diff --git a/build/lib/scripts/enable-kiosk b/build/lib/scripts/enable-kiosk
index 3e6d0992d..d07fc29b3 100755
--- a/build/lib/scripts/enable-kiosk
+++ b/build/lib/scripts/enable-kiosk
@@ -6,35 +6,79 @@ set -e
 /usr/bin/apt update
 /usr/bin/apt install --no-install-recommends -y xserver-xorg x11-xserver-utils xinit firefox-esr matchbox-window-manager libnss3-tools
 
+#Change a default preference set by stock debian firefox-esr
+sed -i 's|^pref("extensions.update.enabled", true);$|pref("extensions.update.enabled", false);|' /etc/firefox-esr/firefox-esr.js
+
+if ! id kiosk; then
+    # create kiosk user
+    useradd -s /bin/bash --create-home kiosk
+fi
+
 # create kiosk script
-cat > /home/start9/kiosk.sh << 'EOF'
+cat > /home/kiosk/kiosk.sh << 'EOF'
 #!/bin/sh
 PROFILE=$(mktemp -d)
 if [ -f /usr/local/share/ca-certificates/startos-root-ca.crt ]; then
     certutil -A -n "StartOS Local Root CA" -t "TCu,Cuw,Tuw" -i /usr/local/share/ca-certificates/startos-root-ca.crt -d $PROFILE
 fi
 cat >> $PROFILE/prefs.js << EOT
-user_pref("network.proxy.autoconfig_url", "file:///usr/lib/embassy/proxy.pac");
-user_pref("network.proxy.socks_remote_dns", true);
-user_pref("network.proxy.type", 2);
-user_pref("dom.securecontext.allowlist_onions", true);
-user_pref("dom.securecontext.whitelist_onions", true);
-user_pref("signon.rememberSignons", false);
-user_pref("extensions.activeThemeID", "firefox-compact-dark@mozilla.org");
-user_pref("browser.theme.content-theme", 0);
-user_pref("browser.theme.toolbar-theme", 0);
-user_pref("datareporting.policy.firstRunURL", "");
+user_pref("app.normandy.api_url", "");
+user_pref("app.normandy.enabled", false);
+user_pref("app.shield.optoutstudies.enabled", false);
+user_pref("app.update.enabled", false);
+user_pref("browser.aboutHomeSnippets.updateUrl", "");
+user_pref("browser.bookmarks.addedImportButton", false);
+user_pref("browser.casting.enabled", false);
+user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false);
+user_pref("browser.newtabpage.activity-stream.feeds.asrouterfeed", false);
+user_pref("browser.newtabpage.activity-stream.feeds.topsites", false);
+user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false);
+user_pref("browser.onboarding.enabled", false);
+user_pref("browser.ping-centre.telemetry", false);
+user_pref("browser.pocket.enabled",	false);
+user_pref("browser.safebrowsing.blockedURIs.enabled", false);
 user_pref("browser.safebrowsing.malware.enabled", false);
 user_pref("browser.safebrowsing.phishing.enabled", false);
+user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);
+user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false);
+user_pref("browser.safebrowsing.downloads.remote.enabled", false);
+user_pref("browser.search.geoip.url", "");
+user_pref("browser.search.update", false);
+user_pref("browser.search.suggest.enabled",	false);
+user_pref("browser.startup.homepage_override.mstone", "ignore");
+user_pref("browser.theme.content-theme", 0);
+user_pref("browser.theme.toolbar-theme", 0);
+user_pref("browser.urlbar.groupLabels.enabled", false);
+user_pref("browser.urlbar.suggest.searches" false);
+user_pref("datareporting.policy.firstRunURL", "");
 user_pref("datareporting.healthreport.service.enabled", false);
 user_pref("datareporting.healthreport.uploadEnabled", false);
 user_pref("datareporting.policy.dataSubmissionEnabled", false);
-user_pref("datareporting.policy.dataSubmissionEnabled", false);
-user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false);
-user_pref("browser.ping-centre.telemetry", false);
-user_pref("browser.onboarding.enabled", false);
+user_pref("dom.securecontext.allowlist_onions", true);
+user_pref("dom.securecontext.whitelist_onions", true);
+user_pref("experiments.enabled", false);
+user_pref("experiments.activeExperiment", false);
+user_pref("experiments.supported", false);
+user_pref("extensions.activeThemeID", "firefox-compact-dark@mozilla.org");
+user_pref("extensions.blocklist.enabled", false);
+user_pref("extensions.getAddons.cache.enabled", false);
+user_pref("extensions.pocket.enabled", false);
+user_pref("extensions.update.enabled", false);
+user_pref("extensions.shield-recipe-client.enabled", false);
+user_pref("extensions.shield-recipe-client.user_id", "");
+user_pref("extensions.shield-recipe-client.api_url", "");
+user_pref("media.gmp-gmpopenh264.enabled", false);
+user_pref("messaging-system.rsexperimentloader.enabled", false);
+user_pref("network.allow-experiments", false);
+user_pref("network.captive-portal-service.enabled", false);
+user_pref("network.connectivity-service.enabled", false);
+user_pref("network.proxy.autoconfig_url", "file:///usr/lib/embassy/proxy.pac");
+user_pref("network.proxy.socks_remote_dns", true);
+user_pref("network.proxy.type", 2);
+user_pref("signon.rememberSignons", false);
 user_pref("toolkit.telemetry.archive.enabled", false);
 user_pref("toolkit.telemetry.bhrPing.enabled", false);
+user_pref("toolkit.telemetry.coverage.opt-out", true);
 user_pref("toolkit.telemetry.enabled", false);
 user_pref("toolkit.telemetry.firstShutdownPing.enabled", false);
 user_pref("toolkit.telemetry.newProfilePing.enabled", false);
@@ -43,16 +87,6 @@ user_pref("toolkit.telemetry.shutdownPingSender.enabled", false);
 user_pref("toolkit.telemetry.unified", false);
 user_pref("toolkit.telemetry.updatePing.enabled", false);
 user_pref("toolkit.telemetry.cachedClientID", "");
-user_pref("experiments.enabled", false);
-user_pref("experiments.activeExperiment", false);
-user_pref("experiments.supported", false);
-user_pref("network.allow-experiments", false);
-user_pref("extensions.shield-recipe-client.enabled", false);
-user_pref("extensions.shield-recipe-client.user_id", "");
-user_pref("extensions.shield-recipe-client.api_url", "");
-user_pref("app.normandy.enabled", false);
-user_pref("app.normandy.api_url", "");
-user_pref("app.shield.optoutstudies.enabled", true);
 EOT
 while ! curl "http://localhost" > /dev/null; do
     sleep 1
@@ -70,11 +104,11 @@ matchbox-window-manager -use_titlebar no &
 firefox-esr http://localhost --profile $PROFILE
 rm -rf $PROFILE
 EOF
-chmod +x /home/start9/kiosk.sh
+chmod +x /home/kiosk/kiosk.sh
 
 # use kiosk if tty (not pts)
-if ! grep -q 'kiosk' /home/start9/.profile; then
-cat >> /home/start9/.profile << 'EOF'
+if ! grep -q 'kiosk' /home/kiosk/.profile; then
+cat >> /home/kiosk/.profile << 'EOF'
 # Use kiosk for TTY
 if [[ "$(tty)" =~ ^/dev/tty ]]; then
     exec startx "$HOME/kiosk.sh"
@@ -87,7 +121,7 @@ mkdir -p /etc/systemd/system/getty@tty1.service.d
 cat > /etc/systemd/system/getty@tty1.service.d/autologin.conf << 'EOF'
 [Service]
 ExecStart=
-ExecStart=-/sbin/agetty --autologin start9 --noclear %I $TERM
+ExecStart=-/sbin/agetty --autologin kiosk --noclear %I $TERM
 EOF
 ln -fs /etc/systemd/system/autologin@.service /etc/systemd/system/getty.target.wants/getty@tty1.service