Does anyone know how to permanently set the Whonix disposable Tor Browser security level? I would like to have it set to “Safer” (medium) on boot, but by default it always starts on “Standard”.
I checked the terminal arguments for the “start-tor-browser” script, but it doesn’t offer that option, and trying to run the Tor Browser on the disposable template to set it there gets blocked by Whonix for security reasons.
Any help would be greatly appreciated!
My first guess is in the template itself
(not tested)
/home/user/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/prefs.js to the whonix-workstation-17 template in /etc/torbrowser.d/ folder.
edit: Be careful, I don’t know if it can cause a problem with the fingerprint…
edit 2: Change the name prefs.js to user.js
Changing the Tor Browser Security Level via TemplateVM will affect the browser fingerprint to some degree, since certain web resources will be prevented from being fetched.
Thanks Tezeria for the solution!
And about the fingerprint - how much is it altered compared to just starting the disposable browser with default security settings and immediately switching those to a tighter level anyway?
Whether it’s a disposable browser or not, whether you change the security level before, during or after, the fingerprint problem remains the same. For me, you shouldn’t change anything in your browser. At worst, you can take on a new identity after visiting this or that site
Only the startup page will see the initial state (if you use a startup page), like Tor Project home. Note that Whonix uses a locally-stored page (file:///…). Probably you get a more specific fingerprint if you save bookmarks for example, so don’t do that and you can use the “different security level” browser in relative anonymity.
The fingerprints are at least different:
Quote:
…
so for example
- open browser at standard and use standard = FP1
- open browser at standard and use safer = FP2
- open browser at safer and use standard = FP3
- open browser at safer and use safer = FP4
…
That doesn’t work (seems to have become broken years ago). There are documented ways that work though: Tor Browser Disposable Template Customization
Those all mention running Tor Browser, which creates a whole browser profile folder (and storing it on the template or DVM template) which is probably significantly worse for fingerprinting though, especially if the browser does get compromised during use. Maybe it’s still useful to you @valenzuela if you’re OK with considering all new qubes created from this template or DVM template to be for a single unique pseudonymous identity. Keep your original templates as they are and make a clone for this higher security/lower privacy use case.
It’s working for me, i just try it…
For me, i think it’s better to modify prefs.js in template than in disposable vm to not corrupt it and… it’s better to change nothing! lol 
Is it documented somewhere? How can I find out what actually happens with files in that directory? Are you sure /etc/torbrowser.d/prefs.js is the right path and filename? Does it only work for certain properties, like user_pref("browser.security_level.security_slider", 2); that OP asked about, and not for others? I actually tried it with different lines that were changed from the defaults, and I didn’t notice any effect.
Do you have some other modification too to make /etc/torbrowser.d/prefs.js work for you?
Yes it is in the /etc/torbrowser.d/30_default.conf in whonix-workstation-17 line 55.
I just modify the slider “security” in the settings and copy /home/user/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/prefs.js in the template’s directory /etc/torbrowser.d/ like i said. Did you change the prefs.js to user.js? (Sorry, I forgot to specify to change the name of the file. I corrected it 
)
I think it’s better to ask in the whonix’s forum rather than in this forum which is dedicated to Qubes-Os…
But again, I think the best thing to do is to leave the default configuration of the torbrowser.
Thanks, that would certainly explain why it didn’t work for me
When I did a search for that path I only read a title such as TBB 12: Customatization of settings via /etc/torbrowser.d/user.js does not work anymore - Qubes-Whonix - Whonix Forum and a couple of other threads there where I got the impression that the situation with Tor Browser config paths is really bad (if reading the path aloud and counting the words “tor” and “browser” or their acronym isn’t telling enough) and that understandably Whonix developers don’t want to touch it, and so it’s more of a Tor Browser issue.