Mullvad browser just seems superior in every way honestly I’m not sure what LW brings to the table. No point in listing a million Firefox forks, just keep Firefox itself and tor browser/mullvad browser.
Well, TB/MB don’t have builds for aarch64 Linux, so LW can be a shortcut for FF+AF in Linux VMs in a Mac. Just so we don’t say it brings absolutely nothing to the table lol.
If you disable telemetry, Pocket and WebGL and enable “Strict” Enhanced Tracking Protection and resistfingerprinting and change a few of the normal settings like the search engines in vanilla Firefox - what even is the difference to Librewolf then?
The only one I’m aware of that’s an actual improvement rather than just more private default settings is that Librewolf enables the JPEG XL feature which Firefox only has in the Nightly version. (Though it’s still behind a flag in about:config and has nothing to do with privacy or security.)
No. Mullvad and LW have two different purposes. You can’t keep logins in MB unlike LW.
1 Like
What’s wrong with regular Firefox for that purpose.
Of course you can. Just add an exception in “Delete cookies and site data when Mullvad Browser is closed”. You can even disable that option altogether if that’s what you want.
This entirely defeats the purpose of MB per my understanding. Mullvad browser relies on a “crowd” for users to blend in and take advantage of some claims for better privacy. The second you make an adjustment to the settings, you no longer fit within that crowd, and all anti-fingerprinting benefits are lost.
At that point, there’s no major benefit to using it over LibreWolf. Personally, the logo alone is enough to make the choice between the two from there.
In all seriousness though, I think Librewolf has merit over Mullvad. It’s less misleading to recommend it than Mullvad where you won’t be taking advantage of the purpose it was engineered for.
I don’t see why Librewolf shouldn’t be added, at least as a small card near the Arkenfox section where it’s explained as an option. I think it could very well be the best choice for many people.
This is nonsense: you can change pretty much everything not under site settings while not increasing your fingerprint. Clearing history upon close is not a flag that’s forward facing, i.e. it’s not revealed to other parties (local and offline). Using Librewolf on the other hand is about the worst you can possibly do when it comes to fingerprinting with Firefox.
Besides Mullvad already having Tor’s anti-fingerprinting & Arkenfox’s hardening, the maintainers have an incomparably better track record. In other words, there is zero point to using Librewolf!
3 Likes
Given that PG begins the whole Knowledge Base with a description of threat modeling, I take for granted that different users will have different needs and thus it makes sense to recommend tools that are not suitable for everyone. Its not necessary for Librewolf to be superior to Firefox + Arkenfox if it fits a different threat model or use case.
Most linux users for example will be using package managers, rendering the auto-update concern a moot point, and that is the strongest argument against Librewolf.
One of the most obvious advantages to Librewolf is that it insulates you from user error. Rather than needing to stay on top of whatever Firefox settings need to be changed, remembering what settings I have changed manually vs. defaults, keeping track of which of my computers have the settings implemented, and so on, I can just install one package. If Firefox updates in the future in a way that requires a new mitigation, I can assume that keeping Librewolf updated will take care of it, rather than needing to check and keep track of it manually.
Given that there are Auto Updaters for Librewolf, it seems like this could easily be mitigated with a strongly worded note.
In my use case, I have Librewolf as an alternate browser, for situations where my primary browser has problems (i.e. certain websites are broken).
1 Like
I mean, yes and no. Tools are not going to be recommended on Privacy Guides simply because a threat model they’d apply to conceivably could exist. All threat models are valid… but some threat models are out of scope for our coverage. Like we’re not going to recommend Microsoft Edge simply because someone might not care about Microsoft spyware for whatever reason, for example. I recently talked more about this here:
That being said, I agree it probably could be valid to list Librewolf. The use-case over hardening Firefox is still not entirely clear to me, is it just: people who don’t feel like reading the Arkenfox wiki and learning about how their browser works? 
4 Likes
I am not saying it’s bad or good, but stating that they cater to different needs.
I don’t use MB for logins, but that was one of the complaints I saw on Reddit. I am not sure if it’s possible to make MB to keep logins completely. Where is that option in the settings?
It’s exactly what I said: “Delete cookies and site data when Mullvad Browser is closed”. Just uncheck it and it should keep all logins. It should be under” privacy and security" I think.
I wouldn’t do it, though. There’s a “manage exceptions” button next to it. Just open it and add individual sites you want to keep logged in. All the others will forget you, which is what you want anyway.
I just wish they would copy Brave’s mechanism though. Instead of settings > privacy > manage exceptions you just click on the Brave button and click on a toggle.
Hmm I see, I didn’t realize that wasn’t a forward facing flag. In that case there’s nothing wrong with it I suppose.
Still, saying Librewolf is the worst for firefox fingerprinting is an exaggeration. A regular firefox install + arkenfox configured by the user would likely have far more variance in the settings people change, whereas in Librewolf one would generally only change some of the major settings made accessible in the UI by lw. Even if Librewolf has a smaller user base, I think it would even out. Besides, without serious effort put into fingerprinting protection like MB or Tor Browser, fingerprint protections are naïve at best. This is outlined clearly in the arkenfox wiki as well. I don’t think it’s worth being overly concerned with if you’re using something like vanilla FF or Librewolf to begin with.
I think the place to recommend Librewolf then is to users who don’t want to deal with the defaults of Mullvad as they aren’t as concerned with fingerprinting, which would require a little more work to disable, such as the window resizing to be similar accross all devices, restriction of fonts, etc. Stuff some people may find overly restrictive.
Otherwise I understand the points being made that MB is the best option here. I think mentioning Lw would be solely to provide an in between for people who wouldn’t put up with MB, or aren’t savvy enough or willing to configure arkenfox for vanilla FF.
That would be a valid group. Its the same reason one might not recommend Arch Linux to a general audience just because it could hypothetically be hardened more carefully than something else which is more hardened by default. Another example is someone who is managing a fleet of, say, 30+ computers who would not want to have to manually undergo the process of commissioning Firefox with custom configurations and keeping them up to date.
Plenty of users would also lack the confidence that they did the configurations correctly, since if you did it incorrectly it might be invisible to you as a user.
This is true.
Its not necessary for Librewolf to be superior to Firefox + Arkenfox if it fits a different threat model or use case.
This is true also. But the question is what threat model does it cater to that isn’t already well served by one of the existing recommendations?
My perspective is somewhat inline with @jonah’s, I don’t dislike Librewolf, I have it installed on my system, but I don’t really see a common threat model or use-case served by Librewolf that isn’t already served by at least one of the current recommendations.
Playing devil’s advocate (to what I just wrote above) If I were to make the case for Librewolf’s inclusion it would probably be that:
There are some cracks between the current offerings that Librewolf could potentiallly fill.
- There are probably at least some users who don’t want to contribute to the Chromium monoculture (which would rule out Brave Browser) or just don’t want to use Brave specifically.
- And also, are intimidated by or uninterested in the moderate learning curve and teach-a-(hu)man-to-fish approach of Arkenfox.
- And also don’t need (or aren’t willing to deal with) the strong anti-fingerprinting stance of Mullvad Browser and/or Tor Browser.
For this imagined users preferences, that leaves 2 remaining options in the current recommendations (#1) Firefox lightly hardened per PG guidelines (#2) Mullvad Browser (used “the wrong way”).
#2 is something PG probably shouldn’t recommend, even if there may be nothing fundamentally wrong with doing that in the right context, I think it would be hard to communicate in a way that didn’t cause confusion or give users a false sense of security/put less knowledgeable users near a slippery slope. But there is still option #1, lightly hardened Firefox, which is not intimidating to setup, provides moderately strong privacy, and promotes a bit more learning and knowledge compared to a pre-configured setup.
So that leaves just a little bit of daylight for Librewolf to potentially fill, for the sub-sub-sub niche of users who require simplicity out of the box, won’t consider Brave/Chromium, and want marginally more privacy than lightly hardened Firefox but marginally less rigid protection than Mullvad Browser.
But I’m skeptical that there are many users who really fall into that sub-niche. It seems the main attraction to Librewolf in practice is ‘Arkenfox but easy’ which is a totally valid personal preference but it isn’t really a threat model or use case.
4 Likes
This is actually part of the value that I see in the Arkenfox approach of using a config file (user.js) to define a custom configuration. The learning curve is a one time thing, once you understand how things work, its really pretty simple, and having a single pair of config files makes configurations really portable and reproducible. IIRC Firefox actually has purpose built functionality already built-in for the use-case you describe (a system administrator deploying a custom Firefox configuration across many systems), in fact I strongly suspect that is probably the mechanism that Librewolf uses to manage their own custom configuration. This piqued my curiosity so I’m going to look into that.
That would be a valid group. Its the same reason one might not recommend Arch Linux to a general audience just because it could hypothetically be hardened more carefully than something else which is more hardened by default.
The difference between AF and Arch, is that with AF you start out with a very hardened template. If you change nothing, you have very strong privacy and security by default. The customization of Arkenfox usually entails relaxing some settings to suit your preference, not hardening further. With Arch it is the opposite, learning how to secure your system is your own responsibility, and you are not starting from a place of strong security defaults.
Plenty of users would also lack the confidence
This is very valid and something I can empathize with, as I’ve been in that position many times. For those users I think lightly hardened Brave, lightly hardened Firefox, Mullvad Browser, and Librewolf are all valid options.
2 Likes
I’ve found Mullvad to be a lot more problematic than Librewolf. Limiting my options to watch videos through the browser is a huge thumbs-down. 
I haven’t tried Arkenfox yet.
I was watching Techlore’s “The Ultimate Guide to Firefox Hardening!” and came across “Why I Stopped Hardening Firefox.”.
Librewolf seems to be positively received and in the comments too.
What are the current thoughts on the regulars and privacy experts here as of this date on Librewolf?
Just use Tor Browser, Mullvad Browser, Firefox, and Brave.
5 Likes