When will Librewolf be moving to using FPP?

When will Librewolf be moving to using FPP?

Does this mean the default Firefox FPP RFPTargets? Or I assume it means it will use FPP with RFPTargets set or choosen specifically by Librewolf, is that correct?

Should be happening soon. I already have a PR ready for the changes, just need to others from the team look at it.

If you had RFP disabled, nothing changes (you either keep the Firefox default FPP RFPTargets or whatever custom ones you added).

If you had RFP enabled, you get FPP +AllTargets.

Ok great. Thanks!

How will this differ from Firefox with ETP strict on? Firefox uses FPP…with some targets set? And Librewolf will use FPP with AllTargets?

Ideally, with Librewolf I think I would want it to be FPP +AllTargets but have easy toggles in settings where I can turn off things like time zone spoofing and forced light mode etc.

Should we move these questions to a DM or another thread?

Firefox has these RFPTargets with ETP strict.

If RFP was not explicitly disabled by the user, it will use +AllTargets.

My current PR has a checkbox to toggle between the default RFPTargets Firefox uses with ETP Strict and using +AllTargets.

Adding UI components for certian RFPTargets sounds like a good idea.

Since this is the main LibreWolf thread, I don’t think it is off topic. You can still DM me if you want to.

I could see the merit of moving it out of this thread either way, but in terms of DM’ing instead, I’d personally love to be able to follow the discussion somewhere still.

Maybe once this gets answered

Thanks again! Very helpful.

Is there list of all targets somewhere you could share easily?

I will also try to do a web search for it too.

Would just love to be able to compare which targets are used by each privacy focused browser - between Firefox, Librewolf and maybe Mullvad.

Mullvad uses RFP which uses all the targets.

Thanks!

How do I disable/turn off time zone spoofing in Librewolf?

And light mode?

Go to about:config

privacy.resistFingerprinting → false

privacy.fingerprintingProtection.overrides → +AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC

Thanks!

Just to be clear…am I disabling RFP with those instructions? I assume yes.

Also, will you post here on PG somewhere when Librewolf switches to FPP as the default?

I might just wait for FPP. It doesn’t spoof the timezone right? Or force light mode?

The above instructions disable RFP, and you then fall back to FPP with the same protections as RFP (because of +AllTargets), except for the explicitly disabled color scheme and UTC time.

Yeah I can announce it here.

The default FPP targets don’t, but our current plan was to switch to +AllTargets by default and, after the initial switch, decide which default targets we want.

Thanks!

Much easier doing this in about:config! I thought I would have to create an override file in the Librewolf folder on my computer somewhere.

Is there any hope that LibreWolf’s unique fingerprint will eventually get closer to Mullvad’s?

LibreWolf and Mullvad will always be different because we don’t pursue the same goal.

Adding to what @any1 has said about differing goals and priorities,

The way I see it is if Librewolf were to actually attempt to attain a similar degree of fingerprinting resistance to Mullvad Browser, it’d almost certainly undermine the reasons you chose Librewolf as your daily driver in the first place, and Librewolf would lose it’s main point of differentiation in the process:

1. To look like Mullvad Browser, Librewolf would have to be like Mullvad Browser
2. And to be like Mullvad Browser, Librewolf would have to make similar usability tradeoffs and restrictions as Mullvad Browser does.
3. And those tradeoffs and limitations are almost certainly a big part of what kept you from choosing to use Mullvad Browser as your daily driver in the first place.

Advanced fingerprinting protection is not really a situation where you can really have your cake and eat it too. As best I understand, it’s not really possible to attain both the convenience of a more mainstream private browser and the strong fingerprinting resistance of MB/TB at the same time. These two priorities fundamentally pull in different directions.

TL;DR If you were willing to put up with the tradeoffs Librewolf would have to make to attempt to try look like Mullvad Browser, then you’d most likely already be using Mullvad Browser. ^[1]

1. I am admittedly making assumptions about your reasons for preferring Librewolf. Were there specific reasons you chose to use Librewolf over Mullvad Browser that my explanation overlooks? ↩︎

Maybe this should be a separate topic but it is easier to post here…

When Librewolf switches to FPP what will differentiate it from Firefox? What will be the major selling points to using it over FF?

Assuming I use FF with PG’s recommended settings with ETP strict on etc, what would be the major differences? And if I manually set FPP +alltargets in the about:config what would the major differences be?

I assume one is the removing/hiding of all the new AI crap.

Everything is done for you, instead of you having to keep up of what changed and what settings you should apply. LW does it for you.

The biggest difference is that we act as a barrier between whatever Mozilla does and what actually gets shipped to the user.

We can also add things upstream does not include for various reasons (for example, hardening the build) or add our own features, like the WebGL permission.

At the end of the day it comes down to preference. I wouldn’t say either choice is wrong, and some might even say LibreWolf is obsolete

Ok. Thanks again! Very helpful!

I really like Librewolf and the work you are doing…I am just oddly keep coming back to FF for some reason.

I think it is maybe just the using the main source over a fork idea, the fact that LW might be made obsolete eventually if FF adds some of the privacy and security improvements that LW currently offers, and I was intrigued to find out Michael Bazzell still recommends FF. If it is good enough for him and his clients it is good enough for me I think. But I wonder what he and his team think about all the recent AI crap.

I kinda am wanting to see a direct checklist style privacy and security comparison between LW and FF. But I am not asking or expecting you to do that obvi. I can probably do my own rudimentary comparison.