My new (old) favorite browser - LibreWolf

13 respuestas [Último envío]
andyprough
Conectado
se unió: 02/12/2015

I've been trying out LibreWolf's appimage recently, and getting outstanding results with it, especially in terms of resource usage. In my tests, it is using less memory and cpu than abrowser, firefox, and any of the chromium-based browsers I've tried. In terms of privacy and security, it seems to be about on a par with abrowser - which is quite good.

I welcome any comments and corrections.

calher

I am a member!

Desconectado/a
se unió: 06/19/2015

LibreWolf is free software to my knowledge, but it does not comply with
the GNU Free System Distribution Guidelines, because it asks the user
if they want to enable DRM.

The only solution is Abrowser. I tried building a Flatpak for it, so it
could run on non-Trisquel systems, but getting Mozilla browsers to
build is notoriously difficult.

koszkonutek
Desconectado/a
se unió: 03/19/2020

> LibreWolf [...] does not comply with the GNU Free System Distribution Guidelines, because it asks the user if they want to enable DRM.

Thank you for pointing out the right thing :)

> The only solution is Abrowser.

What isn't Ungoogled Chromium a solution? Is it not FSDG-compliant? It is even present in one ethical distro (Guix). I am willing to believe it is not as secure as FF-based browsers but that is not an issue for software freedom

Avron
Desconectado/a
se unió: 08/18/2020

> What isn't Ungoogled Chromium a solution? Is it not FSDG-compliant? It is even present in one ethical distro (Guix). I am willing to believe it is not as secure as FF-based browsers but that is not an issue for software freedom

https://labs.parabola.nu/issues/2512 is my reference information on that topic.

As I understand it, ungoogled-chromium is still to be thoroughly assessed by the FSF.

koszkonutek
Desconectado/a
se unió: 03/19/2020

Which I guess will never happen.

Seriously, it's not just that FSF is not doing many important things that should be done. After all, limited amount of resources could be an excuse for that. The actual problem is FSF doing useless of even harmful things *instead* of those important ones. One of those harmful things is recommending of IceCat which is apparently unmaintained. The latest release seems to have recently celebrated its 2nd birthday. People should rather be warned against using it - for security reasons (I realize most forked browsers are not as delayed and insecure as some online articles say, but IceCat is an exception that is indeed a lot behind).

I could go on with LibreJS circus, FSF's git hosting site idea, etc. But the final though is this: FSF is not reliable (feel free to ask me to elaborate on that in some new thread). I am not saying FSF is thoroughly bad - it serves its purpose of officially representing the swfreedom movement. But it is not good enough on other sides...

And all this leads me to a conclusion that we should make our own opinions on things like Ungoogled Chromium

Avron
Desconectado/a
se unió: 08/18/2020

> One of those harmful things is recommending of IceCat which is apparently unmaintained. The latest release seems to have recently celebrated its 2nd birthday. People should rather be warned against using it - for security reasons (I realize most forked browsers are not as delayed and insecure as some online articles say, but IceCat is an exception that is indeed a lot behind).

Is the FSF still actively promoting IceCat or is that just on not updated web pages?

> I could go on with LibreJS circus

I would be interested in your lights on this.

I have read https://trisquel.info/en/forum/software-freedom-movement-challenge-javascript-trap and I share your frustration that we don't have an exension able to block a site's script and load the user-installed script instead. I looked at Greasemonkey but I couldn't find anything attempting to make a site functional without the site's scripts, not even partially functionnal.

So far, I am trying to check the scripts blocked by LibreJS one by one but this is a tedious task and I don't really know how to make a decision on whether to run each script or not (I assume checking the comment on a license is not enough). The most basic thing could be to store the scripts and indicate at any later visit of the same site whether the scripts were changed or not and decide whether to run the updated version or not.

On site diversity, my first target would be discord because this is what so many useful software projects use as a community forum, so that would be reusable for many sites. That said, I still wonder why we can't use other tools for that. Isn't there any web forum without javascript? In any case, there are mailing lists with archives and newsgroups, using them would avoid the user having to execute scripts.

Coming back to Ungoogled Chromium, I have been using it a bit as it is available with Guix. So far, I have not found how to have it autonomously delete everything upon exit, which works fine with Abrowser. To have a more educated opinion, I would need to read more on chromium and on what the ungoogling exactly does and does not.

koszkonutek
Desconectado/a
se unió: 03/19/2020

> Is the FSF still actively promoting IceCat or is that just on not updated web pages?

Idk. What I know is that some people do still use it and that it is still fairly easy to reach IceCat reasources and get a false impression that it is indeed a secure browser. There are quite many links and references to it on other GNU pages. And I might have been wrong blaming FSF - it seems to be mostly GNU's business.

> I would be interested in your lights on this.
>
> I have read [...]

Someone just opened a new thread on that, I shall post all relevant information there if nobody did it yet. Give me a few minutes:
https://trisquel.info/en/forum/librejs-ranting

> I looked at Greasemonkey but I couldn't find anything attempting to make a site functional without the site's scripts, not even partially functionnal.

Even if you found such scripts, you would still need to use another extension to block sites' own scripts because Greasemnkey can't do that. Another problem with Greasemonkey is that it evaluates user-provided scripts in a privileged context instead of page's context. There might me incompatibilities that would make it difficult to load some javascript libraries. Plus security issues.

> The most basic thing could be to store the scripts and indicate at any later visit of the same site whether the scripts were changed or not and decide whether to run the updated version or not.

The extension I am working on can already substitute arbitrary scripts for pages' ones. As to automatically storing original scripts (for later comparison or modification) - that is a planned feature.

> On site diversity, my first target would be discord because this is what so many useful software projects use as a community forum, so that would be reusable for many sites. That said, I still wonder why we can't use other tools for that. Isn't there any web forum without javascript? In any case, there are mailing lists with archives and newsgroups, using them would avoid the user having to execute scripts.

There are freesw forums that work without JS (well, this one does) but something with closest use case to Discord would be Matrix. A standalone desktop client can be used for it.
As to Discord being the first target... that could be hard. For first targets I would choose simple sites that can be fixed in short time.

> So far, I have not found how to have it autonomously delete everything upon exit

For enabling auto-deletion of cookies&friends on exit, see the picture I attached (it shows the settings page). For browsing history you would probably need to use Incognito Mode. Anyway, history and passwords are IMHO not as important for the browser to forget because they cannot be used for tracking in the fashion cookies can

uc0.png
Avron
Desconectado/a
se unió: 08/18/2020

> As to Discord being the first target... that could be hard. For first targets I would choose simple sites that can be fixed in short time.

Sorry, I meant discourse, I am always confusing these names.

I agree that simple site first is reasonable, but software used on many website is also a nice target as it can solve many websites at once.

koszkonutek
Desconectado/a
se unió: 03/19/2020

> I agree that simple site first is reasonable, but software used on many website is also a nice target as it can solve many websites at once.

True. Stripe and reCaptcha are examples. And I believe both could be accomplished without any REing, by just rewriting some free software java or python code into js

Abhiseck Paira
Desconectado/a
se unió: 05/16/2021

> Seriously, it's not just that FSF is not doing many important things
> that should be done. After all, limited amount of resources could be
> an excuse for that. The actual problem is FSF doing useless of even
> harmful things *instead* of those important ones. One of those harmful
> things is recommending of IceCat which is apparently unmaintained. The
> latest release seems to have recently celebrated its 2nd
> birthday. People should rather be warned against using it - for
> security reasons (I realize most forked browsers are not as delayed
> and insecure as some online articles say, but IceCat is an exception
> that is indeed a lot behind).

GNU Icecat is produced by running a bunch of scripts on Firefox. The
scripts are regularly maintained (See the Icecat's source
repository). Both Guix and Parabola (and AUR version for other Arch
based distro users) ship a version of Icecat based on latest Firefox ESR
release (Currently 78.10 or something).

I use Icecat all the time, and it's best browser even for non tech savy
users.

--
Abhisek Paira
E34E 825B 979E EB9F 8505 F80E E93D 353B 7740 0709
"There is no system but GNU, and Linux is one of its kernels."

koszkonutek
Desconectado/a
se unió: 03/19/2020

> GNU Icecat is produced by running a bunch of scripts on Firefox. The
> scripts are regularly maintained (See the Icecat's source
repository). Both Guix and Parabola (and AUR version for other Arch
> based distro users) ship a version of Icecat based on latest Firefox ESR
> release (Currently 78.10 or something).

I didn't realize Guix has an up-to-date version. When referring to IceCat, I meant exclusively the version available on GNU website and that version got frozen at 60.7. It can be found here:
https://ftp.gnu.org/gnu/gnuzilla/

As to other rebranded FF forks - they are OK. Unfortunately, other pages on gnu.org lead people to that very ftp server and not to distros' up-to-date releases :/

andyprough
Conectado
se unió: 02/12/2015

> LibreWolf is free software to my knowledge, but it does not comply with
the GNU Free System Distribution Guidelines, because it asks the user
if they want to enable DRM.

That used to be true, to my knowledge. But the more recent versions of Librewolf ship with a non-functional "DRM" button in preferences that is enforced off by default.

They do have a web page where they tell users the changes they would need to make by hand to librewolf.cfg if they wanted to enable DRM. But it's no longer as simple as clicking one button in preferences.

abrowser is better because, I believe, DRM is not something that is compiled into the package, and so it cannot be enabled by manually changing some settings in a config file.

calher

I am a member!

Desconectado/a
se unió: 06/19/2015

A few days ago, I actually contacted the LibreWolf team and asked them
if it would be too much of a burden for them to make a few more changes
so that their browser would be similar to Abrowser, so that it will be
FSDG-compliant, so that we can include it in the free distros, so that
we don't have TEN DIFFERENT AD HOC REBRANDED BROWSERS.

They said removing the DRM option was too extreme, that they are more
concerned about security than free software.

andyprough
Conectado
se unió: 02/12/2015

Well, the DRM option is enforced off by default, and no part of widevine touches your browser unless you specifically alter the software by hand to make it go out and download widevine. So that's a lot better than 99.99% of all other non-abrowser and non-icecat browsers.

Besides which I'm not in agreement that we need convergence of abrowser and LibreWolf. I find that abrowser is best suited for higher security, higher privacy browsing, and LibreWolf is a faster, lean browser than works by default on more websites. It's good to have both on my system, and since they are both willing to reside together, it seems good overall to have the two options. Especially in this day and age when regular Firefox is so rapidly turning into such a remarkably undesirable browser from my viewpoint.