I like LibreWolf, but I don’t like that it wipes cookies and session tokens each time you launch it. I understand why they do it, but it’s a consideration outside my threat model, so it just annoys me.
No, because Librewolf also adds fingerprint resisting which is stronger than Firefox’s and has ublock origin installed by default. It also has the ability to block stuff like WebGL and JS canvases by default
Also, Librewolf strips out telemetry and allows for some good about:config flags to be used via simple toggles in settings
I do genuinely believe that these Firefox forks are mostly pointless rebrands of Firefox to satisfy a small crowd of people who are fine with Firefox but don’t want Firefox or Mozilla branding. Other than branding, they tweak the default config, pre-install ublock origin, and that’s about it. I guess this one exposes some already existing about:config flags in the settings UI. The best part is they are managed by small teams that run a few versions behind Firefox persistently, leaving 0-days unpatched and thus their users vulnerable. Their small userbase also opens their users up to tracking that wouldn’t be possible with larger browsers.
Not true, FF comes with few binary blobs which are removed from Librewolf. Also there are some things disabled entirely at build time, so they are removed from being an option. So it’s not just the settings, and it’s not plain re-branding. Some distros has gotten it wrong, believing that it’s just a matter of settings, but at least on the case of Librewolf and the Tor browser that’s not the case.
That hey depend on FF continuous development to exist is true, that doesn’t mean they just rebrand.
Tor browser is something else, I don’t group it in with stuff like Librewolf.
For librewolf, I just took a look to try and figure out what binary blobs are being talked about. This is the repository I was looking at, I think its the right place: https://codeberg.org/librewolf/source/src/branch/main. There isn’t much documentation on the patches besides the file names for the most part, but do you have any idea which of these relates to binary blobs? Or is it in the settings file? Really nothing I see here convinces me that this project is worth anybody’s time over regular firefox, it just changes some defaults, disables pocket (they patch it out, but there’s already a setting), and changes the branding. I don’t disagree with most of their changes, I just don’t see the point of maintaining and marketing an entire derivative browser for what could just be a settings hardening guide on a wiki somewhere.
There are several patches under its patches source directory, and there are different sort of packages, one example is the sed patch to avoid including pocket in the build. The DRM widevine is not included either on the build, though it can be installed if you want it installed (probably there’s a patch for that somewhere).
But I no longer see removing binary blobs being advertised by Librewolf, it’s been a while since I don’t check on their site…
I guess I don’t see the point of removing pocket from the build since it can be disabled in a standard Firefox build with a single about:config option. That’s what I do.
You can also easily set specific sites’ cookies not to be wiped, I use this to have websites I trust to store my data for convenience, but any random tracker-infested blog to forget me as soon as the browser closes!
And also, Mullvad Browser does this by default, as well. I think theirs can’t even be configured on a per-site basis.
I like LibreWolf, but I don’t like that it wipes cookies and session tokens each time you launch it. I understand why they do it, but it’s a consideration outside my threat model, so it just annoys me.
Then just turn those specific settings off?
But then aren’t you basically back to Firefox?
No, because Librewolf also adds fingerprint resisting which is stronger than Firefox’s and has ublock origin installed by default. It also has the ability to block stuff like WebGL and JS canvases by default
Also, Librewolf strips out telemetry and allows for some good about:config flags to be used via simple toggles in settings
Oh, okay. That is quite a bit different. I guess those QoL tweaks can still be worth it, then!
not really
…do you really think they’ve spent all this time creating a new browser that just has a setting enabled?
I do genuinely believe that these Firefox forks are mostly pointless rebrands of Firefox to satisfy a small crowd of people who are fine with Firefox but don’t want Firefox or Mozilla branding. Other than branding, they tweak the default config, pre-install ublock origin, and that’s about it. I guess this one exposes some already existing about:config flags in the settings UI. The best part is they are managed by small teams that run a few versions behind Firefox persistently, leaving 0-days unpatched and thus their users vulnerable. Their small userbase also opens their users up to tracking that wouldn’t be possible with larger browsers.
Not true, FF comes with few binary blobs which are removed from Librewolf. Also there are some things disabled entirely at build time, so they are removed from being an option. So it’s not just the settings, and it’s not plain re-branding. Some distros has gotten it wrong, believing that it’s just a matter of settings, but at least on the case of Librewolf and the Tor browser that’s not the case.
That hey depend on FF continuous development to exist is true, that doesn’t mean they just rebrand.
Tor browser is something else, I don’t group it in with stuff like Librewolf.
For librewolf, I just took a look to try and figure out what binary blobs are being talked about. This is the repository I was looking at, I think its the right place: https://codeberg.org/librewolf/source/src/branch/main. There isn’t much documentation on the patches besides the file names for the most part, but do you have any idea which of these relates to binary blobs? Or is it in the settings file? Really nothing I see here convinces me that this project is worth anybody’s time over regular firefox, it just changes some defaults, disables pocket (they patch it out, but there’s already a setting), and changes the branding. I don’t disagree with most of their changes, I just don’t see the point of maintaining and marketing an entire derivative browser for what could just be a settings hardening guide on a wiki somewhere.
There are several patches under its patches source directory, and there are different sort of packages, one example is the
sed
patch to avoid includingpocket
in the build. The DRM widevine is not included either on the build, though it can be installed if you want it installed (probably there’s a patch for that somewhere).But I no longer see removing binary blobs being advertised by Librewolf, it’s been a while since I don’t check on their site…
I guess I don’t see the point of removing pocket from the build since it can be disabled in a standard Firefox build with a single about:config option. That’s what I do.
No, which is why I added the qualifier “basically,” which implies a fundamental sameness while still having technical differences.
😅😂
@Telorand @c0smokram3r
In Settings, Privacy & Security, Manage Exceptions, I “Allow” only a handful of sites to store my perma-cookies…so I’m not nagged for user & pw
I don’t know why this never occurred to me. This is what I’m going to do from now on.
You can also easily set specific sites’ cookies not to be wiped, I use this to have websites I trust to store my data for convenience, but any random tracker-infested blog to forget me as soon as the browser closes!
And also, Mullvad Browser does this by default, as well. I think theirs can’t even be configured on a per-site basis.
That’s a good idea.