Page 1 of 1
LibreWolf instead of FF as defaul browser
Posted: Fri Oct 04, 2024 10:22 am
by mxme
I've been a FF user for many years, but over the past few years I've read numerous articles and discussions that have brought question and doubt as to whether Mozilla is as focussed on users privacy as it claims.
After looking under the hood in about:config and reading articles on what settings to change to enhance both privacy and security, there’s a bucket list of stuff that truly must be done, otherwise tons of your personal info, activities, IP address, what you type in to the search bar, and who knows what else is being sent to and from Mozilla and possibly even other companies servers on a constant basis.
Personally I don’t see how such a browser can even call itself “privacy-focussed” – it’s quite ridiculous.
One good analysis and report is
Web Browser Privacy: What Do Browsers Say When They Phone Home?
There are 2 almost identical alternatives to FF, that are in fact actual “privacy-focussed” browsers in LibreWolf and Mullvad.
I’ve been using both of them for a few months and they’re basically everything you want from FF, without the stuff you don’t.
LW is a direct replacement for FF in that it has identical functionality, with the benefit of having a lot, or even all, of the ‘anti-features’ removed.
Mullvad is the same, but it’s locked down so you can’t add extensions or remember history so it’s great for security and privacy, but not so great for day-to-day usage.
I don’t know what others think about this, but imo Firefox is absolutely not a private browser and having is installed as the default browser, not just on MX Linux, but practically all of the Linux distros, is detrimental to the end user, especially when considering there’s an alternative in LW which is orders of magnitude better, with zero drawbacks and identical functionality.
Re: LibreWolf instead of FF as defaul browser
Posted: Fri Oct 04, 2024 10:58 am
by siamhie
I've been a LW user since version 94. It's like FF with the hardened scripts you find on GitHub.
Telemetry is stripped.
Pocket removed.
By default it will clear history, delete cookies and site data when it closes.
Cache is stored in RAM and not on the disk.
Enhanced Tracking Protection is set to Strict mode by default.
WebGL is disabled by default.
ResistFingerprinting enabled.
Letterboxing enabled.
uBO installed.
I also have some about:config settings I like to apply after installation.
Code: Select all
Set these values to False
devtools.onboarding.telemetry.logged
toolkit.telemetry.hybridContent.enabled
experiments.activeExperiment
experiments.enabled
experiments.supported
network.allow-experiments
media.autoplay.allow-extension-background-pages
dom.private-attribution.submission.enabled
Code: Select all
I hate auto play videos
media.autoplay.default = 5
media.autoplay.blocking_policy = 2
Re: LibreWolf instead of FF as defaul browser
Posted: Fri Oct 04, 2024 2:19 pm
by mxme
I've been unhappy with FF for years, but didn't know what to change to. I moved to LW a few months ago and it's basically perfect.
It completely renders FF obsolete. There's no reason at all why anyone using FF should continue to use it over LW.
If MX Linux, and potentially other Linux distros included as default instead of FF it would not only be greatly beneficial to end-users but also to the LW team and LW itself.
Re: LibreWolf instead of FF as defaul browser
Posted: Fri Oct 04, 2024 2:41 pm
by DukeComposed
mxme wrote: ↑Fri Oct 04, 2024 2:19 pm
I moved to LW a few months ago and it's basically perfect.
It completely renders FF obsolete. There's no reason at all why anyone using FF should continue to use it over LW.
If MX Linux, and potentially other Linux distros included as default instead of FF it would not only be greatly beneficial to end-users but also to the LW team and LW itself.
MX Linux is geared towards users of all skill levels, including new users. LibreWolf's defaults include aggressive OCSP filtering, which will effectively break many websites especially when configured to run in HTTPS-only mode, which I believe may also be set by default. When new users try to get to CNN or DistroWatch in a new browser and it gives them a warning page or refuses to load the content due to safety precautions, "basically perfect" would not be the first words they would consider.
Re: LibreWolf instead of FF as defaul browser
Posted: Fri Oct 04, 2024 6:23 pm
by mxme
DukeComposed wrote: ↑Fri Oct 04, 2024 2:41 pm
mxme wrote: ↑Fri Oct 04, 2024 2:19 pm
I moved to LW a few months ago and it's basically perfect.
It completely renders FF obsolete. There's no reason at all why anyone using FF should continue to use it over LW.
If MX Linux, and potentially other Linux distros included as default instead of FF it would not only be greatly beneficial to end-users but also to the LW team and LW itself.
MX Linux is geared towards users of all skill levels, including new users. LibreWolf's defaults include aggressive OCSP filtering, which will effectively break many websites especially when configured to run in HTTPS-only mode, which I believe may also be set by default. When new users try to get to CNN or DistroWatch in a new browser and it gives them a warning page or refuses to load the content due to safety precautions, "basically perfect" would not be the first words they would consider.
Judging by your amazing attempt to find any kind of ridiculous flaw with LW so you can disagree with my argument, it seems like, for whatever reason, you have an extreme bias in favour of FF.
The only remarkable flaw you could conjure is that "OCSP filtering is too aggressive" lol, no offense, but what a load of ****
I'm using LW, I have HTTPS-Only mode in all windows set:
CNN and Distrowatch open perfectly fine, with no errors or warnings:
"overly aggressive OSCP filtering"....
the lengths some people will go to lol.
Re: LibreWolf instead of FF as defaul browser
Posted: Fri Oct 04, 2024 7:09 pm
by wulf
Well, it's available in the package manager, so people have the opprtunity to try it. I also dropped Firefox (ESR), in favour of Librewolf some time ago. It's well thought-out and is quickly updated when it needs to be. I use it pretty-much as it comes, except for tweaking a few of the Librewolf preferences to suit my own needs. Tbh, I haven't found any websites that it breaks.
Re: LibreWolf instead of FF as defaul browser
Posted: Fri Oct 04, 2024 8:45 pm
by aika
mxme wrote: ↑Fri Oct 04, 2024 10:22 am... otherwise tons of your personal info, activities, IP address, what you type in to the search bar, and who knows what else is being sent to and from Mozilla and possibly even other companies servers ...
Serious-personalized advertising is better than annoying advertising for sexual enhancers. I trust Mozilla that criminal hackers and political extremists won't get my data. This requires the professional closing of security gaps through timely and regular browser updates - best with Firefox beta:
Code: Select all
apt policy firefox-beta
firefox-beta:
Installiert: 132.0b3~build1
...
mxme wrote: ↑Fri Oct 04, 2024 2:19 pm... There's no reason at all why anyone using FF should continue to use it over LW ...
There's a good reason for FF: LibreWolf delays security updates. My cookies are deleted regularly, I have no respect for cookies and certificates. I think this is a commercial game.
mxme wrote: ↑Fri Oct 04, 2024 6:23 pm... I have HTTPS-Only mode in all windows set ...
HTTPS is only important on sites where you log in with a password.
Re: LibreWolf instead of FF as defaul browser
Posted: Fri Oct 04, 2024 9:17 pm
by davidy
I just downed the appimage. I refuse to install it. I added siamhie's lists to mine and merged them:
Code: Select all
beacon.enabled = false
browser.safebrowsing.downloads.remote.enabled = false
browser.send_pings = false
browser.sessionstore.privacy_level = 2
browser.urlbar.speculativeConnect.enabled = false
devtools.onboarding.telemetry.logged = false
dom.event.clipboardevents.enabled = false
dom.private-attribution.submission.enabled = false
experiments.activeExperiment = false
experiments.enabled = false
experiments.supported = false
media.autoplay.allow-extension-background-pages = false
media.autoplay.blocking_policy = 2
media.autoplay.default = 5
media.eme.enabled = false
media.gmp-widevinecdm.enabled = false
media.navigator.enabled = false
media.peerconnection.enabled = false
media.peerconnection.identity.timeout = 1
media.peerconnection.turn.disable = true
media.peerconnection.use_document_iceservers = false
media.peerconnection.video.enabled = false
network.allow-experiments = false
network.cookie.cookieBehavior = 1
network.dns.disablePrefetchFromHTTPS = true
network.http.referer.XOriginPolicy = 2
network.http.referer.XOriginTrimmingPolicy = 2
privacy.resistFingerprinting = true
privacy.trackingprotection.cryptomining.enabled = true
privacy.trackingprotection.enabled = true
privacy.trackingprotection.fingerprinting.enabled = true
toolkit.telemetry.hybridContent.enabled = false
webgl.disabled = true
The real problem are the certificates imo. Torbrowser will not even let you modify them. I also have a rather large list of hosts that the mozilla family of browsers will try to connect to that I block with opensnitch. From waterfox, firefox, and librewolf combined.
Code: Select all
accounts.firefox.com
api.accounts.firefox.com
aus5.mozilla.org
blocklists.settings.services.mozilla.org
channelserver.services.mozilla.com
contile.services.mozilla.com
crash-stats.mozilla.com
detectportal.firefox.com
developer.mozilla.org
experiments.mozilla.org
fhr.cdn.mozilla.net
firefox-api-proxy.cdn.mozilla.net
firefox.settings.services.mozilla.com
getpocket.cdn.mozilla.net
hardware.metrics.mozilla.com
incoming.telemetry.mozilla.org (lmfao)
input.mozilla.org
install.mozilla.org
metrics.mozilla.com
monitor.firefox.com
mozilla.org
oauth.accounts.firefox.com
pgl.yoyo.org (librewolf blocked)
profile.accounts.firefox.com
push.services.mozilla.com
qsurvey.mozilla.com
self-repair.mozilla.org (my favorite lol)
shavar.services.mozilla.com
snippets.cdn.mozilla.net
telemetry-experiment.cdn.mozilla.net
telemetry.mozilla.org
tiles.services.mozilla.com
token.services.mozilla.com
Some may be in error to be sure. That pretty much sums up why I hate running any form of mozilla. Between the certs and the config it's nothing but a pita.
Addendumb: I also disable any auto-updating whatsoever wherever possible please.. Notice how on a phone they have made any form of tweaking ^^ almost impossible. I use the Styx browser there atm. This is not a game at all unless you're the 1 being gamed. If one of the configs above is delisted I re-add it. Truly amazing how many lame hosts try to connect just so you can read wikipedia, or whatever. I'll tweak libre later. Such fun to be had.
Re: LibreWolf instead of FF as defaul browser
Posted: Sat Oct 05, 2024 3:26 am
by mxme
aika wrote: ↑Fri Oct 04, 2024 8:45 pm
mxme wrote: ↑Fri Oct 04, 2024 6:23 pm... I have HTTPS-Only mode in all windows set ...
HTTPS is only important on sites where you log in with a password.
I've been using LW for a number of months, I sign in to lots of sites and I've never experienced a single issue.
davidy wrote: ↑Fri Oct 04, 2024 9:17 pm
I just downed the appimage. I refuse to install it. I added siamhie's lists to mine and merged them:
I don't know your reasoning for that, but honestly it sounds rather paranoid. LW is open source and is far more concerned aout your privacy than practically any other browser... especially FF and/or anything chromium based. Why you would be so staunchly unwilling to install it is strange.
davidy wrote: ↑Fri Oct 04, 2024 9:17 pmI also disable any auto-updating whatsoever wherever possible please
That means your entire system is open to all of the latest CVE's, definitely not recommended. Not trusting your browser to update itself with security updates is akin to leaving someone you don't trust in your home... if you don't trust it/them, then it's nonsensical to have it/them there in the first place.
wulf wrote: ↑Fri Oct 04, 2024 7:09 pm
Well, it's available in the package manager, so people have the opprtunity to try it. I also dropped Firefox (ESR), in favour of Librewolf some time ago. It's well thought-out and is quickly updated when it needs to be. I use it pretty-much as it comes, except for tweaking a few of the Librewolf preferences to suit my own needs. Tbh, I haven't found any websites that it breaks.
I have exactly the same opinion and experience. Other than the biased, die hard Mozilla fans that refuse to leave Mozilla, regardless of how much of their data it's consuming, any reasonable, rational or even honest person must agree that having a real, true privacy-focussed browser in LW is without doubt a far better choice than having a totally fake "privacy-focussed" browser in FF.
aika wrote: ↑Fri Oct 04, 2024 8:45 pmSerious-personalized advertising is better than annoying advertising for sexual enhancers.
That's subjective, but also a completely moot point because LW comes with Ublock installed by default so you don't see any ads at all. Maybe you'll try to find a way to argue that serious-personalised advertising is better than no ads at all now?
aika wrote: ↑Fri Oct 04, 2024 8:45 pmI trust Mozilla that criminal hackers and political extremists won't get my data
Sorry to blow you up, but this is another stupid and completely moot argument - The fact that Mozilla has your data in the first place is exactly the issue here - the fact that you trust them is totally irrelevant - I don't want to trust them with my data, I don't want them taking any of my data, the fact that they are taking lots of all users data is the very reason for this thread.
LW does not take your data - therefore your necessity for "trust" is completely removed - the way it should be. Also, having no data makes it 100% impossible for anyone else to steal it. Are you also gonna argue now that you're happier with Mozilla taking your data and "protecting it" or would you be happier using LW and not having any of your data being harvested in the first place?
I mean it's a pretty obvious choice, but seeing as you started this idiotic discussion it seems necessary to point out the variables to you.
Re: LibreWolf instead of FF as defaul browser
Posted: Sat Oct 05, 2024 3:45 am
by DukeComposed
mxme wrote: ↑Sat Oct 05, 2024 3:26 am
I mean it's a pretty obvious choice, but seeing as you started this idiotic discussion it seems necessary to point out the variables to you.
Did you start this thread just to argue with people?
Re: LibreWolf instead of FF as defaul browser
Posted: Sat Oct 05, 2024 3:51 am
by mxme
DukeComposed wrote: ↑Sat Oct 05, 2024 3:45 am
mxme wrote: ↑Sat Oct 05, 2024 3:26 am
I mean it's a pretty obvious choice, but seeing as you started this idiotic discussion it seems necessary to point out the variables to you.
Did you start this thread just to argue with people?
Dude you are the one coming in to this thread with stupid, ridiculous and moot points against the proposition at hand - you are the one that's being unnecessarily argumentative, not me - I'm simply stating facts and pointing out the serious failings in your logic and understanding.
You're trying to argue that FF is either better, more private, or more secure than LW, when it categorically and verifiably is not - in fact it's orders of magnitude worse in every single aspect... and you have the cheek to call me argumentative? lol I don't think so.
Re: LibreWolf instead of FF as defaul browser
Posted: Sat Oct 05, 2024 4:50 am
by richb
If this topic cannot be discussed in a civil manner it will be locked.
Re: LibreWolf instead of FF as defaul browser
Posted: Sat Oct 05, 2024 5:57 am
by mxme
richb wrote: ↑Sat Oct 05, 2024 4:50 am
If this topic cannot be discussed in a civil manner it will be locked.
That's perfectly understandable, but I believe the statements I've made are not just civil, but accurate and necessary. The arguments against LW are stupid, ridiculous and moot so why would desrcribing them as such be uncivilised?
Re: LibreWolf instead of FF as defaul browser
Posted: Sat Oct 05, 2024 5:59 am
by richb
mxme wrote: ↑Sat Oct 05, 2024 5:57 am
richb wrote: ↑Sat Oct 05, 2024 4:50 am
If this topic cannot be discussed in a civil manner it will be locked.
That's perfectly understandable, but I believe the statements I've made are not just civil, but accurate and necessary. The arguments against LW are stupid, ridiculous and moot so why would desrcribing them as such be uncivilised?
I will not debate this with you.