Can you use the Tor Browser without Tor connection?

Martin Brinkmann
Nov 26, 2018
Updated • Oct 31, 2019
Firefox
|
152

Tor Browser is a web browser specifically designed for privacy and anonymity. The web browser is a modified version of Firefox ESR that includes privacy tweaks and even some extensions to improve privacy and security on the Internet.

What makes it special is that all connections go through several severs of the Tor network before they connect to the destination.

Connections to Tor improve privacy when you are online but could you, in theory, run Tor Browser without Tor?

Tor Browser without Tor would still provide better out-of-the-box privacy than Firefox ESR or Firefox Stable -- and other browsers. It is arguably the browser with the best default privacy configuration which might make it attractive to some users.

Dropping Tor reduces privacy while online but that can be compensated, e.g. by connecting to a VPN or even chaining VPN services and it would speed things up significantly. Tor is the better choice when it comes to critical tasks, e.g. leaking documents or communication.

Update: Tor Browser 9.0 has been released. After upgrading Tor Browser to version 9.0, to run it without connecting to оnion network, we need to use environment variables TOR_SKIP_LAUNCH=1 and TOR_TRANSPROXY=1. Thanks Torian! End

Modifying Tor Browser

tor browser without tor

You need to start Tor Browser to make the following modifications to it.

Attention: I suggest you use a portable copy of the browser to make these modifications and keep an original copy on the computer as well; you may then use either one of the solutions depending on what you want to do on the Internet.

  1. Load about:config in the browser's address bar.
  2. Search for network.proxy.socks_remote_dns.
  3. Double-click on the preference to set it to false.
  4. Use the search on the page to display extensions.torlauncher.start_tor.
  5. Double-click on the preference to set it to false.
  6. Load about:addons in the Tor Browser address bar.
  7. Locate Tor Launcher and click on the disable button next to it to disable the extension.
  8. Load about:preferences#general in the browser's address bar.
  9. Scroll down to the Network section and activate the Settings button.
  10. Switch from Manual Proxy Configuration to No Proxy.
  11. Restart Tor Browser.

The result

Tor Browser loads as quickly as any other web browser once you have made the modifications. It works similarly to a heavily modified version of Firefox in that regard, e.g. after applying changes from the Ghacks user.js file for Firefox and installing the add-ons that Tor browser comes with by default (HTTPS Everywhere and NoScript).

It is certainly possible to modify Tor Browser further, or modify Firefox to improve privacy of the browser instead.

Tor Browser comes with many privacy and security modifications as outlined in the design document.

Closing Words

Whether it is a good idea to run Tor Browser without Tor, or use a different browser to improve online privacy is up for debate.

Now You: What is your take on this?

Summary
Can you use the Tor Browser without Tor connection?
Article Name
Can you use the Tor Browser without Tor connection?
Description
Can you run the privacy-focused Tor Browser without connection to the Tor network? And if you can, why would you? Let's find out!
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Tor13.0 NetworkDisabled said on November 5, 2023 at 9:07 pm
    Reply

    Uses of Tor Browser Without Tor Network (TBWTN) with a VPN:
    # Uniformity: Same browser fingerprint as thousands of Tor Browser users
    # Convenience: A hardened Firefox by default
    # Speed: Download and upload faster than the Tor Network
    # Freedom: Access websites that discriminate against the Tor Network
    ________________________________________________________________________________
    Choose any of these methods to use TBWTN:
    + VPN Only Method
    + Proxy-Over-VPN Only Method
    + autoconfig.js and firefox.cfg Method
    + Fork Method

    Download Tor Browser: https://www.torproject.org/download/languages/
    ________________________________________________________________________________
    VPN Only Method

    ! Connect to your VPN !
    !! Optional: Create a VPN kill switch for TBWTN through your firewall (Invidio.us/YouTube.com for tutorials) !!
    !!! Undo any “For Proxy-Over-VPN Only Method” configurations (if any) !!!

    0) Make a copy of Tor Browser’s folder and rename it.
    1) Run Tor Browser and go to about:config
    2) Set to “false”: extensions.torlauncher.start_tor
    3) Set to “false”: network.dns.disabled
    4) Replace “127.0.0.1” with a space (” “): network.proxy.socks
    ________________________________________________________________________________
    Proxy-Over-VPN Only Method

    ! Connect to your VPN !
    !! Optional: Create a VPN kill switch for TBWTN through your firewall (Invidio.us/YouTube.com for tutorials) !!
    !!! Undo any “For VPN Only Method” configurations (if any) !!!

    0) Make a copy of Tor Browser’s folder and rename it.
    1) Run Tor Browser and go to: about:config
    2) Set to “true”: extensions.torbutton.use_nontor_proxy
    3) Set to “false”: network.proxy.socks_remote_dns
    4) Set to “false”: extensions.torlauncher.start_tor
    5) Close and restart Tor Browser, and edit the desired preferences (in about:config):
    network.proxy.ftp
    network.proxy.ftp_port
    network.proxy.http
    network.proxy.http_port
    network.proxy.socks
    network.proxy.socks_port
    network.proxy.socks_version
    network.proxy.ssl
    network.proxy.ssl_port
    ________________________________________________________________________________
    autoconfig.js and firefox.cfg Method

    Instructions: https://www.ghacks.net/2018/11/26/can-you-use-the-tor-browser-without-tor-connection/#comment-4509260
    ________________________________________________________________________________
    Fork Method

    Build (and share) your TBWTN: https://gitlab.torproject.org/tpo/applications/tor-browser/-/wikis/Hacking
    ________________________________________________________________________________
    Tags: Torian

  2. Tor12.0 NetworkDisabled said on March 12, 2023 at 6:17 pm
    Reply

    Choose any of these methods to use Tor-Browser-Without-Tor-Network (TBWTN):
    + For VPN Users
    + For Proxy-Over-VPN Users
    + autoconfig.js and firefox.cfg Method
    + Fork Method

    Uses of TBWTN with a VPN:
    # Uniformity: Same browser fingerprint as thousands of Tor Browser users
    # Convenience: A hardened Firefox by default
    # Speed: Download and upload faster than the Tor Network
    # Freedom: Access websites that discriminate against the Tor Network

    Download Tor Browser: https://www.torproject.org/download/languages/
    ________________________________________________________________________________
    For VPN Users

    ! Connect to your VPN !
    !! Optional: Create a VPN kill switch in your firewall (Invidio.us/YouTube.com for tutorial) !!
    !!! Undo any “For Proxy-Over-VPN Users” configurations !!!

    0) Make a copy of Tor Browser’s folder and rename it.
    1) Run Tor Browser and go to: about:config
    2) Set to “false”: network.dns.disabled
    3) Replace “127.0.0.1” with a space (” “): network.proxy.socks
    4) Optional: To disable the notification, set to “false”: extensions.torlauncher.start_tor
    ________________________________________________________________________________
    For Proxy-Over-VPN Users

    ! Connect to your VPN !
    !! Optional: Create a VPN kill switch in your firewall (Invidio.us/YouTube.com for tutorial) !!
    !!! Undo any “For VPN Users” configurations !!!

    0) Make a copy of Tor Browser’s folder and rename it.
    1) Run Tor Browser and go to: about:config
    2) Set to “true”: extensions.torbutton.use_nontor_proxy
    3) Set to “false”: extensions.torlauncher.start_tor
    4) Restart Tor Browser and edit the desired preferences (about:config):
    network.proxy.ftp
    network.proxy.ftp_port
    network.proxy.http
    network.proxy.http_port
    network.proxy.socks
    network.proxy.socks_port
    network.proxy.socks_version
    network.proxy.ssl
    network.proxy.ssl_port
    ________________________________________________________________________________
    autoconfig.js and firefox.cfg Method

    Instructions: https://www.ghacks.net/2018/11/26/can-you-use-the-tor-browser-without-tor-connection/#comment-4509260
    ________________________________________________________________________________
    Fork Method

    Build (and share) your own TBWTN: https://gitlab.torproject.org/tpo/applications/tor-browser/-/wikis/Hacking
    ________________________________________________________________________________
    Tags: Torian

  3. Igor said on April 30, 2022 at 6:28 pm
    Reply

    The problem was solved with “dirty” hack providing a DNS-forwarder at 127.0.0.1:53
    https://wiki.debian.org/dnsmasq

  4. Igor said on April 25, 2022 at 5:11 pm
    Reply

    Hello to all!
    I need to use tor browser without tor network.
    I have Linux Debian 10 Buster with the latest updates.
    $ cat /etc/debian_version
    10.12

    Tor browser was installed from the official debian repository
    $ dpkg -l|grep -i ” tor”
    ii torbrowser-launcher 0.3.3-6~bpo10+1 amd64 helps download and run the Tor Browser Bundle

    Latest version of Tor browser installed
    11.0.10 (based on Mozilla Firefox 91.8.0esr) (64-bit).

    Here I found instructions for using the tor browser without the tor network.
    I created two config files and put them in the right places.

    ~/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/defaults/pref$ cat autoconfig.js
    pref(“general.config.filename”, “firefox.cfg”);
    pref(“general.config.obscure_value”, 0);

    ~/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser$ cat firefox.cfg
    // user_pref(“extensions.torbutton.startup”, false);
    lockPref(“extensions.torlauncher.start_tor”, false);
    lockPref(“network.dns.disabled”, false);
    lockPref(“network.proxy.socks_remote_dns”, false);
    lockPref(“network.proxy.type”, 0);

    I have two computers with almost the same configuration (Linux Debian 10 Buster with latest updates).
    However, on one computer the tor browser work good without the tor network (I did this 2 months ago),
    but the second computer (set up today), with the same configuration – did not work, with an error message
    ” Hmm. We’re having trouble finding that site.
    We can’t connect to the server at duckduckgo.com.”

    I have spent a lot of time comparing the difference between linux settings configuration and tor browsers settings, but found no difference.
    On the computer where the tor browser did not work, I ran tcpdump and found that the tor browser is try accessing a non-existent dns server 127.0.0.1:

    tcpdump output:
    16:28:42.955284 IP 127.0.0.1.51257 > 127.0.0.1.53: 2171+ A? duckduckgo.com. (32)
    16:28:42.955306 IP 127.0.0.1 > 127.0.0.1: ICMP 127.0.0.1 udp port 53 unreachable, length 68

    I have a different dns address in /etc/resolv.conf, the real address of my ethernet provider. I have no address 127.0.0.1 in my configs.
    Tell me please, why is the tor browser using the wrong dns address ?

    Thank you for your attention!

    1. Tor11.0 NetworkDisabled said on April 30, 2022 at 6:22 pm
      Reply

      @Igor said on April 25, 2022 at 5:11 pm
      _______________________________________________________________________________________________
      “I created two config files”

      Since Version 11, autoconfig.js and firefox.cfg are not needed to use Tor Browser without its network.
      // 2) Replace each quotation mark by retyping them. (Because ghacks.net converts programmer quotation marks to curved ones).
      // https://www.ghacks.net/2018/11/26/can-you-use-the-tor-browser-without-tor-connection/#comment-4509750
      _______________________________________________________________________________________________
      “I need to use tor browser without tor network.”

      0) Make a copy of Tor Browser’s folder and rename it.
      1) Run Tor Browser from the renamed folder and go to: about:config
      2) Set to “false”: network.dns.disabled
      3) Replace “127.0.0.1” with a space (” “): network.proxy.socks
      4) Optional: To disable the pop-up notification window, set to “false”: extensions.torlauncher.start_tor

      https://www.ghacks.net/2018/11/26/can-you-use-the-tor-browser-without-tor-connection/#comment-4513447

  5. Tor11.0 NetworkDisabled said on January 22, 2022 at 6:23 am
    Reply

    Choose any of these methods to use Tor Browser without its network:
    + VPN Users
    + Proxy Users

    Uses of Tor Browser without its network, with a VPN/proxy:
    # Uniformity: Same browser fingerprint as thousands of Tor Browser users.
    # Convenience: A hardened Firefox by default.
    # Speed: Download and upload faster than the Tor Network.
    # Freedom: Access websites that discriminate against the Tor Network.
    _______________________________________________________________________________________________
    VPN Users (Version 11)

    Install Tor Browser: https://www.torproject.org/download/languages/

    0) Make a copy of Tor Browser’s folder and rename it.
    1) Run Tor Browser and go to: about:config
    2) Set to “false”: network.dns.disabled
    3) Replace “127.0.0.1” with a space (” “): network.proxy.socks

    Optional: To prevent the pop-up window, set to “false”: extensions.torlauncher.start_tor
    _______________________________________________________________________________________________
    Proxy Users (Version 11)

    Install Tor Browser: https://www.torproject.org/download/languages/

    0) Make a copy of Tor Browser’s folder and rename it.
    1) Run Tor Browser and go to: about:config
    2) Set to “false”: extensions.torlauncher.start_tor
    3) Set to “true”: extensions.torbutton.use_nontor_proxy
    4) Edit the desired preferences:
    network.proxy.ssl
    network.proxy.ssl_port
    network.proxy.socks
    network.proxy.socks_port
    network.proxy.socks_version
    network.proxy.http
    network.proxy.http_port
    network.proxy.ftp
    network.proxy.ftp_port
    _______________________________________________________________________________________________
    Version History

    Since Version 11, autoconfig.js and firefox.cfg are not needed to use Tor Browser without its network.

  6. Tor11.0 NetworkDisabled said on January 18, 2022 at 4:08 am
    Reply

    @anon said on January 13, 2022 at 1:37 pm

    “i will use the same second torbrowser without deleting history because i need it”
    1) Move your first Tor Browser into a different folder.
    2) Install Tor Browser.
    3) Rename your new/second Tor Browser folder to: Tor Browser without Network 1
    4) Apply any method.
    5) Move your first Tor Browser back to your desired location.

  7. anon said on January 13, 2022 at 1:37 pm
    Reply

    Tor11.0 NetworkDisabled, please i need help with something:
    i have installed torbrowser, i use it with tor network, but i need install another torbrowser or portable because i want to use without the tor network, i will use the same second torbrowser without deleting history because i need it, someway to do this please? thanks in advance

  8. Pen' Pen' said on January 1, 2022 at 2:22 am
    Reply

    I’ve tried all three options, but I still can’t open any web pages. I’m using Archlinux and Tor-browser loaded via torbrowser-launcher.

    After all the file actions, I try to open any website, but all I see is this message:

    Hmm. We can’t find this site.

    We cannot connect to the server.

    If this address is correct, please try the following:

    Try again later.
    Check your network connection.
    If you are connected to the Internet but protected by a firewall, check that the Tor Browser is allowed access to the Internet.

    1. Tor11.0 NetworkDisabled said on January 2, 2022 at 8:41 pm
      Reply

      @ Pen’ Pen’ said on January 1, 2022 at 2:22 am

      Works on 11.0.3 with Micahflee’s torbrowser-launcher.
      _______________________________________________________________________________________________
      “I’ve tried all three options”

      Beginner Method
      2) Rename your Tor Browser folder to: Tor Browser without Network 1

      Advanced Method
      2) Replace each quotation mark by retyping them. (Because ghacks.net converts programmer quotation marks into curved ones).
      _______________________________________________________________________________________________
      “I’m using Archlinux”

      Copy autoconfig.js into:
      ~/.var/app/com.github.micahflee.torbrowser-launcher/data/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/defaults/pref/

      Copy firefox.cfg into:
      ~/.var/app/com.github.micahflee.torbrowser-launcher/data/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/

      To run Tor Browser without its network, execute firefox:
      ~/.var/app/com.github.micahflee.torbrowser-launcher/data/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/
      _______________________________________________________________________________________________
      “Tor-browser loaded via torbrowser-launcher”

      Micahflee’s torbrowser-launcher is not intended for Tor Browser without its network.

      1) Download Tor Browser: https://www.torproject.org/download/languages/

  9. Pen' Pen' said on December 30, 2021 at 3:12 am
    Reply

    Doesn’t work on 11.0.3

    1. Tor11.0 NetworkDisabled said on January 1, 2022 at 1:35 am
      Reply

      @ Pen’ Pen’ said on December 30, 2021 at 3:12 am

      Works on 11.0.3.

      Which method did you use?
      Beginner – VPN users: Download + Manual Method
      Advanced – VPN users: Manual Method
      Advanced – Proxy users: Manual Method

      And what operating system did you use?

  10. Tor11.0 NetworkDisabled said on November 23, 2021 at 5:51 am
    Reply

    Choose any of these methods to use the Tor Browser without its network:
    Beginner – VPN users: Download + Manual Method
    Advanced – VPN users: Manual Method
    Advanced – Proxy users: Manual Method

    Uses of Tor Browser without Tor connection, with a VPN/proxy:
    1) Uniformity: same browser fingerprint as thousands of Tor Browser users.
    2) Convenience: a hardened Firefox by default.
    3) Speed: download and upload faster than the Tor Network.
    4) Freedom: access a website that discriminates against the Tor Network.
    _______________________________________________________________________________________________
    Beginner – VPN users: Download + Manual Method (Versions 10, 11)

    1) Download Tor Browser: https://www.torproject.org/download/languages/
    2) Rename your Tor Browser folder to: Tor Browser without Network 1
    3) Download the .zip file.
    Download: https://www.dropbox.com/s/17neo8nfrrrb9vk/Tor%20Network%20Disabled%20%28Versions%2010%20and%2011%29.zip?dl=0
    Mirror: https://ufile.io/62y5bhpx
    4) Open the folder with the name of your operating system in the .zip file.
    5) Copy and paste the .zip file’s “Tor Browser without Network 1” folder onto your renamed folder from Step 2.
    _______________________________________________________________________________________________
    Advanced – VPN users: Manual Method (Versions 10, 11)

    Step I: Create autoconfig.js.
    1) Copy these 2 lines into a text editor:
    pref(“general.config.filename”, “firefox.cfg”);
    pref(“general.config.obscure_value”, 0);
    2) Replace each quotation mark by retyping them. (Because ghacks.net converts programmer quotation marks into curved ones).
    3) Convert the newline to LF. (Windows users: Use an advanced text editor like Notepad++).
    4) Save as: autoconfig.js. (Windows users: File, Save As, Save as type, All Files, File name: autoconfig.js).

    Step II: Create firefox.cfg.
    1) Copy these 5 lines into a text editor:
    // IMPORTANT: Start your code on the 2nd line
    lockPref(“extensions.torlauncher.start_tor”, false);
    lockPref(“network.dns.disabled”, false);
    lockPref(“network.proxy.socks_remote_dns”, false);
    lockPref(“network.proxy.type”, 0);
    2) Replace each quotation mark by retyping them. (Because ghacks.net converts programmer quotation marks into curved ones).
    3) Optional for firefox.cfg: Convert the newline to LF.
    4) Save as: firefox.cfg. (Windows users: File, Save As, Save as type, All Files, File name: firefox.cfg).

    Step III: Copy autoconfig.js and firefox.cfg into the desired Tor Browser directory.
    1) autoconfig.js file path:
    Windows or Linux: …\Browser\defaults\pref
    MacOS: …/Contents/Resources/defaults/pref
    2) firefox.cfg file path:
    Windows or Linux: …\Browser
    MacOS: …/Contents/Resources
    _______________________________________________________________________________________________
    Advanced – Proxy users: Manual Method (Versions 10, 11)

    Step I: VPN Manual Method

    Step II: firefox.cfg
    1) Copy these lines into a text editor:
    // IMPORTANT: Start your code on the 2nd line
    lockPref(“extensions.torbutton.use_nontor_proxy”, true);
    lockPref(“extensions.torlauncher.start_tor”, false);
    lockPref(“network.proxy.socks_remote_dns”, false);
    lockPref(“network.proxy.type”, 1);
    //
    //lockPref(“network.proxy.ftp”, “#”);
    //lockPref(“network.proxy.ftp_port”, #);
    //
    //lockPref(“network.proxy.http”, “#”);
    //lockPref(“network.proxy.http_port”, #);
    //
    //lockPref(“network.proxy.socks”, “#”);
    //lockPref(“network.proxy.socks_port”, #);
    //lockPref(“network.proxy.socks_version”, #);
    //
    //lockPref(“network.proxy.ssl”, “#”);
    //lockPref(“network.proxy.ssl_port”, #);
    2) Replace each quotation mark by retyping them. (Because ghacks.net converts programmer quotation marks to curved ones).
    3) Optional for firefox.cfg: Convert the newline to LF.
    4) Delete “//” from the desired options.
    5) Replace “#” with the desired value.
    6) Optional for firefox.cfg: Convert the newline to LF.
    7) Save as: firefox.cfg.

    Step III: VPN Manual Method
    _______________________________________________________________________________________________
    Version History

    Since version 9, these configurations reset upon restarting firefox.exe:
    network.proxy.socks_remote_dns
    network.proxy.type

    Since version 10, this configuration must be set to false:
    network.dns.disabled

    Since version 10, these environment variables no longer work:
    TOR_SKIP_LAUNCH=1
    TOR_TRANSPROXY=1

    If the latest version of Tor Browser 11 is unstable, temporarily revert to a previous version:
    https://dist.torproject.org/torbrowser/
    Version 11’s latest bugs:
    https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues?label_name%5B%5D=Bug&scope=all&sort=created_date&state=opened
    _______________________________________________________________________________________________
    https://support.mozilla.org/en-US/kb/customizing-firefox-using-autoconfig
    https://www.ghacks.net/2018/11/26/can-you-use-the-tor-browser-without-tor-connection/

    1. Tor11.0 NetworkDisabled said on November 30, 2021 at 7:23 pm
      Reply
  11. Anonymous said on April 25, 2021 at 8:17 am
    Reply

    Someone please reply to this comment with the latest version of “Without_Tor_Browser” updated as on 25/04/2021 (Tor Browser 10.0.16). I don’t have much technical knowledge please send a simple download link.

    1. Tor10.0 NetworkDisabled said on May 5, 2021 at 7:14 pm
      Reply

      @Anonymous said on April 25, 2021 at 8:17 am
      “Someone please reply with the latest version of “Without_Tor_Browser”. I don’t have much technical knowledge.”

      Download Method – Full Installation (Tor Browser + without Network Files)
      Step 0: Optional: Disable javascript in your browser.

      Windows 64-bit (70 mb, 10.0.16)
      Download: https://www.datafilehost.com/d/109e00d5
      Mirror: https://anonfiles.com/T5wb0au9ua/Tor_Browser_without_Network_1_zip

      Windows 32-bit (70 mb, 10.0.16)
      Download: https://www.datafilehost.com/d/1a7694d1
      Mirror: https://anonfiles.com/176e90u6u3/Tor_Browser_without_Network_1_zip

      1. Alfa said on May 15, 2021 at 3:20 am
        Reply

        Can someone please tell if a network disabled tor browser for Android is possible and please also send the link if possible.

    2. Tor10.0 NetworkDisabled said on April 26, 2021 at 1:43 am
      Reply

      1) Rename your desktop Tor Browser folder to: Tor Browser without Network 1.

      2) Download from either (Optional: Disable javascript in your browser.):
      https://www.datafilehost.com/d/d269263a
      https://anonfiles.com/s5J8w4m2uf/Tor_Network_Disabled_Version_10_zip

      3) Extract the downloaded .zip.

      4) Open the folder with the name of your operating system.

      5) Copy the “Tor Browser without Network 1” folder from the extracted .zip.

      6) Paste and replace into your desktop’s “Tor Browser without Network 1” folder.

  12. Tor10.0 NetworkDisabled said on March 24, 2021 at 8:24 pm
    Reply

    This article is outdated since Tor Browser version 9.
    To use the Tor Browser without its network, choose one of the two methods below: Download or Manual.

    Martin, consider updating this article so others, when using a VPN, may:
    1) enjoy the privacy benefits of having the same browser fingerprint as thousands of Tor users do.
    2) bypass censorship to access a site that blocked the Tor Network without exposing their hardware and system fingerprints.
    _________________________________________________________________________
    Download Method (for version 10)
    Step 0: Optional: Disable javascript in your browser.
    Step 1: Download the link.
    Step 2: Make a copy of Tor Browser and rename it.
    Step 3: Copy the downloaded files into the renamed Tor Browser according to their folder paths.
    Download: https://www.datafilehost.com/d/d269263a
    Mirror: https://anonfiles.com/s5J8w4m2uf/Tor_Network_Disabled_Version_10_zip
    _________________________________________________________________________
    Manual Method (for version 10)

    Step 0: Make a copy of Tor Browser and rename it.

    Step i: autoconfig.js
    1) Copy these 2 lines into your text editor:
    pref(“general.config.filename”, “firefox.cfg”);
    pref(“general.config.obscure_value”, 0);
    2) Replace each quotation mark by retyping them. (Because ghacks.net converts programmer quotation marks to curved ones)
    3) Convert the newline to LF. (Use an advanced text editor like Notepad++)
    4) Save as: autoconfig.js. (Windows: File – Save As – Save as type: All Files – File name: autoconfig.js)

    Step ii: firefox.cfg
    1) Copy these 5 lines into your text editor:
    // IMPORTANT: Start your code on the 2nd line
    lockPref(“extensions.torlauncher.start_tor”, false);
    lockPref(“network.dns.disabled”, false);
    lockPref(“network.proxy.socks_remote_dns”, false);
    lockPref(“network.proxy.type”, 0);
    2) Replace each quotation mark by retyping them. (Because ghacks.net converts programmer quotation marks to curved ones)
    3) Optional for firefox.cfg: Convert the newline to LF.
    4) Save as: firefox.cfg. (Windows: File – Save As – Save as type: All Files – File name: firefox.cfg)

    Step iii: Copy autoconfig.js and firefox.cfg into the renamed Tor Browser directory.
    1) autoconfig.js:
    Windows or Linux: …\Tor Browser without Network 1\Browser\defaults\pref
    macOS: …/Tor Browser without Network 1/Contents/Resources/defaults/pref
    2) firefox.cfg:
    Windows or Linux: …\Tor Browser without Network 1\Browser
    macOS: …/Tor Browser without Network 1/Contents/Resources
    3) Optional: Repeat Steps 0 and iii for any other (renamed) Tor directories you want to use without the Tor network.

    https://support.mozilla.org/en-US/kb/customizing-firefox-using-autoconfig
    https://support.mozilla.org/en-US/kb/deploying-firefox-customizations-macos
    https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Mozilla_networking_preferences
    _________________________________________________________________________
    Version History

    Since Tor Browser version 9, the Tor network cannot be permanently disabled through about:config because these configurations reset upon restarting firefox.exe:
    network.proxy.socks_remote_dns
    network.proxy.type
    network.dns.disabled (since Tor Browser version 10)

    Since Tor Browser version 10, these environment variables no longer work:
    export/set TOR_SKIP_LAUNCH=1
    export/set TOR_TRANSPROXY=1

  13. u-menya-bolshoiHUI said on February 5, 2021 at 7:01 pm
    Reply

    @Tor10.0 NetworkDisabled
    is dont work if i just create files myself, but works if download…
    there is maybe some encoding problems…

    anyway please UPD it for normal cloud.
    there is a lot of nice sites for UPL files for free without shit..
    this site is too dangerous and stupid, i cant DL it from mac from not prepared brouser, i go windows and with noScript i get it..
    thank you, but sites you use it sucks man.

  14. Tor10.0 NetworkDisabled said on September 29, 2020 at 9:14 am
    Reply

    (Updated for version 10.)

    The following instructions are not copyrighted.

    Since version 9.0, the Tor network cannot be permanently disabled in about:config because these options reset after restarting firefox.exe:
    network.proxy.socks_remote_dns
    network.proxy.type

    https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Mozilla_networking_preferences

    ____________________________________________________________________________________________
    ____________________________________________________________________________________________
    ____________________________________________________________________________________________
    ____________________________________________________________________________________________

    The Paste method is easier for multiple installations.

    ____________________________________________________________________________________________

    The Bat/Bash method is faster for a few installations.

    But since version 10.0, the Tor network cannot be disabled with this combination:
    export/set TOR_SKIP_LAUNCH=1
    export/set TOR_TRANSPROXY=1

    Neither does this combination work:
    export/set TOR_NO_DISPLAY_NETWORK_SETTINGS=1
    export/set TOR_SKIP_CONTROLPORTTEST=1
    export/set TOR_SKIP_LAUNCH=1

    Please reply if you know which environment variables work.

    ____________________________________________________________________________________________
    ____________________________________________________________________________________________
    ____________________________________________________________________________________________
    ____________________________________________________________________________________________

    Paste method

    https://support.mozilla.org/en-US/kb/customizing-firefox-using-autoconfig

    ____________________________________________________________________________________________

    Step 0: Make a copy of Tor Browser and rename it.

    ____________________________________________________________________________________________

    Step 1: Autoconfig.js.

    1a) Paste these 2 lines into your text editor:
    pref(“general.config.filename”, “firefox.cfg”);
    pref(“general.config.obscure_value”, 0);

    ALL USERS: Ghacks.net converts the quotation marks into curly ones. So, replace them with the standard quotation marks.
    ALL USERS: Ghacks.net converts the quotation marks into curly ones. So, replace them with the standard quotation marks.

    WINDOWS USERS: Use an advanced text editor like Notepad++ to convert the newline to LF.
    WINDOWS USERS: Use an advanced text editor like Notepad++ to convert the newline to LF.

    1b) Save the file as (DO NOT SAVE AS .TXT): autoconfig.js

    ____________________________________________________________________________________________

    Step 2: Firefox.cfg.

    2a) Paste these 5 lines into your text editor:
    // IMPORTANT: Start your code on the 2nd line
    lockPref(“extensions.torlauncher.start_tor”, false);
    lockPref(“network.dns.disabled”, false);
    lockPref(“network.proxy.socks_remote_dns”, false);
    lockPref(“network.proxy.type”, 0);

    ALL USERS: Ghacks.net converts the quotation marks into curly ones. So, replace them with the standard quotation marks.
    ALL USERS: Ghacks.net converts the quotation marks into curly ones. So, replace them with the standard quotation marks.

    All users: Converting the newline to LF is optional.

    2b) Save the file as (DO NOT SAVE AS .TXT): firefox.cfg

    ____________________________________________________________________________________________

    Step 3: Paste autoconfig.js and firefox.cfg into the desired Tor directory.

    3a) autoconfig.js:
    Windows or Linux: …\defaults\pref
    MacOS: …/Contents/Resources/defaults/pref

    3b) firefox.cfg:
    Windows or Linux: paste it into the directory of firefox.exe.
    MacOS: …/Contents/Resources

    ____________________________________________________________________________________________

    Step 4: Repeat Step 3 for any other (renamed) Tor directories you want to use without the Tor network.

    ____________________________________________________________________________________________

    To uninstall, remove the 2 files from their filepaths in Step 3.

    ____________________________________________________________________________________________
    ____________________________________________________________________________________________
    ____________________________________________________________________________________________
    ____________________________________________________________________________________________

    Or download here (bat/bash or paste):
    https://anonfiles.com/Zfn7saa0pa/Tor_Browser_without_Tor_connection_v10_zip

    how to do can i only use tor browser without tor network with vpn faster same browser fingerprint access sites that block the tor network

    1. Anon said on November 2, 2020 at 12:23 pm
      Reply

      I tried this ethod of the 2 files with 10.0.2 but it didn’t work. The pages won’t load.

      1. Tor10.0 NetworkDisabled said on November 6, 2020 at 5:57 pm
        Reply

        @Anonymous said on October 6, 2020 at 2:45 pm
        “make sure their filenames start with small letter”
        Their filenames don’t have to start with a small letter.

        @Anon said on November 2, 2020 at 12:23 pm
        “I tried this ethod of the 2 files with 10.0.2 but it didn’t work. The pages won’t load.”
        Download https://anonfiles.com/90Xes2aap4/Tor_Browser_without_Tor_connection_v10_zip
        Don’t use the bat/bash method for version 10.
        Use the paste method: copy the 2 files for your operating system.
        For Windows or Linux:
        Paste autoconfig.js into: …\Tor Browser\Browser\defaults\pref
        Paste firefox.cfg into: …\Tor Browser\Browser, the folder of firefox.exe.
        For macOS:
        Paste autoconfig.js into …/Tor Browser.app/Contents/Resources/defaults/pref
        Paste firefox.cfg into: …/Tor Browser.app/Contents/Resources, the folder of firefox.exe.

    2. Tor10.0 NetworkDisabled said on September 29, 2020 at 5:37 pm
      Reply
      1. Anonymous said on October 6, 2020 at 2:45 pm
        Reply

        Download link doesn’t work, but creating the 2 files manually is fast enough and putting them in their respective folderpath works (make sure their filenames start with small letter (“firefox.cfg”, not “Firefox.cfg”))

  15. Jerry said on September 23, 2020 at 10:09 am
    Reply

    +1, Tor 10 broke something

  16. Anonymous said on September 23, 2020 at 5:42 am
    Reply

    Tor 10 released September 22. Autoconfig disconnection no longer working,

  17. Tor9.0 NetworkDisabled said on July 26, 2020 at 4:49 am
    Reply

    Paste method: easier for multiple installations.

    Since 9.0, the Tor network cannot be permanently disabled in about:config because these options reset after restarting firefox.exe:
    network.proxy.socks_remote_dns
    network.proxy.type

    Make a copy of Tor Browser, rename it, and put these files in there.

    https://support.mozilla.org/en-US/kb/customizing-firefox-using-autoconfig
    https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Mozilla_networking_preferences

    Step 1: Autoconfig.js.

    1a) Paste these 2 lines into your text editor:
    pref(“general.config.filename”, “firefox.cfg”);
    pref(“general.config.obscure_value”, 0);

    Windows users: Use an advanced text editor like Notepad++ to convert the newline into LF.

    1b) Save the file as (DO NOT SAVE AS .TXT): autoconfig.js

    Step 2: Firefox.cfg.

    2a) Paste these 4 lines into your text editor:
    // IMPORTANT: Start your code on the 2nd line
    lockPref(“extensions.torlauncher.start_tor”, false);
    lockPref(“network.proxy.socks_remote_dns”, false);
    lockPref(“network.proxy.type”, 0);

    Windows users: Converting the newline to LF is optional.

    2b) Save the file as (DO NOT SAVE AS .TXT): firefox.cfg

    Step 3: Paste autoconfig.js and firefox.cfg into the desired Tor directory.

    3a) autoconfig.js:
    Windows or Linux: …\defaults\pref
    MacOS: …/Contents/Resources/defaults/pref

    3b) firefox.cfg:
    Windows or Linux: paste it into the directory of firefox.exe.
    MacOS: …/Contents/Resources

    Step 4: Repeat Step 3 for any other (renamed) Tor directories you want to use without the Tor network.

    Or download here:
    1) Make a copy of your Tor Browser.
    2) Rename that copy.
    3) Replace that copy’s files with these:
    https://anonfiles.com/91i0ldI2o9/Tor_Browser_without_Tor_connection_zip

    1. someone said on September 23, 2020 at 11:44 am
      Reply

      This stopped working in v10.0 (updated on 2020-09-22).

      To make it work again there’s at least a new option “network.dns.disabled” which is set to “true” and needs to be modified and set to “false”, either by adding a line to firefox.cfg or by editing it in about:config. The setting seems to persist between Tor Browser restarts if only edited in about:config.

      The line in firefox.cfg should look like this:

      lockPref(“network.dns.disabled”, false);

      So far with only this modification seems to be working.

      1. Anonymous said on September 23, 2020 at 10:42 pm
        Reply

        Yes that works. Thank you Someone. Brilliant! And as Anonymous below you says, the quotation marks have to be plain text.

      2. Anonymous said on September 23, 2020 at 12:44 pm
        Reply

        you may mean lockPref(“network.dns.disabled”, false);
        there is a difference between ” and ”

    2. Tor9.0 NetworkDisabled said on July 27, 2020 at 12:51 am
      Reply

      ALL USERS: Ghacks.net converts the quotation marks into curly ones. So, replace them with the standard quotation marks.

  18. Tor9.0 NetworkDisabled said on July 26, 2020 at 4:45 am
    Reply

    Bat/Bash method: faster for a few installations.

    Windows:

    1) Paste these 2 lines into your text editor:
    TOR_SKIP_LAUNCH=1
    TOR_TRANSPROXY=1

    2) Paste this line into your text editor and rename “???” to the desired Tor directory filepath:
    “???\firefox.exe”

    3) Name and save the file as a .bat file (DO NOT SAVE AS .TXT).

    MacOS or Linux:

    1) Paste this line into your text editor:
    #!/bin/bash

    2) Paste this line into your text editor and rename “???” to the desired Tor directory filepath:
    cd /???

    3) Paste these 3 lines into your text editor:
    export TOR_SKIP_LAUNCH=1
    export TOR_TRANSPROXY=1
    ./firefox

    4) Name and save the file as a .sh file.

    5) Paste this line into your terminal, rename “!!!” to the filepath of the .sh file, and execute it.
    chmod +x !!!

    1. Tor9.0 NetworkDisabled said on July 27, 2020 at 12:50 am
      Reply

      ALL USERS: Ghacks.net converts the quotation marks into curly ones. So, replace them with the standard quotation marks.

  19. Tor9.0 NetworkDisabled said on July 12, 2020 at 9:08 am
    Reply

    Updated HTTPS link

    1) Make a copy of your Tor Browser.
    2) Rename that copy.
    3) Replace that copy’s files with these:
    https://anonfiles.com/x4ee02Fdof/Tor_Browser_without_Tor_connection_zip

  20. Anonymous said on June 27, 2020 at 11:34 am
    Reply

    Would be nice to be able to use this configuration of Tor Browser when you are behind an HTTP/S proxy. Anyone figured that out?

    Tried changing the line that says lockPref(“network.proxy.type”, 0) in the firefox.cfg and making it 1. But then it starts Tor and ignores any lines like these:

    lockPref(“network.proxy.http, “192.168.0.1”);
    lockPref(“network.proxy.http_port, 8118);
    lockPref(“network.proxy.ssl, “192.168.0.1”);
    lockPref(“network.proxy.ssl_port, 8118);
    lockPref(“network.proxy.socks, “”);

    The last parameter, network.proxy.socks, is reset to 127.0.0.1 and Tor is used. Any workarounds?

    1. Tor9.0 NetworkDisabled said on July 2, 2020 at 3:48 am
      Reply

      @Anonymous said on June 27, 2020 at 11:34 am
      @Anonymous said on June 29, 2020 at 12:54 pm
      “Tried changing the line that says lockPref(“network.proxy.type”, 0) in the firefox.cfg and making it 1. But then it starts Tor and ignores any lines like these”
      “Start the Tor Browser WITH Tor”

      Did you try autoconfig.js?

      Start with the comment posted at April 12, 2020 at 12:40 am.

      Or

      1) Make a copy of your Tor Browser.
      2) Rename that copy.
      3) Replace that copy’s files with these:
      http://s000.tinyupload.com/index.php?file_id=01131250896960548945

    2. Anonymous said on June 29, 2020 at 12:54 pm
      Reply

      Here’s what works:

      Start the Tor Browser WITH Tor

      Under Preferences – Tor – enable “This computer goes through a firewall that only allows connections to certain ports (80, 443)”

      Edit firefox.cfg and make it like this (the // at the start is necessary):

      //
      lockPref(“extensions.torlauncher.start_tor”, false);
      lockPref(“extensions.torbutton.use_nontor_proxy”, true);
      lockPref(“network.proxy.socks_remote_dns”, false);
      lockPref(“network.proxy.type”, 1);
      lockPref(“network.proxy.http”, “192.168.0.1”);
      lockPref(“network.proxy.http_port”, 8118);
      lockPref(“network.proxy.ssl”, “192.168.0.1”);
      lockPref(“network.proxy.ssl_port”, 8118);
      lockPref(“network.proxy.socks”, “”);

      Start Tor Browser and it now works without Tor and through the HTTP/S proxy.

  21. Brian said on April 27, 2020 at 9:06 pm
    Reply

    This really interests me because I’ve been using disconnected Tor Browser for quite a while. It’s a simple browser. It’s very fast. And most importantly has excellent protection against tracking. It’s what the World needs. I’ve been stuck with disconnected Tor 8.5.5 until now when, with the help of the replies to this post, I’ve been able to update to disconnected Tor 9.0.9.

    I’d like to see this or a similar browser widely adopted by the public generally, but the chances of the majority of people messing about with about:config or the command line are zero. Most people don’t even clear their cookies from one year to the next, and probably don’t know how to. So it has to be a browser which is privacy-focused out of the box.

    As an experiment I’ve been trying to make a distributable copy of Tor Browser disconnected from the Tor network. This poses quite a few issues for my rudimentary techie skills.

    Anyway here are my first preliminary attempts at this. I’ve called it NotTor Browser.

    For Mac OSX there’s a dmg file from which a folder can be dragged somewhere you fancy, and which you may subsequently delete without leaving any files in your system. https://dovra.net/NTB/mac/NotTor_Browser.dmg.zip As far as I can tell opening this should be tolerated by most Mac systems.

    For Windows I had to do it as an installer. https://dovra.net/NTB/win/NotTor_Browser.zip Again it should just install a folder to the desktop or wherever you choose, and a shortcut. So you may subsequently delete it without leaving files elsewhere to uninstall. You may have to override your system’s complaints about unknown developer before you can run it.

    I’d be pleased to hear from anyone about either the aspect of trying to popularise a simple privacy-focused browser, or the technical aspects of adaption and distribution.

  22. Beavis said on April 26, 2020 at 10:26 am
    Reply

    OMFG. Is there no script one can download for their OS? Some sites get all crazy if they see you’re not from the country you’re supposed to be in. This is why many of us invest in a VPN too.

    Would anyone be so kind enough during quarantine to create a script that once installs, allows the user to disable the tor connection? In my case, I just want to use my VPNs geolocation, all other protocols can stay the same.

    Thanks

    1. Anonymous said on May 4, 2020 at 2:13 am
      Reply

      Beavis April 26, 2020
      “Is there no script one can download for their OS?”
      Because the changes do not work in the browser, they have to be done through Tor files instead.
      1) Make a copy of your Tor Browser.
      2) Rename that copy.
      3) Replace that copy’s files with these:
      http://s000.tinyupload.com/index.php?file_id=01131250896960548945

  23. Anonymous said on April 12, 2020 at 12:40 am
    Reply

    Your instructions are outdated since Tor 9.0:
    Step 2 resets upon browser restart.
    Step 7 is obsolete.
    Step 10 can no longer be disabled in the browser.

    Because the changes do not work in the browser, they have to be done through Tor files instead.
    Please update it by including instructions for Windows, Mac, and Linux. And include a download link too.

    Step 1: autoconfig.js

    Autoconfig.js is required for firefox.cfg.

    1) Install an advanced text editor (Notepad++, Komodo Edit, Editpad, etc.).
    List of LF supported applications:
    https://en.wikipedia.org/wiki/Comparison_of_text_editors#Newline_support

    2a) Paste these 2 lines into your advanced text editor:
    pref(“general.config.filename”, “firefox.cfg”);
    pref(“general.config.obscure_value”, 0);

    2b) Convert into LF.

    2c) Save the file as (DO NOT SAVE AS .TXT):
    autoconfig.js

    3) For Windows, paste it into the desired Tor folder:
    …\defaults\pref

    3) For Mac, the paths are based on the Contents/Resources directory of the Firefox.app.

    4) Repeat this for any other (renamed) Tor directories you want to use without the Tor network.

    Source:
    Setting up AutoConfig
    https://support.mozilla.org/en-US/kb/customizing-firefox-using-autoconfig

    Step 2: firefox.cfg

    Firefox.cfg is required to change the hidden settings since Tor 9.0.

    1a) Paste these 4 lines into your text editor:
    //
    lockPref(“network.proxy.type”, 0);
    lockPref(“network.proxy.socks_remote_dns”, false);
    lockPref(“extensions.torlauncher.start_tor”, false);

    1b) Save the file as (DO NOT SAVE AS .TXT):
    firefox.cfg

    2) For Windows, paste it into the folder of firefox.exe.

    2) For Mac, paste into directory of Firefox.app???????

    3) Repeat this for any other (renamed) Tor directories you want to use without the Tor network.

    Sources:
    http://kb.mozillazine.org/Network.proxy.type
    http://kb.mozillazine.org/Network.proxy.socks_remote_dns
    https://support.mozilla.org/en-US/kb/customizing-firefox-using-autoconfig

    1. Brian said on April 15, 2020 at 2:49 pm
      Reply

      This was the solution I was on about. It’s a nice elegant solution that looks like it ought to work. Regrettably it doesn’t. At least it doesn’t for me.

      I’ve tried on both Mac OSX and Windows 10. The text files were made in Unix LF format, with the correct extension. In Windows I put autoconfig.js in Tor Browser/Browser/defaults/pref/ . And I put firefox.cfg in Tor Browser/Browser/ along side firefox.exe . In OSX I right clicked the app to show package contents. Then put autoconfig.js in Contents/Resources/defaults/pref . And then I put firefox.cfg in Contents/MacOS/ alongside the firefox application file.

      Can anyone get this to work?

      1. Anonymous said on April 16, 2020 at 1:18 am
        Reply

        IMPORTANT: Ghacks.net converts the standard/neutral quotation marks into fancier/curly ones. So, replace all of the copied quotation marks with the standard/neutral quotation marks.
        https://en.wikipedia.org/wiki/Quotation_mark#In_English

      2. Brian said on April 16, 2020 at 4:54 pm
        Reply

        Brilliant! That was the issue. Worked straight away in Windows 10. Still not working in Mac OS. But I’m reasonably confident now that it will if I fiddle with it a bit more. Might be the file locations ?? Maybe I’ve altered something else in this install ??

        Thank you so much.

      3. Anonymous said on April 17, 2020 at 12:45 am
        Reply

        For Mac: place the autoconfig.js file into the Contents/Resources/defaults/pref directory and the firefox.cfg file into the Contents/Resources directory.
        https://support.mozilla.org/en-US/kb/deploying-firefox-customizations-macos

      4. Brian said on April 16, 2020 at 11:54 pm
        Reply

        Works in Mac OSX too. Just so I don’t mislead anyone, the location for firefox.cfg on Mac is directly in the Contents/Resources directory. Right click the Tor Browser app. And watch out for the right kind of quotation marks.

        Thanks again to Anonymous!

  24. Jon said on December 29, 2019 at 10:20 pm
    Reply

    In 9.0.2 the two environment variables TOR_SKIP_LAUNCH and TOR_TRANSPROXY are ignored and you do this instead:

    Under about:config, set extensions.torlauncher.start_tor to false
    Exit Tor Browser
    ./start-tor-browser
    Under about:config, set these:
    network.proxy.type 0
    network.proxy.socks_remote_dns false
    Now it can access the web directly without TOR.
    By the way, if you now exit Tor Browser and start it, the last two about:config settings will be reset so you have to set them again. What a pain. Not sure how much better this is compared to firefox.

    1. Brian said on February 25, 2020 at 12:49 pm
      Reply

      I came across a potential solution to the preferences resetting in the comments on here, https://restoreprivacy.com/browser-fingerprinting/

      @PrivacyEnthusiast October 28, 2019
      “The settings in version 9.0 of the Tor Browser have changed. There’s no longer a “No Proxy” option, and Tor Browser Launcher is no longer listed under addons, so it can’t be disable.”
      Create an empty file named autoconfig.js in your Tor Browser’s \defaults\pref folder with these two lines:
pref(“general.config.filename”, “firefox.cfg”);
pref(“general.config.obscure_value”, 0);
      Create an empty file named firefox.cfg in the folder where firefox.exe is at with these three lines:
//
lockPref(“network.proxy.socks_remote_dns”, false);
lockPref(“network.proxy.type”, 0);

      This Firefox support page,
      https://support.mozilla.org/en-US/kb/customizing-firefox-using-autoconfig
      goes explains the function of AutoConfig files.

      I’ve attempted to implement this on MacOS, Windows 10, and Ubunto Linux, but so far not succeeded in getting it to work. But it looks like it ought to.

      Anyone know what else might be needed to lock preferences ?

  25. Me said on December 8, 2019 at 1:54 am
    Reply

    Yes. please update or provide link to older working version of tor. thanks.

  26. purple-tin said on December 6, 2019 at 9:23 pm
    Reply

    Thank you so much Torian. Based on your suggestion, I added the variables in the existing Tor Browser shortcut on my Ubuntu 18.04 desktop:

    sh -c ‘TOR_SKIP_LAUNCH=1 TOR_TRANSPROXY=1 “/home/user/Downloads/tor-browser_en-US/Browser/start-tor-browser” –detach || ([ ! -x “/home/user/Downloads/tor-browser_en-US/Browser/start-tor-browser” ] && “$(dirname “$*”)”/Browser/start-tor-browser –detach)’ dummy %k

    Tor then starts with the red screen and I have confirmed IP is not a TOR node but that of my VPN.

    Thank you again.

  27. Hello World said on November 7, 2019 at 4:03 am
    Reply

    How to turn Windows Tor Browser 9.0.1 update check from automatic to manual?

    In about:config,
    app.update.auto;false, app.update.enabled;false are of no use,
    app.update.doorhanger;false can stop the annoying pop-ups on menu button,

    In ghacks user.js v68
    /* 0302a: disable auto-INSTALLING Firefox updates [NON-WINDOWS FF65+]
    * [NOTE] In FF65+ on Windows this SETTING (below) is now stored in a file and the pref was removed
    * [SETTING] General>Firefox Updates>Check for updates but let you choose… ***/
    user_pref(“app.update.auto”, false);

    Which file does it refer to and how to modify it?

  28. add said on November 6, 2019 at 10:57 am
    Reply

    They even mention that it pings Mozilla:
    https://gitweb.torproject.org/user/gk/tor-browser.git/commit/?h=bug_32321&id=a04d0f9b5976bf2802aa5bd78bcce4d2855b3995
    +// Don’t ping Mozilla for MitM detection, see bug 32321
    +pref(“security.certerrors.mitm.priming.enabled”, false);
    +

  29. me again said on November 6, 2019 at 10:54 am
    Reply

    PS: Tor 9.0.1 fixes https://trac.torproject.org/projects/tor/ticket/32321, I’d say “security.certerrors.mitm.priming.enabled”, false needs to be added to https://github.com/ghacksuserjs/ghacks-user.js/blob/master/user.js.

  30. bdhdfg said on November 6, 2019 at 10:38 am
    Reply

    @Hello World, keeping the Tor Browser up to date is especially important, but the browser makes connections, which in turn may allow some kind of tracking, which one might indeed not want at all. There was “app.update.enabled”, maybe it’s a hidden setting, try setting that. I’m also curious how to disable automatic updates.

  31. Hello World said on November 6, 2019 at 7:42 am
    Reply

    Hello!
    How to turn Windows Tor Browser 9.0.1 update check from automatic to manual?
    In about:config,
    app.update.auto;false is of no use,
    app.update.doorhanger;false can stop the annoying pop-ups,
    but the update check is still going on, if Tor Browser can not connect to the server.
    After some time, it pops up update failed window twice.
    Can anyone help me please? Thank you in advance!

  32. Hello World said on November 5, 2019 at 10:19 am
    Reply

    Hello!
    In Windows, Mr. Torian’s method is OK. Thanks!

    I have another question:
    How to turn Windows Tor Browser 9.0 update check from automatic to manual?
    In about:config,
    app.update.auto is removed,
    app.update.doorhanger: false can stop the annoying pop-ups,
    but update check is still going on, if Tor Browser can not connect to Tor Project.
    Can someone help me please. Thank you in advance!

  33. bdfjdrt said on November 1, 2019 at 7:52 pm
    Reply

    Thanks everyone, works, I use:
    $ TOR_SKIP_LAUNCH=1 TOR_TRANSPROXY=1 tor-browser_en-US/Browser/firefox
    It can be seen in about:config when typing e.g. “proxy” that settings are in bold now/have been changed and of course the start-window is in red.

    1. Me said on December 8, 2019 at 1:57 am
      Reply

      “Thanks everyone, works, I use:
      $ TOR_SKIP_LAUNCH=1 TOR_TRANSPROXY=1 tor-browser_en-US/Browser/firefox
      It can be seen in about:config when typing e.g. “proxy” that settings are in bold now/have been changed and of course the start-window is in red.”
      .
      .
      .
      .
      Bullshit. No such entry.

  34. Torian said on October 31, 2019 at 12:14 pm
    Reply

    After upgrading Tor Browser to version 9.0, to run it without connecting to оnion network, we need to use environment variables TOR_SKIP_LAUNCH=1 and
    TOR_TRANSPROXY=1. Looks like this is a more correct and native method of achieving our goal, although it’s different from what we’ve done previously. To learn how to use environment variables, follow the links below.

    For Ubuntu: https://help.ubuntu.com/community/EnvironmentVariables
    For macOS: http://osxdaily.com/2015/07/28/set-enviornment-variables-mac-os-x/

  35. rtshrt said on October 30, 2019 at 5:47 pm
    Reply

    Yeah I’m wondering regarding step 7. “Load about:preferences#general in the browser’s address bar.” regarding Tor 9.0 as it’s not there anymore.

  36. Brian said on October 28, 2019 at 10:42 pm
    Reply

    Tor 9.0 is not disconnected with these instructions, as previous two comments say. However it is still possible to download and run Tor 8.5.5 and disconnect it as long as you change the Preferences/or Options >general >Tor Browser Updates …from “Automatically install updates” to “Never check for updates”. You’ll need to be quick because the update will start to download almost as soon as you connect the browser the first time. So select “Never check for updates”. Close Tor. Then reopen it and follow the instructions to disconnect the Tor Network.

  37. Anonymous said on October 28, 2019 at 10:36 pm
    Reply

    Tor 9.0 is not disconnected with these instructions, as previous two comments say. However it is still possible to download and run Tor 8.5.5 and disconnect it as long as you change the Preferences/or Options >general >Tor Browser Updates …from “Automatically install updates” to “Never check for updates”. You’ll need to be quick because the update will start to download almost as soon as you connect the browser the first time. So select “Never check for updates”. Close Tor. Then reopen it and follow the instructions to disconnect the Tor Network.

  38. Anonymous said on October 24, 2019 at 11:37 am
    Reply

    Hello!
    Tor Browser 9.0 is out.
    This article is no longer applicable. Please update as soon as possible.

  39. Bob said on October 23, 2019 at 1:04 am
    Reply

    Martin et al.,

    I just recently updated my Tor Browser to version 9.0 and now I can’t connect to any websites after previously using the browser without using the Tor network (i.e. using these instructions).

    I suspect it is an issue with both extensions TorButton and TorLauncher no longer being able to be disabled via about:addons. They have both disappeared from the about:addons page. I suspect they can still be disabled via about:config but I am lost as to what to do or what settings to toggle.

    Are there update-to-date instructions for using Tor Browser without the Tor network?

    Thanks,
    Bob

  40. Beetlejuuuus said on August 14, 2019 at 9:39 am
    Reply

    Terribly incomplete instructions and wording. Ever thought about using bold, italics, quotes? You don’t say “load” when you mean “type” or copy and paste.

    And this don’t work when trying to accomplish the following:
    Use the search on the page to display extensions.torlauncher.start_tor.

  41. user said on December 9, 2018 at 11:58 am
    Reply

    doesn’t
    Switch from Manual Proxy Configuration to No Proxy.

    make
    Load about:config?filter=network.proxy.socks_remote_dns in the browser’s address bar.
    Double-click on the preference to set it to false.

    unnecessary?

  42. Anonymous said on November 27, 2018 at 9:25 pm
    Reply

    “Do you own the planet in a way that nobody else does? Because if you don’t, then by your logic here you are helping to destroy someone else’s planet.”

    I do not think it could possible to own a planet that an American has not already bought. This could minimize the impact of “helping to destroy someone else’s planet”.

  43. Anonymous said on November 26, 2018 at 10:32 pm
    Reply

    “I suspect that what he meant by this wasn’t that people were thinking that there is surveillance when there isn’t. I think what he means is that everyone should be happy to be surveillance”

    Yes, you’re probably right about what he meant.

    To quote Snowden :
    Saying that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about freedom of speech because you have nothing to say. It’s a deeply antisocial principle because rights are not just individual, they’re collective. What may not have value to you today, may have value to an entire population, an entire people, our entire way of life tomorrow. And if you don’t stand up for it, then who will ?

    1. Anonymous said on November 27, 2018 at 8:49 am
      Reply

      “What may not have value to you today, may have value to an entire population, an entire people, our entire way of life tomorrow. And if you don’t stand up for it, then who will ?”

      An entire population generating overcrowding, pollution etc.. destroying my planet :(

      1. Anonymous said on November 28, 2018 at 6:23 pm
        Reply

        “An entire population generating overcrowding, pollution etc.. destroying my planet :(”

        Privacy is important to the “entire population” -> that guy replies that the “entire population” pollutes the planet. Either an incredibly stupid comment or a malicious diversion attempt.

      2. John Fenderson said on November 27, 2018 at 5:22 pm
        Reply

        “destroying my planet”

        Do you own the planet in a way that nobody else does? Because if you don’t, then by your logic here you are helping to destroy someone else’s planet.

      3. Anonymous said on November 27, 2018 at 9:34 pm
        Reply

        We all know that the global warming was an invention of the Chinese.

    2. gwacks said on November 27, 2018 at 6:44 am
      Reply

      “It’s a deeply antisocial principle because rights are not just individual, they’re collective. ”

      Very nice point. I have a good example about this: I take care of my personal privacy, so the people who love me or I love won’t be that easily under attack by malicious bastards and leak all of their secrets out, at least through me.

      1. John Fenderson said on November 27, 2018 at 5:20 pm
        Reply

        @gwacks: ” I take care of my personal privacy, so the people who love me or I love won’t be that easily under attack by malicious bastards and leak all of their secrets out, at least through me.”

        Yes, this. This is also why I scold my friends and family who mention me on any social media platform (this hasn’t been necessary in years, as all my friends and family now know my preference here). I take great care with the privacy of people I know, and I expect them to do the same for me.

  44. stefann said on November 26, 2018 at 9:35 pm
    Reply

    It’s laughable that people push for something that is created and funded by a part of USA’s government and military complex. What about the backdoors ? All software and hardware from USA have backdoors ! As i have written many times as well: VPN’s aren’t safe ! NSA and probably many other similar spy organisations have hacked VPN’s. Why believe TOR or VPN’s are safe ? The way in isn’t via the VPN or TOR, it is via other softwares installed on a users computer (NSA often use that in their work to hack their way in in to the TOR network and VPN’s), no matter You use Windows, Linux or MAC. If You search for this there are tons of evidence about this technique, so it might be very commonly used today.

    1. Davis said on January 18, 2024 at 11:29 pm
      Reply

      @stefann I see you have NO idea what your talking about. Tor Browser is the most anonymous and safe browsers to use. Edward Snowden endorses it, and he knows what he’s talking about (unlike you). No government can spy on you cause of how Tor works, and that’s why it’s trusted by so many people.
      “All software and hardware from USA have backdoors !” Again, you have NO clue or PROOF, if that statement is true. So get a clue, and stop spreading lies.

    2. John Fenderson said on November 26, 2018 at 10:15 pm
      Reply

      “All software and hardware from USA have backdoors !”

      This is simply not true.

  45. Anonymous said on November 26, 2018 at 4:24 pm
    Reply

    New Tor Browser is buggy, bugs (e.g bookmarks bar) are not still fixed.

  46. Anonymous said on November 26, 2018 at 4:24 pm
    Reply

    “What’s the point of browsing privately when all you do is visit ghacks, youtube and pornhub?”

    You don’t consider your sexual orientation and fetishes to be something private ?
    You don’t mind commercial tracking selling all your activity to whoever wants to buy it ?
    You’re not aware that some people would be interested to know who watches and comments on some politically controversial material even on youtube ?

    “irrational fear of surveillance”

    Everybody is under surveillance, by businesses and police agencies, this is not a fear or a theory, this is something publicly known. Check that for a small sample of what exists

    https://en.wikipedia.org/wiki/Mass_surveillance

    1. user17843 said on November 27, 2018 at 12:22 pm
      Reply

      If everyone is under surveillance, then what’s the point of browsing with Pale Moon, an outdated browser?

      There is only one thing that really increases privacy in browsers like Firefox, and that is eliminating third parties, which can be done in every browser with a content blocker and addons like Privacy Badger.

      The entire web is build around tracking what everyone does, that’s an unfortunate reality, but in lots of cases tracking is done for technological or legal purposes, and the data is never connected with anything else, except when using third parties.

      Privacy is important, and Firefox does not gather PII by default and you can easily disable telemetry. So I don’t think the original argument of “no telemetry” is a good one. A heavily modified Firefox like TOR is still the best choice for privacy.

      1. Anonymous said on November 28, 2018 at 3:33 pm
        Reply

        “If everyone is under surveillance, then what’s the point”

        The point is to mitigate it.

        “There is only one thing that really increases privacy in browsers like Firefox, and that is eliminating third parties, which can be done in every browser with a content blocker and addons like Privacy Badger.”

        This is not true.

        Content blockers, especially since webextension restrictions, can’t block all Firefox behind-the-scene spying, like Google Analytics on the internal addons page, that was ultimately justified by Mozilla by saying that they can do whatever they want on their “property”. Same for all the telemetry that’s on by default.

        Content blockers can hardly do anything against a javascript spying API that can’t be disabled without breaking sites ; situation that was made possible by having major browsers accepting to implement it. Sites want to know what you copy and paste, every single move of your mouse, and soon they’ll scan your face and analyze your speech.

        And tracking is here at countless different places. Making fingerprinting easier, safebrowsing remote checks, beacons, timing API, referer, TLS session identifiers, OCSP, captive portal detection, follow-on search, studies, CSP reports snitching adblocking, activity stream… The list is endless.

    2. John Fenderson said on November 26, 2018 at 6:57 pm
      Reply

      “Everybody is under surveillance, by businesses and police agencies, this is not a fear or a theory, this is something publicly known”

      I suspect that what he meant by this wasn’t that people were thinking that there is surveillance when there isn’t. I think what he means is that everyone should be happy to be surveillance, and if you aren’t comfortable with being exposed to the unending gaze of your tool and service providers, you must be suffering from some kind of mental illness.

      This is a pretty standard position for for-spying people to assert, anyway. Ubiquitous surveillance and gaslighting tend to go hand in hand.

      1. gwacks said on November 27, 2018 at 6:29 am
        Reply

        @John

        “Ubiquitous surveillance and gaslighting tend to go hand in hand.”

        I completly agree and that’s what China does to their people, which is even beyond evil. The CCP claims they are socialistic, that’s the biggest f*cking joke in the world. They’ve been so deep in love with surveillance capitalism.

      2. John Fenderson said on November 27, 2018 at 6:27 pm
        Reply

        @gwacks: “I completly agree and that’s what China does to their people, which is even beyond evil.”

        Indeed, and it is no less evil that the US (government and corporations combined) does precisely the same thing.

      3. gwacks said on November 28, 2018 at 4:54 am
        Reply

        @John

        And the exaclty *same* thing that the North Korea does to their people?

        @Klass

        In the first comment about China I made a obvious logical mistake intentionally and I’m happy to see one guy like you jumped out and said the USA blah blah blah. The fact is it’s not only something just about China and the American, but dictatorship and democracy. Your rude performance and your anxiety precisely proofed what I said above — “What China(dictatorship) is doing now even promotes the mass surveillance in democracies.” Indeed the mass surveillance in different states promotes each other, but there is a fundamental difference between them in the bottom. The ditactorship has been already rotten both of inside and outside which doesn’t matter getting worse a little bit, but the increasing of mass surveillance is definitely deadly to democracies like the USA. Now you understand what I mean you little empty brain?

        Don’t take your *IGNORANCE AS STRENGTH*. So please do your little empty brain a favor, read some more:

        https://www.nytimes.com/2018/09/22/opinion/sunday/ai-china-united-states.html (This is not some US gov. propaganda bullsh*t, written by a representative figure of Chinese surveillance capitalism who coporate with the CCP government)

        https://www.nytimes.com/2018/11/25/business/china-artificial-intelligence-labeling.html

        https://www.nytimes.com/2018/11/21/world/asia/china-rules-takeaways.html

      4. Klaas Vaak said on November 28, 2018 at 7:42 am
        Reply

        @gwacks: just like I said, you swallow everything the MSM tells you. If ever there was a loyal US government mouthpiece with blinkered stenographers and presstitutes it is the NYT.

        Furthermore, I did not dispute China’s mass surveillance, I merely pointed out, without using any vulgarities, that the US is equally evil. You got worked about that because you don’t accept the US egregious activities of mass surveillance, so you jumped on my initial, polite reply to you with vulgarities. Hint: look for these words I quote: “a f*cking normal life”.

        And into the bargain you drag Martin and his private life into this. In my modest opinion, it is about time you look in the mirror and stop your pathetic warfare over an issue you provoked yourself.

      5. gwacks said on November 28, 2018 at 1:17 pm
        Reply

        I think the question about whether you’re vulgar or not someone has given the answer. So please never mind.

      6. Klaas Vaak said on November 27, 2018 at 6:37 pm
        Reply

        +1

      7. Klaas Vaak said on November 27, 2018 at 6:42 am
        Reply

        @gwacks: whereas in the good ol’ US of A it is not at all like that, there is no surveillance capitalism, right? There is no NSA snooping, right?

      8. Troubadour said on November 27, 2018 at 3:50 pm
        Reply

        Klaas Vaakuous, you’re such a vulgar contentious brainwashed ****. Your CONTINUAL pro-Russian anti-American screeds on our beloved tech site ghacks and your attacks on all those who don’t agree with you really drag ghacks down and mar it. You’re easily the number one contender for needing to be banned on here, but I doubt that will ever happen because Martin is too much of a gentleman and he lets you remain on here even though you REPEATEDLY stir up shit on here. PLEASE Klaas summon all your strength and be a gentleman and leave ghacks forever and take your pro-Putin anti-Western anti-American hatred and vulgarity somewhere where it’s appropriate and welcomed, not on our lovely precious tech site ghacks!

      9. Captain Americaaa said on December 7, 2018 at 7:44 pm
        Reply

        @Troubadour

        What kind of fascist would believe that saying something bad about USA or something good about Russia would deserve a ban from this forum ?

        USA was born on the genocide of native americans to steal their land. It then grew on the genocidal slavery of black people. Had a civil war to transition to a more modern form of slavery. Didn’t enter Europe during WW2 in the hope that Hitler would destroy USSR, until USSR practically won the war alone, then when no defense was left USA invaded western Europe only to make sure they would be the ones controlling it. After the war they installed fascist regimes in many countries or invaded them in quasi genocidal wars because they were turning too left-wing for their taste, and to steal their natural ressources. They also enforced blockades to mass murder men, women and children through starvation and lack of medical care. They were also the main supporter of terrorism, used against their enemies (Bin Laden had worked for the CIA). They assassinate or imprison foreign political leaders, bomb weddings, mass torture people just for their own sadistic pleasure in their secret prisons. Death toll of the wealthy psychopath parasites ruling this country since it exists : hundreds of millions.

        Maybe the people supporting USA systematically should be the ones banned ?

      10. Klaas Vaak said on December 8, 2018 at 10:54 am
        Reply

        @Captain Americaaa: wow, spot on. +1 !!!

      11. Klaas Vaak said on November 27, 2018 at 5:31 pm
        Reply

        @Troubadour: a pea-sized brain like yours always has trouble understanding reality, and accepting it. Besides, your crony gwacks thought it appropriate to make a mendacious political statement out of the blue, and when someone spews lies as if they are the absolute truth, I react.

        Instead of choking on your own vitriol, I suggest you check out the whole thread to see how this got started, but I doubt you have the honesty to do that, never mind to admit reality, just like your crony gwacks. Hint: check out the 1st comment with China in it, if that is not too much for that oversized ego of yours.

      12. gwacks said on November 27, 2018 at 1:58 pm
        Reply

        @ Klass

        You say so because you never even live a f*cking normal life for one day in China. What China is doing now even promotes the mass surveillance in democracies. That’s a disaster and risk to all over the world and humankind. I’d rather let NSA crack in my ass than be continuing raped by the CCP. If Martin had lived in the East Germany once upon a while, he must know what I mean.

      13. Anonymous said on November 28, 2018 at 1:30 pm
        Reply

        “If Martin had lived in the East Germany once upon a while, he must know what I mean.”

        Stasi were amateurs compared to the NSA :
        https://opendatacity.github.io/stasi-vs-nsa/english.html

        “I’d rather let NSA crack in my ass”

        As long as you like it… ‘Murica

        I suppose you lived in East Germany and China to support all those opinions, surely you would not just rely on what western TV said ?

      14. gwacks said on November 29, 2018 at 3:09 am
        Reply

        By the way, he is also the former president at Goolag China.

        https://en.wikipedia.org/wiki/Kai-Fu_Lee

      15. Klaas Vaak said on November 29, 2018 at 9:29 am
        Reply

        @gwacks: you can’t stop pushing your political agenda, can you.

      16. gwacks said on November 30, 2018 at 5:44 am
        Reply

        @Klaas: except the political agenda you would like me to push, right?

      17. gwacks said on November 29, 2018 at 2:57 am
        Reply

        @Anonymous

        “surely you would not just rely on what western TV said ?”

        Of course not only what the *western TV* said, but also the Chinese who are CCP’s interest agents like this one I’ve already mentioned above:

        https://www.nytimes.com/2018/09/22/opinion/sunday/ai-china-united-states.html

      18. Klaas Vaak said on November 28, 2018 at 5:04 pm
        Reply

        +1

      19. Klaas Vaak said on November 27, 2018 at 2:34 pm
        Reply

        @gwacks: you are sidestepping the issue, baby. Your mass surveillance attributed to China only happens in the US too, Edward Snowden furnished plenty of overwhelming proof thereof.

        You obviously live under a rock and have your head way up your backside so are blissfully unaware of the reality in that big world that is so frightening for you. So, do yourself a favour and read some better stuff than that standard US government propaganda that you lap up like a puppy and regurgitate like a loyal harebrained parrot.

        As for Martin, I suggest you leave his private life and his abodes out of this discussion, unless you have explicit permission from him to speculate about where he lived or did not live.

  47. gwacks said on November 26, 2018 at 3:42 pm
    Reply

    “What is your take on this?”

    I think it would be someting like “Oh, godamit! Why I didn’t get this point?” @Gone Pants
    But in my case I think the default ghacks user.js is even more strict than default TBB security settings (the *Standard* security level).
    Thanx Martin, very nice idea.

    1. Pants said on November 26, 2018 at 5:31 pm
      Reply

      In terms of local persistent data ghacks user.js isn’t (but you could easily match Tor Browser in that regard, the prefs are all there). But you’re not worried about computer forensics (note: some persistent storage can be used for tracking over the web).

      ghacks default would be tighter on shoulder surfers (but you can relax that if you want). That’s the beauty of all the prefs.

      In terms of FF+ghacks user.js+VPN vs TB over Tor – I think TB over Tor wins, slightly (assuming your VPN isn’t a lying asshole: and most are). But then Tor has issues too.

      You could actually take Tor and hardened it even more beyond the safest slider setting. I wrote a big ass reply to Klaas further up the comments, so read that so I don’t have to repeat myself :)

      1. gwacks said on November 27, 2018 at 6:25 am
        Reply

        “ghacks default would be tighter on shoulder surfers (but you can relax that if you want). That’s the beauty of all the prefs.”

        Yeah that’s exactly what I do. First I made a general custom user-overrides.js template to patch the default ghacks user.js for the daily no-login browsing. Then with two other custom user.js overriding the general template respectively, the user-overrides-public.js for public use which is most hardened and can resist the shoulder attack; the user-overrides-vanilla.js for more relaxed usage and testing.
        Flexibility and very well adaptability, that’s the beauty of ghacks’ user.js.

  48. Anonymous said on November 26, 2018 at 3:36 pm
    Reply

    I prefer Firefox ESR Portable with the Pant user.js + updater.bat + user-overrides.js. However I will switch to Chromium Portable soon, I tried Firefox 63 and among others I really hate the auto update notification.

    1. Anonymous said on November 27, 2018 at 4:05 am
      Reply

      app.update.* in about:config has the update settings. Looks like you can turn off the notification.

  49. Klaas Vaak said on November 26, 2018 at 3:14 pm
    Reply

    The bottom line question is:

    for regular browsing, what is better for privacy: Tor without Tor connection modified as per Martin’s instructions above, or Firefox modified with the Ghacks user.js file?

    1. Pants said on November 26, 2018 at 5:25 pm
      Reply

      Assumption1: Firefox is being used with a vetted VPN.


      ANONYMITY
      Tor Browser (TB) is specifically geared for ANONYMITY (free too, no need to pay for a VPN). Because it uses the Tor protocol, it has advantages over Firefox. A vetted, even audited, VPN could effectively offer the same anonymity (i.e linking back to your IP). So with due diligence, I do not think this becomes a factor.


      DIFFERENCES
      An awful lot of what TB does, can easily be achieved in Firefox. In fact, MOST of it can. The differences really boil down to TB code patches (bundled fonts, which actually reveal your OS), and the benefits of Tor (e.g packet stack stuff revealing your OS, which is negated by bundled fonts – don’t get me wrong, bundled fonts solve a lot of other problems). Another example is TB has protection against ClientRects, which Firefox currently doesn’t, but Canvas Blocker can randomize this.

      tl:dr; there’s very little you can’t already do in FF


      PRIVACY
      No browser can offer PRIVACY, that is up to the end user, to not give away their real ID (linkage via accounts, comments etc). OpSec is hard, but essential. Yes, you can have the “link” at a different point in the chain (eg using an anonymous email account, etc. Don’t confuse privacy with anonymity.


      FINGERPRINTING
      TB can offer a fingerprint with lower entropy, because they have a larger base, and it’s enforced (to a degree: the slider settings affect the fingerprint, and the UA HTTP Header uses 2 OSes and the navigator user agent uses four OSes, so there is some fragmentation). This can also possibly enable better security, because they enforce it, so if they disabled a media type, or a new API until they checked it out, everyone still looks the same. If you do that in FF (there’s always a pref for new tech), then you would stand out.


      SECURITY
      Yeah, lets just say theoretically TB is slightly more secure, but I really think it’s a draw: 1) Stable gets new features, and these take time to mature and bugs to be found – so they could be a risk even though they have cycles in nightly/dev etc and delayed pref flipping. 2) From above under FP’ing, because it doesn’t hurt the FP, they can turn off a lot of features, and those features could have exploits 3) NOTE: not all security patches in stable get ported to ESR, a lot of minor ones just aren’t worth the time and effort


      CAVEAT
      Be aware that TB v8 they enabled HTTP2, AltSrv, SSL Session IDs, and at default settings JS is enabled. And Tor traffic would likely stick out. But that said, it’s a very different model, because they use Tor. Although I definitely see issues here with first party repeat visits per Identity (Identities are not changed every 10 minutes like they used to), and I think this is a bad move.


      SUMMARY
      IMO, if you want to use Tor (the protocol) then do it with Tor Browser. Just browse the web, visit the odd hidden service. And if you don’t want to use Tor (protocol), then use Firefox (see assumption 1 at the top).

      It all depends on what your threat model or needs are. Lets just say that for all of use here, it’s just browsing the web. Then use Tor with Tor Browser, or Firefox with a vetted VPN over TCP/IP etc. Don’t try to mix and match them.

      https://www.torproject.org/about/torusers.html.en


      ^^ This is a bit of generalized reply off the top of my head, and to properly answer your question would take me a month of research :)

      1. gwacks said on November 27, 2018 at 6:22 am
        Reply

        @Pants

        Thank you for this big ass reply. I think something still remain unclear because you miss the view of TB over VPN and why we shouldn’t mix and match them. The *CAVEAT* you mentioned above is due to the Meek extension( I find it out in “\Tor Browser\Browser\TorBrowser\Data\Browser\profile.meek-http-helper\user.js”) for relieving the performace impact by traffic obfuscation I guess. As you said, a vetted, even audited, VPN service could effectively offer the same anonymity, and we can even chaining VPNs to enhance it furthermore. By using the original Tor browser, we keep the same results of feature detection (i.e. https://browserleaks.com/features) which hugely decrease the risk of browser fingerprinting; the VPN services keep us anonmity and drastically increase the general browsing experience meanwhile. So what about the deal of naked Tor browser without Tor plus VPNs?

        I think this case is worth of us to do more investigations. Thank you for your hard work. May god take off his pants.

      2. Pants said on November 27, 2018 at 8:50 am
        Reply

        > I think something still remain unclear because you miss the view of TB over VPN and why we shouldn’t mix and match them

        I didn’t want to write a book. There are multiple permutations here
        – TB over Tor
        – TB over Tor over VPN
        – TB over VPN over Tor
        – FF+VPN
        – FF+VPN over Tor
        – FF+Tor over VPN

        – VPN chaining, VPN multi-hopping (wot does this really do? it’s still the same VPN service: I should read more about it), and I’m sure there are others (proxies, uggh)

        It is not recommended by TB to use a VPN (see numerous questions about this on r/tor) for a variety of reasons. And AFAIC the same holds for FF. Do not mix and match. I’m not an expert on this stuff, but I trust what the experts do say (and I can’t fault their logic etc)

        > PRIVACY
        Just wanted to add MOAR on this word. A browser can’t guarantee privacy (except perhaps in transit: which is what I would call “security” e.g HTTPS : note: assuming no MitM such as cloudflare). When I mentioned OpSec, this was only half the equation.

        The full equation is that a browser has no control over BOTH end points. TB cannot control the human at one end, or the service/platform at the other.

      3. gwacks said on November 27, 2018 at 1:30 pm
        Reply

        I know what you mean by PRIVACY. The real problem is that it’s too hard to teach OpSec to normal non-technical people.

        The reason I think TB+VPN would be a good idea is the most obvious and almost identical benefit that a very bare non-technical user can get from without hugely tweaking the user.js and manipulate lots of addons like what we do in FF+ghack user.js+VPN bundle. But since the experts say so, we take it.

      4. John Fenderson said on November 27, 2018 at 6:24 pm
        Reply

        @gwacks: “The real problem is that it’s too hard to teach OpSec to normal non-technical people.”

        In my experience, it’s actually very easy to teach OpSec to normal people. What’s hard is getting them to actually engaging in proper operational security, since that requires getting them to constantly pay attention to the issue and to alter their behavior.

        People want a “set it and forget it” security solution that doesn’t require them to behave any differently. The problem is that such a solution doesn’t, and can’t, exist.

      5. Klaas Vaak said on November 26, 2018 at 6:27 pm
        Reply

        @Pants: wow, that is quite a reply for just off the top of your head. Your points are mostly clear (to a non-geek) and my gut feel pointed me in the same direction, though for well-argued reasons.

        I have implemented a number of Ghacks user.js settings in about: config. Many thanks for al the work you and the team do on that.

    2. Klaas Vaak said on November 26, 2018 at 5:12 pm
      Reply

      And question 1B; if Tor is the answer, what extra extensions or about;config settings should be added in order to further improve its privacy?

      1. Pants said on November 27, 2018 at 9:02 am
        Reply

        > And question 1B; if Tor is the answer, what extra extensions or about;config settings should be added in order to further improve its privacy?

        My answer would be to add nothing, change nothing. As much as I hate the Web Extension of NoScript, live with it. And since you’re anonymized, and TB is hardened in so many ways, who really cares about JS. Who even cares about cookies etc. You have FPI (first party isolation), and can change to a new Identity whenever you like.

        The only drawback I see, is that new Identities are only auto-created per session. So if you wanted to isolate repeat visits within a session, you would need to manually change Identity. This is not about FP’ing, but rather tracking (think of any local storage such as a cookie, or a SSL session id, etc).


        ^^ That’s for general browsing etc. Most users will be at default. If you changed the slider, personally, I think that’s OK too, but you would technically be in a much much smaller set (hey, not everything out there uses every possible FP’ing technique – it’s always a worse case scenario). You real priorities should be Anonymity (check, you’re using TB over Tor) and Privacy (that’s all on you buddy!) where required (including the services you use)

      2. John Fenderson said on November 27, 2018 at 6:31 pm
        Reply

        @Pants: “As much as I hate the Web Extension of NoScript, live with it.”

        I tried. I can’t. This (plus the inability to sufficiently modify the Firefox UI and the constant additions of features that I needed to worry about) is why I abandoned Quantum.

      3. Pants said on November 28, 2018 at 6:34 am
        Reply

        @John Fenderson
        > I tried. I can’t….

        If you want to use Tor Browser, don’t modify it (and hence learn to live with NS). If you want to use Tor, then use the Tor Browser. I wasn’t talking about Firefox.

        In Firefox, hell yeah, dump that NS and use uMatrix :)

      4. John Fenderson said on November 28, 2018 at 6:38 pm
        Reply

        @Pants: ” If you want to use Tor, then use the Tor Browser. I wasn’t talking about Firefox.”

        I prefer to use Tor standalone (as a SOCKS proxy) rather than using the TB, because so much of my internet activity does not involve the web.

      5. Klaas Vaak said on November 27, 2018 at 9:56 am
        Reply

        @Pants: thanks for your feedback.
        Don’t know what you mean by the “slider”.

  50. Yuliya said on November 26, 2018 at 12:26 pm
    Reply

    I hate what TBB v8 has done with UA spoofing, and I need my browser to easily spoof its user agent to mobile platforms on my daily browsing. “general.useragent.override” no longer works.

    1. gwacks said on November 26, 2018 at 3:40 pm
      Reply

      Congratulations!

  51. Anonymous said on November 26, 2018 at 12:06 pm
    Reply

    “it can’t be have the latest privacy developments from Firefox”

    The main one is Tracking Protection, but that’s worthless compared to ublock origin. There may be other things, disabled by default, like resist-fingerprinting, first-party isolation and containers, but I suspect they’re a bit experimental and may break things. Personally I believe that with time, Firefox is adding more privacy aggressions than protections by default, and a lot of them are not clearly visible but hidden in a thousand cuts of small technical changes.

    “not having telemetry doesn’t make the browser more private”

    Of course it does make the browser more private. Privacy is not limited to not collecting bookmarks or browsing history (although they may be planning to collect them “anonymously” if they’re not already), it’s also about not sending less sensitive activity data by default if that’s not strictly necessary.

    “But if you don’t believe this, then you don’t have telemetry do be enabled.”

    Privacy should be the default, not reserved to the knowledgeable and motivated minority that knows it can’t trust Mozilla’s defaults and is ready to invest time to understand and change them.

    1. John Fenderson said on November 27, 2018 at 6:21 pm
      Reply

      “The main one is Tracking Protection”

      Is it? I hope not, because (as you acknowledge) Firefox’ tracking protection is far too anemic. The best I can say for it is that it’s better than nothing, but worse than all of the other options to deal with tracking.

  52. Anonymous said on November 26, 2018 at 11:43 am
    Reply

    “The Pale Moon team literally doesn’t know how large its user base is because there is simply no telemetry of any kind. I don’t know of any other browser developer that can say this.”

    What you said applies to Waterfox too, and probably also to some other privacy-hardened browsers.

    “its development is not profit-motivated”

    I think that Palemoon and Waterfox have search engine deals, so there’s still some commercial motivation in them above users interests (but they’re far from being as bad as Mozilla from that point of view).
    I don’t think that it’s the case for some of the GNU/Linux Firefox forks like Icecat and Abrowser, though I’m not sure.

    About user interests and privacy, the Palemoon dev has also demonstrated hostility to a script blocking extension and an anti-advertisement extension.

    1. beemeup5 said on November 27, 2018 at 9:27 am
      Reply

      @Anonymous

      As far as Pale Moon is concerned, the search engine deals help the developer pay his bills as he works on the browser as a full-time job, not simply as a hobby. Users can of course opt out simply by not using the default Pale Moon Start Page which is set as the homepage for fresh browser installs.

      There is a subtle but important distinction between developing software to make money, and making money in order to keep developing software. Developing a niche browser is not a path one pursues if his desire is to be rolling in cash. One pursues this path because one is passionate about a specific goal, which in this case is making a browser that is extremely customizable and versatile while adhering to open web standards more so than any other browser. I say this time and time again, but if a site doesn’t work with Pale Moon, 99 out of 100 times it is because of two things:
      1) Discriminatory user agent sniffing.
      2) Site doesn’t implement proper web standards which may work in other browsers which are equally lax in enforcing said standards.

      The first one pushes the web towards a “walled garden” for which only a few players can gain legitimacy, while the second one pushes the web from a free and open system which anyone can join if they code to the established standards (a necessary but non-trivial task) to a system more and more designed by large entities with the clout to push their own standards and agendas e.g. Google and previously Microsoft.

      1. Anonymous said on November 28, 2018 at 1:06 pm
        Reply

        “There is a subtle but important distinction between developing software to make money, and making money in order to keep developing software.”

        Sure, but sometimes I hear people who mistakenly think that those devs are working for free, I wanted to make it clear that while lots of devs work for free in the free software community, that’s not the case here.
        More generally I know that the free software philosophy is not against making money from free software ; after all, there’s nothing wrong in being paid for one’s socially useful work. The problem is when the business model is about making money from unethical software anti-features (ads, spyware, DRM, other anti-user design choices dictated by whoever paid… and anti-privacy default search engines like Bing, Yahoo or Google). The free software philosophy implicitly assumed that software freedom was enough to make such a business model impossible, as it was so cheap for developers to fork out the crap that nobody would use the original version. It was true for a time, but Mozilla and others have proved this assumption wrong nowadays, as business can always make theoretical freedoms nonexistent in practice, through many mechanisms.

      2. Klaas Vaak said on November 27, 2018 at 9:49 am
        Reply

        @beemeup5: if he is so passionate about Pale Moon, why is he developing yet another browser, Basilik?

      3. Money said on November 27, 2018 at 6:47 pm
        Reply

        @Klaas Vaak

        Basilisk is immaterial, on his words. It is the demo application for the UXP, nothing more.

    2. Money said on November 26, 2018 at 4:35 pm
      Reply

      NoScript is known to cause stability issues and AdNauseum relies on antithetical mechanisms.

      1. Anonymous said on November 28, 2018 at 12:46 pm
        Reply

        “AdNauseum relies on antithetical mechanisms”

        What do you mean exactly ? We’re not arguing whether it’s an adblocker or not. It’s an extension designed to harm the ad business, and the Pale Moon dev took action against it exactly because it was harming the ad business, according to his own words. Even Mozilla didn’t dare to do that, and they exist mainly to satisfy the needs of the ad companies like Google that finance them while allowing them to pretend an alternative exists to Google Chrome.

      2. John Fenderson said on November 26, 2018 at 6:53 pm
        Reply

        @Money: “NoScript is known to cause stability issues”

        It is?? I haven’t seen any such issues in years. I don’t use the WE version of it, though, so if there’s an issue there, I’d remain unaware of it.

    3. Jody Thornton said on November 26, 2018 at 3:40 pm
      Reply

      Wow! I wish those Pale Moon fanboys that kept calling me a troll every time I slighted the Pale Moon team, could now see that I’m far from the only one that thinks the team is childish. I will admit that lately, I’ve become interested in Tobin’s Interlink mail client (can you imagine that???), but I’m so glad I’ve made the switch to Quantum.

  53. beemeup5 said on November 26, 2018 at 9:29 am
    Reply

    When it comes to out of the box privacy, Pale Moon is still among the best especially considering its development is not profit-motivated.

    The Pale Moon team literally doesn’t know how large its user base is because there is simply no telemetry of any kind. I don’t know of any other browser developer that can say this.

    1. efferle said on December 6, 2018 at 12:02 am
      Reply

      When it comes to out of the box privacy, just use the Tor Browser and *DO NOT* dabble/ blunder around.

      To satisfy an extra portion of safety, install the Add-Ons Cookie Autodelete, Privacy Badger, and Raymond Hill’s marvellous piece of engineering uMatrix. That’s it, no more, no less.

      1. Klaas Vaak said on December 6, 2018 at 12:21 pm
        Reply

        @efferle: sounds good.

        As an aside: uMatrix. I have seen the question – uBlockOrigin or uMatrix or both – debated, and in the end R. Hill himself said there is no compelling reason to use uM if you use uBO.

      2. efferle said on December 7, 2018 at 7:38 am
        Reply

        Exactly this, Klaas.

        uBlock Origin and uMatrix do pretty much the same thing, namely allowing or preventing ‘thingies’ from being executed in one’s browser, be it scripts, frames, images, media, cookies, and the like.

        The difference between the two Add-Ons lies primarily in their user interface, as well as in the user’s required ‘know how’. There is no need to use both of them at the same time in one’s user setting. You could, of course, as they both do not interfere with each other in a negative way, but that would result in some sort of useless ‘double work/ double maintenace’ to reach the same goal.

      3. Klaas Vaak said on December 7, 2018 at 1:15 pm
        Reply

        @efferle: thank for the clarification and confirmation.

    2. Anonymous said on November 28, 2018 at 8:33 pm
      Reply

      > The Pale Moon team literally doesn’t know how large its user base is because there is simply no telemetry of any kind. I don’t know of any other browser developer that can say this.

      And I don’t know of any browser developer that can claim to know how big their user base is. Not Mozilla, not Google, Microsoft or Apple.

      You even still need to define what a “user” is. Is it someone who has the browser installed, even if they don’t use it? Is it someone who uses it 5 hours a week? What if they also use another browser for 6 hours a week?
      What if they have multiple computers with the same browser installed? What if they downloaded the browser and any updates only once, but then deployed it to thousands of computers in their corporate network, with all telemetry and update checks blocked?

      It’s an intrinsically hard problem to figure out even just a rough guesstimate of how many users you might have.

      Pale Moon claiming that they don’t know it solely because they don’t collect enough data is some special bullshit. Even the number of downloads, which is something they do know for sure, can be enough to base your rough user numbers on.

      1. John Fenderson said on November 30, 2018 at 11:45 pm
        Reply

        @Anonymous: “Even the number of downloads, which is something they do know for sure, can be enough to base your rough user numbers on.”

        I don’t think this is true at all, depending on your definition of “rough”. Lots of people download software, try it, and decide not to use it, or never even try it. Lots of people download the same software more than once, etc.

      2. Klaas Vaak said on November 29, 2018 at 9:24 am
        Reply

        @Anonymous: true, not to mention those who install a browser, which the developer records, but then uninstalls the browser, which the developer does not record.

    3. user17843 said on November 26, 2018 at 1:30 pm
      Reply

      “When it comes to out of the box privacy, Pale Moon is still among the best especially considering its development is not profit-motivated.

      The Pale Moon team literally doesn’t know how large its user base is because there is simply no telemetry of any kind. I don’t know of any other browser developer that can say this.”

      What if there are only 300 users and everything they do is in vain?

      Anyway, both non-profit motivation and no-telemetry are not goot indicators for the quality of a browser.

      It may be to those who live in irrational fear of surveillance, but everyone who understands technology uses Linux + TOR on a separate physical machine for sensitive stuff already, which seperates everything from the day-to-day browsing.

      What’s the point of browsing privately when all you do is visit ghacks, youtube and pornhub?
      What’s the point of Pale Moon when you trade in harmless telemetry for potentially serious security incidents or a lack of usability and joy?

      1. John Fenderson said on November 26, 2018 at 6:51 pm
        Reply

        @user17843:

        “What if there are only 300 users and everything they do is in vain?”

        It wouldn’t be in vain all. Just ask those 300 users.

        “everyone who understands technology uses Linux + TOR on a separate physical machine for sensitive stuff already, which seperates everything from the day-to-day browsing.”

        It is equally important to protect your day-to-day browsing, though.

        “harmless telemetry”

        I think it has yet to be shown that telemetry is without risk — at the very least, it exposes you to the software manufacturer. Also, even if it is 100% harmless, that in no way means that people are wrong for choosing to avoid it.

      2. user17843 said on November 26, 2018 at 10:10 pm
        Reply

        “It is equally important to protect your day-to-day browsing, though.”

        So my point is something along the lines of: If telemetry is a serious privacy violation to some people, then why is lack of security updates not a serious security violation to them? If their data to protect is so precious, that is?

        They use a browser due to lack of telemetry, but trust a couple of people working on this with all implications.

      3. John Fenderson said on November 27, 2018 at 5:14 pm
        Reply

        @user17843:

        “If telemetry is a serious privacy violation to some people, then why is lack of security updates not a serious security violation to them?”

        Pale Moon (and Waterfox, my preferred browser) gets security updates. That aside, you’d have to ask people who take the stance you’re describing here as I’m sure it varies from person to person.

        I would suggest, however, that we’re talking about two different kinds of security here. It’s entirely possible that a person can be more concerned about one than the other. For instance, it’s entirely possible that some people are more bothered when their software intentionally and actively engages in privacy violations as opposed to the browser passively and unintentionally containing a security flaw. Also, it’s entirely possible to mitigate against even unknown security flaws without taking security updates. There’s a million possible explanations here.

        “They use a browser due to lack of telemetry, but trust a couple of people working on this with all implications.”

        Yes, so? The size of the team involved seems an odd thing to bring up, as from a security point of view, the effect of team size is on the flavor of the possible vulnerabilities more than whether or not they exist.

        Also, “trust” is a very subjective thing, and when it comes to software houses, we are all working with very little information about how much trust is warranted. So people tend to make trust judgements from an emotional place rather than a technical one.

        Personally, I think the only supportable stance is to not trust any of them completely, and consider all software you’re running as a threat vector.

      4. Money said on November 26, 2018 at 4:42 pm
        Reply

        @user17843

        What “potentially serious security incidents”? Please expand on that, and if possible, contact the devs so they are aware of them.

        And for me, not having to fiddle with about:config to block Pocket is a big win to usability and “joy”.

    4. Weilan said on November 26, 2018 at 11:14 am
      Reply

      I kinda wish there was a Firefox fork or something that uses the latest rendering engine builds, but has the UI of Firefox 3.x. I loved Firefox 2.x and 3.x. But after they released 4.x it because utter shit, I’ve been hating it since then and using Chrome since.

      I thought Pale Moon can act like this, but unfortunately it can’t. The rendering engine is so outdated many websites don’t work properly. For example imgur.com’s Ctrl+V function doesn’t work on Pale Moon.

      1. Unicornslove said on January 29, 2022 at 3:53 pm
        Reply

        A lack of interception of OS-based keypresses could be considered a privacy and security PLUS not a minus, mate. Websites that hook into OS functionality because they want to act like mini window managers, clipboards, and other functions of OSs and such themselves, these are an arrogant pain in the ass! Stinking of being designed for crappy mobile devices that do not have proper copy and paste or storage, manipulation facilities themselves, so need it to be implemented server-side.
        Once such functionality exists in a piece of software, you’ve done half the hacker’s work for them – all they have to do is exploit the browser to hijack the function outside of the user’s control and exfiltrate data or whatever. The code is there running for them.
        One good principle for anything – is the K.I.S.S. – Keep It Simple, Stupid. Bloat is a bad thing, because a smaller, hardened codebase is the best way to keep bugs and exploits at bay (assuming the devs pay attention and are well-enough resourced of course).

      2. user17843 said on November 26, 2018 at 1:21 pm
        Reply

        “I kinda wish there was a Firefox fork or something that uses the latest rendering engine builds, but has the UI of Firefox 3.x. I loved Firefox 2.x and 3.x. But after they released 4.x it because utter shit, I’ve been hating it since then and using Chrome since.”

        Creating a browser is impossible nowadays without a workforce of hundreds of people.

        Even if it is only a frontend without the engine. If you include the engine, you need thousands of people.

    5. Tom said on November 26, 2018 at 11:02 am
      Reply

      Haha, good joke. :’D

      Since Pale Moon is based on a very old Firefox code base it can’t be have the latest privacy developments from Firefox. And really, not having telemetry doesn’t make the browser more private. But if you don’t believe this, then you don’t have telemetry do be enabled. That’s no reason at all to use another browser. If you say that you use Pale Moon for the one reason or another reason, that’s totally valid. But it’s nonsense to say that Pale Moon offers more privacy.

      1. rickmv said on November 26, 2018 at 11:17 pm
        Reply

        “…based on a very old Firefox code base…”

        And that’s a lame joke rolled around by those don’t know much about the project and underlying developed code, and web browsers in general. PaleMoon 28 is on UXP and getting distanced more from Mozilla code, but even ver. 27 is rock solid from privacy and even security stand point.

    6. Kwasiarz said on November 26, 2018 at 10:04 am
      Reply

      If only the devs weren’t so childish.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.