Librefox: Firefox with privacy enhancements - gHacks Tech News

Librefox: Firefox with privacy enhancements

Librefox is an open source project designed to provide anyone with a copy of the Firefox browser that comes with privacy and security enhancements included.

Librefox is not a fork of Firefox but uses core Firefox and applies privacy, security and other enhancements or changes to the browser. The project uses the Ghacks user.js and other information to create a browser that offers better privacy and security out of the box.

The browser is available for Windows, Mac and Linux devices, and can be run on Windows without installation or with installation. The project team creates Firefox Stable, Extended Support Release, and Beta versions of Librefox.

Attention: Librefox will use the default Firefox profile on start unless you assign a new profile to it. You could run the browser with commands to assign a new profile to it. Check out the list of important Firefox parameters here.

The web browser looks exactly like Firefox when you start it; no surprises here as it is still Firefox by and large.

librefox firefox privacy

The development team removed some components from Firefox; the updater, crashreported, and integrated add-ons that "don't respect privacy" were removed from the browser. Connections that Firefox makes by default have been removed by and large as well:

The objective is zero unauthorized connection (ping/telemetry/Mozilla/Google...).

Librefox comes without add-ons; several extensions have been created for LibreFox and several more are recommended by the team for installation. The recommended add-ons have been code reviewed.

The Librefox extensions add a dark theme, HTTP Watcher, and Reload button to Firefox. Recommended third-party extensions include uBlock Origin, Cookie Master, First Party Isolation (toggle), User Agent Platform Spoofer, and Browser Plugs Privacy Firefox. Links and some configuration suggestions are listed on the project website.

There is also a Extensions Firewall but it is disabled by default as it is considered experimental at this point in time. It is designed to manage add-ons globally and allow or disallow extension connections.

Firefox users who want to know about the differences between Firefox and Librefox may want to check the files mozilla.cfg and policies.json as a start. The list is well documented but it may take a while to go through it manually.

Note that you need to edit these files directly as some settings are locked and cannot be changed from within Librefox; editing may be necessary if you run into compatibility issues on select websites.

Who is it for?

Librefox is a privacy enhanced version of Firefox that is ready for use out of the box. While privacy configuration files like the Ghacks user.js file can be applied to the browser to achieve the same, the main benefit of running Librefox is that it offers most of that right away.

That's comfortable but it takes away some control from users; if you apply preference changes manually, you know exactly what you are getting into. With Librefox, you'd have to go through the changes manually to adjust them, or go through them when you run into issues with sites.

Closing Words and verdict

Librefox is a start and run copy of Firefox with privacy improvements added to it. It would be a disservice to the project to reduce it to being Firefox with a user.js file added to it as it offers more than that.

The developers remove built-in extensions and some components, block connection attempts, and modify Firefox in several core ways to reduce outbound connections.

Librefox may be worth a try for Firefox users who don't want to go through user.js configuration files manually to find the right preferences and apply them to Firefox.

It is definitely a project to keep an eye on, especially if the developers keep up to their promises and release updated versions of Librefox whenever Mozilla pushes out updates to Firefox.

Now You: What is your take on Librefox?

Summary
software image
Author Rating
1star1star1star1star1star
4 based on 38 votes
Software Name
Librefox
Software Category
Browser
Landing Page
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. Pierre said on December 24, 2018 at 9:01 am
    Reply

    Tooo many browsers. It would be more urgent to make Firefox less slow

    1. crambie said on December 24, 2018 at 12:34 pm
      Reply

      How is choice a bad thing all of a sudden? You automatically think that people like this who change some settings and delete a few things would be able to work on ff core code and speed it up? I’m not saying they can’t, I don’t know them, but it’s fairly unlikely they’d even want to if they could.

      1. intika said on December 25, 2018 at 5:12 am
        Reply

        Thank you for your feedback; often when you harden a browser security it become slower because of the additional extensions and/or by disabling core function like javascript, Librefox apply many settings for performance, to avoid losing speed over enforcing privacy.

    2. RG said on December 24, 2018 at 7:24 pm
      Reply

      Agree with Pierre. Taking a few things – even bad things – from an existing is not creating a choice, enhancement of something is not a *new* choice, that’s like saying if Mozilla themselves remove the bad stuff that means they are creating a new choice.

      1. OX said on December 26, 2018 at 3:28 pm
        Reply

        Then you and Pierre better get busy writing code. ITMT- don’t like LibreFox? Then don’t use it. But to sit here and complain about a *free* alternative (with enhancements) to a popular browser is childish.

  2. LarsB said on December 24, 2018 at 9:39 am
    Reply

    Might check this one out when I get home. Any idea if this is portable?

    1. Martin Brinkmann said on December 24, 2018 at 10:13 am
      Reply

      Yes it is portable.

      1. LarsB said on December 24, 2018 at 12:42 pm
        Reply

        Hello Martin,

        thanks for the quick response.
        Unfortunately, Librefox isn’t portable. True, you don’t have to install it.
        You can just run it after extracting. But it leaves a lot of folders in the appdata folder.
        I tried installing it, in the hope of getting to make a portable install option…but there isn’t one.
        As far as I could tell, after uninstalling, it does remove the registry entries, but leaves the appdata folders…
        So for the moment I will stick with the PA version of FF62. Newer versions aren’t useable for me because of the lacking discriptions option in bookmarks.

      2. intika said on December 25, 2018 at 5:16 am
        Reply

        A proper portable version should be added soon, here is the issue about it https://github.com/intika/Librefox/issues/15

      3. John G. said on December 25, 2018 at 4:59 pm
        Reply

        I think Martin is right, it’s portable. The folders left at appdata folder are non critical at all.

      4. bodi said on December 24, 2018 at 5:26 pm
        Reply

        No, it isn’t.

        Running from location does not make an app portable. Reading/writing settings and temp files anywhere inside it’s main directory does!
        This customized version uses and modifies the main firefox profile inside appdata\roaming.

  3. Yuliya said on December 24, 2018 at 9:43 am
    Reply

    Nice. I’ll keep an eye on this, if it gets updated regularly in line with Firefox I’ll give it a try. The regular Firefox is unusable to me as updates can’t be disabled anymore, even when blocked in hosts file I still get pestered by a popup which keeps telling me that Firefox failed to check for updates and that I should reinstall it. I responded to that message by uninstalling Firefox and the problem went away.

    Merry Christmas and happy holidays, everyone! :)

    1. Anonymous said on December 24, 2018 at 12:38 pm
      Reply

      “updates can’t be disabled anymore, even when blocked in hosts file I still get pestered by a popup”

      Yes, and even with the portable version. “I responded to that message by” sending the Mozilla Firefox Portable’s folder to the trash “and the problem went away.”

      Happy holidays too.

    2. Pants said on December 24, 2018 at 2:40 pm
      Reply

      > The regular Firefox is unusable to me as updates can’t be disabled anymore

      This is not true. If you check the option to “check for updates but let you choose when to install them” then you will not get updates – updates are not downloaded, updates are not applied. They only removed the UI option to not CHECK for updates. But you can still do that with an Enterprise Policy (and you don’t need to on ESR)

      Please stop spreading FUD

      1. Anonymous said on December 25, 2018 at 8:57 am
        Reply

        You will not get updates but you’ll get the annoying popup again and again asking for update!

      2. Yuliya said on December 25, 2018 at 5:47 pm
        Reply

        Pants,
        And then get this message twenty times a day: imgur.com/YABC3un.png
        Your solution is not really a solution. When you turn a light switch off, do you still get light from the light bulb within that circuit? Go ahead, try it. Let me know.

      3. anonymouz said on December 25, 2018 at 7:44 pm
        Reply

        Yuliya,

        Pants’ solution works for me.

        I disabled updates with policies.json (Enterprise Policy), and Firefox never checks for updates and I never get messages/errors of any kind. If you did the same and still get that message, then it must be a problem on your end (maybe a bug or something).

      4. Pants said on December 25, 2018 at 11:11 pm
        Reply

        @Yuliya .. what you said was “updates can’t be disabled anymore”, but this is factually incorrect, and that is what I am pointing out. What you meant to say is “update checks cannot be disabled anymore” and this is also factually incorrect (they can be disabled via Enterprise Policy).

        But lets just say, you meant “it’s not easy to disable update checks (because I have to muck around with Enterprise Policy etc), and it gets annoying (for me) with the update reminders” – then you would be correct.

        The light bulb analogy is not a good one. Because you are still confusing actual updates with update checking.

        “When I turn off the update switch by choosing to only check for updates, do I still get updates downloaded off the internet circuit and is the firefox light bulb lit up by a new version” – No. I tried it. Now you know.

      5. Yuliya said on December 26, 2018 at 8:52 am
        Reply

        Pants,
        Yeah, you could use some insulating tape around the light bulb, and you will no longer see light in your room from that source. It would still use electricity though. You could also cut a hole in the ceiling and mount another switch there and use that one instead, assuming you know where the wiring is, it should be a fairly easy task, and this would solve the aforementioned issue. It is closer to what you have done. But there is a light switch already mounted on the wall, and it is there for a good reason. Anyone can use it, I have seen pet cats being able to switch it on or off.

      6. gwacks said on December 26, 2018 at 3:02 pm
        Reply

        Look, I’m not gonna be so polite and patient as Pants would. Lets see what this “Yuliya” said months ago:
        (https://www.ghacks.net/2018/10/03/firefox-62-0-3-is-a-security-update/#comment-4391824)

        Paul(us0 said on October 3, 2018 at 1:22 pm
        Thanks, Martin, For letting me know. I personally always appreciate update explanatory articles.

        Yuliya said on October 3, 2018 at 1:28 pm
        It’s my only way of knowing when these updates arrive since I blocked mozilla’s domains (:

        So the “you could use some insulating tape around the light bulb, and you will no longer see light in…” blahblahblah, I call it total BS.

        Mozilla’s *malware*?
        “…mozilla really was mining cryptocurrency on my machine” (wihtout any proof)?
        “…their products should not be trusted” (and you always still benefit from them without any appreciation and even keep slandering them without any apology)?

        Let me ask @Yuliya. Why you keep spreading your FUDs misleading other people? Why you piss off developers who are really trying their best to fight for our privacy especially for whom are non-technical? Are you one of the CHEF-KOCH the Great Trolls Group? If you are, then everyhing you did makes sense. You satisfied then?

        FYI, the troll king (I don’t believe he is only one guy, their trolling is systematically targeting developers whose working is related to security and privacy, i.e. people working on ghacks.js, gorhill, M66B who developed XprivacyLUA, etc) is already eyeing this project, they would never stop because this is what they live by (for some government intelligence department or advertising giant): github.com/CHEF-KOCH/FFCK

      7. Yuliya said on December 26, 2018 at 4:05 pm
        Reply

        gwacks,
        That is no longer valid as of version 63, see this screenshot: imgur.com/YABC3un.png
        Sure, it fails to fetch the update, but I used to get this popup multiple times per hour, regardless of me setting the updater to only initiate every 300 days via about:config.

        >I’m not gonna be so polite and patient
        At the end of the day you are just some text on my PC’s screen, so do as you please. It is valid the other way around as well.

      8. gwacks said on December 27, 2018 at 7:33 am
        Reply

        I don’t care about your ironic *dilemma* at all which I never and will never encounter on my FF63 and above . I don’t recommend it for security reasons, but if people still find such non-invasive way of notifying an update available kind of disturbing them in some scenario, they can do as following:

        Open “about:config” page;
        Type “update*time” (without quotes);
        Set the value of all the preference terms named “app.update.*Time” as big as they want, i.e.

        app.update.badgeWaitTime to 999999999999
        app.update.idletime to 999999999999
        app.update.promptWaitTime to 999999999999

        Until the Earth explodes, BOOOOOOM! Then everything should be in “peace”. And they need remember to install updates manually, which introduces another kind of factor being annoying, but I think one who cares about their “privacy” so much like @Yuliya would never mind it, or maybe the ESR channel suits them better.

        http://kb.mozillazine.org/App.update.idletime
        http://kb.mozillazine.org/App.update.promptWaitTime

      9. Yuliya said on December 27, 2018 at 9:22 am
        Reply

        gwacks, Yeah, it’s not working. I already had all those settings to 25920000 seconds (300 days) yet the updater was running multiple times per hour.
        Earth won’t explode on its own, it’s going to be destroyed by the Sun once it dies, but I doubt you and I are going to witness this. By then maybe shady organisations who claim to care about user’s privacy, and then send extra telemetry for everyone who dares to disable the standard one, like moz://a, won’t exist anymore either. Maybe, though I doubt.

      10. Donut said on January 30, 2019 at 9:20 pm
        Reply

        @Yuliya

        If you don’t know how to use Group policy, then don’t. Instead, create a new folder called “distribution” in your Firefox main install directory, and a add a file inside call “policies.json”. This file should contain:

        {
        “policies”: {
        “DisableAppUpdate”: true,
        “DisableSystemAddonUpdate”
        }
        }

        You can check “about:policies” to see if it has been picked up correctly.

        Done, Firefox won’t auto-update, and won’t check for updates either.

         

        Alternatively, you can use this add-on to build the JSON, which you’ll have to move to the right directory afterwards: https://addons.mozilla.org/firefox/addon/enterprise-policy-generator/

    3. github watcher said on December 25, 2018 at 9:00 pm
      Reply

      @Yuliya Join the repository on github. Librefox is a community effort.

  4. asd said on December 24, 2018 at 10:03 am
    Reply

    sounds great, would try it out if it was portable.

    1. Martin Brinkmann said on December 24, 2018 at 10:12 am
      Reply

      It is.

      1. asd said on December 24, 2018 at 2:52 pm
        Reply

        I downloaded the zip from github but inside there was a setup.exe

      2. A. said on December 24, 2018 at 3:51 pm
        Reply

        Does it run side by side with Firefox (if one wants to) without any tweaks? Or does Firefox confuses itself with Librefox, i.e., does it use different executable/process/etc.?

      3. intika said on December 25, 2018 at 5:21 am
        Reply

        The project is still young, all of this should be sorted out in the next release here are the related issues https://github.com/intika/Librefox/issues/15 and https://github.com/intika/Librefox/issues/26 currently Librefox is semi portable because it uses Firefox’s current profile.

  5. Tom Hawack said on December 24, 2018 at 10:27 am
    Reply

    Librefox, the project, seems to me most valuable for users aiming to get the best of Firefox with its built-in switches set to enhance their privacy.

    As far as I’m concerned I guess my configuration of Firefox must be close to that offered by Librefox. I use mozilla.cfg and policies.json (Autoconfig and Policy templates) and the former includes settings I previously applied to profiles independently with user.js (I’ve shifted the famous ghacks.user.js settings to Autoconfig) and as many of us I’m cautious with Firefox’s telemetry and with its extensions : example, by the way, of a developer who’s homepage site has a 9/10 Netcraft risk rate ( https://toolbar.netcraft.com/site_report?url=www.xtensionizer.com ) and nevertheless manages to offer 6 extensions on AMO ( https://addons.mozilla.org/en-US/firefox/user/14496339/ ) which surprises me…

    A most merry Christmas to all. May sound common but is sincere. A moment of peace and sympathy to all.

    1. Klaas Vaak said on December 24, 2018 at 3:36 pm
      Reply

      @Tom Hawack: you stated
      > ….. I guess my configuration of Firefox must be close to that offered by Librefox.

      1. I am not surprised
      2. You could have saved the Librefox guys a lot of time !!
      3. ;-)
      4. Merry Xmas to you too.

    2. intika said on December 25, 2018 at 5:25 am
      Reply

      Thank you for your feedback, you could go further and compare your setup to Librefox with https://github.com/intika/Librefox#comparing-changes-and-updates and add what you are missing in your settings ;)

  6. Anonymous said on December 24, 2018 at 11:56 am
    Reply

    “The development team removed some components from Firefox; the updater, crashreported, and integrated add-ons that “don’t respect privacy” were removed from the browser. Connections that Firefox makes by default have been removed by and large as well:”

    “that “don’t respect privacy””

    No need for quotation marks in my “libre” opinion..

    1. Martin Brinkmann said on December 24, 2018 at 12:09 pm
      Reply

      Quote from the site.

  7. supergirl said on December 24, 2018 at 12:02 pm
    Reply

    Well… This is a nice Xmass present for me.
    I definitely want to look into it.
    As Im such a noob I cant use the Ghacks.js file.
    I have No idea how. Im too incompetent to.LoL

    but I CAN Install& run Linux…It can now be That easy!!!!

    Will this install along side aregular FFox set-up….

    1. CHEF-KOCH said on December 24, 2018 at 1:32 pm
      Reply

      Merry Christmas! You are really a Super Girl!

    2. intika said on December 25, 2018 at 5:30 am
      Reply

      In the current state of the project this can be used along side with Firefox but not at the same time. this will change soon ;)

      1. Martin Brinkmann said on December 25, 2018 at 7:58 am
        Reply

        You can run Librefox and Firefox with -no-remote -p to run side by side, just pick different profiles.

      2. intika said on December 26, 2018 at 2:23 am
        Reply

        Yes true, thanks for pointing that out

    3. gwacks said on December 28, 2018 at 6:58 am
      Reply

      @Yuliya

      You would never be so modest to ask questions like this “supergirl” who even called herself a *noob* honestly, would you, Miss(I doubt) Yuliya? So it’s obvious I think that you are, a troll. You failed beacause you have to.

  8. John C. said on December 24, 2018 at 12:20 pm
    Reply

    Martin, thanks very much for this article. The project is definitely something worth looking into. I’m presuming that since it’s based on the current version of Firefox, that Windows version compatibility would be the same (Windows 7 and newer.)

  9. noemata said on December 24, 2018 at 12:31 pm
    Reply

    thx. i don’t use librefox, but i have discovered _some_ additional user.js settings and finally brought the policies.json up to use (on ff65 beta).

    https://github.com/intika/Librefox/tree/master/librefox

  10. Graham said on December 24, 2018 at 12:45 pm
    Reply

    “Librefox is not a fork of Firefox but uses core Firefox…”
    So it’s a fork of Firefox.

    1. intika said on December 25, 2018 at 5:33 am
      Reply

      lol, thank you for your feedback, in the current stage of the project it is not a fork but for legal reason this has to become a fork nevertheless it will remain close to Firefox release.

  11. Jody Thornton said on December 24, 2018 at 12:58 pm
    Reply

    I will be looking seriously at this. I’ll continue to use Quantum ESR 60 until November 2019. Then I might switch to LibreFox instead.

  12. crambie said on December 24, 2018 at 1:02 pm
    Reply

    It’s killed temporary containers for me, says it requires container tabs which I’ve got and are on and working. Also kills facebook and google containers for the same reason.

  13. Gerard said on December 24, 2018 at 1:42 pm
    Reply

    Thanks for this. Can Librefox be installed and used alongside Mozilla’s Firefox (Linux distro)? Do the profiles not get mixed up?

  14. nocookie said on December 24, 2018 at 1:43 pm
    Reply

    “Portable” as in you extract and run firefox.exe. Close the “portable” LibreFox, open installed version of Mozilla’s Firefox… it now takes a few moments to open… R.I.P. all settings.

    Never open LibreFox again. Done.

    1. intika said on December 26, 2018 at 2:28 am
      Reply

      Thanks for you feedback, settings are not erased, only cookies and temporary files (including Firefox’s sessions) when you close Librefox and reopen Firefox again your settings will still be there. but this will change on next version.

  15. Anonymous said on December 24, 2018 at 1:57 pm
    Reply

    I do not see any portable version on the site.

  16. pat said on December 24, 2018 at 2:24 pm
    Reply

    Back up your .mozilla/ folder before!

    1. Anyone said on December 24, 2018 at 6:50 pm
      Reply

      Not portable, it will destroy configuration of installed Firefox if you run Librefox portable.

      1. intika said on December 25, 2018 at 5:36 am
        Reply

        It will not destroy the current profile, but indeed it will remove temporary file and logout sessions (this is a temporary situation)

  17. Anonymous said on December 24, 2018 at 2:28 pm
    Reply

    Copyright violation….

    1. intika said on December 29, 2018 at 11:37 am
      Reply

      Not copyright violation but trademarks and not really a violation, but it’s fixed right now but thank you for your feedback :)

  18. Pants said on December 24, 2018 at 2:36 pm
    Reply

    The project, which AFAIK is one person, uses the information in the ghacks user.js, along with pyllyukko’s user.js (which adds a couple of other prefs). It’s all attributed.

    No disrespects to the dev, but I had a quick look at this weeks ago and I have to say I am a fan at all. A lot of deprecated prefs were included (not a good sign for starters), and I do not agree with a LOT of settings, some of which make the browser less secure, and certainly makes it next to useless IMO. It’s as if the dev said “just how much stuff can I turn off” and used information gained by others over years of research and turned the browser into an empty shell – that’s how I see it. Not that I have had a really good look, and I certainly will not be trying it.

    Everything this build achieves, you can do in a standard Firefox using options in the UI, and tweaking about:config. And you would have far more control as well. Tom Hawack knows – “As far as I’m concerned I guess my configuration of Firefox must be close to that offered by Librefox” – he can “tell” just by looking at it (same as me, after years of tinkering).

    And its time to stop the “privacy respecting” BS. Safe Browsing does not compromise your privacy (except I’ll throw in that binary checks with google I am not sure where we exactly stand on that today, and the ghacks user.js disables it). Nor does update checking. Neither does Pocket, nor does CFR, or Onboarding, or the information from Kinto (bad extensions, graphics cards, revoked certs, etc), or even Telemetry, and I could go on. Do any of you guys and girls actually read the code and test things? And everything can be disabled if you want Firefox to be “quiet”. It is not hard to actually make Firefox make zero external connections.

    @Yuliya “The regular Firefox is unusable to me as updates can’t be disabled anymore” – this is not true. You can disable it with Enterprise Policy if it really annoys you. I get the same little message about an update for several days to a week before I manually update, it’s no big deal. It’s not always about “you”, as a default for 100 million users, keeping them up to date is best practice and the responsible thing to do. And they still give users (like “you”) a way to not update.

    1. Anonymous said on December 25, 2018 at 12:15 pm
      Reply

      I’m not sure I’m going to trust the ghacks user.js for much longer if you’re not sure that binary checks with Google or Telemetry are bad for privacy. Even the safebrowsing remote URL checks are bad for privacy and not really needed. And yes I know what those do. As for Pocket integration, assuming it doesn’t violate privacy by itself, it’s an incitement to use a service that’s bad for privacy. And you should really reconsider if a browser matching ads based on user activity, even locally, is a privacy respecting feature. I wouldn’t. Privacy is more subtle than just not sending data away. Finally I hope we agree that even assuming ads respect privacy, they’re something unwanted in the browser.

      1. Pants said on December 25, 2018 at 7:11 pm
        Reply

        > I’m not sure I’m going to trust the ghacks user.js for much longer if you’re not sure that binary checks with Google or Telemetry are bad for privacy

        That’s up to you, but have I ever blatantly outright LIED to you (or even non-blatantly)? Binary checks – I haven’t looked at the exact mechanism for a long time. It IS disabled. I just needed to qualify “my statement”, because something *may* have changed And I only mentioned it to qualify the previous bit about SB (because SB has quite a few parts). I also did not say that I was unsure if Telemetry was bad for privacy. But I will try to clarify what I meant (further below)

        > Even the safebrowsing remote URL checks are … not really needed

        For you maybe. But as a default, it would highly irresponsible to block them. Of say 100 million FF users, even if only 20% weren’t IT/internet savvy etc, that’s still 20 million people put at risk (oh, and even IT/internet savvy users can get redirects, phished, etc) – and that is unacceptable. In it’s default state, a product needs to work for the lowest common denominator (for lack of a better term). It also sucks that google is used, but there is no alternative for a major browser to ship with. Imagine the fallout from headlines like “STOP USING FIREFOX NOW: Nasty malware steals passwords, but only in Firefox, because they don’t provide any blocklists”.

        But you know what, I added all the SB info and prefs to the user.js, just so you could disable it all (including fallbacks like URLs used) and migrate it from profile to profile, etc. Do you still not trust me?

        > I hope we agree that even assuming ads respect privacy, they’re something unwanted in the browser

        I am only talking about privacy, not whether a “feature” should be included or not. And let’s not forget the ghacks user.js includes everything you need to disable these things. Pocket is already disabled for example (including in Activity Stream for those who want the default home screen dials). Holy cow, telemetry is disabled as well. As for ads themselves, I loathe them. And in general, they can be a malware mechanism – everything is an attack vector. But that’s not what I’m talking about.

        > As for Pocket integration, assuming it doesn’t violate privacy by itself, it’s an incitement to use a service that’s bad for privacy

        Almost every service is bad for privacy. But you have to actively sign up for Pocket. Do I agree with having Pocket shoved down my throat and crap in a default home page – fuck no. But again, unless you sign up, it’s not violating privacy – it’s all local, no-one else knows what you are doing. If you click a pocket tile in AS (and you don’t have an account), then Pocket would probably know you clicked from a tile. But other than that, you’re visiting the web page etc, and they already know you’re on FF (headers, etc) – there’s nothing lost here either, privacy wise.

        > Privacy

        Privacy is when no-one besides you (and the service, e.g. the website/server) know WHAT what you did. It does not mean anonymity – that is when no-one knows WHO you are. If SB updates it’s local lists, like the other 100 million other FF users, and reveals zero PII, how does that break privacy? FF is now on SBv4, but earlier versions used google cookies (the new version does not). How does that cookie being in a separate jar all on it’s lonesome, with no PII, just like 100 million other FF users, violate your privacy? There’s are more parts to it, and the bits that could potentially (or did last time I looked) leak PII are disabled.

        Telemetry is a bit more convoluted and has lot of separate parts, and yes that annoys me too. It’s ALL disabled in the user.js (do you still trust me?). But generally speaking it does not invade your privacy, and it’s also a pretty normal thing to include in browsers. They’re not collecting PII or siphoning off your history etc. It’s all open, you can see the code, on what it collects, and the data is put into buckets, etc. There is not meant to be any PII in there – by design.

        Telemetry, it kinda sucks that it’s only auto-shows as an opt-out once on a new profile. But I fully understand why. If it was default off, then Mozilla would not have the data it needs to decide when to add, remove, change or better features etc – and not just a few UI changes, but disabling web protocols, improving graphics, speeding shit up, etc etc etc. There’s nothing wrong with telemetry when done the right way, and I believe Mozilla is doing it the right way. But I’m annoyed that the UI doesn’t fully disable all telemetry, and there is no single real master switch. And that they still keep adding things like a one off Coverage Ping. But in terms of PRIVACY, it’s not violated to the best of my knowledge – and I have looked.

        However, companies can make code mistakes, companies/individuals can make bad decisions. Experiments such as Cliqz and Mr Robot. As long as they learn from them. Crash reports contain info such as the exact site visited, which is understandable – how can they reproduce without that info. I could go on. The *potential* for privacy to be violated is there, albeit fairly small. But it’s not being done deliberately

        So long story short. On a privacy front, I’m satisfied. But as an individual, I like layers and absolutely certainty, so its all disabled (do you still trust me?).

        /end of rambling, sorry for the length. didn’t mean to write a book.

      2. Anonymous said on December 26, 2018 at 11:58 am
        Reply

        “That’s up to you, but have I ever blatantly outright LIED to you (or even non-blatantly)?”

        Apologies if my language may have appeared too strong. I’m sure you would never lie, that you’re competent and that you only have in mind the best interests of users. There are just some points where I think I may be more sensitive than you about privacy.

        “Even the safebrowsing remote URL checks are … not really needed”
        “If SB updates it’s local lists, like the other 100 million other FF users, and reveals zero PII, how does that break privacy?”

        I meant that the very specific *remote double check* of URL, after one on the local blacklist is hit, is not needed and the worst part for privacy, not necessarily the whole URL safebrowsing stuff for all users, although I understand some people (including me) not wanting to connect to Google at all, or not wanting to trust them at all to know what to block. I know fake URL are sent together with the real one but that’s still bad as well as useless.
        https://bugzilla.mozilla.org/show_bug.cgi?id=368255#c63

        “How does that cookie being in a separate jar all on it’s lonesome, with no PII, just like 100 million other FF users, violate your privacy?”

        It allows tracking, doesn’t it ? Checking I’m the same person connecting again, why not track me across changes of IP, then relate together other activities from those different IP. Usual cookie business. I don’t care that the cookie doesn’t contain my real name, this is enough to be bad for privacy in my opinion.
        https://bugzilla.mozilla.org/show_bug.cgi?id=368255#c63
        Or I am wrong in thinking there were unique identifiers in those cookies ?

        “But generally speaking it [Telemetry] does not invade your privacy, and it’s also a pretty normal thing to include in browsers. They’re not collecting PII or siphoning off your history etc.”

        Privacy is not limited to sensitive information. This is one point where our opinions differ. And I don’t like Mozilla deciding where to place the moving line between sensitive and not sensitive activity.

        “it’s all local, no-one else knows what you are doing”

        Local matching is a way to sell *indirectly* our sensitive data to advertisers. I do not consider this privacy respecting, our opinions differ here. Same problem for me if that was some local AI reading my emails to show me personalized ads by local matching on Thunderbird. I don’t want anyone to make money from my sensitive data, even without accessing it directly.

        “Telemetry, it kinda sucks that it’s only auto-shows as an opt-out once on a new profile. But I fully understand why.”

        Another point where we disagree.

        “Experiments such as Cliqz and Mr Robot. As long as they learn from them.”

        Does it seem to you like Mozilla is becoming better with time about respecting users ? If yes, another point of disagreement.

        I know a lot of the things we’re discussing here are disabled anyway in the user.js, I was only reacting to your words, what you consider privacy respecting or not.

        Let me conclude that your work is of great value for users like me and I’m grateful for it, please don’t take my words too bad.

      3. anonymouz said on December 25, 2018 at 7:36 pm
        Reply

        You don’t need to *trust* the ghacks user.js if you don’t want to: everything is documented and referenced for that same reason (so that you can cross-check everything). Earthling checks the source code himself and Pants even has contact via email with some Mozilla & Tor developers to clear up any doubts when needed, and all that information is public for the world to see in their GitHub repo.

        Good luck finding a suitable replacement.

    2. Anonymous said on December 25, 2018 at 6:30 pm
      Reply

      > Enterprise Policy

      What’s that? A bit of searching shows me that it’s Windows Group policy? That’s not available for home users, and why you need to open Group Policy just to disable update? Is this IE?

  19. ULBoom said on December 24, 2018 at 3:42 pm
    Reply

    Yay! Someone’s listening! I’ll try it, definitely easier than periodically changing a bazillion settings.

    Merry Christmas! May 2019 be less chaotic than this year.

    Peace :)

    1. intika said on December 25, 2018 at 5:37 am
      Reply

      Hehe! thank you for your feedback it’s appreciated ;)

  20. gwacks said on December 24, 2018 at 4:58 pm
    Reply

    I’ve been daily using Tor Browser via a VPN proxy for a couple of weeks, which works almost flawlessly. I created a new profile in “Tor Browser\Browser\TorBrowser\Data\Browser\profile.nontor” by the traditional adding args “-no-remote -p” way, so I can keep running both the original Tor Browser through Tor by default and a non-Tor clearnet instance (equipped with uBlock+uMatrix, etc.) simultaneously. Since the TBB is already portable, I can keep it in my PortbleApps UFDs. Interested users can follow this instruction:

    https://www.whonix.org/wiki/Tor_Browser_without_Tor

    So personally, I’m not that desired to get another so-called privacy/secuirty hardened version of FF. Although the *Extension Firewall* is a very feature deserved to have a look at, for me I’ll directly uninstall an addon if I find any improper outbound requests made by it through Browser Console. So that’s not that important to me. I agree with “Peacock365” who posted on Github and DIDN’T think:

    “…offering a more privacy-oriented Firefox is enough to attract a wider scope of potential users. Vivaldi’s success is built upon its many customization features…”

    So I think it would be better if the *Libre* in Librefox stands a little more for customization (especially in UI/layout tweaks). Don’t get my bad English wrong, Librefox could be a great project.

  21. Caper said on December 24, 2018 at 5:00 pm
    Reply

    Sounds good! Thanks, Martin.

    That’s what I always expected FF to be…

    Merry Christmas to all of you! Have a good time!

  22. Ping said on December 24, 2018 at 5:25 pm
    Reply

    I copied the chrome folder the user profile folder but it still doesn’t change the dark theme. I assume I just take the folder and leave it here: %APPDATA%\Mozilla\Firefox\Profiles\

  23. Dilly Dilly said on December 24, 2018 at 5:40 pm
    Reply

    Lets hope this Librefox develops a large following and puts a serious dent in firefox’ usage numbers, it might wake them up.

    1. CHEF-PANTS said on December 25, 2018 at 9:06 pm
      Reply

      @Dilly Dilly Librefox interest is growing, you can check the repo on github and eventually partecipate.
      The more, the merrier.

  24. Groove street said on December 24, 2018 at 5:55 pm
    Reply

    How will I know if there is a new update if it does not have an updater?

    1. intika said on December 26, 2018 at 2:45 am
      Reply

      Next version will have an updater ;)

  25. Paul(us) said on December 24, 2018 at 5:57 pm
    Reply

    First of all, I want to wish Martin Brinkman especially for all his tremendous easy understandable for everybody computer related information articles. Next, to that, the Ghacks.net adapts ( or call it a community) for there useful comments. I wish you all a ferry peach full Christmas Eve and both Christmas days with the people you love.

    Martin, Do I understand it correctly that before I can run this portable application ( on a USB stick) is required to create a multiple Firefox profile for special tasks when I already have a 64-bit Firefox version 64.0 installed on mine desktop?
    https://www.ghacks.net/2011/08/05/how-to-create-multiple-firefox-profiles-for-specific-tasks/
    And after that start Librefox in the Firefox profile manager in this way?
    https://www.ghacks.net/2008/05/29/run-multiple-firefox-profiles-simultaneously/

  26. 11r20 said on December 24, 2018 at 6:18 pm
    Reply

    WOW, This was unexpected…and the most interesting version of FF I’ve seen since I reconfigured 51 with help from everyone who contributed to the ghacks-userjs project.
    Lots and lots of detailed info on github as well…Kudos to Pants, claustrophobe, Martin and the rest of the Presidential Cabinet

    A VERY MERRY Christmas From TEXAS to Everyone! YEEEHAW

    1. intika said on December 25, 2018 at 6:55 am
      Reply

      Thank you for your kind words its appreciated :)

    2. Pants said on December 26, 2018 at 9:03 am
      Reply

      Just to be clear, I have nothing to do with this project. I actually disagree with a lot of settings among other things. Everywhere I’m reading comments about my or the ghacks-user.js’s assumed involvement, along with valid negative remarks (e.g disabling blocklists, disabling password manager, etc – which I do not do!)

      https://github.com/ghacksuserjs/ghacks-user.js/issues/542#issuecomment-449902914

  27. Ray said on December 24, 2018 at 6:27 pm
    Reply

    Can it run unsigned extensions by default?

    1. intika said on December 25, 2018 at 6:57 am
      Reply

      No this is not possible for obvious reasons

      1. Murali Madhavan said on December 27, 2018 at 12:25 pm
        Reply

        @intika
        I cannot access any of the ‘google sites’ in Librefox.

        “The error message begins thus:”An error occurred during a connection to google.com. The server uses key pinning (HPKP) but no trusted certificate chain could be constructed that matches the pinset. Key pinning violations cannot be overridden. Error code: MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE”.

        Need help. Thanks.

      2. N0 g00gle, thank you said on December 28, 2018 at 1:06 am
        Reply

        G00gle has no friends, leave g00gle al0ne

      3. intika said on December 29, 2018 at 11:49 am
        Reply

        Thank you for your feedback i added this to the issue https://github.com/intika/Librefox/issues/50 it will be solved on next release ;)

  28. Sampei Nihira said on December 24, 2018 at 6:43 pm
    Reply

    The setting:

    “browser.display.use_document_fonts” set to 0

    prevents the display of the trash can in the UBO custom lists.

    1. Anonymous said on December 25, 2018 at 4:22 am
      Reply

      It also breaks a fair amount of PDF files when set to 0 (blank where there should be text). The benefit is apparently greatly reducing font fingerprinting using JavaScript, but that only really matters if you are using a VPN.

    2. intika said on December 25, 2018 at 6:59 am
      Reply

      This one is disabled by default.

  29. Tory said on December 24, 2018 at 8:08 pm
    Reply

    Does this use the Firefox Profile when using or does it create it own folders and profiles? I don’t want to mess with my current Firefox 64 settings and folders.

    I guess I can create a new profile for use with this.

  30. Concerned said on December 24, 2018 at 9:13 pm
    Reply

    Not sure why this is being plugged here and all over reddit. Seems like there might be an alternative reasoning behind this. There is no “development team”. It is one developer with a github account of 4 years and only 1 year of active contributions. This article seems more like an ad to recruit users and if so it is deceptive without stating so.

    Has Martin done any auditing or benchmarking before stating privacy and security benefits?

    Use this at your own risk and peril, despite being open source. Remember open source does not mean malware free.

  31. Anonymous said on December 24, 2018 at 9:20 pm
    Reply

    “There is also an Extensions Firefox”

    *Firewall :)

    Thanks for the article!

  32. Anonymous said on December 24, 2018 at 11:19 pm
    Reply

    will this uninstall Firefox? or can Librefox and Firefox be installed at the same time?

  33. Stan said on December 25, 2018 at 1:02 am
    Reply

    Very nice! Keeper over Waterfox or Palemoon.

  34. Ubunter said on December 25, 2018 at 1:43 am
    Reply

    How can I install it or run it on Ubuntu? Any simple guide? Is there going to be a .deb in the future?

    1. intika said on December 26, 2018 at 2:52 am
      Reply

      I will add a how to ;)

      1. Ubunter said on December 26, 2018 at 5:55 pm
        Reply

        Thanks! Looking forward to it!

  35. intika said on December 25, 2018 at 4:59 am
    Reply

    Thank you a lot for contributing to the project by this article it is really appreciated, we will do our best for future release, don’t hesitate to open an issue for any suggestion or request :)

  36. Brian Davis said on December 25, 2018 at 6:35 am
    Reply

    Firefox without add-ons? Add-ons are almost the whole point of Firefox.

    1. Martin Brinkmann said on December 25, 2018 at 7:59 am
      Reply

      You can install add-ons just fine.

  37. gwacks said on December 25, 2018 at 7:01 am
    Reply

    Hi, Martin. It seems my comment disapear without any reason. Could you have a look and recover it?
    Thanks and merry christmas.

  38. Benjamin Morgentau said on December 25, 2018 at 9:02 am
    Reply

    …It is entirely clear that the search for ever more trusted privacy, control of ones on data and actions and in general rights and law to protect all of this through the state … it never ends. Especially not as long as the OptOut and outright theft logic prevails… this behaviour shall be declared as criminal schemes to get rich with stealing other peoples work, creativity, ideas, solutions, way of life. contacts, personal and professional networks.

    1. Gentoo for the masses said on December 28, 2018 at 1:04 am
      Reply

      Compile your own kernel. Install Gentoo.

  39. Anonymous said on December 25, 2018 at 2:49 pm
    Reply

    Is auto-update removed from Librefox ?
    If so how to update to new version. Is it by installing new version on existing ?

    1. Jody Thornton said on December 25, 2018 at 11:18 pm
      Reply

      Do going to Help -> About provide a means of updating? That’s what I do on Quantum ESR.

      1. Mozilla's CEO said on December 28, 2018 at 1:02 am
        Reply

        Updating is done by downloading a new official version and following the these instructions:
        https://github.com/intika/Librefox#building-and-packaging

        …or simply wait for the new Librefox version.

        By the way, is updating always needed? Do you read the changelog to see if the solved bugs may really affect you?

      2. intika said on December 29, 2018 at 11:54 am
        Reply

        “Mozilla’s CEO” hahahaha i just noticed this one, very nice ! :D

    2. intika said on December 29, 2018 at 11:53 am
      Reply

      Next version will have an updater… thank you for your feedback ;)

  40. Anonymous said on December 25, 2018 at 6:10 pm
    Reply

    https://forum.palemoon.org/viewtopic.php?f=4&t=21123&sid=75f9612f87b1ee17fa26e4a237c8c696#p158485

    …”All of this is done with lockPref(), meaning the user does not have a choice, even through about:config. If you want to change any of this you manually have to edit the Mozilla.cfg in the browser’s installation — and considering there are plenty of duplicate entries in there you may find it frustrating that it doesn’t take unless you hunt down all copies of a setting.”

    As Moonchild pointed, wanting to remove some prefs I just experienced “duplicate entries”… very frustrating, he is right.

    1. intika said on December 29, 2018 at 11:57 am
      Reply

      Thank you for you feedback, i am taking care of what moonchild reported in the this issue https://github.com/intika/Librefox/issues/53 … there is no duplicate entry on the cfg file, but related settings

  41. Monkey Wrench said on December 25, 2018 at 6:17 pm
    Reply

    I searched for Librefox privacy policy and ironically found nothing.
    Todo: web site home with privacy policy

    I have zero issues with Waterfox. It too is a one guy effort but is more mature and easily runs under Linux.
    To update the browser i download the .gz file and unpack and replace the Waterfox folder in my download directory. The user stuff is left untouched in the home/.waterfox folder.

    Everyone should monitor network traffic when opening and closing any application. I use an xfce4 desktop applet. Unmodified Firefox stays alive 30 seconds AFTER you close it and generates network traffic.
    A search of about:config should have zero Google hits. Replace with “”

    Waterfox is very fast – now that UBlock has been greatly optimized

    When do we share your information with others?
    Even though we don’t collect any such information…
    https://www.waterfoxproject.org/en-US/privacy/

    1. intika said on December 29, 2018 at 12:01 pm
      Reply

      Thank you for your feedback and for such important topic i just added an issue for that https://github.com/intika/Librefox/issues/63

  42. Chris said on December 25, 2018 at 9:14 pm
    Reply

    Librefox looks like a great idea. By actually removing unwanted code, it accomplishes its worthy goals. Thank you!

  43. Ping said on December 26, 2018 at 2:42 am
    Reply

    Apologies again, but could anyone please tell me how to install the modified version of Shadowfox? I placed the chrome folder in the Firefox profile folder found at %APPDATA%\Firefox\Profiles, yet it doesn’t change the theme.

    Any tips would be greatly appreciated.

    1. intika said on December 29, 2018 at 12:04 pm
      Reply

      under your profile directory you need to respect the file structure so copy the chrome directory to %APPDATA%\Mozilla\Firefox\Profiles\yourprofile and restart Librefox-Firefox ;) if you need further assistance please open an issue on github

  44. Baas said on December 26, 2018 at 8:11 am
    Reply

    Why does intika keep referring to himself as a *we* in the comments here? Is not him the only developer of the project? One of the ghacksuserjs guys even asked him to remove his username from the documentation on GitHub because it apparently makes the false claim that he is a contributor to the project:

    https://github.com/intika/Librefox/issues/45

    I hope I’m wrong, but that seems terribly suspicious…

    1. NSA Recruit here for monitoring said on December 28, 2018 at 12:54 am
      Reply

      Upstream there’s ghacks-user.js and other choices come from the community of tinfoil hatters.
      You can avoid it if in fear of hiding from big brother.

      1. Baas said on December 28, 2018 at 7:56 am
        Reply

        > Upstream there’s ghacks-user.js

        Yes, except the ghacks-user.js guys not only repeatedly state they are not involved with intika’s project (read Pants’ comments above, and read their comments on their repo), but also don’t even endorse it (because apparently they have many differences and whatnot).

        It just seemed suspicious to me that intika was listing the ghacks-user.js members as contributors… it gave me the impression that he was taking advantage of them.

        Anyway, I guess that was not the case since he already edited that…

        > You can avoid it if in fear of hiding from big brother.

        I’m going to avoid it because I’m already hiding more than well enough.

      2. intika said on December 29, 2018 at 12:29 pm
        Reply

        https://github.com/ghacksuserjs/ghacks-user.js/issues/542 for the full detailed history… in short i wanted to give credit to pan it’s why i listed the team on the contributor section and also pan helped me many times and gave me a lot of feedback about Librefox… i though it was the right thing to do back then but i updated the readme directly when pan asked me to…

      3. intika said on December 29, 2018 at 12:06 pm
        Reply

        “NSA Recruit here for monitoring” hahaha lool nice one !

    2. intika said on December 29, 2018 at 12:45 pm
      Reply

      Thank you for your feedback. i am indeed the main developer on this project but that does not mean i am working on this alone. and regarding the ghacksuserjs you can read the full history here https://github.com/ghacksuserjs/ghacks-user.js/issues/542 nothing is hidden :) …
      The more important i think is Librefox and i think it’s about time and work… once again this project is very young give it a little time…
      And to avoid any ambiguity yes right now this is a one person project.

      (Quote “but that seems terribly suspicious…”) i hope i answered your question but if you have further question don’t hesitate to open an issue on github.

  45. Anonymous said on December 26, 2018 at 8:43 pm
    Reply

    I am sure I’ll install it when its folders become independent from Firefox’s, running on its own folders and profiles.
    Hope there are plans for this?

    1. Obama said on December 28, 2018 at 12:52 am
      Reply

      You can, just start firefox with with -no-remote -p argument, then use a different profile.
      Martin Brinkmann posted this solution already (it’s the 4th comment with a big black stripe)

    2. intika said on December 29, 2018 at 12:47 pm
      Reply

      Thank you for your feedback you can follow this issue for the matter :) https://github.com/intika/Librefox/issues/55

    3. Anonymous said on December 30, 2018 at 4:09 pm
      Reply

      Yeah if it’ll run completely independent from Firefox it would be awesome!

      1. low iq year said on December 31, 2018 at 8:41 pm
        Reply

        but it does, solution has been poste at least 5 times.

      2. Anonymous said on January 1, 2019 at 4:32 pm
        Reply

        Well it would be better to be like Waterfox with it’s own installer, folders, profiles, updater, etc… with no workarounds over Firefox.

        Hope for such release soon.

  46. BreaksWebsites said on December 27, 2018 at 4:24 am
    Reply

    How do I enable EXTENSION UPDATES/INSTALLATION???? Browser makes AMO looks wierd and broken.

    It’s the only thing I need and working properly by default “ADDONS”

    1. worksforme(TM) said on December 28, 2018 at 12:49 am
      Reply

      @BreaksWebsites

      You can download a new addon, uninstall the old one and install the fresh version without using the internal firefox page, thus avoiding Mozilla Corporation tracking.

      1. BreaksWebsites said on December 28, 2018 at 4:29 pm
        Reply

        Im being specific that only ADDONS should have the option to work cause its a hassle if it does not update either on its own or have to keep manually updating it.

        Anyway not all ADDONS can be downloaded manually besides being only available on AMO and are constantly updated accordingly.

      2. adsgaf said on December 31, 2018 at 8:40 pm
        Reply

        I beg to differ: I update them manually because I always check on forums if the new features break something.

        Also, this trend for always updating anything makes only partially sense: only if the new version closes bugs that affect me I’m updating, otherwise…

  47. Jukkksu said on December 30, 2018 at 1:36 am
    Reply

    Is there something like this for Chromium/Chrome?

  48. Not Eloston said on December 30, 2018 at 9:02 pm
    Reply

    Eloston’s Ungoogled Chromium

  49. bean said on January 6, 2019 at 5:04 am
    Reply

    I love ghacks but don’t like Librefox.. getting so many errors.

    1. SSL_ERROR_NO_CYPHER_OVERLAP

    2. Can’t update my addons… what the hell

    3. Locked out some of the settings in about:config… nice… can’t change much.

    Give me fixes on all these and tell me what to do. maybe not #3 but the first 2 pleaseee.
    Be specific where do i go like program files/ firefox etc. Thanks

  50. Anonymous said on February 18, 2019 at 10:17 pm
    Reply

    why no firefox sync… i tried librefox with new profile today but i cant reach any of my bookmarks now..
    have to switch back to old profile and import and export all bookmarks then…

  51. Anonymous said on March 20, 2019 at 7:20 pm
    Reply

    is Librefox dead?

    1. Martin Brinkmann said on March 20, 2019 at 7:26 pm
      Reply

      The last release dates back to December 2018 but there has not been any changes in the past two months. It is definitely a problem even if the project is not dead.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.