diff --git a/apparmor.d/abstractions/user-read b/apparmor.d/abstractions/user-read
index 210fd5f27..1a218eb1b 100644
--- a/apparmor.d/abstractions/user-read
+++ b/apparmor.d/abstractions/user-read
@@ -1,27 +1,12 @@
-# apparmor.d - Full set of apparmor profiles
-# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
+ apparmor.d - Full set of apparmor profiles
 # SPDX-License-Identifier: GPL-2.0-only
 
-# This abstraction gives read access on all defined user directories. It should
-# only be used if access to **ALL** folders is required.
+# This abstraction provides safe read access to all directories
+# that commonly include user owned files as referenced by the 
+# filesystem hierarchy standard. Hidden files in $HOME are excluded
 
-  owner @{HOME}/@{XDG_WALLPAPERS_DIR}/{,**} r,
-  owner @{HOME}/@{XDG_SCREENSHOTS_DIR}/{,**} r,
-  owner @{MOUNTS}/@{XDG_SCREENSHOTS_DIR}/{,**} r,
-  owner @{MOUNTS}/@{XDG_WALLPAPERS_DIR}/{,**} r,
+  owner @{HOME}/ r,
+  owner @{HOME}/[^.]**  r,
+  owner @{MOUNTDIRS}/{,**} r,
 
-  owner @{user_books_dirs}/{,**} r,
-  owner @{user_documents_dirs}/{,**} r,
-  owner @{user_games_dirs}/{,**} r,
-  owner @{user_music_dirs}/{,**} r,
-  owner @{user_pictures_dirs}/{,**} r,
-  owner @{user_projects_dirs}/{,**} r,
-  owner @{user_publicshare_dirs}/{,**} r,
-  owner @{user_sync_dirs}/{,**} r,
-  owner @{user_templates_dirs}/{,**} r,
-  owner @{user_torrents_dirs}/{,**} r,
-  owner @{user_videos_dirs}/{,**} r,
-  owner @{user_vm_dirs}/{,**} r,
-  owner @{user_work_dirs}/{,**} r,
-
-  include if exists <abstractions/user-read.d>
\ No newline at end of file
+include if exists <abstractions/user-read.d>
diff --git a/apparmor.d/abstractions/user-xdg-read b/apparmor.d/abstractions/user-xdg-read
new file mode 100644
index 000000000..210fd5f27
--- /dev/null
+++ b/apparmor.d/abstractions/user-xdg-read
@@ -0,0 +1,27 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+# This abstraction gives read access on all defined user directories. It should
+# only be used if access to **ALL** folders is required.
+
+  owner @{HOME}/@{XDG_WALLPAPERS_DIR}/{,**} r,
+  owner @{HOME}/@{XDG_SCREENSHOTS_DIR}/{,**} r,
+  owner @{MOUNTS}/@{XDG_SCREENSHOTS_DIR}/{,**} r,
+  owner @{MOUNTS}/@{XDG_WALLPAPERS_DIR}/{,**} r,
+
+  owner @{user_books_dirs}/{,**} r,
+  owner @{user_documents_dirs}/{,**} r,
+  owner @{user_games_dirs}/{,**} r,
+  owner @{user_music_dirs}/{,**} r,
+  owner @{user_pictures_dirs}/{,**} r,
+  owner @{user_projects_dirs}/{,**} r,
+  owner @{user_publicshare_dirs}/{,**} r,
+  owner @{user_sync_dirs}/{,**} r,
+  owner @{user_templates_dirs}/{,**} r,
+  owner @{user_torrents_dirs}/{,**} r,
+  owner @{user_videos_dirs}/{,**} r,
+  owner @{user_vm_dirs}/{,**} r,
+  owner @{user_work_dirs}/{,**} r,
+
+  include if exists <abstractions/user-read.d>
\ No newline at end of file