Tor browser: set security slider to safest, javascript.enabled to false by default in a TemplateVM

I use Tor browser in whonix-ws-16-dvm. To set the security slider to Safest by default I do in Template:whonix-ws-16:

sudo nano /var/cache/tb-binary/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/user.js

user_pref(“extensions.torbutton.security_slider”, 1);

After I save that file and shut down the template. this works like expected: the slider is always at Safest when I start Tor browser in whonix-ws-16-dvm.

However I also want to set javascript.enabled to false. I try in the template again

user_pref(“extensions.torbutton.security_slider”, 1);
user_pref(“javascript.enabled”, false);

This doesnt work. javascript.enabled stays true when I check in about:config.

I try

user_pref(“extensions.torbutton.security_slider”, 1);
user_pref(“javascript.enabled”, false);
user_pref(“extensions.torbutton.security_custom”, true);

then javascript.enabled becomes false, but the security slider is set to Standard.

How to set the slider to 1 (safest) and set javascript.enabled to false?

This is very complicated. Lots of upstream issues stacking up making this very complicated.

Related failed feature, history:
add Tor Browser first startup popup to ask whether security slider should be set to safest

Multiple sources of errors.

A) You need to figure out how to start with a clean Tor Browser without any customized settings. Then figuring out which customization settings are required to for configuring the security slider.

Tor Browser doesn’t have an API / documented setting for that. That feature request was rejected by its upstream (original) developers.

Even if the security slider says “safest”, it might not be. The status shown and all the settings internally changed by moving the slider indeed are different things.

To figure that out, you’d need Generic Bug Reproduction but unless you’re a developer that’s impossible since upstream already rejected such a feature request.


B) Qubes persistence would also be an additional source of confusion. See:
Tor Browser Update: Technical Details


All of this is for the most part unspecific to Whonix. You could try to reproduce this in a Debian based VM.

One alternative idea will be posted soon…

Documented just now:
Tor Browser Template Customization