Set firefox arkenfox preferences in template

We will use the last js value from arkenfox and this will automatically install ublock origin at launch (like librewolf)

Run every commands in your template !!

1. Install firefox in the template
2. Delete your firefox profile in your AppVM if you have one (i think deleting the AppVM then re-create it might be better just in case)
3. Copy and paste every commands

sudo nano /etc/firefox/policies/policies.json

Paste this content inside the file

{
  "policies": {
    "Extensions": {
      "Install": [
        "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
      ],
      "Locked": [
        "ublockorigin@raymondhill.net"
      ]
    }
  }
}

CTRL+O+CTRL+X

4. Do

sudo nano /usr/lib/firefox/defaults/pref/autoconfig.js

and put this inside :

pref("general.config.filename", "firefox.cfg");
pref("general.config.obscure_value", 0);

5. Do

sudo nano /usr/lib/firefox/defaults/firefox.cfg`

Paste this inside

// IMPORTANT: Start your code on the 2nd line
pref("_user.js.parrot", "START: Oh yes, the Norwegian Blue... what's wrong with it?");
pref("browser.aboutConfig.showWarning", false);
pref("_user.js.parrot", "0100 syntax error: the parrot's dead!");
pref("browser.startup.page", 0);
pref("browser.startup.homepage", "chrome://browser/content/blanktab.html");
pref("browser.newtabpage.enabled", false);
pref("browser.newtabpage.activity-stream.showSponsored", false);
pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false);
pref("browser.newtabpage.activity-stream.showSponsoredCheckboxes", false);
pref("browser.newtabpage.activity-stream.default.sites", "");
pref("_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!");
pref("geo.provider.ms-windows-location", false);
pref("geo.provider.use_corelocation", false);
pref("geo.provider.use_geoclue", false);
pref("_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!");
pref("extensions.getAddons.showPane", false);
pref("extensions.htmlaboutaddons.recommendations.enabled", false);
pref("browser.discovery.enabled", false);
pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
pref("browser.newtabpage.activity-stream.telemetry", false);
pref("app.shield.optoutstudies.enabled", false);
pref("app.normandy.enabled", false);
pref("app.normandy.api_url", "");
pref("breakpad.reportURL", "");
pref("browser.tabs.crashReporting.sendReport", false);
pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false);
pref("captivedetect.canonicalURL", "");
pref("network.captive-portal-service.enabled", false);
pref("network.connectivity-service.enabled", false);
pref("_user.js.parrot", "0400 syntax error: the parrot's passed on!");
pref("browser.safebrowsing.downloads.remote.enabled", false);
pref("_user.js.parrot", "0600 syntax error: the parrot's no more!");
pref("network.prefetch-next", false);
pref("network.dns.disablePrefetch", true);
pref("network.dns.disablePrefetchFromHTTPS", true);
pref("network.predictor.enabled", false);
pref("network.predictor.enable-prefetch", false);
pref("network.http.speculative-parallel-limit", 0);
pref("browser.places.speculativeConnect.enabled", false);
pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost!");
pref("network.proxy.socks_remote_dns", true);
pref("network.file.disable_unc_paths", true);
pref("network.gio.supported-protocols", "");
pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!");
pref("browser.urlbar.speculativeConnect.enabled", false);
pref("browser.urlbar.quicksuggest.enabled", false);
pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false);
pref("browser.urlbar.suggest.quicksuggest.sponsored", false);
pref("browser.search.suggest.enabled", false);
pref("browser.urlbar.suggest.searches", false);
pref("browser.urlbar.trending.featureGate", false);
pref("browser.urlbar.addons.featureGate", false);
pref("browser.urlbar.amp.featureGate", false);
pref("browser.urlbar.fakespot.featureGate", false);
pref("browser.urlbar.mdn.featureGate", false);
pref("browser.urlbar.weather.featureGate", false);
pref("browser.urlbar.wikipedia.featureGate", false);
pref("browser.urlbar.yelp.featureGate", false);
pref("browser.formfill.enable", false);
pref("browser.search.separatePrivateDefault", true);
pref("browser.search.separatePrivateDefault.ui.enabled", true);
pref("_user.js.parrot", "0900 syntax error: the parrot's expired!");
pref("signon.autofillForms", false);
pref("signon.formlessCapture.enabled", false);
pref("network.auth.subresource-http-auth-allow", 1);
pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is maker!");
pref("browser.cache.disk.enable", false);
pref("browser.privatebrowsing.forceMediaMemoryCache", true);
pref("media.memory_cache_max_size", 65536);
pref("browser.sessionstore.privacy_level", 2);
pref("toolkit.winRegisterApplicationRestart", false);
pref("browser.shell.shortcutFavicons", false);
pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!");
pref("security.ssl.require_safe_negotiation", true);
pref("security.tls.enable_0rtt_data", false);
pref("security.OCSP.enabled", 1);
pref("security.OCSP.require", true);
pref("security.cert_pinning.enforcement_level", 2);
pref("security.remote_settings.crlite_filters.enabled", true);
pref("security.pki.crlite_mode", 2);
pref("dom.security.https_only_mode", true);
pref("dom.security.https_only_mode_send_http_background_request", false);
pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
pref("browser.xul.error_pages.expert_bad_cert", true);
pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!");
pref("network.http.referer.XOriginTrimmingPolicy", 2);
pref("_user.js.parrot", "1700 syntax error: the parrot's bit the dust!");
pref("privacy.userContext.enabled", true);
pref("privacy.userContext.ui.enabled", true);
pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!");
pref("media.peerconnection.ice.proxy_only_if_behind_proxy", true);
pref("media.peerconnection.ice.default_address_only", true);
pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!");
pref("dom.disable_window_move_resize", true);
pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!");
pref("browser.download.start_downloads_in_tmp_dir", true);
pref("browser.helperApps.deleteTempFileOnExit", true);
pref("browser.uitour.enabled", false);
pref("devtools.debugger.remote-enabled", false);
pref("permissions.manager.defaultsUrl", "");
pref("network.IDN_show_punycode", true);
pref("pdfjs.disabled", false);
pref("pdfjs.enableScripting", false);
pref("browser.tabs.searchclipboardfor.middleclick", false);
pref("browser.contentanalysis.enabled", false);
pref("browser.contentanalysis.default_result", 0);
pref("security.csp.reporting.enabled", false);
pref("browser.download.useDownloadDir", false);
pref("browser.download.alwaysOpenPanel", false);
pref("browser.download.manager.addToRecentDocs", false);
pref("browser.download.always_ask_before_handling_new_types", true);
pref("extensions.enabledScopes", 5);
pref("extensions.postDownloadThirdPartyPrompt", false);
pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!");
pref("browser.contentblocking.category", "strict");
pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!");
pref("privacy.sanitize.sanitizeOnShutdown", true);
pref("privacy.clearOnShutdown_v2.cache", true);
pref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", false);
pref("privacy.clearOnShutdown_v2.browsingHistoryAndDownloads", false);
pref("privacy.clearOnShutdown_v2.downloads", false);
pref("privacy.clearOnShutdown_v2.formdata", true);
pref("privacy.clearOnShutdown_v2.cookiesAndStorage", true);
pref("privacy.clearSiteData.cache", true);
pref("privacy.clearSiteData.cookiesAndStorage", false);
pref("privacy.clearSiteData.historyFormDataAndDownloads", false);
pref("privacy.clearSiteData.browsingHistoryAndDownloads", false);
pref("privacy.clearSiteData.formdata", true);
pref("privacy.clearHistory.cache", true);
pref("privacy.clearHistory.cookiesAndStorage", false);
pref("privacy.clearHistory.historyFormDataAndDownloads", false);
pref("privacy.clearHistory.browsingHistoryAndDownloads", false);
pref("privacy.clearHistory.formdata", true);
pref("privacy.sanitize.timeSpan", 0);
pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!");
pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs");
pref("privacy.window.maxInnerWidth", 1600);
pref("privacy.window.maxInnerHeight", 900);
pref("privacy.resistFingerprinting.block_mozAddonManager", true);
pref("privacy.spoof_english", 1);
pref("widget.non-native-theme.use-theme-accent", false);
pref("browser.link.open_newwindow", 3);
pref("browser.link.open_newwindow.restriction", 0);
pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow");
pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!");
pref("_user.js.parrot", "6000 syntax error: the parrot's 'istory!");
pref("extensions.blocklist.enabled", true);
pref("network.http.referer.spoofSource", false);
pref("security.dialog_enable_delay", 1000);
pref("privacy.firstparty.isolate", false);
pref("extensions.webcompat.enable_shims", true);
pref("security.tls.version.enable-deprecated", false);
pref("extensions.webcompat-reporter.enabled", false);
pref("extensions.quarantinedDomains.enabled", true);
pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!");
pref("_user.js.parrot", "8000 syntax error: the parrot's crossed the Jordan");
pref("_user.js.parrot", "8500 syntax error: the parrot's off the twig!");
pref("datareporting.policy.dataSubmissionEnabled", false);
pref("datareporting.healthreport.uploadEnabled", false);
pref("toolkit.telemetry.unified", false);
pref("toolkit.telemetry.enabled", false);
pref("toolkit.telemetry.server", "data:,");
pref("toolkit.telemetry.archive.enabled", false);
pref("toolkit.telemetry.newProfilePing.enabled", false);
pref("toolkit.telemetry.shutdownPingSender.enabled", false);
pref("toolkit.telemetry.updatePing.enabled", false);
pref("toolkit.telemetry.bhrPing.enabled", false);
pref("toolkit.telemetry.firstShutdownPing.enabled", false);
pref("toolkit.telemetry.coverage.opt-out", true);
pref("toolkit.coverage.opt-out", true);
pref("toolkit.coverage.endpoint.base", "");
pref("_user.js.parrot", "9000 syntax error: the parrot's cashed in 'is chips!");
pref("browser.startup.homepage_override.mstone", "ignore");
pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false);
pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false);
pref("browser.urlbar.showSearchTerms.enabled", false);
pref("_user.js.parrot", "9999 syntax error: the parrot's shuffled off 'is mortal coil!");
pref("browser.shopping.experience2023.enabled", false);
pref("browser.urlbar.pocket.featureGate", false);
pref("_user.js.parrot", "SUCCESS: No no he's not dead, he's, he's restin'!");

This is the content of user.js from arkenfox (140.1) it might change in the future so don’t rely on this guide for the next version of arkenfox.

There is a python3 script available to convert the whole content of the user.js from arkenfox in a firefox.cfg with the correct syntax.

#!/usr/bin/env python3
"""
Convert lines like:
  user_pref("privacy.clearOnShutdown_v2.cookiesAndStorage", true);
to an autoconfig firefox.cfg containing pref(...) lines.

Usage:
  python3 .py [input_file]
If no input_file given, reads stdin.
"""

import sys
import re
from pathlib import Path

USER_PREF_RE = re.compile(
    r'^\s*(?P<prefix>//\s*)?user_pref\(\s*"(?P<name>[^"]+)"\s*,\s*(?P<value>.+?)\s*\)\s*;\s*(?://.*)?$'
)

def normalize_value(val_str):
    v = val_str.strip()
    # Keep strings quoted, booleans and numbers unquoted, arrays/objects unchanged
    if (v.startswith('"') and v.endswith('"')) or (v.startswith("'") and v.endswith("'")):
        return v
    if v.lower() in ("true", "false"):
        return v.lower()
    # Try numeric
    try:
        float(v)
        return v
    except Exception:
        pass
    # Fallback: ensure it's a JS string
    escaped = v.replace('"', '\\"')
    return f'"{escaped}"'

def process_lines(lines):
    out_lines = []
    for ln in lines:
        m = USER_PREF_RE.match(ln)
        if not m:
            continue
        # If the line is commented (prefix captured) skip
        if m.group('prefix'):
            continue
        name = m.group('name')
        raw_value = m.group('value')
        # If the value itself is commented out (e.g. // at start) skip
        if raw_value.strip().startswith("//"):
            continue
        value = normalize_value(raw_value)
        out_lines.append(f'pref("{name}", {value});')
    return out_lines

def main():
    # Read input
    if len(sys.argv) > 1:
        p = Path(sys.argv[1])
        if not p.exists():
            print(f"Input file not found: {p}", file=sys.stderr)
            sys.exit(2)
        src = p.read_text(encoding='utf-8').splitlines()
    else:
        src = sys.stdin.read().splitlines()

    prefs = process_lines(src)

    if not prefs:
        print("No user_pref(...) lines found.", file=sys.stderr)
        sys.exit(1)

    out_path = Path("firefox.cfg")
    header = "// IMPORTANT: Start your code on the 2nd line\n"
    content = header + "\n".join(prefs) + "\n"
    out_path.write_text(content, encoding='utf-8', newline="\n")
    print(f"Wrote {len(prefs)} prefs to {out_path}")

if __name__ == "__main__":
    main()

Save the script as p.py or whatever name you pick it doesn’t matter

Then run the python3 script with this commands

python3 p.py user.js

This will create a file called “firefox.cfg” and if you open the file you will see the whole content of arkenfox user.js.

Now you have to move “firefox.cfg” inside this location

sudo mv firefox.cfg /usr/lib/firefox/

Done ! Every time you will start your DispVM or AppVM it will start with the arkenfox pref and install ublock origin automatically now

I edited the post because i realize that using the arkenfox pref inside policies.json was a bad idea because some telemetry was still enable even with the pref value from arkenfox. By looking at the mozilla doc i see we could use autoconfig instead to do this. By the way i have a error saying “New user can only use 2 links in a post” so i removed some link in the post.

Edit : I forget to give the content of /etc/firefox/policies/policies.json i updated the post

If you’re looking for a vanilla Firefox experience but without the telemetry out of the box, you could try to use LibreWolf.

Librewolf is insecure and they’re not private like they said see Kicksecure Default Browser - Development Considerations and i would say that using a browser build by a bunch of random people is not a good idea. They can put malicious code or other shady stuff in their packages. Using Qubes OS and using Librewolf as the same time is ironic for me.

The only option for clearnet browser are Firefox , Brave or Mullvad-Browser. But brave is based on chromium and they added AI and a lot of shady stuff into their browser like for example i think that if brave was a really good browser the Tor Browser developers would base TB on Brave it’s not the case actually.

And Mullvad-Browser is great but it’s esr and esr is less secure.

So using firefox with arkenfox on Qubes in my opinion is the only option people should use.

There’s also Trivalent… and arkenfox and donut browser with camoufox (which is little late due to illness)

This is a community guides post i’m not going to debate about this here do whatever you want.

PS : I updated the first post to do some modifications i added a python3 script that will be very useful

This is a lot of open-source projects. Also, is arkenfox not built by a bunch of random people?

They simply don’t acknowledge radio silence as a development goal, and arkenfox’s config does the same thing: Kicksecure Default Browser - Development Considerations

They seem to lag behind on updates (which is expected, firefox is upstream) and have some unique bugs.

Your statement doesn’t make any sense… i didn’t want to argue about that specially in a community guides post but it seem i need to educate a lot of people like you so let’s talk.

1. Librewolf install a package into your system this package can contain malicious code. By installing their package (who could be malicious) you trust all those bunch of random people behind the project to provide you a secure and private browser. You don’t even know if they have a lot of security knowledge to maintain a browser… (according to their official documentation they’re a small team) which is worse.
2. The amount of lines of code your browser is running is crazy firefox for example is running 21 millions lines of code your #1 ennemy is your main browser they’re running so many lines of code that could be insecure. It is really a bad idea to use Librewolf as your main browser and connect in your favorite password manager , mail or whatever with this browser.
3. Just because a project is open-source doesn’t mean it’s secure i’m giving you two examples Your VPN Kill Switch Won't Stop All Leaks - General - Privacy Guides Community and https://www.reddit.com/r/sysadmin/comments/1bqu3zx/backdoor_in_upstream_xzliblzma_leading_to_ssh/
4. The whole linux industry was in panic because people like you was trusting a “open-source” project but a maintainer was distributing malicious code across system update it was a big shit show
5. Arkenfox is by far more safe because it do not install anything into your system it just set preferences into your firefox profile that’s all it’s not perfect but it’s better than nothing.
6. If you guys want to use Librewolf and trust the people behind the project to provide you a secure browser and private fine then do it. But i prefer to trust the expert security team behind firefox

My argument is not about open source, I guess I have expressed myself poorly there. I simply don’t understand why you treat “bunch of random people” as an argument. Is arkenfox team not random? Do you know mozilla developers in any way that helps you make this conclusion?

You are right. “bunch of random people” funny argument - Arkenfox also fits this argument, and Arkenfox has the same problem that was pointed out by Kicksecure team.
On the other hand, there is some logic in his words regarding the installation of a third‑party repo. From a security standpoint, it might be better to modify the official Firefox config if Mullvad-browser isn’t satisfactory.

I do not know them but i know it’s a enterprise who value privacy more than google. Mozilla is not a perfect company (they have put ai in the browser…) i’m aware of that but we have nothing else for now.

I’m 100% agree with you this is why i said earlier in my previous reply to someone that arkenfox is not perfect but it’s better than nothing

People need to stop trust a project just because it’s open-source i think that’s the whole issue in linux