librewolf/issues
25
145

The threat from Firefox new policy. #2276

Closed
opened 2025年03月03日 19:34:13 +01:00 by DotaFSS · 18 comments

They withdrew one of the ToS points, which stated that they would not leak/sell personal data.

Can LibreWolf team fix it?

They withdrew one of the ToS points, which stated that they would not leak/sell personal data. Can LibreWolf team fix it?

Only changes to the source code of firefox might need to be fixed for librewolf. The policies are not really a threat for librewolf.

Only changes to the source code of firefox might need to be fixed for librewolf. The policies are not really a threat for librewolf.
Author
Copy link

@sertonix wrote in #2276 (comment):

Only changes to the source code of firefox might need to be fixed for librewolf. The policies are not really a threat for librewolf.

But they already added new code in FF stable versions and this code already cleaned from LibreWolf?

@sertonix wrote in https://codeberg.org/librewolf/issues/issues/2276#issuecomment-2918718: > Only changes to the source code of firefox might need to be fixed for librewolf. The policies are not really a threat for librewolf. But they already added new code in FF stable versions and this code already cleaned from LibreWolf?

Firefox's new policy, while IMO very troubling, explicitly affects only the Firefox browser, and explicitly does not cover the source code. Since Librewolf disables Mozilla telemetry as part of doing what it does, I'd argue it's entirely unaffected by whatever they're smoking in the land of the lizard.

That's one reason we've seen so many normies (myself included) pour in lately who really just want a fork of FF and not a hardened privacy browser. If I can contribute anything to the project I'd be happy to contribute documentation to support these refugees (of which I am one, honestly) in understanding how to set up LW the way they want it ... and maybe documenting the risks of doing so.

But really I would like to see a group of interested parties resume care of Iceweasel so that we can point the normies there and keep Librewolf as pure a privacy browser as we can. (I'm still happy to document the FPP overrides for the ones who need it, particularly since I'm among them for accessibility reasons.)

Firefox's new policy, while IMO very troubling, explicitly affects only the Firefox browser, and explicitly does not cover the source code. Since Librewolf disables Mozilla telemetry as part of doing what it does, I'd argue it's entirely unaffected by whatever they're smoking in the land of the lizard. That's one reason we've seen so many normies (myself included) pour in lately who really just want a fork of FF and not a hardened privacy browser. If I can contribute anything to the project I'd be happy to contribute documentation to support these refugees (of which I am one, honestly) in understanding how to set up LW the way they want it ... and maybe documenting the risks of doing so. But really I would like to see a group of interested parties resume care of Iceweasel so that we can point the normies there and keep Librewolf as pure a privacy browser as we can. (I'm still happy to document the FPP overrides for the ones who need it, particularly since I'm among them for accessibility reasons.)

@knghtbrd wrote in #2276 (comment):

I would like to see a group of interested parties resume care of Iceweasel so that we can point the normies there and keep Librewolf focused on being a privacy browser

LW is already the normie alternative to TOR and Mullvad. But I get what you mean, though I think it would be easier to make IceCat more accessible.

@knghtbrd wrote in https://codeberg.org/librewolf/issues/issues/2276#issuecomment-2927801: > I would like to see a group of interested parties resume care of Iceweasel so that we can point the normies there and keep Librewolf focused on being a privacy browser LW is already the normie alternative to TOR and Mullvad. But I get what you mean, though I think it would be easier to make IceCat more accessible.

Isn't Icecat the fork that says you're not allowed to run Javascript unless RMS gives it his holy blessing?

Realistically a nice UI to control the various settings are all we need. The privacy defaults are reasonable privacy defaults and if people want to disable them, that's their business. It's better if they have the UI to do it. There's not much more than a little settings window dressing I'd change beyond ... well the major one right now is webGL per-site permissions.

Isn't Icecat the fork that says you're not allowed to run Javascript unless RMS gives it his holy blessing? Realistically a nice UI to control the various settings are all we need. The privacy defaults are reasonable privacy defaults and if people want to disable them, that's their business. It's better if they have the UI to do it. There's not much more than a little settings window dressing I'd change beyond ... well the major one right now is webGL per-site permissions.

@knghtbrd wrote in #2276 (comment):

Isn't Icecat the fork that says you're not allowed to run Javascript unless RMS gives it his holy blessing?

RMS wants software "freedoms" above all, so LibreJS can be disabled. It's an entirely optional add-on.
Most of IceCat's changes are entirely optional. Only the ones that disable telemetry are hardcoded, as far as I know.
So it's much like LibreWolf-- but GNU prioritizes their ideologies over usability, so it's less useful than LW by default.

Realistically a nice UI to control the various settings are all we need.

And the sane defaults too. In theory, you can config FireFox and IceCat to behave exactly like LibreWolf.
But then you have to do this with every install. On top of that, you have to build IceCat yourself-- unless you use the same systems as RMS or trust what @chippy is doing (not implying it's inherently malicious, just inherently less secure- I respect the effort, though).

Bottom line: both browsers respect your "freedoms" but LW respects your time and personal preferences more.

@knghtbrd wrote in https://codeberg.org/librewolf/issues/issues/2276#issuecomment-3088147: > Isn't Icecat the fork that says you're not allowed to run Javascript unless RMS gives it his holy blessing? RMS wants software "freedoms" above all, so LibreJS can be disabled. It's an entirely optional add-on. Most of IceCat's changes are entirely optional. Only the ones that disable telemetry are hardcoded, as far as I know. So it's much like LibreWolf-- but GNU prioritizes their ideologies over usability, so it's less useful than LW by default. > Realistically a nice UI to control the various settings are all we need. And the sane defaults too. In theory, you can config FireFox and IceCat to behave exactly like LibreWolf. But then you have to do this with every install. On top of that, you have to build IceCat yourself-- unless you use the same systems as RMS or trust what @chippy is doing (not implying it's inherently malicious, just inherently less secure- I respect the effort, though). Bottom line: both browsers respect your "freedoms" but LW respects your time and personal preferences more.

I'm working on a guide that should help people get LW set up the way they want as "normal" users, and I'll be updating it as the requisite UI for normies gets implemented. The major thing missing right now is a need for me to just blow away my whole profile and recreate it from scratch, properly this time.

When I started using it, I just popped open about:config and started changing stuff I knew I needed/wanted changed. That was dumb. I can't reproduce that, I can't recreate it, and I can't recover it when I blow away this config. Not like I can with, say, bookmarks, which I can just save out as .html and recreate my entire bookmark structure in seconds. I should have been using the overrides file. And I will do so this time. The one I've created is kind of documented so I can hand it to users but ... it contains my settings. The goal is to teach people how to configure the most private thing that serves their needs. I need a lot of accessibility features most people don't, for example.

It'll be easy to do and to update starting fresh. Right now there's a lot of "it doesn't work for me, it works for you?"

I'm working on a guide that should help people get LW set up the way they want as "normal" users, and I'll be updating it as the requisite UI for normies gets implemented. The major thing missing right now is a need for me to just blow away my whole profile and recreate it from scratch, properly this time. When I started using it, I just popped open about:config and started changing stuff I knew I needed/wanted changed. That was dumb. I can't reproduce that, I can't recreate it, and I can't recover it when I blow away this config. Not like I can with, say, bookmarks, which I can just save out as .html and recreate my entire bookmark structure in seconds. I should have been using the overrides file. And I will do so this time. The one I've created is kind of documented so I can hand it to users but ... it contains my settings. The goal is to teach people how to configure the most private thing that serves their needs. I need a lot of accessibility features most people don't, for example. It'll be easy to do and to update starting fresh. Right now there's a lot of "it doesn't work for me, it works for you?"

But then you have to do this with every install.

There exists autoconf amd policies which allow this to be easily automated. I use these to have the same locked configuration on all my devices.

> But then you have to do this with every install. There exists autoconf amd policies which allow this to be easily automated. I use these to have the same locked configuration on all my devices.

I am closing this since there doesn't seem to be anything left to discuss.

I am closing this since there doesn't seem to be anything left to discuss.

@bottlecap wrote in #2276 (comment):

@knghtbrd wrote in #2276 (comment):

Isn't Icecat the fork that says you're not allowed to run Javascript unless RMS gives it his holy blessing?

RMS wants software "freedoms" above all, so LibreJS can be disabled. It's an entirely optional add-on. Most of IceCat's changes are entirely optional. Only the ones that disable telemetry are hardcoded, as far as I know. So it's much like LibreWolf-- but GNU prioritizes their ideologies over usability, so it's less useful than LW by default.

Realistically a nice UI to control the various settings are all we need.

And the sane defaults too. In theory, you can config FireFox and IceCat to behave exactly like LibreWolf.
But then you have to do this with every install. On top of that, you have to build IceCat yourself-- unless you use the same systems as RMS or trust what @chippy is doing (not implying it's inherently malicious, just inherently less secure- I respect the effort, though).

Bottom line: both browsers respect your "freedoms" but LW respects your time and personal preferences more.

Well... I've been running tests on several browsers and honestly Librewolf wants to be seen in the server logs. Reason why they change the user-agent (icecat and tor browser use firefox user-agent in order not to stand out). Now this might seem nothing special, but it certainly tells what browser you are using, dramatically increasing the uniqueness of your browser.
So on purely logical point of view, using a unique user agent and making everyone aware that this many people are using LibreWolf seems to me some sort of investment in the possible future sale of the project with a certain guaranteed user base.

This brings to memory the funny story of waterfox sort of exit scam. Did you know about that? Waterfox Recap or Original on Reddit

With this i like to point out that while LibreWolf can (and possibly will) sell the project, GNU CANNOT sell Icecat even if they wanted.
I hope that this maybe will offer you a perspective you haven't considered so far.

Take the time to test your browser yourself. Observing that every time you open firefox it will send your data to mozilla, cloudflare and google (and more), only to tell them that you just open the browser, will affect your approach to this.

Chip

@bottlecap wrote in https://codeberg.org/librewolf/issues/issues/2276#issuecomment-3091738: > @knghtbrd wrote in #2276 (comment): > > > Isn't Icecat the fork that says you're not allowed to run Javascript unless RMS gives it his holy blessing? > > RMS wants software "freedoms" above all, so LibreJS can be disabled. It's an entirely optional add-on. Most of IceCat's changes are entirely optional. Only the ones that disable telemetry are hardcoded, as far as I know. So it's much like LibreWolf-- but GNU prioritizes their ideologies over usability, so it's less useful than LW by default. > > > Realistically a nice UI to control the various settings are all we need. > > And the sane defaults too. In theory, you can config FireFox and IceCat to behave exactly like LibreWolf. > But then you have to do this with every install. On top of that, you have to build IceCat yourself-- unless you use the same systems as RMS or trust what @chippy is doing (not implying it's inherently malicious, just inherently less secure- I respect the effort, though). > > Bottom line: both browsers respect your "freedoms" but LW respects your time and personal preferences more. Well... I've been running tests on several browsers and honestly Librewolf wants to be seen in the server logs. Reason why they change the user-agent (icecat and tor browser use firefox user-agent in order not to stand out). Now this might seem nothing special, but it certainly tells what browser you are using, dramatically increasing the uniqueness of your browser. So on purely logical point of view, using a unique user agent and making everyone aware that this many people are using LibreWolf seems to me some sort of investment in the possible future sale of the project with a certain guaranteed user base. This brings to memory the funny story of waterfox sort of exit scam. Did you know about that? [Waterfox Recap](https://redlib.pussthecat.org/r/firefox/comments/f4si1i/privacy_browser_waterfox_appears_to_be_sold_to/) or [Original on Reddit](https://www.reddit.com/r/firefox/comments/f4si1i/privacy_browser_waterfox_appears_to_be_sold_to/) With this i like to point out that while LibreWolf can (and possibly will) sell the project, GNU CANNOT sell Icecat even if they wanted. I hope that this maybe will offer you a perspective you haven't considered so far. Take the time to test your browser yourself. Observing that every time you open firefox it will send your data to mozilla, cloudflare and google (and more), only to tell them that you just open the browser, will affect your approach to this. Chip

So on purely logical point of view, using a unique user agent and making everyone aware that this many people are using LibreWolf seems to me some sort of investment in the possible future sale of the project with a certain guaranteed user base.

It seems like you encountered this known bug which affects some builds: #2235

Could you maybe check if the user agent doesn't differ when enabling Resistfingerprint? And maybe mention which build you are using?

> So on purely logical point of view, using a unique user agent and making everyone aware that this many people are using LibreWolf seems to me some sort of investment in the possible future sale of the project with a certain guaranteed user base. It seems like you encountered this known bug which affects some builds: https://codeberg.org/librewolf/issues/issues/2235 Could you maybe check if the user agent doesn't differ when enabling Resistfingerprint? And maybe mention which build you are using?
Owner
Copy link

With things like this occurring, we might want to consider permanently including the useragent.patch that I tried (but then reverted again, for --with-app-basename wasn't the clean solution I was looking for at that point) with the 137.0 profile folder situation.
(librewolf/source@7b7f98649d)


With this i like to point out that while LibreWolf can (and possibly will) sell the project,

That, btw., is certainly quite an assumption you're making there. Sure, maybe we might be able to sell it (not a lawyer or anything, so I just don't know much about things like that), but that would go so very much against, well, everything we would like LibreWolf to be; and, I mean: we (intentionally) don't even accept donations.

I'm very, very, very certain that none of the core maintainers would ever allow something like that to happen.

With things like this occurring, we might want to consider permanently including the `useragent.patch` that I tried (but then reverted again, for `--with-app-basename` wasn't the clean solution I was looking for at that point) with the `137.0` profile folder situation. (librewolf/source@7b7f98649def2fee70cc40a9d28bf6fc2970e054) --- > With this i like to point out that while LibreWolf can (and possibly will) sell the project, That, btw., is certainly _quite_ an assumption you're making there. Sure, maybe we _might_ be able to sell it (not a lawyer or anything, so I just don't know much about things like that), but that would go so very much against, well, _everything_ we would like LibreWolf to be; and, I mean: we (intentionally) don't even accept donations. I'm very, very, very certain that none of the core maintainers would ever allow something like that to happen.

@sertonix wrote in #2276 (comment):

So on purely logical point of view, using a unique user agent and making everyone aware that this many people are using LibreWolf seems to me some sort of investment in the possible future sale of the project with a certain guaranteed user base.

It seems like you encountered this known bug which affects some builds: #2235

Could you maybe check if the user agent doesn't differ when enabling Resistfingerprint? And maybe mention which build you are using?

No, the #2235 is from a couple of months ago, i tested it like a year ago and that was the standard.
That and the constrained window sizes.
Probably after that it was changed, you can check yourself in the builds of early 2024.

Chip

@sertonix wrote in https://codeberg.org/librewolf/issues/issues/2276#issuecomment-3931916: > > So on purely logical point of view, using a unique user agent and making everyone aware that this many people are using LibreWolf seems to me some sort of investment in the possible future sale of the project with a certain guaranteed user base. > > It seems like you encountered this known bug which affects some builds: #2235 > > Could you maybe check if the user agent doesn't differ when enabling Resistfingerprint? And maybe mention which build you are using? No, the #2235 is from a couple of months ago, i tested it like a year ago and that was the standard. That and the constrained window sizes. Probably after that it was changed, you can check yourself in the builds of early 2024. Chip

@ohfp wrote in #2276 (comment):

With things like this occurring, we might want to consider permanently including the useragent.patch that I tried (but then reverted again, for --with-app-basename wasn't the clean solution I was looking for at that point) with the 137.0 profile folder situation. (librewolf/source@7b7f98649d)

With this i like to point out that while LibreWolf can (and possibly will) sell the project,

That, btw., is certainly quite an assumption you're making there. Sure, maybe we might be able to sell it (not a lawyer or anything, so I just don't know much about things like that), but that would go so very much against, well, everything we would like LibreWolf to be; and, I mean: we (intentionally) don't even accept donations.

I'm very, very, very certain that none of the core maintainers would ever allow something like that to happen.

What about 10M $? Would you sell?

@ohfp wrote in https://codeberg.org/librewolf/issues/issues/2276#issuecomment-3932018: > With things like this occurring, we might want to consider permanently including the `useragent.patch` that I tried (but then reverted again, for `--with-app-basename` wasn't the clean solution I was looking for at that point) with the `137.0` profile folder situation. ([librewolf/source@7b7f98649d](/librewolf/source/commit/7b7f98649def2fee70cc40a9d28bf6fc2970e054)) > > > With this i like to point out that while LibreWolf can (and possibly will) sell the project, > > That, btw., is certainly _quite_ an assumption you're making there. Sure, maybe we _might_ be able to sell it (not a lawyer or anything, so I just don't know much about things like that), but that would go so very much against, well, _everything_ we would like LibreWolf to be; and, I mean: we (intentionally) don't even accept donations. > > I'm very, very, very certain that none of the core maintainers would ever allow something like that to happen. What about 10M $? Would you sell?

In my opinion librewolf is too "simple" to make selling even possible. Compared to other FF forks librewolf has very few patches (which is a good thing for exactly this reason).

In my opinion librewolf is too "simple" to make selling even possible. Compared to other FF forks librewolf has very few patches (which is a good thing for exactly this reason).

Sure,
I made once the mistake of getting gangbanged by librewolf people on reddit and I won't do it again.

So ok you won't sell pinky swear.
Chip

Sure, I made once the mistake of [getting gangbanged by librewolf people on reddit](https://www.reddit.com/r/LibreWolf/comments/zis9u7/comment/j1hsuss/?context=3) and I won't do it again. So ok you won't sell pinky swear. Chip
Owner
Copy link

Ah, yeah, alright: it's somewhat clear now then that this avenue of discussion won't lead anywhere useful, and whatever I'd reply wouldn't matter either. So let's get back to the tech part of things:

No, the #2235 is from a couple of months ago, i tested it like a year ago and that was the standard.

If I understood that right, you haven't had the UA issue with recent builds (with RFP enabled or disabled) then?

Ah, yeah, alright: it's somewhat clear now then that this avenue of discussion won't lead anywhere useful, and whatever I'd reply wouldn't matter either. So let's get back to the tech part of things: > No, the #2235 is from a couple of months ago, i tested it like a year ago and that was the standard. If I understood that right, you haven't had the UA issue with recent builds (with RFP enabled or disabled) then?

I tested this more than one year ago, when the UA was changed by your build script.
Since then i haven't tested or used librewolf again.

Chip

I tested this more than one year ago, when the UA was changed by your build script. Since then i haven't tested or used librewolf again. Chip
librewolf-shared locked as Off-topic and limited conversation to collaborators 2025年04月24日 19:35:48 +02:00
This discussion has been locked. Commenting is limited to contributors.
No Branch/Tag specified
main
No results found.
Labels
Clear labels
Branding
Issues that relate to our logo or the branding of our browser and website.
Broken Upstream
Issue is also present in Firefox
Build
Alpine
Issues specific to the Alpine Linux build of LibreWolf.
Build
AppImage
Issues specific to the AppImage release of LibreWolf.
Build
AUR
Issues specific to the AUR build of LibreWolf.
Build
Debian
Issues specific to our official release for Debian based distros.
Build
DebianOBS
Issues specific to the non-official OBS build of LibreWolf.
Build
Fedora
Issues specific to our official release for Fedora.
Build
FedoraCOPR
Issues specific to the non-official COPR build of LibreWolf.
Build
Flatpak
Issues specific to the Flatpak release of LibreWolf.
Build
Gentoo
Issues specific to the Gentoo build of LibreWolf.
Component: Infrastructure
Issues related to infrastructure provided by LibreWolf
Component
Builds
Issues related to how we build LibreWolf
Component
Patches
Issue with one of the patches in our source code.
Component
Settings
Issues related to the settings of LibreWolf.
Component
UI
A purely cosmetic issue in our browser.
Component
Website
Issues with our website.
Docs
Change required
A needed change in our documentation.
Docs
FYI
Issues that document a change, or how stuff gets patched, built or configured.
Flag
Caution
Change that might be tricky or that needs to be carefully evaluated. Best suited for core members.
Flag
Good first issue
Suited for a first contribution as it is a straightfoward task!
FreeBSD
Issues related to the FreeBSD release of LibreWolf.
Linux
Issues realted to one or all our Linux releases.
macOS
Issues realated to the MacOS release of LibreWolf.
Needed
Help
We are stuck :-(
Needed
Info
Closing in ten days if no details are provided.
Needed
Testing
We are almost there!
Prio
High
Issues with a high priority
Prio
Low
Prio
Normal
Prio/Urgent
Issues needing immediate attention
Repositories
An issue with our repositories.
Research
Collecting informations to document something or to evaluate a change.
Source
Issues related to the source code of LibreWolf.
Status
Blocked
An issue blocked by another one.
Status
Duplicate
Look for existing issues.
Status
Icebox
Change that is not happening soon or issue that cannot be tested.
Status
Known issue
An issue that we are aware of but that we cannot fix at the moment.
Status
Not Planned
The requested feature is currently not planned
Status
Upstream
Either we upstreamed the issue or a fix is coming directly from Mozilla!
Status
Won't fix
Does not require a fix.
Type
?
What?
Type
Bug
Ouch...
Type
Discussion
Let's have a talk...
Type
Feature
A feature request.
Type
Question
Not a issue but just a user question
Type
Task
This needs to be done
Windows
Issues related to the Windows release of Librewolf.
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
6 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
librewolf/issues#2276
Reference in a new issue
librewolf/issues
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?