This should be seriously considered again, as it looks like Mozilla will just continue to add garbage to their browser with every release and most people can’t be bothered to manually check for updates and update arkenfox every time FF updates, and If you’re outside of Linux and have autoupdates enabled then you can’t even check for things before they shove it down your throat. Librewolf at least always ensures that the garbage is disabled.
5 Likes
While I disagree with your characterization (here’s why) I think what you are advocating has some validity, particularly for the subset of people who (1) want Firefox, but (2) don’t want to actively manage their browser / keep up with changes (3) choose to trust the people behind Librewolf more than (and in addition to) Firefox and (4) aren’t willing to use Mullvad Browser for whatever personal reasons.
But why recommend Librewolf in addition to Mullvad Browser, considering that Mullvad Browser is planning to implement a ‘Persistent Mode’. In light of that, is there a compelling reason to recommend Librewolf and not just stick with the current recommendations, and wait for that feature to land in MB?
(edit: not trying to be dismissive of the proposal btw, the question at the end of the last paragraph is earnest and open, not rhetorical)
2 Likes
I quite approve of what I read but I think everyone has “a few different reasons” for preferring LibreWolf to Mullvad. For example I care almost nothing about “Persistent Mode” but I miss two things for which I prefer LibreWolf:
- The ability to install extensions such as Proton Pass.
- the ability to enable Firefox Sync
Best alternative would be Brave but I prefer to use a non-Chromium engine.
3 Likes
While it’s a good browser, MB shares many of the usability drawbacks as the Tor Browser. It’s also important to have a browser that you can stay logged in on stuff that requires your identity, as logging to your bank or Google account through MB renders its privacy benefits moot because all your tabs share the same IP address. It’s also based on ESR so it doesn’t have all of the security fixes backported.
Tor Project gets access to all the security issues from Mozilla while they are embargoed and backports them as necessary.
no it does not.
It still prevents them from learning exactly what hardware you have or various other information.
4 Likes
Tor Project gets access to all the security issues from Mozilla while they are embargoed and backports them as necessary.
Thanks for the info
no it does not.
It still prevents them from learning exactly what hardware you have or various other information.
True, maybe it’s not completely moot then, but your activities can still be correlated and to prevent this you need another web browser.
I think that is what adding a “persistent mode” is intended to address.
MB renders its privacy benefits moot because all your tabs share the same IP address
I don’t agree that it ‘renders its privacy benefits moot’ but even if it did, that wouldn’t be any less true with Librewolf, FIrefox, or Brave and a VPN.
Also, you should know, if you use Mullvad VPN extension (with any Firefox based browser) you can set per site VPN connections, so in cases where you do want different websites to see different IP’s you can do this. It was one of my favorite features of the Mullvad browser extension when I used it.
Fair points. Not installing extensions is indeed a limiting factor. Though technically nothing stops you. You risk making yourself stand out, but then that would be the case with LW or other browsers also, its just talked about more with MB because MB is going for a higher standard of anti-FP protection than LW, Firefox, etc.
This gets at a question I’ve been mulling over for some time. Obviously it is best, and recommended to use Mullvad Browser the right way, (no extensions, no changes, etc), but is using Mullvad Brower the wrong way (e.g. installing an extension or two, maybe using a custom list in uBO) still as good or better, than using a lesser browser like LIbrewolf, FF+AF, or Brave? Using MB “the wrong way” undermines the strong anti-FP, but then LW and AF, and Brave, don’t really achieve strong anti-FP to start with, so idk. Thoughts?
I don’t agree that it ‘renders its privacy benefits moot’ but even if it did, that wouldn’t be any less true with Librewolf, FIrefox, or Brave and a VPN.
Yeah, but this is why you need more than one browser to properly isolate your activities.
you can set per site VPN connections, so in cases where you do want different websites to see different IP’s you can do this.
How…? I use their browser with their VPN, and I have the plugin… It does have a proxying feature, but it says that it’s for all sites, so not domain specific like what Tor Browser does
I have been thinking about this. My thought is that using extensions or something else on Mullvad Browser is worse both because of the audience of users who use Mullvad (who will likely not use any extensions) and the fact that Mullvad Browser uses Firefox ESR.
I figured that using Firefox ESR with Mullvad Browser settings and one or more extensions is like having a beacon pointed at you 
In the end, Mullvad Browser and LibreWolf do not differ that much in my opinion to justify this “effort.” I refer for example to this table: https://privacytests.org/ where they are almost identical.
But if someone more experienced can answer this better than I can I look forward to other opinions!
I am tempted to re-evaluate Librewolf. Wonder if @dngray thinks it’s worth it?
I’m not aware of a reason it’d be worse, outside of being on ESR.
2 Likes
Just a quick FYI, Librewolf doesn’t currently fulfill the following minimum requirement on the Desktop Browsers page:
- Must receive engine updates in 0-1 days from upstream release.
The first version 128 release for Librewolf was released on July 12th, 3 days after Firefox 128.0 was released.
This may or may not be a symptom of some of the concerns expressed here (informally and a little abrasively)
4 Likes
Why? Why not just recommend the best of the best, which is currently the case for desktop browsers?
There is little benefit of Librewolf in comparison to the already recommended Mullvad Browser.
4 Likes
Yeah, I’ve spent some time tonight looking at Librewolf and it is (still) not good. Seeing a lot of other bad experiences from people on Mastodon who are switching because of Mozilla news too.
I don’t think they do any testing for their builds either, as far as I can tell. So, nothing has changed 
1 Like
4 posts were split to a new topic: Why can my operating system be detected with Mullvad/Tor Browser?
I just came across this article and I think it’ll be helpful to people here:
2 Likes
Interesting read, thanks. I’ve used Librewolf before and liked it. However I’m unsure the advertised benefits outweigh the fact patches and updates take longer. When you think about a internet browser, that’s an application with a extremely large codebase with a comparatively large attack surface to other applications. Mozilla is going to be quicker at security patches, and with Librewolf those patches need to be integrated into their code. By the time someone gets done tweaking their Firefox environment with uBlock and Arkenfox I’m not sure if Librewolf is better. And as for encrypted SNI you could use dnscrypt-proxy for this, or just use a VPN that pushes their DNS through a server that supports encrypted client hello (which is most probably). The one thing that Librewolf would still hold the edge in however is user friendliness. Where stock Firefox needs tweaking, Librewolf does not. Unless you’re running Linux, in which case the only parameter you should adjust is making sure you use a wayland environment for enhanced security. But that would go for pretty much any application not just browser.
1 Like
Neither a VPN or dnscrypt fix the plaintext SNI leak.
Each website you visit must support ECH.
I have a list here: https://divested.dev/misc/ech.txt
4 Likes
Appreciate the correction. I admittedly don’t know much about ECH/SNI. I was under the impression this was related to what server you were using. As I was testing different servers I connected to with the Cloudfare test and it registered some of them having SNI support while others did not.