If someone would ask me, I’d think this is absolutely wrong.
I didn’t say to run firefox and/or customize it in a template, but in a dvm template, which is by it’s nature appVM.
To create an appVM then to do to it whatever and then to promote it to dvm template is absolutely unnecessary, and probably not recommended, since I never read something similar in documentation. On the contrary, you first create dvm template, then customize it. For each purpose, I’d create separate dvm template, for example: one for clearnet, one for tor, one with no-net, and so on and so on…
I never said that you have to run firefox in any template, but before you posted your reply I rather pointed to a post which explains how to set it up without running firefox in a dvm template. So, if I were you, I’d probably checked it, tried it and only then would claim what you did.
I’m writing this because there are a lot of new users recently, or inexperienced ones (for which I consider myself too) and claiming things has to be supported with strong facts, otherwise could mislead users to an unforeseen consequences regarding their security and anonymity, and we don’t know their threat models which can be extremely sensitive, not to say dangerous.
I agree with all of suggestions made by @enmus and @BEBF738VD. A step-by-step guide to creating a template for disposable VMs using Firefox policies and AutoConfig would be fantastic. It seems like others have implemented this setup (custom add-ons and user.js) without ever running Firefox, but I don’t see an easy path for to replicating this without some kind of guide. Glad to know that it’s at least possible though.
To be clear, my response was referencing the use of the term template in the OP. The distinction between a “distro” template and a “dvm” template can be confusing for anyone new to Qubes. The latter is an appVM used as a template for dispVMs, so the customization happens in the appVM, not the template on which it’s based.
what i am trying to do is use a policies. json file to configure firefox each time it starts , i even found a salt of policies,json file here somethwere in the forum .
how this would work is, i would place, the policy, json file somewhere in the root of template vm and every disposable vm will autoconfigure firefox off of it.
installing extensions is possible without creating profiles by sudo apt install webext-ublock-origin-firefox.
But i want to harden firefox by usre js file
i believe it was mentioned in this post
question is does anyone know how to exactly use a policy.json file and can anyone tell me how to use it
You can also install extension via the policies.json file:
It’s very simple really. You start with an empty file named policies.json and then you go through the github link above and add all the policies that matter to you.
You can see that for each policy they include instructions for Windows, MacOS and general policies.json. You want to look at the latter and copy what’s needed to your file.
If for example you want to install ublock, block cookies and disable a few other things (ie telemetry, studies, pocket) the policies.json file would like like the following:
There are a few files in your system that can receive the content of
user.js (eg: /etc/firefox-esr/firefox-esr.js).
You could append your user.js to it.
how to exactly use a policy.json
I use it mostly to install extensions.
The hard part was to figure out the right url and identifiants;
Fortunately there is an extension for that :
https:github.com/mkaply/queryamoid/releases/tag/v0.1
I don’t think it’s possible to use a user.js file directly without also creating a Firefox profile in the disposable template. To avoid having a profile in the default state of your dispVM either try @dal’s idea of appending firefox-esr.js and/or port the rules from user.js into a config file as described by Mozilla and the following post:
If your threat model for the dispVM allows for it, then simply running Firefox in the appVM before creating the disposable template will allow you to use the user.js file directly. This method is not appropriate if you’re trying to preserve anonymity in your dispVMs, for example, but is fine if you want an established identity along with the other benefits of a dispVM such as non-persistence of cookies or malware…
I am going to use the policies.json file and base the disposable vm’s off of them.
Anyone already doing this and has a policies.json file that i can use??
Or is there any tool to convert arkenfox or any other user js to policies.json directly???
Thanks.
A quick question: how do I grant extensions like Adblock and Ghostery necessary permissions in the template so it would not show me slpash screens and ask for permissions every time?
It will depend on how well these extensions support Firefox policies. uBlock Origin has good support, so you can look to it as an example. A good place to start is:
Also search “Firefox policy” on the github site for each extension (if they have one). The following page has links to several additional resources:
Adblock and Ghostery are no longer recommended for privacy (mainely because of their new owners).
As suggest by @ephile, Ublock origin is all what you need. (ghostery is also redundant with ublock origin).
The best way to customize Firefox for disposable vms is with policies, but outside of Qubes Firefox policies are primarily used in an enterprise setting. Outside of uBlock’s links, your best bet is probably to directly ask each extension’s devs if they support enterprise policies and how to eliminate the splash screen using policies.
If I want to use the download manager it insists on throwing up a “congratulations” webpage every time I start firefox. Utterly pointless and damned annoying because of that.
I hope I don’t completely miss the mark here, but it seems to me that starting the DVM Template
Start - Qube Tools - Qube Manager - DVM - Start
Then selecting it in the Qube Domains Icon in your task bar and opening a terminal within it to execute the commands to install arkenfox in it would work without the hassle of configuring exceptions.
You can also start Firefox via the command line, add extensions, click through annoying messages etc. After you have modified the Browser to your liking, shut down the DVM-Template and the changes you made should persist.
Of course, you’ld need to take these steps every time you want to update an extension or change something in Firefox, but it seems to me that that’s kind of the idea behind a DVM.
Setting up Firefox in the DVM template has some advantages, but the downside is that every disposable vm spawned with that template will share the same Firefox profile. Firefox policies allow one to set parameters for extensions (that support such policies), without creating a fixed profile for the DVM template. So there are tradeoffs to be made…
Maybe there are some entries but they are not documented apparently.