Tor Browser version
Before Tor Browser 12.0 it was possible to provide default settings to a “fresh” Tor Browser installation. This is mainly useful for defaulting to “Safest” security slider:
extensions.torbutton.security_slider in previous versions, I guess)
Issue with 12.0: default settings are not respected on first browser startup (when
profile.default is not initialized yet) - the browser instance needs to be closed and restarted. This is suboptimal for virtual/temporary environments, that bootstrap a fresh profile on startup.
From my own tests, Firefox ESR 102.5.0 correctly applies
user.js or autoconfig properly on first start, hence likely no upstream problem.
I am wondering, is this a new bug or intended security feature?
Step by Step
- Download and extract
tor-browser-linux64-12.0_ALL.tar.xz, so there is a fresh, uninitialized profile
- Before start, Either copy
user.js manually to
tor-browser/Browser/TorBrowser/Data/Browser/profile.default/user.js, with content:
- Alternatively use Firefox AutoConfig (same result)
- Tor Browser won’t have safest security level after startup. It needs to be closed and restarted, now with proper setting applied.