Operating System
Debian 11
Tor Browser version
12.0
Description
Before Tor Browser 12.0 it was possible to provide default settings to a “fresh” Tor Browser installation. This is mainly useful for defaulting to “Safest” security slider:
user_pref("browser.security_level.security_slider", 1);
(named extensions.torbutton.security_slider in previous versions, I guess)
Issue with 12.0: default settings are not respected on first browser startup (when profile.default is not initialized yet) - the browser instance needs to be closed and restarted. This is suboptimal for virtual/temporary environments, that bootstrap a fresh profile on startup.
From my own tests, Firefox ESR 102.5.0 correctly applies user.js or autoconfig properly on first start, hence likely no upstream problem.
I am wondering, is this a new bug or intended security feature?
Step by Step
- Download and extract tor-browser-linux64-12.0_ALL.tar.xz, so there is a fresh, uninitialized profile
- Before start, Either copy user.js manually to tor-browser/Browser/TorBrowser/Data/Browser/profile.default/user.js, with content:
user_pref("browser.security_level.security_slider", 1);
- Alternatively use Firefox AutoConfig (same result)
- Tor Browser won’t have safest security level after startup. It needs to be closed and restarted, now with proper setting applied.