New Update LibreWolf Browser - A fork of Firefox, focused on privacy, security and freedom

n8chavez

Level 20
Well-known
Feb 26, 2021
972
I've read the FAQs but I'm still not sure where to create librewolf.cfg folder in W10.

The librewolf.cfg file is already in the root install directory. It's whereever librewolf.exe is located; by default I believe it's C:\Program Files\Librewolf\librewolf.cfg on Windows. Note that the portion about of not the whole file. I'll post the complete edited below if it helps, that way you can just swap them out.


Code:
//----------------------|
//  LibreWolf settings  |
//----------------------|

/**
 
 NOTE: please take the time to read and understand, but also to customize the settings to find your own setup.
 the answers to the most common questions are at this link https://gitlab.com/librewolf-community/settings/-/wikis/FAQ
 
 */

defaultPref("librewolf.cfg.version", "2.0");

// -------------------------------------------
// # SANITIZING COOKIES AND HISTORY, SESSIONS
// -------------------------------------------

defaultPref("network.cookie.cookieBehavior", 5); // dFPI, same as strict mode
defaultPref("network.cookie.lifetimePolicy", 2); // keep cookies until the browser is closed then delete everything minus exceptions

// make third party and http cookies session-only
defaultPref("network.cookie.thirdparty.sessionOnly", true);
defaultPref("network.cookie.thirdparty.nonsecureSessionOnly", true);

/**
 this way of sanitizing would override the exceptions set by the users and just delete everything,
 therefore we tell it to delete everything but ignore data needed to stay logged into websites set
 manually as exceptions.
*/
defaultPref("privacy.clearOnShutdown.cookies", false);
defaultPref("privacy.clearOnShutdown.offlineApps", false);
defaultPref("privacy.sanitize.sanitizeOnShutdown", true);

// disable browsing, search and form history
defaultPref("places.history.enabled", false);
defaultPref("browser.formfill.enable", false);

// prevent websites from storing session data like cookies and forms, increase time between session saves
defaultPref("browser.sessionstore.privacy_level", 2);
defaultPref("browser.sessionstore.interval", 60000);

// ----------------------
// # NETWORKING
// ----------------------

// https and mixed content
defaultPref("dom.security.https_only_mode", true); // only allow https in all windows, including private browsing
defaultPref("network.auth.subresource-http-auth-allow", 1); // stop cross-origin resources from using HTTP authentication
defaultPref("security.insecure_connection_text.enabled", true); // display http websites as insecure in the ui
defaultPref("security.mixed_content.block_display_content", true); // block insecure passive content

defaultPref("network.dns.disableIPv6", true); // disable ipv6

// always send xorigin referer but trim them
defaultPref("network.http.referer.XOriginPolicy", 0); // default, might be worth changing to 2
defaultPref("network.http.referer.XOriginTrimmingPolicy", 2); // trim referer to only send scheme, host and port

defaultPref("network.file.disable_unc_paths", true); // hidden, disable using uniform naming convention
defaultPref("network.IDN_show_punycode", true); // use punycode in idn to prevent spoofing

// proxy
defaultPref("network.proxy.socks_remote_dns", true); // forces dns query through the proxy when using one
defaultPref("network.gio.supported-protocols", ""); // disable gio as it could bypass proxy

// doh
defaultPref("network.trr.confirmationNS", "skip"); // skip undesired doh test connection
/**
 0 = default
 1 = browser picks faster
 2 = DoH with system dns fallback
 3 = DoH without fallback
 5 = DoH is off, default currently
 
 below prefs must be applied with pref in order to work
*/
// pref("network.trr.mode", 2);
// pref("network.trr.uri", "https://dns.quad9.net/dns-query");

// prefetching
defaultPref("network.dns.disablePrefetch", true); // disable dns prefetching
lockPref("network.predictor.enabled", false); // disable predictor
lockPref("network.prefetch-next", false); // disable link prefetching
lockPref("network.http.speculative-parallel-limit", 0); // disable prefetching on mouse over

defaultPref("network.manage-offline-status", false); // let user control the offline behavior

// ------------
// # DOM
// ------------

// pop-ups and window related preferences
defaultPref("dom.disable_beforeunload", true); // disable "confirm you want to leave" pop-ups on close
defaultPref("dom.disable_open_during_load", true); // block pop-ups windows
defaultPref("dom.popup_maximum", 4); // limit maximum number of pop-ups
defaultPref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); // limit events that cause pop-ups
defaultPref("dom.disable_window_move_resize", true); // block scripts from resizing windows
defaultPref("browser.link.open_newwindow", 3); // open 'new windows' targeted links in 'new tab'
defaultPref("browser.link.open_newwindow.restriction", 0); // ignore the size when applying the above pref

// push notifications and service workeers
defaultPref("dom.push.enabled", false); // disable push notifications
defaultPref("dom.push.serverURL", ""); // default "wss://push.services.mozilla.com/"
defaultPref("dom.serviceWorkers.enabled", false); // disable service workers, must enable for push notifications

// --------------------------------
// # CACHE AND TEMPORARY FILES
// --------------------------------

defaultPref("browser.cache.disk.enable", false); // disable disk cache
defaultPref("browser.privatebrowsing.forceMediaMemoryCache", true); // block media cache from writing to disk in pb mode
defaultPref("media.memory_cache_max_size", 65536); // increase max cache size to avoid playback issues caused by above setting

defaultPref("browser.shell.shortcutFavicons", false); // disable shortcut favicons from being stored in profile
defaultPref("browser.helperApps.deleteTempFileOnExit", true); // delete temporary files opened with external apps
defaultPref("browser.pagethumbnails.capturing_disabled", true); // disable page thumbnails capturing

// ----------------------
// # MEDIA
// ----------------------

// disable webrtc
defaultPref("media.peerconnection.enabled", false); // master switch

// limit potential IP leaks for webrtc users
defaultPref("media.peerconnection.ice.default_address_only", true); // use public IP for ICE candidates
defaultPref("media.peerconnection.ice.no_host", true); // don't use local IP for ICE candidates
defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // force webrtc inside proxy for proxy users

// autoplay
defaultPref("media.autoplay.blocking_policy", 2); // only allow to play when a certain element is clicked
defaultPref("media.autoplay.default", 5); // personal preference, currently apply blocking policy to all autplay including muted

// --------------------------------------
// # FINGERPRINTING
// --------------------------------------

defaultPref("privacy.resistFingerprinting", true); // master switch

// rfp compatibility settings
defaultPref("privacy.resistFingerprinting.block_mozAddonManager", true); // prevents rfp from breaking AMO
defaultPref("browser.startup.blankWindow", false); // if set to true it breaks RFP windows resizing
defaultPref("browser.display.use_system_colors", false); // default but enforced due to RFP

// librewolf specifc pref that prevents rfp from forcing light theme, review
lockPref("privacy.override_rfp_for_color_scheme", false);

defaultPref("webgl.disabled", true); // master switch, disable webgl

// --------------------------------
// # SECURITY
// --------------------------------

// certificates
defaultPref("security.cert_pinning.enforcement_level", 2); // enable strict public key pinning
defaultPref("security.pki.sha1_enforcement_level", 1); // disable sha-1 certificates
defaultPref("security.OCSP.enabled", 0); // disable OCSP fetching

// crl with no OCSP fallback. commented for now but review
// defaultPref("security.remote_settings.crlite_filters.enabled", true);
// defaultPref("security.pki.crlite_mode", 2);

// safe negotiation
defaultPref("security.ssl.require_safe_negotiation", true); // block websites that do not support safe negotiation, occasional breakage
defaultPref("security.ssl.treat_unsafe_negotiation_as_broken",    true); // show warning when safe negotiation is not enable and website is accessed

// tls behavior
lockPref("security.tls.enable_0rtt_data", false); // disable 0 round trip time to improve tls 1.3 security
defaultPref("security.tls.version.enable-deprecated", false); // default but helps resetting the preference
defaultPref("browser.ssl_override_behavior", 1); // prepopulate url on ssl warning screens
defaultPref("browser.xul.error_pages.expert_bad_cert", true); // advanced ui infos for broken connections

// permissions
lockPref("permissions.delegation.enabled", false); // force permission request to show the real origin
lockPref("permissions.manager.defaultsUrl", ""); // revoke special permissions from some mozilla domains

defaultPref("gfx.font_rendering.opentype_svg.enabled", false); // disale svg opentype fonts

defaultPref("browser.download.useDownloadDir", false); // force user interaction on downloads, by always asking location

lockPref("security.csp.enable", true); // default

// ---------------------------------
// # SAFE BROWSING
// ---------------------------------

// disable safe browsing, including the fetch of updates and all outgoing connections
defaultPref("browser.safebrowsing.malware.enabled", false);
defaultPref("browser.safebrowsing.phishing.enabled", false);
defaultPref("browser.safebrowsing.blockedURIs.enabled", false);
defaultPref("browser.safebrowsing.provider.google4.gethashURL", "");
defaultPref("browser.safebrowsing.provider.google4.updateURL", "");
defaultPref("browser.safebrowsing.provider.google.gethashURL", "");
defaultPref("browser.safebrowsing.provider.google.updateURL", "");

// disable safe browsing checks on downloads, both local and remote
defaultPref("browser.safebrowsing.downloads.enabled", false);
lockPref("browser.safebrowsing.downloads.remote.enabled", false);
lockPref("browser.safebrowsing.downloads.remote.url", "");
lockPref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);
lockPref("browser.safebrowsing.downloads.remote.block_uncommon", false);

// other safe browsing options, all default but enforce
lockPref("browser.safebrowsing.passwords.enabled", false);
lockPref("browser.safebrowsing.provider.google4.dataSharing.enabled", false);
lockPref("browser.safebrowsing.provider.google4.dataSharingURL", "");

// -----------------------
// # DRM
// -----------------------

defaultPref("media.eme.enabled", false); // disable drm content, master switch that also controls widevine plugin
defaultPref("media.gmp-manager.url", "data:text/plain,"); // prevent outgoing connections when DRM is disabled

// disable the openh264 plugin
defaultPref("media.gmp-provider.enabled", false);
defaultPref("media.gmp-gmpopenh264.enabled", false);

// ---------------------------------------------
// # LOCATION, LANGUAGE AND REGION
// ---------------------------------------------

defaultPref("geo.enabled", false); // block geo api, behind a prompt so review
defaultPref("permissions.default.geo", 2); // review as well

// use mozilla geo service as deault
defaultPref("geo.provider.network.url", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%");

// prevent use of OS location services
lockPref("geo.provider.ms-windows-location", false); // [WINDOWS]
lockPref("geo.provider.use_corelocation", false); // [MAC]
lockPref("geo.provider.use_gpsd", false); // [LINUX]

// show language as en-US for all users, regardless of their OS language and local version, to avoid leaking
defaultPref("javascript.use_us_english_locale", true);
defaultPref("intl.locale.requested", "en-US");
defaultPref("privacy.spoof_english", 2);

// disable region updates
lockPref("browser.region.network.url", "");
lockPref("browser.region.update.enabled", false);

// --------------------------------
// # SEARCH AND URLBAR
// --------------------------------

// disable search suggestions
defaultPref("browser.urlbar.suggest.searches", false);
defaultPref("browser.search.suggest.enabled", false);
pref("browser.urlbar.quicksuggest.scenario", ""); // disable firefox suggests and hide its UI

defaultPref("browser.search.region", "US"); // set a default search region for all users
defaultPref("browser.search.update", false); // do not update open search search engines
defaultPref("browser.urlbar.trimURLs", false); // do not trim urls in the urlbar

// urlbar-dns interactions, avoid unwanted and speculative connections
defaultPref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0);
defaultPref("browser.urlbar.speculativeConnect.enabled", false);
lockPref("browser.fixup.alternate.enabled", false);

// ----------------------------------
// # BROWSER BEHAVIOR
// ----------------------------------

lockPref("app.update.auto", false); // disable update auto installs

// password manager
defaultPref("signon.rememberSignons", false); // disable saving passwords in the browser
defaultPref("signon.autofillForms", false); // disable username and password autofills
defaultPref("signon.formlessCapture.enabled", false); // disable formless login capture

// autofill
defaultPref("extensions.formautofill.available", "off");
defaultPref("extensions.formautofill.addresses.enabled", false);
defaultPref("extensions.formautofill.creditCards.enabled", false);
defaultPref("extensions.formautofill.creditCards.available", false);
defaultPref("extensions.formautofill.heuristics.enabled", false);

// mouse and input
defaultPref("general.autoScroll", false); // prevent mouse middle click from triggering scrolling
defaultPref("middlemouse.contentLoadURL", false); // prevent mouse middle click from opening links
defaultPref("clipboard.autocopy", false); // disable autocopy to clibpboard

// containers
defaultPref("privacy.userContext.enabled", true); // enable containers
defaultPref("privacy.userContext.ui.enabled", true);  // enable containers ui

defaultPref("pdfjs.enableScripting", false); // block pdf js scripting

defaultPref("accessibility.force_disabled", 1); // block accessibility services

// devtools
defaultPref("devtools.chrome.enabled", false); // disable chrome debugging tools
defaultPref("devtools.debugger.remote-enabled", false); // default, disable remote debugging
defaultPref("devtools.remote.adb.extensionURL", ""); // url to download ad extension
defaultPref("devtools.selfxss.count", 0); // see https://gitlab.com/librewolf-community/browser/linux/-/issues/80

// misc
defaultPref("browser.shell.checkDefaultBrowser", false); // do not check if default browser
defaultPref("browser.tabs.drawInTitlebar", true); // hide titlebar
defaultPref("browser.aboutConfig.showWarning", false); // disable about:config warning
defaultPref("browser.download.autohideButton", false); // hide download button automatically
defaultPref("browser.download.manager.addToRecentDocs", false); // do not add downloads to recents
defaultPref("browser.tabs.loadBookmarksInTabs", true); // always open bookmarks in new tab

// -----------------------------------
// # TRACKING PROTECTION
// -----------------------------------

pref("browser.contentblocking.category", "strict"); // set tracking protection category, using pref solves the UI bug



lockPref("privacy.trackingprotection.annotate_channels", false); // reduce priority of trackers, remove if TP is on

// remove urls to fetch contentblocking lists.
// without these urls TP cannot work. the lists are not shipped with the browser but download on first launch.
defaultPref("browser.safebrowsing.provider.mozilla.updateURL", "");
defaultPref("browser.safebrowsing.provider.mozilla.gethashURL", "");

// disable blocking lists and hide ui elements in custom mode UI, if TP is enabled revert to true
defaultPref("privacy.trackingprotection.cryptomining.enabled", true);
defaultPref("privacy.trackingprotection.fingerprinting.enabled", true);
defaultPref("browser.contentblocking.cryptomining.preferences.ui.enabled", true);
defaultPref("browser.contentblocking.fingerprinting.preferences.ui.enabled", true);


// --------------------------------------
// # EXTENSIONS
// --------------------------------------

/**
 allow extensions to work on all domains.
 default is "debug-notes.log"
 */
 defaultPref("extensions.webextensions.restrictedDomains", "");

 // set extensions scopes
 defaultPref("extensions.enabledScopes", 5);
 defaultPref("extensions.autoDisableScopes", 11);
 
 defaultPref("extensions.postDownloadThirdPartyPrompt", false); // force install prompt for thrid party extensions
 
 /**
  prevent users from adding lang packs, which would cause leaks.
  default is https://services.addons.mozilla.org/api/v3/addons/language-tools/?app=firefox&type=language&appversion=%VERSION%
 */
 defaultPref("extensions.getAddons.langpacks.url", "");
 
 // about:addons ui
 defaultPref("extensions.getAddons.showPane", false); // disable recommendations section
 defaultPref("extensions.htmlaboutaddons.recommendations.enabled", false); // disable recommendations from addons list
 defaultPref("lightweightThemes.getMoreURL", ""); // disable button to get more themes
 
 // background checking and updating of extensions
 defaultPref("extensions.update.enabled", false); // disable automatic checks for extension updates
 defaultPref("extensions.update.autoUpdateDefault", false); // disable automatic installs of extension updates
 defaultPref("extensions.getAddons.cache.enabled", false); // disable fetching of extension metadata
 
 // extension firewall, disabled by default
 // defaultPref("extensions.webextensions.base-content-security-policy", "default-src 'none'; script-src 'none'; object-src 'none';");
 // defaultPref("extensions.webextensions.base-content-security-policy.v3", "default-src 'none'; script-src 'none'; object-src 'none';");
 
 // report site issue, disable button and url for in depth defense
 lockPref("extensions.webcompat-reporter.enabled", false);
 lockPref("extensions.webcompat-reporter.newIssueEndpoint", "");
 
 // system addons, prevent updates and strip url for in depth defense
 defaultPref("extensions.systemAddon.update.enabled", false);
 defaultPref("extensions.systemAddon.update.url", "");

// --------------------------------
// # URLS AND ANNOYANCES
// --------------------------------

// set librewolf support and releases urls
defaultPref("app.support.baseURL", "https://gitlab.com/librewolf-community/settings/-/wikis/support#");
defaultPref("browser.search.searchEnginesURL", "https://gitlab.com/librewolf-community/settings/-/wikis/support#search");
defaultPref("browser.geolocation.warning.infoURL", "https://gitlab.com/librewolf-community/settings/-/wikis/support#location");
defaultPref("app.feedback.baseURL", "https://gitlab.com/librewolf-community/settings/-/wikis/support");
defaultPref("app.releaseNotesURL", "https://gitlab.com/librewolf-community/browser");
defaultPref("app.releaseNotesURL.aboutDialog", "https://gitlab.com/librewolf-community/browser");
defaultPref("app.update.url.details", "https://gitlab.com/librewolf-community/browser");
defaultPref("app.update.url.manual", "https://gitlab.com/librewolf-community/browser");

// remove default handlers and translation engine
lockPref("gecko.handlerService.schemes.mailto.0.uriTemplate", "");
lockPref("gecko.handlerService.schemes.mailto.0.name", "");
lockPref("gecko.handlerService.schemes.mailto.1.uriTemplate", "");
lockPref("gecko.handlerService.schemes.mailto.1.name", "");
lockPref("gecko.handlerService.schemes.irc.0.uriTemplate", "");
lockPref("gecko.handlerService.schemes.irc.0.name", "");
lockPref("gecko.handlerService.schemes.ircs.0.uriTemplate", "");
lockPref("gecko.handlerService.schemes.ircs.0.name", "");
lockPref("browser.translation.engine", "");

// disable welcome, what's new pages and ui tour
defaultPref("browser.startup.homepage_override.mstone", "ignore");
defaultPref("startup.homepage_override_url", "about:blank");
defaultPref("startup.homepage_welcome_url", "about:blank");
defaultPref("startup.homepage_welcome_url.additional", "");
lockPref("browser.messaging-system.whatsNewPanel.enabled", false);
lockPref("browser.uitour.enabled", false);
lockPref("browser.uitour.url", "");

// ------------------------------------
// # NEW TAB PAGE
// ------------------------------------

defaultPref("browser.newtab.preload", false);
defaultPref("browser.newtabpage.activity-stream.section.highlights.includeDownloads", false);
defaultPref("browser.newtabpage.activity-stream.section.highlights.includeVisited", false);
defaultPref("browser.newtabpage.activity-stream.feeds.topsites",    false);

// hide pocket and sponsored content, from new tab page and search bar
lockPref("browser.newtabpage.activity-stream.feeds.section.topstories",    false);
lockPref("browser.newtabpage.activity-stream.feeds.system.topstories",    false);
lockPref("browser.newtabpage.activity-stream.feeds.telemetry", false);
lockPref("browser.newtabpage.activity-stream.feeds.section.topstories.options", "{\"hidden\":true}"); // hide buggy pocket section from about:preferences#home
lockPref("browser.newtabpage.activity-stream.showSponsored", false);
lockPref("browser.newtabpage.activity-stream.showSponsoredTopSites", false);
lockPref("browser.newtabpage.activity-stream.telemetry", false);
lockPref("browser.newtabpage.activity-stream.default.sites", "");
lockPref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", false);
lockPref("browser.newtabpage.activity-stream.discoverystream.enabled", false);
lockPref("browser.newtabpage.activity-stream.feeds.snippets", false); // default

// disable recommend as you browse
lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false);
lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false);

// --------------------------------
// # TELEMETRY
// --------------------------------

lockPref("toolkit.telemetry.unified", false); // master switch
lockPref("toolkit.telemetry.enabled", false);  // master switch
lockPref("toolkit.telemetry.server", "data:,");
lockPref("toolkit.telemetry.archive.enabled", false);
lockPref("toolkit.telemetry.newProfilePing.enabled", false);
lockPref("toolkit.telemetry.updatePing.enabled", false);
lockPref("toolkit.telemetry.firstShutdownPing.enabled", false);
lockPref("toolkit.telemetry.shutdownPingSender.enabled", false);
lockPref("toolkit.telemetry.shutdownPingSender.enabledFirstSession", false); // default
lockPref("toolkit.telemetry.bhrPing.enabled", false);
lockPref("toolkit.telemetry.reportingpolicy.firstRun", false); // default
lockPref("toolkit.telemetry.cachedClientID", "");
lockPref("toolkit.telemetry.previousBuildID", "");
lockPref("toolkit.telemetry.server_owner", "");
lockPref("toolkit.coverage.opt-out", true); // [HIDDEN PREF]
lockPref("toolkit.coverage.enabled", false);
lockPref("toolkit.coverage.endpoint.base", "");
lockPref("toolkit.crashreporter.infoURL", "");
lockPref("datareporting.healthreport.uploadEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled", false);
lockPref("security.protectionspopup.recordEventTelemetry", false);
lockPref("browser.ping-centre.telemetry", false);

// crash report
lockPref("breakpad.reportURL", "");
lockPref("browser.tabs.crashReporting.sendReport", false);

// normandy and studies
lockPref("app.normandy.enabled", false);
lockPref("app.normandy.api_url", "");
lockPref("app.shield.optoutstudies.enabled", false);

// personalized extension recommendations
lockPref("browser.discovery.enabled", false);
lockPref("browser.discovery.containers.enabled", false);
lockPref("browser.discovery.sites", "");

// connectivity checks
lockPref("network.connectivity-service.enabled", false);

// captive portal
lockPref("network.captive-portal-service.enabled", false);
lockPref("captivedetect.canonicalURL", "");

// prevent sending server side analytics
lockPref("beacon.enabled", false);

// --------------------------------
// # WINDOWS
// --------------------------------

// disable windows specific background update service
lockPref("app.update.service.enabled", false);
defaultPref("app.update.background.scheduling.enabled", false);

defaultPref("network.protocol-handler.external.ms-windows-store", false); // disable links launching windows store

lockPref("toolkit.winRegisterApplicationRestart", false); // disable automatic Firefox start and session restore after reboot

lockPref("security.family_safety.mode", 0); // disable win8.1 family safety cert

lockPref("default-browser-agent.enabled", false); // disable windows specific telemetry

defaultPref("network.http.windows-sso.enabled", false); // disable MS auto authentication via sso

// -----------------------------------
// # OVERRIDES
// -----------------------------------

// allow settings to be overriden with a file at `~/.librewolf/librewolf.overrides.cfg`
// or `~/.var/app/io.gitlab.librewolf-community/.librewolf/librewolf.overrides.cfg` (Flatpak).
let profile_directory;
if (profile_directory = getenv('USERPROFILE') || getenv('HOME')) {
  pref('autoadmin.global_config_url', `file://${profile_directory}/.librewolf/librewolf.overrides.cfg`);
}
 
Last edited:

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,700
Issues update: brick back tracking protection and set it to strict by default. (#95) · Issues · LibreWolf / Settings

brick back tracking protection and set it to strict by default.

as discussed in this issue I would be pro TP returning.
@ohfp said on matrix:
my thought was to then go forth with TP and to just add a "I want no "automatic" connections" FAQ entry (and adding the entries to put in the overrides file to disable TP there, as well as a note on how to remove ublock from the policies.json as well, for the initial-start-download-thingy).
@stanzabird also seemed to agree in the above mentioned issue, despite suggesting that we keep on being very careful with the connections that we allow (which we will, I agree with him).
if you agree for the next settings release I will add this, #94 and #93. I will also take care of the faq entry mentioned above.

@ fabrizio @fxbrit · 6 days ago

Author Maintainer

my proposal would be to have this single TP pref in the sanitizing section:
tp
all the rest of the tracking protection prefs can be trimmed as they are redundant or no longer relevant. the ones that control the UI of about:protections can be moved to the annoyances section, effectively eliminating the need of a dedicated TP section in the .cfg (so improving readability as less lines of code).
despite being redundant I would suggest we keep defaultPref("network.cookie.cookieBehavior", 5); as a way to enforce dFPI.
 

Andrew999

Level 24
Verified
Top Poster
Well-known
Dec 17, 2014
1,355
Hi, I was wondering if people knew if there is much difference between Waterfox and Librewolf? I heard something like Waterfox was bought by an ad company or something like that ages ago, which is pretty bad in my opinion even if they say it is nothing to worry about. Also is Librewolf's updates not far behind Firefox such as security updates, because some Forks can take like a week to update security updates and that is quite a long time.

Thanks for the help.
 

HarborFront

Level 72
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,158
Hi, I was wondering if people knew if there is much difference between Waterfox and Librewolf? I heard something like Waterfox was bought by an ad company or something like that ages ago, which is pretty bad in my opinion even if they say it is nothing to worry about. Also is Librewolf's updates not far behind Firefox such as security updates, because some Forks can take like a week to update security updates and that is quite a long time.

Thanks for the help.
So far LW updates are very close to FF after the latter releases. A few days later you'll get LW update

Not sure about Waterfox though

EDIT

Found some info on Waterfox here

 
Last edited:

CyberDevil

Level 9
Verified
Well-known
Apr 4, 2021
415
I wonder if you would use internet banking with this browser? Wouldn't it be better to apply similar settings via local policies and user.js to Firefox? I am concerned about possible vulnerabilities, both intentional and unintentional, that may be in a product from unknown developers. Or do they have a very good reputation?
 

klepto

Level 2
Jun 14, 2020
77
I wonder if you would use internet banking with this browser? Wouldn't it be better to apply similar settings via local policies and user.js to Firefox? I am concerned about possible vulnerabilities, both intentional and unintentional, that may be in a product from unknown developers. Or do they have a very good reputation?

What browser is free of vulnerabilities? There is often in development of any application a patch to fix something which creates an attack vector. As far as the developers of LibreWolf I'm not sure of their reputation. Google has a terrible reputation and yet it doesn't stop people from using Chrome and Chromium.
 

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,700
It is faster than firefox and being hardened by default via librewolf.cfg is quite nice.
+1
What browser is free of vulnerabilities? There is often in development of any application a patch to fix something which creates an attack vector. As far as the developers of LibreWolf I'm not sure of their reputation. Google has a terrible reputation and yet it doesn't stop people from using Chrome and Chromium.
Indeed!
Or do they have a very good reputation?
Their updates are lightning fast, usually a day or so following FF.

And they have a very set, slim portion of FF code which they keep track of, slicing and dicing where needed.

They are responsive to questions and issues on GitLab, especially the Windows developer.

They always publish the hash of the new version so you can check.
 

HarborFront

Level 72
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,158
I wonder if you would use internet banking with this browser? Wouldn't it be better to apply similar settings via local policies and user.js to Firefox? I am concerned about possible vulnerabilities, both intentional and unintentional, that may be in a product from unknown developers. Or do they have a very good reputation?
Bank apps may only recognize mainstream browsers. Similarly, for some sites. LW is not a mainstream browser
 

gigi64

Level 4
Verified
Well-known
Sep 14, 2012
168
LW v95.0.1 released. Get it from below

Capture.JPG

🤔
 
Last edited by a moderator:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top