Librefox: Firefox with privacy enhancements
Librefox is an open source project designed to provide anyone with a copy of the Firefox browser that comes with privacy and security enhancements included.
Librefox is not a fork of Firefox but uses core Firefox and applies privacy, security and other enhancements or changes to the browser. The project uses the Ghacks user.js and other information to create a browser that offers better privacy and security out of the box.
The browser is available for Windows, Mac and Linux devices, and can be run on Windows without installation or with installation. The project team creates Firefox Stable, Extended Support Release, and Beta versions of Librefox.
Attention: Librefox will use the default Firefox profile on start unless you assign a new profile to it. You could run the browser with commands to assign a new profile to it. Check out the list of important Firefox parameters here.
The web browser looks exactly like Firefox when you start it; no surprises here as it is still Firefox by and large.
The development team removed some components from Firefox; the updater, crashreported, and integrated add-ons that "don't respect privacy" were removed from the browser. Connections that Firefox makes by default have been removed by and large as well:
The objective is zero unauthorized connection (ping/telemetry/Mozilla/Google...).
Librefox comes without add-ons; several extensions have been created for LibreFox and several more are recommended by the team for installation. The recommended add-ons have been code reviewed.
The Librefox extensions add a dark theme, HTTP Watcher, and Reload button to Firefox. Recommended third-party extensions include uBlock Origin, Cookie Master, First Party Isolation (toggle), User Agent Platform Spoofer, and Browser Plugs Privacy Firefox. Links and some configuration suggestions are listed on the project website.
There is also a Extensions Firewall but it is disabled by default as it is considered experimental at this point in time. It is designed to manage add-ons globally and allow or disallow extension connections.
Firefox users who want to know about the differences between Firefox and Librefox may want to check the files mozilla.cfg and policies.json as a start. The list is well documented but it may take a while to go through it manually.
Note that you need to edit these files directly as some settings are locked and cannot be changed from within Librefox; editing may be necessary if you run into compatibility issues on select websites.
Who is it for?
Librefox is a privacy enhanced version of Firefox that is ready for use out of the box. While privacy configuration files like the Ghacks user.js file can be applied to the browser to achieve the same, the main benefit of running Librefox is that it offers most of that right away.
That's comfortable but it takes away some control from users; if you apply preference changes manually, you know exactly what you are getting into. With Librefox, you'd have to go through the changes manually to adjust them, or go through them when you run into issues with sites.
Closing Words and verdict
Librefox is a start and run copy of Firefox with privacy improvements added to it. It would be a disservice to the project to reduce it to being Firefox with a user.js file added to it as it offers more than that.
The developers remove built-in extensions and some components, block connection attempts, and modify Firefox in several core ways to reduce outbound connections.
Librefox may be worth a try for Firefox users who don't want to go through user.js configuration files manually to find the right preferences and apply them to Firefox.
It is definitely a project to keep an eye on, especially if the developers keep up to their promises and release updated versions of Librefox whenever Mozilla pushes out updates to Firefox.
Now You: What is your take on Librefox?
Tooo many browsers. It would be more urgent to make Firefox less slow
How is choice a bad thing all of a sudden? You automatically think that people like this who change some settings and delete a few things would be able to work on ff core code and speed it up? I’m not saying they can’t, I don’t know them, but it’s fairly unlikely they’d even want to if they could.
Agree with Pierre. Taking a few things – even bad things – from an existing is not creating a choice, enhancement of something is not a *new* choice, that’s like saying if Mozilla themselves remove the bad stuff that means they are creating a new choice.
Then you and Pierre better get busy writing code. ITMT- don’t like LibreFox? Then don’t use it. But to sit here and complain about a *free* alternative (with enhancements) to a popular browser is childish.
Relax Ox, you will be at home and on your GNU/Linux that you have Gentoo operating currently. Ox you need to remember what Granny Buck told you about your fixation and passionate love for computers. She told you that this obsessive desire for sitting behind a computer screen up to 20 hours a day causing you to get hateful and verbally bitch and bark at others that irritate you. So, I want you to smile knowing that in 1 hour and 20 minutes you will be on your workstation and using Gentoo to build your very own Linux Kernal. You got liquored up and loose lipped last weekend and told me that you were going to call your kernel “Oxix.” Now, I want you to ignore the childish behavior of others so that you do not become ole grumpy Ox.
Might check this one out when I get home. Any idea if this is portable?
Yes it is portable.
thanks for the quick response.
Unfortunately, Librefox isn’t portable. True, you don’t have to install it.
You can just run it after extracting. But it leaves a lot of folders in the appdata folder.
I tried installing it, in the hope of getting to make a portable install option…but there isn’t one.
As far as I could tell, after uninstalling, it does remove the registry entries, but leaves the appdata folders…
So for the moment I will stick with the PA version of FF62. Newer versions aren’t useable for me because of the lacking discriptions option in bookmarks.
A proper portable version should be added soon, here is the issue about it https://github.com/intika/Librefox/issues/15
I think Martin is right, it’s portable. The folders left at appdata folder are non critical at all.
No, it isn’t.
Running from location does not make an app portable. Reading/writing settings and temp files anywhere inside it’s main directory does!
This customized version uses and modifies the main firefox profile inside appdata\roaming.
Nice. I’ll keep an eye on this, if it gets updated regularly in line with Firefox I’ll give it a try. The regular Firefox is unusable to me as updates can’t be disabled anymore, even when blocked in hosts file I still get pestered by a popup which keeps telling me that Firefox failed to check for updates and that I should reinstall it. I responded to that message by uninstalling Firefox and the problem went away.
Merry Christmas and happy holidays, everyone! :)
“updates canâ€™t be disabled anymore, even when blocked in hosts file I still get pestered by a popup”
Yes, and even with the portable version. “I responded to that message by” sending the Mozilla Firefox Portable’s folder to the trash “and the problem went away.”
Happy holidays too.
> The regular Firefox is unusable to me as updates canâ€™t be disabled anymore
This is not true. If you check the option to “check for updates but let you choose when to install them” then you will not get updates – updates are not downloaded, updates are not applied. They only removed the UI option to not CHECK for updates. But you can still do that with an Enterprise Policy (and you don’t need to on ESR)
Please stop spreading FUD
You will not get updates but you’ll get the annoying popup again and again asking for update!
And then get this message twenty times a day: imgur.com/YABC3un.png
Your solution is not really a solution. When you turn a light switch off, do you still get light from the light bulb within that circuit? Go ahead, try it. Let me know.
Pants’ solution works for me.
I disabled updates with policies.json (Enterprise Policy), and Firefox never checks for updates and I never get messages/errors of any kind. If you did the same and still get that message, then it must be a problem on your end (maybe a bug or something).
@Yuliya .. what you said was “updates canâ€™t be disabled anymore”, but this is factually incorrect, and that is what I am pointing out. What you meant to say is “update checks cannot be disabled anymore” and this is also factually incorrect (they can be disabled via Enterprise Policy).
But lets just say, you meant “it’s not easy to disable update checks (because I have to muck around with Enterprise Policy etc), and it gets annoying (for me) with the update reminders” – then you would be correct.
The light bulb analogy is not a good one. Because you are still confusing actual updates with update checking.
“When I turn off the update switch by choosing to only check for updates, do I still get updates downloaded off the internet circuit and is the firefox light bulb lit up by a new version” – No. I tried it. Now you know.
Yeah, you could use some insulating tape around the light bulb, and you will no longer see light in your room from that source. It would still use electricity though. You could also cut a hole in the ceiling and mount another switch there and use that one instead, assuming you know where the wiring is, it should be a fairly easy task, and this would solve the aforementioned issue. It is closer to what you have done. But there is a light switch already mounted on the wall, and it is there for a good reason. Anyone can use it, I have seen pet cats being able to switch it on or off.
Look, I’m not gonna be so polite and patient as Pants would. Lets see what this “Yuliya” said months ago:
Paul(us0 said on October 3, 2018 at 1:22 pm
Thanks, Martin, For letting me know. I personally always appreciate update explanatory articles.
Yuliya said on October 3, 2018 at 1:28 pm
Itâ€™s my only way of knowing when these updates arrive since I blocked mozillaâ€™s domains (:
So the “you could use some insulating tape around the light bulb, and you will no longer see light in…” blahblahblah, I call it total BS.
“…mozilla really was mining cryptocurrency on my machine” (wihtout any proof)?
“…their products should not be trusted” (and you always still benefit from them without any appreciation and even keep slandering them without any apology)?
Let me ask @Yuliya. Why you keep spreading your FUDs misleading other people? Why you piss off developers who are really trying their best to fight for our privacy especially for whom are non-technical? Are you one of the CHEF-KOCH the Great Trolls Group? If you are, then everyhing you did makes sense. You satisfied then?
FYI, the troll king (I don’t believe he is only one guy, their trolling is systematically targeting developers whose working is related to security and privacy, i.e. people working on ghacks.js, gorhill, M66B who developed XprivacyLUA, etc) is already eyeing this project, they would never stop because this is what they live by (for some government intelligence department or advertising giant): github.com/CHEF-KOCH/FFCK
That is no longer valid as of version 63, see this screenshot: imgur.com/YABC3un.png
Sure, it fails to fetch the update, but I used to get this popup multiple times per hour, regardless of me setting the updater to only initiate every 300 days via about:config.
>Iâ€™m not gonna be so polite and patient
At the end of the day you are just some text on my PC’s screen, so do as you please. It is valid the other way around as well.
I don’t care about your ironic *dilemma* at all which I never and will never encounter on my FF63 and above . I don’t recommend it for security reasons, but if people still find such non-invasive way of notifying an update available kind of disturbing them in some scenario, they can do as following:
Open “about:config” page;
Type “update*time” (without quotes);
Set the value of all the preference terms named “app.update.*Time” as big as they want, i.e.
app.update.badgeWaitTime to 999999999999
app.update.idletime to 999999999999
app.update.promptWaitTime to 999999999999
Until the Earth explodes, BOOOOOOM! Then everything should be in “peace”. And they need remember to install updates manually, which introduces another kind of factor being annoying, but I think one who cares about their “privacy” so much like @Yuliya would never mind it, or maybe the ESR channel suits them better.
gwacks, Yeah, it’s not working. I already had all those settings to 25920000 seconds (300 days) yet the updater was running multiple times per hour.
Earth won’t explode on its own, it’s going to be destroyed by the Sun once it dies, but I doubt you and I are going to witness this. By then maybe shady organisations who claim to care about user’s privacy, and then send extra telemetry for everyone who dares to disable the standard one, like moz://a, won’t exist anymore either. Maybe, though I doubt.
If you don’t know how to use Group policy, then don’t. Instead, create a new folder called “distribution” in your Firefox main install directory, and a add a file inside call “policies.json”. This file should contain:
You can check “about:policies” to see if it has been picked up correctly.
Done, Firefox won’t auto-update, and won’t check for updates either.
Alternatively, you can use this add-on to build the JSON, which you’ll have to move to the right directory afterwards: https://addons.mozilla.org/firefox/addon/enterprise-policy-generator/
@Yuliya Join the repository on github. Librefox is a community effort.
sounds great, would try it out if it was portable.
I downloaded the zip from github but inside there was a setup.exe
Does it run side by side with Firefox (if one wants to) without any tweaks? Or does Firefox confuses itself with Librefox, i.e., does it use different executable/process/etc.?
The project is still young, all of this should be sorted out in the next release here are the related issues https://github.com/intika/Librefox/issues/15 and https://github.com/intika/Librefox/issues/26 currently Librefox is semi portable because it uses Firefox’s current profile.
Librefox, the project, seems to me most valuable for users aiming to get the best of Firefox with its built-in switches set to enhance their privacy.
As far as I’m concerned I guess my configuration of Firefox must be close to that offered by Librefox. I use mozilla.cfg and policies.json (Autoconfig and Policy templates) and the former includes settings I previously applied to profiles independently with user.js (I’ve shifted the famous ghacks.user.js settings to Autoconfig) and as many of us I’m cautious with Firefox’s telemetry and with its extensions : example, by the way, of a developer who’s homepage site has a 9/10 Netcraft risk rate ( https://toolbar.netcraft.com/site_report?url=www.xtensionizer.com ) and nevertheless manages to offer 6 extensions on AMO ( https://addons.mozilla.org/en-US/firefox/user/14496339/ ) which surprises me…
A most merry Christmas to all. May sound common but is sincere. A moment of peace and sympathy to all.
@Tom Hawack: you stated
> ….. I guess my configuration of Firefox must be close to that offered by Librefox.
1. I am not surprised
2. You could have saved the Librefox guys a lot of time !!
4. Merry Xmas to you too.
Thank you for your feedback, you could go further and compare your setup to Librefox with https://github.com/intika/Librefox#comparing-changes-and-updates and add what you are missing in your settings ;)
“The development team removed some components from Firefox; the updater, crashreported, and integrated add-ons that “don’t respect privacy” were removed from the browser. Connections that Firefox makes by default have been removed by and large as well:”
“that “don’t respect privacy””
No need for quotation marks in my “libre” opinion..
Quote from the site.
Well… This is a nice Xmass present for me.
I definitely want to look into it.
As Im such a noob I cant use the Ghacks.js file.
I have No idea how. Im too incompetent to.LoL
but I CAN Install& run Linux…It can now be That easy!!!!
Will this install along side aregular FFox set-up….
Merry Christmas! You are really a Super Girl!
In the current state of the project this can be used along side with Firefox but not at the same time. this will change soon ;)
You can run Librefox and Firefox with -no-remote -p to run side by side, just pick different profiles.
Yes true, thanks for pointing that out
You would never be so modest to ask questions like this “supergirl” who even called herself a *noob* honestly, would you, Miss(I doubt) Yuliya? So it’s obvious I think that you are, a troll. You failed beacause you have to.
Martin, thanks very much for this article. The project is definitely something worth looking into. I’m presuming that since it’s based on the current version of Firefox, that Windows version compatibility would be the same (Windows 7 and newer.)
thx. i don’t use librefox, but i have discovered _some_ additional user.js settings and finally brought the policies.json up to use (on ff65 beta).
“Librefox is not a fork of Firefox but uses core Firefox…”
So it’s a fork of Firefox.
lol, thank you for your feedback, in the current stage of the project it is not a fork but for legal reason this has to become a fork nevertheless it will remain close to Firefox release.
I will be looking seriously at this. I’ll continue to use Quantum ESR 60 until November 2019. Then I might switch to LibreFox instead.
It’s killed temporary containers for me, says it requires container tabs which I’ve got and are on and working. Also kills facebook and google containers for the same reason.
Thanks for this. Can Librefox be installed and used alongside Mozilla’s Firefox (Linux distro)? Do the profiles not get mixed up?
“Portable” as in you extract and run firefox.exe. Close the “portable” LibreFox, open installed version of Mozilla’s Firefox… it now takes a few moments to open… R.I.P. all settings.
Never open LibreFox again. Done.
Thanks for you feedback, settings are not erased, only cookies and temporary files (including Firefox’s sessions) when you close Librefox and reopen Firefox again your settings will still be there. but this will change on next version.
I do not see any portable version on the site.
Back up your .mozilla/ folder before!
Not portable, it will destroy configuration of installed Firefox if you run Librefox portable.
It will not destroy the current profile, but indeed it will remove temporary file and logout sessions (this is a temporary situation)
Not copyright violation but trademarks and not really a violation, but it’s fixed right now but thank you for your feedback :)
The project, which AFAIK is one person, uses the information in the ghacks user.js, along with pyllyukko’s user.js (which adds a couple of other prefs). It’s all attributed.
No disrespects to the dev, but I had a quick look at this weeks ago and I have to say I am a fan at all. A lot of deprecated prefs were included (not a good sign for starters), and I do not agree with a LOT of settings, some of which make the browser less secure, and certainly makes it next to useless IMO. It’s as if the dev said “just how much stuff can I turn off” and used information gained by others over years of research and turned the browser into an empty shell – that’s how I see it. Not that I have had a really good look, and I certainly will not be trying it.
Everything this build achieves, you can do in a standard Firefox using options in the UI, and tweaking about:config. And you would have far more control as well. Tom Hawack knows – “As far as Iâ€™m concerned I guess my configuration of Firefox must be close to that offered by Librefox” – he can “tell” just by looking at it (same as me, after years of tinkering).
And its time to stop the “privacy respecting” BS. Safe Browsing does not compromise your privacy (except I’ll throw in that binary checks with google I am not sure where we exactly stand on that today, and the ghacks user.js disables it). Nor does update checking. Neither does Pocket, nor does CFR, or Onboarding, or the information from Kinto (bad extensions, graphics cards, revoked certs, etc), or even Telemetry, and I could go on. Do any of you guys and girls actually read the code and test things? And everything can be disabled if you want Firefox to be “quiet”. It is not hard to actually make Firefox make zero external connections.
@Yuliya “The regular Firefox is unusable to me as updates canâ€™t be disabled anymore” – this is not true. You can disable it with Enterprise Policy if it really annoys you. I get the same little message about an update for several days to a week before I manually update, it’s no big deal. It’s not always about “you”, as a default for 100 million users, keeping them up to date is best practice and the responsible thing to do. And they still give users (like “you”) a way to not update.
I’m not sure I’m going to trust the ghacks user.js for much longer if you’re not sure that binary checks with Google or Telemetry are bad for privacy. Even the safebrowsing remote URL checks are bad for privacy and not really needed. And yes I know what those do. As for Pocket integration, assuming it doesn’t violate privacy by itself, it’s an incitement to use a service that’s bad for privacy. And you should really reconsider if a browser matching ads based on user activity, even locally, is a privacy respecting feature. I wouldn’t. Privacy is more subtle than just not sending data away. Finally I hope we agree that even assuming ads respect privacy, they’re something unwanted in the browser.
> Iâ€™m not sure Iâ€™m going to trust the ghacks user.js for much longer if youâ€™re not sure that binary checks with Google or Telemetry are bad for privacy
That’s up to you, but have I ever blatantly outright LIED to you (or even non-blatantly)? Binary checks – I haven’t looked at the exact mechanism for a long time. It IS disabled. I just needed to qualify “my statement”, because something *may* have changed And I only mentioned it to qualify the previous bit about SB (because SB has quite a few parts). I also did not say that I was unsure if Telemetry was bad for privacy. But I will try to clarify what I meant (further below)
> Even the safebrowsing remote URL checks are … not really needed
For you maybe. But as a default, it would highly irresponsible to block them. Of say 100 million FF users, even if only 20% weren’t IT/internet savvy etc, that’s still 20 million people put at risk (oh, and even IT/internet savvy users can get redirects, phished, etc) – and that is unacceptable. In it’s default state, a product needs to work for the lowest common denominator (for lack of a better term). It also sucks that google is used, but there is no alternative for a major browser to ship with. Imagine the fallout from headlines like “STOP USING FIREFOX NOW: Nasty malware steals passwords, but only in Firefox, because they don’t provide any blocklists”.
But you know what, I added all the SB info and prefs to the user.js, just so you could disable it all (including fallbacks like URLs used) and migrate it from profile to profile, etc. Do you still not trust me?
> I hope we agree that even assuming ads respect privacy, theyâ€™re something unwanted in the browser
I am only talking about privacy, not whether a “feature” should be included or not. And let’s not forget the ghacks user.js includes everything you need to disable these things. Pocket is already disabled for example (including in Activity Stream for those who want the default home screen dials). Holy cow, telemetry is disabled as well. As for ads themselves, I loathe them. And in general, they can be a malware mechanism – everything is an attack vector. But that’s not what I’m talking about.
> As for Pocket integration, assuming it doesnâ€™t violate privacy by itself, itâ€™s an incitement to use a service thatâ€™s bad for privacy
Almost every service is bad for privacy. But you have to actively sign up for Pocket. Do I agree with having Pocket shoved down my throat and crap in a default home page – fuck no. But again, unless you sign up, it’s not violating privacy – it’s all local, no-one else knows what you are doing. If you click a pocket tile in AS (and you don’t have an account), then Pocket would probably know you clicked from a tile. But other than that, you’re visiting the web page etc, and they already know you’re on FF (headers, etc) – there’s nothing lost here either, privacy wise.
Privacy is when no-one besides you (and the service, e.g. the website/server) know WHAT what you did. It does not mean anonymity – that is when no-one knows WHO you are. If SB updates it’s local lists, like the other 100 million other FF users, and reveals zero PII, how does that break privacy? FF is now on SBv4, but earlier versions used google cookies (the new version does not). How does that cookie being in a separate jar all on it’s lonesome, with no PII, just like 100 million other FF users, violate your privacy? There’s are more parts to it, and the bits that could potentially (or did last time I looked) leak PII are disabled.
Telemetry is a bit more convoluted and has lot of separate parts, and yes that annoys me too. It’s ALL disabled in the user.js (do you still trust me?). But generally speaking it does not invade your privacy, and it’s also a pretty normal thing to include in browsers. They’re not collecting PII or siphoning off your history etc. It’s all open, you can see the code, on what it collects, and the data is put into buckets, etc. There is not meant to be any PII in there – by design.
Telemetry, it kinda sucks that it’s only auto-shows as an opt-out once on a new profile. But I fully understand why. If it was default off, then Mozilla would not have the data it needs to decide when to add, remove, change or better features etc – and not just a few UI changes, but disabling web protocols, improving graphics, speeding shit up, etc etc etc. There’s nothing wrong with telemetry when done the right way, and I believe Mozilla is doing it the right way. But I’m annoyed that the UI doesn’t fully disable all telemetry, and there is no single real master switch. And that they still keep adding things like a one off Coverage Ping. But in terms of PRIVACY, it’s not violated to the best of my knowledge – and I have looked.
However, companies can make code mistakes, companies/individuals can make bad decisions. Experiments such as Cliqz and Mr Robot. As long as they learn from them. Crash reports contain info such as the exact site visited, which is understandable – how can they reproduce without that info. I could go on. The *potential* for privacy to be violated is there, albeit fairly small. But it’s not being done deliberately
So long story short. On a privacy front, I’m satisfied. But as an individual, I like layers and absolutely certainty, so its all disabled (do you still trust me?).
/end of rambling, sorry for the length. didn’t mean to write a book.
“Thatâ€™s up to you, but have I ever blatantly outright LIED to you (or even non-blatantly)?”
Apologies if my language may have appeared too strong. I’m sure you would never lie, that you’re competent and that you only have in mind the best interests of users. There are just some points where I think I may be more sensitive than you about privacy.
“Even the safebrowsing remote URL checks are â€¦ not really needed”
“If SB updates itâ€™s local lists, like the other 100 million other FF users, and reveals zero PII, how does that break privacy?”
I meant that the very specific *remote double check* of URL, after one on the local blacklist is hit, is not needed and the worst part for privacy, not necessarily the whole URL safebrowsing stuff for all users, although I understand some people (including me) not wanting to connect to Google at all, or not wanting to trust them at all to know what to block. I know fake URL are sent together with the real one but that’s still bad as well as useless.
“How does that cookie being in a separate jar all on itâ€™s lonesome, with no PII, just like 100 million other FF users, violate your privacy?”
It allows tracking, doesn’t it ? Checking I’m the same person connecting again, why not track me across changes of IP, then relate together other activities from those different IP. Usual cookie business. I don’t care that the cookie doesn’t contain my real name, this is enough to be bad for privacy in my opinion.
Or I am wrong in thinking there were unique identifiers in those cookies ?
“But generally speaking it [Telemetry] does not invade your privacy, and itâ€™s also a pretty normal thing to include in browsers. Theyâ€™re not collecting PII or siphoning off your history etc.”
Privacy is not limited to sensitive information. This is one point where our opinions differ. And I don’t like Mozilla deciding where to place the moving line between sensitive and not sensitive activity.
“itâ€™s all local, no-one else knows what you are doing”
Local matching is a way to sell *indirectly* our sensitive data to advertisers. I do not consider this privacy respecting, our opinions differ here. Same problem for me if that was some local AI reading my emails to show me personalized ads by local matching on Thunderbird. I don’t want anyone to make money from my sensitive data, even without accessing it directly.
“Telemetry, it kinda sucks that itâ€™s only auto-shows as an opt-out once on a new profile. But I fully understand why.”
Another point where we disagree.
“Experiments such as Cliqz and Mr Robot. As long as they learn from them.”
Does it seem to you like Mozilla is becoming better with time about respecting users ? If yes, another point of disagreement.
I know a lot of the things we’re discussing here are disabled anyway in the user.js, I was only reacting to your words, what you consider privacy respecting or not.
Let me conclude that your work is of great value for users like me and I’m grateful for it, please don’t take my words too bad.
You don’t need to *trust* the ghacks user.js if you don’t want to: everything is documented and referenced for that same reason (so that you can cross-check everything). Earthling checks the source code himself and Pants even has contact via email with some Mozilla & Tor developers to clear up any doubts when needed, and all that information is public for the world to see in their GitHub repo.
Good luck finding a suitable replacement.
> Enterprise Policy
What’s that? A bit of searching shows me that it’s Windows Group policy? That’s not available for home users, and why you need to open Group Policy just to disable update? Is this IE?
Yay! Someone’s listening! I’ll try it, definitely easier than periodically changing a bazillion settings.
Merry Christmas! May 2019 be less chaotic than this year.
Hehe! thank you for your feedback it’s appreciated ;)
I’ve been daily using Tor Browser via a VPN proxy for a couple of weeks, which works almost flawlessly. I created a new profile in “Tor Browser\Browser\TorBrowser\Data\Browser\profile.nontor” by the traditional adding args “-no-remote -p” way, so I can keep running both the original Tor Browser through Tor by default and a non-Tor clearnet instance (equipped with uBlock+uMatrix, etc.) simultaneously. Since the TBB is already portable, I can keep it in my PortbleApps UFDs. Interested users can follow this instruction:
So personally, I’m not that desired to get another so-called privacy/secuirty hardened version of FF. Although the *Extension Firewall* is a very feature deserved to have a look at, for me I’ll directly uninstall an addon if I find any improper outbound requests made by it through Browser Console. So that’s not that important to me. I agree with “Peacock365” who posted on Github and DIDN’T think:
“…offering a more privacy-oriented Firefox is enough to attract a wider scope of potential users. Vivaldi’s success is built upon its many customization features…”
So I think it would be better if the *Libre* in Librefox stands a little more for customization (especially in UI/layout tweaks). Don’t get my bad English wrong, Librefox could be a great project.
Sounds good! Thanks, Martin.
That’s what I always expected FF to be…
Merry Christmas to all of you! Have a good time!
I copied the chrome folder the user profile folder but it still doesn’t change the dark theme. I assume I just take the folder and leave it here: %APPDATA%\Mozilla\Firefox\Profiles\
FIX FOR THE DARK THEME ‘CHROME’ ISSUE:
I know I’m a bit late, but whoever is still having this problem, should know this: you’re not crazy, it should be working, here’s how.
1. From the GitHub for Librefox, download the ‘master’ repository (create account if you can’t)
2. Go to Librefox-master > dark-theme (in the file structure from what you downloaded)
3. Copy the ‘chrome’ folder
4. Go to [YourUserAccountinWindows]/AppData/Roaming/Mozilla/Firefox/Profiles/[profile-name]
Note here: if you don’t know the correct profile for your Librefox install, type “about:profiles” into your search bar IN Firefox. Look JUST UNDER where it says: ‘This is the profile in use and it cannot be deleted.’ (below this will be your proper ‘path’ to the Librefox profile, the one below was your OLD DEFAULT Firefox)
5. Simply ‘paste’ the ‘chrome’ folder into the main directory. (the same place there are also folders for ‘crashes’, ‘extensions’, ‘storage’, etc.
6. THIS IS THE MOST IMPORTANT STEP AND WHY IT DOESN’T WORK FOR MOST PEOPLE: In your Firefox search bar, go to “about:config” and type “toolkit.legacyUserProfileCustomizations.stylesheets” into the big search bar, set this to true (click the button way over on the right)
7. Finally, go back to “about:profiles” and click “Restart normally…” on the top-right (ALSO VERY IMPORTANT, DON’T SKIP THIS)
It will work :D
Lets hope this Librefox develops a large following and puts a serious dent in firefox’ usage numbers, it might wake them up.
@Dilly Dilly Librefox interest is growing, you can check the repo on github and eventually partecipate.
The more, the merrier.
How will I know if there is a new update if it does not have an updater?
Next version will have an updater ;)
First of all, I want to wish Martin Brinkman especially for all his tremendous easy understandable for everybody computer related information articles. Next, to that, the Ghacks.net adapts ( or call it a community) for there useful comments. I wish you all a ferry peach full Christmas Eve and both Christmas days with the people you love.
Martin, Do I understand it correctly that before I can run this portable application ( on a USB stick) is required to create a multiple Firefox profile for special tasks when I already have a 64-bit Firefox version 64.0 installed on mine desktop?
And after that start Librefox in the Firefox profile manager in this way?
WOW, This was unexpected…and the most interesting version of FF I’ve seen since I reconfigured 51 with help from everyone who contributed to the ghacks-userjs project.
Lots and lots of detailed info on github as well…Kudos to Pants, claustrophobe, Martin and the rest of the Presidential Cabinet
A VERY MERRY Christmas From TEXAS to Everyone! YEEEHAW
Thank you for your kind words its appreciated :)
Just to be clear, I have nothing to do with this project. I actually disagree with a lot of settings among other things. Everywhere I’m reading comments about my or the ghacks-user.js’s assumed involvement, along with valid negative remarks (e.g disabling blocklists, disabling password manager, etc – which I do not do!)
Can it run unsigned extensions by default?
No this is not possible for obvious reasons
I cannot access any of the ‘google sites’ in Librefox.
“The error message begins thus:”An error occurred during a connection to google.com. The server uses key pinning (HPKP) but no trusted certificate chain could be constructed that matches the pinset. Key pinning violations cannot be overridden. Error code: MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE”.
Need help. Thanks.
G00gle has no friends, leave g00gle al0ne
Thank you for your feedback i added this to the issue https://github.com/intika/Librefox/issues/50 it will be solved on next release ;)
“browser.display.use_document_fonts” set to 0
prevents the display of the trash can in the UBO custom lists.
This one is disabled by default.
Does this use the Firefox Profile when using or does it create it own folders and profiles? I don’t want to mess with my current Firefox 64 settings and folders.
I guess I can create a new profile for use with this.
so this staff not included?(built-in in firefox or as separate addon)
then thanks so much for this
now in ff64 just this.
Not sure why this is being plugged here and all over reddit. Seems like there might be an alternative reasoning behind this. There is no “development team”. It is one developer with a github account of 4 years and only 1 year of active contributions. This article seems more like an ad to recruit users and if so it is deceptive without stating so.
Has Martin done any auditing or benchmarking before stating privacy and security benefits?
Use this at your own risk and peril, despite being open source. Remember open source does not mean malware free.
“There is also an Extensions Firefox”
Thanks for the article!
will this uninstall Firefox? or can Librefox and Firefox be installed at the same time?
Very nice! Keeper over Waterfox or Palemoon.
How can I install it or run it on Ubuntu? Any simple guide? Is there going to be a .deb in the future?
I will add a how to ;)
Thanks! Looking forward to it!
Thank you a lot for contributing to the project by this article it is really appreciated, we will do our best for future release, don’t hesitate to open an issue for any suggestion or request :)
Firefox without add-ons? Add-ons are almost the whole point of Firefox.
You can install add-ons just fine.
Hi, Martin. It seems my comment disapear without any reason. Could you have a look and recover it?
Thanks and merry christmas.
…It is entirely clear that the search for ever more trusted privacy, control of ones on data and actions and in general rights and law to protect all of this through the state … it never ends. Especially not as long as the OptOut and outright theft logic prevails… this behaviour shall be declared as criminal schemes to get rich with stealing other peoples work, creativity, ideas, solutions, way of life. contacts, personal and professional networks.
Compile your own kernel. Install Gentoo.
Is auto-update removed from Librefox ?
If so how to update to new version. Is it by installing new version on existing ?
Do going to Help -> About provide a means of updating? That’s what I do on Quantum ESR.
Updating is done by downloading a new official version and following the these instructions:
…or simply wait for the new Librefox version.
By the way, is updating always needed? Do you read the changelog to see if the solved bugs may really affect you?
“Mozilla’s CEO” hahahaha i just noticed this one, very nice ! :D
Next version will have an updater… thank you for your feedback ;)
…”All of this is done with lockPref(), meaning the user does not have a choice, even through about:config. If you want to change any of this you manually have to edit the Mozilla.cfg in the browser’s installation — and considering there are plenty of duplicate entries in there you may find it frustrating that it doesn’t take unless you hunt down all copies of a setting.”
As Moonchild pointed, wanting to remove some prefs I just experienced “duplicate entries”… very frustrating, he is right.
Thank you for you feedback, i am taking care of what moonchild reported in the this issue https://github.com/intika/Librefox/issues/53 … there is no duplicate entry on the cfg file, but related settings
I have zero issues with Waterfox. It too is a one guy effort but is more mature and easily runs under Linux.
To update the browser i download the .gz file and unpack and replace the Waterfox folder in my download directory. The user stuff is left untouched in the home/.waterfox folder.
Everyone should monitor network traffic when opening and closing any application. I use an xfce4 desktop applet. Unmodified Firefox stays alive 30 seconds AFTER you close it and generates network traffic.
A search of about:config should have zero Google hits. Replace with “”
Waterfox is very fast – now that UBlock has been greatly optimized
When do we share your information with others?
Even though we don’t collect any such information…
Thank you for your feedback and for such important topic i just added an issue for that https://github.com/intika/Librefox/issues/63
Librefox looks like a great idea. By actually removing unwanted code, it accomplishes its worthy goals. Thank you!
Apologies again, but could anyone please tell me how to install the modified version of Shadowfox? I placed the chrome folder in the Firefox profile folder found at %APPDATA%\Firefox\Profiles, yet it doesn’t change the theme.
Any tips would be greatly appreciated.
under your profile directory you need to respect the file structure so copy the chrome directory to %APPDATA%\Mozilla\Firefox\Profiles\yourprofile and restart Librefox-Firefox ;) if you need further assistance please open an issue on github
Why does intika keep referring to himself as a *we* in the comments here? Is not him the only developer of the project? One of the ghacksuserjs guys even asked him to remove his username from the documentation on GitHub because it apparently makes the false claim that he is a contributor to the project:
I hope I’m wrong, but that seems terribly suspicious…
Upstream there’s ghacks-user.js and other choices come from the community of tinfoil hatters.
You can avoid it if in fear of hiding from big brother.
> Upstream thereâ€™s ghacks-user.js
Yes, except the ghacks-user.js guys not only repeatedly state they are not involved with intika’s project (read Pants’ comments above, and read their comments on their repo), but also don’t even endorse it (because apparently they have many differences and whatnot).
It just seemed suspicious to me that intika was listing the ghacks-user.js members as contributors… it gave me the impression that he was taking advantage of them.
Anyway, I guess that was not the case since he already edited that…
> You can avoid it if in fear of hiding from big brother.
I’m going to avoid it because I’m already hiding more than well enough.
https://github.com/ghacksuserjs/ghacks-user.js/issues/542 for the full detailed history… in short i wanted to give credit to pan it’s why i listed the team on the contributor section and also pan helped me many times and gave me a lot of feedback about Librefox… i though it was the right thing to do back then but i updated the readme directly when pan asked me to…
“NSA Recruit here for monitoring” hahaha lool nice one !
Thank you for your feedback. i am indeed the main developer on this project but that does not mean i am working on this alone. and regarding the ghacksuserjs you can read the full history here https://github.com/ghacksuserjs/ghacks-user.js/issues/542 nothing is hidden :) …
The more important i think is Librefox and i think it’s about time and work… once again this project is very young give it a little time…
And to avoid any ambiguity yes right now this is a one person project.
(Quote “but that seems terribly suspiciousâ€¦”) i hope i answered your question but if you have further question don’t hesitate to open an issue on github.
I am sure I’ll install it when its folders become independent from Firefox’s, running on its own folders and profiles.
Hope there are plans for this?
You can, just start firefox with with -no-remote -p argument, then use a different profile.
Martin Brinkmann posted this solution already (it’s the 4th comment with a big black stripe)
Thank you for your feedback you can follow this issue for the matter :) https://github.com/intika/Librefox/issues/55
Yeah if it’ll run completely independent from Firefox it would be awesome!
but it does, solution has been poste at least 5 times.
Well it would be better to be like Waterfox with it’s own installer, folders, profiles, updater, etc… with no workarounds over Firefox.
Hope for such release soon.
How do I enable EXTENSION UPDATES/INSTALLATION???? Browser makes AMO looks wierd and broken.
It’s the only thing I need and working properly by default “ADDONS”
You can download a new addon, uninstall the old one and install the fresh version without using the internal firefox page, thus avoiding Mozilla Corporation tracking.
Im being specific that only ADDONS should have the option to work cause its a hassle if it does not update either on its own or have to keep manually updating it.
Anyway not all ADDONS can be downloaded manually besides being only available on AMO and are constantly updated accordingly.
I beg to differ: I update them manually because I always check on forums if the new features break something.
Also, this trend for always updating anything makes only partially sense: only if the new version closes bugs that affect me I’m updating, otherwise…
Is there something like this for Chromium/Chrome?
Eloston’s Ungoogled Chromium
I love ghacks but don’t like Librefox.. getting so many errors.
2. Can’t update my addons… what the hell
3. Locked out some of the settings in about:config… nice… can’t change much.
Give me fixes on all these and tell me what to do. maybe not #3 but the first 2 pleaseee.
Be specific where do i go like program files/ firefox etc. Thanks
why no firefox sync… i tried librefox with new profile today but i cant reach any of my bookmarks now..
have to switch back to old profile and import and export all bookmarks then…
is Librefox dead?
The last release dates back to December 2018 but there has not been any changes in the past two months. It is definitely a problem even if the project is not dead.
Please review LibreWolf.
Looks like Librefox has been forked due to lack of development.
New fork is called LibreWolf: librewolf-community.gitlab.io