Why Librewolf is not mentioned?



LOL My original text was AUR but I decided PPAs were more popular/recognizable.

I'm generally pretty careful about which software I install - and how I install it.
In general I usually read the PKGBUILD before I install it for the first time, also I mostly only install PKGBUILDS with a high vote count and high popularity when I do need a package from the AUR.
 
from HERE

Librewolf
Librewolf is promoted as the community-maintained fork of Librefox: a privacy and security-focused browser however Librewolf is suffering from the same problems as Waterfox.

Librewolf is a set of scripts and patches that removes the Firefox telemetry feature among other things. However, a network dump reveals that the very first time Librewolf is started it immediately contacts the Mozilla add-on CDN, Amazon Cloudfront, and several other places even though automatic updates of extensions is disabled by default.

The network dump reveals some of the following domains and IP addresses (I have shortened the list):

  • addons.cdn.mozilla.net
  • server-13-33-240-122.hel50.r.cloudfront.net
  • ec2-34-253-97-22.eu-west-1.compute.amazonaws.com
  • content-signature-2.cdn.mozilla.net
  • rt4bb146-89-147.routit.net
  • invidio.us
  • static.213-133-100-23.clients.your-server.de
  • 132.145.233.26
  • 52.142.124.215
  • 167.99.237.63
  • 194.187.168.100
While it is true that the project themselves do not collect any telemetry, the domains that the browser visits the very first time you open up the browser do log these requests.

Librewolf should not be bouncing around on the Internet without the user explicitly asking it to do so.
 
from HERE

Librewolf
Librewolf is promoted as the community-maintained fork of Librefox: a privacy and security-focused browser however Librewolf is suffering from the same problems as Waterfox.

Librewolf is a set of scripts and patches that removes the Firefox telemetry feature among other things. However, a network dump reveals that the very first time Librewolf is started it immediately contacts the Mozilla add-on CDN, Amazon Cloudfront, and several other places even though automatic updates of extensions is disabled by default.

The network dump reveals some of the following domains and IP addresses (I have shortened the list):

  • addons.cdn.mozilla.net
  • server-13-33-240-122.hel50.r.cloudfront.net
  • ec2-34-253-97-22.eu-west-1.compute.amazonaws.com
  • content-signature-2.cdn.mozilla.net
  • rt4bb146-89-147.routit.net
  • invidio.us
  • static.213-133-100-23.clients.your-server.de
  • 132.145.233.26
  • 52.142.124.215
  • 167.99.237.63
  • 194.187.168.100
While it is true that the project themselves do not collect any telemetry, the domains that the browser visits the very first time you open up the browser do log these requests.

Librewolf should not be bouncing around on the Internet without the user explicitly asking it to do so.

After reading that link, I decided to check out the Falkon browser
 
After reading that link, I decided to check out the Falkon browser
I thought someone had already mentioned this recent Distrowatch article, but perhaps it was elsewhere as I don't spot it here in this thread. To quote the article:
My previous long-term browser, Falkon, appears to have been discontinued two years ago

Their GitLab development page seems to confirm at least a year without any significant changes to the code. Falkon may be okay for experimenting, but I don't think I'd make it my daily browser unless it returns to active development.
 
I thought someone had already mentioned this recent Distrowatch article, but perhaps it was elsewhere as I don't spot it here in this thread. To quote the article:


Their GitLab development page seems to confirm at least a year without any significant changes to the code. Falkon may be okay for experimenting, but I don't think I'd make it my daily browser unless it returns to active development.

Good to know

Have there been times where the users pick up the ball after the developers (of any software) drop it?
 
Have there been times where the users pick up the ball after the developers (of any software) drop it?
Sure, although I'd say "other devs" rather than "users." That's the beauty of open source. But you, as a user, can become a dev too. Many software projects have changed "maintainers" over the years.
 
While it is true that the project themselves do not collect any telemetry, the domains that the browser visits the very first time you open up the browser do log these requests.

If I'm reading that correctly, it's probably resolved by setting the homepage/new tab/start page to blank or a domain of your choice.
 
I was able to use Firejail Librewolf when I had the appimage.

I deleted the appimage and got LW from the flatpak.

I got the same errors as the following before:
When issuing the terminal command "firejail librewolf", the first lines of the error:
Reading profile /etc/firejail/default.profile
Reading profile /etc/firejail/disable.common.inc
Reading profile /etc/firejail/disable.passwdmgr.inc
Reading profile /etc/firejail/disable.programs.inc
Warning: networking feature is disabled in Firejail configuration file

----
I did ask this earlier about Brave. Brave is not in the repositories.

So how did you get it to Mint?

You must have gone to https://brave.com/download/ to get it.
 
Last edited:
So now is the appimage or flatpak better?

I don't use/know enough about both to offer a qualified opinion. I would suggest looking for less-biased sources than 'flatkill.org'.
 
I was able to use Firejail Librewolf when I had the appimage.

I deleted the appimage and got LW from the flatpak.

I got the same errors as the following before:
When issuing the terminal command "firejail librewolf", the first lines of the error:
Reading profile /etc/firejail/default.profile
Reading profile /etc/firejail/disable.common.inc
Reading profile /etc/firejail/disable.passwdmgr.inc
Reading profile /etc/firejail/disable.programs.inc
Warning: networking feature is disabled in Firejail configuration file

---
There is another problem with flatpak. Flatpak can't be sandboxed with Firejail and its 'own' sandboxing seems a false security as reported in the following:


So now is the appimage or flatpak better?

----
I did ask this earlier about Brave. Brave is not in the default repositories.

So how did you get it to Mint?

You must have gone to https://brave.com/download/ to get it.
what firejail do ?
 
what firejail do ?


I installed Firejail from the Linux repository and used default settings OOTB.

I don't quite understand Firejail enough to instruct on how to use it or set it up properly.
 
Firejail runs things in its own container, with limited permissions to interact with the rest of the system.

It comes with some profiles already, such as for Firefox. You can also create your own profiles and/or use the default configuration.

It's a pretty handy application and a future article on my L-T site. It's a nice tool to have in your Linux toolbox.
 
@Condobloke @Leonardo_B

So how did you get Brave?

You said you are using Brave, and it is not in the repositories.



 
It comes with some profiles already, such as for Firefox. You can also create your own profiles and/or use the default configuration.
 
@Condobloke @Leonardo_B

So how did you get Brave?

You said you are using Brave, and it is not in the repositories.

one thing to note is that brave is based on Chromium so all extensions are throw the google extension store.



Release Channel

Code:
sudo apt install apt-transport-https curl

sudo curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg

echo "deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg arch=amd64] https://brave-browser-apt-release.s3.brave.com/ stable main"|sudo tee /etc/apt/sources.list.d/brave-browser-release.list

sudo apt update

sudo apt install brave-browser

Nightly Channel
Code:
sudo apt install apt-transport-https curl

sudo curl -fsSLo /usr/share/keyrings/brave-browser-nightly-archive-keyring.gpg https://brave-browser-apt-nightly.s3.brave.com/brave-browser-nightly-archive-keyring.gpg

echo "deb [signed-by=/usr/share/keyrings/brave-browser-nightly-archive-keyring.gpg arch=amd64] https://brave-browser-apt-nightly.s3.brave.com/ stable main"|sudo tee /etc/apt/sources.list.d/brave-browser-nightly.list

sudo apt update

sudo apt install brave-browser-nightly
 
Last edited:

Members online


Latest posts

Top