Librewolf Browser (Firefox Fork)

It’s their decision which has unfortunate consequences for user who has to deal with using SW with crippled protection which is not needed with other browsers.
I completely understand why PG team don’t want to promote LW.

1 Like

To not recommend it to an apple user is understandable. But it’s still Apple’s fault for basically forcing apps that doesn’t even go through the mac app store to be signed. Which is $100USD/yr to Apple when they don’t even host the app.

And ofc it’s marked not as “potentially unsafe”, but “broken”. Quite a scummy move, Apple

3 Likes

I (wrongly) though this place would be a good alternative to the Reddit’s privacy subreddit, but I guess I was wrong.

It easy to see that the team here has a decision made and they want everyone to follow their path, hence why it seems that everything is an excuse to avoid having LibreWolf on the guides. They will pick anything they can find just to backup their reason why the browser shouldn’t be listed.

If only LW had a search engine that sells data for AI training, or a VPN service being installed alongside it, it would probably made it into the list :wink:

I’m not sad… just disappointed!

2 Likes

Mullvad Browser does not come with Mullvad VPN in any way.
And it is largely entirely maintained by Tor Project and based off of Base Browser which is the same base as Tor Browser.

2 Likes

What makes you say that?

I think not adding LibreWolf is pretty understandable when Mullvad Browser is essentially LibreWolf but better.

I was hoping for some impartiality, but Im not seeing it.

Could we please stop with the Mullvad, its better preach? This is not a true fact. Whats the point of having the Mullvad Browser Extension enabled by default? Just to let me know that I don’t have the VPN connected? I dont need this kind of advertising.

This community adapts the music to suit its needs. I’ve seen a member of the team use an excuse like it’s easier for any user, when recommending Brave, but somehow he forgot that Mullvad only supports 64bit systems? LibreWolf also supports 32bit alongside 64. They are not the same!

In this case, LibreWolf would be the easier option, since a normal user would not even know the difference between x86 and x64.

1 Like

It isn’t? In what ways do you find LibreWolf to be better?

Who cares? It’s a 637 kB addon. I’ve never once even noticed it’s running. If you want to judge them for something, judge them for not inviting PrivateVPN and co to the proxy party.

32-bit users are a dip in the ocean today. Do you really think 32-bit support in the year 2023 should be an advantage worth taking into consideration?

You seem to be trolling at this point. In what world is LibreWolf the easier option? Mullvad Browser has an automatic updater by default. LibreWolf doesn’t. It’s really not harder than that.

I can see a future with LibreWolf in it, if it wasn’t an “everything is deleted on shutdown” browser it would definitely fill a hole as a more privacy conscious Firefox, but as it is now it’s a lesser Mullvad Browser.

That’s how I’m using LibreWolf, personally. I’m writing from it at this very moment, in fact.

3 Likes

I don’t think so… I think they are identical. I don’t see one better than the other one.

Honestly, I’m not going to waste any more time with you or your comments (aside from this one), because you’re insinuating that I’m trolling just because you don’t like my opinion.

Is that your argument? So now the size of the add-on matters? Was not okay if it was 1024Kb?
And you never noticed it? It was the first thing I notice after installing it.
That’s very ironic when you think I’m the one trolling.

I know that 32-bit users are almost extinct. But, if you have two equal products, and one of them supports a function that the other one doesn’t (even if it’s meaningless) shouldn’t it be considered an advantage? So what is it? How does having backwards compatibility supports harms you?!

Automatic updater by default is indeed an advantage. But, it seems to me that it’s the only relevant option, and you guys grab into it like if it was the holy grail.

fwiw, 32-bit programs are directly less secure than 64-bit programs, as numerous security features/mitigations cannot be used due to the smaller address space and fewer available registers.

also I have a handful of laptops from 2007, every single one is 64-bit

1 Like

If LibreWolf is 99% the same as MB then MB is 1% better.

I’m insinuating that you’re trolling because your so called “opinions” come off as shilling and strawmanning. Normally, a person can write something more convincing than “32-bit support and a 637 kB addon is BAD” when asked for reasons why LW is better than MB.

It doesn’t. It’s just that 32-bit support just isn’t as appealing as the superior update speed of MB, for example. If you want a privacy-oriented browser then you presumably want it to be secure as well.

PrivacyGuides exists to give normal users easy options.

The average user isn’t going to set up an automatic updater. It’s not happening.

3 Likes

I know some of the advantages of x64 systems, since I started using them with Win XP 64-bit Edition.
I’m not surprised you have laptops that support x64, I also do. But you would be surprised by how many apps you use, that still use x86 libraries or executables, especially on Windows (given that Apple killed x86 support with Catalina).

I’ve heard that argument before, but I’ve never seen any evidence of that claim (I’m not saying they don’t exist). The only thing I found was an ancient article from Ars Technica, and that’s it.

But if you have further information about that, please share it (I’m not being sarcastic/ironic, btw).

I don’t have a single 32-bit package on any of my servers or workstations (rpm -qa | grep -i 686).

Here is an old but relevant real world study which covers how easy it is to break ASLR under 32-bit: https://www.blackhat.com/docs/asia-16/materials/asia-16-Marco-Gisbert-Exploiting-Linux-And-PaX-ASLRS-Weaknesses-On-32-And-64-Bit-Systems-wp.pdf

It is also quite common for CVEs to be much worse under 32-bit.
eg. under 32-bit this was a full KASLR bypass: oss-security - CVE-2021-34693: Infoleak in CAN BCM protocol in Linux kernel

And some other notes: architecture - Security considerations of x86 vs x64 - Information Security Stack Exchange

2 Likes

If there was a better option for normies I’d be standing in line to replace Brave with that.

There isn’t though.

Much appreciated. That was insightful. I’ll read the first PDF with more detail.

Correct me if I am wrong, but it appears that those weaknesses are more vulnerable on a non-x64 kernel. Isn’t it different from executing an x86 app on a x64 kernel?

I ran dpkg-query -l | awk '$4 != "amd64" {print $0}' and I have many apps that they aren’t 64bit only, they have the flag all. AFAIK, they include all kinds of architectures, including x86 ones. I consider these also 32bit apps (alongside x64). I think you might also have those in yours.

No.
Running a 32-bit program on x86_64 has the same issues.

I don’t know why you think i686 is mandatory in 2023:

rpm -qa | grep -v -e x86_64 -e noarch 
gpg-pubkey-eb10b464-6202d9c6
gpg-pubkey-d651ff2e-5dadbbc1
gpg-pubkey-dbf5b694-5fcb6b87
gpg-pubkey-18b8e74c-62f2920f

all/noarch means that it isn’t machine specific code, it is either JITed/python/java/js/etc or it is non-executable like config files or assets.

Most distros don’t even support installation on 32-bit systems.

edit:
just to be clear
i386 is from 1985
i686 is from 1995
x86_64 is from 1999

4 Likes

This is interesting. Bit off topic i think but thank you for sharing these links. I didn’t know about those. Now I have even more arguments to make people use x64

2 Likes

So, today Mozilla released a new Firefox version (119), and out of curiosity I decided to check on how does Librewolf took the last time to update it, and I compared it to Mullvad Browser, since there are a few people here that seem to have an erection when they talk about that browser.

Mozilla released FF 118.0.2 and ESR 115.3.1 on the 10th of October.
Librewolf which is based on the non-esr version, got updated on the 12th of October (so, two days after).
Mullvad Browser 13, which seems to be based on the ESR version of FF (this by itself makes them a bit different, but okay), was updated on the 13th of October (so, three days after).

I guess that the speed of the updates is not so relevant in this case, right? :wink:

1 Like

Mullvad Browser is based on Tor Browser and not Firefox ESR, so that’s not really the comparison you’d have to make.

The distinction is important even though Tor Browser is built on the same codebase as Firefox ESR, because Tor Browser receives privacy & security features ahead of Firefox in some cases (which is why the Tor uplift project exists at Firefox), and Tor has their own auditing process for new browser features in addition to Mozilla’s work anyways, which means that new browser features from Mozilla don’t even get enabled in Tor (WebAuthn, for example) until they go through a separate review process on Tor’s end.

All of this is covered in our extensive Mullvad Browser discussions :slight_smile:

5 Likes

Mullvad Browser is basically Tor Browser, but it doesn’t route traffic through Tor. You can choose to just use it as it is or use a VPN to try to blend in with other people that use that same VPN with Mullvad Browser.

Librewolf is basically a worse version of Mullvad Browser, and there is no reason to recommend it, especially when it doesn’t even have automatic updates.

Unless someone will explain to us the benefits of Librewolf over other options, which can even outweigh the lack of automatic updates, Librewolf will not be recommended.

You also can’t directly compare regular ESR to Base/Tor/Mullvad Browser ESR, as they regularly backport fixes from newer Firefox versions.

1 Like