Librewolf Browser (Firefox Fork)

Its Easy. Librewolf stores all data in a firefox profile. You just import that profile into firefox.

There are no automatic updates, which is a security risk.

This is a serious concern, and probably enough for LibreWolf to not be recommended by Privacy Guides.

I agree that this is the most important reasons why I’m wary about considering Librewolf for recommendation at this time.

Basic features such as easy (that includes automatic) updates are essential to keeping our readers secure. Firefox does that for them on Windows, macOS, and the Linux distributions we recommend are generally good about keeping Firefox up to date.

The moment updates become a manual thing, the person using that software has to start keeping track of things. We want to minimize this, as it is an important part to making privacy and basic security practices (keeping up-to-date) accessible and easy to accomplish.

However, I would suggest that it deserves something like an “honorable mention” slot. When automatic updates are available, such as on Linux via flatpak, it matches or outclasses Firefox in every way; save for the slight delay in updates. Everything can be configured the same way as Firefox, but LibreWolf is far more convenient and minimal. People learning from this site deserve to know about LibreWolf and the conditions that make it viable.

I would not be comfortable with an “honorable mention”. Privacy Guides, in previously iterations, has historically had a “worth mentioning” section which was scrapped because it made no sense. Either we recommend something and can provide concrete reasons as to why, or we shouldn’t recommend it at all.

I must have been remembering such sections when I made the suggestion, but it makes sense that we would stop using them.

Perhaps we could format the browser pages as something more like the Email Clients page, where we give general as well as platform-specific recommendations all in one place. LibreWolf could be a recommendation for Linux, where automatic updates are possible.

Such a reformatting could even allow for combining the Desktop and Mobile Browser pages. It could also naturally allow for something like a Microsoft Edge recommendation for Windows, given its apparently desirable security features.

But I understand if that is too big a task just an idea

The issue is not that it is too big a task, but that it is not really desirable.

For context, we used to have desktop and mobile browsers in the same page, as well as our Tor-related recommendations (which now have their own page in the Internet Browsing section).

There is thought being put into actually streamlining the email clients page as well.

Perhaps we could format the browser pages as something more like the Email Clients page, where we give general as well as platform-specific recommendations all in one place. LibreWolf could be a recommendation for Linux, where automatic updates are possible.

My thought process is this:

If there is a cross-platform option that provides the same benefits, that is the option that we should opt for. So, if Thunderbird, for instance, doesn’t have any privacy or security disadvantages, I would argue that the Linux-specific options should be removed, and Thunderbird should become the primary email client recommendation.

This is getting a bit off-topic, so I’ll leave that there, but hopefully that provides a little bit more context from the perspective of how we want to evaluate recommendations and present them on the website.

Librewolf is a little bit different, but it’s roughly the same.

You can just use Firefox Sync, as it is e2ee. You enable it on LW

I quite agree with you, but don’t forget that being behind updates for maxium 3 days (which is the case for LW) is OK most of the time, depending of your Threat Model obviously. IMHO, if you have basic threat model like mine (limiting data harvesting, tracking collection and basic virus/hackers/things). Using Firefox or Librewolf will just be a matter of preference.

True, but most people are not going to use package managers or the LibreWolf updater. The fact that it does not automatically update by default makes it a questionable browser for newcomers.

Is there something wrong with Librewolf?
No mention of it on Desktop Browsers - Privacy Guides

Librewolf is basically just Firefox with arkenfox and uBlock Origin preinstalled. You can achieve all of this easily on regular Firefox and don’t have to trust another party (in that example: the Librewolf team) to release updates to the browser.

Previously discussed Librewolf Browser (Firefox Fork)

and Add Librewolf · privacyguides · Discussion #206 · GitHub

that whole “ublock origin increases attack surface” argument is massively flawed, a lot of the time i see people backing it up with a theoretical (had never actually been exploited in the real world), article from portswigger where he managed to implement a keylogger via a filter list. However, that’s long been patched and whats important is that ublock origin reduces attack surface far more than it does increase it. Not having it on purpose for the claim of “better security” when in reality you’re harming it, and privacy, is just stupid.

I tried to solve some Arkenfox issues with my install, soften and automation script but its still more efford than Librewolf.

I think its the best browser for normal users. If normal means “wants to play online games on shady popup ad sites that even break on Vanilla FF with privacy settings hard” thats not a good experience at all.

On normal Firefox just create an insecure vanilla profile and your ready. I guess on Librewolf every profile will be hardened.

Also Librewolf disables FF sync, which I really like for non critical passwords. Its E2EE too… there is just one about:config to change.

But the first issue may be a problem.

I think such a setup script is nessecary, as the Arkenfox team will not remove features and systemd integration is important. Its only Linux at the moment, I would be happy about a Windows and mac version!

Again, theoretical issue and future uncertainty is valued too high on PG, while current state of sotware is underlooked.

Saying “again” in your first post in a thread is certainly a bold choice. We recommend uBlock Origin on the site.

This “again” here is for reflecting that common ideology holds by several forum members across posts, especially those with Firefox, Librewolf versus Brave, instead of restating anything previously said in this thread.

Meanwhile, originally as a reply to a thread, I acknowledged the recommendation of uBO as officially endorsed by PG but instead was replying to the opinion of “ublock origin increases attack surface”.

I apologise for lack of clarity in my precise statement.

The issue with future uncertainty is that some reader will only visit our site when newly setting up their PC, not following the news, and blindly downloading the recommended software.

This way they may download software that ends up being abandoned after a few months, which leaves them without security updates.

This is why we want to only recommend software where the chance is very high that it will be around in a few years, whenever we have the luxury of choice.

Btw I tried winget for the first time and it kinda solves the issue of librewolf not updating by itself.

Though there are still the other issues that you mentioned.

“An attempt to make (automatic) updating of LibreWolf for Windows much easier (mirror on GitHub). Can be used for installed and portable instances.”

Windows Installation – LibreWolf
ltguillaume/librewolf-winupdater

As far as I have tested, it works, and it is already integrated into the LibreWolf installation. One less excuse to avoid putting in PrivacyGuides a browser that clearly DESERVES to be in this list. You should just clarify on the web, as you do with other browsers, the relevant settings that the browser requires to protect correctly or mostly the privacy of its users, in this case (perhaps among other things) that in the installation process they should activate the updater.

I also think it should be recommended as well now, I think LibreWolf is still a great option and at least according to the site PrivacyTests.org it is neck to neck with Mullvad Browser, which is recommended, but without the awkward grey borders that drive me nuts lol.