MX Linux Forum

Eadwine Rose wrote: Tue Jan 12, 2021 9:52 am Can you please post that in the package request forum next time? Thanks :)

andyprough wrote: Tue Jan 12, 2021 1:14 pm If you want it to integrate nicely into MX19, you can dowload the flatpak from here: https://gitlab.com/librewolf-community/ ... 64.flatpak

SwampRabbit wrote: Tue Jan 12, 2021 1:54 pm

andyprough wrote: Tue Jan 12, 2021 1:14 pm If you want it to integrate nicely into MX19, you can dowload the flatpak from here: https://gitlab.com/librewolf-community/ ... 64.flatpak

Is that an official flatpak from them? From what I saw they didn't have an official one yet, but that could be out of date info.

If there is a flatpak they may be the best bet for folks, it may or may not take awhile to get it built for MX, I'm on dependency #4 of 6 that I know of so far.
Also no knowing if it will build and have issues or not since I haven't gotten that far yet. I got other packages to do to so I'm just starting with this thing and not sure I want to maintain it long term. Still too many browsers coming and going these days, I think we have 42 in our repos or something like that?

andyprough wrote: Tue Jan 12, 2021 2:58 pm Yes, it's in their Linux Releases page on their LibreWolf Gitlab: https://gitlab.com/librewolf-community/ ... -/releases

Unfortunately they haven't submitted it to Flathub yet, or users would be able to get it through MXPI. But the command line installation of it as a local file works just as well.

Stevo wrote: Tue Jan 12, 2021 3:35 pm Its build-depends should be similar to that of Firefox 84 upstream, which involves newer versions of cargo and rustc, AFAIK.

Since they offer binary builds, we could duplicate what we do with Firefox and just bundle those into debs.

SwampRabbit wrote: Tue Apr 27, 2021 8:56 am I personally am not interested in fussing around anymore with trying to build this mess of a package. The developer needs to debianize it.

Sterling wrote: Tue Apr 27, 2021 10:28 am

SwampRabbit wrote: Tue Apr 27, 2021 8:56 am I personally am not interested in fussing around anymore with trying to build this mess of a package. The developer needs to debianize it.

Thanks for your assessment. It's a clear hint, and a mess is a warning sign if it's not addressed.

Did you have the chance to provide some details upstream? https://gitlab.com/librewolf-community/ ... x/-/issues

dolphin_oracle wrote: Tue Apr 27, 2021 11:52 am their pkgbuild files for their arch builds download mozilla source and then apply patches. I'm not even sure that qualifies as a fork. basically if mozilla support disappeared I think this one would too.

SwampRabbit wrote: Tue Apr 27, 2021 12:00 pm

dolphin_oracle wrote: Tue Apr 27, 2021 11:52 am their pkgbuild files for their arch builds download mozilla source and then apply patches. I'm not even sure that qualifies as a fork. basically if mozilla support disappeared I think this one would too.

Correct, the dpkg script does the same thing. They even say to run the script then use something like OBS to build packages.

I don’t know if they want to actually “fork” fork it or not, or even need to for what they are trying to accomplish. But right now everything I see points to what you noticed and that is they are just pulling down the Firefox source package and “bolting on” things or removing some other things.

SwampRabbit wrote: Tue Apr 27, 2021 3:04 pmI also personally find it silly they disable “phoning home” (I don’t know what all is disabled), but it’s Mozilla, there is a reason this data is collected (anonymized I might add) and it’s to improve Firefox for all users, assist finding vulnerabilities, etc, etc. Disabling such things only hurts Librewolf and all Firefox forks and ultimately users. For those reasons I find it silly to tote it as a huge win for Librewolf.

The user is identified by Leanplum using a random UUID generated by Firefox for Android when Leanplum is initialized for the first time. This unique identifier is only used by Leanplum and can’t be tracked back to any Firefox users.

User Identifier: Since Device ID is a random UUID, Leanplum can’t map the device to any know Client ID in Firefox for Android nor Advertising ID.

SwampRabbit wrote: Tue Apr 27, 2021 5:49 pm @andyprough did you digest that article, did you look at what is collected, and what is done before it is sent?

They aren’t “having” to, they are choosing to, big difference.

The user is identified by Leanplum using a random UUID generated by Firefox for Android when Leanplum is initialized for the first time. This unique identifier is only used by Leanplum and can’t be tracked back to any Firefox users.

User Identifier: Since Device ID is a random UUID, Leanplum can’t map the device to any know Client ID in Firefox for Android nor Advertising ID.

There is no darn PII or identifiable info on users from what I saw in the list of telemetry. Seems to be a move to pander to Privacy whack jobs who want to complain about that but their ISP is selling the same and more. Hell people’s “super super secure VPN”, the Post Office, local municipalities, banks, etc, etc are dumping more info than that daily and people are worried about Mozilla trying to stay afloat with some anonymized data?

I know full well why people want to try and avoid many of these things (and actually know the cases they don’t know but should).

But I also know the same people will use Brave who did a lot worse behind users’ backs without any public info on what they did and was caught red handed. Trust/Distrust but verify, people trust/distrust things they read too much these days, but don’t verify jack.

Who’s to say that build script from Librewolf isn’t (or could in the future) pulling down something at compile time that bypasses all protections?
We build in a schroot and not the way Librewolf wants us to build for a reason.

What happens when Mozilla has to shut down because they can’t pay the bills to keep the doors open because of the “privacy experts”?

Just the other day I had to do OSINT for work work to identify someone from their VPN provider, got local public IP... then it was over had everything in a short amount of time.

People need to learn to chill out a little. Trust me, the more someone tries to hide... the more they and their actions stand out and they become a target. This is because the data sets and info points become tighter and more focused. One fish in a pond is easier to catch than just one specific fish in the ocean. SSN cost $2-3, CC# cost $1-100, License # cost $3-18... anonymized telemetry data from Mozilla doesn’t cost a thing cause no one wants it and it’s not really useful.

Half the time people spend so much time trying to cover things that don’t matter while missing the really important things (e.g. baby hand print photos on Instagram) and also wasting tons of time when they could be enjoying their computer and the interwebs.

Edit: who cares if someone has your browser fingerprint? Ain’t nobody directly attacking rando users just by their browser info, it’s too much time. In every aspect of life... time > $ ... same goes for malicious actors. Right now someone’s front door is unlocked and they worrying about if someone finds out they have Firefox 13 installed or not. Then complains when Netflix doesn’t work or something.

Always - STEP 0 - Remain Calm.

Sterling wrote: Tue Apr 27, 2021 7:13 pm I'd just guess a well understood package of a browser with reduced data spreading should tend to increase the crowd that uses it.
(But not sure if librewolf could become that. Re-packaging their binary in lieu of clean patchsets does nott seem to be of the better suggestions.)

And it looks somehow like a contradiction, if turning off data collection, that is said to have no value, should lead to the company going out of business. It does not only seem like asking (opt-in/out) to send out data that could allow un-randomizing/matching of other identifiers, there seem to be pretty hardcoded requests to corporate servers as (that issue #16).

andyprough wrote: Tue Apr 27, 2021 6:48 pm Is there some reason you feel the need to publicly lecture me about an issue that I have been studying in great detail? I advised you kindly to back off, next time I won't be so kind.

SwampRabbit wrote: Tue Apr 27, 2021 7:55 pm

andyprough wrote: Tue Apr 27, 2021 6:48 pm Is there some reason you feel the need to publicly lecture me about an issue that I have been studying in great detail? I advised you kindly to back off, next time I won't be so kind.

Woah, did that come off as directly lecturing you?

No reason to get like that... you should know I wouldn’t come at you negatively.

I’ll just take my 21yrs of being cybersecurity professional else where...