Firefox has recently crossed the line into malware territory.
I’ve been blogging a lot about how much I absolutely despise the direction they are taking the company in.
To recap a little, they’ve turned into a “woke” political party on a crusade to bring Cancel Culture to everyone who has a difference of opinion, their CEO is running them into the ground and swiping all the money while she’s at it.
They laid off most of the developers last year and blamed COVID, and now they hope to get a pile of dirty cash from a sleazy advertising partner with “sponsored suggestions”. A keylogger.
None of this is okay. This is actually worse than Chrome in some ways because it sends your private data to three companies, one of which is Google, then Mozilla, and then another advertising company (BuySellAds).
While I generally like GNOME Web and where it’s going, I’d like to keep using the parts of Firefox that actually do what I want them to, and I was even considering learning how to clean it myself. I’ve built the browser from source code before.
Most of the malicious anti-features are compile-time options.
But it appears that a project called LibreWolf beat me to this.
So, it’s not perfect, but it’s a damned sight better than Firefox 93.
First off, it’s nice and clean and empty when you open it.
Nothing shouting at you. No ads, spam, spyware, or nonsense.
As I looked through the menus, I found that it oddly refers to pieces of itself as Firefox sometimes. I’m not sure if that just happens if you build the browser without Mozilla branding, and if they need to keep patching.
In one case, they accidentally left Firefox “sponsored shortcuts” in the GUI, and you can accidentally turn it on if you try hard enough to, but it still doesn’t do anything, so it appears to be non-functional and just in need of a patch.
They also don’t have Firefox’s Tracking Protection Lists from Disconnect, but they do include ublock-origin and that does a better job anyway (as it blocks trackers and ads).
Firefox Sync is patched out, but the password manager still works. If you want to back up your profile, you can. In the Flatpak, it saves to ~/.var/app/io.gitlab.librewolf-community and by copying that io.gitlab.librewolf-community folder to backup storage (with the browser closed), you could (with the browser closed) migrate the profile to a fresh copy.
Actually, this does leave your data on your computer, which in the context of a privacy-focused browser makes a lot of sense.
The Flatpak Sandbox settings are more aggressive than Firefox’s, for security reasons.
If it’s not in your Downloads folder, LibreWolf won’t have access to it. If you need to upload things through your browser, you need to either move them to that folder first or use flatseal to override the defaults and let LibreWolf access your entire Home folder.
Unfortunately, DRM is still able to be turned on, and the browser will ask you to enable Widevine if you come across a site that wants it.
So, back to about:config if you want to disable the eme and and widevine settings to make sure it can’t ask, or make it disappear from the settings menu completely.
As of this writing, you turn browser.eme.ui.enabled to false, media.gmp-widevinecdm.enabled to false, and media.gmp-widevinecdm.visible to false.
More search options, but no Google.
It makes sense that there’s no Google, from a privacy angle. However, most users may find it odd that it’s not even an option. You could add it, or any other engine, for that matter, as an OpenSearch provider.
The default is DuckDuckGo, which is not private and which sources its results from Bing and is hosted in Microsoft Azure, and which runs a tracking script called “Improving DuckDuckGo”.
I’ve blogged extensively on the subject of DuckDuckGo, and so has Techrights. I wouldn’t trust them, and I’d be interested to know if LibreWolf has been paid a commission to steer unsuspecting users their way.
Some other choices are a searx instance, Brave Search (which isn’t very good), Qwant (which appears to be some French Bing scraper), and several others.
I ended up adding Startpage.
While I want to say I support what they’re doing…
Overall, it feels like some wonky half-broken Firefox. For example, when I went to install some Add-Ons, first it didn’t do anything when I clicked “Add to Firefox”. Then out of nowhere, it allowed me to install them after closing and restarting the browser several times.
Hopefully, with more work, LibreWolf becomes a more viable option.
I think what people really want is to disconnect their web browser from Big Tech, to the point where they can trust it again, and the only way to trust the browser (or any software, for that matter), is to be able to study the source code so we know what it actually does. If you can’t, other people can. If it’s doing something naughty, it’s exposed.
Even though what Mozilla has been adding on the client side may very well be “open source”, we don’t really know what it’s connecting to.
And while Mozilla lies and lies about “opt-in prompts” for the Firefox Suggest keylogger, I’ve installed it clean three times now and it was turned on all three times. No prompt. Many other people say the same thing.
Mozilla realizes that nobody is buying their bullshit about privacy.
So they released this Dilbert-esque monstrosity. Can you tell me what it means?
Even though it’s just babble, they had to split it into four parts.
In closing, LibreWolf isn’t there yet, but it’s pretty close.
Might as well just leave the Flatpak installed and see where this goes. Flatpak updates are deltas, which means you do not have to re-download the entire thing once you have it just to apply updated files.
License: Mozilla Public License 2.0