Librewolf is not primarily intended as the definite browser but a sane base template for easily customizable and extendable firefox builds.
The librewolf AUR package is a great starting point to make custom builds of firefox; between two json files in the settings repo you can tweak basically any relevant setting, bundle extensions (e.g. use custom forked ones without needing to either sign through Mozilla or disable security), search engines, use your own fxa/syncserver, handlers, branding, etc.
All in a git repo and you won't have to redo things next time you reinstall the browser or get a new machine (anyone else ever scratched their heads trying to recall that one about:config setting?)
Building and tweaking vanilla firefox yourself is quite an exercise. Librewolf makes it a breeze. The sane privacy-by-default standards is just the cherry on the top.
That's great. Lots of people have similar complaints about Firefox that could be fixed with a set of small patches, but every time I think of starting one, the build system brings me up short. Maybe this can be the start of an ecosystem of unofficial patches to address issues without having to completely jump ship to another browser.
For the syncserver itself, where all the data is synced and stored, you just need tokenserver+syncstorage, plus a database backend of choice. Easy-peasy, you can set it up trivially in minutes if you're used to spin up docker containers and have a database server. Loads of people do this.
However, you still need a way to authenticate. Most people just piggyback on Mozilla's servers for this. This means some metadata (not the synced data itself, mind you, but still) will be shared with Mozilla and a surprising number of third-parties.
To get the last meter and be fully self-reliant you need to go down quite the rabbit hole and set up the fxa stack. It involves several interconnected microservices and a handful of separate mysql databases. I managed to but it took a couple of days to dig through the sources and figure out exactly what is necessary and disable all the third-party integrations. The pieces are all there and it's all done in the open but it's clearly built with the mindset of a cloud-based startup.
Once up and running it has been hands off, not much maintenance at all. Happy I did it but unless you like doing this kind of stuff as a challenge, I'd probably recommend using some alternative extension, until it becomes more approachable.
If you take it on, there are helpful people in the #fxa:mozilla.org Matrix room. More activity there, and self-hosting related discussion/issues/PRs in the fxa github repo, might push them to put in more effort to make it easier to self-host the stack and bring/keep docs up to date.
Hoping to do a proper write-up soon to make it more approachable for others, once things cool down a bit at work.
It really shouldn't be this hard though.. The way Mozilla has been embracing ads (eg pocket recommended sites) a voice in my head thinks this is intentional. On the other hand though it's been like this basically forever. It sounds more like a lack of interest in tackling this.
It does seem they severely underestimate the interest in self-hosting. Lack of interest at Mozilla due to perceived lack of interest in the community. If more people engage and raise these issues on GH and Matrix, I think things can start to change.
#fxa is almost a ghost town as of now. The few GH issues relating to this are not getting any interactions.
We can't expect them to prioritize something nobody's asking for or using. I think there're more of us than they realize.
I don't think it is intentional, it just seems to me like standard enterprise software where the devs simply did not think about self hosting or keeping things simple.
My opinion is "yes" - the source is available and runs as a docker container, the client setup is pretty trivial (on Android you'll need Fennec or another alternate build of Firefox to get at the settings). I'm aware of one user group running a shared instance and it seems to work as advertised.
I didn't know it was possible to self-host the server, and I always felt somewhat uneasy with syncing this info on someone else's computer.
So I click your link, but the repo says
> Note that this repository is no longer being maintained. Use this at your own risk, and with the understanding that it is not being maintained, work is being done on its replacement, and that no support or assistance will be offered.
Unlike most browser's sync systems, Firefox's is actually end to end encrypted.
Though when I log in on a mobile device I don't even have to enter the password so I kinda doubt it passes the mud puddle test.
But at least the info is not just stored in the clear ready for datamining like Chrome or Edge do. Though Chrome has very recently added e2e for its passwords but not for the bookmarks.
I didn't look into it personally but a few years ago I tasked an employee with setting up local instance of this for a very privacy conscious small business and after a few days of looking at it he said that it would be too much work to get the released material into a state that end users could make use of.
I was one of the two guys who came up with the original concept for Librefox.
I was responsible for including uBO as default, among other things.
Great to see that the project was brought back to life as LibreWolf - Mozilla lawyers had threatened us with legal action because the name was too close to their brand. They expected us to drop the "Fox" part of the name.
Everytime I see LibreWolf on HN I feel proud that the spirit of Librefox is still alive.
The biggest issue with LibreWolf and what's stopping it's further adoption is lack of auto-updates (especially on Windows) and lack of usability - it should work out of the box for everyone. Currently the security settings are too strict in default mode. There should be different levels of pre-configured security levels users can chose in the settings (i.e. "standard", "strict", "very strict").
(I don't use HN for commenting, which is why I created a throwaway account)
But auto-update would require not only telemetry but remote system administration capabilities too. You'd have to monitor people's browsers to make sure a change you made isn't causing everyone's browser to break. In the event that it does, you'd be able to halt the incremental rollout before it impacts too many people.
> You'd have to monitor people's browsers to make sure a change you made isn't causing everyone's browser to break. In the event that it does, you'd be able to halt the incremental rollout before it impacts too many people.
Just let people install the update when they want (so they can make their own decisions on the risks) and provide ways to get feeback to you if there are problems. No need for telemetry at all or even an explicit incremental rollout when you don't force users to update.
I agree, however there's more wisdom to that strategy if you're working with a novel technology stack like the SerenityOS browser. Chrome and Firefox are lucrative enough as targets that weaknesses are exploited in the wild rapidly enough that people are willing to make that bargain with internet leviathan on auto-updates. Something like LibreWolf has that same target painted on its back, but it's not the devil you know. On the other hand, SerenityOS is kind of like how back in 2003 when all the bad guys started targeting Windows users en masse, everyone switched to Linux, and then the whole virus issue went away. Not because the scrappy Linux developers were wiser and had better security practices than Windows, but rather it was just simple economics.
Brave has some good ideas that could be adopted. Instead of completely forgoing features like DRM video, make them opt-in instead. The user can choose their level of privacy.
UTC, GMT or the +0 timezone is pretty standard when using a browser that does not leak data like a sieve. So I don't think it will stick out that much. If they picked another value though it might be problematic.
Unfortunately, trying to hide the fact that you are using a particular privacy-conscious browser is generally impossible. The best you can do is hide amongs all the other users of that browser.
Been using LibreWolf for a week or so since someone mentioned it in a comment elsewhere - UX-wise, it's pretty much identical to Firefox. I'm happy it doesn't have Pocket and the rest of Mozilla's recent product launches arguing for space in my life. My Firefox setup was already pretty solidly "paranoid/misanthropic", so I haven't really noticed any new issues from Libre, but you may.
Overall, it's a pretty good implementation of "Firefox By Mozilla-the-Foundation not Mozilla-the-Corporation." I've been using Firefox at least in part because I think a mono- or even duo-polistic internet is a Bad thing, but Mozilla's been indifferent-bordering-on-hostile to me as a user class, so I appreciate LibreWolf as a kind of "Chromium for Firefox."
I am confused by this. When Pocket first appeared, I simply set my new tab to blank and haven't thought about it since unless I read the extreme vitriol. Is there something I am missing?
… Yes, in the sense that it's not open source and therefore you can't make a pull request on it.
Seriously, the server part of Pocket is closed-source, and that's why I'm suspicious of it. I don't trust that it's operating in my interests.
Teach a man to fish and he'll thank you. Hang around all the time offering him some fish you caught that's totally free to you but don't worry it's really good fish and you'll love it why don't you try it, and he'll start to think you're a bit fishy.
And I don't understand why Mozilla would buy a closed-source service in order to compete with the open-source Wallabag.
It's emblematic of Mozilla turning into “just another digital lifestyle brand” and losing the ideology that made Mozilla what it was, radically user-empowering. It's pathetic, in the classical sense that I pity Mozilla for how faint a shadow of its former self it's become.
> It's emblematic of Mozilla turning into “just another digital lifestyle brand” and losing the ideology that made Mozilla what it was, radically user-empowering. It's pathetic, in the classical sense that I pity Mozilla for how faint a shadow of its former self it's become.
I've been looking to put words to what's going wrong at Mozilla recently but you captured this perfectly.
When Pocket was acquired, it was with the intention of open-sourcing the entire stack, including the backend. As you can imagine, transforming an in-house bootstrapped startup software not originally made with anything but a single closed deployment in mind is not trivial.
The intention is still there and they have continuously made more and more parts of the backend public, as can be seen on their GH profile.
There's little in terms of docs but step by step they seem to be getting there.
It's reappeared a few times for me in mobile probably due to some changes done with new defaults. Of course the mobile browser already blocks access to about:config also so it's very hard to harden it against tracking.
I have my FF homepage set to the newtab page. And as much as I hate the idea of pocket integration, I find myself reading at least 1-2 articles from their recommendations every week.
I also end up reading pocket even though I hate it. I'm pretty sure the articles come from places like hackernews, reddit, and digg since I noticed overlap. Its basically an "aggregate aggregator". Android's Newsfeed that comes up my pixel phone is even more annoying because it seems to track everything I read using the same latest techniques they use for ads. If anyone on my intranet or a private intranet I have connected to likes to read something, they'll recommend that category of news to me. I hate it but I end up reading some of the news anyways since it does interest me...
I always assumed that the recommendations are based on what people save to pocket or even save to pocket, and so the bias towards HN/reddit I figured was due to an overrepresentation of Firefox/pocket users on those sites compared and/or the bias of what pocket users choose to save vs simply a sampling of what gets published.
I don't actually use pocket. I even removed the icon from the toolbar. I just some times click articles on the newtab page. Here is some info on how FF handles those recommendations.
The mobile version has much more of a problem with taking no for an answer :)
It's not quite as bad as Microsoft "We really think you should try to use edge so we'll set it as default for you with every major update! And bug you with popups everywhere we can!" But not as clear as the desktop version either.
In fact the mobile one has so many settings and add-ons blocked that sometimes it feels as if it's made by a different company. It completely lacks the things that make Firefox great :(
I still use it because of sync and uBlock origin which at least works now.. But it's pretty mediocre imo. And most of this is intentional design.
every time i install a new operating system on a pc/laptop i just copy over my .mozilla directory. I've disabled pocket literally once on one computer and never thought about it again
Contrary to what LibreWolf claims you do have to sacrifice usability though, including WebGL, DRM, Firefox Sync, autofill, history, and the occasional breakage. With arkenfox there is also letterboxing, and even more breakage. If you set uBlock Origin to the recommended medium mode you usually still have to whitelist third-party scripts to make websites work.
These considerations rely __HEAVILY__ on your browsing habits.
I've been using librewolf for quite a bit and only two sites required webgl (to use them I simply had to toggle webgl.disabled in about:config which I find acceptable since I've never had the need to use them after that occasion).
I do not visit sites that use DRM (I used to use Netflix but their service sucks so much I'd rather pirate stuff)
There are extensions to sync browser data with e2e encryption.
I find password managers are more usable than the builtin manager of the browser.
History has always been an annoyance more than a feature and I'd disable it either way
This is just my opinion, try it yourself for a couple of months and see by yourself if it's something you'd consider daily driving.
I actually use arkenfox and uBlock Origin at medium mode. I meant that normal people would find this setup inconvenient. In any case there are tradeoffs involved, and the benefits are not always obvious. It depends on your threat model. I would argue that most people don't benefit from a setup like this.
Replacing a core functionality with an extension is not obviously beneficial either when it comes to privacy or security.
I went from LibreWolf to arkenfox a few months back. I like the idea of having a vanilla FF installed and applying the arkenfox rules to a profile, with a few personal tweaks. The LibreWolf flatpak had a few quirks that Firefox did not have.
I now prefer a browser without any history and cache and make heavily use of the bookmarks and adding exceptions for specific sites that should keep cockies between sessions. I can use the address bar to quickly find a site that i have bookmarked without having the results cluttered by search suggestions and years of history.
It seems to generate an effectively unbounded number of copies of my address, some correct and some wrong. The UI to manage it is hidden and very minimal. The obvious options like telling the autofill my address once, correctly, and with no further automatic guesses are absent.
My general assumption is that, if I let Firefox autofill my address, it will insert portions of my address into various fields at random, biased somewhat but not very strongly toward getting them in the right place.
The autofill feature that tries to autofill things like shipping addresses. As far as I know, it’s entirely unrelated to the username/password autofill feature.
Thanks for this comment. I guess I’ll continue paying the disable Pocket, download installer ID, and other cruft of bad policy costs to continue using FF because Sync is too useful for Bookmarks and plugin auto install to discard.
While all the patches are an improvement, I'm still on the fence about using it instead of vanilla FF. A browser is too security critical to trust in a handful of random people.
I wonder how tedious would it be to set up a buildserver and audit all the patches and their updates with each release.
The Tor browser sacrifices usability for fingerprint resistance and ironically becomes the most unique browser when used on the clearnet.
The only way to achieve meaningful fingerprint resistance is either blending in (practically impossible because all browser users are too unique) or enforcing a good baseline which is also impossible because the current market leader, who is in dire need of an antitrust action, is interested in keeping up the status quo.
Fingerprint resistance isn’t the only thing it has going for it though. And face it every device has a more or less unique fingerprint, many methods available these days. Much more important is security.
I'd be happy if something with the priorities Librewolf advertises here becomes to Firefox as Libreoffice is to Openoffice. Firefox needs forking, and I think that people are shopping for a project manager who they trust more than Mozilla's CEO.
I haven't seen one in other Firefox forks and I hope this one does better. Please don't get into online flamewars with people or other projects (including Firefox), try to contribute upstream, accumulate good developers. You can change your priorities, but never change your values. They're foundational, so when they shift, it ripples throughout the product, making the entire thing erratic and undependable. People have enough in their lives to worry about.
I'm not against forks of Firefox but because the browser is one of the most important pieces of software in terms of security, I am unwilling to just jump onto a someone's fork without knowing and trusting their foundation/group...that takes time.
From glancing at the "main features", it looks like this is just Firefox with some preference tweaks and uBO preinstalled. I'm not seeing anything I can't already do in vanilla Firefox either by changing preferences or about:config.
Is there anything in the browser code this fork actually changes?
Correct, but it also removes all the services Firefox comes bundled with (Pocket, Sync Sign-in, ...). Therefore less visual clutter and no more connections to Mozilla servers.
I guess that's about it and I would not want it do anything more than that.
But it was listed as if it was some kind of bloat. Maybe if you only have one computing device, but I find that hard to believe. Why wouldn't you want to sync your bookmarks, extensions and settings between your devices?
What are you putting your trust into? A set of links and list of extensions. If you use the browser to visit these links and use the extensions then they already have all that info about you.
As for mixing work and personal. You can setup multiple accounts and switch between them. And I don't see what the amount of bookmarks has to do with anything, it just brings up relative things faster if you have them bookmarked.
Feels almost like you are just trying to come up with reasons to dismiss useful feature.
No, they don't have info about me, at least that part. That's the point.
I don't need to switch between accounts, but screens, my client work is on a separate laptop.
Try navigating even hundreds of objects on a mobile device, it's not practical. Most of the stuff is not needed there either, for example (at random) I never use stack-exchange from a mobile device.
From a user standpoint, information should be given out on a need-to-know basis. We're in a post-storage-scarcity world, after 2005 or so. Data is collected for everything and no longer deleted if it has any value.
The fact that organizations are starving for data means they will correlate and profile on anything they are allowed to gather. Once gathered, never deleted, bought and sold. More ethical employees replaced as needed.
You're in a librewolf thread, maybe wondering why it exists? For a primer I recommend the Frontline doc, "The United States of Secrets." It is on Kanopy, maybe PBS app for free. Worth paying for. Their more recent Facebook doc was interesting as well.
In themselves, bookmarks are not important. But they'd be pretty valuable (combined with other things) to use as an input to an advertising algorithm, no?
They don't monitor your everyday traffic, so it is a huge number of additional data points for profiling. Everything in those documentaries were considered conspiracy… until they were proven correct.
To anyone that is reading, I also recommend the "Social Dilemma" on Netflix, although it comes in from a slightly different angle, encouraging addiction that feeds back into this one.
One is that Mozilla broke all the extensions on Android except a few ones so there are very few extensions that I can sync from Ubuntu to Android. And I only have a laptop plus a number of phones and tablets.
Two, I don't sync my data through somebody's else servers. I fancied to setup my sync server but that would be limited to Firefox. Instead I use KDEConnect and GSConnect to send tabs and files across devices (and Syncthing too.) I don't bookmark much. I pin a few sites to the new tab page.
This is the feature I'm desperately wanting from apps and desktop applications (like browser): let me sync between desktop and mobile by syncing small state/settings files (of the apps) via syncthing.
floccus seems like a good solution for bookmarks if you or anyone else is interested. to sync things you can use either a webdav server, nextcloud instance or even just a local syncthing folder in conjunction with small desktop utility that floccus makes.
Yep, I've been thinking to setup a nextcloud server or something like that for years but I already solved almost all my needs by using those apps and local services. The gain is very marginal.
>I don't sync my data through somebody's else servers.
That seems like schizo blanket statement. Now instead of using built in, tested solution, you spend time setting up and maintaining custom solution and for what gain?
There is little to setup. I install the KDEConnect app on my Android devices and the GSConnect Gnome extension on my laptop. Then it works by sharing to the other devices much like I'd share to WhatsApp or Telegram. There is the added benefit that my laptop's audio is silenced when I get a call on my phone and I can use any of those devices to stop and resume media on the others.
I gain that it's not Mozilla's or anybody's else business to deal with my links. Everything stays inside my devices.
Mozzilla? OK. Let's play this out. Mozzilla gets hacked and now they have all of your bookmarks. What are they gonna do with that? What is at stake? Only thing I can think about is if you have some taboo erotica bookmarked. Do you have actual examples?
Put you on a list. What if Mozilla gets hacked by Russia for instance? They could use that data to profile partisans in Ukraine. Just one teeny tiny example. You can think of many real life risks when other people have your data.
So Russia hacks Mozilla and gets list of your bookmarks... And then what? They know what sites you visit often and what can they do with that information?
I feel like you felt this was some kind of slamdunk gotcha, but I really can't see what you are trying to say. As if Ukrainian combattans have some special bookmarks that reveal some military secrects.
>You can think of many real life risks when other people have your data.
There's a lot of privacy focused forks of Firefox these days. But I'm still looking for a fork of Firefox on Android with a better UX. It's been abysmal these past few years.
Yes, I use Fennec too. It's not lack of extensions that's the problem. It's the user experience of the mobile UI of Firefox in general. It's terrible. Too many actions behind too many taps, long animation durations within the UI, can't move tabs around (except in Nightly), new tab page getting in the way of everything, no tabs on tablets, and more. Firefox 68 is still so much faster and superior in those regards, despite any issues it had.
> You can activate a developer mode and install any extensions you want to.
You mean a full feature-complete devtools like what you'd find in the desktop version of firefox?!
If so, then it's a life saver. The only other browser that I'm aware of that offers full devtools on android is kiwi, but that browser force-disables ublock origin and other extensions on some sites.
Feel kinda bad for Mozilla that their user base continues to dwindle down because of all these forks.
But they only have themselves to blame. I'm using Fennec F-droid on my phone because someone at Mozilla decided to castrate extension support in their main branch (and nightly keeps breaking every few weeks so that's not an option).
I installed fennec just now but is seems I'm still limited to a small list of Mozilla curated extensions. Did you have to enable some setting somewhere to install other extensions?
Look at the highest comment on that thread from car_analogy, he lays out a plausible scenario at what the consequences of Mozilla tracking downloads could be.
Why would you be downloading a network installer only to move it with USB to another supposedly "secure" machine just so THAT machine can then do the downloading part instead of just downloading the binary on that machine in the first place?
Secondly who is downloading Firefox binaries off of Mozzilla website for a "secure" machine? That only happens if you are running Windows and at that point your pants are already soiled.
Most plausible is that some IT department would have same installer on all the machines and then Mozzilla would know that all these machines belong to same organization, but if your IT department is running network installer for every instance for Firefox they install then please fire your IT department.
Literally all this info does is to tell Mozzilla that you installed a Firefox or if you are some kind of weirdo who moves some 10kb web installer from friend to friend to install Firefox they might know that all these people at some level know each other, but again this only applies to Windows users.
I just don't understand why HN is making this out to be some Firefox killer.
Thank you. I am done with Firefox. I switched to Chrome on Windows and Safari on IOS. There is no point of using Firefox when they do all kinds of shady and bullshit things.
Firefox's default settings are optimized for usability and not breaking websites. For privacy and security some of that must be sacrificed. The Tor Browser, LibreWolf and arkenfox user.js all make Firefox less usable, or not usable at all in some cases.
If I can't use site X using a secure browser, it's site X that's broken, not the browser. There's billions of websites, and only a few browsers. If a site doesn't want me to visit it, I'll just find another site.
Default config of Firefox include advertisement and "participate in studies". That means intense tracking. You can disable all of that garbage, but most do not even know, that it exists and is enabled by default (along with telemetry).
You have to ask yourself what is more important to you having to do couple option changes, but keeping the browser up to date and secure or having sane(r) defaults, but lacking behind in security updates.
Yes, I'm sure the author does their best, but I doubt this is their day job. Meaning if there is an update during working hours he might not get to update his fork until several hours later or if he is on vacation it might be days or weeks. What happens when he abandons the project? Usually the fork projects wind down after some time and there is no indication for the users that they are using abandonware with God knows how many missing security patches.
Of course there is ideal world where we wouldn't have to make these choices, but at least I am going to stick with Firefox until something actually bad happens.
libreWolf seems to be built regularly using the latest version of Firefox. If it ends up using the nightly build of of firefox nightly or dev edition in the future it could release security updates even faster then firefox "mainstream" itself. LibreWolf does not appear to be maintained by a single person like you implied. Its a relatively new project it can either go one of two ways: become popular and gain lots of supports + maintainers, die a slow death. After having actually used it for a few days it seems good to me. I'll continue to evaluate it as my daily browser.
I am not convinced that is better. Firstly important security fixes will be pushed as hotfixes past nightly into main instead of waiting for a regular patch cycle. Otherwise you are just announcing bugs to the world.
Secondly there is a reason why nightly channel exists. It is because it is not stable. Yeah, back in the day I ran nightly for years without seeing an issue, but also I'm not really sure if there was any benefits.
As far as I am aware the dev channel is just main Firefox with better webdev console/tools. So I don't know if that has anything going for it security wise compared to the main.
"There is also a "Studies" option which I had not seen before."
Yup. This sort of behavior, of where stuff like this just creeps in with an update, is why I would never consider donating to mozilla at its current shape.
(along with the fact, that they continue to reduce engineers, but increase the CEO salary, despite marketshare is falling)
I switched to Chrome on Windows today. Mozilla is a trainwreck. They reportedly get $350M-450$ million per year from Google. Is that not enough to make a fucking browser and stop firing engineers every year?
Mozilla does only their bullshit outreachy and woke bullshit instead of focusing on their only product that matter. I don't really care if their engineers are women, trans, non-binary, black, hispanic, indian etc. All I wanted a top notch browser that's not based on chromium, but that was too much to ask.
I miss the old Mozilla when they made the New York Times ad with their donors names on there.
Mozilla lost another user...I guess is time to increase their CEOs salary!
Wish I could use LibreWolf as a replacement as Firefox, but for now I have one main issue left, some websites don't work correctly.
For example, on this site : https://appdb.to/ if you click on any app, it'll always open the same app (I think the 'first' one) instead of the one clicked, you can try on Firefox and it'll work correctly.
I actually don't know what cause this issue right now.
Thanks to someone here, I found why some links open in a new tab instead of a popup. Just need to set browser.link.open_newwindow.restriction to 2 (like in firefox), instead of 0.
I'm sure librewolf's intentions are good, but I think the gemini crowd has it right. If you want privacy, security, and freedom on the web, you not only have to fork the browser, you also have to fork the web.
On Android, I use Fennec, an open-source Firefox variant that's basically just Firefox without the Mozilla garbage.
Does anybody know if there's a similar de-Mozilla'd Firefox for desktop? I currently use Firefox Developer Edition, but I'd love to get away from Mozilla's crappy "experiments" and constant configuration-breaking updates.
This is really nice. Its almost like you peaked at my Firefox setup and decided to package it all together (right down to recommending xBrowserSync and Bitwarden!)
I had never heard of dFPI. I've been using an extension, Temporary Containers, to basically do the same thing. I'm definitely going to check this out!
> Site Isolation builds upon a new security architecture that extends current protection mechanisms by separating (web) content and loading each site in its own operating system process.
Firefox’s site isolation uses one process per tab until you have more than four tabs open for the same site; then Firefox makes the tabs for that site share the four processes. So if you open four youtube.com tabs, you will have four youtube.com processes. If you then open two more youtube.com tabs, you will still have four youtube.com processes, but two of the processes are managing two tabs each and the other two processes are still managing one tab each. This design is to reduce memory usage. I think Chrome uses a separate process for each tab.
I've just downloaded the .dmg for MacOS and installed it, but I can't run it because I get a system message saying that the developer can't be verified. Anyone know how I can fix this?
Fork itself alone is enough since it implies they are not part of the original team. When they put "independent fork" which changes the meaning/intents, I would believe that they means they are forking Firefox and the original code will not the same or something.
This is my assumption/observation that the owner or the members of this forked project is majority ESL. I would understand why they said independent fork because it made sense to them, however it implies different than "fork" alone.
HN is not a hivemind. There could easily be two groups (or more) of people: one who shows up to Firefox threads and complains, and another who shows up to Firefox fork threads and complains. There may be some overlap between these groups, but there doesn't have to be.
In my opinion, it's pretty easy to spot this pattern, because when you've read HN long enough, you know what sorts of posts are likely to elicit reactions from a particular group. But that's not to say any given group is representative of HN as a whole, which I think is still largely dominated by lurkers.
Users that comment on a post are not a random sample of the community at large. So you can't draw conclusions about the community by looking at a biased sample of posts, because it just projects that bias into the comments. This is a truism of most online platforms, e.g. Twitter.
Maybe you are just closer to the group that gets triggered by these keywords. And that is OK. But my point is that these 'opposing' sentiments are always present in those threads. Which begs the question: where is the hivemind?
> what sorts of posts are likely to elicit reactions from a particular group
Also: given such sorts of posts, once one seeming/presumed group acquires dominance in a thread of comments, that "others" may self-select out of commenting on that particular article.
I think the question is why you apparently see rather few people show up in adjacent threads. You see this with many topics. There's the people who complain about Apple's monopoly, and there's the people who say Apple is dying because they have no marketshare, but you might reasonably expect both groups to fall under the umbrella of people interested in Apple's marketshare.
Everyone wonders why there's no widely used alternative to Chrome, then someone makes a great one (Firefox) and nobody is happy.
In reality, there are two categories of users – one group (the vast majority) is perfectly happy with the status quo regardless of privacy issues or anything else, and the other is simply looking to endlessly nitpick and complain about everything in pursuit of some hypothetical perfection that can never be reached. There's no wonder then that new products will mostly cater to the first group than the second.
This is a bad view of users and people in general. It's also a really bizarre view of the Firefox complainers, who are the ones demanding that the status quo be kept. One can end up in contradictory situations like that when you judge people based purely on how much they agree with you, or with institutions you support. People who hate the thing you hate are not "haters," and people who like the thing you hate are not "sheep." Very few people are choosing their opinions in order to annoy you, or in order to annoy Mozilla.
Supporting the management status quo is the opposite of supporting the product status quo; Firefox now is an absolutely unrecognizable product compared to Firefox 5 years ago. Not coincidentally, Chrome isn't unrecognizable, it's dependable. I wonder why it's successful? Is it because google isn't playing fairly, or because anyone who has ever been satisfied with Chrome has never been given any good reason to leave, while every change in firefox seems tuned to peel off 2% of the userbase?
If there's an effective way Google isn't playing fair, it's probably that they have some indirect but strong influence in directing Firefox development.
All this looks like to me is Google developers use Chrome (surprise!). I've seen plenty of issues exactly like this at web shops where developers primarily use Chrome.
You missed the part how it was about the conflict of interest. "We're on the same side" wasn't really true.
Especially at the higher level, Mozilla was complicit in accepting money from a competitor.
Make no mistake, that absolutely distorted how they ran the company over the next decade. That's why Firefox is so "meh" right now, why Servo got killed, why Mozilla is being seriously mismanaged.
I just can't understand why Chrome can't handle a hundred open tabs if the developers use it primarily. Firefox handles it with about the same RAM usage as six hundred open tabs.
The parent of your post is pretty accurate. I've complained about it before, but Firefox is unfairly targeted by an outsized number of complainers here on HN.
I disagree that it's unfair or outsized. You're talking about a browser that has lost 95% of its userbase and is financially dependent on its main competitor. The complainers are drawn from the tiny proportion of the people dissatisfied with Firefox development who stayed. The other 98% just fucked off somewhere else like they were told to.
Here's a quote directly from you in this very same topic:
> The comments like this from people who will complain about everything are completely valueless.
> We're lucky to have an alternative to the WebKit oligopoly. If you don't like Firefox, just stick with the other browsers and let the rest of us that are trying to prevent a monoculture continue our work.
Looks like you're doing the job just fine by yourself.
For some reason, Firefox (and its variants) seems to attract an especially tough crowd. People will let Chrome hoover up every last bit of information about you but FF will get relentlessly pilloried for every minor decision.
The problem with Mozilla is that most of us seem to be holding them to a higher standard. It's not minor details that are scrutinized but more like "HOW IN THE HELL DID THEY THINK THAT WAS A GOOD IDEA", and sadly there's been about 1-2 of those per year.
That is pretty much a problem they created themselves by claiming to be a champion of tge free Internet and then doing stuff like invetsing in an adtech company and then handing a sample of user browser history to said company. Why does a corporation owned by a foundation do stuff like that? If you have an official mission other than making money people will hold you to a higher standard than normal for profit companies.
You see the same thing with non-profits. For-profit companies can ask $50 for a product, do whatever they like with the profit, and everyone is happy. A non-profit asks for voluntary donations for a similar product and gets all of their receipts to local pizza joints examined.
Not my opinion, but from what I've seen, it's a different standard.
FF has historically been concerned with privacy and transparency. When they move contrary to that, people "hold them accountable" by issuing public critiques.
In comparison, I'm not sure that the Chromium project ever intended to have privacy as one of their forefront values.
Please stop making excuses for Mozilla - their management has made many questionable decisions including bundling unnecessary extensions like Pocket and closed source DRM plugin without user permission, aggressive telemetry tracking, downloading and running codes / features without your knowledge (it's opt-out but only if you know what to opt-out of) and now even bundling adware into the browser.
Instead of ensuring their engine is easily modular and usable they are more concerned about others making competing browsers and thus let greed drive their design decisions to make a clunky and poorly architected product that just lags in development.
Fire the greed driven management of Mozilla, and bring a team more concerned about developing a good product than letting money drive the design decisions, and Firefox will be back on track.
Honestly, do you think you'd ever be happy with anything Mozilla produces? The comments like this from people who will complain about everything are completely valueless.
We're lucky to have an alternative to the WebKit oligopoly. If you don't like Firefox, just stick with the other browsers and let the rest of us that are trying to prevent a monoculture continue our work.
I don't work for Mozilla or have ever done work on Firefox other than bugfixing, but I'll gladly run an alternative browser so the web doesn't end up stagnating like it did before.
> do you think you'd ever be happy with anything Mozilla produces?
I switched to Mozilla Gecko after Opera Presto was sold to a chinese firm and they switched engines to Chromium. After that, I have been using various Firefox forks since Firefox started bundling useless software and made really questionable decisions sacrificing user privacy for their greed. I am really glad that forks that respect the user, like LibreWolf and Tor browser, exists.
> The comments like this from people who will complain about everything are completely valueless.
I have given specifics. Your comment though is less useful.
> We're lucky to have an alternative to the WebKit oligopoly.
We are unlucky that the current management of Mozilla is slowly selling out on this, under the influence of Google and their own greed - 100's of millions of dollars and yet, making a modular browser engine is not a priority for them as that means more competition and innovation from other open and closed source developers that will threaten their cash cow.
> I have given specifics. Your comment though is less useful.
I disagree. You list a number of random topics that are exaggerated and overblown, then attack the leadership of the organization personally and ascribe motivations that you have invented. Your comments are not useful for setting future direction of a browser, and you are contributing to a browser monoculture.
When we lose the only viable competitor to WebKit because you and other commenters hold Firefox to your unreachable standards, it will be a sad day.
> Honestly, do you think you'd ever be happy with anything Mozilla produces?
I used to be happy with their output, many years ago. So yes, of course.
I haven't liked FF in a very long time. But I used to love it.
> I'll gladly run an alternative browser so the web doesn't end up stagnating like it did before.
The only thing actually stopping Google from completely owning the Web is Apple's mandating Safari's engine for all browsers on iOS. Firefox has been floundering for too long (a decade? More?) and no longer matters much, aside from providing some kind of value to Google. Microsoft's probably maneuvering to open a second front on that, despite using Google's engine now, unless they decide to team up with Google to go after Apple. FF has been an also-ran for years.
Agreed. Except to say that many recent decisions have moved Firefox closer in alignment with the monoculture. So, you have to at least consider that maybe, even if it's just a few of the people complaining have good intentions, or might even be canaries in a dark mine with potential dangers of collapse. Unfortunately, canaries can't do much to fix the problems. They can only be used as warning signs by the people who can do something to fix things.
> bundling unnecessary [...] closed source DRM plugin without user permission
Not making including a plugin required for a top 50 site would be user hostile, and I will die on this hill.
This is exactly the thing everyone else in the thread is pointing out as the issue, complaints from FOSS-or-nothing folks expecting to be catered to at the expense of the other (probably) 99% of potential users. The fact that it's even a plugin at all (that you can disable!), rather than an integrated part of the browser, is them already catering to that. Firefox already caters to this niche a ton, and nothing is good enough.
> running codes / features without your knowledge (it's opt-out but only if you know what to opt-out of) and now even bundling adware into the browser.
I'm unfamiliar with these last two things. What code do they run? And what adware?
From the top of HN literally yesterday. They can match user downloads to multiple installs across systems now. The "solution" is to select "opt out of telemetry" in the settings, which you can't get to until after you've installed the browser and it's already happened.
I think this is the reckoning of people realizing that technical solutions do not always solve social problems. Firefox itself started as a fork against Netscape’s commercialization, and now has reintroduced many of the same issues: Pocket, telemetry, DRM. Google’s original paper explicitly identified the conflict of interest in search engines funded by ads, and now it is the largest ad marketplace in existence. I think now when people see something like LibreWolf they ask “for how long?”
Pale Moon is very hostile to packagers and distros, threatening them with lawsuits within the first few messages of a conversation. I wouldn't want to give a userbase to them if they treat people like that.
The problem with Pale Moon is it's effectively a dead end from a development standpoint. Yes, it gets security fixes from upstream (for which are applicable) but it doesn't receive much in the way of meaningful web compatibility (the elephant in the room being WebComponents, which none of the team have the capability of implementing in the current codebase). It's based on Firefox 52 and refuses to re-base on later versions, partially due to lack of XUL-based extensions and partly due to the introduction of Rust (which does not exist on some platforms which Pale Moon supports - including Solaris/Illumos).
@dang pointed out when I commented similarly on another thread that early comments on threads seem to tend towards the negative, and sentiment often shifts more positive as things go on (which is exactly what happened on that other thread)
I wouldn't say that it is negativity. It's criticism that is mostly constructive, which I appreciate because nowadays it is popular to ban/cancel criticism on forums or social networks.
The project is 100% negative liberty so it doesn't surprise me that there's a negative reaction. The selling point to unbundling can't be pure fear. Consider supporting the SerenityOS browser. Andreas Kling is breaking his back creating an entirely new browser, and it actually works. It takes a true genius to do something like that.
Meh, go back to this day, 2013 [0] and you’ll see the same constructive/non-constructive criticism. It’s an exacting crowd, which is what I love personally.
Brave used Firefox's core Gecko (and forked it) several years ago, encountered problems with it and called it a day. Then they switched to Chromium and they are more alive than ever.
Had they kept using it, well that would have certainly been another dead Firefox-based browser fork.
Careful. Every time I've mentioned Brave here I've been downvoted. Getting on point: I've used Brave for awhile now and it's been fine. Major issues for me are updates are frequent enough to be annoying, and I haven't been able to access sites with self-signed certificates.
The librewolf AUR package is a great starting point to make custom builds of firefox; between two json files in the settings repo you can tweak basically any relevant setting, bundle extensions (e.g. use custom forked ones without needing to either sign through Mozilla or disable security), search engines, use your own fxa/syncserver, handlers, branding, etc.
All in a git repo and you won't have to redo things next time you reinstall the browser or get a new machine (anyone else ever scratched their heads trying to recall that one about:config setting?)
Building and tweaking vanilla firefox yourself is quite an exercise. Librewolf makes it a breeze. The sane privacy-by-default standards is just the cherry on the top.
https://gitlab.com/librewolf-community/settings