LibreWolf

[SwampRabbit]

@dolphin_oracle i didn’t see that -dev package, but honestly didn’t look too hard or deep after.

I am not sure if the only way for use to include it is to run their script then build it proper or what. That process sounds like a pain and isn’t how it should be done. We would have to check the darn thing more each time. God forbid something gets slipped in to download random stuff during the dpkg script. You’d never know what gets built with something like this unless you review it. I am finding it hard to keep up with their commit breakdown, there appear to be gaps in what was done, but it could be my limited experience with GitLab.

For MX-21 we could probably just use their OBS to build from or include it in MXPI

[dolphin_oracle]

That's sort of what I'm thinking. use their build from OBS. the flatpak is technically usable but I don't want to added flatpaks to Popular Apps. Popular Apps was meant for debs, and while techically we could probably make it work, life would e easier if they just got their flatpak up on flathub.

[Sterling]

What I thought of was, if you would have found some specifics like a wrong packaging locations etc., something like that could be filed.

The advantage (and only objective) of this project I think is to just readily apply sensible privacy patches that otherwise need a lot of manual patching and checking out and merging user.js configuration etc.

But if the patches are not kept and managed nicely I guess it can easily look as or become a mess.

Found a feature list at https://librewolf-community.gitlab.io/docs/ :

* Latest Firefox — LibreWolf is compiled directly from the latest build of Firefox Stable. You will have the the latest features, and security updates.
* Independent Build — LibreWolf uses a build independent of Firefox and has its own settings, profile folder and installation path. As a result, it can be installed alongside Firefox or any other browser.
* No phoning home — Embedded server links and other calling home functions are removed. In other words, minimal background connections by default.
* User settings updates — We keep up with gHacks-user.js and pyllyukko’s user.js
* Extensions firewall: limit internet access for extensions.
* Multi-platform
* Community-Driven

But I'm wondering why the last commit removed the reference to the arkenfox user.js repository: https://gitlab.com/librewolf-community/ ... a162a0af6c

[SwampRabbit]

@Sterling it isn’t the package locations that’s the problem. I don’t intend to review everything they have and giving them pointers or fixes...

I got enough user requests piling up that actual application devs have ask for help with and I said I would help. Plus all things I package now and am working on in the background.
It’s a volunteer prioritization choice, I already told other folks I would work on stuff for them and haven’t finished.

And it’s more than just patches they are doing from the looks of it, if it was just patches, we could add it to FireFox and compile with no issues.

Most everything done with this thing can be done by users if they want to.

I also personally find it silly they disable “phoning home” (I don’t know what all is disabled), but it’s Mozilla, there is a reason this data is collected (anonymized I might add) and it’s to improve Firefox for all users, assist finding vulnerabilities, etc, etc. Disabling such things only hurts Librewolf and all Firefox forks and ultimately users. For those reasons I find it silly to tote it as a huge win for Librewolf.

[andyprough]

I also personally find it silly they disable “phoning home” (I don’t know what all is disabled), but it’s Mozilla, there is a reason this data is collected (anonymized I might add) and it’s to improve Firefox for all users, assist finding vulnerabilities, etc, etc. Disabling such things only hurts Librewolf and all Firefox forks and ultimately users. For those reasons I find it silly to tote it as a huge win for Librewolf.

Mozilla is having to remove some of their telemetry as we speak because they were caught farming it out to an untrusted 3rd party. This is from just one week ago: https://www.ghacks.net/2021/04/18/mozil ... d-and-ios/

The Edward Snowden PRISM revelations proved to a lot of us that we can't trust any big tech company to safeguard and protect and properly anonimize our private data. That's why a lot of us are using Linux distros instead of proprietary offerings from MS and Apple and Google.

I wouldn't get too angry at LibreWolf or the people like me who use it. We have pretty solid reasons for distrusting companies like Mozilla. We don't make this forum a breeding ground for all of our philosophical stances, but rest assured there are plenty of us who harbor this distrust.

[LibertyLinux]

I'm not sure it will ever get in the repo or even if it matters. In librewolf's about:config, dev has locked files which are not locked in every other browser I mess with.
ex: services.sync.prefs.sync.privacy.resistFingerprinting
I like Basilisk too but it has no fingerprinting settings at all.

[SwampRabbit]

@andyprough did you digest that article, did you look at what is collected, and what is done before it is sent?

They aren’t “having” to, they are choosing to, big difference.

The user is identified by Leanplum using a random UUID generated by Firefox for Android when Leanplum is initialized for the first time. This unique identifier is only used by Leanplum and can’t be tracked back to any Firefox users.

User Identifier: Since Device ID is a random UUID, Leanplum can’t map the device to any know Client ID in Firefox for Android nor Advertising ID.

There is no darn PII or identifiable info on users from what I saw in the list of telemetry. Seems to be a move to pander to Privacy whack jobs who want to complain about that but their ISP is selling the same and more. Hell people’s “super super secure VPN”, the Post Office, local municipalities, banks, etc, etc are dumping more info than that daily and people are worried about Mozilla trying to stay afloat with some anonymized data?

I know full well why people want to try and avoid many of these things (and actually know the cases they don’t know but should).

But I also know the same people will use Brave who did a lot worse behind users’ backs without any public info on what they did and was caught red handed. Trust/Distrust but verify, people trust/distrust things they read too much these days, but don’t verify jack.

Who’s to say that build script from Librewolf isn’t (or could in the future) pulling down something at compile time that bypasses all protections?
We build in a schroot and not the way Librewolf wants us to build for a reason.

What happens when Mozilla has to shut down because they can’t pay the bills to keep the doors open because of the “privacy experts”?

Just the other day I had to do OSINT for work work to identify someone from their VPN provider, got local public IP... then it was over had everything in a short amount of time.

People need to learn to chill out a little. Trust me, the more someone tries to hide... the more they and their actions stand out and they become a target. This is because the data sets and info points become tighter and more focused. One fish in a pond is easier to catch than just one specific fish in the ocean. SSN cost $2-3, CC# cost $1-100, License # cost $3-18... anonymized telemetry data from Mozilla doesn’t cost a thing cause no one wants it and it’s not really useful.

Half the time people spend so much time trying to cover things that don’t matter while missing the really important things (e.g. baby hand print photos on Instagram) and also wasting tons of time when they could be enjoying their computer and the interwebs.

Edit: who cares if someone has your browser fingerprint? Ain’t nobody directly attacking rando users just by their browser info, it’s too much time. In every aspect of life... time > $ ... same goes for malicious actors. Right now someone’s front door is unlocked and they worrying about if someone finds out they have Firefox 13 installed or not. Then complains when Netflix doesn’t work or something.

Always - STEP 0 - Remain Calm.

[Eadwine Rose]

Or.. in short: when you start acting different from the main stream, you stick out.

In simple terms: being sneakish avoidish on the web equals to you walking down the street always crouching. When you walk normally NOBODY is interested in you.

[Sterling]

Sure, one can only do so much.

Notably, though, that may not include simply packaging a patched firefox. The ancestor project to package an easily accessible "unmozillarized-firefox" (as with chromium) looks like having a history of going silent in a strange way.

Looks like there are some specific points to assess the projects value for internet users, and generally watching directions of words and doings.
https://unixsheikh.com/articles/choose- ... mpromising
( =>and https://gitlab.com/librewolf-community/ ... /issues/16)

[andyprough]

@andyprough did you digest that article, did you look at what is collected, and what is done before it is sent?

They aren’t “having” to, they are choosing to, big difference.

The user is identified by Leanplum using a random UUID generated by Firefox for Android when Leanplum is initialized for the first time. This unique identifier is only used by Leanplum and can’t be tracked back to any Firefox users.

User Identifier: Since Device ID is a random UUID, Leanplum can’t map the device to any know Client ID in Firefox for Android nor Advertising ID.

There is no darn PII or identifiable info on users from what I saw in the list of telemetry. Seems to be a move to pander to Privacy whack jobs who want to complain about that but their ISP is selling the same and more. Hell people’s “super super secure VPN”, the Post Office, local municipalities, banks, etc, etc are dumping more info than that daily and people are worried about Mozilla trying to stay afloat with some anonymized data?

I know full well why people want to try and avoid many of these things (and actually know the cases they don’t know but should).

But I also know the same people will use Brave who did a lot worse behind users’ backs without any public info on what they did and was caught red handed. Trust/Distrust but verify, people trust/distrust things they read too much these days, but don’t verify jack.

Who’s to say that build script from Librewolf isn’t (or could in the future) pulling down something at compile time that bypasses all protections?
We build in a schroot and not the way Librewolf wants us to build for a reason.

What happens when Mozilla has to shut down because they can’t pay the bills to keep the doors open because of the “privacy experts”?

Just the other day I had to do OSINT for work work to identify someone from their VPN provider, got local public IP... then it was over had everything in a short amount of time.

People need to learn to chill out a little. Trust me, the more someone tries to hide... the more they and their actions stand out and they become a target. This is because the data sets and info points become tighter and more focused. One fish in a pond is easier to catch than just one specific fish in the ocean. SSN cost $2-3, CC# cost $1-100, License # cost $3-18... anonymized telemetry data from Mozilla doesn’t cost a thing cause no one wants it and it’s not really useful.

Half the time people spend so much time trying to cover things that don’t matter while missing the really important things (e.g. baby hand print photos on Instagram) and also wasting tons of time when they could be enjoying their computer and the interwebs.

Edit: who cares if someone has your browser fingerprint? Ain’t nobody directly attacking rando users just by their browser info, it’s too much time. In every aspect of life... time > $ ... same goes for malicious actors. Right now someone’s front door is unlocked and they worrying about if someone finds out they have Firefox 13 installed or not. Then complains when Netflix doesn’t work or something.

Always - STEP 0 - Remain Calm.

Is there some reason you feel the need to publicly lecture me about an issue that I have been studying in great detail? I advised you kindly to back off, next time I won't be so kind.