diff --git a/Makefile b/Makefile
index 932bf33..42f8c6e 100644
--- a/Makefile
+++ b/Makefile
@@ -326,6 +326,7 @@ install-deb: install-common install-systemd install-systemd-dropins
 	install -d $(DESTDIR)/etc/needrestart/conf.d
 	install -D -m 0644 misc/50_qubes.conf $(DESTDIR)/etc/needrestart/conf.d/50_qubes.conf
 	install -D -m 0644 misc/grub.qubes $(DESTDIR)/etc/default/grub.d/30-qubes.cfg
+	install -D -m 0644 misc/apt-conf-70no-unattended $(DESTDIR)/etc/apt/apt.conf.d/70no-unattended
 
 	mkdir -p $(DESTDIR)/etc/systemd/system/
 	install -m 0644 vm-systemd/haveged.service  $(DESTDIR)/etc/systemd/system/
diff --git a/debian/qubes-core-agent.install b/debian/qubes-core-agent.install
index 1eb21b4..b34789f 100644
--- a/debian/qubes-core-agent.install
+++ b/debian/qubes-core-agent.install
@@ -1,5 +1,6 @@
 etc/X11/xorg-preload-apps.conf
 etc/apt/apt.conf.d/00notify-hook
+etc/apt/apt.conf.d/70no-unattended
 etc/apt/sources.list.d/qubes-r4.list
 etc/apt/trusted.gpg.d/qubes-archive-keyring.gpg
 etc/default/grub.d/30-qubes.cfg
diff --git a/misc/apt-conf-70no-unattended b/misc/apt-conf-70no-unattended
new file mode 100644
index 0000000..7130413
--- /dev/null
+++ b/misc/apt-conf-70no-unattended
@@ -0,0 +1,26 @@
+## Based on pkg-manager-no-autoupdate by Patrick Schleizer <adrelanos@riseup.net>
+## https://github.com/Whonix/pkg-manager-no-autoupdate
+
+## Disable automatic update check APT::Periodic::Update-Package-Lists
+## which is the Debian default in /etc/apt/apt.conf.d/10periodic.
+##
+## The execution time would be too predictable, thus make us fingerprintable.
+##
+## 20noperiodic comes after 10periodic in alphabet so it takes precedence.
+##
+## Quoted from the Debian Handbook
+## http://debian-handbook.info/browse/wheezy/sect.apt-get.html
+##
+## "[...] Each directory represents a configuration file which is split over multiple
+## files. In this sense, all of the files in /etc/apt/apt.conf.d/ are instructions
+## for the configuration of APT. APT includes them in alphabetical order, so that the
+## last ones can modify a configuration element defined in one of the first ones. [...]
+##
+## That changes take effect can be verified using:
+## apt-config dump
+
+APT::Periodic::Update-Package-Lists "0";
+APT::Periodic::Download-Upgradeable-Packages "0";
+APT::Periodic::AutocleanInterval "0";
+APT::Periodic::Unattended-Upgrade "0";
+APT::Periodic::Enable "0";