Tor-Browser should not use "Private Browsing" anymore

The Torbrowser is a great tool. But it is very flawed too.

“Oh it deletes everything, so it must be private.”

No this is completely irrelevant??? If you want an Amnesic System, use Tails. And hopefully your SSD is encrypted and you use secure Passwords, so “deleting everything” is simply not really necessary.

Currently the Torbrowser is unusable for normal users. It deletes

  • Session (Tabs, pinned Tabs, open Windows (if you are into that stuff))
  • Cookies
  • History
  • Downloads

And there is nothing wrong with doing that, by default. But the fact that you delete your Session does nothing to your online privacy and fingerprintability.

Using Tor means relying on Bookmarks and maybe also open Tabs. Using a search engine to reopen the same tabs that where forcefully closed is extremely bad.

And there is no reason to do that?

Why not just preset these values in the config, and let users disable it? But when using “Private Browsing”, changing back to non-“private browsing” is fingerprintable.

So if people simply want a usable browser that doesnt always delete the Session, they make themselves fingerprintable.

And default, out of the box UI matters. Torbrowser will always be something “you have installed but it deletes everything so you dont use it often”.

Librewolf and the Arkenfox user.js both delete the same things, but dont use “private browsing”. This makes them good for daily usage.

MullvadBrowser has the same Problem as the Torbrowser (as well as having no easy way to install) so it is also unusable.

Please. Disable this “Private Browsing” and swap it out with multiple switches that users can opt-out of.

Guess this is a different use case which a lot of people should definitely not use.

But agree - should be an option well hidden somewhere with multiple “Here be dragons!”-warnings and constant reminders after restart and an option to fix this serious privacy issue back to normal with just one click.

“But the fact that you delete your Session does nothing to your online privacy and fingerprintability.”

Cookies are a major problem for one’s online privacy. They allow a website or a third party to link two sessions together.


another factor in using PBM is that (currently) nothing touches the disk, it’s all in memory


This is an actually valid argument. And the hardest one, because this may be extremely important on certain devices.

Private Browsing is fingerprintable so having the option to disable it may be dangerous.

Cookies are not part of the Session afaik. You can delete Cookies automatically by default also in non-private browsing.

There are other problems like Container tabs not being supported. Imagine a Browser that uses a container tab for every tab. This is possible with “temporary containers” but does not work in private browsing.

People could save cookies for a single website, for example this forum. And there would be no danger that other websites could use that to identify you.

Good point.

In my opinion, there’s really not a problem with having to log in constantly. Is it annoying? A little, but it’s fine.

As for container tabs, perhaps TBB would benefit from Total cookie protection?
As for not using private browsing mode, this goes against one of Tor’s core principles of Disk Avoidance. The reasons for this can be found in the design document.
"Additionally, the browser SHOULD clear linkable state by default automatically upon browser restart, except at user option. "

1 Like