Edit: I may have given too much weight the the Arkenfox dev’s assessment. Upon more research and consideration, I think Librewolf could still be a better option compared to straight Firefox, though hopefully the Librewolf team receive more help/contributors in the future to ensure its success long term.


I’ve been a user of Librewolf for a about a year now, and it’s always served me pretty well as a nice easy way to get a hardened Arkenfox Firefox.

However, recently I was curious why Librewolf wasn’t recommended on PrivacyGuides, and took a look through their reasoning on their forum. That thread spans multiple years, and for the most part I thought their reasons for not including it were a bit unfair, especially after Librewolf started offering automatic updates.

But towards the end of that thread in October, a Privacy guide team member posted a link to the Arkenfox github issue tracker, where a Librewolf team member reveals how the project appeared to have lost steam after a critical member left, and they are struggling to keep it up to date with the latest Arkenfox updates, despite putting out new releases.

I’m not sure if those problems have been resolved since that time. One of the maintainers did mention they’re still short staffed in this topic on taking over maintaining Mull.

After considering the arguments for and against in the PrivacyGuides thread, I think their conclusion for not recommending does have some merit. Using Librewolf adds an additional layer of trust, not only to not be malicious (which I don’t suspect they are) but to also be able to adequately fulfill what they set out to do reliably.

Another big part of them not recommending it was the existence of the Mullvad Browser, which I didn’t realize was in fact a very well hardened version of Firefox (essentially the Tor browser without the Tor part), and is far more effective for private browsing compared to Librewolf or an Arkenfox’d firefox.

Ultimately you’ll have to come to your own conclusion, but personally I’ll be switching back to Firefox as my convenient daily browser full of addons, alongside the mullvad browser for (more) private browsing.

  • ivn@jlai.lu
    link
    fedilink
    arrow-up
    11
    arrow-down
    6
    ·
    9 months ago

    Sadly Firefox has no tab sandboxing on mobile so yeah, it is less secure.

    And while I agree the Brave company is shady, the browser has good security features.

    • sudoer777@lemmy.ml
      link
      fedilink
      arrow-up
      14
      ·
      9 months ago

      There’s Vanadium and Cromite which have ad-blocking and strong security and none of the problems Brave has barring Chromium monopoly

      • ProdigalFrog@slrpnk.netOP
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        9 months ago

        I believe Brave is better from a fingerprinting perspective, if only due to it being easier to blend in with compared to Cromite, though Cromite has far better security AFAIK.

        • sudoer777@lemmy.ml
          link
          fedilink
          arrow-up
          6
          ·
          9 months ago

          I’m not sure how Brave is significantly better for fingerprinting than Cromite other than being more popular, which it still isn’t popular anyways and both of them can be bypassed with more advanced scripts. Vanadium is the most secure, being part of the GrapheneOS project, but all of the Chromium-based Android browsers have better security than FF-based currently, although I just saw somewhere that IronFox is enabling process isolation which is currently experimental.

      • asudox@discuss.tchncs.de
        link
        fedilink
        arrow-up
        1
        ·
        9 months ago

        Unfortunately the GrapheneOS team do not provide apks for the vanadium browser. Have fun compiling it yourself.

        I doubt cromite’s devs’ knowledge in privacy as they still use Adblock Plus (which has some privacy issues) instead of uBlock Origin.

        Brave is even shadier with their past URL injection “accident” and overall crypto involvment.

        • sudoer777@lemmy.ml
          link
          fedilink
          arrow-up
          2
          ·
          edit-2
          9 months ago

          The Cromite devs said they use ABP instead of uBO because it’s in C++ instead of JavaScript so they can easily implement it, it also has patches to remove some of the weirder stuff