[qubes-users] customizing Firefox in disp-vms

I use dispvm's all the time (both Fedora and Debian dispvms). Thus, I am
quite annoyed to see varios "first run" issues every time i start
Firefox in a disp-vm. I would like to perform the following changes in
the template-vms, preferably from CLI, so I don't have to start Firefox
in the template:

* disable "first run" wellcome tabs
* change startpage to https://duckduckgo.com
* In Fedora-30 dispvm: disable the bookmark-bar in the top

I've been poking around in ~/.mozilla/ files and configs, but so far no
luck.
Anybody got this working who can share their configs? (Maybe we could
put a guide on in wiki/docs? I guess it is quite a common "problem" for
people that use disp-vm's on a regular basis?)

Best regards,
Jo

You can use an autoconfig file in the firefox-esr install directory in the template to control everything except default search, which mozilla has added a bunch of protections to in order to prevent default search page hijacking. You can use this to disable “first run” welcome tabs, etc.
You probably also want to put privacy/hardening settings in the autoconfig file.

To change the default search page you actually need two mechanisms:

  1. Reverse engineer the way the firefox-esr directory configures default search.
  2. Reverse engineer the way the profile directory configures default search.

You need both because:
#1 will be undone every time you update firefox. If you run firefox before re-doing it, the change will be cached in your profile directory, and method #1 will no longer work for you because the profile will
#2 doesn’t work unless you already have a profile directory. A startup script that ran on dispvm creation that both created a profile directory and modified it using #2 would allow you to avoid needing #1, but it seemed cleaner to me to just do #1 as well.

#1 requires monkey patching modules/SearchService.jsm to not fetch the default search from mozilla’s servers, and changing the search default in chrome/browser/search-extensions/list.json.
#2 is documented here Manually add a search engine to Firefox Quantum | Frederick's Notebook

1 Like

I might be interested in contributing code for this, but I’m not sure how to package it.

This is an arms race though and eventually mozilla will make any particular methods of overriding the default search not work. It’s really annoying.

I looked into using other browsers but IceCat seems to not receive security updates frequently enough to be a viable secure browser. It seems we are stuck with firefox and playing this arms race game for setting default search forever.

#1 requires monkey patching

I thought of this as “monkey patching”, because I automated altering the file with sed, but I guess it’s not technically monkey patching if you’re changing the source file.

(I retyped all of this so hopefully I didn’t typo any of it)

Relevant preferences for start page:
defaultPref(“browser.newtabpage.activity-stream.aboutHome.enabled”, false);
defaultPref(“datareporting.policy.firstRunURL”, “”);
defaultPref(“trailhead.firstrun.branches”, “nofirstrun-privacy”);

Settings you may want to save:
defaultPref(“general.warnOnAboutConfig”, false);

defaultPref(“browser.tabs.warnOnClose”, false);

Disable Pocket:
defaultPref(“extensions.pocket.enabled”, false);
defaultPref(“browser.newtabpage.activity-stream.feeds.section.topstories”, false);
defaultPref(“browser.newtabpage.activity-stream.section.highlights.includePocket”, false);

defaultPref(“browser.newtabpage.activity-stream.showSponsored”, false);

Disable snippets by firefox:
defaultPref(“browser.newtabpage.activity-stream.feeds.snippets”, false);

The rest is privacy/security stuff, which should probably be copied from the union of 1. firefox specific guides 2. whatever tor browser does. Of note is whether the URL bar and/or search bar send what you type anywhere.

Another decision is whether to “lock” preferences vs just changing the default.

Relevant preferences for start page:

I meant for disabling startup notices.

I use dispvm's all the time (both Fedora and Debian dispvms). Thus, I
am quite annoyed to see varios "first run" issues every time i start Firefox in a disp-vm. I would like to perform the following changes
in the template-vms, preferably from CLI, so I don't have to start
Firefox in the template:

You wouldn't do that in the actual template but in the appvm that serves as a template for the dispvm:

fedora-32 -> dvm-online -> disp1234

So dvm-online would be the qube that has template_for_dispvms set to true. Maybe that's what you meant by template, but then I don't see the issue with running firefox for a moment here (it's the same like running it in any AppVM). You could even remove the netvm from dvm-online while making those changes.

* disable "first run" wellcome tabs * change startpage
tohttps://duckduckgo.com * In Fedora-30 dispvm: disable the
bookmark-bar in the top

If for some reason you really don't want to run Firefox in your equivalent of dvm-online, you could do all those things in an actual dispvm instance (i.e. disp1234) and then move the resulting .mozilla config directory into dvm-online.

I've been poking around in ~/.mozilla/ files and configs, but so far
no luck. Anybody got this working who can share their configs? (Maybe
we could put a guide on in wiki/docs? I guess it is quite a common
"problem" for people that use disp-vm's on a regular basis?)

Both approaches mentioned above will work. I just run firefox in dvm-online but don't go to any websites. Just make all the settings, plugins etc and then delete the cache in settings.

/Sven

You can also manage your settings inside the user.js in dvm-online without using the GUI.

There's tons of doc and samples on the Internet, see github or e.g. [1].

[1] https://privacy-handbuch.de/download/moderat/user.js

Sven Semmler:

If for some reason you really don't want to run Firefox in your equivalent of dvm-online, you could do all those things in an actual dispvm instance (i.e. disp1234) and then move the resulting .mozilla config directory into dvm-online.

Be aware though that starting your dispvm's from a common .mozilla config instead of a freshly created one every time may result in increased fingerprintability. Some of the values in there seemed to be unique, and if unchanged between sessions could lead to correlation. May not be a concern depending on use cases.

Understood.

In use cases where that would be a concern, I wouldn't use Firefox/Clearnet but instead Tor Browser/Whonix completely unmodified and disposable.

In any case: NoScript. Even in 2021 I see no reason whatsoever to have JavaScript on by default. Without JavaScript you are a lot safer, faster and less annoyed. It's like magic :wink:

/Sven

1 Like

Be aware though that starting your dispvm’s from a common .mozilla
config instead of a freshly created one every time may result in
increased fingerprintability. Some of the values in there seemed to be
unique, and if unchanged between sessions could lead to correlation. May
not be a concern depending on use cases.

Tor Browser is not appropriate for many use cases. Expect exit nodes to spy on all of your traffic if it’s not encrypted.

The solutions I gave above which do not involve copying the .mozilla directory solve this problem without increasing fingerprintability (except to the extent that the settings you change increase fingerprintability inherently).

Emma Borhanian:

The solutions I gave above which do not involve copying the .mozilla
directory solve this problem without increasing fingerprintability (except
to the extent that the settings you change increase fingerprintability
inherently).

Agreed.

Hash: SHA512

The solutions I gave above which do not involve copying the .mozilla

directory solve this problem without increasing fingerprintability

(except to the extent that the settings you change increase

fingerprintability inherently).

I’ve used salt to configure my disposable VMs and customise Firefox.

The repo is available here:

https://gitlab.com/prago/my-salt

The ffmods section is the relevant bit.

I haven’t updated it recently but I think it still works.

Emma Borhanian <emma.borhanian@gmail.com> writes:

You can use an autoconfig <Customizing Firefox Using AutoConfig | Firefox for Enterprise Help> file in the firefox-esr install directory in the template to control everything except default search, which mozilla has added a bunch of protections to in order to prevent default search page hijacking. You can use this to disable "first run" welcome tabs, etc.
You probably also want to put privacy/hardening settings in the autoconfig file.

To change the default search page you actually need two mechanisms:
1. Reverse engineer the way the firefox-esr directory configures default search.
2. Reverse engineer the way the profile directory configures default search.

Hi Emma,

Thanks for pointing autoconfig, it may simplify my setup.

Have you tried to use /usr/share/firefox-esr/distribution/policies.json to setup the search engine and your addons ?
It is indeed more powerful than a user.js

https://support.mozilla.org/en-US/kb/customizing-firefox-using-policiesjson

I have not yet used it for the search-engines part but there is an entry here if you follow the link to the docs.

For the addons part is a bit tricky to get the corrects addons ID,
(I yelled until I found this Release Query AMO ID v0.1 · mkaply/queryamoid · GitHub)

prago via qubes-users <qubes-users@googlegroups.com> writes:

I've used salt to configure my disposable VMs and customise Firefox.
The repo is available here:
Prago / my-salt · GitLab

Hi prago,

Nice usage of policies.json and user.js

It mays be a bit naive question but are you not concerned about downloading and installing .js file directly from internet in your template ?

What would be an ideal verification procedure in such case ?
I looked to at least verify the last commit with gpg but unfortunately I didn't find the signature of arkenfox on a keyserver.