Like ArkenFox, but less ‘extreme’. It’s a set of user.js modifications.
Why I think this tool should be added
I’ve been using this since it was recommended on Hacker News two years ago. I don’t agree with every ‘default’ decision, but nothing they changed ever frustrated me and caused me to remove it. I think it’s a pretty nice set of adjustments to user.js of Firefox. I pick some adjustments in the common overrides section of the Github and generally don’t need to tinker with it again. This is especially nice to have in the wake of the various anti-features Mozilla seems dead set on adding to the browser. It’s been a long while since I used Arkenfox, but at the time it added ‘padding’ to the windows of pages as an anti-fingerprinting measure, that I personally find an eye sore.
Firefox is inherently insecure. I can already see the responses to that source, “Last updated March 2022”, “2/3 year old article”, “Biased and outdated”, but these are often said in a hand-wave manner with the hope that time has fixed the issues present in the article… it has not. Saying the article is old actually makes Firefox look worse, since it hasn’t significantly improved in 3 years. To be fair, there has been improvement but not enough of it to make it comparible to Chromium based browsers (even from 3 years ago). This is especially true on Linux where the sandboxing is very poor, and Android where there is no website sandbox at all. The current Android implementation of the Firefox sandbox (Fission) is not enabled by default (except by IronFox), even if it was enabled the implementation does not use Android’s isolatedProcess flag, which ensures that subprocesses are properly isolated and cannot trivially escalate privilege within the application. Equivalent to Android, Firefox does not have complete sandboxing in Flatpak, it doesn’t even offer a compatibility layer alike to zypak, it just opts to cripple its own security (only recently have they begun offering a warning in environments without user namespaces that sandbox may be degraded, but this warning doesn’t show up in the official and verified Flatpak for Firefox).
Firefox Forks
I don’t think I need to go too much in depth, most FF forks are just regular Firefox with either UI changes or some changes to user-hostile defaults. They typically suffer slower update cycles.
Although, I will talk about 2 specifically, Librewolf and Pale Moon. Librewolf is just Firefox with defaults changed… nothing else. They don’t even maintain the defaults, they just use arkenfox-user.js. They may have some deviated changes but fundamentally it is just arkenfox built-into Firefox with a slower update cycle. Pale Moon uses ancient code with some security patches backported, and it is single-process so it cannot utilize any modern sandboxing technology (such as seccomp or namespaces, or the adjacents on other platforms). You can manually sandbox the browser but that doesn’t isolate sites from each other. This also means that newer security features FF adds (as rare as that is) will not get properly added if they get added at all.
I’m not following. The comparison we are discussing is ArkenFox vs Betterfox. Betterfox is not a Firefox fork. My proposal does not supersede ArkenFox. I’m suggesting it gets an ‘honorable mention’ at least, for users who want an easy ‘out of box’ Firefox experience that is more hardened and private, but with less risk of ‘breakage’ or other potential headaches of ArkenFox.
What I’m getting at is that I think Firefox should be completely removed, but if you absolutely have to use an insecure browser, Arkenfox is the bare minimum.
This is a forum about privacy, not security. You can’t be secure and private at the same time—choose one.
Your source recommends Google Chrome; does that mean it should be added to the recommendations? No.
It’s certainly gotten crazy when you can’t even shoot down suggestions to prevent inexperienced users from getting into trouble. I can understand if experienced and knowledgeable people use Firefox for some reason, but it absolutely shouldn’t be used if someone is going to suggest Betterfox in the recommendations.
As this forum appears to be growing, it’s time to get rid of all Firefoxes.
Please be civil with each other. People are free to suggest changes to the website just as people are free to agree and/or disagree with those changes, all we ask is that you are polite.
Technically a new topic could also be opened for removing all Firefox based browsers (besides Tor) but that would likely be stalled until the changes suggested above are resolved.
I think many user.js files probably have merit in themselves (also see Phoenix.js, from Celenity- the IronFox dev)
What we should focus on is the adoption rate of those, we don’t want to recommend user.js that would be adopted by too small a crowd.
How to know the adoption rate? Very difficult. Ideally we would get the number of git clone which would be a good indicator. As this data might not be available, some proxy maybe. Stars are one, although they favor logged-in users.
Per starts, Arkenfox is a bit more popular than Betterfox. So we could recommend it, ignoring other aspects that need to be looked at, such as quality.
Are you fucking kidding me? Betterfox is a fucking AF clone - Betterfox copies everything AF does and even waits for AF to decide what to do. Betterfox copies my fucking WIKI, it copies my ideas, it copies fucking everything, and even then it reverts a few changes to the detriment of security/privacy because .. IDk, ignorance and just plain plagiarism
I feel the same way about Betterfox as I do about LibreWolf just use arkenfox and read the arkenfox wiki.
Thanks for finding this GitHub comment. Basically sums up my thoughts on Betterfox too. I’m going to mark this as rejected because it seems like OP or someone else would need to elaborate on why Arkenfox isn’t sufficient or Betterfox is better, which is not currently possible seeing as…
If people do indeed believe Arkenfox is too ‘extreme’ that signals to me that we should have better guidance on customizing it instead, which is what you’re supposed to be doing anyways. It can only be as extreme as you configure it to be, following the guidance at: