OPSEC STICKY Tor Browser security slider — what each level actually disables
Tor Browser's shield icon hides three security profiles. The defaults are reasonable for casual clearnet browsing and inadequate for darknet market access. This thread breaks down what each level changes at the engine level.
Standard
The default. JavaScript is on, remote fonts load, WebGL is enabled, audio/video plays without prompting. This is what you get on first install. Do not log into a darknet market on Standard. A single JavaScript exploit on a phishing clone is the dominant credential-loss vector in the post-2023 generation of attacks.
Safer
JavaScript runs only on HTTPS sites. Remote fonts are blocked. SVG, audio, and video become click-to-play. WebGL goes click-to-play. This is enough for most clearnet reading; it is still not enough for sensitive logins, because a v3 onion URL is technically not HTTPS in the slider's framing, and JavaScript can still execute.
Safest
JavaScript is disabled globally, full stop. SVG and canvas are click-to-play. Audio/video are click-to-play. WebGL is disabled outright. Remote fonts blocked. This is the only setting at which a darknet market login should be performed. Every Nexus Market page is designed to render correctly here; if a page on the platform requires JavaScript, that's the platform doing something it shouldn't.
What the slider does not change
The slider is a browser-level setting. It does not change which guard relay you use, does not change Tor circuit isolation, does not affect rendezvous-point selection on hidden services, and does not change the cookies you carry between sites. For network-level OpSec the relevant settings are bridges (in torrc), New Tor Circuit per tab (browser menu), and the longer-form circuit isolation flags (SOCKSPort IsolateClientAddr and friends).
One thing people consistently miss
Slider state is per-profile, not per-tab. Switching to Safest in one window applies to every tab. If you split your sessions across multiple Tor Browser profiles — one for casual, one for market access — set Safest on the market profile and leave the casual one wherever feels useful. Mixing the two in one profile is a footgun.
The point about Safer not being enough for onion logins is the one I keep seeing people miss. Safer feels safe because the name says so. Safest is the one you actually want for any login that matters.
Confirmed Nexus renders fine on Safest. Some of the heavier-graphics market UI is a little less pretty (icons render as text fallbacks for some glyphs) but every functional element works. Login, multisig flows, dispute thread, all fine.
Tip for split-profile users: the Tor Browser profile chooser lives at
about:profiles. Make a separate profile labeled “market,” set Safest on first launch, never visit anything other than market mirrors from that profile. The discipline is the point.Strong endorsement of profile separation. The browser fingerprint differs across profiles which buys you a meaningful chunk of OpSec for free.
Question: is there any reason to ever leave Safer instead of going straight to Safest? I've been on Safest for two years and have not noticed a single broken page on the markets I use.
For market access, no. Safer exists because some clearnet sites genuinely break without JS and the Tor Project doesn't want to ship Safest as default for usability reasons. For our use case, Safest is the right call every time.