Opened 8 months ago

Closed 7 months ago

#25391 closed enhancement (wontfix)

[Feature Request] Environment Variable to set security slider level

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: adrelanos@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Hi it would be really neat if the Tor Browser security level can be set via an environment variable so we can give Whonix users more protection by default. If this is already implemented please let me know.

Child Tickets

Change History (7)

comment:1 Changed 8 months ago by adrelanos

Component: ApplicationsApplications/Tor Browser
Owner: set to tbb-team

comment:2 Changed 8 months ago by gk

Status: newneeds_information

Why is it not enough to just set the desired slider level in a prefs file that you ship in the browser profile (anyway)?

comment:3 Changed 8 months ago by adrelanos

The very root issue still is the absence of a Debian package for Tor Browser. (#3994 and/or #5236)

If there was a stable drop-in (.d) folder as there is /etc/firefox-esr/ for Firefox in Debian that only changes between major release upgrades (jessie -> stretch), that would be a perfect solution.

Experience tells, that the folder structure of TBB changes over time. Therefore a file based solution easily breaks after an upgrade or installation of a newer version of TBB.

Therefore, everything that can be configured by environment variable works very easy, stable and long term for Whonix.

comment:4 Changed 8 months ago by gk

How are you shipping Tor Browser to your users right now? Do you include a user profile?

comment:5 Changed 7 months ago by cypherpunks

With default settings unchanged at the moment.

We are thinking about shipping a(n optionally used) custom profile in the future to disable the no.proxy setting for localhost daemon access but its likely a brittle solution as TBB changes over time?

What happens to the newly added prefs in TBB proper if we use an older profile doc missing these booleans? Are the TBB ones applied as long as they are not contradicted?

Last edited 7 months ago by cypherpunks (previous) (diff)

comment:6 in reply to:  4 Changed 7 months ago by adrelanos

Replying to gk:

How are you shipping Tor Browser to your users right now? Do you include a user profile?

Download, verify, extract. No modifications besides environment variables. That's it in essence. More info:

comment:7 Changed 7 months ago by gk

Resolution: wontfix
Status: needs_informationclosed

I think using the prefs approach is the one you should pursue right now. Shipping an own profile with customizations won't go away in the forseeable future.

Note: See TracTickets for help on using tickets.