• 24 Posts
  • 86 Comments
Joined 1Y ago
cake
Cake day: Oct 26, 2021

help-circle
rss

your browser finger print will change

it鈥檚 about the traffic fingerprint more than anything IMO; for example, to an external observer it would be very obvious that some domains are not being loaded.

it鈥檚 worth noting that all Tails users look (looked? IDK if they still ship uBO with TB) the same as they all had uBO included, so Tails had their own user bucket.




Dark Reader can be detected, if not from the injection at very least from the fetching behavior. the creator of the extension states this very clearly on Github:

as you already said, extension that alter the traffic fingerprint (eg. ad-blocker or things like LocalCDN) are rather easy to identify. however I wouldn鈥檛 go as far as saying that鈥檚 an actual issue with the ad-blockers themselves: they do their job, they are just not adequate when you try to fit into a crowd hence when using tor browser; I guess the same can be said about Dark Reader: the extension is doing it鈥檚 job, there鈥檚 just no way for it to hide.

tldr: extensions can be detected and there鈥檚 no way around it. while it doesn鈥檛 make them bad in general, maybe don鈥檛 use them with TB.


librewolf v107 rollout
hello folks, v107.0 is rolling out on all platforms, if it already hasn't :-) main changes: - rebased to latests firefox; - updated patches. very minimal but enjoy!

you can leave containers enabled and it鈥檚 fine if Canvas Blockers needs them, they will not touch FPI, dFPI etc. as for using Canvas Blocker just for webgl, it鈥檚 a possibility but I don鈥檛 have a very firm preference as stated below, there are options :-)


is this possible in Firefox?


it鈥檚 a good extension, but when I tested it I never saw it kicking in in 4+ months. AFAIK it鈥檚 not possible for uBO to replace its functionality, so if it kicks in often for you I would keep it.


I also enable Sync from the UI and I use a Firefox Sync account for my bookmarks and shared tabs, it鈥檚 very convenient AND it鈥檚 end-to-end encrypted which is amazing!

my only pain is that I cannot Sync bookmarks with Firefox Focus on Android :-(


from that issue: > I'll be stopping providing new LibreWolf builds, and it's possible I'll abandon the port altogether in the near future. So, unless I'll find someone who will take care of the port, it would be better to remove the instructions. more details inside, and many thanks to the person who provided the port during these months!


it鈥檚 fine! but we want to patch out some UI elements that don鈥檛 make sense for LibreWolf, and we want others to show up only when Sync is enabled, since that鈥檚 not default for us. so basically UI/UX stuff :-)


librewolf v106 rollout
hello! v106.0.1 is rolling out on all platforms. some might have already got a v106.0 update, others will be upgraded directly to the newer version as the releases were condensed into one, since they occurred within 48 hrs from each other upstream. main changes: - rebased to latests firefox; - updated settings: there have been many minor changes in the past few releses, I suggest looking at the [changelog](https://gitlab.com/librewolf-community/settings/-/blob/master/docs/Changelog.md) of the past few versions; - hide firefox view for now, we will eventually patch it and re-introduce it in a revisited form later on! enjoy and be safe :-)

that鈥檚 odd it鈥檚 not like that for me in any of my installations and as I said it鈥檚 not part of the librewolf config. did you tweak the policies by chance?


FYI: if you prefer to use a different instance, [mickie](https://jeremmy.ml/u/mickie) created a librewolf community of at https://jeremmy.ml. I will try my best to keep an eye on stuff posted over there too :-)

Random things being untoggleably disabled

can you name a few? the browser changed a TON in the past year or so.


it鈥檚 not even in librewolf.cfg so I have no idea why it鈥檚 disabled for you. are you using a 2yo version or sum?


yup leave canvas as is: if you have RFP enabled CanvasBlocker canvas protection only kicks in when you allow canvas access via the urlbar!



librewolf v104 rollout
a bit late to the party, but v104 has been released in the past few days, depending on your platform. the changelog is very small this time, I blame august: - all changes from firefox v104; - updated some patches that broke; - updated settings to v6.9, which is mostly a cleanup. look I said it wasn't that much..but enjoy it :-)

that was meant to be an easter egg for v100, but we liked it so much that we decided to keep it :-)


sorry for being super late.

I think you have many options, you could :

  • enable webgl, keep RFP and install canvas blocker and activate exclusively webgl protections.
  • enable webgl, keep RFP and be happy with it: you would likely still defeat a good amount of naive scripts.
  • enable webgl, disable RFP and install canvas blocker and activate canvas, audio and webgl protections, to keep a decent level of fingerprinting protection.
  • create a separate profile where RFP is disabled and webgl is enabled, and use it for cases where you want max usability and performance, but you are ok with being fingerprinted (eg. you login and pay with a credit card, so fingerprinting is not a concern as the website knows who you are).

librewolf v103 rollout
I forgot the changelog for v102 but here's the one for v103 instead. * all upstream fixes from FF103 * updated, fixed and deprecated patches. * in particular you might have noticed an issue with uBO disappearing, it's now fixed. * add release for OpenSuse Tumbleweed. * updated build documentation. * updated base macOS SDK to 11+. * updated settings to v6.7. * as the upstream cookie pref migration is finished you should no longer experience lost cookies. * IPv6 is no longer disabled by default. * updated some description in the UI. * fix printing in flatpak. an even more detailed issue and merge request overview is available in the [meta for v103](https://gitlab.com/groups/librewolf-community/-/epics/3). if you want to contribute check our gitlab, follow the labels and the epic for the next release. if you want to report something please use gitlab, follow the guidelines and check known issues.

yup TCP is now default for all FF (and LW) modes now, which is great!

we are going to stick with strict tho, it has other good things going for it and little to no downsides.


these use cases are acknowledged in the article, the argument the author makes is about other use cases which are arguably more common than yours.


I still think enumerating badness (eg. blocking trackers) is not a final solution. it鈥檚 nice to have, but it should be only an initial level of protection.

also, strict mode blocks known fping scripts so arguably you don鈥檛 need extensions for that, a nice plus :-)


The article actually does a pretty good job of laying out the pros and cons of each

indeed, I hope people actually take the time to read stuff.


a reminder from our FAQ, for anyone doing it wrong.

interesting read from arkenfox's wiki.



librewolf v101 rollout
we back again with a new release, out on some platforms, building on others. main changes: - all upstream fixes from firefox v101.0. - settings v6.5, mostly a minor cleanup. - multi-language support in the UI for all versions of the browser, all fully rebranded. - windows releases and source tarballs are now signed. enjoy, and as always feedback is appreciated :-)

librewolf v100 rollout
hello, the new release is out on all platforms. main changes: - all upstream fixes from firefox v100.0, happy birthday! - easter egg to celebrate v100 :-) - settings v6.4, meaning: - improved robustness of certificate revocation false positives, in case of corner cases. - UI for cookie clearing is now more consistent. - updated uBO. - patched new theme UI if RFP is enabled. - rebased some patches. - remapped some more links in the UI. ~~we also have a known issue that causes the main page to display as empty. we worked on a fix and it will be included in the next release.~~ the content of our website has also been updated, including [the faq](https://librewolf.net/docs/faq/) and the [addons](https://librewolf.net/docs/addons/) sections. peace 馃悹

About to use Tor. Any security tips?
a great post that was published a few years ago on Matt Traudt's blog with some tips for people using Tor and the Tor Browser. it also addresses common misconceptions like disabling JS and using fingerprinting tests, which unfortunately I see floating around every other day on the internet.

librewolf v99 rollout
hello, the new release should be out on all platforms. sorry for the delay we had some slowdowns with the settings and then a good portion of our patches needed a rebase. we should have done stuff earlier but personal life got in the way, but well here we are in the end :-) main changes: - based on firefox 99. - settings v6.1, which means: - removed some settings that became deprecated in v99. - general cleanup to remove some redundant prefs. - updated librewolf specific UI: - we had to fully rebase it. - new option to enable firefox sync. requires a restart atm. - new option to harden cross origin referrers even further. I noticed it looks slightly broken, it might need a fix during the next few days. - updated uBO. - remapped a bunch of UI links. - fixed more patches. - increased security of the build process by checking mozilla's signature on the source code. again sorry it took 4-5 days rather than the usual 1 to 3 days. enjoy!

a portion of the [arkenfox wiki](https://github.com/arkenfox/user.js/wiki) where a bunch of popular, yet unnecessary, extensions are discussed. make good use of it :-)

librewolf v98 rollout
hello :-) as usual the new librewolf release is on its way or already out, depending on your platform. main changes: - based on firefox 98. - settings [v6.0](https://gitlab.com/librewolf-community/settings/-/blob/master/docs/Changelog.md#anchor-60), which means: - OCSP is now enabled for cases in which CRL cannot check a certificate and we need a fallback. OCSP will be stapled and in hard-fail mode, so that privacy and security are as good as they can be. - as a nice side effect this fixed OCSP's UI. - force custom mode for history. - always on private browsing and other modes are also hidden in the UI as they provide no benefit. - tracking protection UI is now also hidden as we decided to got for strict mode and nothing else. we noticed most users were flipping it as they wrongly assumed it caused breakage so we figured it was best to hide it to avoid confusion. a nice disclaimer was added instead. - update uBO and its assets. - windows portable can now be run everywhere and the folder where it resides can also be moved around. the MR that updates the documentation is also done and waiting to be merged soon. I hope y'all stay safe during these difficult times in europe, enjoy the release.

librewolf v97 rollout
hello everyone, new librewolf release on the way or already out, depending on your platform. main changes: * based on firefox 97. * thanks to [bsys5](https://gitlab.com/librewolf-community/browser/bsys5) it is now possible to build librewolf inside a docker container on all platforms and for all platforms. two of our core members have done a terrific job with this. * the source repo has received some more love as we added and documented more stuff. building should be easier than ever. * settings [v5.5](https://gitlab.com/librewolf-community/settings/-/blob/master/docs/Changelog.md#anchor-55) which means: * history is no longer disabled but just cleared on close. * stripping of tracking elements from urls, both natively and by fetching and enabling [an extra list in uBO](https://github.com/DandelionSprout/adfilt/discussions/163) when a new profile is created. * some of you might have noticed how this was introduced a release ago. * the uBO lists will not be changed for new profiles to avoid changing users settings. * TLS downgrades are now session-only. * for user convenience it is now possible to enable firefox sync in librewolf with one click. * the settings list has been reordered and some more documentation has been added. * the about menu and the librewolf specific UI have received some minor cosmetic changes. next step is probably updating the website to reflect the changes in this release. as usual feedback is appreciated but do not get issue happy as we just closed 150+ old ones where users didn't provide details for, or where they simply didn't read the faq. joking, but not completely. enjoy!

librewolf v96 rollout
hi everyone! the new release is either out or on the way, and this is a pretty big one for us. main changes: - based on firefox v96. - built with a new semi-unified build process: - librewolf now has its own [source repo](https://gitlab.com/librewolf-community/browser/), meaning that building from source is now overall easier. - unified patches and build options across releases. - all releases now include a librewolf-specific section of the settings, where you can control different aspects of the browser. this UI has updated and improved from its old version, which was present only on windows releases. - settings [v5.1](https://gitlab.com/librewolf-community/settings/-/blob/master/docs/Changelog.md), which mainly means: - extensions auto-updates. - push notifications are back, as we now isolate service workers instead of disabling them. - some behavioral preferences were reverted to their original firefox value. - the selection of search engines has changed a bit. **important fixes**: - when RFP is disabled the user agent does no longer present the browser as LibreWolf, but instead it shows as Firefox. this solves a number of compatibility issues, in particular on streaming services and on mozilla extension store. if you were spoofing your user agent to access these websites you should stop doing it. - users are no longer forced to use `en-US` as the language for the UI of the browser, as finally librewolf allows to use different language packs, while still spoofing everything to `en-US` for websites. you can control this aspect like you would in firefox, with no overrides involved. good update y'all!

what do you use as a search engine?
I'm currently working on re-evaluating our search engine selection (reading privacy policies and all that good stuff), to see what to keep, remove, maybe add. I figured I might use some input from lemmy. - what do you use out of the ones we include? is anyone actually using search engines like qwant and metager? - do you add any search engine to librewolf? if you're curious bout my notes on this -> https://gitlab.com/librewolf-community/settings/-/issues/111

Moderates