I saw a post on an OpSec forum about hardening the Tor browser. They recommended changing a bunch of preferences in about:config to make the browser more anonymous. Is this a good idea, or can it make you stand out more from others using the browser?
Absolutely do not do make any changes via about:config to Tor Browser or Mullvad Browser.
2 Likes
You shouldnât change anything other than the safety level (Safe, Safer, Safest). I would absolutely expect it to hurt your anonymity.
1 Like
If someone can explain more of why changing the preferences is bad I would appreciate that.
And a follow up question; when using the Safest security level the javascript.enabled preference is still set to True. Is javascript still fully disabled?
2 Likes
The Tor Browser (and Mullvad Browser) provide anonymity via a âcrowdâ. That is, they attempt to make their users appear identical (within a few âbucketsâ, usually). An important part of that is how your browser is configured - to a very deep level. Even something as simple as the fonts your browser has available to it could be used to identify you.
You can read a bit more about it here: ANTI-FINGERPRINTING | Tor Project | Tor Browser Manual
An intuitive way to think about it, in my opinion, is like this:
- You can turn most settings into a Yes/No question. If the setting has multiple configurations, it just means you can turn it into multiple Yes/No questions (ie, when choosing between âCatâ, âDogâ, âDonutâ, and âCherryâ, you can identify a specific choice by answering âIs it an animal?â and âDoes it start with the letter âDâ?â)
- If 50% of people turn a setting on, and 50% turn it off, then knowing if that setting is on or off cuts the number of people who might be your target in half.
- If 50% of THOSE people turn a different setting on, and the other 50% of them have it off, it gets cut in half again, down to 25% of the original number of possible targets.
- If you do this about 33 times, and each question splits the search space in half, then you could uniquely identify any single person out of 8,589,934,592 people; more people than there are on Earth.
- If, on the other hand, everyone on Earth used the exact same settings, and you changed one, youâd immediately stand out.
The last situation is what Tor/Mullvad try to do, essentially.
Sometimes after you change your safety level, you need to restart for the changes to take effect. This might be one of those situations. If you restart and it still hasnât changed, my guess is that The Tor Browser doesnât change the setting and instead relies on NoScript (which is built-in) for disabling javascript.
3 Likes