News Feed
  • DrugHub has agreed to fully refund all users who lost money in the SuperMarket exit scam.  
  • Retro Market has gone offline. Circumstances of the closure unknown.  
  • SuperMarket has closed following an exit scam by one of the admins.  
  • The admin of Incognito Market, Pharoah, has been arrested by the FBI several months after exit scamming.  
  • Silk RoadTorhoo mini logo
  • darknet markets list
  • Popular P2P exchange LocalMonero has announced it is closing.  

So, you want to harden Tor. : Guides | Torhoo darknet markets

This list gets updated at least once a month.

Based on:

Evaluating Anti-Fingerprinting Privacy Enhancing Technologies
https://dl.acm.org/doi/pdf/10.1145/3308558.3313703

The Elephant in the Background: A Quantitative Approach to Empower Users Against Web Browser Fingerprinting
https://fpmon.github.io/fingerprinting-monitor/files/FPMON.pdf

Web Browser Privacy: What Do Browsers Say When They Phone Home?
https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf

_____________________________________________________________________


So, you want to harden Tor.

One thing you need to understand is that the goal of Tor is to make everybody look like everyone else.

That’s the countermeasure; to blend in and not stick out.

You can harden Tor and disable tracking features but you have to keep a balance to mesh into the tapestry and not be uniquely identifiable; not leave behind a fingerprint so unique it identifies you.

Here are some good habits:

1st --- Always verify the digital signature of your Tor download using the provided .asc file to make sure it is authentic and untampered with. This is similar to verifying Onion URLs and signatures.

2nd --- Always update Tor before using Tor.

3rd --- Get familiar with “about:config” — you type ‘this’ into the URL bar.

Most importantly, use Tor as a Tool --- use .onion services where possible to stay within the Tor network; avoid the exit node.

Here are some changes you can make. Some of these options may disappear with newer releases of Firefox, but the idea is the same—avoid being easily tracked. Each change can always be undone.

(Note: there are *fake* Tor websites out there.)


















javascript.enabledfalse
browser.urlbar.filter.javascriptfalse
geo.enabledfalse
media.getusermedia.screensharing.enabledfalse
media.getusermedia.audiocapture.enabledfalse
media.peerconnection.enabledfalse
network.http.sendSecureXSiteReferrerfalse
webgl.disabledtrue
webgl.enable-webgl2false
browser.send_pingsfalse
toolkit.telemetry.enabledfalse
network.captive-portal-service.enabledfalse
browser.sessionstore.warnOnQuittrue
browser.aboutConfig.showWarningfalse
browser.warnOnQuittrue
browser.tabs.closeWindowWithLastTabfalse

/u/cornballer
3 points
3 years ago*
This is probably covered in other Tor setup guides, but for new users there are a few settings you can change right away after setting up Tor.
  • Settings > Privacy & Security > Onion Services > Always - Prefer onion service over clearnet URL
  • Settings > Privacy & Security > Security Level > Safest - Defaults to standard which allows JS, fonts, etc. by default.
  • Settings > Privacy & Security > HTTPS Only Mode > Enable for all windows

IMO these should be default settings on a fresh install, but with Tor browser trying to appeal to a larger audience I can somewhat understand their reasons to have things setup this way.
/u/HeadJanitor 📢 Moderator
2 points
3 years ago
There are all the visible "musts". Good pointing out!
/u/sunsettler
2 points
3 years ago
so you're suggesting these are changes we should make? bit confused my apologies
/u/HeadJanitor 📢 Moderator
3 points
3 years ago
Only when you're ready. When you feel the need. If you're not there yet, this post will remain here...for when you're ready.

The only absolutely crucial, vital one is the one in red--unquestionably.
/u/KyleKlemons54
1 points
3 years ago
I always turn javascript.enabled as false and then I just disable webgl. THEN I set it on the "safest" setting in the Security Preferences and then I just stick to TOR network sites.
/u/bucktooth
2 points
3 years ago
Nice work. Whenever I have these settings up, it gives me clarity as to which sites to visit. If they look broken or I can't access nor participate on the site with these settings, I just don't visit it every again.
/u/HeadJanitor 📢 Moderator
1 points
3 years ago
Luckily, I haven't encountered any websites breaking yet. Of course down here in the DN, along with Dread and all the marketplaces we go without JavaScript so disabling that automatically disables a ton of features. These just make sure we not that big of a fingerprint, or, at best, make it harder for them to fingerprint us.
/u/PladPanties
2 points
3 years ago
Is it possible for these changes to become persistant, or must you go through all of these steps each time Tails starts again?
/u/HeadJanitor 📢 Moderator
1 points
3 years ago
In Tails? I'm trying to come up with a script for Tails. All other operating systems have persistence.
/u/nosmoke
2 points
3 years ago
a script would be awesome!
i will save this for now in a txt.

does doing all of them make a user uniqe in TOR or is it better to do all the mentioned above in your opinion?
/u/LucySpaceCows
1 points
3 years ago
Any luck on the script?
/u/HeadJanitor 📢 Moderator
1 points
3 years ago
It worked on 4.29 but by the next release it was broken. The Tails developers change so much per each release it's impossible to know what they're next release will entail.
/u/LucySpaceCows
1 points
3 years ago
Can't you just add a simple js file in the preferences folder of Tor?
/u/HeadJanitor 📢 Moderator
1 points
3 years ago
As in regards to Tails? Because it's an Amnesiac OS ... it's designed that no matter how bad you burn the house down it goes back to the origin upon next start.
/u/HeadJanitor 📢 Moderator
1 points
3 years ago
Whonix is easier and just like Tails and has persistence and doesn't need much to run. Setup takes 3 minutes.
/u/LucySpaceCows
1 points
3 years ago
Good point. I think in that scenario you would just make a copy and store it in Tails persistant storage. Every time you bootup just copy the file over. It would probably beat going into about:config and manually changing everything.
/u/HeadJanitor 📢 Moderator
1 points
3 years ago
One nice thing is that when JavaScript is manually disabled, nearly everything you see here becomes invalid, non-functional and inoperable.
/u/LucySpaceCows
1 points
3 years ago
Oh nice. Okay.
/u/LucySpaceCows
0 points
3 years ago

1
Awards Received
Bronze
1
Also, another point, shouldn't webgl.disabled be true? Setting it to false enables webGL
/u/HeadJanitor 📢 Moderator
1 points
3 years ago
Great catch.
/u/rasclatbunn
2 points
2 years ago

1
Awards Received
Bronze
1
U haven't actually made an edit to the post.
/u/HeadJanitor 📢 Moderator
1 points
2 years ago
Lifesaver -- I must have made the change only in the browser.

Updated:

webgl.disabledtrue
webgl.enable-webgl2false
/u/rasclatbunn
2 points
2 years ago
2 Bronze medals in a row... u r spoiling me -_-
/u/HeadJanitor 📢 Moderator
1 points
2 years ago
You hooked it up -- spotted my shortcoming, saved the guide for the next person.
/u/rasclatbunn
3 points
2 years ago
I can send back only love and respect for your dedication towards all of is here
/u/rasclatbunn
2 points
2 years ago

1
Awards Received
Doge
1
Oh... Bronze doesn't seem that shiny now then :)
/u/rasclatbunn
2 points
2 years ago
By the way... what happens of I leave JavaScript enabled (for a given website that requires it) but turn off everything else in about:config? What effect would that have?
/u/HeadJanitor 📢 Moderator
1 points
2 years ago
You leave yourself open to exploitation and leak data.
/u/Gambetta
2 points
1 year ago
Upvoted. Essential
/u/around911
1 points
3 years ago
Brave is good browser for fingerprint they randomize it.
/u/HeadJanitor 📢 Moderator
2 points
3 years ago
Recently, there has been a lot of trouble around both Brave and DuckDuckGo. Hopefully, they'll tighten things up in the next few weeks. Brave was so become the default search engine for Tor given its onion but flaws were uncovered. So many variables go into producing a fingerprint. Unless the browser is fully resistant it's going to be nearly different each time, even minutes apart.
/u/around911
1 points
3 years ago
Yes i see that , i prefer DuckDuckGo for search engine for clear net.
Are there possibilities to have fingerprint with SSH, VNC, RDP ?
i dont think but i want to be sure .
/u/HeadJanitor 📢 Moderator
1 points
3 years ago
Yeah, they're going to home serious serious right now on the sociopolitical eco-front with Microsoft tracking. We'll have to wait to see how it all turns out.
/u/KnechtRuprecht
1 points
2 years ago
thx, this is gold
/u/HeadJanitor 📢 Moderator
1 points
2 years ago
Enjoy! Danke Schoen.
/u/olwot8
1 points
1 year ago
Isn't JS disabled if you set security level to "Safest"?
I thought its enough to set it on safest. What exactly is missing here?
/u/HeadJanitor 📢 Moderator
1 points
1 year ago
Yes, but as you can see this goes a little beyond just disabling JavaScript. It is about removing every bit of fingerprinting as possible.
/u/olwot8
1 points
1 year ago
But why is the javascript.enabled setting in about:config still enabled even after choosing Safest mode?
/u/HeadJanitor 📢 Moderator
1 points
1 year ago
Try exiting the browser after you select Safest mode and then re-open the browser and check again. Otherwise, NoScript is messing things up. That's why it's good to take a quick look yourself to make sure it is off.
/u/monerosparrow
1 points
1 year ago
So if I'm running Tor on Tails then I should still take the time to make sure that all of these are hardened as well? I have always disabled javascript and set the safest mode from settings, but that's it.
/u/HeadJanitor 📢 Moderator
1 points
1 year ago
No, just making sure JavaScript is disabled is good enough. This is the go-to for when you need advancement.
/u/[deleted]
1 points
1 year ago
What counts as advancement, so tails really isnt good enough with safest settings? Thanks for any info :)
/u/HeadJanitor 📢 Moderator
1 points
1 year ago
Tails is perfectly fine for what it is designed to do: forget. It is all relative to your needs. One day you may get tired on any operating system that forgets and will have become so used to Linux that you want to "distro-hop". Whonix would be the next step.
/u/[deleted]
1 points
1 year ago
yea im thinking of changing to the horrible GUI of Whonix lol, im OCD and i've really grown to like the look of tails haha, i know it seems trivial but OCD is OCD ha, thanks for the help by the way i appreciate you taking your time <3
/u/HeadJanitor 📢 Moderator
1 points
1 year ago
Debian comes in many flavors and Cinnamon is gorgeous. You can use that as your host. And throw KickSecure in there.
/u/[deleted]
1 points
1 year ago
I dont trust tham at all though, or more accuretly i dont trust my knnowlege of thos OSs enough to use, thats one reason why i like tails is that no matter what you do it will auto-route everything through tor, isnt that the same for Whonix?
/u/HeadJanitor 📢 Moderator
1 points
1 year ago
It's especially true for Whonix. There is Whonix-Gateway and Whonix-Workstation and Whonix-Gateway makes sure that everything routes through Tor.
/u/[deleted]
1 points
1 year ago
right excellent, going to force myself into it, tails is good and all but would be nice to have something on the actualy computer that will start up quicker etc

Thanks alot for your help its very valuable for me and i appreciate you taking your time
/u/HeadJanitor 📢 Moderator
1 points
1 year ago
You are always welcome, /u/Operational-Deployment. Sincerely. If you have any questions please feel to message me anytime.
/u/[deleted]
1 points
1 year ago
Your time is massively valued by me thank you yea i will do :)
/u/HeadJanitor 📢 Moderator
1 points
1 year ago
Thank you so very much. Wish you had stuck around.
  • Sponsors
VigorSwap Instant Crypto Exchange
FraudGPT

  • Explore Torhoo!

© Torhoo! 2025

All links are for educational and research purposes only. Torhoo! does not vouch for any site.

Advertise on Torhoo