Tor Browser 12.0 does not respect `user.js`/default settings on first start
Summary
Before Tor Browser 12.0 it was possible to provide default settings to a “fresh” Tor Browser installation. This is mainly useful for defaulting to “Safest” security slider:
user_pref("browser.security_level.security_slider", 1);
(named extensions.torbutton.security_slider
in previous versions, I guess)
Issue with 12.0: default settings are not respected on first browser startup (when profile.default
is not initialized yet) - the browser instance needs to be closed and restarted. This is suboptimal for virtual/temporary environments, that bootstrap a fresh profile on startup.
From my own tests, Firefox ESR 102.5.0 correctly applies user.js
or Firefox AutoConfig properly on first start, hence likely no upstream problem.
I am wondering, is this a new bug or intended security feature?
Steps to reproduce:
How one can reproduce the issue - this is very important.
- Download and extract
tor-browser-linux64-12.0_ALL.tar.xz
, so there is a fresh, uninitialized profile - Before start, Either copy
user.js
manually totor-browser/Browser/TorBrowser/Data/Browser/profile.default/user.js
, with content:
user_pref("browser.security_level.security_slider", 1);
Same result also, when AutoConfig is used with pref
, see also Workaround section down under.
- Tor Browser won’t have safest security level after startup. It needs to be closed and restarted, now with proper setting applied.
Workaround
After some more evaluation, the only remaining way possible is to use lockPref
instead of pref
for AutoConfig, user_pref
/user.js
being not possible at all.
Download fresh Tor Browser (step 1) above, now instead of copying user.js
, do following for AutoConfig (assuming tor-browser
as root extraction dir):
cat > tor-browser/Browser/defaults/pref/autoconfig.js <<'EOF'
pref("general.config.filename", "firefox.cfg");
pref("general.config.obscure_value", 0);
EOF
cat > tor-browser/Browser/firefox.cfg <<'EOF'
// TORBROWSER DEFAULTS
lockPref("browser.security_level.security_slider", 1);
lockPref("intl.language_notification.shown", true);
EOF
But lockPref
seems too restrictive, doesn't allow user.js
to be used and does not provide additional security benefits.
What is the current bug behavior?
user.js
is not respected. Firefox AutoConfig is not respected, except when using lockPref
.
What is the expected behavior?
Behave like previous Tor Browser versions, in accordance with user.js
and AutoConfig Firefox ESR default setting capabilities.
Environment
Operating System
Debian 11
Tor Browser version
12.0