Librewolf offers a degree of anti-fingerprinting protection (Firefox + RFP) but isn’t at the same level as Tor Browser or Mullvad Browser when it comes to anti-fingerprinting overall.
I think Librewolf is more comparable to Firefox + Arkenfox, but probably has a larger userbase (which is a pro) doesn’t enable letterboxing (which is a con). Not saying its a bad choice overall (I think its a valid option) but when it comes to strong fingerprinting protection, I think @Valynor is correct: Mullvad Browser + VPN or Tor Browser.
So I asked the Mullvad team, they confirmed what I think I saw somewhere (can’t find it again): if a VPN is used along with Mullvad Browser, it would need to be on the same IP address as other users in order for the protection to work.
What I meant is, depending on the server you connect, the “pool” would change.
For example, if there is a pool of 10 000 using Mullvad Browser.
Then there would be a split depending on where each user connect through their VPN. If we say, 80% of users use Mullvad VPN and 20% use 10 different VPNs (let’s assume they all have a sharing IP policy).
Then this 20% would get further mixed and in the end, there could be a lone user using Mullvad Browser, connected to a private trusted VPN in a location where there isn’t necessarily a lot of people and thus would make fingerprinting still possible.
Since this has been confirmed, I asked for what was the userbase, which they couldn’t or wouldn’t provide.
So to summarize this topic (thanks to everyone):
The statistics on user-base per browser are unreliable because those stats are based on user-tracking.
For any websites where you don’t need to login (regular browsing): use Mullvad Browser + a VPN with a strong user base and a shared IP policy. When connecting to the VPN, make sure the location picked has many users.
For any websites where you do need to login or on Android: use your preferred privacy browser.
Everyone approaches with different levels of understanding/knowledge. But in this case I think they are responding partially in reply to my earlier comment where I partially contested (still contest) the statements that:
you have to have people be on the same VPN connections for that pool of unique users to work countering fingerprinting.
[…]
if a VPN is used along with Mullvad Browser, it would need to be on the same IP address as other users in order for the protection to work.
I absolutely concur that the strongest protection will come from using the same VPN as most other people are using (which is not knowable but is almost certainly Mullvad VPN I’d assume). But it doesn’t necessarily follow that using a VPN less popular with Mullvad Browser users would render Mullvad’s anti-FP protection ineffective (assuming your FP is not unique and static, and that you vary the VPN servers you connect to, sanitize between sessions, and follow other best practices). It isnt’ as strong as having a large cohort of users you blend in with, but it is still a meaningful improvement over not using Mullvad Browser + A VPN.
At least that is my current thinking, maybe there are blindspots/misconceptions in my thinking, if you see any, point them out.