Consistent home directory nomenclature

162 files changed, 984 insertions, 984 deletions

diff --git a/etc/0ad.profile b/etc/0ad.profile
index 9ca9834a8..057dcf49e 100644
--- a/etc/0ad.profile
+++ b/etc/0ad.profile
@@ -5,21 +5,21 @@ include /etc/firejail/0ad.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/0ad
-noblacklist ~/.config/0ad
-noblacklist ~/.local/share/0ad
+noblacklist ${HOME}/.cache/0ad
+noblacklist ${HOME}/.config/0ad
+noblacklist ${HOME}/.local/share/0ad
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/0ad
-mkdir ~/.config/0ad
-mkdir ~/.local/share/0ad
-whitelist ~/.cache/0ad
-whitelist ~/.config/0ad
-whitelist ~/.local/share/0ad
+mkdir ${HOME}/.cache/0ad
+mkdir ${HOME}/.config/0ad
+mkdir ${HOME}/.local/share/0ad
+whitelist ${HOME}/.cache/0ad
+whitelist ${HOME}/.config/0ad
+whitelist ${HOME}/.local/share/0ad
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all
diff --git a/etc/2048-qt.profile b/etc/2048-qt.profile
index 964a9e5fa..fa29925c4 100644
--- a/etc/2048-qt.profile
+++ b/etc/2048-qt.profile
@@ -5,8 +5,8 @@ include /etc/firejail/2048-qt.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/2048-qt
-noblacklist ~/.config/xiaoyong
+noblacklist ${HOME}/.config/2048-qt
+noblacklist ${HOME}/.config/xiaoyong
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/Mathematica.profile b/etc/Mathematica.profile
index 924f74389..1ceaaf8dc 100644
--- a/etc/Mathematica.profile
+++ b/etc/Mathematica.profile
@@ -13,11 +13,11 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.Mathematica
-mkdir ~/.Wolfram Research
-whitelist ~/.Mathematica
-whitelist ~/.Wolfram Research
-whitelist ~/Documents/Wolfram Mathematica
+mkdir ${HOME}/.Mathematica
+mkdir ${HOME}/.Wolfram Research
+whitelist ${HOME}/.Mathematica
+whitelist ${HOME}/.Wolfram Research
+whitelist ${HOME}/Documents/Wolfram Mathematica
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all
diff --git a/etc/Thunar.profile b/etc/Thunar.profile
index f4a5c9f54..29cfebe13 100644
--- a/etc/Thunar.profile
+++ b/etc/Thunar.profile
@@ -6,8 +6,8 @@ include /etc/firejail/Thunar.local
 include /etc/firejail/globals.local
 
 noblacklist ${HOME}/.local/share/Trash
-noblacklist ~/.config/Thunar
-noblacklist ~/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml
+noblacklist ${HOME}/.config/Thunar
+noblacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/abrowser.profile b/etc/abrowser.profile
index 3251ef8aa..5c964bad1 100644
--- a/etc/abrowser.profile
+++ b/etc/abrowser.profile
@@ -5,34 +5,34 @@ include /etc/firejail/abrowser.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/mozilla
-noblacklist ~/.mozilla
-noblacklist ~/.pki
+noblacklist ${HOME}/.cache/mozilla
+noblacklist ${HOME}/.mozilla
+noblacklist ${HOME}/.pki
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/mozilla/abrowser
-mkdir ~/.mozilla
+mkdir ${HOME}/.cache/mozilla/abrowser
+mkdir ${HOME}/.mozilla
 whitelist ${DOWNLOADS}
-whitelist ~/.cache/gnome-mplayer/plugin
-whitelist ~/.cache/mozilla/abrowser
-whitelist ~/.config/gnome-mplayer
-whitelist ~/.config/pipelight-silverlight5.1
-whitelist ~/.config/pipelight-widevine
-whitelist ~/.keysnail.js
-whitelist ~/.lastpass
-whitelist ~/.mozilla
-whitelist ~/.pentadactyl
-whitelist ~/.pentadactylrc
-whitelist ~/.pki
-whitelist ~/.vimperator
-whitelist ~/.vimperatorrc
-whitelist ~/.wine-pipelight
-whitelist ~/.wine-pipelight64
-whitelist ~/.zotero
-whitelist ~/dwhelper
+whitelist ${HOME}/.cache/gnome-mplayer/plugin
+whitelist ${HOME}/.cache/mozilla/abrowser
+whitelist ${HOME}/.config/gnome-mplayer
+whitelist ${HOME}/.config/pipelight-silverlight5.1
+whitelist ${HOME}/.config/pipelight-widevine
+whitelist ${HOME}/.keysnail.js
+whitelist ${HOME}/.lastpass
+whitelist ${HOME}/.mozilla
+whitelist ${HOME}/.pentadactyl
+whitelist ${HOME}/.pentadactylrc
+whitelist ${HOME}/.pki
+whitelist ${HOME}/.vimperator
+whitelist ${HOME}/.vimperatorrc
+whitelist ${HOME}/.wine-pipelight
+whitelist ${HOME}/.wine-pipelight64
+whitelist ${HOME}/.zotero
+whitelist ${HOME}/dwhelper
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all
diff --git a/etc/ark.profile b/etc/ark.profile
index 404206992..76b1d9394 100644
--- a/etc/ark.profile
+++ b/etc/ark.profile
@@ -7,7 +7,7 @@ include /etc/firejail/globals.local
 
 # blacklist /run/user/*/bus
 
-noblacklist ~/.config/arkrc
+noblacklist ${HOME}/.config/arkrc
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/atom.profile b/etc/atom.profile
index dc8db46dc..de09275cc 100644
--- a/etc/atom.profile
+++ b/etc/atom.profile
@@ -7,8 +7,8 @@ include /etc/firejail/globals.local
 
 # blacklist /run/user/*/bus
 
-noblacklist ~/.atom
-noblacklist ~/.config/Atom
+noblacklist ${HOME}/.atom
+noblacklist ${HOME}/.config/Atom
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-passwdmgr.inc
diff --git a/etc/atril.profile b/etc/atril.profile
index 50592ec3a..81d9e50d0 100644
--- a/etc/atril.profile
+++ b/etc/atril.profile
@@ -5,10 +5,10 @@ include /etc/firejail/atril.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/atril
+noblacklist ${HOME}/.config/atril
 
-#noblacklist ~/.local/share
-# it seems to use only ~/.local/share/webkitgtk
+#noblacklist ${HOME}/.local/share
+# it seems to use only ${HOME}/.local/share/webkitgtk
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/audacious.profile b/etc/audacious.profile
index 7e2b91773..9a11022e3 100644
--- a/etc/audacious.profile
+++ b/etc/audacious.profile
@@ -5,8 +5,8 @@ include /etc/firejail/audacious.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/Audaciousrc
-noblacklist ~/.config/audacious
+noblacklist ${HOME}/.config/Audaciousrc
+noblacklist ${HOME}/.config/audacious
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/audacity.profile b/etc/audacity.profile
index 52e32badb..e173fa65a 100644
--- a/etc/audacity.profile
+++ b/etc/audacity.profile
@@ -7,7 +7,7 @@ include /etc/firejail/globals.local
 
 blacklist /run/user/*/bus
 
-noblacklist ~/.audacity-data
+noblacklist ${HOME}/.audacity-data
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/aweather.profile b/etc/aweather.profile
index 62cebdbe5..2a4a9b591 100644
--- a/etc/aweather.profile
+++ b/etc/aweather.profile
@@ -5,15 +5,15 @@ include /etc/firejail/aweather.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/aweather
+noblacklist ${HOME}/.config/aweather
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.config/aweather
-whitelist ~/.config/aweather
+mkdir ${HOME}/.config/aweather
+whitelist ${HOME}/.config/aweather
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/whitelist-var-common.inc
 
diff --git a/etc/baloo_file.profile b/etc/baloo_file.profile
index a4fe05cf7..f6dbb480b 100644
--- a/etc/baloo_file.profile
+++ b/etc/baloo_file.profile
@@ -41,7 +41,7 @@ private-tmp
 noexec ${HOME}
 noexec /tmp
 
-# Make home directory read-only and allow writing only to ~/.local/share
+# Make home directory read-only and allow writing only to ${HOME}/.local/share
 # Note: Baloo will not be able to update the "first run" key in its configuration files.
 # read-only  ${HOME}
 # read-write ${HOME}/.local/share
diff --git a/etc/bibletime.profile b/etc/bibletime.profile
index 73d31c205..455a0e2a0 100644
--- a/etc/bibletime.profile
+++ b/etc/bibletime.profile
@@ -5,12 +5,12 @@ include /etc/firejail/bibletime.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-blacklist ~/.Xauthority
-blacklist ~/.bashrc
+blacklist ${HOME}/.Xauthority
+blacklist ${HOME}/.bashrc
 
-noblacklist ~/.bibletime
-noblacklist ~/.config/qt5ct
-noblacklist ~/.sword
+noblacklist ${HOME}/.bibletime
+noblacklist ${HOME}/.config/qt5ct
+noblacklist ${HOME}/.sword
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/blender.profile b/etc/blender.profile
index f7ecbce55..29df27759 100644
--- a/etc/blender.profile
+++ b/etc/blender.profile
@@ -5,7 +5,7 @@ include /etc/firejail/blender.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/blender
+noblacklist ${HOME}/.config/blender
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/brasero.profile b/etc/brasero.profile
index eff4cba43..f90d4688a 100644
--- a/etc/brasero.profile
+++ b/etc/brasero.profile
@@ -5,7 +5,7 @@ include /etc/firejail/brasero.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/brasero
+noblacklist ${HOME}/.config/brasero
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/brave.profile b/etc/brave.profile
index 4a908c884..476d1575a 100644
--- a/etc/brave.profile
+++ b/etc/brave.profile
@@ -5,25 +5,25 @@ include /etc/firejail/brave.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/brave
+noblacklist ${HOME}/.config/brave
 # brave uses gpg for built-in password manager
-noblacklist ~/.gnupg
-noblacklist ~/.pki
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.pki
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.config/brave
-mkdir ~/.pki
+mkdir ${HOME}/.config/brave
+mkdir ${HOME}/.pki
 whitelist ${DOWNLOADS}
-whitelist ~/.config/KeePass
-whitelist ~/.config/brave
-whitelist ~/.config/keepass
-whitelist ~/.config/lastpass
-whitelist ~/.keepass
-whitelist ~/.lastpass
-whitelist ~/.pki
+whitelist ${HOME}/.config/KeePass
+whitelist ${HOME}/.config/brave
+whitelist ${HOME}/.config/keepass
+whitelist ${HOME}/.config/lastpass
+whitelist ${HOME}/.keepass
+whitelist ${HOME}/.lastpass
+whitelist ${HOME}/.pki
 include /etc/firejail/whitelist-common.inc
 
 # caps.drop all
diff --git a/etc/caja.profile b/etc/caja.profile
index 83b6befa3..c3d5fa7c4 100644
--- a/etc/caja.profile
+++ b/etc/caja.profile
@@ -8,9 +8,9 @@ include /etc/firejail/globals.local
 # Caja is started by systemd on most systems. Therefore it is not firejailed by default. Since there
 # is already a caja process running on MATE desktops firejail will have no effect.
 
-# noblacklist ~/.config/caja - disable-programs.inc is disabled, see below
-# noblacklist ~/.local/share/Trash
-# noblacklist ~/.local/share/caja-python
+# noblacklist ${HOME}/.config/caja - disable-programs.inc is disabled, see below
+# noblacklist ${HOME}/.local/share/Trash
+# noblacklist ${HOME}/.local/share/caja-python
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/calibre.profile b/etc/calibre.profile
index 844231032..e4ed87753 100644
--- a/etc/calibre.profile
+++ b/etc/calibre.profile
@@ -5,8 +5,8 @@ include /etc/firejail/calibre.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/calibre
-noblacklist ~/.config/calibre
+noblacklist ${HOME}/.cache/calibre
+noblacklist ${HOME}/.config/calibre
 
 include /etc/firejail/disable-common.inc
 # include /etc/firejail/disable-devel.inc
diff --git a/etc/catfish.profile b/etc/catfish.profile
index 139951680..6d5ec1c52 100644
--- a/etc/catfish.profile
+++ b/etc/catfish.profile
@@ -10,7 +10,7 @@ include /etc/firejail/globals.local
 
 blacklist /run/user/*/bus
 
-noblacklist ~/.config/catfish
+noblacklist ${HOME}/.config/catfish
 
 include /etc/firejail/disable-common.inc
 # include /etc/firejail/disable-devel.inc
diff --git a/etc/chromium.profile b/etc/chromium.profile
index 0c7058a11..281d8bf76 100644
--- a/etc/chromium.profile
+++ b/etc/chromium.profile
@@ -5,23 +5,23 @@ include /etc/firejail/chromium.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/chromium
-noblacklist ~/.config/chromium
-noblacklist ~/.config/chromium-flags.conf
-noblacklist ~/.pki
+noblacklist ${HOME}/.cache/chromium
+noblacklist ${HOME}/.config/chromium
+noblacklist ${HOME}/.config/chromium-flags.conf
+noblacklist ${HOME}/.pki
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/chromium
-mkdir ~/.config/chromium
-mkdir ~/.pki
+mkdir ${HOME}/.cache/chromium
+mkdir ${HOME}/.config/chromium
+mkdir ${HOME}/.pki
 whitelist ${DOWNLOADS}
-whitelist ~/.cache/chromium
-whitelist ~/.config/chromium
-whitelist ~/.config/chromium-flags.conf
-whitelist ~/.pki
+whitelist ${HOME}/.cache/chromium
+whitelist ${HOME}/.config/chromium
+whitelist ${HOME}/.config/chromium-flags.conf
+whitelist ${HOME}/.pki
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/whitelist-var-common.inc
 
diff --git a/etc/claws-mail.profile b/etc/claws-mail.profile
index 4ab49163b..319515bde 100644
--- a/etc/claws-mail.profile
+++ b/etc/claws-mail.profile
@@ -5,9 +5,9 @@ include /etc/firejail/claws-mail.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.claws-mail
-noblacklist ~/.gnupg
-noblacklist ~/.signature
+noblacklist ${HOME}/.claws-mail
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.signature
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/clementine.profile b/etc/clementine.profile
index 619086437..f4a3301b6 100644
--- a/etc/clementine.profile
+++ b/etc/clementine.profile
@@ -5,7 +5,7 @@ include /etc/firejail/clementine.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/Clementine
+noblacklist ${HOME}/.config/Clementine
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/cliqz.profile b/etc/cliqz.profile
index d61d46dca..086dfa233 100644
--- a/etc/cliqz.profile
+++ b/etc/cliqz.profile
@@ -5,60 +5,60 @@ include /etc/firejail/cliqz.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/cliqz
-noblacklist ~/.config/cliqz
-noblacklist ~/.config/okularpartrc
-noblacklist ~/.config/okularrc
-noblacklist ~/.config/qpdfview
-noblacklist ~/.kde/share/apps/okular
-noblacklist ~/.kde/share/config/okularpartrc
-noblacklist ~/.kde/share/config/okularrc
-noblacklist ~/.kde4/share/apps/okular
-noblacklist ~/.kde4/share/config/okularpartrc
-noblacklist ~/.kde4/share/config/okularrc
-# noblacklist ~/.local/share/gnome-shell/extensions
-noblacklist ~/.local/share/okular
-noblacklist ~/.local/share/qpdfview
+noblacklist ${HOME}/.cache/cliqz
+noblacklist ${HOME}/.config/cliqz
+noblacklist ${HOME}/.config/okularpartrc
+noblacklist ${HOME}/.config/okularrc
+noblacklist ${HOME}/.config/qpdfview
+noblacklist ${HOME}/.kde/share/apps/okular
+noblacklist ${HOME}/.kde/share/config/okularpartrc
+noblacklist ${HOME}/.kde/share/config/okularrc
+noblacklist ${HOME}/.kde4/share/apps/okular
+noblacklist ${HOME}/.kde4/share/config/okularpartrc
+noblacklist ${HOME}/.kde4/share/config/okularrc
+# noblacklist ${HOME}/.local/share/gnome-shell/extensions
+noblacklist ${HOME}/.local/share/okular
+noblacklist ${HOME}/.local/share/qpdfview
 
-noblacklist ~/.pki
+noblacklist ${HOME}/.pki
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/mozilla/firefox
-mkdir ~/.mozilla
-mkdir ~/.pki
+mkdir ${HOME}/.cache/mozilla/firefox
+mkdir ${HOME}/.mozilla
+mkdir ${HOME}/.pki
 whitelist ${DOWNLOADS}
-whitelist ~/.cache/gnome-mplayer/plugin
-whitelist ~/.cache/mozilla/firefox
-whitelist ~/.config/gnome-mplayer
-whitelist ~/.config/okularpartrc
-whitelist ~/.config/okularrc
-whitelist ~/.config/pipelight-silverlight5.1
-whitelist ~/.config/pipelight-widevine
-whitelist ~/.config/qpdfview
-whitelist ~/.kde/share/apps/okular
-whitelist ~/.kde/share/config/okularpartrc
-whitelist ~/.kde/share/config/okularrc
-whitelist ~/.kde4/share/apps/okular
-whitelist ~/.kde4/share/config/okularpartrc
-whitelist ~/.kde4/share/config/okularrc
-whitelist ~/.keysnail.js
-whitelist ~/.lastpass
-whitelist ~/.local/share/gnome-shell/extensions
-whitelist ~/.local/share/okular
-whitelist ~/.local/share/qpdfview
-whitelist ~/.mozilla
-whitelist ~/.pentadactyl
-whitelist ~/.pentadactylrc
-whitelist ~/.pki
-whitelist ~/.vimperator
-whitelist ~/.vimperatorrc
-whitelist ~/.wine-pipelight
-whitelist ~/.wine-pipelight64
-whitelist ~/.zotero
-whitelist ~/dwhelper
+whitelist ${HOME}/.cache/gnome-mplayer/plugin
+whitelist ${HOME}/.cache/mozilla/firefox
+whitelist ${HOME}/.config/gnome-mplayer
+whitelist ${HOME}/.config/okularpartrc
+whitelist ${HOME}/.config/okularrc
+whitelist ${HOME}/.config/pipelight-silverlight5.1
+whitelist ${HOME}/.config/pipelight-widevine
+whitelist ${HOME}/.config/qpdfview
+whitelist ${HOME}/.kde/share/apps/okular
+whitelist ${HOME}/.kde/share/config/okularpartrc
+whitelist ${HOME}/.kde/share/config/okularrc
+whitelist ${HOME}/.kde4/share/apps/okular
+whitelist ${HOME}/.kde4/share/config/okularpartrc
+whitelist ${HOME}/.kde4/share/config/okularrc
+whitelist ${HOME}/.keysnail.js
+whitelist ${HOME}/.lastpass
+whitelist ${HOME}/.local/share/gnome-shell/extensions
+whitelist ${HOME}/.local/share/okular
+whitelist ${HOME}/.local/share/qpdfview
+whitelist ${HOME}/.mozilla
+whitelist ${HOME}/.pentadactyl
+whitelist ${HOME}/.pentadactylrc
+whitelist ${HOME}/.pki
+whitelist ${HOME}/.vimperator
+whitelist ${HOME}/.vimperatorrc
+whitelist ${HOME}/.wine-pipelight
+whitelist ${HOME}/.wine-pipelight64
+whitelist ${HOME}/.zotero
+whitelist ${HOME}/dwhelper
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/whitelist-var-common.inc
 
diff --git a/etc/conkeror.profile b/etc/conkeror.profile
index f6a9eefb6..38c4fdd68 100644
--- a/etc/conkeror.profile
+++ b/etc/conkeror.profile
@@ -10,17 +10,17 @@ noblacklist ${HOME}/.conkeror.mozdev.org
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 
-whitelist ~/.conkeror.mozdev.org
-whitelist ~/.conkerorrc
-whitelist ~/.gtkrc-2.0
-whitelist ~/.lastpass
-whitelist ~/.pentadactyl
-whitelist ~/.pentadactylrc
-whitelist ~/.vimperator
-whitelist ~/.vimperatorrc
-whitelist ~/.zotero
-whitelist ~/Downloads
-whitelist ~/dwhelper
+whitelist ${HOME}/.conkeror.mozdev.org
+whitelist ${HOME}/.conkerorrc
+whitelist ${HOME}/.gtkrc-2.0
+whitelist ${HOME}/.lastpass
+whitelist ${HOME}/.pentadactyl
+whitelist ${HOME}/.pentadactylrc
+whitelist ${HOME}/.vimperator
+whitelist ${HOME}/.vimperatorrc
+whitelist ${HOME}/.zotero
+whitelist ${HOME}/Downloads
+whitelist ${HOME}/dwhelper
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all
diff --git a/etc/corebird.profile b/etc/corebird.profile
index 99a3335ef..3c9740cb7 100644
--- a/etc/corebird.profile
+++ b/etc/corebird.profile
@@ -5,7 +5,7 @@ include /etc/firejail/corebird.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/corebird
+noblacklist ${HOME}/.config/corebird
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/cower.profile b/etc/cower.profile
index 5e5c367c4..565c417ed 100644
--- a/etc/cower.profile
+++ b/etc/cower.profile
@@ -2,8 +2,8 @@
 # This file is overwritten after every install/update
 
 # This profile could be significantly strengthened by adding the following to cower.local
-# whitelist ~/<Your Build Folder>
-# whitelist ~/.config/cower/
+# whitelist ${HOME}/<Your Build Folder>
+# whitelist ${HOME}/.config/cower/
 
 quiet
 
@@ -12,8 +12,8 @@ include /etc/firejail/cower.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/cower/config
-read-only ~/.config/cower/config
+noblacklist ${HOME}/.config/cower/config
+read-only ${HOME}/.config/cower/config
 
 noblacklist /var/lib/pacman
 
diff --git a/etc/curl.profile b/etc/curl.profile
index 972bbe9cc..521cd20cc 100644
--- a/etc/curl.profile
+++ b/etc/curl.profile
@@ -8,7 +8,7 @@ include /etc/firejail/globals.local
 
 blacklist /tmp/.X11-unix
 
-noblacklist ~/.curlrc
+noblacklist ${HOME}/.curlrc
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-passwdmgr.inc
diff --git a/etc/cyberfox.profile b/etc/cyberfox.profile
index 63f6ea845..a670f6aa3 100644
--- a/etc/cyberfox.profile
+++ b/etc/cyberfox.profile
@@ -5,49 +5,49 @@ include /etc/firejail/cyberfox.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.8pecxstudios
-noblacklist ~/.cache/8pecxstudios
-noblacklist ~/.config/okularpartrc
-noblacklist ~/.config/okularrc
-noblacklist ~/.config/qpdfview
-noblacklist ~/.kde/share/apps/okular
-noblacklist ~/.kde4/share/apps/okular
-noblacklist ~/.local/share/okular
-noblacklist ~/.local/share/qpdfview
-noblacklist ~/.pki
+noblacklist ${HOME}/.8pecxstudios
+noblacklist ${HOME}/.cache/8pecxstudios
+noblacklist ${HOME}/.config/okularpartrc
+noblacklist ${HOME}/.config/okularrc
+noblacklist ${HOME}/.config/qpdfview
+noblacklist ${HOME}/.kde/share/apps/okular
+noblacklist ${HOME}/.kde4/share/apps/okular
+noblacklist ${HOME}/.local/share/okular
+noblacklist ${HOME}/.local/share/qpdfview
+noblacklist ${HOME}/.pki
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.8pecxstudios
-mkdir ~/.cache/8pecxstudios
-mkdir ~/.pki
+mkdir ${HOME}/.8pecxstudios
+mkdir ${HOME}/.cache/8pecxstudios
+mkdir ${HOME}/.pki
 whitelist ${DOWNLOADS}
-whitelist ~/.8pecxstudios
-whitelist ~/.cache/8pecxstudios
-whitelist ~/.cache/gnome-mplayer/plugin
-whitelist ~/.config/gnome-mplayer
-whitelist ~/.config/okularpartrc
-whitelist ~/.config/okularrc
-whitelist ~/.config/pipelight-silverlight5.1
-whitelist ~/.config/pipelight-widevine
-whitelist ~/.config/qpdfview
-whitelist ~/.kde/share/apps/okular
-whitelist ~/.kde4/share/apps/okular
-whitelist ~/.keysnail.js
-whitelist ~/.lastpass
-whitelist ~/.local/share/okular
-whitelist ~/.local/share/qpdfview
-whitelist ~/.pentadactyl
-whitelist ~/.pentadactylrc
-whitelist ~/.pki
-whitelist ~/.vimperator
-whitelist ~/.vimperatorrc
-whitelist ~/.wine-pipelight
-whitelist ~/.wine-pipelight64
-whitelist ~/.zotero
-whitelist ~/dwhelper
+whitelist ${HOME}/.8pecxstudios
+whitelist ${HOME}/.cache/8pecxstudios
+whitelist ${HOME}/.cache/gnome-mplayer/plugin
+whitelist ${HOME}/.config/gnome-mplayer
+whitelist ${HOME}/.config/okularpartrc
+whitelist ${HOME}/.config/okularrc
+whitelist ${HOME}/.config/pipelight-silverlight5.1
+whitelist ${HOME}/.config/pipelight-widevine
+whitelist ${HOME}/.config/qpdfview
+whitelist ${HOME}/.kde/share/apps/okular
+whitelist ${HOME}/.kde4/share/apps/okular
+whitelist ${HOME}/.keysnail.js
+whitelist ${HOME}/.lastpass
+whitelist ${HOME}/.local/share/okular
+whitelist ${HOME}/.local/share/qpdfview
+whitelist ${HOME}/.pentadactyl
+whitelist ${HOME}/.pentadactylrc
+whitelist ${HOME}/.pki
+whitelist ${HOME}/.vimperator
+whitelist ${HOME}/.vimperatorrc
+whitelist ${HOME}/.wine-pipelight
+whitelist ${HOME}/.wine-pipelight64
+whitelist ${HOME}/.zotero
+whitelist ${HOME}/dwhelper
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all
diff --git a/etc/darktable.profile b/etc/darktable.profile
index c2dc0b42c..176ffaca1 100644
--- a/etc/darktable.profile
+++ b/etc/darktable.profile
@@ -5,8 +5,8 @@ include /etc/firejail/darktable.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/darktable
-noblacklist ~/.config/darktable
+noblacklist ${HOME}/.cache/darktable
+noblacklist ${HOME}/.config/darktable
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/dia.profile b/etc/dia.profile
index bf3c384ab..b1a723da0 100644
--- a/etc/dia.profile
+++ b/etc/dia.profile
@@ -7,7 +7,7 @@ include /etc/firejail/globals.local
 
 blacklist /run/user/*/bus
 
-noblacklist ~/.dia
+noblacklist ${HOME}/.dia
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/dillo.profile b/etc/dillo.profile
index 840a568d8..6afb999e7 100644
--- a/etc/dillo.profile
+++ b/etc/dillo.profile
@@ -5,18 +5,18 @@ include /etc/firejail/dillo.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.dillo
+noblacklist ${HOME}/.dillo
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.dillo
-mkdir ~/.fltk
+mkdir ${HOME}/.dillo
+mkdir ${HOME}/.fltk
 whitelist ${DOWNLOADS}
-whitelist ~/.dillo
-whitelist ~/.fltk
+whitelist ${HOME}/.dillo
+whitelist ${HOME}/.fltk
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/whitelist-var-common.inc
 
diff --git a/etc/dolphin.profile b/etc/dolphin.profile
index fe72ee654..c1604826e 100644
--- a/etc/dolphin.profile
+++ b/etc/dolphin.profile
@@ -8,8 +8,8 @@ include /etc/firejail/globals.local
 # warning: firejail is currently not effectively constraining dolphin since used services are started by kdeinit5
 
 noblacklist ${HOME}/.local/share/Trash
-# noblacklist ~/.config/dolphinrc - diable-programs.inc is disabled, see below
-# noblacklist ~/.local/share/dolphin
+# noblacklist ${HOME}/.config/dolphinrc - diable-programs.inc is disabled, see below
+# noblacklist ${HOME}/.local/share/dolphin
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/dosbox.profile b/etc/dosbox.profile
index a64578e5c..736c7da2f 100644
--- a/etc/dosbox.profile
+++ b/etc/dosbox.profile
@@ -5,7 +5,7 @@ include /etc/firejail/dosbox.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.dosbox
+noblacklist ${HOME}/.dosbox
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/dragon.profile b/etc/dragon.profile
index c37f81ac9..76544010f 100644
--- a/etc/dragon.profile
+++ b/etc/dragon.profile
@@ -5,7 +5,7 @@ include /etc/firejail/dragon.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/dragonplayerrc
+noblacklist ${HOME}/.config/dragonplayerrc
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/dropbox.profile b/etc/dropbox.profile
index ec268c09b..138b3912a 100644
--- a/etc/dropbox.profile
+++ b/etc/dropbox.profile
@@ -5,23 +5,23 @@ include /etc/firejail/dropbox.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/autostart
-noblacklist ~/.dropbox
-noblacklist ~/.dropbox-dist
+noblacklist ${HOME}/.config/autostart
+noblacklist ${HOME}/.dropbox
+noblacklist ${HOME}/.dropbox-dist
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.dropbox
-mkdir ~/.dropbox-dist
-mkdir ~/Dropbox
-mkfile ~/.config/autostart/dropbox.desktop
-whitelist ~/.config/autostart/dropbox.desktop
-whitelist ~/.dropbox
-whitelist ~/.dropbox-dist
-whitelist ~/Dropbox
+mkdir ${HOME}/.dropbox
+mkdir ${HOME}/.dropbox-dist
+mkdir ${HOME}/Dropbox
+mkfile ${HOME}/.config/autostart/dropbox.desktop
+whitelist ${HOME}/.config/autostart/dropbox.desktop
+whitelist ${HOME}/.dropbox
+whitelist ${HOME}/.dropbox-dist
+whitelist ${HOME}/Dropbox
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all
diff --git a/etc/elinks.profile b/etc/elinks.profile
index 10fd19f71..aca30c933 100644
--- a/etc/elinks.profile
+++ b/etc/elinks.profile
@@ -7,7 +7,7 @@ include /etc/firejail/globals.local
 
 blacklist /tmp/.X11-unix
 
-noblacklist ~/.elinks
+noblacklist ${HOME}/.elinks
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/emacs.profile b/etc/emacs.profile
index 8351d6c42..8700bc8e6 100644
--- a/etc/emacs.profile
+++ b/etc/emacs.profile
@@ -5,8 +5,8 @@ include /etc/firejail/emacs.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.emacs
-noblacklist ~/.emacs.d
+noblacklist ${HOME}/.emacs
+noblacklist ${HOME}/.emacs.d
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-passwdmgr.inc
diff --git a/etc/enchant.profile b/etc/enchant.profile
index b7034b937..8178bb2c8 100644
--- a/etc/enchant.profile
+++ b/etc/enchant.profile
@@ -5,7 +5,7 @@ include /etc/firejail/enchant.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/enchant
+noblacklist ${HOME}/.config/enchant
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/eog.profile b/etc/eog.profile
index c07268e14..cf6b1c1c6 100644
--- a/etc/eog.profile
+++ b/etc/eog.profile
@@ -7,10 +7,10 @@ include /etc/firejail/globals.local
 
 # blacklist /run/user/*/bus - makes settings immutable
 
-noblacklist ~/.Steam
-noblacklist ~/.config/eog
-noblacklist ~/.local/share/Trash
-noblacklist ~/.steam
+noblacklist ${HOME}/.Steam
+noblacklist ${HOME}/.config/eog
+noblacklist ${HOME}/.local/share/Trash
+noblacklist ${HOME}/.steam
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/eom.profile b/etc/eom.profile
index 5e0008ab3..4edd8fafe 100644
--- a/etc/eom.profile
+++ b/etc/eom.profile
@@ -7,10 +7,10 @@ include /etc/firejail/globals.local
 
 # blacklist /run/user/*/bus - makes settings immutable
 
-noblacklist ~/.Steam
-noblacklist ~/.config/mate/eom
-noblacklist ~/.local/share/Trash
-noblacklist ~/.steam
+noblacklist ${HOME}/.Steam
+noblacklist ${HOME}/.config/mate/eom
+noblacklist ${HOME}/.local/share/Trash
+noblacklist ${HOME}/.steam
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/etr.profile b/etc/etr.profile
index 579aa570a..ad2e5be5d 100644
--- a/etc/etr.profile
+++ b/etc/etr.profile
@@ -7,14 +7,14 @@ include /etc/firejail/globals.local
 
 blacklist /run/user/*/bus
 
-noblacklist ~/.etr
+noblacklist ${HOME}/.etr
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.etr
-whitelist ~/.etr
+mkdir ${HOME}/.etr
+whitelist ${HOME}/.etr
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/whitelist-var-common.inc
 
diff --git a/etc/evince.profile b/etc/evince.profile
index b68d272df..7118d3c08 100644
--- a/etc/evince.profile
+++ b/etc/evince.profile
@@ -7,7 +7,7 @@ include /etc/firejail/globals.local
 
 # blacklist /run/user/*/bus
 
-noblacklist ~/.config/evince
+noblacklist ${HOME}/.config/evince
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/evolution.profile b/etc/evolution.profile
index e74c68f63..90a0c4ec4 100644
--- a/etc/evolution.profile
+++ b/etc/evolution.profile
@@ -7,12 +7,12 @@ include /etc/firejail/globals.local
 
 noblacklist /var/mail
 noblacklist /var/spool/mail
-# noblacklist ~/.bogofilter
-noblacklist ~/.cache/evolution
-noblacklist ~/.config/evolution
-noblacklist ~/.gnupg
-noblacklist ~/.local/share/evolution
-noblacklist ~/.pki
+# noblacklist ${HOME}/.bogofilter
+noblacklist ${HOME}/.cache/evolution
+noblacklist ${HOME}/.config/evolution
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.local/share/evolution
+noblacklist ${HOME}/.pki
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/firefox.profile b/etc/firefox.profile
index 2423b149c..b76c16385 100644
--- a/etc/firefox.profile
+++ b/etc/firefox.profile
@@ -5,67 +5,67 @@ include /etc/firejail/firefox.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/mozilla
-noblacklist ~/.config/okularpartrc
-noblacklist ~/.config/okularrc
-noblacklist ~/.config/qpdfview
-noblacklist ~/.kde/share/apps/kget
-noblacklist ~/.kde/share/apps/okular
-noblacklist ~/.kde/share/config/kgetrc
-noblacklist ~/.kde/share/config/okularpartrc
-noblacklist ~/.kde/share/config/okularrc
-noblacklist ~/.kde4/share/apps/kget
-noblacklist ~/.kde4/share/apps/okular
-noblacklist ~/.kde4/share/config/kgetrc
-noblacklist ~/.kde4/share/config/okularpartrc
-noblacklist ~/.kde4/share/config/okularrc
-# noblacklist ~/.local/share/gnome-shell/extensions
-noblacklist ~/.local/share/okular
-noblacklist ~/.local/share/qpdfview
-noblacklist ~/.mozilla
-noblacklist ~/.pki
+noblacklist ${HOME}/.cache/mozilla
+noblacklist ${HOME}/.config/okularpartrc
+noblacklist ${HOME}/.config/okularrc
+noblacklist ${HOME}/.config/qpdfview
+noblacklist ${HOME}/.kde/share/apps/kget
+noblacklist ${HOME}/.kde/share/apps/okular
+noblacklist ${HOME}/.kde/share/config/kgetrc
+noblacklist ${HOME}/.kde/share/config/okularpartrc
+noblacklist ${HOME}/.kde/share/config/okularrc
+noblacklist ${HOME}/.kde4/share/apps/kget
+noblacklist ${HOME}/.kde4/share/apps/okular
+noblacklist ${HOME}/.kde4/share/config/kgetrc
+noblacklist ${HOME}/.kde4/share/config/okularpartrc
+noblacklist ${HOME}/.kde4/share/config/okularrc
+# noblacklist ${HOME}/.local/share/gnome-shell/extensions
+noblacklist ${HOME}/.local/share/okular
+noblacklist ${HOME}/.local/share/qpdfview
+noblacklist ${HOME}/.mozilla
+noblacklist ${HOME}/.pki
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/mozilla/firefox
-mkdir ~/.mozilla
-mkdir ~/.pki
+mkdir ${HOME}/.cache/mozilla/firefox
+mkdir ${HOME}/.mozilla
+mkdir ${HOME}/.pki
 whitelist ${DOWNLOADS}
-whitelist ~/.cache/gnome-mplayer/plugin
-whitelist ~/.cache/mozilla/firefox
-whitelist ~/.config/gnome-mplayer
-whitelist ~/.config/okularpartrc
-whitelist ~/.config/okularrc
-whitelist ~/.config/pipelight-silverlight5.1
-whitelist ~/.config/pipelight-widevine
-whitelist ~/.config/qpdfview
-whitelist ~/.kde/share/apps/kget
-whitelist ~/.kde/share/apps/okular
-whitelist ~/.kde/share/config/kgetrc
-whitelist ~/.kde/share/config/okularpartrc
-whitelist ~/.kde/share/config/okularrc
-whitelist ~/.kde4/share/apps/kget
-whitelist ~/.kde4/share/apps/okular
-whitelist ~/.kde4/share/config/kgetrc
-whitelist ~/.kde4/share/config/okularpartrc
-whitelist ~/.kde4/share/config/okularrc
-whitelist ~/.keysnail.js
-whitelist ~/.lastpass
-whitelist ~/.local/share/gnome-shell/extensions
-whitelist ~/.local/share/okular
-whitelist ~/.local/share/qpdfview
-whitelist ~/.mozilla
-whitelist ~/.pentadactyl
-whitelist ~/.pentadactylrc
-whitelist ~/.pki
-whitelist ~/.vimperator
-whitelist ~/.vimperatorrc
-whitelist ~/.wine-pipelight
-whitelist ~/.wine-pipelight64
-whitelist ~/.zotero
-whitelist ~/dwhelper
+whitelist ${HOME}/.cache/gnome-mplayer/plugin
+whitelist ${HOME}/.cache/mozilla/firefox
+whitelist ${HOME}/.config/gnome-mplayer
+whitelist ${HOME}/.config/okularpartrc
+whitelist ${HOME}/.config/okularrc
+whitelist ${HOME}/.config/pipelight-silverlight5.1
+whitelist ${HOME}/.config/pipelight-widevine
+whitelist ${HOME}/.config/qpdfview
+whitelist ${HOME}/.kde/share/apps/kget
+whitelist ${HOME}/.kde/share/apps/okular
+whitelist ${HOME}/.kde/share/config/kgetrc
+whitelist ${HOME}/.kde/share/config/okularpartrc
+whitelist ${HOME}/.kde/share/config/okularrc
+whitelist ${HOME}/.kde4/share/apps/kget
+whitelist ${HOME}/.kde4/share/apps/okular
+whitelist ${HOME}/.kde4/share/config/kgetrc
+whitelist ${HOME}/.kde4/share/config/okularpartrc
+whitelist ${HOME}/.kde4/share/config/okularrc
+whitelist ${HOME}/.keysnail.js
+whitelist ${HOME}/.lastpass
+whitelist ${HOME}/.local/share/gnome-shell/extensions
+whitelist ${HOME}/.local/share/okular
+whitelist ${HOME}/.local/share/qpdfview
+whitelist ${HOME}/.mozilla
+whitelist ${HOME}/.pentadactyl
+whitelist ${HOME}/.pentadactylrc
+whitelist ${HOME}/.pki
+whitelist ${HOME}/.vimperator
+whitelist ${HOME}/.vimperatorrc
+whitelist ${HOME}/.wine-pipelight
+whitelist ${HOME}/.wine-pipelight64
+whitelist ${HOME}/.zotero
+whitelist ${HOME}/dwhelper
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/whitelist-var-common.inc
 
diff --git a/etc/flashpeak-slimjet.profile b/etc/flashpeak-slimjet.profile
index 18db4c597..feb4087f4 100644
--- a/etc/flashpeak-slimjet.profile
+++ b/etc/flashpeak-slimjet.profile
@@ -10,21 +10,21 @@ include /etc/firejail/globals.local
 # to run it is as follows:
 #  firejail flashpeak-slimjet --no-sandbox
 
-noblacklist ~/.cache/slimjet
-noblacklist ~/.config/slimjet
-noblacklist ~/.pki
+noblacklist ${HOME}/.cache/slimjet
+noblacklist ${HOME}/.config/slimjet
+noblacklist ${HOME}/.pki
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/slimjet
-mkdir ~/.config/slimjet
-mkdir ~/.pki
+mkdir ${HOME}/.cache/slimjet
+mkdir ${HOME}/.config/slimjet
+mkdir ${HOME}/.pki
 whitelist ${DOWNLOADS}
-whitelist ~/.cache/slimjet
-whitelist ~/.config/slimjet
-whitelist ~/.pki
+whitelist ${HOME}/.cache/slimjet
+whitelist ${HOME}/.config/slimjet
+whitelist ${HOME}/.pki
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all
diff --git a/etc/fossamail.profile b/etc/fossamail.profile
index cef522c53..4316c0988 100644
--- a/etc/fossamail.profile
+++ b/etc/fossamail.profile
@@ -5,16 +5,16 @@ include /etc/firejail/fossamail.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/fossamail
-noblacklist ~/.fossamail
-noblacklist ~/.gnupg
+noblacklist ${HOME}/.cache/fossamail
+noblacklist ${HOME}/.fossamail
+noblacklist ${HOME}/.gnupg
 
-mkdir ~/.cache/fossamail
-mkdir ~/.fossamail
-mkdir ~/.gnupg
-whitelist ~/.cache/fossamail
-whitelist ~/.fossamail
-whitelist ~/.gnupg
+mkdir ${HOME}/.cache/fossamail
+mkdir ${HOME}/.fossamail
+mkdir ${HOME}/.gnupg
+whitelist ${HOME}/.cache/fossamail
+whitelist ${HOME}/.fossamail
+whitelist ${HOME}/.gnupg
 include /etc/firejail/whitelist-common.inc
 
 # allow browsers
diff --git a/etc/franz.profile b/etc/franz.profile
index bceeaf3b4..42b14fa2f 100644
--- a/etc/franz.profile
+++ b/etc/franz.profile
@@ -5,21 +5,21 @@ include /etc/firejail/franz.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/Franz
-noblacklist ~/.config/Franz
-noblacklist ~/.pki
+noblacklist ${HOME}/.cache/Franz
+noblacklist ${HOME}/.config/Franz
+noblacklist ${HOME}/.pki
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/Franz
-mkdir ~/.config/Franz
-mkdir ~/.pki
+mkdir ${HOME}/.cache/Franz
+mkdir ${HOME}/.config/Franz
+mkdir ${HOME}/.pki
 whitelist ${DOWNLOADS}
-whitelist ~/.cache/Franz
-whitelist ~/.config/Franz
-whitelist ~/.pki
+whitelist ${HOME}/.cache/Franz
+whitelist ${HOME}/.config/Franz
+whitelist ${HOME}/.pki
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all
diff --git a/etc/frozen-bubble.profile b/etc/frozen-bubble.profile
index 0480faf6f..0660137e0 100644
--- a/etc/frozen-bubble.profile
+++ b/etc/frozen-bubble.profile
@@ -7,14 +7,14 @@ include /etc/firejail/globals.local
 
 blacklist /run/user/*/bus
 
-noblacklist ~/.frozen-bubble
+noblacklist ${HOME}/.frozen-bubble
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.frozen-bubble
-whitelist ~/.frozen-bubble
+mkdir ${HOME}/.frozen-bubble
+whitelist ${HOME}/.frozen-bubble
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/whitelist-var-common.inc
 
diff --git a/etc/galculator.profile b/etc/galculator.profile
index fdb9e3f1d..0923d7e55 100644
--- a/etc/galculator.profile
+++ b/etc/galculator.profile
@@ -7,15 +7,15 @@ include /etc/firejail/globals.local
 
 blacklist /run/user/*/bus
 
-noblacklist ~/.config/galculator
+noblacklist ${HOME}/.config/galculator
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.config/galculator
-whitelist ~/.config/galculator
+mkdir ${HOME}/.config/galculator
+whitelist ${HOME}/.config/galculator
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/whitelist-var-common.inc
 
diff --git a/etc/geary.profile b/etc/geary.profile
index 3ab4a21d8..36c00efa0 100644
--- a/etc/geary.profile
+++ b/etc/geary.profile
@@ -8,18 +8,18 @@ include /etc/firejail/globals.local
 # Users have Geary set to open a browser by clicking a link in an email
 # We are not allowed to blacklist browser-specific directories
 
-noblacklist ~/.gnupg
-noblacklist ~/.local/share/geary
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.local/share/geary
 
-mkdir ~/.gnupg
-mkdir ~/.local/share/geary
-whitelist ~/.gnupg
-whitelist ~/.local/share/geary
+mkdir ${HOME}/.gnupg
+mkdir ${HOME}/.local/share/geary
+whitelist ${HOME}/.gnupg
+whitelist ${HOME}/.local/share/geary
 include /etc/firejail/whitelist-common.inc
 
 ignore private-tmp
 
-read-only ~/.config/mimeapps.list
+read-only ${HOME}/.config/mimeapps.list
 
 # allow browsers
 # Redirect
diff --git a/etc/geeqie.profile b/etc/geeqie.profile
index a50fd4370..27ee343af 100644
--- a/etc/geeqie.profile
+++ b/etc/geeqie.profile
@@ -5,9 +5,9 @@ include /etc/firejail/geeqie.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/geeqie
-noblacklist ~/.config/geeqie
-noblacklist ~/.local/share/geeqie
+noblacklist ${HOME}/.cache/geeqie
+noblacklist ${HOME}/.config/geeqie
+noblacklist ${HOME}/.local/share/geeqie
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/gimp.profile b/etc/gimp.profile
index b398813f6..2a0698cc3 100644
--- a/etc/gimp.profile
+++ b/etc/gimp.profile
@@ -30,7 +30,7 @@ shell none
 private-dev
 private-tmp
 
-# gimp plugins are installed by the user in ~/.gimp-2.8/plug-ins/ directory
+# gimp plugins are installed by the user in ${HOME}/.gimp-2.8/plug-ins/ directory
 # if you are not using external plugins, you can enable noexec statement below
 # noexec ${HOME}
 noexec /tmp
diff --git a/etc/git.profile b/etc/git.profile
index 14fb55118..7dac03b1b 100644
--- a/etc/git.profile
+++ b/etc/git.profile
@@ -8,13 +8,13 @@ include /etc/firejail/globals.local
 
 blacklist /tmp/.X11-unix
 
-noblacklist ~/.emacs
-noblacklist ~/.emacs.d
-noblacklist ~/.gitconfig
-noblacklist ~/.gnupg
-noblacklist ~/.ssh
-noblacklist ~/.vim
-noblacklist ~/.viminfo
+noblacklist ${HOME}/.emacs
+noblacklist ${HOME}/.emacs.d
+noblacklist ${HOME}/.gitconfig
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.ssh
+noblacklist ${HOME}/.vim
+noblacklist ${HOME}/.viminfo
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-passwdmgr.inc
diff --git a/etc/gitter.profile b/etc/gitter.profile
index 3e84455f1..a3bbabd10 100644
--- a/etc/gitter.profile
+++ b/etc/gitter.profile
@@ -5,8 +5,8 @@ include /etc/firejail/gitter.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/autostart
-noblacklist ~/.config/Gitter
+noblacklist ${HOME}/.config/autostart
+noblacklist ${HOME}/.config/Gitter
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
@@ -14,8 +14,8 @@ include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
 whitelist ${DOWNLOADS}
-whitelist ~/.config/autostart
-whitelist ~/.config/Gitter
+whitelist ${HOME}/.config/autostart
+whitelist ${HOME}/.config/Gitter
 include /etc/firejail/whitelist-var-common.inc
 
 caps.drop all
diff --git a/etc/gjs.profile b/etc/gjs.profile
index a856d35b5..32faeb8df 100644
--- a/etc/gjs.profile
+++ b/etc/gjs.profile
@@ -7,10 +7,10 @@ include /etc/firejail/globals.local
 
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
 
-noblacklist ~/.cache/libgweather
-noblacklist ~/.cache/org.gnome.Books
-noblacklist ~/.config/libreoffice
-noblacklist ~/.local/share/gnome-photos
+noblacklist ${HOME}/.cache/libgweather
+noblacklist ${HOME}/.cache/org.gnome.Books
+noblacklist ${HOME}/.config/libreoffice
+noblacklist ${HOME}/.local/share/gnome-photos
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/gnome-books.profile b/etc/gnome-books.profile
index 6998a3a42..bd21cd39f 100644
--- a/etc/gnome-books.profile
+++ b/etc/gnome-books.profile
@@ -7,7 +7,7 @@ include /etc/firejail/globals.local
 
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
 
-noblacklist ~/.cache/org.gnome.Books
+noblacklist ${HOME}/.cache/org.gnome.Books
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/gnome-chess.profile b/etc/gnome-chess.profile
index 4caf971dd..f1f04d889 100644
--- a/etc/gnome-chess.profile
+++ b/etc/gnome-chess.profile
@@ -5,7 +5,7 @@ include /etc/firejail/gnome-chess.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.local/share/gnome-chess
+noblacklist ${HOME}/.local/share/gnome-chess
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/gnome-documents.profile b/etc/gnome-documents.profile
index 3254f3fbc..40bb63538 100644
--- a/etc/gnome-documents.profile
+++ b/etc/gnome-documents.profile
@@ -7,7 +7,7 @@ include /etc/firejail/globals.local
 
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
 
-noblacklist ~/.config/libreoffice
+noblacklist ${HOME}/.config/libreoffice
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile
index 166994374..c9626950e 100644
--- a/etc/gnome-mplayer.profile
+++ b/etc/gnome-mplayer.profile
@@ -5,7 +5,7 @@ include /etc/firejail/gnome-mplayer.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/gnome-mplayer
+noblacklist ${HOME}/.config/gnome-mplayer
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/gnome-music.profile b/etc/gnome-music.profile
index 17288d500..f052563be 100644
--- a/etc/gnome-music.profile
+++ b/etc/gnome-music.profile
@@ -5,7 +5,7 @@ include /etc/firejail/gnome-music.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.local/share/gnome-music
+noblacklist ${HOME}/.local/share/gnome-music
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/gnome-photos.profile b/etc/gnome-photos.profile
index f9be4c4de..f3b00a868 100644
--- a/etc/gnome-photos.profile
+++ b/etc/gnome-photos.profile
@@ -7,7 +7,7 @@ include /etc/firejail/globals.local
 
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
 
-noblacklist ~/.local/share/gnome-photos
+noblacklist ${HOME}/.local/share/gnome-photos
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/gnome-weather.profile b/etc/gnome-weather.profile
index e5804687c..0423b06dd 100644
--- a/etc/gnome-weather.profile
+++ b/etc/gnome-weather.profile
@@ -7,7 +7,7 @@ include /etc/firejail/globals.local
 
 # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them
 
-noblacklist ~/.cache/libgweather
+noblacklist ${HOME}/.cache/libgweather
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/google-chrome-beta.profile b/etc/google-chrome-beta.profile
index ac457b92f..9c7306b85 100644
--- a/etc/google-chrome-beta.profile
+++ b/etc/google-chrome-beta.profile
@@ -5,21 +5,21 @@ include /etc/firejail/google-chrome-beta.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/google-chrome-beta
-noblacklist ~/.config/google-chrome-beta
-noblacklist ~/.pki
+noblacklist ${HOME}/.cache/google-chrome-beta
+noblacklist ${HOME}/.config/google-chrome-beta
+noblacklist ${HOME}/.pki
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/google-chrome-beta
-mkdir ~/.config/google-chrome-beta
-mkdir ~/.pki
+mkdir ${HOME}/.cache/google-chrome-beta
+mkdir ${HOME}/.config/google-chrome-beta
+mkdir ${HOME}/.pki
 whitelist ${DOWNLOADS}
-whitelist ~/.cache/google-chrome-beta
-whitelist ~/.config/google-chrome-beta
-whitelist ~/.pki
+whitelist ${HOME}/.cache/google-chrome-beta
+whitelist ${HOME}/.config/google-chrome-beta
+whitelist ${HOME}/.pki
 include /etc/firejail/whitelist-common.inc
 
 caps.keep sys_chroot,sys_admin
diff --git a/etc/google-chrome-unstable.profile b/etc/google-chrome-unstable.profile
index 3d7a9a715..bb05b3e99 100644
--- a/etc/google-chrome-unstable.profile
+++ b/etc/google-chrome-unstable.profile
@@ -5,21 +5,21 @@ include /etc/firejail/google-chrome-unstable.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/google-chrome-unstable
-noblacklist ~/.config/google-chrome-unstable
-noblacklist ~/.pki
+noblacklist ${HOME}/.cache/google-chrome-unstable
+noblacklist ${HOME}/.config/google-chrome-unstable
+noblacklist ${HOME}/.pki
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/google-chrome-unstable
-mkdir ~/.config/google-chrome-unstable
-mkdir ~/.pki
+mkdir ${HOME}/.cache/google-chrome-unstable
+mkdir ${HOME}/.config/google-chrome-unstable
+mkdir ${HOME}/.pki
 whitelist ${DOWNLOADS}
-whitelist ~/.cache/google-chrome-unstable
-whitelist ~/.config/google-chrome-unstable
-whitelist ~/.pki
+whitelist ${HOME}/.cache/google-chrome-unstable
+whitelist ${HOME}/.config/google-chrome-unstable
+whitelist ${HOME}/.pki
 include /etc/firejail/whitelist-common.inc
 
 caps.keep sys_chroot,sys_admin
diff --git a/etc/google-chrome.profile b/etc/google-chrome.profile
index 6e5175989..2e9524e16 100644
--- a/etc/google-chrome.profile
+++ b/etc/google-chrome.profile
@@ -5,21 +5,21 @@ include /etc/firejail/google-chrome.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/google-chrome
-noblacklist ~/.config/google-chrome
-noblacklist ~/.pki
+noblacklist ${HOME}/.cache/google-chrome
+noblacklist ${HOME}/.config/google-chrome
+noblacklist ${HOME}/.pki
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/google-chrome
-mkdir ~/.config/google-chrome
-mkdir ~/.pki
+mkdir ${HOME}/.cache/google-chrome
+mkdir ${HOME}/.config/google-chrome
+mkdir ${HOME}/.pki
 whitelist ${DOWNLOADS}
-whitelist ~/.cache/google-chrome
-whitelist ~/.config/google-chrome
-whitelist ~/.pki
+whitelist ${HOME}/.cache/google-chrome
+whitelist ${HOME}/.config/google-chrome
+whitelist ${HOME}/.pki
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/whitelist-var-common.inc
 
diff --git a/etc/google-play-music-desktop-player.profile b/etc/google-play-music-desktop-player.profile
index 11ca13090..58473d5c8 100644
--- a/etc/google-play-music-desktop-player.profile
+++ b/etc/google-play-music-desktop-player.profile
@@ -5,16 +5,16 @@ include /etc/firejail/google-play-music-desktop-player.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/Google Play Music Desktop Player
+noblacklist ${HOME}/.config/Google Play Music Desktop Player
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-# whitelist ~/.config/pulse
-# whitelist ~/.pulse
-whitelist ~/.config/Google Play Music Desktop Player
+# whitelist ${HOME}/.config/pulse
+# whitelist ${HOME}/.pulse
+whitelist ${HOME}/.config/Google Play Music Desktop Player
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all
diff --git a/etc/gpa.profile b/etc/gpa.profile
index 8d721e2c0..725c744ed 100644
--- a/etc/gpa.profile
+++ b/etc/gpa.profile
@@ -5,7 +5,7 @@ include /etc/firejail/gpa.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.gnupg
+noblacklist ${HOME}/.gnupg
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/gpg-agent.profile b/etc/gpg-agent.profile
index 8fd2ce232..c59c624fc 100644
--- a/etc/gpg-agent.profile
+++ b/etc/gpg-agent.profile
@@ -7,7 +7,7 @@ include /etc/firejail/globals.local
 
 blacklist /tmp/.X11-unix
 
-noblacklist ~/.gnupg
+noblacklist ${HOME}/.gnupg
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/gpg.profile b/etc/gpg.profile
index 8c39f85e3..cd2b30e9e 100644
--- a/etc/gpg.profile
+++ b/etc/gpg.profile
@@ -7,7 +7,7 @@ include /etc/firejail/globals.local
 
 blacklist /tmp/.X11-unix
 
-noblacklist ~/.gnupg
+noblacklist ${HOME}/.gnupg
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/gpicview.profile b/etc/gpicview.profile
index 5ed447ac4..8d47d9c31 100644
--- a/etc/gpicview.profile
+++ b/etc/gpicview.profile
@@ -7,7 +7,7 @@ include /etc/firejail/globals.local
 
 blacklist /run/user/*/bus
 
-noblacklist ~/.config/gpicview
+noblacklist ${HOME}/.config/gpicview
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/gpredict.profile b/etc/gpredict.profile
index f204366c5..029c37290 100644
--- a/etc/gpredict.profile
+++ b/etc/gpredict.profile
@@ -5,14 +5,14 @@ include /etc/firejail/gpredict.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/Gpredict
+noblacklist ${HOME}/.config/Gpredict
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-whitelist ~/.config/Gpredict
+whitelist ${HOME}/.config/Gpredict
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all
diff --git a/etc/gthumb.profile b/etc/gthumb.profile
index 287e214e1..5d066c141 100644
--- a/etc/gthumb.profile
+++ b/etc/gthumb.profile
@@ -6,8 +6,8 @@ include /etc/firejail/gthumb.local
 include /etc/firejail/globals.local
 
 noblacklist ${HOME}/.config/gthumb
-noblacklist ~/.Steam
-noblacklist ~/.steam
+noblacklist ${HOME}/.Steam
+noblacklist ${HOME}/.steam
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/gwenview.profile b/etc/gwenview.profile
index 891c9865e..efaf94f4c 100644
--- a/etc/gwenview.profile
+++ b/etc/gwenview.profile
@@ -7,15 +7,15 @@ include /etc/firejail/globals.local
 
 # blacklist /run/user/*/bus
 
-noblacklist ~/.config/gwenviewrc
-noblacklist ~/.config/org.kde.gwenviewrc
-noblacklist ~/.gimp*
-noblacklist ~/.kde/share/apps/gwenview
-noblacklist ~/.kde/share/config/gwenviewrc
-noblacklist ~/.kde4/share/apps/gwenview
-noblacklist ~/.kde4/share/config/gwenviewrc
-noblacklist ~/.local/share/gwenview
-noblacklist ~/.local/share/org.kde.gwenview
+noblacklist ${HOME}/.config/gwenviewrc
+noblacklist ${HOME}/.config/org.kde.gwenviewrc
+noblacklist ${HOME}/.gimp*
+noblacklist ${HOME}/.kde/share/apps/gwenview
+noblacklist ${HOME}/.kde/share/config/gwenviewrc
+noblacklist ${HOME}/.kde4/share/apps/gwenview
+noblacklist ${HOME}/.kde4/share/config/gwenviewrc
+noblacklist ${HOME}/.local/share/gwenview
+noblacklist ${HOME}/.local/share/org.kde.gwenview
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/handbrake.profile b/etc/handbrake.profile
index 5235e91f2..f8554d50c 100644
--- a/etc/handbrake.profile
+++ b/etc/handbrake.profile
@@ -5,7 +5,7 @@ include /etc/firejail/handbrake.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/ghb
+noblacklist ${HOME}/.config/ghb
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/hedgewars.profile b/etc/hedgewars.profile
index e2775ffce..6f9117fae 100644
--- a/etc/hedgewars.profile
+++ b/etc/hedgewars.profile
@@ -12,8 +12,8 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir     ~/.hedgewars
-whitelist ~/.hedgewars
+mkdir     ${HOME}/.hedgewars
+whitelist ${HOME}/.hedgewars
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all
diff --git a/etc/hexchat.profile b/etc/hexchat.profile
index 5945665cc..634ced575 100644
--- a/etc/hexchat.profile
+++ b/etc/hexchat.profile
@@ -13,8 +13,8 @@ include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.config/hexchat
-whitelist ~/.config/hexchat
+mkdir ${HOME}/.config/hexchat
+whitelist ${HOME}/.config/hexchat
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/whitelist-var-common.inc
 
diff --git a/etc/icecat.profile b/etc/icecat.profile
index ab7e62180..74c51926a 100644
--- a/etc/icecat.profile
+++ b/etc/icecat.profile
@@ -5,34 +5,34 @@ include /etc/firejail/icecat.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/mozilla
-noblacklist ~/.mozilla
-noblacklist ~/.pki
+noblacklist ${HOME}/.cache/mozilla
+noblacklist ${HOME}/.mozilla
+noblacklist ${HOME}/.pki
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/mozilla/icecat
-mkdir ~/.mozilla
+mkdir ${HOME}/.cache/mozilla/icecat
+mkdir ${HOME}/.mozilla
 whitelist ${DOWNLOADS}
-whitelist ~/.cache/gnome-mplayer/plugin
-whitelist ~/.cache/mozilla/icecat
-whitelist ~/.config/gnome-mplayer
-whitelist ~/.config/pipelight-silverlight5.1
-whitelist ~/.config/pipelight-widevine
-whitelist ~/.keysnail.js
-whitelist ~/.lastpass
-whitelist ~/.mozilla
-whitelist ~/.pentadactyl
-whitelist ~/.pentadactylrc
-whitelist ~/.pki
-whitelist ~/.vimperator
-whitelist ~/.vimperatorrc
-whitelist ~/.wine-pipelight
-whitelist ~/.wine-pipelight64
-whitelist ~/.zotero
-whitelist ~/dwhelper
+whitelist ${HOME}/.cache/gnome-mplayer/plugin
+whitelist ${HOME}/.cache/mozilla/icecat
+whitelist ${HOME}/.config/gnome-mplayer
+whitelist ${HOME}/.config/pipelight-silverlight5.1
+whitelist ${HOME}/.config/pipelight-widevine
+whitelist ${HOME}/.keysnail.js
+whitelist ${HOME}/.lastpass
+whitelist ${HOME}/.mozilla
+whitelist ${HOME}/.pentadactyl
+whitelist ${HOME}/.pentadactylrc
+whitelist ${HOME}/.pki
+whitelist ${HOME}/.vimperator
+whitelist ${HOME}/.vimperatorrc
+whitelist ${HOME}/.wine-pipelight
+whitelist ${HOME}/.wine-pipelight64
+whitelist ${HOME}/.zotero
+whitelist ${HOME}/dwhelper
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all
diff --git a/etc/icedove.profile b/etc/icedove.profile
index 46861d9f2..80cff3878 100644
--- a/etc/icedove.profile
+++ b/etc/icedove.profile
@@ -8,16 +8,16 @@ include /etc/firejail/globals.local
 # Users have icedove set to open a browser by clicking a link in an email
 # We are not allowed to blacklist browser-specific directories
 
-noblacklist ~/.cache/icedove
-noblacklist ~/.gnupg
-noblacklist ~/.icedove
+noblacklist ${HOME}/.cache/icedove
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.icedove
 
-mkdir ~/.cache/icedove
-mkdir ~/.gnupg
-mkdir ~/.icedove
-whitelist ~/.cache/icedove
-whitelist ~/.gnupg
-whitelist ~/.icedove
+mkdir ${HOME}/.cache/icedove
+mkdir ${HOME}/.gnupg
+mkdir ${HOME}/.icedove
+whitelist ${HOME}/.cache/icedove
+whitelist ${HOME}/.gnupg
+whitelist ${HOME}/.icedove
 include /etc/firejail/whitelist-common.inc
 
 ignore private-tmp
diff --git a/etc/inox.profile b/etc/inox.profile
index 221acd309..fbc654434 100644
--- a/etc/inox.profile
+++ b/etc/inox.profile
@@ -5,20 +5,20 @@ include /etc/firejail/inox.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/inox
-noblacklist ~/.config/inox
-noblacklist ~/.pki
+noblacklist ${HOME}/.cache/inox
+noblacklist ${HOME}/.config/inox
+noblacklist ${HOME}/.pki
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/inox
-mkdir ~/.config/inox
-mkdir ~/.pki
+mkdir ${HOME}/.cache/inox
+mkdir ${HOME}/.config/inox
+mkdir ${HOME}/.pki
 whitelist ${DOWNLOADS}
-whitelist ~/.cache/inox
-whitelist ~/.config/inox
-whitelist ~/.pki
+whitelist ${HOME}/.cache/inox
+whitelist ${HOME}/.config/inox
+whitelist ${HOME}/.pki
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/whitelist-var-common.inc
 
diff --git a/etc/iridium.profile b/etc/iridium.profile
index 5b1268f4e..76026722f 100644
--- a/etc/iridium.profile
+++ b/etc/iridium.profile
@@ -5,21 +5,21 @@ include /etc/firejail/iridium.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/iridium
-noblacklist ~/.config/iridium
+noblacklist ${HOME}/.cache/iridium
+noblacklist ${HOME}/.config/iridium
 
 include /etc/firejail/disable-common.inc
 # chromium/iridium is distributed with a perl script on Arch
 # include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/iridium
-mkdir ~/.config/iridium
-mkdir ~/.pki
+mkdir ${HOME}/.cache/iridium
+mkdir ${HOME}/.config/iridium
+mkdir ${HOME}/.pki
 whitelist ${DOWNLOADS}
-whitelist ~/.cache/iridium
-whitelist ~/.config/iridium
-whitelist ~/.pki
+whitelist ${HOME}/.cache/iridium
+whitelist ${HOME}/.config/iridium
+whitelist ${HOME}/.pki
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/whitelist-var-common.inc
 
diff --git a/etc/jitsi.profile b/etc/jitsi.profile
index 78a57ff46..bfccdf281 100644
--- a/etc/jitsi.profile
+++ b/etc/jitsi.profile
@@ -5,7 +5,7 @@ include /etc/firejail/jitsi.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.jitsi
+noblacklist ${HOME}/.jitsi
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/k3b.profile b/etc/k3b.profile
index 58623d823..a9555bccc 100644
--- a/etc/k3b.profile
+++ b/etc/k3b.profile
@@ -5,9 +5,9 @@ include /etc/firejail/k3b.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/k3brc
-noblacklist ~/.kde/share/config/k3brc
-noblacklist ~/.kde4/share/config/k3brc
+noblacklist ${HOME}/.config/k3brc
+noblacklist ${HOME}/.kde/share/config/k3brc
+noblacklist ${HOME}/.kde4/share/config/k3brc
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/kate.profile b/etc/kate.profile
index 85a98d67f..711833d5c 100644
--- a/etc/kate.profile
+++ b/etc/kate.profile
@@ -7,12 +7,12 @@ include /etc/firejail/globals.local
 
 # blacklist /run/user/*/bus
 
-noblacklist ~/.config/katepartrc
-noblacklist ~/.config/katerc
-noblacklist ~/.config/kateschemarc
-noblacklist ~/.config/katesyntaxhighlightingrc
-noblacklist ~/.config/katevirc
-noblacklist ~/.local/share/kate
+noblacklist ${HOME}/.config/katepartrc
+noblacklist ${HOME}/.config/katerc
+noblacklist ${HOME}/.config/kateschemarc
+noblacklist ${HOME}/.config/katesyntaxhighlightingrc
+noblacklist ${HOME}/.config/katevirc
+noblacklist ${HOME}/.local/share/kate
 
 include /etc/firejail/disable-common.inc
 # include /etc/firejail/disable-devel.inc
diff --git a/etc/kget.profile b/etc/kget.profile
index f6d7352c1..25c66e044 100644
--- a/etc/kget.profile
+++ b/etc/kget.profile
@@ -5,10 +5,10 @@ include /etc/firejail/kget.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.kde/share/apps/kget
-noblacklist ~/.kde/share/config/kgetrc
-noblacklist ~/.kde4/share/apps/kget
-noblacklist ~/.kde4/share/config/kgetrc
+noblacklist ${HOME}/.kde/share/apps/kget
+noblacklist ${HOME}/.kde/share/config/kgetrc
+noblacklist ${HOME}/.kde4/share/apps/kget
+noblacklist ${HOME}/.kde4/share/config/kgetrc
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/kino.profile b/etc/kino.profile
index 240dab8ef..be51786f5 100644
--- a/etc/kino.profile
+++ b/etc/kino.profile
@@ -5,8 +5,8 @@ include /etc/firejail/kino.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.kino-history
-noblacklist ~/.kinorc
+noblacklist ${HOME}/.kino-history
+noblacklist ${HOME}/.kinorc
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/knotes.profile b/etc/knotes.profile
index 039f1b057..94ada7855 100644
--- a/etc/knotes.profile
+++ b/etc/knotes.profile
@@ -5,7 +5,7 @@ include /etc/firejail/knotes.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/knotesrc
+noblacklist ${HOME}/.config/knotesrc
 
 include /etc/firejail/disable-common.inc
 # include /etc/firejail/disable-devel.inc
diff --git a/etc/kopete.profile b/etc/kopete.profile
index 3e943c162..6d7c22373 100644
--- a/etc/kopete.profile
+++ b/etc/kopete.profile
@@ -5,10 +5,10 @@ include /etc/firejail/kopete.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.kde/share/apps/kopete
-noblacklist ~/.kde/share/config/kopeterc
-noblacklist ~/.kde4/share/apps/kopete
-noblacklist ~/.kde4/share/config/kopeterc
+noblacklist ${HOME}/.kde/share/apps/kopete
+noblacklist ${HOME}/.kde/share/config/kopeterc
+noblacklist ${HOME}/.kde4/share/apps/kopete
+noblacklist ${HOME}/.kde4/share/config/kopeterc
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/krunner.profile b/etc/krunner.profile
index c3a4c73aa..606b67677 100644
--- a/etc/krunner.profile
+++ b/etc/krunner.profile
@@ -8,9 +8,9 @@ include /etc/firejail/globals.local
 # start a program in krunner: program will run with this generic profile
 # open a file in krunner: file viewer will run with its own profile (if firejailed automatically)
 
-noblacklist ~/.config/krunnerrc
-noblacklist ~/.kde/share/config/krunnerrc
-noblacklist ~/.kde4/share/config/krunnerrc
+noblacklist ${HOME}/.config/krunnerrc
+noblacklist ${HOME}/.kde/share/config/krunnerrc
+noblacklist ${HOME}/.kde4/share/config/krunnerrc
 
 include /etc/firejail/disable-common.inc
 # include /etc/firejail/disable-devel.inc
diff --git a/etc/ktorrent.profile b/etc/ktorrent.profile
index 99e185ce3..5ea09f925 100644
--- a/etc/ktorrent.profile
+++ b/etc/ktorrent.profile
@@ -5,31 +5,31 @@ include /etc/firejail/ktorrent.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/ktorrentrc
-noblacklist ~/.kde/share/apps/ktorrent
-noblacklist ~/.kde/share/config/ktorrentrc
-noblacklist ~/.kde4/share/apps/ktorrent
-noblacklist ~/.kde4/share/config/ktorrentrc
-noblacklist ~/.local/share/ktorrent
+noblacklist ${HOME}/.config/ktorrentrc
+noblacklist ${HOME}/.kde/share/apps/ktorrent
+noblacklist ${HOME}/.kde/share/config/ktorrentrc
+noblacklist ${HOME}/.kde4/share/apps/ktorrent
+noblacklist ${HOME}/.kde4/share/config/ktorrentrc
+noblacklist ${HOME}/.local/share/ktorrent
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.kde/share/apps/ktorrent
-mkdir ~/.kde4/share/apps/ktorrent
-mkdir ~/.local/share/ktorrent
-mkfile ~/.config/ktorrentrc
-mkfile ~/.kde/share/config/ktorrentrc
-mkfile ~/.kde4/share/config/ktorrentrc
+mkdir ${HOME}/.kde/share/apps/ktorrent
+mkdir ${HOME}/.kde4/share/apps/ktorrent
+mkdir ${HOME}/.local/share/ktorrent
+mkfile ${HOME}/.config/ktorrentrc
+mkfile ${HOME}/.kde/share/config/ktorrentrc
+mkfile ${HOME}/.kde4/share/config/ktorrentrc
 whitelist  ${DOWNLOADS}
-whitelist ~/.config/ktorrentrc
-whitelist ~/.kde/share/apps/ktorrent
-whitelist ~/.kde/share/config/ktorrentrc
-whitelist ~/.kde4/share/apps/ktorrent
-whitelist ~/.kde4/share/config/ktorrentrc
-whitelist ~/.local/share/ktorrent
+whitelist ${HOME}/.config/ktorrentrc
+whitelist ${HOME}/.kde/share/apps/ktorrent
+whitelist ${HOME}/.kde/share/config/ktorrentrc
+whitelist ${HOME}/.kde4/share/apps/ktorrent
+whitelist ${HOME}/.kde4/share/config/ktorrentrc
+whitelist ${HOME}/.local/share/ktorrent
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/whitelist-var-common.inc
 
diff --git a/etc/kwin_x11.profile b/etc/kwin_x11.profile
index 0004da72d..8a578f3f3 100644
--- a/etc/kwin_x11.profile
+++ b/etc/kwin_x11.profile
@@ -5,9 +5,9 @@ include /etc/firejail/kwin_x11.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/kwinrc
-noblacklist ~/.config/kwinrulesrc
-noblacklist ~/.local/share/kwin
+noblacklist ${HOME}/.config/kwinrc
+noblacklist ${HOME}/.config/kwinrulesrc
+noblacklist ${HOME}/.local/share/kwin
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/kwrite.profile b/etc/kwrite.profile
index 5d6eba094..807ecf62b 100644
--- a/etc/kwrite.profile
+++ b/etc/kwrite.profile
@@ -7,13 +7,13 @@ include /etc/firejail/globals.local
 
 # blacklist /run/user/*/bus
 
-noblacklist ~/.config/katepartrc
-noblacklist ~/.config/katerc
-noblacklist ~/.config/kateschemarc
-noblacklist ~/.config/katesyntaxhighlightingrc
-noblacklist ~/.config/katevirc
-noblacklist ~/.config/kwriterc
-noblacklist ~/.local/share/kwrite
+noblacklist ${HOME}/.config/katepartrc
+noblacklist ${HOME}/.config/katerc
+noblacklist ${HOME}/.config/kateschemarc
+noblacklist ${HOME}/.config/katesyntaxhighlightingrc
+noblacklist ${HOME}/.config/katevirc
+noblacklist ${HOME}/.config/kwriterc
+noblacklist ${HOME}/.local/share/kwrite
 
 include /etc/firejail/disable-common.inc
 # include /etc/firejail/disable-devel.inc
diff --git a/etc/less.profile b/etc/less.profile
index 3546649af..3b1c5d6bf 100644
--- a/etc/less.profile
+++ b/etc/less.profile
@@ -20,7 +20,7 @@ shell none
 tracelog
 writable-var-log
 
-# The user can have a custom coloring scritps configured in ~/.lessfilter.
+# The user can have a custom coloring scritps configured in ${HOME}/.lessfilter.
 # Enable private-bin and private-lib if you are not using any filter.
 # private-bin less
 # private-lib
diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile
index 214b49c65..3548a75ad 100644
--- a/etc/libreoffice.profile
+++ b/etc/libreoffice.profile
@@ -7,7 +7,7 @@ include /etc/firejail/globals.local
 
 noblacklist ${HOME}/.java
 noblacklist /usr/local/sbin
-noblacklist ~/.config/libreoffice
+noblacklist ${HOME}/.config/libreoffice
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/liferea.profile b/etc/liferea.profile
index afd5fed6b..552a45bbb 100644
--- a/etc/liferea.profile
+++ b/etc/liferea.profile
@@ -5,21 +5,21 @@ include /etc/firejail/liferea.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/liferea
-noblacklist ~/.config/liferea
-noblacklist ~/.local/share/liferea
+noblacklist ${HOME}/.cache/liferea
+noblacklist ${HOME}/.config/liferea
+noblacklist ${HOME}/.local/share/liferea
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/liferea
-mkdir ~/.config/liferea
-mkdir ~/.local/share/liferea
-whitelist ~/.cache/liferea
-whitelist ~/.config/liferea
-whitelist ~/.local/share/liferea
+mkdir ${HOME}/.cache/liferea
+mkdir ${HOME}/.config/liferea
+mkdir ${HOME}/.local/share/liferea
+whitelist ${HOME}/.cache/liferea
+whitelist ${HOME}/.config/liferea
+whitelist ${HOME}/.local/share/liferea
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all
diff --git a/etc/lximage-qt.profile b/etc/lximage-qt.profile
index 1a3b26c10..d4bb1b0e8 100644
--- a/etc/lximage-qt.profile
+++ b/etc/lximage-qt.profile
@@ -5,7 +5,7 @@ include /etc/firejail/lximage-qt.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/lximage-qt
+noblacklist ${HOME}/.config/lximage-qt
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/lxmusic.profile b/etc/lxmusic.profile
index 0161ffb63..71d7a056f 100644
--- a/etc/lxmusic.profile
+++ b/etc/lxmusic.profile
@@ -5,8 +5,8 @@ include /etc/firejail/lxmusic.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/xmms2
-noblacklist ~/.config/xmms2
+noblacklist ${HOME}/.cache/xmms2
+noblacklist ${HOME}/.config/xmms2
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/makepkg.profile b/etc/makepkg.profile
index 96846592d..6d2e6b0ce 100644
--- a/etc/makepkg.profile
+++ b/etc/makepkg.profile
@@ -5,8 +5,8 @@
 # for potential issues and their solutions when Firejailing makepkg
 
 # This profile could be significantly strengthened by adding the following to makepkg.local
-# whitelist ~/<Your Build Folder>
-# whitelist ~/.gnupg
+# whitelist ${HOME}/<Your Build Folder>
+# whitelist ${HOME}/.gnupg
 
 quiet
 # Persistent local customizations
@@ -16,15 +16,15 @@ include /etc/firejail/globals.local
 
 
 # Enable severely restricted access to ${HOME}/.gnupg
-noblacklist ~/.gnupg
-read-only ~/.gnupg/gpg.conf
-read-only ~/.gnupg/trustdb.gpg
-read-only ~/.gnupg/pubring.kbx
-blacklist ~/.gnupg/random_seed
-blacklist ~/.gnupg/pubring.kbx~
-blacklist ~/.gnupg/private-keys-v1.d
-blacklist ~/.gnupg/crls.d
-blacklist ~/.gnupg/openpgp-revocs.d
+noblacklist ${HOME}/.gnupg
+read-only ${HOME}/.gnupg/gpg.conf
+read-only ${HOME}/.gnupg/trustdb.gpg
+read-only ${HOME}/.gnupg/pubring.kbx
+blacklist ${HOME}/.gnupg/random_seed
+blacklist ${HOME}/.gnupg/pubring.kbx~
+blacklist ${HOME}/.gnupg/private-keys-v1.d
+blacklist ${HOME}/.gnupg/crls.d
+blacklist ${HOME}/.gnupg/openpgp-revocs.d
 
 
 # Need to be able to read /var/lib/pacman, {Note no capabilities so automatically read-only}
diff --git a/etc/mediathekview.profile b/etc/mediathekview.profile
index dc9946794..9eae27765 100644
--- a/etc/mediathekview.profile
+++ b/etc/mediathekview.profile
@@ -5,16 +5,16 @@ include /etc/firejail/mediathekview.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/mpv
-noblacklist ~/.config/smplayer
-noblacklist ~/.config/totem
-noblacklist ~/.config/vlc
-noblacklist ~/.config/xplayer
-noblacklist ~/.java
-noblacklist ~/.local/share/totem
-noblacklist ~/.local/share/xplayer
-noblacklist ~/.mediathek3
-noblacklist ~/.mplayer
+noblacklist ${HOME}/.config/mpv
+noblacklist ${HOME}/.config/smplayer
+noblacklist ${HOME}/.config/totem
+noblacklist ${HOME}/.config/vlc
+noblacklist ${HOME}/.config/xplayer
+noblacklist ${HOME}/.java
+noblacklist ${HOME}/.local/share/totem
+noblacklist ${HOME}/.local/share/xplayer
+noblacklist ${HOME}/.mediathek3
+noblacklist ${HOME}/.mplayer
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/midori.profile b/etc/midori.profile
index e8373b042..7cb5326fb 100644
--- a/etc/midori.profile
+++ b/etc/midori.profile
@@ -5,32 +5,32 @@ include /etc/firejail/midori.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/midori
-noblacklist ~/.local/share/midori
-# noblacklist ~/.local/share/webkit
-# noblacklist ~/.local/share/webkitgtk
-noblacklist ~/.pki
+noblacklist ${HOME}/.config/midori
+noblacklist ${HOME}/.local/share/midori
+# noblacklist ${HOME}/.local/share/webkit
+# noblacklist ${HOME}/.local/share/webkitgtk
+noblacklist ${HOME}/.pki
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/midori
-mkdir ~/.config/midori
-mkdir ~/.local/share/midori
-mkdir ~/.local/share/webkit
-mkdir ~/.local/share/webkitgtk
-mkdir ~/.pki
+mkdir ${HOME}/.cache/midori
+mkdir ${HOME}/.config/midori
+mkdir ${HOME}/.local/share/midori
+mkdir ${HOME}/.local/share/webkit
+mkdir ${HOME}/.local/share/webkitgtk
+mkdir ${HOME}/.pki
 whitelist ${DOWNLOADS}
-whitelist ~/.cache/gnome-mplayer/plugin
-whitelist ~/.cache/midori
-whitelist ~/.config/gnome-mplayer
-whitelist ~/.config/midori
-whitelist ~/.lastpass
-whitelist ~/.local/share/midori
-whitelist ~/.local/share/webkit
-whitelist ~/.local/share/webkitgtk
-whitelist ~/.pki
+whitelist ${HOME}/.cache/gnome-mplayer/plugin
+whitelist ${HOME}/.cache/midori
+whitelist ${HOME}/.config/gnome-mplayer
+whitelist ${HOME}/.config/midori
+whitelist ${HOME}/.lastpass
+whitelist ${HOME}/.local/share/midori
+whitelist ${HOME}/.local/share/webkit
+whitelist ${HOME}/.local/share/webkitgtk
+whitelist ${HOME}/.pki
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all
diff --git a/etc/mousepad.profile b/etc/mousepad.profile
index e44750f99..0f0051c0a 100644
--- a/etc/mousepad.profile
+++ b/etc/mousepad.profile
@@ -5,7 +5,7 @@ include /etc/firejail/mousepad.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/Mousepad
+noblacklist ${HOME}/.config/Mousepad
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/musescore.profile b/etc/musescore.profile
index b3d04c08f..75f86c842 100644
--- a/etc/musescore.profile
+++ b/etc/musescore.profile
@@ -5,10 +5,10 @@ include /etc/firejail/musescore.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/MusE
-noblacklist ~/.config/MuseScore
-noblacklist ~/.local/share/data/MusE
-noblacklist ~/.local/share/data/MuseScore
+noblacklist ${HOME}/.config/MusE
+noblacklist ${HOME}/.config/MuseScore
+noblacklist ${HOME}/.local/share/data/MusE
+noblacklist ${HOME}/.local/share/data/MuseScore
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/mutt.profile b/etc/mutt.profile
index bdd629773..bca72f386 100644
--- a/etc/mutt.profile
+++ b/etc/mutt.profile
@@ -9,28 +9,28 @@ blacklist /tmp/.X11-unix
 
 noblacklist /var/mail
 noblacklist /var/spool/mail
-noblacklist ~/.Mail
-noblacklist ~/.bogofilter
-noblacklist ~/.cache/mutt
-noblacklist ~/.elinks
-noblacklist ~/.emacs
-noblacklist ~/.emacs.d
-noblacklist ~/.gnupg
-noblacklist ~/.mail
-noblacklist ~/.mailcap
-noblacklist ~/.msmtprc
-noblacklist ~/.mutt
-noblacklist ~/.mutt/muttrc
-noblacklist ~/.muttrc
-noblacklist ~/.signature
-noblacklist ~/.vim
-noblacklist ~/.viminfo
-noblacklist ~/.vimrc
-noblacklist ~/.w3m
-noblacklist ~/Mail
-noblacklist ~/mail
-noblacklist ~/postponed
-noblacklist ~/sent
+noblacklist ${HOME}/.Mail
+noblacklist ${HOME}/.bogofilter
+noblacklist ${HOME}/.cache/mutt
+noblacklist ${HOME}/.elinks
+noblacklist ${HOME}/.emacs
+noblacklist ${HOME}/.emacs.d
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.mail
+noblacklist ${HOME}/.mailcap
+noblacklist ${HOME}/.msmtprc
+noblacklist ${HOME}/.mutt
+noblacklist ${HOME}/.mutt/muttrc
+noblacklist ${HOME}/.muttrc
+noblacklist ${HOME}/.signature
+noblacklist ${HOME}/.vim
+noblacklist ${HOME}/.viminfo
+noblacklist ${HOME}/.vimrc
+noblacklist ${HOME}/.w3m
+noblacklist ${HOME}/Mail
+noblacklist ${HOME}/mail
+noblacklist ${HOME}/postponed
+noblacklist ${HOME}/sent
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/nautilus.profile b/etc/nautilus.profile
index 45d23cae6..5ba0850fc 100644
--- a/etc/nautilus.profile
+++ b/etc/nautilus.profile
@@ -8,10 +8,10 @@ include /etc/firejail/globals.local
 # Nautilus is started by systemd on most systems. Therefore it is not firejailed by default. Since there
 # is already a nautilus process running on gnome desktops firejail will have no effect.
 
-noblacklist ~/.config/nautilus
-noblacklist ~/.local/share/Trash
-noblacklist ~/.local/share/nautilus
-noblacklist ~/.local/share/nautilus-python
+noblacklist ${HOME}/.config/nautilus
+noblacklist ${HOME}/.local/share/Trash
+noblacklist ${HOME}/.local/share/nautilus
+noblacklist ${HOME}/.local/share/nautilus-python
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/netsurf.profile b/etc/netsurf.profile
index 64aa068b1..02b35757a 100644
--- a/etc/netsurf.profile
+++ b/etc/netsurf.profile
@@ -5,18 +5,18 @@ include /etc/firejail/netsurf.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/netsurf
-noblacklist ~/.config/netsurf
+noblacklist ${HOME}/.cache/netsurf
+noblacklist ${HOME}/.config/netsurf
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/netsurf
-mkdir ~/.config/netsurf
+mkdir ${HOME}/.cache/netsurf
+mkdir ${HOME}/.config/netsurf
 whitelist ${DOWNLOADS}
-whitelist ~/.cache/netsurf
-whitelist ~/.config/netsurf
+whitelist ${HOME}/.cache/netsurf
+whitelist ${HOME}/.config/netsurf
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all
diff --git a/etc/nylas.profile b/etc/nylas.profile
index d96c6b0d4..c2e1e1fdb 100644
--- a/etc/nylas.profile
+++ b/etc/nylas.profile
@@ -5,8 +5,8 @@ include /etc/firejail/nylas.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/Nylas Mail
-noblacklist ~/.nylas-mail
+noblacklist ${HOME}/.config/Nylas Mail
+noblacklist ${HOME}/.nylas-mail
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
@@ -14,8 +14,8 @@ include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
 whitelist ${DOWNLOADS}
-whitelist ~/.config/Nylas Mail
-whitelist ~/.nylas-mail
+whitelist ${HOME}/.config/Nylas Mail
+whitelist ${HOME}/.nylas-mail
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all
diff --git a/etc/okular.profile b/etc/okular.profile
index 4171a28f8..2c2d395c8 100644
--- a/etc/okular.profile
+++ b/etc/okular.profile
@@ -7,15 +7,15 @@ include /etc/firejail/globals.local
 
 # blacklist /run/user/*/bus
 
-noblacklist ~/.config/okularpartrc
-noblacklist ~/.config/okularrc
-noblacklist ~/.kde/share/apps/okular
-noblacklist ~/.kde/share/config/okularpartrc
-noblacklist ~/.kde/share/config/okularrc
-noblacklist ~/.kde4/share/apps/okular
-noblacklist ~/.kde4/share/config/okularpartrc
-noblacklist ~/.kde4/share/config/okularrc
-noblacklist ~/.local/share/okular
+noblacklist ${HOME}/.config/okularpartrc
+noblacklist ${HOME}/.config/okularrc
+noblacklist ${HOME}/.kde/share/apps/okular
+noblacklist ${HOME}/.kde/share/config/okularpartrc
+noblacklist ${HOME}/.kde/share/config/okularrc
+noblacklist ${HOME}/.kde4/share/apps/okular
+noblacklist ${HOME}/.kde4/share/config/okularpartrc
+noblacklist ${HOME}/.kde4/share/config/okularrc
+noblacklist ${HOME}/.local/share/okular
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/open-invaders.profile b/etc/open-invaders.profile
index 20a9b2227..331bfa939 100644
--- a/etc/open-invaders.profile
+++ b/etc/open-invaders.profile
@@ -7,14 +7,14 @@ include /etc/firejail/globals.local
 
 blacklist /run/user/*/bus
 
-noblacklist ~/.openinvaders
+noblacklist ${HOME}/.openinvaders
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.openinvaders
-whitelist ~/.openinvaders
+mkdir ${HOME}/.openinvaders
+whitelist ${HOME}/.openinvaders
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all
diff --git a/etc/opera-beta.profile b/etc/opera-beta.profile
index c295a2082..6079ac7d5 100644
--- a/etc/opera-beta.profile
+++ b/etc/opera-beta.profile
@@ -5,20 +5,20 @@ include /etc/firejail/opera-beta.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/opera-beta
-noblacklist ~/.pki
+noblacklist ${HOME}/.config/opera-beta
+noblacklist ${HOME}/.pki
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/opera
-mkdir ~/.config/opera-beta
-mkdir ~/.pki
+mkdir ${HOME}/.cache/opera
+mkdir ${HOME}/.config/opera-beta
+mkdir ${HOME}/.pki
 whitelist ${DOWNLOADS}
-whitelist ~/.cache/opera
-whitelist ~/.config/opera-beta
-whitelist ~/.pki
+whitelist ${HOME}/.cache/opera
+whitelist ${HOME}/.config/opera-beta
+whitelist ${HOME}/.pki
 include /etc/firejail/whitelist-common.inc
 
 netfilter
diff --git a/etc/opera.profile b/etc/opera.profile
index 553ea6790..2b9b903ac 100644
--- a/etc/opera.profile
+++ b/etc/opera.profile
@@ -5,24 +5,24 @@ include /etc/firejail/opera.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/opera
-noblacklist ~/.config/opera
-noblacklist ~/.opera
-noblacklist ~/.pki
+noblacklist ${HOME}/.cache/opera
+noblacklist ${HOME}/.config/opera
+noblacklist ${HOME}/.opera
+noblacklist ${HOME}/.pki
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/opera
-mkdir ~/.config/opera
-mkdir ~/.opera
-mkdir ~/.pki
+mkdir ${HOME}/.cache/opera
+mkdir ${HOME}/.config/opera
+mkdir ${HOME}/.opera
+mkdir ${HOME}/.pki
 whitelist ${DOWNLOADS}
-whitelist ~/.cache/opera
-whitelist ~/.config/opera
-whitelist ~/.opera
-whitelist ~/.pki
+whitelist ${HOME}/.cache/opera
+whitelist ${HOME}/.config/opera
+whitelist ${HOME}/.opera
+whitelist ${HOME}/.pki
 include /etc/firejail/whitelist-common.inc
 
 netfilter
diff --git a/etc/palemoon.profile b/etc/palemoon.profile
index 054e876c5..8bdcb7334 100644
--- a/etc/palemoon.profile
+++ b/etc/palemoon.profile
@@ -5,8 +5,8 @@ include /etc/firejail/palemoon.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/moonchild productions/pale moon
-noblacklist ~/.moonchild productions/pale moon
+noblacklist ${HOME}/.cache/moonchild productions/pale moon
+noblacklist ${HOME}/.moonchild productions/pale moon
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
@@ -14,29 +14,29 @@ include /etc/firejail/disable-programs.inc
 
 # These are uncommented in the Firefox profile. If you run into trouble you may
 # want to uncomment (some of) them.
-#whitelist ~/dwhelper
-#whitelist ~/.zotero
-#whitelist ~/.vimperatorrc
-#whitelist ~/.vimperator
-#whitelist ~/.pentadactylrc
-#whitelist ~/.pentadactyl
-#whitelist ~/.keysnail.js
-#whitelist ~/.config/gnome-mplayer
-#whitelist ~/.cache/gnome-mplayer/plugin
-#whitelist ~/.pki
-#whitelist ~/.lastpass
+#whitelist ${HOME}/dwhelper
+#whitelist ${HOME}/.zotero
+#whitelist ${HOME}/.vimperatorrc
+#whitelist ${HOME}/.vimperator
+#whitelist ${HOME}/.pentadactylrc
+#whitelist ${HOME}/.pentadactyl
+#whitelist ${HOME}/.keysnail.js
+#whitelist ${HOME}/.config/gnome-mplayer
+#whitelist ${HOME}/.cache/gnome-mplayer/plugin
+#whitelist ${HOME}/.pki
+#whitelist ${HOME}/.lastpass
 
 # For silverlight
-#whitelist ~/.wine-pipelight
-#whitelist ~/.wine-pipelight64
-#whitelist ~/.config/pipelight-widevine
-#whitelist ~/.config/pipelight-silverlight5.1
+#whitelist ${HOME}/.wine-pipelight
+#whitelist ${HOME}/.wine-pipelight64
+#whitelist ${HOME}/.config/pipelight-widevine
+#whitelist ${HOME}/.config/pipelight-silverlight5.1
 
-mkdir ~/.cache/moonchild productions/pale moon
-mkdir ~/.moonchild productions
+mkdir ${HOME}/.cache/moonchild productions/pale moon
+mkdir ${HOME}/.moonchild productions
 whitelist ${DOWNLOADS}
-whitelist ~/.cache/moonchild productions/pale moon
-whitelist ~/.moonchild productions
+whitelist ${HOME}/.cache/moonchild productions/pale moon
+whitelist ${HOME}/.moonchild productions
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all
diff --git a/etc/pcmanfm.profile b/etc/pcmanfm.profile
index 03e7e450f..08c607020 100644
--- a/etc/pcmanfm.profile
+++ b/etc/pcmanfm.profile
@@ -8,8 +8,8 @@ include /etc/firejail/globals.local
 # blacklist /run/user/*/bus
 
 noblacklist ${HOME}/.local/share/Trash
-# noblacklist ~/.config/libfm - disable-programs.inc is disabled, see below
-# noblacklist ~/.config/pcmanfm
+# noblacklist ${HOME}/.config/libfm - disable-programs.inc is disabled, see below
+# noblacklist ${HOME}/.config/pcmanfm
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/pingus.profile b/etc/pingus.profile
index c491a2669..65aeedd86 100644
--- a/etc/pingus.profile
+++ b/etc/pingus.profile
@@ -7,14 +7,14 @@ include /etc/firejail/globals.local
 
 blacklist /run/user/*/bus
 
-noblacklist ~/.pingus
+noblacklist ${HOME}/.pingus
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.pingus
-whitelist ~/.pingus
+mkdir ${HOME}/.pingus
+whitelist ${HOME}/.pingus
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all
diff --git a/etc/pix.profile b/etc/pix.profile
index 5440e4634..9eca6f87e 100644
--- a/etc/pix.profile
+++ b/etc/pix.profile
@@ -7,8 +7,8 @@ include /etc/firejail/globals.local
 
 noblacklist ${HOME}/.config/pix
 noblacklist ${HOME}/.local/share/pix
-noblacklist ~/.Steam
-noblacklist ~/.steam
+noblacklist ${HOME}/.Steam
+noblacklist ${HOME}/.steam
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/psi-plus.profile b/etc/psi-plus.profile
index 72c52d967..8d2ace96a 100644
--- a/etc/psi-plus.profile
+++ b/etc/psi-plus.profile
@@ -13,13 +13,13 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/psi+
-mkdir ~/.config/psi+
-mkdir ~/.local/share/psi+
+mkdir ${HOME}/.cache/psi+
+mkdir ${HOME}/.config/psi+
+mkdir ${HOME}/.local/share/psi+
 whitelist ${DOWNLOADS}
-whitelist ~/.cache/psi+
-whitelist ~/.config/psi+
-whitelist ~/.local/share/psi+
+whitelist ${HOME}/.cache/psi+
+whitelist ${HOME}/.config/psi+
+whitelist ${HOME}/.local/share/psi+
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile
index 32eb7de5b..9c4e6e356 100644
--- a/etc/qbittorrent.profile
+++ b/etc/qbittorrent.profile
@@ -5,25 +5,25 @@ include /etc/firejail/qbittorrent.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/qBittorrent
-noblacklist ~/.config/qBittorrent
-noblacklist ~/.config/qBittorrentrc
-noblacklist ~/.config/qt5ct
+noblacklist ${HOME}/.cache/qBittorrent
+noblacklist ${HOME}/.config/qBittorrent
+noblacklist ${HOME}/.config/qBittorrentrc
+noblacklist ${HOME}/.config/qt5ct
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/qBittorrent
-mkdir ~/.config/qBittorrent
-mkdir ~/.local/share/data/qBittorrent
+mkdir ${HOME}/.cache/qBittorrent
+mkdir ${HOME}/.config/qBittorrent
+mkdir ${HOME}/.local/share/data/qBittorrent
 whitelist  ${DOWNLOADS}
-whitelist ~/.cache/qBittorrent
-whitelist ~/.config/qBittorrent
-whitelist ~/.config/qBittorrentrc
-whitelist ~/.config/qt5ct
-whitelist ~/.local/share/data/qBittorrent
+whitelist ${HOME}/.cache/qBittorrent
+whitelist ${HOME}/.config/qBittorrent
+whitelist ${HOME}/.config/qBittorrentrc
+whitelist ${HOME}/.config/qt5ct
+whitelist ${HOME}/.local/share/data/qBittorrent
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/whitelist-var-common.inc
 
diff --git a/etc/qemu-launcher.profile b/etc/qemu-launcher.profile
index 2738e04bb..20b14c0ca 100644
--- a/etc/qemu-launcher.profile
+++ b/etc/qemu-launcher.profile
@@ -5,7 +5,7 @@ include /etc/firejail/qemu-launcher.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.qemu-launcher
+noblacklist ${HOME}/.qemu-launcher
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-passwdmgr.inc
diff --git a/etc/qtox.profile b/etc/qtox.profile
index 226d516ad..917e2cde8 100644
--- a/etc/qtox.profile
+++ b/etc/qtox.profile
@@ -5,8 +5,8 @@ include /etc/firejail/qtox.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/qt5ct
-noblacklist ~/.config/tox
+noblacklist ${HOME}/.config/qt5ct
+noblacklist ${HOME}/.config/tox
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/quiterss.profile b/etc/quiterss.profile
index f820b590e..0d02cacae 100644
--- a/etc/quiterss.profile
+++ b/etc/quiterss.profile
@@ -15,10 +15,10 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/QuiteRss
-mkdir ~/.config/QuiteRss
-mkdir ~/.local/share/data
-mkdir ~/.local/share/data/QuiteRss
+mkdir ${HOME}/.cache/QuiteRss
+mkdir ${HOME}/.config/QuiteRss
+mkdir ${HOME}/.local/share/data
+mkdir ${HOME}/.local/share/data/QuiteRss
 whitelist ${HOME}/.cache/QuiteRss
 whitelist ${HOME}/.config/QuiteRss/
 whitelist ${HOME}/.config/QuiteRssrc
diff --git a/etc/qupzilla.profile b/etc/qupzilla.profile
index 7b7086bde..74c7355b6 100644
--- a/etc/qupzilla.profile
+++ b/etc/qupzilla.profile
@@ -14,8 +14,8 @@ include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
 whitelist ${DOWNLOADS}
-whitelist ~/.cache/qupzilla
-whitelist ~/.config/qupzilla
+whitelist ${HOME}/.cache/qupzilla
+whitelist ${HOME}/.config/qupzilla
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all
diff --git a/etc/qutebrowser.profile b/etc/qutebrowser.profile
index 31721617f..b6834aaad 100644
--- a/etc/qutebrowser.profile
+++ b/etc/qutebrowser.profile
@@ -5,20 +5,20 @@ include /etc/firejail/qutebrowser.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/qutebrowser
-noblacklist ~/.config/qutebrowser
+noblacklist ${HOME}/.cache/qutebrowser
+noblacklist ${HOME}/.config/qutebrowser
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/qutebrowser
-mkdir ~/.config/qutebrowser
-mkdir ~/.local/share/qutebrowser
+mkdir ${HOME}/.cache/qutebrowser
+mkdir ${HOME}/.config/qutebrowser
+mkdir ${HOME}/.local/share/qutebrowser
 whitelist ${DOWNLOADS}
-whitelist ~/.cache/qutebrowser
-whitelist ~/.config/qutebrowser
-whitelist ~/.local/share/qutebrowser
+whitelist ${HOME}/.cache/qutebrowser
+whitelist ${HOME}/.config/qutebrowser
+whitelist ${HOME}/.local/share/qutebrowser
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all
diff --git a/etc/rambox.profile b/etc/rambox.profile
index 2696df86b..f17f1d202 100644
--- a/etc/rambox.profile
+++ b/etc/rambox.profile
@@ -5,18 +5,18 @@ include /etc/firejail/rambox.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/Rambox
-noblacklist ~/.pki
+noblacklist ${HOME}/.config/Rambox
+noblacklist ${HOME}/.pki
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.config/Rambox
-mkdir ~/.pki
+mkdir ${HOME}/.config/Rambox
+mkdir ${HOME}/.pki
 whitelist ${DOWNLOADS}
-whitelist ~/.config/Rambox
-whitelist ~/.pki
+whitelist ${HOME}/.config/Rambox
+whitelist ${HOME}/.pki
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all
diff --git a/etc/ranger.profile b/etc/ranger.profile
index 0dac16424..211a1b2d5 100644
--- a/etc/ranger.profile
+++ b/etc/ranger.profile
@@ -11,7 +11,7 @@ blacklist /run/user/*/bus
 noblacklist /usr/bin/perl
 noblacklist /usr/lib/perl*
 noblacklist /usr/share/perl*
-noblacklist ~/.config/ranger
+noblacklist ${HOME}/.config/ranger
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/ristretto.profile b/etc/ristretto.profile
index 3de5de34a..114bb30f4 100644
--- a/etc/ristretto.profile
+++ b/etc/ristretto.profile
@@ -6,8 +6,8 @@ include /etc/firejail/ristretto.local
 include /etc/firejail/globals.local
 
 noblacklist ${HOME}/.config/ristretto
-noblacklist ~/.Steam
-noblacklist ~/.steam
+noblacklist ${HOME}/.Steam
+noblacklist ${HOME}/.steam
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/scribus.profile b/etc/scribus.profile
index e49d484ed..001b91387 100644
--- a/etc/scribus.profile
+++ b/etc/scribus.profile
@@ -8,20 +8,20 @@ include /etc/firejail/globals.local
 blacklist /run/user/*/bus
 
 # Support for PDF readers comes with Scribus 1.5 and higher
-noblacklist ~/.config/okularpartrc
-noblacklist ~/.config/okularrc
-noblacklist ~/.config/scribus
-noblacklist ~/.config/scribusrc
-noblacklist ~/.gimp*
-noblacklist ~/.kde/share/apps/okular
-noblacklist ~/.kde/share/config/okularpartrc
-noblacklist ~/.kde/share/config/okularrc
-noblacklist ~/.kde4/share/apps/okular
-noblacklist ~/.kde4/share/config/okularpartrc
-noblacklist ~/.kde4/share/config/okularrc
-noblacklist ~/.local/share/okular
-noblacklist ~/.local/share/scribus
-noblacklist ~/.scribus
+noblacklist ${HOME}/.config/okularpartrc
+noblacklist ${HOME}/.config/okularrc
+noblacklist ${HOME}/.config/scribus
+noblacklist ${HOME}/.config/scribusrc
+noblacklist ${HOME}/.gimp*
+noblacklist ${HOME}/.kde/share/apps/okular
+noblacklist ${HOME}/.kde/share/config/okularpartrc
+noblacklist ${HOME}/.kde/share/config/okularrc
+noblacklist ${HOME}/.kde4/share/apps/okular
+noblacklist ${HOME}/.kde4/share/config/okularpartrc
+noblacklist ${HOME}/.kde4/share/config/okularrc
+noblacklist ${HOME}/.local/share/okular
+noblacklist ${HOME}/.local/share/scribus
+noblacklist ${HOME}/.scribus
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile
index 36dde66b0..cfd03300a 100644
--- a/etc/seamonkey.profile
+++ b/etc/seamonkey.profile
@@ -5,34 +5,34 @@ include /etc/firejail/seamonkey.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/mozilla
-noblacklist ~/.mozilla
-noblacklist ~/.pki
+noblacklist ${HOME}/.cache/mozilla
+noblacklist ${HOME}/.mozilla
+noblacklist ${HOME}/.pki
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/mozilla
-mkdir ~/.mozilla
+mkdir ${HOME}/.cache/mozilla
+mkdir ${HOME}/.mozilla
 whitelist ${DOWNLOADS}
-whitelist ~/.cache/gnome-mplayer/plugin
-whitelist ~/.cache/mozilla
-whitelist ~/.config/gnome-mplayer
-whitelist ~/.config/pipelight-silverlight5.1
-whitelist ~/.config/pipelight-widevine
-whitelist ~/.keysnail.js
-whitelist ~/.lastpass
-whitelist ~/.mozilla
-whitelist ~/.pentadactyl
-whitelist ~/.pentadactylrc
-whitelist ~/.pki
-whitelist ~/.vimperator
-whitelist ~/.vimperatorrc
-whitelist ~/.wine-pipelight
-whitelist ~/.wine-pipelight64
-whitelist ~/.zotero
-whitelist ~/dwhelper
+whitelist ${HOME}/.cache/gnome-mplayer/plugin
+whitelist ${HOME}/.cache/mozilla
+whitelist ${HOME}/.config/gnome-mplayer
+whitelist ${HOME}/.config/pipelight-silverlight5.1
+whitelist ${HOME}/.config/pipelight-widevine
+whitelist ${HOME}/.keysnail.js
+whitelist ${HOME}/.lastpass
+whitelist ${HOME}/.mozilla
+whitelist ${HOME}/.pentadactyl
+whitelist ${HOME}/.pentadactylrc
+whitelist ${HOME}/.pki
+whitelist ${HOME}/.vimperator
+whitelist ${HOME}/.vimperatorrc
+whitelist ${HOME}/.wine-pipelight
+whitelist ${HOME}/.wine-pipelight64
+whitelist ${HOME}/.zotero
+whitelist ${HOME}/dwhelper
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all
diff --git a/etc/signal-desktop.profile b/etc/signal-desktop.profile
index 88e3eef20..b9f7a6c33 100644
--- a/etc/signal-desktop.profile
+++ b/etc/signal-desktop.profile
@@ -5,16 +5,16 @@ include /etc/firejail/signal-desktop.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/Signal
+noblacklist ${HOME}/.config/Signal
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
 
-mkdir ~/.config/Signal
+mkdir ${HOME}/.config/Signal
 whitelist ${DOWNLOADS}
-whitelist ~/.config/Signal
+whitelist ${HOME}/.config/Signal
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/whitelist-var-common.inc 
 
diff --git a/etc/simple-scan.profile b/etc/simple-scan.profile
index edd4db861..b7dc3c57c 100644
--- a/etc/simple-scan.profile
+++ b/etc/simple-scan.profile
@@ -5,7 +5,7 @@ include /etc/firejail/simple-scan.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/simple-scan
+noblacklist ${HOME}/.cache/simple-scan
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/simutrans.profile b/etc/simutrans.profile
index 1cbd9756c..89d1f2925 100644
--- a/etc/simutrans.profile
+++ b/etc/simutrans.profile
@@ -7,14 +7,14 @@ include /etc/firejail/globals.local
 
 blacklist /run/user/*/bus
 
-noblacklist ~/.simutrans
+noblacklist ${HOME}/.simutrans
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.simutrans
-whitelist ~/.simutrans
+mkdir ${HOME}/.simutrans
+whitelist ${HOME}/.simutrans
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all
diff --git a/etc/snap.profile b/etc/snap.profile
index 38aef7c23..345525c9a 100644
--- a/etc/snap.profile
+++ b/etc/snap.profile
@@ -12,5 +12,5 @@ include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
 whitelist ${DOWNLOADS}
-whitelist ~/snap
+whitelist ${HOME}/snap
 include /etc/firejail/whitelist-common.inc
diff --git a/etc/ssh-agent.profile b/etc/ssh-agent.profile
index fa5728d9b..b71c20231 100644
--- a/etc/ssh-agent.profile
+++ b/etc/ssh-agent.profile
@@ -10,7 +10,7 @@ blacklist /tmp/.X11-unix
 
 noblacklist /etc/ssh
 noblacklist /tmp/ssh-*
-noblacklist ~/.ssh
+noblacklist ${HOME}/.ssh
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-passwdmgr.inc
diff --git a/etc/ssh.profile b/etc/ssh.profile
index 7ac0b8417..df86a276e 100644
--- a/etc/ssh.profile
+++ b/etc/ssh.profile
@@ -8,7 +8,7 @@ include /etc/firejail/globals.local
 
 noblacklist /etc/ssh
 noblacklist /tmp/ssh-*
-noblacklist ~/.ssh
+noblacklist ${HOME}/.ssh
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-passwdmgr.inc
diff --git a/etc/stellarium.profile b/etc/stellarium.profile
index 360b9f881..889a21a60 100644
--- a/etc/stellarium.profile
+++ b/etc/stellarium.profile
@@ -5,18 +5,18 @@ include /etc/firejail/stellarium.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/stellarium
-noblacklist ~/.stellarium
+noblacklist ${HOME}/.config/stellarium
+noblacklist ${HOME}/.stellarium
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.config/stellarium
-mkdir ~/.stellarium
-whitelist ~/.config/stellarium
-whitelist ~/.stellarium
+mkdir ${HOME}/.config/stellarium
+mkdir ${HOME}/.stellarium
+whitelist ${HOME}/.config/stellarium
+whitelist ${HOME}/.stellarium
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/whitelist-var-common.inc
 
diff --git a/etc/supertux2.profile b/etc/supertux2.profile
index 120f0a043..2b5bb07c3 100644
--- a/etc/supertux2.profile
+++ b/etc/supertux2.profile
@@ -7,14 +7,14 @@ include /etc/firejail/globals.local
 
 blacklist /run/user/*/bus
 
-noblacklist ~/.local/share/supertux2
+noblacklist ${HOME}/.local/share/supertux2
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.local/share/supertux2
-whitelist ~/.local/share/supertux2
+mkdir ${HOME}/.local/share/supertux2
+whitelist ${HOME}/.local/share/supertux2
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/whitelist-var-common.inc
 
diff --git a/etc/surf.profile b/etc/surf.profile
index a12212f16..6f7bd16f6 100644
--- a/etc/surf.profile
+++ b/etc/surf.profile
@@ -5,13 +5,13 @@ include /etc/firejail/surf.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.surf
+noblacklist ${HOME}/.surf
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.surf
+mkdir ${HOME}/.surf
 whitelist ${DOWNLOADS}
 include /etc/firejail/whitelist-common.inc
 
diff --git a/etc/thunderbird.profile b/etc/thunderbird.profile
index 52965cf90..8af981d70 100644
--- a/etc/thunderbird.profile
+++ b/etc/thunderbird.profile
@@ -8,19 +8,19 @@ include /etc/firejail/globals.local
 # Users have thunderbird set to open a browser by clicking a link in an email
 # We are not allowed to blacklist browser-specific directories
 
-noblacklist ~/.cache/thunderbird
-noblacklist ~/.gnupg
-noblacklist ~/.icedove
-noblacklist ~/.thunderbird
+noblacklist ${HOME}/.cache/thunderbird
+noblacklist ${HOME}/.gnupg
+noblacklist ${HOME}/.icedove
+noblacklist ${HOME}/.thunderbird
 
-mkdir ~/.cache/thunderbird
-mkdir ~/.gnupg
-mkdir ~/.icedove
-mkdir ~/.thunderbird
-whitelist ~/.cache/thunderbird
-whitelist ~/.gnupg
-whitelist ~/.icedove
-whitelist ~/.thunderbird
+mkdir ${HOME}/.cache/thunderbird
+mkdir ${HOME}/.gnupg
+mkdir ${HOME}/.icedove
+mkdir ${HOME}/.thunderbird
+whitelist ${HOME}/.cache/thunderbird
+whitelist ${HOME}/.gnupg
+whitelist ${HOME}/.icedove
+whitelist ${HOME}/.thunderbird
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/whitelist-var-common.inc
 
@@ -28,7 +28,7 @@ include /etc/firejail/whitelist-var-common.inc
 ignore private-tmp
 machine-id
 disable-mnt
-read-only ~/.config/mimeapps.list
+read-only ${HOME}/.config/mimeapps.list
 
 # allow browsers
 # Redirect
diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile
index 85af86068..c2e182cea 100644
--- a/etc/torbrowser-launcher.profile
+++ b/etc/torbrowser-launcher.profile
@@ -5,18 +5,18 @@ include /etc/firejail/torbrowser-launcher.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.tor-browser-en
-noblacklist ~/.config/torbrowser
-noblacklist ~/.local/share/torbrowser
+noblacklist ${HOME}/.tor-browser-en
+noblacklist ${HOME}/.config/torbrowser
+noblacklist ${HOME}/.local/share/torbrowser
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-whitelist ~/.tor-browser-en
-whitelist ~/.config/torbrowser
-whitelist ~/.local/share/torbrowser
+whitelist ${HOME}/.tor-browser-en
+whitelist ${HOME}/.config/torbrowser
+whitelist ${HOME}/.local/share/torbrowser
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all
diff --git a/etc/totem.profile b/etc/totem.profile
index ccf292da0..be0617024 100644
--- a/etc/totem.profile
+++ b/etc/totem.profile
@@ -5,8 +5,8 @@ include /etc/firejail/totem.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/totem
-noblacklist ~/.local/share/totem
+noblacklist ${HOME}/.config/totem
+noblacklist ${HOME}/.local/share/totem
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile
index 0dad515d0..dac1c07b1 100644
--- a/etc/transmission-gtk.profile
+++ b/etc/transmission-gtk.profile
@@ -13,11 +13,11 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/transmission
-mkdir ~/.config/transmission
+mkdir ${HOME}/.cache/transmission
+mkdir ${HOME}/.config/transmission
 whitelist  ${DOWNLOADS}
-whitelist ~/.cache/transmission
-whitelist ~/.config/transmission
+whitelist ${HOME}/.cache/transmission
+whitelist ${HOME}/.config/transmission
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/whitelist-var-common.inc
 
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile
index 1da9afb5a..2d3ad0c7a 100644
--- a/etc/transmission-qt.profile
+++ b/etc/transmission-qt.profile
@@ -13,11 +13,11 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/transmission
-mkdir ~/.config/transmission
+mkdir ${HOME}/.cache/transmission
+mkdir ${HOME}/.config/transmission
 whitelist  ${DOWNLOADS}
-whitelist ~/.cache/transmission
-whitelist ~/.config/transmission
+whitelist ${HOME}/.cache/transmission
+whitelist ${HOME}/.config/transmission
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/whitelist-var-common.inc
 
diff --git a/etc/tuxguitar.profile b/etc/tuxguitar.profile
index 30e2a619d..1a426cbf6 100644
--- a/etc/tuxguitar.profile
+++ b/etc/tuxguitar.profile
@@ -5,8 +5,8 @@ include /etc/firejail/tuxguitar.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.java
-noblacklist ~/.tuxguitar*
+noblacklist ${HOME}/.java
+noblacklist ${HOME}/.tuxguitar*
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/uget-gtk.profile b/etc/uget-gtk.profile
index 56ff4f886..8fbc3b7e6 100644
--- a/etc/uget-gtk.profile
+++ b/etc/uget-gtk.profile
@@ -11,9 +11,9 @@ include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.config/uGet
+mkdir ${HOME}/.config/uGet
 whitelist ${DOWNLOADS}
-whitelist ~/.config/uGet
+whitelist ${HOME}/.config/uGet
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all
diff --git a/etc/unknown-horizons.profile b/etc/unknown-horizons.profile
index 5f70843d6..34c148ee9 100644
--- a/etc/unknown-horizons.profile
+++ b/etc/unknown-horizons.profile
@@ -5,14 +5,14 @@ include /etc/firejail/unknown-horizons.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.unknown-horizons
+noblacklist ${HOME}/.unknown-horizons
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.unknown-horizons
-whitelist ~/.unknown-horizons
+mkdir ${HOME}/.unknown-horizons
+whitelist ${HOME}/.unknown-horizons
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all
diff --git a/etc/uzbl-browser.profile b/etc/uzbl-browser.profile
index e7c931f30..1070a6c2c 100644
--- a/etc/uzbl-browser.profile
+++ b/etc/uzbl-browser.profile
@@ -5,22 +5,22 @@ include /etc/firejail/uzbl-browser.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/uzbl
-noblacklist ~/.gnupg
+noblacklist ${HOME}/.config/uzbl
+noblacklist ${HOME}/.gnupg
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.config/uzbl
-mkdir ~/.gnupg
-mkdir ~/.local/share/uzbl
-mkdir ~/.password-store
+mkdir ${HOME}/.config/uzbl
+mkdir ${HOME}/.gnupg
+mkdir ${HOME}/.local/share/uzbl
+mkdir ${HOME}/.password-store
 whitelist ${DOWNLOADS}
-whitelist ~/.config/uzbl
-whitelist ~/.gnupg
-whitelist ~/.local/share/uzbl
-whitelist ~/.password-store
+whitelist ${HOME}/.config/uzbl
+whitelist ${HOME}/.gnupg
+whitelist ${HOME}/.local/share/uzbl
+whitelist ${HOME}/.password-store
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all
diff --git a/etc/viewnior.profile b/etc/viewnior.profile
index 92d59e732..25e5956ba 100644
--- a/etc/viewnior.profile
+++ b/etc/viewnior.profile
@@ -6,12 +6,12 @@ include /etc/firejail/viewnior.local
 include /etc/firejail/globals.local
 
 blacklist /run/user/*/bus
-blacklist ~/.Xauthority
-blacklist ~/.bashrc
+blacklist ${HOME}/.Xauthority
+blacklist ${HOME}/.bashrc
 
-noblacklist ~/.Steam
-noblacklist ~/.config/viewnior
-noblacklist ~/.steam
+noblacklist ${HOME}/.Steam
+noblacklist ${HOME}/.config/viewnior
+noblacklist ${HOME}/.steam
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/vim.profile b/etc/vim.profile
index e1d5da9e3..7fe16e628 100644
--- a/etc/vim.profile
+++ b/etc/vim.profile
@@ -5,9 +5,9 @@ include /etc/firejail/vim.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.vim
-noblacklist ~/.viminfo
-noblacklist ~/.vimrc
+noblacklist ${HOME}/.vim
+noblacklist ${HOME}/.viminfo
+noblacklist ${HOME}/.vimrc
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-passwdmgr.inc
diff --git a/etc/virtualbox.profile b/etc/virtualbox.profile
index b01e6d144..61177698a 100644
--- a/etc/virtualbox.profile
+++ b/etc/virtualbox.profile
@@ -16,10 +16,10 @@ include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.config/VirtualBox
-mkdir ~/VirtualBox VMs
-whitelist ~/.config/VirtualBox
-whitelist ~/VirtualBox VMs
+mkdir ${HOME}/.config/VirtualBox
+mkdir ${HOME}/VirtualBox VMs
+whitelist ${HOME}/.config/VirtualBox
+whitelist ${HOME}/VirtualBox VMs
 whitelist ${DOWNLOADS}
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/whitelist-var-common.inc
diff --git a/etc/vivaldi.profile b/etc/vivaldi.profile
index 3cbc5b45c..039c8ed58 100644
--- a/etc/vivaldi.profile
+++ b/etc/vivaldi.profile
@@ -5,18 +5,18 @@ include /etc/firejail/vivaldi.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/vivaldi
-noblacklist ~/.config/vivaldi
+noblacklist ${HOME}/.cache/vivaldi
+noblacklist ${HOME}/.config/vivaldi
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/vivaldi
-mkdir ~/.config/vivaldi
+mkdir ${HOME}/.cache/vivaldi
+mkdir ${HOME}/.config/vivaldi
 whitelist ${DOWNLOADS}
-whitelist ~/.cache/vivaldi
-whitelist ~/.config/vivaldi
+whitelist ${HOME}/.cache/vivaldi
+whitelist ${HOME}/.config/vivaldi
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/whitelist-var-common.inc
 
diff --git a/etc/vym.profile b/etc/vym.profile
index b38d87fde..b73916b0f 100644
--- a/etc/vym.profile
+++ b/etc/vym.profile
@@ -5,7 +5,7 @@ include /etc/firejail/vym.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/InSilmaril
+noblacklist ${HOME}/.config/InSilmaril
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/w3m.profile b/etc/w3m.profile
index eddedd37a..2d56aa660 100644
--- a/etc/w3m.profile
+++ b/etc/w3m.profile
@@ -7,7 +7,7 @@ include /etc/firejail/globals.local
 
 blacklist /tmp/.X11-unix
 
-noblacklist ~/.w3m
+noblacklist ${HOME}/.w3m
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/warzone2100.profile b/etc/warzone2100.profile
index 43eacdafc..d8d68da64 100644
--- a/etc/warzone2100.profile
+++ b/etc/warzone2100.profile
@@ -5,17 +5,17 @@ include /etc/firejail/warzone2100.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.warzone2100-3.*
+noblacklist ${HOME}/.warzone2100-3.*
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
-# mkdir ~/.warzone2100-3.1
-# mkdir ~/.warzone2100-3.2
-whitelist ~/.warzone2100-3.1
-whitelist ~/.warzone2100-3.2
+# mkdir ${HOME}/.warzone2100-3.1
+# mkdir ${HOME}/.warzone2100-3.2
+whitelist ${HOME}/.warzone2100-3.1
+whitelist ${HOME}/.warzone2100-3.2
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/whitelist-var-common.inc
 
diff --git a/etc/waterfox.profile b/etc/waterfox.profile
index 53543e97e..b2abb3a5f 100644
--- a/etc/waterfox.profile
+++ b/etc/waterfox.profile
@@ -5,65 +5,65 @@ include /etc/firejail/waterfox.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/mozilla
-noblacklist ~/.cache/waterfox
-noblacklist ~/.config/okularpartrc
-noblacklist ~/.config/okularrc
-noblacklist ~/.config/qpdfview
-noblacklist ~/.kde/share/apps/okular
-noblacklist ~/.kde/share/config/okularpartrc
-noblacklist ~/.kde/share/config/okularrc
-noblacklist ~/.kde4/share/apps/okular
-noblacklist ~/.kde4/share/config/okularpartrc
-noblacklist ~/.kde4/share/config/okularrc
-# noblacklist ~/.local/share/gnome-shell/extensions
-noblacklist ~/.local/share/okular
-noblacklist ~/.local/share/qpdfview
-noblacklist ~/.mozilla
-noblacklist ~/.waterfox
-noblacklist ~/.pki
+noblacklist ${HOME}/.cache/mozilla
+noblacklist ${HOME}/.cache/waterfox
+noblacklist ${HOME}/.config/okularpartrc
+noblacklist ${HOME}/.config/okularrc
+noblacklist ${HOME}/.config/qpdfview
+noblacklist ${HOME}/.kde/share/apps/okular
+noblacklist ${HOME}/.kde/share/config/okularpartrc
+noblacklist ${HOME}/.kde/share/config/okularrc
+noblacklist ${HOME}/.kde4/share/apps/okular
+noblacklist ${HOME}/.kde4/share/config/okularpartrc
+noblacklist ${HOME}/.kde4/share/config/okularrc
+# noblacklist ${HOME}/.local/share/gnome-shell/extensions
+noblacklist ${HOME}/.local/share/okular
+noblacklist ${HOME}/.local/share/qpdfview
+noblacklist ${HOME}/.mozilla
+noblacklist ${HOME}/.waterfox
+noblacklist ${HOME}/.pki
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/mozilla/firefox
-mkdir ~/.mozilla
-mkdir ~/.cache/waterfox
-mkdir ~/.waterfox
-mkdir ~/.pki
+mkdir ${HOME}/.cache/mozilla/firefox
+mkdir ${HOME}/.mozilla
+mkdir ${HOME}/.cache/waterfox
+mkdir ${HOME}/.waterfox
+mkdir ${HOME}/.pki
 whitelist ${DOWNLOADS}
-whitelist ~/.cache/gnome-mplayer/plugin
-whitelist ~/.cache/mozilla/firefox
-whitelist ~/.cache/waterfox
-whitelist ~/.config/gnome-mplayer
-whitelist ~/.config/okularpartrc
-whitelist ~/.config/okularrc
-whitelist ~/.config/pipelight-silverlight5.1
-whitelist ~/.config/pipelight-widevine
-whitelist ~/.config/qpdfview
-whitelist ~/.kde/share/apps/okular
-whitelist ~/.kde/share/config/okularpartrc
-whitelist ~/.kde/share/config/okularrc
-whitelist ~/.kde4/share/apps/okular
-whitelist ~/.kde4/share/config/okularpartrc
-whitelist ~/.kde4/share/config/okularrc
-whitelist ~/.keysnail.js
-whitelist ~/.lastpass
-whitelist ~/.local/share/gnome-shell/extensions
-whitelist ~/.local/share/okular
-whitelist ~/.local/share/qpdfview
-whitelist ~/.mozilla
-whitelist ~/.waterfox
-whitelist ~/.pentadactyl
-whitelist ~/.pentadactylrc
-whitelist ~/.pki
-whitelist ~/.vimperator
-whitelist ~/.vimperatorrc
-whitelist ~/.wine-pipelight
-whitelist ~/.wine-pipelight64
-whitelist ~/.zotero
-whitelist ~/dwhelper
+whitelist ${HOME}/.cache/gnome-mplayer/plugin
+whitelist ${HOME}/.cache/mozilla/firefox
+whitelist ${HOME}/.cache/waterfox
+whitelist ${HOME}/.config/gnome-mplayer
+whitelist ${HOME}/.config/okularpartrc
+whitelist ${HOME}/.config/okularrc
+whitelist ${HOME}/.config/pipelight-silverlight5.1
+whitelist ${HOME}/.config/pipelight-widevine
+whitelist ${HOME}/.config/qpdfview
+whitelist ${HOME}/.kde/share/apps/okular
+whitelist ${HOME}/.kde/share/config/okularpartrc
+whitelist ${HOME}/.kde/share/config/okularrc
+whitelist ${HOME}/.kde4/share/apps/okular
+whitelist ${HOME}/.kde4/share/config/okularpartrc
+whitelist ${HOME}/.kde4/share/config/okularrc
+whitelist ${HOME}/.keysnail.js
+whitelist ${HOME}/.lastpass
+whitelist ${HOME}/.local/share/gnome-shell/extensions
+whitelist ${HOME}/.local/share/okular
+whitelist ${HOME}/.local/share/qpdfview
+whitelist ${HOME}/.mozilla
+whitelist ${HOME}/.waterfox
+whitelist ${HOME}/.pentadactyl
+whitelist ${HOME}/.pentadactylrc
+whitelist ${HOME}/.pki
+whitelist ${HOME}/.vimperator
+whitelist ${HOME}/.vimperatorrc
+whitelist ${HOME}/.wine-pipelight
+whitelist ${HOME}/.wine-pipelight64
+whitelist ${HOME}/.zotero
+whitelist ${HOME}/dwhelper
 include /etc/firejail/whitelist-common.inc
 include /etc/firejail/whitelist-var-common.inc
 
diff --git a/etc/wget.profile b/etc/wget.profile
index 510ef18f3..a16d770f2 100644
--- a/etc/wget.profile
+++ b/etc/wget.profile
@@ -8,7 +8,7 @@ include /etc/firejail/globals.local
 
 blacklist /tmp/.X11-unix
 
-noblacklist ~/.wgetrc
+noblacklist ${HOME}/.wgetrc
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-passwdmgr.inc
diff --git a/etc/whitelist-common.inc b/etc/whitelist-common.inc
index 0a8bc4685..638f1d7fc 100644
--- a/etc/whitelist-common.inc
+++ b/etc/whitelist-common.inc
@@ -3,61 +3,61 @@ include /etc/firejail/whitelist-common.local
 
 # common whitelist for all profiles
 
-whitelist ~/.XCompose
-whitelist ~/.config/mimeapps.list
-whitelist ~/.icons
-whitelist ~/.local/share/icons
-whitelist ~/.config/user-dirs.dirs
-read-only ~/.config/user-dirs.dirs
-whitelist ~/.asoundrc
-whitelist ~/.config/Trolltech.conf
-whitelist ~/.local/share/mime
-whitelist ~/.drirc
-whitelist ~/.mime.types
-whitelist ~/.local/share/applications
-read-only ~/.local/share/applications
-whitelist ~/.config/ibus
+whitelist ${HOME}/.XCompose
+whitelist ${HOME}/.config/mimeapps.list
+whitelist ${HOME}/.icons
+whitelist ${HOME}/.local/share/icons
+whitelist ${HOME}/.config/user-dirs.dirs
+read-only ${HOME}/.config/user-dirs.dirs
+whitelist ${HOME}/.asoundrc
+whitelist ${HOME}/.config/Trolltech.conf
+whitelist ${HOME}/.local/share/mime
+whitelist ${HOME}/.drirc
+whitelist ${HOME}/.mime.types
+whitelist ${HOME}/.local/share/applications
+read-only ${HOME}/.local/share/applications
+whitelist ${HOME}/.config/ibus
 
 # fonts
-whitelist ~/.fonts
-whitelist ~/.fonts.d
-whitelist ~/.fontconfig
-whitelist ~/.fonts.conf
-whitelist ~/.fonts.conf.d
-whitelist ~/.local/share/fonts
-whitelist ~/.config/fontconfig
-whitelist ~/.cache/fontconfig
-whitelist ~/.pangorc
+whitelist ${HOME}/.fonts
+whitelist ${HOME}/.fonts.d
+whitelist ${HOME}/.fontconfig
+whitelist ${HOME}/.fonts.conf
+whitelist ${HOME}/.fonts.conf.d
+whitelist ${HOME}/.local/share/fonts
+whitelist ${HOME}/.config/fontconfig
+whitelist ${HOME}/.cache/fontconfig
+whitelist ${HOME}/.pangorc
 
 # gtk
-whitelist ~/.gtkrc
-whitelist ~/.gtkrc-2.0
-whitelist ~/.gtk-2.0
-whitelist ~/.config/gtk-2.0
-whitelist ~/.config/gtk-3.0
-whitelist ~/.config/gtkrc
-whitelist ~/.config/gtkrc-2.0
-whitelist ~/.themes
-whitelist ~/.local/share/themes
-whitelist ~/.kde/share/config/gtkrc
-whitelist ~/.kde/share/config/gtkrc-2.0
-whitelist ~/.kde4/share/config/gtkrc
-whitelist ~/.kde4/share/config/gtkrc-2.0
-whitelist ~/.gnome2
-whitelist ~/.gnome2-private
+whitelist ${HOME}/.gtkrc
+whitelist ${HOME}/.gtkrc-2.0
+whitelist ${HOME}/.gtk-2.0
+whitelist ${HOME}/.config/gtk-2.0
+whitelist ${HOME}/.config/gtk-3.0
+whitelist ${HOME}/.config/gtkrc
+whitelist ${HOME}/.config/gtkrc-2.0
+whitelist ${HOME}/.themes
+whitelist ${HOME}/.local/share/themes
+whitelist ${HOME}/.kde/share/config/gtkrc
+whitelist ${HOME}/.kde/share/config/gtkrc-2.0
+whitelist ${HOME}/.kde4/share/config/gtkrc
+whitelist ${HOME}/.kde4/share/config/gtkrc-2.0
+whitelist ${HOME}/.gnome2
+whitelist ${HOME}/.gnome2-private
 
 # dconf
-mkdir ~/.config/dconf
-whitelist ~/.config/dconf
+mkdir ${HOME}/.config/dconf
+whitelist ${HOME}/.config/dconf
 
 # qt/kde
-whitelist ~/.config/kdeglobals
-whitelist ~/.config/kioslaverc
-whitelist ~/.kde/share/config/oxygenrc
-whitelist ~/.kde/share/config/kdeglobals
-whitelist ~/.kde/share/config/kioslaverc
-whitelist ~/.kde/share/icons
-whitelist ~/.kde4/share/config/oxygenrc
-whitelist ~/.kde4/share/config/kdeglobals
-whitelist ~/.kde4/share/config/kioslaverc
-whitelist ~/.kde4/share/icons
+whitelist ${HOME}/.config/kdeglobals
+whitelist ${HOME}/.config/kioslaverc
+whitelist ${HOME}/.kde/share/config/oxygenrc
+whitelist ${HOME}/.kde/share/config/kdeglobals
+whitelist ${HOME}/.kde/share/config/kioslaverc
+whitelist ${HOME}/.kde/share/icons
+whitelist ${HOME}/.kde4/share/config/oxygenrc
+whitelist ${HOME}/.kde4/share/config/kdeglobals
+whitelist ${HOME}/.kde4/share/config/kioslaverc
+whitelist ${HOME}/.kde4/share/icons
diff --git a/etc/wire.profile b/etc/wire.profile
index af14f686f..fc25cbc1e 100644
--- a/etc/wire.profile
+++ b/etc/wire.profile
@@ -8,8 +8,8 @@ include /etc/firejail/globals.local
 # Note: the current beta version of wire is located in /opt/Wire/wire and therefore not in PATH.
 # To use wire with firejail run "firejail /opt/Wire/wire"
 
-noblacklist ~/.config/Wire
-noblacklist ~/.config/wire
+noblacklist ${HOME}/.config/Wire
+noblacklist ${HOME}/.config/wire
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/xfburn.profile b/etc/xfburn.profile
index ec1aca75f..fc90f67e2 100644
--- a/etc/xfburn.profile
+++ b/etc/xfburn.profile
@@ -5,7 +5,7 @@ include /etc/firejail/xfburn.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/xfburn
+noblacklist ${HOME}/.config/xfburn
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/xiphos.profile b/etc/xiphos.profile
index 5a07d4b74..91b782473 100644
--- a/etc/xiphos.profile
+++ b/etc/xiphos.profile
@@ -5,11 +5,11 @@ include /etc/firejail/xiphos.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-blacklist ~/.Xauthority
-blacklist ~/.bashrc
+blacklist ${HOME}/.Xauthority
+blacklist ${HOME}/.bashrc
 
-noblacklist ~/.sword
-noblacklist ~/.xiphos
+noblacklist ${HOME}/.sword
+noblacklist ${HOME}/.xiphos
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/xplayer.profile b/etc/xplayer.profile
index d4a2fa846..8ea361d79 100644
--- a/etc/xplayer.profile
+++ b/etc/xplayer.profile
@@ -5,8 +5,8 @@ include /etc/firejail/xplayer.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/xplayer
-noblacklist ~/.local/share/xplayer
+noblacklist ${HOME}/.config/xplayer
+noblacklist ${HOME}/.local/share/xplayer
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/xreader.profile b/etc/xreader.profile
index 76fae9fed..00bd1ee2f 100644
--- a/etc/xreader.profile
+++ b/etc/xreader.profile
@@ -5,9 +5,9 @@ include /etc/firejail/xreader.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/xreader
-noblacklist ~/.config/xreader
-# noblacklist ~/.local/share
+noblacklist ${HOME}/.cache/xreader
+noblacklist ${HOME}/.config/xreader
+# noblacklist ${HOME}/.local/share
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/xviewer.profile b/etc/xviewer.profile
index 5c624c384..7c4ede111 100644
--- a/etc/xviewer.profile
+++ b/etc/xviewer.profile
@@ -7,10 +7,10 @@ include /etc/firejail/globals.local
 
 # blacklist /run/user/*/bus - makes settings immutable
 
-noblacklist ~/.Steam
-noblacklist ~/.config/xviewer
-noblacklist ~/.local/share/Trash
-noblacklist ~/.steam
+noblacklist ${HOME}/.Steam
+noblacklist ${HOME}/.config/xviewer
+noblacklist ${HOME}/.local/share/Trash
+noblacklist ${HOME}/.steam
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
diff --git a/etc/yandex-browser.profile b/etc/yandex-browser.profile
index bfb7b9d87..605ce3413 100644
--- a/etc/yandex-browser.profile
+++ b/etc/yandex-browser.profile
@@ -5,27 +5,27 @@ include /etc/firejail/yandex-browser.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.cache/yandex-browser
-noblacklist ~/.cache/yandex-browser-beta
-noblacklist ~/.config/yandex-browser
-noblacklist ~/.config/yandex-browser-beta
-noblacklist ~/.pki
+noblacklist ${HOME}/.cache/yandex-browser
+noblacklist ${HOME}/.cache/yandex-browser-beta
+noblacklist ${HOME}/.config/yandex-browser
+noblacklist ${HOME}/.config/yandex-browser-beta
+noblacklist ${HOME}/.pki
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.cache/yandex-browser
-mkdir ~/.cache/yandex-browser-beta
-mkdir ~/.config/yandex-browser
-mkdir ~/.config/yandex-browser-beta
-mkdir ~/.pki
+mkdir ${HOME}/.cache/yandex-browser
+mkdir ${HOME}/.cache/yandex-browser-beta
+mkdir ${HOME}/.config/yandex-browser
+mkdir ${HOME}/.config/yandex-browser-beta
+mkdir ${HOME}/.pki
 whitelist ${DOWNLOADS}
-whitelist ~/.cache/yandex-browser
-whitelist ~/.cache/yandex-browser-beta
-whitelist ~/.config/yandex-browser
-whitelist ~/.config/yandex-browser-beta
-whitelist ~/.pki
+whitelist ${HOME}/.cache/yandex-browser
+whitelist ${HOME}/.cache/yandex-browser-beta
+whitelist ${HOME}/.config/yandex-browser
+whitelist ${HOME}/.config/yandex-browser-beta
+whitelist ${HOME}/.pki
 include /etc/firejail/whitelist-common.inc
 
 caps.keep sys_chroot,sys_admin
diff --git a/etc/zathura.profile b/etc/zathura.profile
index ad64371e8..636d89bef 100644
--- a/etc/zathura.profile
+++ b/etc/zathura.profile
@@ -7,8 +7,8 @@ include /etc/firejail/globals.local
 
 blacklist /run/user/*/bus
 
-noblacklist ~/.config/zathura
-noblacklist ~/.local/share/zathura
+noblacklist ${HOME}/.config/zathura
+noblacklist ${HOME}/.local/share/zathura
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
@@ -31,5 +31,5 @@ private-bin zathura
 private-dev
 private-etc fonts
 private-tmp
-read-only ~/
-read-write ~/.local/share/zathura/
+read-only ${HOME}/
+read-write ${HOME}/.local/share/zathura/
diff --git a/etc/zoom.profile b/etc/zoom.profile
index 381df9ab5..061efb44d 100644
--- a/etc/zoom.profile
+++ b/etc/zoom.profile
@@ -5,15 +5,15 @@ include /etc/firejail/zoom.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-noblacklist ~/.config/zoomus.conf
+noblacklist ${HOME}/.config/zoomus.conf
 
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 
-mkdir ~/.zoom
-whitelist ~/.cache/zoom
-whitelist ~/.zoom
+mkdir ${HOME}/.zoom
+whitelist ${HOME}/.cache/zoom
+whitelist ${HOME}/.zoom
 include /etc/firejail/whitelist-common.inc
 
 caps.drop all