Librewolf Browser (Firefox Fork)

Mullvad Browser does not come with Mullvad VPN in any way.
And it is largely entirely maintained by Tor Project and based off of Base Browser which is the same base as Tor Browser.

What makes you say that?

I think not adding LibreWolf is pretty understandable when Mullvad Browser is essentially LibreWolf but better.

I was hoping for some impartiality, but Im not seeing it.

Could we please stop with the Mullvad, its better preach? This is not a true fact. Whats the point of having the Mullvad Browser Extension enabled by default? Just to let me know that I don’t have the VPN connected? I dont need this kind of advertising.

This community adapts the music to suit its needs. I’ve seen a member of the team use an excuse like it’s easier for any user, when recommending Brave, but somehow he forgot that Mullvad only supports 64bit systems? LibreWolf also supports 32bit alongside 64. They are not the same!

In this case, LibreWolf would be the easier option, since a normal user would not even know the difference between x86 and x64.

It isn’t? In what ways do you find LibreWolf to be better?

Who cares? It’s a 637 kB addon. I’ve never once even noticed it’s running. If you want to judge them for something, judge them for not inviting PrivateVPN and co to the proxy party.

32-bit users are a dip in the ocean today. Do you really think 32-bit support in the year 2023 should be an advantage worth taking into consideration?

You seem to be trolling at this point. In what world is LibreWolf the easier option? Mullvad Browser has an automatic updater by default. LibreWolf doesn’t. It’s really not harder than that.

I can see a future with LibreWolf in it, if it wasn’t an “everything is deleted on shutdown” browser it would definitely fill a hole as a more privacy conscious Firefox, but as it is now it’s a lesser Mullvad Browser.

That’s how I’m using LibreWolf, personally. I’m writing from it at this very moment, in fact.

I don’t think so… I think they are identical. I don’t see one better than the other one.

Honestly, I’m not going to waste any more time with you or your comments (aside from this one), because you’re insinuating that I’m trolling just because you don’t like my opinion.

Is that your argument? So now the size of the add-on matters? Was not okay if it was 1024Kb?
And you never noticed it? It was the first thing I notice after installing it.
That’s very ironic when you think I’m the one trolling.

I know that 32-bit users are almost extinct. But, if you have two equal products, and one of them supports a function that the other one doesn’t (even if it’s meaningless) shouldn’t it be considered an advantage? So what is it? How does having backwards compatibility supports harms you?!

Automatic updater by default is indeed an advantage. But, it seems to me that it’s the only relevant option, and you guys grab into it like if it was the holy grail.

fwiw, 32-bit programs are directly less secure than 64-bit programs, as numerous security features/mitigations cannot be used due to the smaller address space and fewer available registers.

also I have a handful of laptops from 2007, every single one is 64-bit

If LibreWolf is 99% the same as MB then MB is 1% better.

I’m insinuating that you’re trolling because your so called “opinions” come off as shilling and strawmanning. Normally, a person can write something more convincing than “32-bit support and a 637 kB addon is BAD” when asked for reasons why LW is better than MB.

It doesn’t. It’s just that 32-bit support just isn’t as appealing as the superior update speed of MB, for example. If you want a privacy-oriented browser then you presumably want it to be secure as well.

PrivacyGuides exists to give normal users easy options.

The average user isn’t going to set up an automatic updater. It’s not happening.

I know some of the advantages of x64 systems, since I started using them with Win XP 64-bit Edition.
I’m not surprised you have laptops that support x64, I also do. But you would be surprised by how many apps you use, that still use x86 libraries or executables, especially on Windows (given that Apple killed x86 support with Catalina).

I’ve heard that argument before, but I’ve never seen any evidence of that claim (I’m not saying they don’t exist). The only thing I found was an ancient article from Ars Technica, and that’s it.

But if you have further information about that, please share it (I’m not being sarcastic/ironic, btw).

I don’t have a single 32-bit package on any of my servers or workstations (rpm -qa | grep -i 686).

Here is an old but relevant real world study which covers how easy it is to break ASLR under 32-bit: https://www.blackhat.com/docs/asia-16/materials/asia-16-Marco-Gisbert-Exploiting-Linux-And-PaX-ASLRS-Weaknesses-On-32-And-64-Bit-Systems-wp.pdf

It is also quite common for CVEs to be much worse under 32-bit.
eg. under 32-bit this was a full KASLR bypass: oss-security - CVE-2021-34693: Infoleak in CAN BCM protocol in Linux kernel

And some other notes: architecture - Security considerations of x86 vs x64 - Information Security Stack Exchange

If there was a better option for normies I’d be standing in line to replace Brave with that.

There isn’t though.

Much appreciated. That was insightful. I’ll read the first PDF with more detail.

Correct me if I am wrong, but it appears that those weaknesses are more vulnerable on a non-x64 kernel. Isn’t it different from executing an x86 app on a x64 kernel?

I ran dpkg-query -l | awk '$4 != "amd64" {print $0}' and I have many apps that they aren’t 64bit only, they have the flag all. AFAIK, they include all kinds of architectures, including x86 ones. I consider these also 32bit apps (alongside x64). I think you might also have those in yours.

No.
Running a 32-bit program on x86_64 has the same issues.

I don’t know why you think i686 is mandatory in 2023:

rpm -qa | grep -v -e x86_64 -e noarch 
gpg-pubkey-eb10b464-6202d9c6
gpg-pubkey-d651ff2e-5dadbbc1
gpg-pubkey-dbf5b694-5fcb6b87
gpg-pubkey-18b8e74c-62f2920f

all/noarch means that it isn’t machine specific code, it is either JITed/python/java/js/etc or it is non-executable like config files or assets.

Most distros don’t even support installation on 32-bit systems.

edit:
just to be clear
i386 is from 1985
i686 is from 1995
x86_64 is from 1999

This is interesting. Bit off topic i think but thank you for sharing these links. I didn’t know about those. Now I have even more arguments to make people use x64

So, today Mozilla released a new Firefox version (119), and out of curiosity I decided to check on how does Librewolf took the last time to update it, and I compared it to Mullvad Browser, since there are a few people here that seem to have an erection when they talk about that browser.

Mozilla released FF 118.0.2 and ESR 115.3.1 on the 10th of October.
Librewolf which is based on the non-esr version, got updated on the 12th of October (so, two days after).
Mullvad Browser 13, which seems to be based on the ESR version of FF (this by itself makes them a bit different, but okay), was updated on the 13th of October (so, three days after).

I guess that the speed of the updates is not so relevant in this case, right?

Mullvad Browser is based on Tor Browser and not Firefox ESR, so that’s not really the comparison you’d have to make.

The distinction is important even though Tor Browser is built on the same codebase as Firefox ESR, because Tor Browser receives privacy & security features ahead of Firefox in some cases (which is why the Tor uplift project exists at Firefox), and Tor has their own auditing process for new browser features in addition to Mozilla’s work anyways, which means that new browser features from Mozilla don’t even get enabled in Tor (WebAuthn, for example) until they go through a separate review process on Tor’s end.

All of this is covered in our extensive Mullvad Browser discussions

Mullvad Browser is basically Tor Browser, but it doesn’t route traffic through Tor. You can choose to just use it as it is or use a VPN to try to blend in with other people that use that same VPN with Mullvad Browser.

Librewolf is basically a worse version of Mullvad Browser, and there is no reason to recommend it, especially when it doesn’t even have automatic updates.

Unless someone will explain to us the benefits of Librewolf over other options, which can even outweigh the lack of automatic updates, Librewolf will not be recommended.

You also can’t directly compare regular ESR to Base/Tor/Mullvad Browser ESR, as they regularly backport fixes from newer Firefox versions.

Okay, fair enough!

It doesn’t out-of-the-box.
You can save the Uno Update card, since you know perfectly well that there are options to deal with that: updater tool, chocolatey, Windows Store (yeah this sucks).

The question is not if there are benefits (probably there are), it’s more of: if we find them, will you accept them?

I have a feeling that you won’t (I might be wrong), but it will be a matter of time until we find the answer for that.
It’s not a matter if Librewolf deserves to be on the list or not, it’s if the team has the user’s best interests in mind or their own. This is the answer we all should be looking for

Quote from another thread which is relevant:

Also here’s the other thing with automatic updates, they’re not an impossible challenge for LW. You know how I know this? Because literally every other browser we recommend can do it. IMO, LW simply just isn’t taking the time to do things properly, which is their prerogative, but it doesn’t mean we have to like it (and clearly most people here don’t like it).

It doesn’t come down to any one person’s thoughts.

TBH, we make these decisions largely based on whether the community as a whole feels that we should add a recommendation, and like it or not you’re simply in the minority here, so yes if you want to change the community opinion of LW you’re going to have your work cut out for you.

I don’t agree with this characterization or comparison. Mullvad Browser–like Tor Browser–has a very specific use case it is intended for, it serves that purpose well but it is not intended to be used the way that the vast majority of people use their web browser.

For this reason, in my eyes it is not the right browser to be comparing to Librewolf which is designed for a different and broader scope of use. If you want to argue Librewolf shouldn’t be listed (an argument that I am sympathetic to, but not 100% onboard with), I think you should be comparing it to PG’s other recommendations (Firefox + Arkenfox, or Brave) which have a much more similar scope of use to librewolf than Mullvad Browser does in my opinion.

*For users of a certain proprietary operating system.

If you use any of the OSes recommended by privacy guides (or any Linux distro for that matter) it receives automatic updates like any other flatpak does.