Safely customizing Tor-browser possible?

Hi all! I’m a new to tor-browser user.
I’m wondering about a couple of things namely (this will be fairly long): Is it safe to customize the Tor browser toolbar, example: enabling the menu bar and bookmark bar? I quite like the default TBB layout, I’m just asking is it ok security-wise to add and remove stuff from the toolbar? The Tor browser manual says you can add the noscript icon in the toolbar for easy access, I’ve done that, but what about everything else? It doesn’t say anything about customization using the Firefox customize mode.
In Firefox one can customize userChrome.css. I read on the web you can do that in Tor browser too, but the person said he can’t guarantee the security of the browser when doing so. What are people’s take on this feature, is it safe to use, should it be avoided? Again, not that I’m going do it, the default UI is quite good.

Another thing I’d like to do is to disable smooth scrolling and the full-screen fade in and out when watching videos. In about:config there is the full-screen-api.transition-duration.enter value that you can set to “0 0” and full-screen-api.transition-duration.leave that can also be set to “0 0”. In my opinion those should be 0 by default since not even Chrome has the fade in feature. This feature is just a distraction as is smooth scrolling. If it changes the fingerprint changing those settings however I’m of course not going to change them.

Finally on the Tails website it says changing the security level of Tor browser changes the finger print, is that true or is the Tails browser somehow different? Link: (Why is javascript enabled by default?) Tails - Frequently asked questions
When searching the forum I found this thread talking about bookmarks and customization, only the bookmark concern was replied to, which is why I’m posting a new thread. Link: Saving bookmarks, customize toolbar

That’s all for now, I might have more questions later…

1 Like

Toolbar customization should be safe. It reduces the space available for the website content so it may change your fingerprint, but I think that as long as you use just basic features like these you won’t stand out.

I don’t know the feature you refer to, but I wouldn’t touch anything in about:config if privacy is a concern.

As Tails FAQ says,

if you disable JavaScript, then the fingerprint of your Tor Browser differs from most users.

This is because most users keep JavaScript enabled to not break most the websites they visit. So yes, its true even in Tails. But if you disable Javascript your fingerprint should be the same of the other users who disabled JavaScript.

I hope the answer is still useful four months later.

Hello, and thank you for your reply, if late. I myself took a break from tor-browser. I see much has changed since then, this forum being self-hosted for once.

I have one more question/concern, is it safe to disable smooth scrolling in the browser? I do it in other browsers, but if the various JS trackers can calculate if one is scrolling faster than another then I’d rather not do it. I’ve heard of the various keyboard trackers out there as well as mouse movement trackers, so yeah…

I know I said earlier I had one more question but since newbies in Discourse forums cannot edit posts I’ll make a reply to myself.

I’m also wondering about the full screen watching videos online (like YouTube), back in the day not that long ago I remember Tor browser had a warning when users entered full-screen in videos, saying it could leak information about the type of computer screen one has. Now there’s no full-screen warning, I know about the letterboxing feature which has been there since Tor browser 12 (link to changelog)(https://v236xhqtyullodhf26szyjepvkbv6iitrhjgrqj4avaoukebkk6n6syd.onion/t/new-release-tor-browser-12-0/5820)
I guess it’s safe enough to watch videos in Tor browser in full-screen these days?

Thank you all in advance!

Note that letterboxing is a mitigation, not a solution: it groups users with similar screen sizes, it doesn’t recreate the same size on any screen - I suppose to have been considered the trade-off with users just ignoring the warning for ease.

Wheter resizing the window helps blending in or makes you stick out depends on what most users do. Anyway, note that javascript can always be used to measure and report the window size, so using full-screen may be used to track you at any time, not only when reproducing videos.
As a side note: since videos often require scripts, I usually download them with yt-dlp instead of reproducing in the browser.
I remember the warning of the past, but I don’t know why it was dropped.

1 Like

is it safe to disable smooth scrolling in the browser

smooth scrolling is fingerprintable - - but we’re doing something about it - bugzilla 1832598. I haven’t tested to see if this works as intended and there is a follow up bugzilla 1834307

I guess it’s safe enough to watch videos in Tor browser in full-screen these days

full screen/ maximizing will/can “leak” your real screen resolution, even with letterboxing: i.e the letterboxing only steps, so it’s not hard to extrapolate the real size to something expected. Don’t get me wrong, letterboxing is working and makes a difference, it’s just that full screen is a bit different as it’s an upper limit, not some arbitrary user manual resize of the window.

And yes, websites can tell if you’re full screen vs maximized

  • FS I am 2400 x 1400
  • Maximized I am 2400 x 1200 (the toolbar is set as always show), or 2400 x 1300 (toolbar is only set to show on new tab)
  • So even changing toolbar display can affect “user-generated” entropy.
  • even with the above it is not hard to work out I am most likely 2560 wide and therefore 2560 x 1440 - the pioint is not guessing your screen size, it’s the actual reported sizes that are linkable/entropy

If you want to watch videos on a site in full screen, use a new window (or the existing window if no other sites are open in that window), then go ahead - it is only one site and the extra entropy will not be directly linkable. Of course if you use full screen in hundreds of sites, it will start to become a pattern


FYI: I forgot: currently the maximize warning is disabled if you have letterboxing enabled. The full screen warning is being reworked (if there is one). FS is now letterboxed (I believe since we switched to using pure css), it didn’t use to be

There are a ton of tor tickets open right now - ideas include

  • introducing LB to users
    • LB area revamp: edges, background, info overlay?, info link?
    • LB in settings: on/off? centering options
    • LB education: link to internal pages?
  • assess new window sizes (less incentive to resize) and aligning LB steps to match
    • we think we can increase the max width to 1400px: 40% more real estate and mobile pages won’t trigger (for users with large enough displays) - i.e taking advantage of the fact that most desktop/laptop screens now are at least 16/9 aspect ratio. It shouldn’t really affect entropy (I am working my way thru this as I type)
  • warning when any viewport (the bit the website uses) size is not as expected (i.e not matching a new window size on startup) - allowing future warnings to be disabled
    • FS has no chrome to show anything so would need to work a little differently. I am not sure what we do for FS warnings right now
  • add a tabstrip button to reset (your newwin size) and to snap to some possible-on-your-resolution higher preset sizes. Button could also handle options for LBing, warnings, educational links

It’s a bit of a messy/complex intersection of letterboxing being on vs off, windowed vs full screen, vs expected viewport size, vs UIX, vs information/education, vs usability - glad I’m edit: not @donuts


This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Wow, you are all clearly very knowledgeable here, thank you for the valuable information. I’m going to mark this as solved since I have no further inquires.

I suspected I shouldn’t go to other sites when full screening, I’m glad that’s confirmed.

1 Like