Librewolf Browser (Firefox Fork)

Hi. I’m just going to quickly interject here to mention that Privacy Guides team members have a “Team Member” title next to their name (you’ll notice that I do). This is how you can tell if a forum member is part of the team or not.

3 Likes

Ah, good to know.

If he was a member of your teams I would have immediately left this forum and would start a warning campaign against it I guess.
The man has no clue about privacy and gives fierce-fully privacy-wise -very- dangerous advise. Very bad advise lots people will read on this Privacy forum.

Thanks for your reply. I will ignore his posts from now on. I can only hope you keep this forum a real privacy-minded forum.

Since I don’t think anyone responded to this, I’ll chime in to point out that this isn’t actually true. This is the entire reason we recommend Arkenfox+Firefox instead of Librewolf: Arkenfox is a collection of modifications you make to your Firefox preferences, but you’re still using Firefox and you’re getting updates (security patches, etc.) directly from Mozilla. With Librewolf you’re waiting for those updates from Mozilla to be merged into Librewolf’s code and released by the Librewolf devs.

For this reason, I agree with @bayesian in that I also don’t really see why Librewolf would be preferable to Arkenfox, which seems to do much the same stuff without forking the project. Maybe we should highlight Arkenfox more on the page?

7 Likes

Hi Jonah. Thanks for your comment. I’m not entirely convinced by the argument, because at the end of the day, Firefox is releasing updates, and it is possible that over time new privacy/security features will emerge in the browser, and if Arkenfox does not update the user.js according to those new features, or if it stops supporting those settings, the counter-criticism falls by itself. On the other hand, as for the criticism about the time that occurs between Mozilla releases new versions of Firefox and the Librewolf team releases the corresponding version of your browser, at least on Windows and Linux, these times are always around 1~3 days, a really small time considering that the team has one developer per platform, although it will be long to meet your demands. The only criticism that I see relatively valid (although I personally always like to appeal to the individual responsibility of the user) is that the program does not update automatically on Windows. Anyway, and seeing that my proposal was rejected, I would like to thank you for the time you have dedicated to this thread. I will keep looking for tools and ideas to contribute to PrivacyGuides. Best regards.

1 Like

It’s ok to stay behind updates with Arkenfox, not with Firefox.

You’re correct in that future privacy settings will not be configured, however you are guaranteed to receive future privacy-related features and security updates provided by Mozilla immediately as they are released. On the other hand, Librewolf guarantees that all updates will have their privacy settings configured by default by Librewolf developers, however you are not guaranteed upstream features and security updates in a timely manner… 1-3 days is not usually significant, although it can be, and it’s never guaranteed to be that short of a turnaround. IIRC Librewolf fell behind on updates for longer than that at one point.

It is definitely a trade-off either way you go, I think our preference is just for the former over the latter.

4 Likes

Well, I don’t agree. I feel more confident if I know that there is a team of developers actively updating and improving a browser than with a configuration file that may be out of date. But I guess it’s a matter of perceptions or preferences.

I understand. Anyway, thanks for your time, and as I said:

Best regards.

1 Like

It’s not very healthy to never confront different points of view on the same subject and to be unable to do any questioning.
You want to propose to delete the applications recommended on the site that have the same mentality?

Also, this is a very ironic speech on a topic that talks about “freedom”…

1 Like

I prefer to know there is a team of developers actively patching security on their own browsers than a team of developers actively trying to be update. (Don’t say what I haven’t said, Arkenfox and Librewolf are great projects, I just personally prefer having an up to date browser than a custom browser that I can forget to update imho)

I’m sorry if I misunderstood your words, my English is terrible and I’m using a translator, so I can’t guarantee that I can understand or send messages 100% faithful to what they say or what I want to say. My apologies for that, and for the record I am not trying to say that Arkenfox is a bad project. It is simply a matter of preference, and above all, I defend freedom. Best regards.

3 Likes

No problem mate, I was just insisting the fact that I’m no trying to be hateful about other projects.

At the end, it’s always the end user’s choice. We just need to guide people in the “right” direction.

1 Like

So It is just a matter of preference to use Librewolf as compared to firefox with arkenfox?

1 Like

In essence, yes. Both have their advantages and disadvantages.

2 Likes

You are right. I was just afraid the admins of this Privacy forum would advise the use of Google software and oppose against de-Googling. That was luckily not the case, so I am relieved.
I was not ironic btw, I was shocked and I don’t want to delete anything.

1 Like

It appears a decision has been made, but as a LibreWolf enjoyer I wanted to respond to the dialogue I’m seeing here. I’m also no expert so please correct me if I misspeak.

Firstly, please stop comparing LibreWolf to Chromium based browsers. If LibreWolf is too insecure to recommend simply because it’s not Chromium, then so is Firefox. And if Firefox is secure enough to recommend, then a fork like LibreWolf must make significant enough regressions to lose that status.

So then, what exactly are the downgrades LW makes from FF? Here’s the main points I see brought up here, and my response to each:

  • it bundles uBlock Origin, which uses Manifest v2 and increases attack surface.

Ignoring the fact that the arkenfox project (which I see cited here as the alternative to using LW) profusely recommends using uBO, removing it is a simple 2-click process if you don’t want it. Many necessary security settings for FF, such as enabling HTTPS everywhere, are harder and more hidden than that. Also, after removing uBO, any Manifest v2 extensions must be added manually, so any risks around that apply to FF as well.

  • [Insert setting here] isn’t set properly by default (Google Safebrowsing, etc).

By definition, this can be changed by the user. FF requires changing preferences as well – arguably far more extensively – so this criticism doesn’t hold up if FF is to be recommended.

  • Being a software fork, it will be behind in updates, which is a security risk.

This is a valid concern, and the most we can ask for is a dev team that proves their ability to push timely updates. Projects like Brave or Vanadium have proven themselves, so we carefully recommend them.

That said, I’m tired of this FUD that LW can’t be trusted with updates. I sometimes see it suggested but never justified. My lazy searching found that the LW flatpak was updated within 1 day of the current FF update, which seems reasonable to me. I’m not saying I’m certain that the LW devs have never fallen behind on updates, I just asking the people who do say so to back up their claims.

  • There are no automatic updates, which is a security risk.

This is a serious concern, and probably enough for LibreWolf to not be recommended by Privacy Guides.

However, I would suggest that it deserves something like an “honorable mention” slot. When automatic updates are available, such as on Linux via flatpak, it matches or outclasses Firefox in every way; save for the slight delay in updates. Everything can be configured the same way as Firefox, but LibreWolf is far more convenient and minimal. People learning from this site deserve to know about LibreWolf and the conditions that make it viable.

5 Likes

It is literally what I think, but with more information. My respects :place_of_worship:

1 Like

Exactly What I feel. You have perfectly written what was on my mind!!

1 Like

Its Easy. Librewolf stores all data in a firefox profile. You just import that profile into firefox.

1 Like

There are no automatic updates, which is a security risk.

This is a serious concern, and probably enough for LibreWolf to not be recommended by Privacy Guides.

I agree that this is the most important reasons why I’m wary about considering Librewolf for recommendation at this time.

Basic features such as easy (that includes automatic) updates are essential to keeping our readers secure. Firefox does that for them on Windows, macOS, and the Linux distributions we recommend are generally good about keeping Firefox up to date.

The moment updates become a manual thing, the person using that software has to start keeping track of things. We want to minimize this, as it is an important part to making privacy and basic security practices (keeping up-to-date) accessible and easy to accomplish.

However, I would suggest that it deserves something like an “honorable mention” slot. When automatic updates are available, such as on Linux via flatpak, it matches or outclasses Firefox in every way; save for the slight delay in updates. Everything can be configured the same way as Firefox, but LibreWolf is far more convenient and minimal. People learning from this site deserve to know about LibreWolf and the conditions that make it viable.

I would not be comfortable with an “honorable mention”. Privacy Guides, in previously iterations, has historically had a “worth mentioning” section which was scrapped because it made no sense. Either we recommend something and can provide concrete reasons as to why, or we shouldn’t recommend it at all.

5 Likes