customizing Firefox in disp-vms
47 views
Skip to first unread message
Josefa Hays
Jan 29, 2021, 4:58:22 AM1/29/21
to qubes...@googlegroups.com
I use dispvm's all the time (both Fedora and Debian dispvms). Thus, I am
quite annoyed to see varios "first run" issues every time i start
Firefox in a disp-vm. I would like to perform the following changes in
the template-vms, preferably from CLI, so I don't have to start Firefox
in the template:
* disable "first run" wellcome tabs
* change startpage to https://duckduckgo.com
* In Fedora-30 dispvm: disable the bookmark-bar in the top
I've been poking around in ~/.mozilla/ files and configs, but so far no
luck.
Anybody got this working who can share their configs? (Maybe we could
put a guide on in wiki/docs? I guess it is quite a common "problem" for
people that use disp-vm's on a regular basis?)
Best regards,
Jo
quite annoyed to see varios "first run" issues every time i start
Firefox in a disp-vm. I would like to perform the following changes in
the template-vms, preferably from CLI, so I don't have to start Firefox
in the template:
* disable "first run" wellcome tabs
* change startpage to https://duckduckgo.com
* In Fedora-30 dispvm: disable the bookmark-bar in the top
I've been poking around in ~/.mozilla/ files and configs, but so far no
luck.
Anybody got this working who can share their configs? (Maybe we could
put a guide on in wiki/docs? I guess it is quite a common "problem" for
people that use disp-vm's on a regular basis?)
Best regards,
Jo
Emma Borhanian
Jan 29, 2021, 5:43:20 AM1/29/21
to qubes-users
You can use an autoconfig file in the firefox-esr install directory in the template to control everything except default search, which mozilla has added a bunch of protections to in order to prevent default search page hijacking. You can use this to disable "first run" welcome tabs, etc.
You probably also want to put privacy/hardening settings in the autoconfig file.
To change the default search page you actually need two mechanisms:
1. Reverse engineer the way the firefox-esr directory configures default search.
2. Reverse engineer the way the profile directory configures default search.
You need both because:
You probably also want to put privacy/hardening settings in the autoconfig file.
To change the default search page you actually need two mechanisms:
1. Reverse engineer the way the firefox-esr directory configures default search.
2. Reverse engineer the way the profile directory configures default search.
You need both because:
#1 will be undone every time you update firefox. If you run firefox before re-doing it, the change will be cached in your profile directory, and method #1 will no longer work for you because the profile will
#2 doesn't work unless you already have a profile directory. A startup script that ran on dispvm creation that both created a profile directory and modified it using #2 would allow you to avoid needing #1, but it seemed cleaner to me to just do #1 as well.
#1 requires monkey patching modules/SearchService.jsm to not fetch the default search from mozilla's servers, and changing the search default in chrome/browser/search-extensions/list.json.
#2 is documented here https://blog.onee3.org/2018/04/manually-add-a-search-engine-to-firefox-quantum/
Emma Borhanian
Jan 29, 2021, 5:47:48 AM1/29/21
to qubes-users
I might be interested in contributing code for this, but I'm not sure how to package it.
Emma Borhanian
Jan 29, 2021, 5:50:41 AM1/29/21
to qubes-users
This is an arms race though and eventually mozilla will make any particular methods of overriding the default search not work. It's really annoying.
I looked into using other browsers but IceCat seems to not receive security updates frequently enough to be a viable secure browser. It seems we are stuck with firefox and playing this arms race game for setting default search forever.
I looked into using other browsers but IceCat seems to not receive security updates frequently enough to be a viable secure browser. It seems we are stuck with firefox and playing this arms race game for setting default search forever.
Emma Borhanian
Jan 29, 2021, 6:00:47 AM1/29/21
to qubes-users
> #1 requires monkey patching
I thought of this as "monkey patching", because I automated altering the file with sed, but I guess it's not technically monkey patching if you're changing the source file.
Emma Borhanian
Jan 29, 2021, 6:18:56 AM1/29/21
to qubes-users
(I retyped all of this so hopefully I didn't typo any of it)
defaultPref("browser.newtabpage.activity-stream.aboutHome.enabled", false);
defaultPref("datareporting.policy.firstRunURL", "");
defaultPref("trailhead.firstrun.branches", "nofirstrun-privacy");
Settings you may want to save:
defaultPref("general.warnOnAboutConfig", false);
defaultPref("general.warnOnAboutConfig", false);
defaultPref("browser.tabs.warnOnClose", false);
Disable Pocket:
defaultPref("extensions.pocket.enabled", false);
defaultPref("browser.newtabpage.activity-stream.feeds.section.topstories", false);
defaultPref("browser.newtabpage.activity-stream.section.highlights.includePocket", false);
defaultPref("browser.newtabpage.activity-stream.showSponsored", false);
Disable snippets by firefox:
defaultPref("browser.newtabpage.activity-stream.feeds.snippets", false);
The rest is privacy/security stuff, which should probably be copied from the union of 1. firefox specific guides 2. whatever tor browser does. Of note is whether the URL bar and/or search bar send what you type anywhere.
Another decision is whether to "lock" preferences vs just changing the default.
Another decision is whether to "lock" preferences vs just changing the default.
Emma Borhanian
Jan 29, 2021, 6:19:43 AM1/29/21
to qubes-users
> Relevant preferences for start page:
I meant for disabling startup notices.
Sven Semmler
Jan 29, 2021, 1:27:30 PM1/29/21
to qubes...@googlegroups.com
On 1/29/21 3:58 AM, Josefa Hays wrote:
> I use dispvm's all the time (both Fedora and Debian dispvms). Thus, I
> am quite annoyed to see varios "first run" issues every time i start
> Firefox in a disp-vm. I would like to perform the following changes
> in the template-vms, preferably from CLI, so I don't have to start
> Firefox in the template:
You wouldn't do that in the actual template but in the appvm that serves
> I use dispvm's all the time (both Fedora and Debian dispvms). Thus, I
> am quite annoyed to see varios "first run" issues every time i start
> Firefox in a disp-vm. I would like to perform the following changes
> in the template-vms, preferably from CLI, so I don't have to start
> Firefox in the template:
as a template for the dispvm:
fedora-32 -> dvm-online -> disp1234
So dvm-online would be the qube that has template_for_dispvms set to
true. Maybe that's what you meant by template, but then I don't see the
issue with running firefox for a moment here (it's the same like running
it in any AppVM). You could even remove the netvm from dvm-online while
making those changes.
> * disable "first run" wellcome tabs * change startpage
> bookmark-bar in the top
If for some reason you really don't want to run Firefox in your
equivalent of dvm-online, you could do all those things in an actual
dispvm instance (i.e. disp1234) and then move the resulting .mozilla
config directory into dvm-online.
> I've been poking around in ~/.mozilla/ files and configs, but so far
> no luck. Anybody got this working who can share their configs? (Maybe
> we could put a guide on in wiki/docs? I guess it is quite a common
> "problem" for people that use disp-vm's on a regular basis?)
dvm-online but don't go to any websites. Just make all the settings,
plugins etc and then delete the cache in settings.
/Sven
--
public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6
David Hobach
Jan 29, 2021, 2:01:39 PM1/29/21
to qubes...@googlegroups.com
There's tons of doc and samples on the Internet, see github or e.g. [1].
[1] https://privacy-handbuch.de/download/moderat/user.js
awokd
Jan 29, 2021, 4:49:30 PM1/29/21
to qubes...@googlegroups.com
Sven Semmler:
> If for some reason you really don't want to run Firefox in your
> equivalent of dvm-online, you could do all those things in an actual
> dispvm instance (i.e. disp1234) and then move the resulting .mozilla
> config directory into dvm-online.
Be aware though that starting your dispvm's from a common .mozilla
config instead of a freshly created one every time may result in
increased fingerprintability. Some of the values in there seemed to be
unique, and if unchanged between sessions could lead to correlation. May
not be a concern depending on use cases.
--
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots
> If for some reason you really don't want to run Firefox in your
> equivalent of dvm-online, you could do all those things in an actual
> dispvm instance (i.e. disp1234) and then move the resulting .mozilla
> config directory into dvm-online.
config instead of a freshly created one every time may result in
increased fingerprintability. Some of the values in there seemed to be
unique, and if unchanged between sessions could lead to correlation. May
not be a concern depending on use cases.
--
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots
Sven Semmler
Jan 29, 2021, 5:40:15 PM1/29/21
to qubes...@googlegroups.com
On 1/29/21 3:48 PM, 'awokd' via qubes-users wrote:
> Be aware though that starting your dispvm's from a common .mozilla
> config instead of a freshly created one every time may result in
> increased fingerprintability. Some of the values in there seemed to be
> unique, and if unchanged between sessions could lead to correlation. May
> not be a concern depending on use cases.
Understood.
> Be aware though that starting your dispvm's from a common .mozilla
> config instead of a freshly created one every time may result in
> increased fingerprintability. Some of the values in there seemed to be
> unique, and if unchanged between sessions could lead to correlation. May
> not be a concern depending on use cases.
In use cases where that would be a concern, I wouldn't use
Firefox/Clearnet but instead Tor Browser/Whonix completely unmodified
and disposable.
In any case: NoScript. Even in 2021 I see no reason whatsoever to have
JavaScript on by default. Without JavaScript you are a lot safer, faster
and less annoyed. It's like magic ;-)
Emma Borhanian
Jan 29, 2021, 6:25:16 PM1/29/21
to qubes-users
> On 1/29/21 3:48 PM, 'awokd' via qubes-users wrote:
> > Be aware though that starting your dispvm's from a common .mozilla
> > config instead of a freshly created one every time may result in
> > increased fingerprintability. Some of the values in there seemed to be
> > unique, and if unchanged between sessions could lead to correlation. May
> > not be a concern depending on use cases.
> > Be aware though that starting your dispvm's from a common .mozilla
> > config instead of a freshly created one every time may result in
> > increased fingerprintability. Some of the values in there seemed to be
> > unique, and if unchanged between sessions could lead to correlation. May
> > not be a concern depending on use cases.
Tor Browser is not appropriate for many use cases. Expect exit nodes to spy on all of your traffic if it's not encrypted.
The solutions I gave above which do not involve copying the .mozilla directory solve this problem without increasing fingerprintability (except to the extent that the settings you change increase fingerprintability inherently).
awokd
Jan 30, 2021, 6:09:54 PM1/30/21
to qubes...@googlegroups.com
Emma Borhanian:
> The solutions I gave above which do not involve copying the .mozilla
> directory solve this problem without increasing fingerprintability (except
> to the extent that the settings you change increase fingerprintability
> inherently).
Agreed.
> The solutions I gave above which do not involve copying the .mozilla
> directory solve this problem without increasing fingerprintability (except
> to the extent that the settings you change increase fingerprintability
> inherently).
pr...@tutanota.de
Feb 3, 2021, 12:52:02 PM2/3/21
to Emma Borhanian, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
>> The solutions I gave above which do not involve copying the .mozilla
>> directory solve this problem without increasing fingerprintability
>> (except to the extent that the settings you change increase
>> fingerprintability inherently).
I've used salt to configure my disposable VMs and customise Firefox.
The repo is available here:
The ffmods section is the relevant bit.
I haven't updated it recently but I think it still works.
-----BEGIN PGP SIGNATURE-----
iIgEARMKADAWIQRFNnsoPo7HH0XEMXc88cBGMbAIWAUCYBriDxIccHJhZ29AdHV0
YW5vdGEuZGUACgkQPPHARjGwCFjL9AD+JZwUms2ddXQISgJsxX4AlgUKp4T6Tdaw
McwsjINn9NsA/iYE50c6EqL/YNk12F29DZ2RkoCf4yshYfFGvplZq0BN
=zKLd
-----END PGP SIGNATURE-----
pillule
May 16, 2021, 5:20:21 PM5/16/21
to Emma Borhanian, qubes-users
> <https://support.mozilla.org/en-US/kb/customizing-firefox-using-autoconfig>
Thanks for pointing autoconfig, it may simplify my setup.
Have you tried to use
/usr/share/firefox-esr/distribution/policies.json to setup the
search engine and your addons ?
It is indeed more powerful than a user.js
https://support.mozilla.org/en-US/kb/customizing-firefox-using-policiesjson
I have not yet used it for the search-engines part but there is an
entry here if you follow the link to the docs.
For the addons part is a bit tricky to get the corrects addons ID,
(I yelled until I found this
https://github.com/mkaply/queryamoid/releases/tag/v0.2)
--
> file in the firefox-esr install directory in the template to
> control
> everything except default search, which mozilla has added a
> bunch of
> protections to in order to prevent default search page
> hijacking. You can
> use this to disable "first run" welcome tabs, etc.
> You probably also want to put privacy/hardening settings in the
> autoconfig
> file.
>
> To change the default search page you actually need two
> mechanisms:
> 1. Reverse engineer the way the firefox-esr directory configures
> default
> search.
> 2. Reverse engineer the way the profile directory configures
> default search.
Hi Emma,
> control
> everything except default search, which mozilla has added a
> bunch of
> protections to in order to prevent default search page
> hijacking. You can
> use this to disable "first run" welcome tabs, etc.
> You probably also want to put privacy/hardening settings in the
> autoconfig
> file.
>
> To change the default search page you actually need two
> mechanisms:
> 1. Reverse engineer the way the firefox-esr directory configures
> default
> search.
> 2. Reverse engineer the way the profile directory configures
> default search.
Thanks for pointing autoconfig, it may simplify my setup.
Have you tried to use
/usr/share/firefox-esr/distribution/policies.json to setup the
search engine and your addons ?
It is indeed more powerful than a user.js
https://support.mozilla.org/en-US/kb/customizing-firefox-using-policiesjson
I have not yet used it for the search-engines part but there is an
entry here if you follow the link to the docs.
For the addons part is a bit tricky to get the corrects addons ID,
(I yelled until I found this
https://github.com/mkaply/queryamoid/releases/tag/v0.2)
--
pillule
May 17, 2021, 6:44:02 AM5/17/21
to pr...@tutanota.de, Emma Borhanian, qubes-users
prago via qubes-users <qubes...@googlegroups.com> writes:
> I've used salt to configure my disposable VMs and customise
> Firefox.
> The repo is available here:
> https://gitlab.com/prago/my-salt
Nice usage of policies.json and user.js
It mays be a bit naive question but are you not concerned about
downloading and installing .js file directly from internet in your
template ?
What would be an ideal verification procedure in such case ?
I looked to at least verify the last commit with gpg but
unfortunately I didn't find the signature of arkenfox on a
keyserver.
--
Reply all
Reply to author
Forward
0 new messages