svoboda.center

QubesOS DispVM set Tor Browser security level to Safest by default

Tor Browser is your best choice when it comes to anonymous browsing, but it comes with “Standard” security level by default, enabling features like Javascript and some weird HTML5 stuff. That could be used to fingerprint and deanonimyze users or even install persistent malware via 0-day exploits. Setting the level to “Safest” is what fixes this problem, but here is the issue: every time you start a new DispVM Tor Browser session, your settings will be reverted back to “Standard”.

Let’s fix this problem by setting security level once and for all. Tor Browser uses policies.json file (like Firefox), and we’ll use it for our advantage.

Configuring Disposable VM template

Open /rw/config/rc.local In DispVM template (whonix-workstation-xx-dvm) and add this code to it:

mkdir /var/cache/tb-binary/.tb/tor-browser/Browser/distribution
cat > /var/cache/tb-binary/.tb/tor-browser/Browser/distribution/policies.json <<EOF
{
  "policies": {
    "Preferences": {
      "browser.security_level.security_slider": {
        "Value": 1,
        "Status": "locked"
      }
    }
  }
}
EOF
chown -R user:user /var/cache/tb-binary/.tb/tor-browser/Browser/distribution

and then shutdown this template.

This script will create policies.json file and configure Tor Browser to lock security slider, essentially setting security level to Safest. If you want to verify that it worked, create new DispVM qube, open Tor Browser, go to Settings > Privacy & Security > Security level and there you should see “Custom security level configured” message.

Note: you will not be able to change security level in GUI after this, you’ll have to remove the code from template’s /rw/config/rc.local.

If you want to support us, you can donate here: Donate