@bayesian
Thank you for sharing this.
I too have done this some time ago, but I’m not sure what the specific variable is to set ‘my filters’ for Ublock Origin in the policies.json, is it:
"dynamicFilteringEnabled": "true",
"dynamicFilteringString": "* google-analytics.com * block\n* googletagmanager.com * block\n* * 3p-script block*\n* * 3p-frame block",
?
Correct
There’s no ESR for Fedora.
It’s not dvm-template it’s disposableVM.
I carefully followed the instructions, but in the end my disposable-vm does not exactly do what it should. (e.g. some search engines are not removed).
Here is what I did:
Basic: Template debian-11-clone
Advanced: Disposable Template / Default Disposable Template: debian-11-DISPVM
Now, when I start the disposable Firefox-Disp I get an empty page with Noscript and Ublock installed. Default search engine is startpage, although I have to actively select it in the search field. Amazon and wikipedia search are still there, though the policies.json says to uninstall them. Did anyone succeed in placing bookmarks into the policies.json?
I seems the policies.json works in my case only partially.
Did I miss something vital? Any suggestions are welcome.
My second question:
I use a regular app-vm for surfing on basis of fedora-36. The Firefox in there is hardened and fairly secure (ublock,canvas blocker, multi account and temp. container, jshelter and moderate user.js). I use bookmarks and a 30 digit master-password for my passwords (I know there is a better but less convenient solution with Keepass-XC).
With this configuration I cloned the app-vm and made it disposable:
Template: Fedora-36
Advanced: Disposable Template (selected) / Default Disposable Template: Fedora-36-dvm.
When I start the cloned app-vm it naturally starts as disposable with all the above mentioned convenient Firefox ingredients: Now this sounds to good to be true: I have a convenient firefox as I want it to be, and the whole thing is self-destructive after shutdown. My question is now, if there would be any security issue in this configuration. If this would be a fairly secure working solution then it would make the whole configuration with arkenfox user.js, Autoconfig and policies.json look obsolete.
Or do I miss something basic in here?
In your "SearchEngines" policy, add "Default": "<engine name>".
Try to add your local TLD (ie: amazon.com or amazon.de)
Look here.
You’re still subject to profile fingerprinting, since you keep using the same profile that was created the first time in your original AppVM. From a security standpoint, it’s as secure as when you cloned it. It’s up to you to decide what you care about.
Ah…
Thanks for help. Regarding fingerprinting I expected something like what you mentioned.
Other issues as bookmarks, search engines and startpage I was able to solve yesterday. In the end I tried to get even better adjusting policies.json an firefox.cfg and messed it up again and now Google is back and addons are gone. 
A simple bakup of the VM-Template would have been fine. Hope to be able to fix this today.
I get permission denied at this step.
I also checked /usr/lib/firefox-esr and firefox.cfg does not seem to be there
Make sure you have root permissions since you are editing /usr folder. You can run open a terminal in the desired templateVM as root user with:
qvm-run -u root template-something xterm
in the dom0 terminal.
Additionally, please understand that some files, example the /usr/lib/firefox-esr/firefox.cfg, do not exist in a default “vanilla” firefox/firefox-esr fresh install. And the whole idea behind this tutorial is to create some of those files.
Thanks for that, actually got it all working, except about:debugging gets blocked when using this, so I need to figure that out as I upload local addons from time to time for testing.
If anyone knows what setting activates/disables it please let me know as I’ve been stuck for a few hours and have pretty much exhausted the wiki
There’s your answer mate, the policy you’re looking for is "ExtensionSettings", and specifically the following bit:
"ExtensionSettings": {
"*": {
"installation_mode": "blocked"
}
Remove or change "installation_mode" to a more relaxed setting (like "allowed") to enable about:debugging
I have a problem when trying to get this to work with a appvm. Whenever I do it, Firefox forgets all my preferences and reverts back.
So I can’t untick “clear history when Firefox closes” or select “open previous windows and tabs” because it just clears on next boot.
Any one have any ideas?
Now that I finally have a stable Firefox-DispVM 
with some bookmarks, it would be fine to have some login credentials for more convenience e.g with KeepassXC installed with some parameters in a similar way as ublock and noscript. I do not know if this is what arkenoi refers to in his “password management how to”, and if so, this would be far beyond my technical (and english) understanding.
Finally, an overall question arises for me: if I have bookmarks, ublock, noscript and maybe Keepass in my DispVM, would that be a fingerprinting issue regarding advanced algorithms? Or would each and every dispxxx still be unique and could not be profiled?
I can’t help without more specific information.
It’s something in the user.js, I’ve got it so that it remembers my history at least. My problem now is:
Firefox settings > privacy & security > cookies and site data > “delete cookies and site data when Firefox is closed” remains ticked
Also I can’t change : >privacy & security > history “Firefox will use custom settings for history”
This is not possible due to the nature of the disposable. You should look into this if you’re interested: GitHub - rustybird/qubes-app-split-browser: Tor Browser (or Firefox) in a Qubes OS disposable, with persistent bookmarks and login credentials
Otherwise you’ll need to handle credentials differently. Check out my other guide: Split-everything: collection of how-to guides for split configurations
Thanks a lot for great assistance, I will have a look into your guides.
Fingerprinting is somewhat irrelevant of dispXXXX VMs. I mean, a lot of advanced fingerprinting algorithms will use stuff like IP address, screen resolution, timezone, language, openGL version, and other things that it is beyond the scope of a disposable VM.
If you threat model demands fingerprinting resistance you should use Tor Browser.
Arkenfox (without any overrides) user.js (GitHub - arkenfox/user.js: Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening) helps with resisting fingerprinting, but won’t be as efficient as Tor Browser.
Brave can randomize some fingerprinting.
You should ideally be testing your setup with https://coveryourtracks.eff.org/ and adjust according to your threat model.
In my honest opinion, browser dispVMs are not for anonymity (i.e. fingerprinting issues) but for security issues. You can click/visit those nasty sites that you would never do in a personal computer in a dispVM. As long as you don’t put any personal data and you shutdown the dispVM, any malware that would infect the computer is long gone along with the dispVM. This is how I use my browser dispVM. If I want fingerprinting resistance/anonymity I’ll use a Whonix dispVM with Tor Browser.
As I recall, though, using the Arkenfox style of preconfiguring Firefox with firefox.cfg basically stomps on the keyboard shortcuts that Rustybird’s split browser needs. I know in order to get split browser to work I had to start with a plain firefox install, and not install the Arkenfox policies and firefox.cfg. So, is it a case of “never the twain shall meet?”
(I’m calling it “Arkenfox” but I realize that strictly speaking it’s Arkenfox as extended by you (BEBF738VD) in the original post of this thread. A bit of verbal shorthand that I use at the price of possibly being perceived to minimize your contribution, so let me acknowledge it here.)
I’m actually going to try to work on this now–I’ve finally got a bookmark menu (C++/Gtk) that allows for nested lists of bookmarks to integrate with RustyBird’s schema. (I even have code to import an HTML bookmark export file.) But I want the split browser windows to be Arkenfox-style hardened/configured, too. Yes I want it all–bookmarks separated from a window with no “fingerprint” and a bunch of ad-preventions built in. (I think I can see where to plug in the contents of the firefox.cfg file generated in Part 1 into the split-browser setup…will try some evening soon.)
No, we like to harden it ourselves better. Because if we can’t fingerprint our own homemade hardening, no one will.