Browsers: LibreWolf Project Sanitizing FireFox, Seeks Devs

grarpamp grarpamp at gmail.com
Sun Feb 26 10:10:50 PST 2023 

https://librewolf.net/
https://gitlab.com/librewolf-community
https://www.reddit.com/r/LibreWolf/
https://lemmy.ml/c/librewolf
https://gitter.im/librewolf-community
https://matrix.to/#/#librewolf:matrix.org

What is LibreWolf?
This project is a custom and independent version of Firefox, with the
primary goals of privacy, security and user freedom.
LibreWolf is designed to increase protection against tracking and
fingerprinting techniques, while also including a few security
improvements. This is achieved through our privacy and security
oriented settings and patches. LibreWolf also aims to remove all the
telemetry, data collection and annoyances, as well as disabling
anti-freedom features like DRM.

https://support.mozilla.org/en-US/products/firefox/protect-your-privacy
https://wiki.mozilla.org/Security/Fingerprinting

https://arkenfox.github.io/TZP/index.html
https://privacytests.org/
https://browserleaks.com/
https://www.deviceinfo.me/
https://www.ssllabs.com/ssltest/viewMyClient.html

https://chromium.github.io/octane/

LibreWolf includes...

Privacy

    Delete cookies and website data on close.
    Include only privacy respecting search engines like DuckDuckGo and Searx.
    Include uBlockOrigin with custom default filter lists, and
Tracking Protection in strict mode, to block trackers and ads.
    Strip tracking elements from URLs, both natively and through uBO.
    Enable dFPI, also known as Total Cookie Protection.
    Enable RFP which is part of the Tor Uplift project. RFP is
considered the best in class anti-fingerprinting solution, and its
goal is to make users look the same and cover as many metrics as
possible, in an effort to block fingerprinting techniques.
    Always display user language as en-US to websites, in order to
protect the language used in the browser and in the OS.
    Disable WebGL, as it is a strong fingerprinting vector.
    Prevent access to the location services of the OS, and use
Mozilla's location API instead of Google's API.
    Limit ICE candidates generation to a single interface when sharing
video or audio during a videoconference.
    Force DNS and WebRTC inside the proxy, when one is being used.
    Trim cross-origin referrers, so that they don't include the full URI.
    Disable search and form history.
    Disable form autofill.
    Disable link prefetching and speculative connections.
    Disable disk cache and clear temporary files on close.
    Use CRL as the default certificate revocation mechanism, as it is
faster and privacy oriented. For security and usability reasons, the
browser might fall back to OCSP in some instances: when that happens,
OCSP will be stapled to preserve privacy.

Security

    Stay up to date with upstream Firefox releases, in order to timely
apply security patches.
    Enable HTTPS-only mode.
    Enable stricter negotiation rules for TLS/SSL.
    Always force user interaction when deciding the download location of a file.
    Disable scripting in the built in pdf reader.
    Protect against IDN homograph attack.
    Implement optional extension firewall, which can be enabled manually.
    Revert user-triggered TLS downgrades at the end of each session.
    Set OCSP to hard-fail in case a certain CA cannot be reached.

Annoyances

    Prevent window resizing from scripts.
    Disable autoplay of media.
    Disable search suggestions and ads in the urlbar.
    Remove all the distracting and sponsored content from the home page.
    Remove the Pocket extension at compile time.
    Remove Mozilla VPN ads.
    Disable Firefox Sync, unless explicitly enabled by the user.
    Disable extension recommendations.

Others

    Completely open source and community driven.
    Easy and Docker-based build process, so that everyone can build
from source in few steps and without local dependencies.
    LibreWolf specific UI that exposes the most important privacy and
security settings, to allow you to easily control them.
    Completely disable telemetry, including crash report, normandy,
studies and personalized recommendations.
    No data collection of any kind. In fact, as stated in our privacy
policy, we wouldn't even have the infrastructure to do that, making it
impossible from a technical standpoint.
    Disable Google Safe Browsing, over censorship concerns, and in an
effort to prevent Google from controlling another aspect of the
internet. This would also make a developer key a requirement to build
from source, which is something we are not comfortable with.
    Disable DRM, as it is a limitation to user freedom.
    Avoid making unnecessary changes that increase the fingerprint
without giving any privacy gain.
    Only allow outgoing connections that are not privacy invading.
    Disable built-in password manager and suggest more robust options.

More information about the cypherpunks mailing list