Librewolf: A fork of Firefox, focused on privacy, security and freedom

I have tested it for a while. It is comparable (or even better, in my opinion) to a Firefox with Arkenfox. Its development is active, its results are quite good and, in general, it is a browser that I would personally recommend for any desktop user who wants a browser similar or based on Firefox, with good privacy, and without the difficulties that may arise from having to configure the program internally.

Website & Link of interest

I have concerns about long-term availability of librewolf. I’ve used in the past but I don’t see any extra benefits from a hardened Firefox (user.js arkenfox etc). Firefox has been around like decades. A much better long-term suggestion.

1 Like

In my opinion the benefits are more geared towards uninformed users looking for a quick fix, since hardening firefox correctly can require both a lot of prior knowledge and active time dedication. I understand that, for many users, these requirements will be short-lived, but I think we should try to make it as accessible and easy as possible to take the step towards a more private digital life, and I think Librewolf does that. About the long term maintenance, we can assume the same useful life as Firefox, because it is a fork of it, and the developers prevail in the task of maintaining and improving it. Best regards.

3 Likes

Until they don’t. At least Mozilla has a long record.

1 Like

Well, the same can happen with Arkenfox, in the sense that it becomes outdated because the day comes when it stops receiving updates, and while Firefox does receive updates, by default, it leaves a lot to be desired in terms of defending privacy. Librewolf has been active for over a year now, and there has not been a single moment where development has slacked off. I understand that it is a young project and that can generate suspicions, but I don’t think that argument is enough to not take it into account when recommending software for privacy.

Use it for some time now and I like it. I have a Mullvad VPN and followed the guide to prevent DNS-leaks from it and made it fingerprinting proof. I have tested other privacy oriented browsers, but I prefer Librewolf for now.

I’m against using LibreWolf for several reasons.

First off, LibreWolf does not add anything new from Firefox. Firefox users can disable telemetry in the settings and in about:config. I don’t believe LibreWolf improves Firefox security but actually worsens it because they install uBlock Origin by default, which significantly increases attack surface and uses Manifest V2 which is being deprecated as it’s a huge security risk, and they disable Google Safebrowsing which is a necessary security feature to protect users from malicious URLs and Mozilla’s implementation is privacy-respecting.

Second, because LibreWolf is a community fork of Firefox developed by a small team, it will always be behind Firefox in updates by a few days. This means users won’t receive security patches as quickly as Firefox users. While Chromium forks like Vanadium and Mulch also lag behind a day or two each release, it is not as easy to apply those security patches onto vanilla Chromium as you’d have to compile the browser yourself, so it’s worth the trade. Firefox users can just use Arkenfox to harden the browser, but most users will be fine using the recommended settings in about:preferences and leaving about:config alone.

Like bayesian said, LibreWolf hasn’t been around as long as Firefox and development for LibreWolf did come to a halt for a while a few years back.

In general, I think most people should avoid Firefox entirely and use a browser based on Chromium (Edge for Windows, Chrome or Brave for other operating systems).

2 Likes

Well, there are thing to mention for one or the other. I stick with Librewolf for now. Like I said, I tried other privacy browsers and this ticks the most boxes for me.
I can assure you however, that I will never ever use a browser made by Google or Microsoft.

No security risk. Deprecated in Googleland only!

I highly disagree! Firefox is one of the best (if not the best) browsers for you to use right now. Tor browser is built based on Firefox. I strong urge anyone to ditch Chromium-based browsers and adopt Firefox/Tor Browser. If you have 1-2h of your time you can learn how to hard it either by following a YouTube video or the Arkenfox/user.js README.

3 Likes

Watching YouTube videos doesn’t change the fact that Firefox is not as technically advanced as chromium, and doesn’t provide the level of protecting against attacks.

The idea that Chromium = Google = bad and Firefox != Google = good is just nonsense.

3 Likes

No security risk. Deprecated in Googleland only!

While I understand the reasoning behind choosing Firefox over Chromium based browsers (more freedom, and supporting an open web), claiming that the current status quo with regards to adblockers (which have privileged access to the webpage) does not have any security risks is a bit disingenuous. As iOS Safari shows, good cosmetic filtering is still possible without giving up security, and hopefully Google will be moving in a similar direction.

Extensions are highly privileged programs that have access to all your data on every website. Manifest V3 restricts what these extensions can do, but regardless, it’s a good idea not to install any browser extensions. Ideally, a browser would not support extensions at all and provide privacy by default. This would prevent any third-parties including Gorhill from spying on the user’s entire browsing history and everyone would be uniform.

No. It’s not. Firefox is still behind Chromium in exploit mitigations and it’s sandboxing and site isolation is less mature than Chromium’s. That said, it’s still a better choice than most other browsers including ones that use even more insecure engines like QtWebEngine (which uses an extremely old version of Chromium), WebKit (no site isolation), Goanna, and NetSurf’s engine.

Tor Browser, while the only true way to browse anonymously, is seriously flawed due to being forked from Firefox instead of Chromium and not being as up-to-date as other Firefox and Chromium forks.

I think Google Chrome isn’t a bad browser for most people as it is the most secure (apart from Edge on Windows) and updated and users can disable most if not all telemetry in the settings. There should be a guide for this and Edge even if the browsers aren’t recommended since a lot of people must use those browsers or simply don’t want to switch.

3 Likes

Just linking that Add Librewolf · Discussion #423 · privacyguides/privacyguides.org · GitHub

Big tech conspiracy, it’s not a good argument.

Google and Microsoft are excellent in terms of security.

That’s why google pixel are recommended.

Firefox is a good browser in it’s own, but bear in mind that you need to use arkenfox to make it less shitty. Chromium-based browsers have no need for such things. And btw, after a long try with FF+AF and LW, I can tell you that just switching toggles in Firefox is enough, and for the arkenfox part, I use Tor Browser.

I will stop here as I don’t know much more about browsers. That being said, I used Firefox all my life, and I’m currently switching to Brave, as it gets better and better overall.

P.S: I don’t want to tear down any project, just exposing some facts that I know. Don’t take my word for what I say as I don’t know much about browsers, I’m just exposing my experience. Thanks in advance.

1 Like

I agree. Google Chrome and Microsoft Edge have excellent security and should be considered over Firefox and LibreWolf. If one requires privacy, they can disable telemetry in the settings. A lot of people are worried about Google and Microsoft surveillance but a lot of it is just conspiracy theories and fearmongering, not saying that they don’t track their users because they do.

I believe that sometimes the best way to avoid Google surveillance is by using Google products as they provide security and there are ways to prevent tracking on Google products. For example, one can install GrapheneOS on a Google Pixel device. The “DeGoogle” movement is not a sane approach to privacy and security and I see no reason why anyone should completely avoid Google. Some telemetry is bad but being paranoid about telemetry is much worse.

1 Like

I think “big tech conspiracy” is a very good argument, sad to say. In terms of security Google is okay afaik (don’t know about MS in this regard). In terms of Privacy however, using software from these companies is very dangerous. To recommend any software from them is really a bad advise,
Ah well, I also used Firefox for a long time and now have switched to Librewolf. It is good to have choices so anyone can choose what fits him best. In a world deprived of privacy there wouldn’t be choices.

I will speak from my personal opinion: I use many browsers in my life, I always try to divide my online activity, but the browsers I use the most are Brave and Librewolf. My experience with Librewolf has always been pleasant, and it has always fulfilled its purpose.

I consider that it should be included because, as it is studied in the link of interest that nobody accessed, this browser beats Firefox in privacy and security. Another reason why, I insist, it should be included (or at least mentioned within the Firefox section) in PrivacyGuides is its simplicity: by default, unlike Firefox, it is already prepared internally to protect the user’s privacy and security, something that any potential ignorant user who intends to access privacy tools would appreciate and prefer rather than having to inform himself and spend a lot of time understanding and configuring the browser. Another thing that I think is not being taken into account is that the Librewolf development team takes into account the Arkenfox user.js when configuring the browser internally.

I can understand a number of criticisms. It is clear that Chromium based browsers are more secure than Firefox based browsers, hence I usually recommend Brave over Librewolf. It is also true that for many it is much more interesting to configure your browser internally yourself, or rely on tools like Arkenfox, as they enjoy a reputation and in practice shows why they have it.
There are also somewhat questionable criticisms, such as that it depends on Firefox… yes, and Tor too, and Brave also depends on Chromium, and we do not rule them out.

My main point, and what I want to imply, is that new PrivacyGuides users, above all, what they are looking for are privacy tools, and Librewolf, whether we like it more or less, meets all the necessary features to be perfectly considered a privacy-oriented browser, and therefore, in addition to the features already described, I think it should be included in the list and make it known to those users interested in protecting their privacy, which is essentially the reason why PrivacyGuides exists.

2 Likes

The thing is, one cannot have privacy without security, and LibreWolf, being a fork of Firefox, is significantly less secure than Chromium browsers. For example, a browser that doesn’t send any telemetry or make any connections cannot be considered private if it doesn’t support site isolation or if it doesn’t have a sandbox at all. These security features are required for a private browsing experience as without site isolation, if I visited Privacy Guides and Google, Google could get information about my activities on Privacy Guides. Firefox-based browsers have site isolation now, but this feature is not black and white and Chromium does it better. This is why we don’t recommend minimalist browsers like Netsurf and Lynx, as they are much worse than Google Chrome due to their lack of security. But I digress.

Security should be one of the top priorities of PrivacyGuides along with privacy. Some support towards Firefox and LibreWolf is because it continues to support Manifest V2, which is bad for security, and because they don’t want Google dominating the web, they want to have a choice. This is just an excuse to promote insecure browsers and I believe sometimes you don’t have a choice. I get that people want freedom, but security is more important. It’s much saner to use Google Chrome (or Microsoft Edge if using Windows) and disable telemetry in chrome://settings.

The link of interest, Privacy Tests, only tests unmodified browsers. A hardened Firefox would likely perform just as well if not better than LibreWolf. Arkenfox isn’t even required to have basic privacy but it still improves the browser.

They still have to install and update the browser. On Windows, LibreWolf doesn’t automatically update nor does it notify users of new versions, which is a big red flag. Linux users have this less bad as they can install LibreWolf and get updates depending on how they install it. I can’t speak for macOS. Changing a few settings in about:preferences (Firefox) or chrome://settings (for Chrome and Edge) is very easy and provides enough privacy for most people.

1 Like

Its a great, all-around private browser by default, but im still an old school firefox user.

I partially disagree. It is true what you say, in the sense that Chromium browsers are better in security than those based on Firefox, I have not denied that at any time, but PrivacyGuides still recommends Firefox even if it is a more insecure browser than Chromium. It recommends to harden it, or put Arkenfox, but it is still Firefox, and Librewolf IS a Firefox already hardened, something that, I insist, those users who do not know how to harden it or do not want to spend much time would appreciate that it comes by default, and that is the goal of Librewolf.

Downloading and installing a browser is a simple task that I don’t know why you highlight. About the updates, I understand that it is a bad thing that does not receive updates automatically, but there are ways to fix it. The first one, if it were included in PrivacyGuides, would be to warn you with a red note, appealing to the user’s responsibility, but there is another much better solution: Recommend, together with Librewolf, the installation of this extension in it. I use this extension, and it helps a lot to keep your browser up to date, because it doesn’t automatically download the updates, but it does notify you. That may mean a couple of extra connections, but you gain in security.

I insist that I agree with you that a Chromium is preferable to a Firefox in terms of security, and it would be good if more projects like Brave or Iridium were born, that take a secure base and improve privacy, but I insist, Firefoxs are also browsers to consider, and if Firefox is recommended with some configurations, I do not see why Librewolf should not also be recommended with its corresponding configurations as well.

1 Like