I am already testing the patches against the release candidate for 146, so the next release should be much faster.
2 Likes
-
Well then, can you just name a few concrete fingerprinting-relevant values which distinguish a user with that theoretical setup (lastest [ESR/Non-ESR] version of FireFox, configured with MullvadBrowserâs configs before the first startup of FireFox, installed uBlock Origin and configured with the exact same way MullvadBrowser does, donât logged-in anywhere, donât changed any setting, used with MullvadVPN and donât installed any extension more than uBlock Origin) to a MullvadBrowser+MullvadVPN user?
-
If that is true and you canât compare MullvadBrowser with LibreWolf (which might be the case!), then my main argument still persists:
And also, none of the 13 in FF non-achievable advantages of LibreWolf has been yet refuted (except maybe one that Cyber-Typhoon mentioned).
1 Like
Are you even aware of what youâre asking? You are asking whether there is a change in fingerprinting that, by the end of the lifecycle, represents almost a yearâs worth of changes, not including Tor/Mullvad rebases that are missing compared to regular Firefox releases.
If youâre so convinced, then go ahead and make your frankenbrowser and compare it to Mullvad Browser with TZP.
5 Likes
I donât understand your intentions. I see that you just signed up to codeberg and youâve stated that you donât even use LibreWolf, but you decided that you want to be its batman anyways and start working on new release? Why?
Anyways, I used to use LibreWolf for roughly a year before I found this community. I wanted to share why Iâm never going back again. To me itâs a lack of community and past dev fuck ups that completely eroded my trust in the project.
- Maybe half a year ago LibreWolf rolled out a new release then rolled it back after about a day. Everyone that updated to the new release had their profiles updated for the new version. After that new release got rolled back, LibreWolf refused to use my old ânewâ profile and it required some manual intervention. To me this was catastrophic to temporarily âloseâ my profile and it was ~15 minutes of panic googling to fix the issue. Iâm a dev, so I canât imagine how non-technical users managed.
- Iâm on arch now and use AUR for third party packages. Unlike firefox, which is a first class citizen and lives in a more âtrustedâ repository, LibreWolf is managed by a single volunteer. Some malicious AUR user has been spamming packages with incorrect âout-of-dateâ flags that the maintainer wasnât clearing promptly. The end user would see these warnings every time when running any installs/updates and this was going on for roughly a month, but I see that he was stopped now.
- The AUR maintainer also didnât specify the correct version of ffmpeg (firefox-based browsers only run on v4.4 and canât work with any other versions) as a dependency. One day, when I switched from VLC to mpv, most of my browser videos started failing with dubious errors. Iâm a bit of a home assistant, IoT enthusiast so this was another catastrophe for me that I had to dedicated over an hour to solve. To be fair this ffmpeg4.4 dependency fuck up affected all the other volunteer-run AUR forks like zen and mullvad. I went on a personal crusade to get all the other maintainers to fix their shit too now.
I have since switched to Brave based on PGâs recommendation and its been working great for me. I do believe that PG could be much better at prompting their more technical users on how to deshitify Brave with âorganizational override configâ to remove all the AI/web3/other crap from Brave, but thatâs a completely separate story.
It only takes five minutes to do all the adjustments, so thereâs no need.
Why not? Itâs something interesting to work on, and it might benefit some people down the line. Maybe LibreWolf will turn into something worth using, but that depends on how much resistance I face with my planned changes.
3 Likes
Thatâs not true. Local organizational policies do more than just check checkboxes which is what the PG guide suggests. They actually remove the enshitified parts from the Brave UI which leaves a vastly cleaner browser experience. In particular I removed: AI Chat, News, Rewards, Speedreader, VPN, Wallet so thereâs no reference to them in my Brave anywhere.
Iâm not going to talk about my Brave configs or anything like that further here to not derail this thread further.
Actually, JXL only available in the Firefox Nightly. In LibreWolf, this is the default and it is enabled.
So what? Are all the Tor patches now fully added to Firefox?
You could just use the lastest version of FireFox (so no security fix delay â in that terms better than MullvadBrowser), configure it with MullvadBrowserâs configs before the first startup of FireFox, install uBlock Origin and configure it the exact same way MullvadBrowser does, donât log in anywhere, donât change any setting, use it with MullvadVPN and donât install any extension more than uBlock Origin and you would look in the web exactly like any other MullvadBrowser user, wouldnât you?
Did you even try to test this nonsense yourself? Even the link to your config is already outdated. When using this config, or an updated one, in Firefox, some fingerprints are not hidden, but thatâs for later. First, youâll need to edit this config because Firefox doesnât know which fonts to use and everything appears as squares. So, Firefox most likely doesnât have all the Tor patches, right?
I think you need to start personally testing things and showing the results. Right now it looks like youâre not even sure of your own words. Personally, I havenât seen a single reason to mention it in recommendations, except for far-fetched personal preferences.
2 Likes
Thanks for that!
You clearly havenât read the thread then.
1 Like
Non-technical people donât use Arch 
I am pretty sure that that was a problem only with Arch/AUR since I didnât had that problem and Iâm using LibreWolf over half an year. I use the AppImage
You should problably take a look here
So FireFox Nightly is not FireFox? 
And FireFox ESR is probably also not FireFox, right? 
Didnât said that. I just wanted to point out that the way isnât always TOR-Project adds a Feature - Mozilla ports it into ForeFox, but also often Mozilla adds a privacy feature - TOR-Project ports it into the TOR-Browser, so arguing just one way around doesnât makes sense.
1 Like
I am pretty sure that that was a problem only with Arch/AUR since I didnât had that problem and Iâm using LibreWolf over half an year. I use the AppImage
My mistake. The catastrophic LibreWolf dev mess up I was referring to actually happened exactly a year ago with the 132< -â >133 upgrades. I was on Windows then and it affected all platforms. Read more about it here if you want: Reddit - The heart of the internet
Here is a reason to avoid using it: a patch added nine months ago turned the remote settings into a whitelist. Not much was added to this whitelist.
Take a look at my PR and see what is missing that is actively making LibreWolf have worse security compared to just using Firefox. You are actively missing protections against add-ons that are insecure or malicious, and this is just one of the missing remotes.
This is just from quickly looking at what is being blocked, there probably are more that need to be added.
3 Likes
I donât think this particular argument is valid since LibreWolf encourages strongly against installing more AddOns.
I also donât think this argument is valid. Time to time, thereâs always big mess ups in browsers. (FireFox also had those things (example) and it is still recommended.)
1 Like
Just because they donât recommend installing more add-ons doesnât mean that users will listen, and does not justify not having these protections.
What about these that are missing?
- main/hijack-blocklists â Supplies remote blocklists used to detect and block known malicious or hijacking domains and protect against address/URL hijacking.
- main/addons-data-leak-blocker-domains â Remote list of domains where extensions are prevented from accessing or exfiltrating data to stop known data-leak destinations.
- blocklists/gfx â Remote blocklist of graphics/driver-related entries used to disable or alter graphics features for problematic GPUs/drivers to improve stability.
Not mentioning a password manager and/or alias manager like qwacky
You can always find stuff on ALL browsers that happened that werenât optimal. You can basically nitpick on anything.
For example, when I initially read this reddit post on Brave, I was shocked Brave was recommended.
When you dig a little, you can dismiss most of those as honest mistakes, or not that big of a deal.
Brave is recommended. Librewolf is not.
It still doesnât make sense to me.
1 Like