LibreWolf (Firefox-Based Browser)

Site Development Tool Suggestions
358

Obviously, the following isn’t that relevant anymore as the more or less only argument, the bad security, is now fixed. But, to end the discussion…

Yes, I was wrong in that point; this misunderstanding from me was based on an unaccuracy that Privacy Guides wrote itself (so no, not bad research, or being dumb [at least not that time :sweat_smile:] or something like that which @Hank was heavily implying).

An attempted summary of the discussion (+ new arguments)

Please note that “ProLW” or “ConLW” (Pro LibreWolf / Contra LibreWolf) isn’t always something on which all Pro- or ConLW “Team members” agree. Sometimes when I write a ProLW bullet point, I’m even myself unsure whether it’s valid.

Whenever there are numbers in the reply (1., 2. etc.) it means that these are completely separate arguments which are valid even if you refute one of them. If you want to challenge that LibreWolf should not be recommended, you would have to refute every point separately, otherwise LibreWolf should still be recommended.

Against LibreWolf

Security fix delay

  • ConLW: LibreWolf has a dangerous security fix delay which makes it insecure.

  • ProLW: MullvadBrowser has a just very slightly differing security fix delay; recommending LibreWolf not because it has an average security fix delay approximately 0.4 days longer than MullvadBrowser (which is recommended) is ridiculous.

  • ConLW: LibreWolf had a 9 days security fix delay which could have been even longer if @any1 didn’t went ahead and fix it. Until LibreWolf manages to have consistent updates, it shouldn’t be recommended; until then, persistent mode is probably already released anyway.

  • ProLW (partially NEW): MullvadBrowser was not that much faster there; 6 days is also very worrying. And we don’t know what would’ve happened if @any1 didn’t fix it; maybe someone else new to the LibreWolf project or ohfp (LibreWolf project admin) would’ve done it.

  • ConLW: You can’t compare MullvadBrowser and LibreWolf because they are completely different and serve different purposes; MullvadBrowser adds the TOR browser patches and LibreWolf does not and that can’t be achieved with FireFox. LibreWolf can only be compared to FireFox or Brave.

  • (Here is one dumb argument (mine) and its reply missing; see for that beginning of this post)

  • ProLW (partially NEW): 1. With @any1 being a new maintainer of LibreWolf, the updates are now confirmed to be within one day. 2. If “consistent updates” is enough as one single criteria to throw something out of “even possible to recommend”, then MullvadBrowser shouldn’t be recommended as through your own logic. However, it would be logical if you’d say “Until LibreWolf manages to have consistent updates or to add real privacy, security or usability improvements compared to FireFox or Brave, it shouldn’t be recommended; until then, persistent mode is probably already released anyway.” But then I could say: Yes, it does add real privacy and usability improvements, see the next section of „Against LibreWolf“. 3. In every way, you are making Privacy-, Security- and Convenience trade-offs, so the only question should be:
    Outweighs the convenience and additional privacy features of LibreWolf compared to FireFox & ArkenFox the security fix delay of LibreWolf?
    You can‘t say objectively if all the additional features of LibreWolf compared to FireFox outweighs this one security disadvantage, so the User should choose for himself. That’s why we should mention LibreWolf.

Offering additional value compared to FireFox / Brave

  • ConLW: LibreWolf doesn’t add any value compared to FireFox or Brave.

  • ProLW: This is not true, you don’t have to configure and maintain ArkenFox; checking & eventually adopting new changes from a potential new ArkenFox release, which is necessary to disable fingerprinting. For many settings, you don’t have to use about:config but can use the convenient GUI extra settings category. Making per-site cookie deleting exceptions is much faster and easier.

  • ConLW: You don’t necessarily have to, in your definition, “maintain” ArkenFox because there is no crowd for ArkenFox users - ArkenFox can only, if anything, fool naive fingerprinting scripts.

  • ProLW: You should still update ArkenFox to avoid being tracked by a potentially new tracking method.

  • ConLW: Liking not configuring anything is a valid personal preference, but not a valid basis for a Privacy Guides recommendation.

  • ProLW: 1. This is absolutely not true, usability is a big criteria when recommending something, otherwise only the TOR browser would be recommended as it is the most private one. In every way, you are making Privacy-, Security- and Convenience trade-offs, so the only question should be:
    Outweighs the convenience and additional privacy features of LibreWolf compared to FireFox & ArkenFox the security fix delay of LibreWolf?
    You can‘t say objectively if all the additional features of LibreWolf compared to FireFox outweighs this one security disadvantage, so the User should choose for himself. That’s why we should mention LibreWolf. 2. I found 10 things more which can’t be achieved with FireFox, but can be achieved / are implemented in LibreWolf (reply 322) – so in total there are 13 things which can’t be achieved with FireFox, but can be achieved with LibreWolf.

Target audience

  • ConLW: For not technical users, LibreWolf is not recommendable because they can’t diagnose and especially don’t fix site breakage. For intermediate and technical users, including a - in case of LibreWolf, (in the past) unreliable - third party is not worth configuring the handful releases ArkenFox does every year which only takes 5 of the 526,000 minutes every year, except on the initial learning curve.

  • ProLW: 1. Now, the updates are fast and consistent (thanks to @any1), so it is at least at this point already recommendable for intermediate and technical users. 2. (Further argument that it’s recommendable for intermediate and technical users) In every way, you are making Privacy-, Security- and Convenience trade-offs, so the only question should be:
    Outweighs the convenience and additional privacy features of LibreWolf compared to FireFox & ArkenFox the security fix delay of LibreWolf?
    You can‘t say objectively if all the additional features of LibreWolf compared to FireFox outweighs this one security disadvantage, so the User should choose for himself. That’s why we should mention LibreWolf. 3. LibreWolf is recommendable for not technical users, but see for that „Beginner friendliness“ in the section „For LibreWolf“.

JXL

  • ConLW: LibreWolf enables JXL by default which is another C++ decoder with „who knows who‘s responsible for it“ state and therefore a security risk.

  • ProLW: 1. JXL is also available in FireFox. 2. FireFox is recommended which requires changing far more preferences than LibreWolf.

  • ConLW: JXL is only available in FireFox Nightly.

  • ProLW: 1. FireFox Nightly is still FireFox and Mozilla is for both (regular FireFox and FireFox Nightly) responsible. JXL is maintained by Mozilla. 2. The second point from the previous response is still unanswered.

Missing blocklists

  • ConLW: In LibreWolf, you have worse security compared to FireFox as there are blocklists missing; you are actively missing protections against add-ons that are insecure or malicious, and this is just one of the missing remotes.

  • ProLW: This is fixed now, the three mentioned missing blocklists are now added to LibreWolf (LibreWolf‘s about:config librewolf.services.settings.allowedCollections value).

For LibreWolf

Trade-Offs on Privacy, Security and Convenience

  • ProLW: In every way, you are making Privacy-, Security- and Convenience trade-offs, so the only question should be:
    Outweighs the convenience and additional privacy features of LibreWolf compared to FireFox & ArkenFox the security fix delay of LibreWolf?
    You can‘t say objectively if all the additional features of LibreWolf compared to FireFox outweighs this one security disadvantage, so the User should choose for himself. That’s why we should mention LibreWolf.

Beginner friendliness

  • ProLW: LibreWolf is more user-friendly and easy to use; beginners and less-technical people can benefit from this. You also have to read the entire ArkenFox wiki (at least it says so) which takes lots of time and can be hard to understand.

  • ConLW: LibreWolf has settings and disables much things which breaks functionality of many sites; LibreWolf is therefore not recommendable for beginners or less technical users. If you are comfortable not reading the LibreWolf docs, you can be even more comfortable not reading the ArkenFox wiki as you will encounter less breakage with ArkenFox compared to LibreWolf.

  • ProLW: Some are skeptical due to personal experience that LibreWolf breaks sites.

  • ConLW: LibreWolf uses RFP currently as default (this will probably be soon changed) and ArkenFox FPP which breaks much lesser sites; therefore, our argument stands and LibreWolf is not recommendable to less technical people because they can‘t fix site breakage (this would apply also when LibreWolf switches to FPP).

  • ProLW (NEW): According to the ArkenFox wiki, 99 % of site breakage can be fixed with setting a temporarily or permanent Canvas exception. Doing so is very easy; just click on the image icon at the URL bar and select if you want to allow it once or every time. This could be said with an easy information if we recommend LibreWolf.

1 Like