recently. Definitely a security concern.
All this would do is copying file /usr/share/torbrowser/security-slider-highest.js to ~/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/user.js.
Please learn about: Tor Browser Functionality on Different Platforms: Tor Browser Essentials
Then please try to reproduce this in on a plain Debian VM. Such as a Debian buster VM.
Non-Whonix. I.e. outside of Whonix. If the bug is reproducible there too, it should be reported to The Tor Project.