Skip to content

Tor Browser 12.0 does not respect `user.js`/default settings on first start

Crosslink: https://forum.torproject.net/t/tor-browser-12-0-does-not-respect-user-js-default-settings-on-first-start/5894

Summary

Before Tor Browser 12.0 it was possible to provide default settings to a “fresh” Tor Browser installation. This is mainly useful for defaulting to “Safest” security slider:

user_pref("browser.security_level.security_slider", 1);

(named extensions.torbutton.security_slider in previous versions, I guess)

Issue with 12.0: default settings are not respected on first browser startup (when profile.default is not initialized yet) - the browser instance needs to be closed and restarted. This is suboptimal for virtual/temporary environments, that bootstrap a fresh profile on startup.

From my own tests, Firefox ESR 102.5.0 correctly applies user.js or Firefox AutoConfig properly on first start, hence likely no upstream problem.

I am wondering, is this a new bug or intended security feature?

Steps to reproduce:

How one can reproduce the issue - this is very important.

  1. Download and extract tor-browser-linux64-12.0_ALL.tar.xz, so there is a fresh, uninitialized profile
  2. Before start, Either copy user.js manually to tor-browser/Browser/TorBrowser/Data/Browser/profile.default/user.js, with content:
user_pref("browser.security_level.security_slider", 1);

Same result also, when AutoConfig is used with pref, see also Workaround section down under.

  1. Tor Browser won’t have safest security level after startup. It needs to be closed and restarted, now with proper setting applied.

Workaround

After some more evaluation, the only remaining way possible is to use lockPref instead of pref for AutoConfig, user_pref/user.js being not possible at all. Download fresh Tor Browser (step 1) above, now instead of copying user.js, do following for AutoConfig (assuming tor-browser as root extraction dir):

cat > tor-browser/Browser/defaults/pref/autoconfig.js <<'EOF'
pref("general.config.filename", "firefox.cfg");
pref("general.config.obscure_value", 0);
EOF

cat > tor-browser/Browser/firefox.cfg <<'EOF'
// TORBROWSER DEFAULTS
lockPref("browser.security_level.security_slider", 1);
lockPref("intl.language_notification.shown", true);
EOF

But lockPref seems too restrictive, doesn't allow user.js to be used and does not provide additional security benefits.

What is the current bug behavior?

user.js is not respected. Firefox AutoConfig is not respected, except when using lockPref.

What is the expected behavior?

Behave like previous Tor Browser versions, in accordance with user.js and AutoConfig Firefox ESR default setting capabilities.

Environment

Operating System
Debian 11

Tor Browser version
12.0

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information