Librewolf Browser (Firefox Fork)

That is because of privacy.resistFingerprinting.letterboxing, discussed here. This option is on by default with arkenfox, and provides more resistance to fingerprinting, although it can be overriden. We don’t recommend doing so because it does provide better protection to leave it enabled. Librewolf just doesn’t have it on by default.

Personally, I just resize my window so that I don’t see it anyway.

Out of the Firefox forks, Librewolf is one of the better forks, especially how it has come along, in terms of documentation, auto updates etc. As the configuration changes are fairly minor, they haven’t been falling behind upstream on new releases as far as I can see.

In my use case, I not trust my self I have enough ability to maintenance hardening Firefox(Firefox + arkenfox userjs). I choose Librewolf with Disabled Fingerprint settings as my “dirty browser”(look like regular browser), Mullvad as my “clean browser”(Default Settings).

I feel that this is not really the case, as far as I know LibreWolf only has a handful of contributors. I also don’t really feel it’s been demonstrated that Arkenfox is significantly worse to use.

macOS? And on Windows I don’t think the existence of third-party package managers like Chocolatey excuse actual automatic update functionality.

Have they though? The main reason (other than automatic updates which is perhaps still an even bigger issue) Librewolf was rejected is:

I also don’t really feel it’s been demonstrated that Arkenfox is significantly worse to use.

As someone who has never used Arkenfox before, I thought it’d be a good opportunity to go in blind as though I was setting it up for the first time. First thing I did was open up ddg and search for Arkenfox. This brings me to a github page, not a traditional website. As a software developer, it’s my personal experience that GitHub is not the most friendly to non-technical users. But let’s push on.

Second issue is a normal user will be looking for a download link. There doesn’t seem to be a “download” link anywhere on the page, but perhaps they get lucky and instead find “Releases.” Now they have a link to download a zip file called “source code.” Not quite what most users are looking for - they want an executable that’ll do everything for them.

Back on the main page, perhaps they get lucky and find a link to the wiki in the readme file. This takes them to this page discussing the user.js file, and immediately their eye gets drawn to the big code block showing how to write user_pref() declarations. This is arguably the worst place for non-technical users to end up, because many will either assume that if they even get this installed they will have to go through hours of lengthy customization work, maybe even in JavaScript, a language they may not read nor understand, or they think this is a guide for experts on how to create their own User.js file (which is sort of the case). Either way, it’s not where they want to be.

At this point the flow is mostly the same as though they had clicked WIKI at the top. They scroll through the page, find no “install” or “how to” link, give up, and install Chrome because it’s easy and doesn’t make their brain hurt.

People hate reading, and my example explores the journey of a user with a very generous amount of patience for a non-technical user trying to figure out technical things on their own. Many would not have made it this far.

Installing LibreWolf on the other hand is very easy for end users. Go to the website, click the big blue Installation button, click on their OS (probably Windows), and there’s a big blue Download button. No thinking involved and very minimal reading. At this point, a user will probably install the auto-updater too (especially if they click through the installer without reading anything), or perhaps they’ll opt to install the version from the Microsoft Store. Either way, they’re now using a browser comparable to FireFox + Arkenfox but in a way that’s much more user friendly, and one which will automatically update itself, even if it’s not in a way that we might call “ideal.”

macOS?

Yes, MacOS is supported.

And on Windows I don’t think the existence of third-party package managers like Chocolatey excuse actual automatic update functionality.

I just installed a fresh copy. It looks like there are now two options that do not require a third-party package manager:

1. Install a plugin, mentioned previously, which will notify you when updates are available.
2. Install librewolf-winupdate, which is officially recommended on their Windows Installation page and included in the Windows installer.

It seems they still lack a native auto-updater, and the root cause appears to be them trying to figure out how to get an update server to work using Mozilla’s documentation. In the mean time, even if we wouldn’t consider the available auto-update methods “ideal,” they do still work.

Do you have a citation/link to where they say this or might be working on adding this feature?

This claim is based off of a ten-month-old reddit post here. I have not taken any efforts to confirm Stanzabird’s place in the Librewolf project, just that they appear to be speaking from a position of authority on the matter:

https://www.reddit.com/r/LibreWolf/comments/y37qjq/autoupdate/isa5man/

Quote so people don’t have to go to reddit:

Hi all, this is a good place to chime in and talk about the progress I’m making towards the auto-update stuff.

So why hasn’t it materialized yet?

First, other stuff was more urgent. I’ve only in the last few weeks been able to cross-compile the Windows version from Linux. This was a big goal because nobody wants to deal with the problems of compiling LW on Windows itself.

So I’m mostly done with figuring out how to set up the update server, as per the mozilla guide for it. The process of generating the .mar files is done in this python script.

I would love to be able to make auto-updates possible on the Mac too, or at least write stuff in such a way that supporting it on macOS is not too different.

So how long will it take? I don’t know. There’s bugs I’ve not talked about. Once we’ve been able to update an experimental LW version on some throw-away update server, we’re mostly there.
– Stanzabird

Edit: they provide a dead link to the librewolf source. I cannot find a comparable mk.py file, but there does appear to be an update-version.py file that may be related.

While I have happily used LibreWolf for over a year, I’m content with it not being listed due to the lack of cross-platform automatic updates. However, the resistance I continue to see is perplexing.

LibreWolf needs less contributors than Brave because the scope is way smaller. Brave builds a ton on top of Chromium while LibreWolf mostly changes existing Firefox options. I don’t see how having fewer contributors changes the LibreWolf’s description as a mature and user-friendly browser.

I am also surprised by the implication that arkenfox is not significantly worse to use. The documentation literally has no installation instructions. I just re-read and confirmed the following steps are required and not explained in the documentation:

• Navigate to the Releases page
• Download and extract the Source code archive
• Navigate to about:profiles and open the current profile directory
• Move the user.js file to the root profile directory

Even if the documentation improves or someone makes it that far, there’s the ongoing maintenance work of manually editing prefs through text files, manually checking if there’s an update, then manually applying the update by running a shell script.

LibreWolf, by comparison, is installed as easily as any app, lets you set common overrides in the normal settings page, and doesn’t require any of the above maintenance. How is that not a significantly better experience?

The Windows Store is a first-party package manager, not a third-party one. Windows users no longer have to worry about LibreWolf updates. Don’t see why you’re singling out the Chocolatey option.

All in all, it seems the two reasons LibreWolf is not listed are still:

1. No automatic updates on all platforms
2. Potentially dangerous delay for updates

Since the discussion last year, the first point no longer applies to Windows. Thus the 75% of desktop users not using macOS or ChromeOS could reasonably be recommended LibreWolf.

The second point is overblown in my opinion. Anecdotally, LibreWolf reliably updates within 3 days of Firefox, usually less. I’m planning to make a chart showing LibreWolf’s update delay to settle this point one way or the other. Either way, that brief period of vulnerability seems only relevant to the more extreme threat models.

LibreWolf requires far less configuration than Firefox, for either private usage or DRM/WebGL/cookie riddled usage. It requires zero effort compared to arkenfox, for both installing and maintaining. It isn’t forced into Private mode compared to Mullvad browser, and is available in more Linux formats including Flatpak. The list could go on.

LibreWolf is simply the best option a lot of the time. Hopefully automatic updates on macOS aren’t too far down the road.

You can reuse the advisories and counts from my table: https://divestos.org/misc/ffa-dates.txt
But the dates there for Mozilla aren’t always the same as desktop edition.

1. No automatic updates on all platforms.

To add to your point, I think it’s worth mentioning that if you’re on Linux, you are probably very used to installing applications using the terminal. As such, regularly updating all packages should be something on the back of your mind. Some distros include tooling to automate this process for you. For instance, RHEL has dnf-automatic. On systems with a desktop environment, it’s highly likely their package manager app is doing this for them already and will prompt the user to update any out of date packages. I’d be surprised if some don’t allow automatic updates (even if that’s a feature I hear Windows users complain about).

I have no idea what things look like on the MacOS side.

You can use homebrew in macos to install LibreWolf and somewhat automate the update process.

Still, despite my love for Librewolf, I do agree that the lack of actually automatic updates is an issue. When I first discovered Librewolf I had no idea it wasn’t auto-updating, I assumed it would notify me every time I needed to update like Firefox and Tor do. I kept browsing on an outdated version for weeks…

Now I know I need to look out for updates, but I wasn’t always aware of that. My point is that for a lambda user, chances are very high that they’ll do the same mistake I did because nowadays you just assume that programs take care of of the update process (especially browsers). It isn’t immediately obvious that Librewolf needs to be manually updated; if you did not understand that while downloading it, nothing will remind you of it afterwards.

It isn’t immediately obvious that Librewolf needs to be manually updated; if you did not understand that while downloading it, nothing will remind you of it afterwards.

This is no longer the case unless you go out of your way to make it so. Assuming you’re on Windows, the the installer bundles librewolf-winupdate, as mentioned in a previous post of mine. You can choose to not install this, if you prefer, however there is no benefit to doing so.

That said, I’m not sure how this works in practice because I installed LW from Chocolatey.

I was talking from a MacOS perspective. Apart from using homebrew (which I assume is similar to chocolatey), Librewolf does not auto-update nor make it clear that it won’t.

but it does make it clear macOS Installation – LibreWolf

You can also install LibreWolf via a .dmg, but please note that this method requires to apply updates manually.

The first and recommended install method is using brew

yes, it can auto-update with homebrew, but because of the LibreWolf team’s decision not to pay Apple developer license, you have to disable the MacOS gatekeeper for it. Which is another security risk to be taken. It also happened to me that I had to disable GK after updating LW again. I use rather Arkenfox or Brave.

So it’s the typical apple fucking over everyone who doesn’t want to pay security ransom protection money, noted

It’s their decision which has unfortunate consequences for user who has to deal with using SW with crippled protection which is not needed with other browsers.
I completely understand why PG team don’t want to promote LW.

To not recommend it to an apple user is understandable. But it’s still Apple’s fault for basically forcing apps that doesn’t even go through the mac app store to be signed. Which is $100USD/yr to Apple when they don’t even host the app.

And ofc it’s marked not as “potentially unsafe”, but “broken”. Quite a scummy move, Apple

I (wrongly) though this place would be a good alternative to the Reddit’s privacy subreddit, but I guess I was wrong.

It easy to see that the team here has a decision made and they want everyone to follow their path, hence why it seems that everything is an excuse to avoid having LibreWolf on the guides. They will pick anything they can find just to backup their reason why the browser shouldn’t be listed.

If only LW had a search engine that sells data for AI training, or a VPN service being installed alongside it, it would probably made it into the list

I’m not sad… just disappointed!