Remove Non-Hardened Firefox / Firefox Without Arkenfox

edit. I re-read Wiki.

So I just read this whole thread and it seems there is no conclusion.

Is there a reason Librewolf doesn’t auto-update? Did the developer provide an answer? Also, is 3 days that bad? Even with 0-days exploits, unless you are actively targeted, I feel like 3 days isn’t so bad.

As I understand it, if you are targeted the attackers will likely target you before Day-0, as Day 0 is only when it was discovered by the Browser vendor / in the open.

3 days is quite a long time.

I recently came across an AMA that the Firefox team made on Reddit.

One particular comment stood out to me:

Firefox has Site Isolation. Our design differs from Chromium in some small ways: they’ve been more aggressive about rolling it out to Android, while we’ve been more conservative so we don’t cause tab unloads and crashes on low-memory devices, but it has been rolling out through our channels and experiments. We’ve been more aggressive about removing private user data from the content process where it might be stolen by a SPECTRE-family attack. But the top-line statement is Firefox has Site Isolation, and it helps keep you private against SPECTRE attacks.

Firefox’s sandbox on Desktop is very comparable to Chromium’s. There’s a few things here and there where are in the process of tightening things; but the renderer process sandbox on Windows, which is the most commonly exploited process, is very comparable with Win32k lockdown for years, etc. When you get into the weeds you can find places where we are developing and deploying things that Chrome has already shipped, but it’s akin to weeding the garden after you’ve done all the major landscaping.

On Android we are pursuing Isolated Process aggressively, which is a known gap from Chrome on Android.

We also have some pretty advanced sandboxing features that Chrome doesn’t have, like in-process sandboxing of risky third-party libraries with WebAssembly.

There’s others I found interesting, like this one, of which this part stood out:

People sometimes assume that making network connections to Mozilla means that we’re learning a bunch of sensitive data about you, but we’re not. One thing that’s pretty unique about Firefox is that we have a rule that Mozilla should never be able to learn what you’re doing online, and that this should be a publicly-verifiable property.

Thoughts?

When you look at interviews done by the Mozilla team, you realize they are still the good guys, but they just suck at communication.

That’s the feeling I get at least.

I have the same feeling. I think from the outside things always look very different than what they actually are, in the sense that we sometimes attribute malice where there is none. Looks like it, at least.

So like, what should I do? I use plain firefox, with just the recommended settings tweaks? No uBlock?

My recommendation would be to configure Firefox with the recommended settings and to install uBlock Origin. Should be good enough protection.

Afterwards you can always research how to properly use Arkenfox User.js and apply it, but the above gives you most of the protections.

Every company has good guys (or gals), but to be the good guys you need your leadership on board. It’s like what I’ve said about Google’s exceptional security researchers:

I think Mozilla is no longer the good guys. They probably haven’t been for quite some time, but the recent first-class integrations of Google Lens and Perplexity have solidified that fact for me even further. I’m reading Firefox’s current privacy policy and wondering “Mozilla, where is the privacy?”

I think we should drop Firefox, and only recommend Tor Browser, Mullvad Browser, and Brave. I think we should also add better guidance about using multiple browsers and make our main recommendation like what I said at VPN vs Browser Fingerprinting: A VPN Can't Stop You From Being Tracked - #4 by jonah. Thoughts? cc @team

We can still keep a mention of Arkenfox somewhere prominent for people to easily find.

I’m not in favor of this at all. Firefox has always been on top of new privacy features, like their containers and now their new profile UI, total cookie protection, canvas randomization, blocking trackers by default, DoH integration by default, URL tracking parameter stripping, HTTPS only mode, and of course their privacy features upstreamed from Tor browser. It’s telling how much Brave has to add (and remove) to chromium to approach the privacy features of stock Firefox, when most “private” Firefox forks are just changing some settings.

Plus, it’s the default browser on most Linux distros, so having a guide on how to configure it to be more private is useful I think.

Even their telemetry (which you can easily disable) is privacy-preserving. They utilize OHTTP and Prio which is their protocol for splitting data between two parties (currently an IETF draft). As pointed out earlier, Arkenfox doesn’t consider the telemetry to be a privacy concern as well. I don’t think some optional search engines change that.

Just this year, Mozilla came out with CRLite, a fast and private certificate revocation protocol. They’re genuinely doing research and having a positive impact on privacy.

They’re also working directly with Tor browser of course and upstreaming improvements from there, so you can enable privacy features from Tor browser through the RFP setting. Firefox is genuinely really good for privacy.

Adding my 2 cents for whatever it’s worth, but I strongly disagree with this.

I’ve always kept up with Mozilla and it’s shenanigans, and they’ve definitely done a lot of stuff that I don’t agree with, or seemingly doesn’t make lots of sense. But as a whole, and compared to most other companies in the same sphere, I don’t really feel like Mozilla is that bad. I feel like if we scrutinised all other companies as much as Mozilla, there’d be no software left that we could really use in good faith, at least when it comes to the scale of web browsers.

Whenever they add something new to Firefox, they always allow users to opt out or turn it off. Nothing has ever really felt forced to me, and I don’t really find their privacy policy too bad if I’m honest, it seems pretty clear to me about what they do with the data that we put into Firefox and what the implications are and I personally will continue to use vanilla Firefox for most of my browsing.

Above all, though, and what worries me the most, is that by removing Firefox as a recommended browser, you’re pushing the average user into scenarios where they’ll end up going back to Chrome because it’s just easier. For instance, in the link you provided to a previous comment, it’s recommended that users should use Mullvad Browser for everyday usage and Brave/Firefox for accounts. and I just don’t think that’s a viable option realistically. Mullvad Browser is fantastic and I love it but it does “degrade” the browsing experience that most people have come to expect from Chrome and regular Firefox. Then to log into accounts and such, the recommendation would be to use Brave (or Firefox, but not if it’s removed). I don’t have a problem with Brave per say - even if I really don’t like the company that much - but the issue I have with Brave is that it’s ~95% (99%?) Chromium. And I just think that pushing the whole privacy community to rely on Chromium is dangerous. I appreciate that Chromium is open source, but my overarching fear is that our reliance on Google is short-sighted, and like we’re seeing with Android, will ultimately have a lot of people running around trying to fix something that’s extremely difficult to fix simply because Google wanted to make some unforeseen change to appease their shareholders. I don’t even really have that much of a problem with Google as a company actually, but I can’t see the upside of putting our (most important) eggs into a basket owned by a trillion dollar advertising company that changes its direction on a whim, which is fine for them, but means that we can’t even trust our operating systems or the software that we use to browse the internet.

I have been in IT for almost 20 years, and much of the work is simply setting up software for the average person, like my mom or my neighbour. They don’t want two separate browsers, having to swap between them depending on what they’re doing; even I don’t want to do this. Online privacy should be aimed at people like this, because these are the people that are most vulnerable to surveillance capitalism or whatever new digital threat we’re facing down on any given day, and it needs to be a drop-in replacement for what they’re used to otherwise the whole exercise is pointless. Firefox, to me, represents a great middle ground for this, where I can get a person off of Google’s ceaseless encroachment into every aspect of our lives (including through the use of Chromium), and onto something that is fast and reliable and is more respectful of their privacy.

Google Lens integration is only enabled if you have Google as your default search engine, iirc. And Perplexity is just another search engine choice you can pick (completely agree they should have NEVER have been added, though, due to their atrocious privacy and security practices). While I think they should have prioritized more privacy preserving options instead of this, it’s mostly just small convenience stuff for some people.

And while I very much dislike their recent focus on cloud-based AI/LLM-driven features, they are all optional and very easily avoided/disabled.

Partitioning use cases like this is great for privacy and security, I agree with that. But like @ddsn said, most people don’t want to use multiple browsers. I say this as someone that helps friends and family configure things. Hell, I’ve had difficulty convincing people to even try a different browser.

I also agree with @fria, they made a lot of privacy features, and some of them, like a new profile management UI that’s easily discoverable and usable, or CRLite by default for everyone, were pretty recent. Completely discarding Firefox is a bad idea IMO, even while considering Mozilla’s (glaring) mistakes. There are barely any decent browsers as it is.

I just wish they had executives that actually cared.

Yeah, in this day and age compartmentalizing browsing in this way really seems like Step 1 imo

I agree about dropping Firefox and only recommending Tor Browser and Mullvad Browser. When people have to go in about:config in order to secure their browser properly, it isn’t a privacy-focused product anymore. I fear each Firefox update exponentially. Trust is broken.

And when it comes to each new update, I think that’s especially true with what Mozilla is doing right now with AI.

I’m not as twitchy about AI as some folks are, but it really depends on where, and how it’s implemented, and how it’s meant to be utilized, but Mozilla seems to be flooring the gas pedal on that track lately.

The bigger issue is that Firefox is already a headache to properly harden. New users have to go through overrides and custom scripts, and look at copied configs just to get it behaving like they want. I think it can be a bit of a problem even if you semi have an idea of what you’re doing and having to go through all that stuff that others have made guides on.

If they keep stacking more AI hooks into the codebase, that process turns into an even bigger chore. So yeah, I agree, every new update piles on more friction, and the way they’re going ham no AI right now only accelerates it in my opinion.

I don’t think this is the case though. Even the maintainer of Arkenfox states how only changing a few settings is enough for the majority of users. We shouldn’t overlook some of these strong privacy features Firefox has implemented over the years, as if they didn’t matter or even exist.

I believe it would be very short-sighted if we removed Firefox since it is still an excellent option for those who need more customization options than what Mullvad Browser can offer, and who otherwise don’t want to use a chromium-based browser, which is another valid reason. Some could even want to harden their browser experience with uBlock Origin’s more advanced modes, that definitely have significant privacy benefits. However, this practice isn’t recommended on Mullvad Browser, and who knows how long Brave will continue to offer uBlock Origin.

Firefox is privacy-focused but less security-focused. But we can criticise Mozilla all we want, the fact they basically allow you to change all settings with about:config and user.js is awesome. chromium doesn’t have that (you can implement .patch file but that’s for building, you can’t just apply it)

I don’t disagree that Firefox’s defaults have come a long way, (especially since those early years, good lord) and the Arkenfox maintainer even says the built in protections cover the basics for casual users.

Still, if defaults were actually enough, Arkenfox wouldn’t still be maintained 10+ years later, and we wouldn’t be spending an hour trying to hack the Gibson and go through every setting just to ensure we’re covering our bases.

But “good defaults” and “sufficient privacy” are two different tiers. What Firefox ships with is baseline privacy. It still leaves surface area exposed that only gets addressed once you start tightening the internals. Ignoring that gap because the defaults are “pretty good” is the part that’s we all might need to take another look at. At this point, some of this stuff should be out of the box, and it isn’t. That’s my issue.

Hardening it is specifically for the people who want to close those extra holes, the telemetry Firefox never exposes in the UI, the fingerprint vectors Mozilla leaves in place for compatibility, the APIs that remain enabled because disabling them breaks too many sites, the areas where isolation is partial. I personally think that’s the difference between “people can’t track you casually” and “people are going to have difficulties tracking you, even if they try.”

I see it as default firefox being an ok foundation, hardened firefox = the finished structure.

I come from the world of security where there’s no such thing as redundancy. When it comes to privacy, I think it’s up to the folks here to decide when “enough” is actually enough. But given the state of the world, I’m not a fan of half measures.

I think only recommending Firefox with arkenfox is the way forward, because just using Firefox with the few currently recommended settings doesn’t justify having worse security than a Chromium-based browser for some privacy gains. Firefox + arkenfox should remain an option for a Firefox-based browser that has some privacy benefits and can be used for logins, while Mullvad or Tor Browser can be used for non‑logged‑in browsing.

While arkenfox could still be useful I think that Firefox with the recommended settings covers most of the “hardening” for daily use. For the best fingerprint and privacy protection using Mullvad browser is a no brainer.
So the use case of arkenfox is quite unclear to me and his user.js setup and wiki is not as simple as switch some settings for the average user.

Also I didn’t follow the recent developments but wasn’t arkenfox supposed to sunset at some point?