The initial_preferences json file can be used to configure the preferences that will be used by default in newly created profiles.
The Brave browser is reading initial_preferences from /opt/brave.com/brave/initial_preferences.
The Brave browser profile preferences are stored in ~/.config/BraveSoftware/Brave-Browser/Default/Preferences json file. You can use it as as a base and modify it to your needs for its use as initial_preferences file.
You can run Brave browser in some qube, configure all the settings that you want, convert the Preferences json file to a readable format using this command:
python3 -m json.tool ~/.config/BraveSoftware/Brave-Browser/Default/Preferences > ~/initial_preferences
~/initial_preferences file and remove all unnecessary settings from this file (timestamps, UUIDs, default settings etc) and then use this file for your disposables.
You can check if the resulting json file is valid by running this command:
python3 -m json.tool ~/initial_preferences > /dev/null
python3 -m json.tool ~/.config/BraveSoftware/Brave-Browser/Default/Preferences > pref1
python3 -m json.tool ~/.config/BraveSoftware/Brave-Browser/Default/Preferences > pref2
diff -u5 -I '"last_modified"' -I '"time"' -I '"session_last_active_time"' -I '"last_update_time"' -I '"left"' -I '"right"' -I '"last_engagement_time"' -I '"lastEngagementTime"' -I '"pointsAddedToday"' -I '"rawScore"' -I '"tab_count"' pref1 pref2 | less
Once you've created your initial_preferences file you can place it in disposable template:
Open terminal of disposable template for Brave browser.
Copy the initial_preferences file to the disposable template.
Configure bind-dirs for initial_preferences file and copy the initial_preferences file to the right location by running these commands:
sudo mkdir -p /rw/config/qubes-bind-dirs.d
cat << 'EOF' | sudo tee -a /rw/config/qubes-bind-dirs.d/50_brave.conf > /dev/null
binds+=( '/opt/brave.com/brave/initial_preferences' )
EOF
sudo mkdir -p /rw/bind-dirs/opt/brave.com/brave
sudo cp /home/user/QubesIncoming/*/initial_preferences /rw/bind-dirs/opt/brave.com/brave/
sudo mkdir -p /opt/brave.com/brave
sudo cp /home/user/QubesIncoming/*/initial_preferences /opt/brave.com/brave/
The same should work for any Chromium browser, but the initial_preferences file location and browser-specific preferences will differ.
Example initial_preferences config based on this recommended Brave configuration:
{
"brave": {
// Hide Brave Rewards button
"brave_ads": {
"should_allow_ads_subdivision_targeting": false
},
// Select Auto-redirect AMP pages
"de_amp": {
"enabled": true
},
// Select Auto-redirect tracking URLs
"debounce": {
"enabled": true
},
"enable_window_closing_confirm": true,
// Uncheck all social media components
"fb_embed_default": false,
// Uncheck all social media components
"linkedin_embed_default": false,
// Uncheck Use Google services for push messaging
"gcm": {
"channel_status": false
},
"new_tab_page": {
"hide_all_widgets": true,
"show_background_image": false,
"show_brave_news": false,
"show_rewards": false,
"show_stats": false,
"show_together": false
},
// Select Prevent sites from fingerprinting me based on my language preferences
"reduce_language": true,
// Hide Brave Rewards button
"rewards": {
"badge_text": "",
"show_brave_rewards_button_in_location_bar": false
},
"today": {
"should_show_toolbar_button": false
},
// Uncheck all social media components
"twitter_embed_default": false,
"wallet": {
// Select Extensions (no fallback) under Default Solana wallet
"default_solana_wallet": 1,
// Select Extensions (no fallback) under Default Ethereum wallet
"default_wallet2": 1,
"show_wallet_icon_on_toolbar": false
},
// Uncheck all built-in extensions you don't use
"webtorrent_enabled": false
},
"browser": {
"custom_chrome_frame": false,
"has_seen_welcome_page": true
},
// Uncheck all built-in extensions you don't use
"media_router": {
"enable_media_router": false
},
"ntp": {
"custom_background_inspiration": false,
"custom_background_local_to_device": false,
"shortcust_visible": false
},
// Select Aggressive under Trackers & ads blocking
"profile": {
"content_settings": {
"exceptions": {
"cosmeticFiltering": {
"*,*": {
"setting": 2
},
"*,https://firstparty": {
"setting": 2
}
},
// Check Block fingerprinting
"fingerprintingV2": {
"*,*": {
"setting": 3
}
},
"shieldsAds": {
"*,*": {
"setting": 2
}
},
"trackers": {
"*,*": {
"setting": 2
}
}
}
},
// Select Block third-party cookies
"cookie_controls_mode": 1,
"default_content_setting_values": {
// Check Forget me when I close this site
"brave_remember_1p_storage": 2,
// Select Delete data sites have saved to your device when you close all windows under Sites and Shields Settings → Content → Additional content settings → On-device site data.
"cookies": 4,
// Select Strict under Upgrade connections to HTTPS
"httpsUpgrades": 2,
"javascript_jit": 2
}
},
// Select Automatically remove permissions from unused sites under Sites and Shields Settings
"safety_hub": {
"unused_site_permissions_revocation": {
"enabled": false
}
},
// Disable Show search suggestions
"search": {
"suggest_enabled": false
},
// Select Disable non-proxied UDP under WebRTC IP Handling Policy
"webrtc": {
"ip_handling_policy": "disable_non_proxied_udp"
}
}
Some settings can't be changed using initial_preferences and you need to use policy settings:
sudo mkdir -p /rw/config/qubes-bind-dirs.d
cat << 'EOF' | sudo tee -a /rw/config/qubes-bind-dirs.d/50_brave.conf > /dev/null
binds+=( '/etc/brave/policies/managed/GroupPolicy.json' )
EOF
sudo mkdir -p /rw/bind-dirs/etc/brave/policies/managed/
cat << 'EOF' | sudo tee /rw/bind-dirs/etc/brave/policies/managed/GroupPolicy.json > /dev/null
{
// Disable Tor, use Tor Browser instead
"TorDisabled": true,
// Uncheck Automatically send diagnostic reports
"MetricsReportingEnabled": false
}
EOF
sudo mkdir -p /etc/brave/policies/managed/
cat << 'EOF' | sudo tee /etc/brave/policies/managed/GroupPolicy.json > /dev/null
{
// Disable Tor, use Tor Browser instead
"TorDisabled": true,
// Uncheck Automatically send diagnostic reports
"MetricsReportingEnabled": false
}
EOF
But these options: * Uncheck Allow privacy-preserving product analytics (P3A) * Uncheck Automatically send daily usage ping to Brave * Uncheck Continue running apps when Brave is closed to disable background apps
Can't be changed using initial_preferences or policy settings so you'll need to change them manually.
They are stored in ~/.config/BraveSoftware/Brave-Browser/Local State file so you can create this file in the disposable template's user home directory:
cat << 'EOF' | tee ~/.config/BraveSoftware/Brave-Browser/Local\ State > /dev/null
{
// Uncheck Continue running apps when Brave is closed to disable background apps
"background_mode": {
"enabled": false
},
// Disable hardware acceleration
"hardware_acceleration_mode": {
"enabled": false
},
// Disable Tor, use Tor Browser instead
"tor": {
"tor_disabled": true
},
"brave": {
// Uncheck Allow privacy-preserving product analytics (P3A)
"p3a": {
"enabled": false
},
// Uncheck Automatically send daily usage ping to Brave
"stats": {
"reporting_enabled": false
}
},
// Uncheck Automatically send diagnostic reports
"user_experience_metrics": {
"reporting_enabled": false
}
}
EOF
They are stored in ~/.config/BraveSoftware/Brave-Browser/Local State file so you can place this file in the /etc/skel directory in the template so it'll be copied to the newly created app qubes:
sudo mkdir -p /etc/skel/.config/BraveSoftware/Brave-Browser/
cat << 'EOF' | sudo tee /etc/skel/.config/BraveSoftware/Brave-Browser/Local\ State > /dev/null
{
// Uncheck Continue running apps when Brave is closed to disable background apps
"background_mode": {
"enabled": false
},
// Disable hardware acceleration
"hardware_acceleration_mode": {
"enabled": false
},
// Disable Tor, use Tor Browser instead
"tor": {
"tor_disabled": true
},
"brave": {
// Uncheck Allow privacy-preserving product analytics (P3A)
"p3a": {
"enabled": false
},
// Uncheck Automatically send daily usage ping to Brave
"stats": {
"reporting_enabled": false
}
},
// Uncheck Automatically send diagnostic reports
"user_experience_metrics": {
"reporting_enabled": false
}
}
EOF