Tor Browser Mitigation Guide

Version tested: 11.0.3

Note: Changing browser settings on TBB is not recommended by some, as they argue it is bad because it increases fingerprinting. Please also note that this is SpywareWatchdog, and not FingerprintWatchdog.

After following this guide as best we can tell, the rating changes thusly:

Spyware Rating: Low → Not Spyware

Please be aware that it is possible there may be even more spyware that needs removing than is covered in this guide.

Besides using the torrc configuration file, or host files, the only way to completely remove the connections is to unpack two omni.ja files, and remove all the addresses, and then re-zip the omni.ja files.

After downloading the latest TBB tarball (in our tests mitigation did not work with TBB from distro repos) either use this script (give it your tor-browser_en-US/ directory as argument) or follow these instructions:

Find your omni.ja files:


							find . -name omni.ja

Unpack them (do this for both of them separately):


							mkdir unpack
							

							mv omni.ja unpack
							

							cd unpack
							

							unzip omni.ja

Remove telementry:


							find ./Browser/ -type f -print0 | xargs -0 sed -i 's/https\:\/\/firefox\.settings\.services\.mozilla\.com\/v1\/buckets\/main\/collections\/nimbus-desktop-experiments\/records//g';
							

							find ./Browser/ -type f -print0 | xargs -0 sed -i 's/https\:\/\/firefox\.settings\.services\.mozilla\.com\/v1\/buckets\/main-preview\/collections\/search-config\/records//g';
							

							find ./Browser/ -type f -print0 | xargs -0 sed -i 's/https\:\/\/firefox\.settings\.services\.mozilla\.com\/v1\/buckets\/main\/collections\/search-config\/records//g';
							

							find ./Browser/ -type f -print0 | xargs -0 sed -i 's/https\:\/\/firefox\.settings\.services\.mozilla\.com\/v1//g';
							

							find ./Browser/ -type f -print0 | xargs -0 sed -i 's/onecrl\.content-signature\.mozilla\.org//g';
							

							find ./Browser/ -type f -print0 | xargs -0 sed -i 's/remote-settings\.content-signature\.mozilla\.org//g';
							

							find ./Browser/ -type f -print0 | xargs -0 sed -i 's/normandy\.content-signature\.mozilla\.org//g';

Replace the omni.ja files:


							rm omni.ja
							

							zip -0DXqr omni.ja *
							

							mv omni.ja ..

Disable auto updates:


							mkdir -p Browser/distribution/

Create file Browser/distribution/policies.json and put in:

{
  "policies": {
    "DisableAppUpdate": true
 }
}

All done!

If you want to edit this article, or contribute your own article(s), visit us at the git repo on Codeberg. All contributions must be licensed under the CC0 license to be accepted.