intika / librefox Goto Github PK
View Code? Open in Web Editor NEWLibrefox: Firefox with privacy enhancements
Home Page: https://librefox.org
License: Mozilla Public License 2.0
Librefox: Firefox with privacy enhancements
Home Page: https://librefox.org
License: Mozilla Public License 2.0
https://github.com/intika/Librefox#about
Yesterday I said I don't mind being listed in there, but today I noticed that you accept donations, so I take that back. I'm glad that my work helps you and your project, and I'm grateful for your support ❤️, but so far I've never made a contribution to this project specifically, and I don't accept donations for my work.
If I ever do contribute (I'm not discarding that possibility!), then I won't mind being in that list.
Thanks in advance.
Choice over a settings page:
(1) In both of those cases easy accessible whitelist needs to be available
Hello is it possible to have the developer edition for librefox?
Based on comment from article about Firefox price tracking feature:
user_pref("dom.push.connection.enabled", false);
user_pref("dom.push.enabled", false);
user_pref("dom.webnotifications.enabled", false);
user_pref("dom.webnotifications.serviceworker.enabled", false);
At the very top of the about:license page, one can read the following statement:
"Binaries of this product have been made available to you by the Mozilla Project under the Mozilla Public License 2.0 (MPL). Know your rights."
We need to change the ”Mozilla Project" part to "Librefox Project" or similar, whatever intika has in mind here should be applied. Furthermore, as long as there is no Librefox website, I think the link leading to the Mozilla homepage should be replaced with this GitHub page.
Furthermore, I noticed that the Waterfox project has a sentence in the "About Waterfox" version info / update checking window which states the following:
"Waterfox is not associated with Mozilla."
It is at the bottom of the window, see here: https://www.ghacks.net/wp-content/uploads/2018/05/waterfox-56.2.0.png
I think we should include this sentence as well, just replacing "Waterfox" with "Librefox" here.
The "Know your rights" part leads to the about:rights page. There it states:
Mozilla Firefox is free and open source software, built by a community of thousands from all over the world. There are a few things you should know:
We need to replace "Firefox" with "Librefox" here. Not sure what to do with the "community of thousands all over the world". Technically this is true, as thousands of people have contributed to the Firefox code upon which Librefox is built, but then, this statement might be a bit gross in relation to the Librefox project if we let it stand as is.
Firefox is made available to you under the terms of the Mozilla Public License. This means you may use, copy and distribute Firefox to others. You are also welcome to modify the source code of Firefox as you want to meet your needs. The Mozilla Public License also gives you the right to distribute your modified versions.
We need to replace "Firefox" with "Librefox" throughout this paragraph, I think the rest is true still.
You are not granted any trademark rights or licenses to the trademarks of the Mozilla Foundation or any party, including without limitation the Firefox name or logo. Additional information on trademarks may be found here.
Again, we need to replace "Firefox" with "Librefox" here. Additionally, we need to replace "Mozilla Foundation" with "Librefox Project" or similar here. The "here" word has a link attached to it leading to a Mozilla page. As that info is applicable to Firefox and was not released by us, I think we shouldn't keep the last sentence at all.
Some features in Firefox, such as the Crash Reporter, give you the option to provide feedback to Mozilla. By choosing to submit feedback, you give Mozilla permission to use the feedback to improve its products, to publish the feedback on its websites, and to distribute the feedback.
This can be deleted completely.
How we use your personal information and feedback submitted to Mozilla through Firefox is described in the Firefox Privacy Policy.
This does not seem to be applicable to the Librefox project at all, as almost all telemetry is gutted. However, once (if ever) Librefox introduces a working updater, the operating system and version of the browser must be submitted to the Librefox Project at least, as there is no other way to deliver the correct data. That being said, the Waterfox project has set up a privay notice that could inspire such a page for the Librefox project. See here: https://www.waterfoxproject.org/en-US/privacy/waterfox/ Some snippets of this are applicable to use, some are not (due to the gHacks-user.js being very strict in terms of the connections it allows).
Some Firefox features make use of web-based information services, however, we cannot guarantee they are 100% accurate or error-free. More details, including information on how to disable the features that use these services, can be found in the service terms.
I leave it to developer to decide what to make of this. I have no idea, really. Especially the about:rights#webservices page should be reviewed and modified for ourpurposes.
In order to play back certain types of video content, Firefox downloads certain content decryption modules from third parties.
This can be deleted completely.
The Firefox Account feature is disabled, could you explain why?
Is it possible to make portable versions for Windows?
Hello
Can I know why do you say in your README: "unrecommended https-everywhere"?
You should instead recommend it, no?
Thank you
Introduce more customization options in the Librefox, possibly via a cooperation with CustomCSSforFx (Classic Theme Restorer).
Something similar to chrome://flags
or equivalent
Enterprise policies (similar to enterprise-policy-generator)
Also have a look at https://github.com/allo-/firefox-profilemaker this could be helpful
mozilla.cfg and policy over a setting page
Include https://ffprofile.com/ ?
Include #39
Include #53
Develop an easy to use firewall system for extensions (button/hosts/allow/deny/per-addon)
Take in consideration advanced users that want to have a hardened browser by default
Add on suggestions [and other privacy related suggestions] mentioned at the following websites for consideration/integration:
Prism Break: https://prism-break.org/en/categories/windows/#web-browser-addons
Privacy Tools: https://www.privacytools.io/#addons
Someday we will see the Android version of Librefox?
Following #34 many settings have to be defaulted to a different value while leaving the choice for the user... Here are some pro developer feedback for Librefox
Eloston
What do you think made ungoogled-chromium successful ?
"Success" is a pretty broad term. I will assume you define "success" based on the number of users, what users say about the project, and the kinds of bug reports this project receives. In that case, there are several points I can note (in no particular order of importance):
Continual desire to improve the project and oneself. I think this is the most important point. I mainly gather ideas based on feedback, experiences from this and past software projects, and experimenting with software in general. I also gather ideas by reading code and docs from Google, reading technical blog posts about software, and reading about new developments in software engineering.
Dedicating a lot of time to the project. Especially in the following areas:
Consistent attention to overall quality of documentation, code, and user experience (building the browser, using the browser, downloading pre-built binaries, reading documentation, etc.)
Also one thing, a lot of people asked me about mozilla trademark (Firefox) while i was disturbing a patched version it's curious that uc did not face this problem, i guess google folks are more permissive.
This project is not widely known, and people aren't confusing it with the trademarked Chrome and Chromium. If it becomes an issue, then I'll be fine with changing it.
Do you have any advice/comments regarding the direction of my project ?
I don't know much about Firefox, so I can't give you any specific advice. Hopefully my comments on what made this project successful will help you too. Regardless, I am glad that my project has inspired you to create Librefox. I wish you luck with it!
Moonchild
Pants
Also, already looked at, but need to re review for new version
/* ALREADY COVERED: by master pref extensions.pocket.enabled ***/
extensions.pocket.api ""
extensions.pocket.oAuthConsumerKey ""
extensions.pocket.site ""
/* INFO URLS ETC: require user interaction (e.g Help>Submit Feedback) ***/
app.feedback.baseURL ""
app.releaseNotesURL ""
browser.contentblocking.reportBreakage.url ""
datareporting.healthreport.infoURL ""
toolkit.crashreporter.infoURL ""
toolkit.telemetry.infoURL ""
privacy.trackingprotection.introURL ""
/* DEFAULT IS SAME
this is generally a bad idea: if FF disables something due to a security concern, the
end user who doesn't keep up to date with changes
(IF you do them) is now fucked over) ***/
browser.offline-apps.notify true
browser.safebrowsing.passwords.enabled false
html5.offmainthread true
security.sri.enable true
security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256 true
security.ssl3.ecdhe_ecdsa_aes_256_sha true
security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256 true
security.ssl3.ecdhe_rsa_aes_128_gcm_sha256 true
security.ssl3.ecdhe_rsa_aes_256_sha true
security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256 true
/* NOT PRIVACY etc related ***/
[i] browser.download.animateNotifications false
browser.tabs.closeTabByDblclick true
/* covered by dom.enable_performance (& also RFP) ***/
dom.enable_performance_navigation_timing false
/* is only exposed to chrome
( https://trac.torproject.org/projects/tor/ticket/27268#comment:2 ) ***/
dom.mozTCPSocket.enabled false
/* only used in a single test ***/
browser.formfill.expire_days 0
/* specifically removed because people don't understand it
(and we don't want to encourage Tor over FF) ***/
[i] network.dns.blockDotOnion true
Use GPG signatures with sha256 / blake instead.
How do you feel about creation a Privafox edition based on the current Firefox ESR version? In this case, you can even use Tor Browser as a base of your set.
Also add install instruction for linux (ubuntu)... windows etc.
in privafox "privacy.sanitize.sanitizeOnShutdown" is defaulted to true...
when the config file is used normally with pref("privacy.sanitize.sanitizeOnShutdown", true);
the setting is not applied
when used with mozilla.cfg the setting is enforced BUT its value is string type even if it's set true without quotes... (but the setting work even if its a wrong var)
to be able to default this settings the used value is string so pref("privacy.sanitize.sanitizeOnShutdown", "true");
it works but the side effect is this option can not be disabled in the ffox settings anymore and the gui show a wrong value.
in short this seems to be a ffox bug where this value is incorrectly set to string instead of bool.
This could affect ghacks too where the setting is just ignored... when set without quotes which is the case.
Any way temporary solution is set with quotes
Appimage for Linux and portable for Windows (paf format ?)
I noticed that all releases can only work on 64-bit platforms, but sometimes we may have to run firefox on 32-bit ones. It would be prefect if Librefox can run on 32-bit OSes!
This is more of a general concept than about a specific fingerprinting method.
The TOR browser and many privacy focused addons attempt to limit the fingerprinting potential by reducing the amount of unique information. however that information in itself can be used for fingerprinting as well and the same is true for a browser with a relatively small user base. this gets even worse if users make custom changes. so there appears to be an upper bound for privacy.
however this does necessarily not have to be the case. instead of limiting information and advising users to not make any changes do the opposite: spew out randomized fake information. this is even more effective as adversaries think they got valuable information and populate their databases with it. this is theoretically possible to do with every bit of information that does not inevitably affect usability but that is already the case with common anti fingerprint methods.
there are some obstacles though. inconsistencies between different bits of information could theoretically be detected. however this requires extra effort and is only viable if enough information is being collected in the first place. in the worst case though an adversary would still only know you are faking data and thus use a browser that does this which is as good as the best case for classical methods. to counteract this you need a logic that keeps consistency that immitates common browsers in varying configurations and keeps the decoy over the lifetime of a website session.
it is more challanging overall becuase it requires dynamic changes instead of just static ones but is best to lay the foundations early on.
Add android version (main firefox)
Various secondary to-do:
Addons code to check:
Please consider incorporating Ubuntu's global menubar patch for better integration with desktop environments that support global menus, such as KDE Plasma and MATE or XFCE with the appmenu extension.
Is there an about:config setting that affects this?
Hi
Every browser except Librefox can access my Jellyfin (fork of Emby) no problem, but librefox shows me a constant loading circle when I try to open the Jellyfin web page :( The page load seems to take forever and never reaches to the landing page of Jellyfin
I am using LF on Win 10 x64
thanks
This include changing the logo, trademarking and using Librefox own user profile etc.
It seems that "Apply Librefox Manually" section is a duplicate of "Building And Packaging".
Hello,
I try to logon onto https://web.whatsapp.com/, but QR code doesn't appear.
https://forum.palemoon.org/viewtopic.php?f=4&t=21123&sid=75f9612f87b1ee17fa26e4a237c8c696#p158485
The palemoon creator took his time to list a couple of problematic things about this project.
IMHO it's just another example of copy-pasta of insane configurations, and it's not something new or better or different than any of the other similar things I've seen out there. It's not even a rebuild, it's just reconfigured, and questionably so.
I agree with this criticism 100% and I suggest a general discussion about of where the project should be going.
There's only one niche where Librefox can be successful: Create an up-to-date Firefox-copy that does essentially the same; simply with less Mozilla, less Google and more customization, flexibility and control.
There isn't a demand for a locked-up hardcore user.js that makes browsing a pain.
Question: Which files do I need to execute to install/run?
(sorry for noobish-ness)
Design a Librefox logo to replace the temporary one on this page
I've just scanned the latest version and Virus Total presented these issues - https://www.virustotal.com/en-gb/file/0028f58b9498659884f173d995bdbda15c02b91564c8954de321db16f31d688d/analysis/1545598643/
Should we be concerned? If not why not?
Thanks
Hi there! I'm a member of privacytools.io, and today I've created a discussion on https://github.com/privacytoolsIO/privacytools.io/issues/698. I think it would be quite beneficial to join the forces, review and merge existing tweaks from both projects (our recommended settings are listed here: https://www.privacytools.io/#about_config, and add-ons are available here: https://www.privacytools.io/#addons), and eventually refer you guys there. Feel free to comment here and there in the project and let us know what you think! Cheers!
Hello,
Google Translate doesn't work on RU domain (https://translate.google.ru), but work without any problem on COM domain (https://translate.google.com). Maybe issue can appear on other domains.
This makes project unappealing for new users. Just saying 😄
Hello intika,
I found that you have developed this browser which includes the gHacks-user.js. And that's great! We definitely need more browsers respecting user privacy by default. I am currently using this browser along with Ungoogled-Chromium.
Previously, I have used (and contributed some small code snippets to) Waterfox as well, but it seems to be stuck at the Firefox 56 base for too long. Not sure why, as Mozilla has removed all legacy add-ons from AMO anyway. Therefore, even as support for them is nice, most users have no way to download them as it stands. Anyway... I wanted a newer code base, and this project is what I have searched for. Thank you very much for your efforts.
Now, I think this project can be improved in some ways. I have a few ideas, and would like to present them to the dev for consideration and to the community for discussion.
I believe that Mozilla, as it stands, introduces more and more unwanted changes into Firefox. Some things I personally consider annoying and / or redundant are as follows:
Moreover, I feel like the customization options in Firefox Quantum are pretty limited due to the removal of legacy add-ons. While I don't miss many legacy add-ons, I feel like Firefox should offer more UI customization options, much like Vivaldi does.
How does all this relate to Librefox? Well, I think Librefox does a great job of disabling a great deal of the unwanted features above. However, some things like the option to never download browser updates cannot be restored via the gHacks-user.js. This would require deeper changes. I have read somewhere that Firefox allegedly still supports the option do disable updates entirely in the enterprise policy editor.
Furthermore, I don't think offering a more privacy-oriented Firefox is enough to attract a wider scope of potential users. Vivaldi's success is built upon its many customization features, for example. I strongly believe that this project should include CustomCSSforFx by default. CustomCSSforFx is a set of userChrome.css code that can alter the entire Firefox appearance, much like it has been possible with Classic Theme Restorer historically. The developer is the very same person.
I would like to see those customization options introduced in the regular "Customize..." menu of the browser. I want to check a box and the change in appearance should occur. As it stands, I have to tackle things in userChrome.css quite a bit, involving restarts of the browser to make the changes apparent. This is not user-friendly at all. A browser introducing those options by default would be a dream come true.
Somewhat connected to this, I'd like to see a those customization options in Librefox ESR only. The code base, including UI code, changes too much across major versions for those changes to be reasonably maintainable for each major Firefox release. Therefore, I'd limit those customization options to Librefox ESR.
TL;DR:
Thanks again for your great effort, intika. Thanks to all for their attention.
I think it's a good idea to recommend EME-free builds for Windows and macOS instead regular ones.
They can be found here, for example: https://ftp.mozilla.org/pub/firefox/releases/64.0/
Test/Fix compatibility on those sites:
1 . I extracted the Librefox-2.1-Firefox-Win-64.0.0-x64.zip to a folder in D drive .
2 . Then I clicked on the setup.exe .
3 . It told me to close my firefox . I knew at this moment it gonna use default firefox profile . So I created two firefox profile . Unhecked " Use the selected profile without asking at start up.
4 . Again clicked on the setup.exe . When installed finished , firefox showed me the profile manager .
5 . I created a new profile called librefox . Tested some websites & played with it. So there are now 3 profiles.
6 . But when I closed firefox & opened my default profile .Everything was changed .
7 . Unable to access passwords. It is greyed out. History is gone . That is my default firefox profile.
I want to know what I did wrong . Why & how did it change my default profile when I created a new profile to begin with ? Also , I want to know how to install , use librefox with default firefox side by side. .
Hello,
I can't open legal site like https://flow.polar.com/ and can't change options security.ssl.require_safe_negotiation to false. How I can use my favorite site?
STR:
Ctrl
& F
to toggle the search box.Actual Result:
the search box is now colorized as well as the address box.
This is simply my thank you for making this happen. I've seen Firefox getting worse and worse over time and while I always had to do stuff manually, you provided a fully built and ready-to-go version with so much more than I could ever have done.
Thank you for caring about privacy.
Add new contributors
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.