Show HN: Fast Transition from Firefox to Librewolf
After looking at various browser alternatives to Firefox (my daily driver for years), I decided to try LibreWolf and the transition was trivial on a Debian based system (by HN standards). My extensions even ran without logging in (YMMV).
First install LibreWolf: sudo apt update && sudo apt install extrepo -y sudo extrepo enable librewolf sudo apt update && sudo apt install librewolf -y
Second: After closing Firefox, copy Firefox profile (in ~/.mozilla/firefox/) to Librevox profile (in ~/.librewolf/).
Note: I copied the profile into the default profile (as seen in about:profiles) not default-default. I then launched the profile and all my tabs were restored, bookmarks, logins, etc. I will update if something seems broken.
Careful with following these instructions, because the profile contains the user settings file. You are effectively nullifying librewolfs changes to the standard settings which are there to disable firefox's tracking/suggestion/analytics features.
Just make sure to diff them at least or migrate the parts you want to keep.
So I did the same thing of installing Waterfox and copying the profile over. In Waterfox, the telemetry remains disabled and cannot be activated even if you want to - the use of an existing FF profile does not enable them. I verified this by going through a howtogeek page[1] and verifying the active settings.
[1] https://www.howtogeek.com/557929/how-to-see-and-disable-the-...
I'm considering moving to LibreWolf, and also promoting it in various ways, so some due diligence questions on my mind:
1. How responsive is LibreWolf to security updates? (Once Firefox pushes them out to users, how soon are LibreWolf users then also protected from the now-public vulnerabilities.)
2. Who maintains LibreWolf? Who is in position to vet Mozilla code, vet LibreWolf-specific code, modify, or release code? How are new people given these powers? What is the protection against bad actors on the team, or compromising people on the team?
3. Given some of the odd behavior in the last few years, is there a plan if, hypothetically, a Mozilla executive were to somehow cut off or sabotage LibreWolf? (For example, plan to pivot to doing a hard fork, while somehow assembling and vetting sufficient volunteers to make that viable? Or plan to rebase off some European or LatAm gov't-funded hard fork, while performing much the same third-party vetting&tweaking distro function as done now? Or plan to give up?)
4. Are there any thoughts on when it might make sense to get under the funding&governance umbrella of some tech public interest organization?
5. Any thoughts on moving to official Debian packages (e.g., a combination of the official Stable-track channels for something Firefox ESR-like, plus the Debian Backports channel for the latest browser features)?
(Please note that these infosec questions aren't intended to reflect negative impressions of LibreWolf. The reason for asking is that there are positive impressions of LibreWolf, and these are some questions to consider when moving forward.)
(2) is a real concern that I also share
on their page, this is the only information on the project admin: https://codeberg.org/ohfp
who is this? can I trust them with literally my entire digital life and that of my family?
this is a serious problem, "ohfp" might very well be trustworthy but at present there's no way to know
your (4) would go a real way to solving this, but for now I'm not biting
I'd rather take the risk that mozilla sell me some ads than use a browser with zero provenance
I wonder how big the patchset is vs. upstream, and how hard it is to compile yourself.
I’m not suggesting end-users do this, but I could see, e.g., a debian maintainer doing it.
For no 1 - see https://librewolf.net/docs/faq/ looks like 3 days, sometimes same day
Thank you, that's unfortunate. (Incidentally, I like that their FAQ has some good questions and honest-seeming answers.)
I think I've sometimes seen security update delays that bad from Tor Browser, but that's also bad there.
I think the security update delay situation would need to be improved.
Especially on (2). Given that we are moving away from Firefox because of a trust issue with the maintainer, how does LibreWolf make this any better?
[dead]
If you're interested in moving over to LibreWolf, I also submitted a thread[0] to /r/LibreWolf for recent Firefox refugees asking for suggestions and comments on how people dealt with the transition. It has nearly 100 comments, and some good info.
[0]:https://old.reddit.com/r/LibreWolf/comments/1j0ckr9/recent_f...
I've been using it on macOS for quite some time now, coming from Safari, and am really happy with it. I use homebrew like so:
brew install librewolf --no-quarantine
brew upgrade librewolf --no-quarantine
After a bit of wrestling with a few per page settings, I have most websites running how I like them.
I use Zoom Page WE to manage per page zoom levels, this alone was a game changer for me compared to Safari.
I'm planning to fully switch to Linux someday which will probably be arch so I've done a test setup. I've installed the https://aur.archlinux.org/packages/librewolf-bin package and that worked equally well.
Do note that LW deletes all cookies upon exit. This default setting can be changed of course, but it tripped me up.
I found deleting all cookies upon exit to be really nice, in combination with a whitelist with some often used and trusted sites. The address/search bar is much more responsive and useful! I also adapted the practice of bookmarking anything and everything that I might want to find back later, throwing everything in one folder – only adding a few top-of-the head tags. It has become my second brain, and has made it super easy to fetch back stuff that I only vaguely remember.
Cleaning out all my browser history after every exit really has changed my relationship with the address bar.
Another way of looking at this method is as an antidote to ending up with hundreds of open tabs – I just bookmark it and close it, knowing I'll find it back later when I actually need it :)
It tripped me up too initially, but they added a nice workaround to it so one doesn't need to disable the deleting cookies completely.
On the pages where you want to stay logged in like in HN, click the lock icon left of the URL and toggle "LibreWolf: Always store cookies/data for this site" and that's it.
There's certainly something refreshing about knowing exactly for which sites I'm storing cookies (so far kagi, HN, gmail, YT...)
Interesting. This is actually behavior that I already prefer and enable in Firefox. It makes sense when you leave browser instances open for long periods of time (with multi-account containers for a large number of tabs that you save and restore the session of) and use a password manager to sign in when you do restart.
> sudo apt update && sudo apt install extrepo -y sudo extrepo enable librewolf sudo apt update && sudo apt install librewolf -y
The problem, at least for me, is that it requires confidence and trust to give away what is root access to my system and my life and hope they don't intentionally or unintentionally abuse it (malware). I'm sure they are trustworthy people but I would be lying if I said it didn't fill me with anxiety.
There is a Flatpak, if you wish; as far as I understand it does not run code as root.
Installing Flatpak itself requires root, which means it's adding just a little more attack surface just to use Flatpak. Not a big concern of mine but I can understand why some might prefer not to.
Also, until I hear otherwise, I’m assuming “the sandbox is still a lie” continues to hold:
https://flatkill.org/2020/
Though, that page says they at least try to make it not setuid root these days. Also relevant: https://xkcd.com/1200/
Sounds great.
Related: Self-Hosting a Firefox Sync Server
https://news.ycombinator.com/item?id=43214294
Librewolf isn't going to be practical for macOS users. It isn't signed appropriately and will not run unless you xattr -c on the app package. That's unfortunate. I'm not sure if an update will re-establish the macOS quarantine flags or not.
It looks like it's available on homebrew, so that may be a good workaround.
I installed it via brew only to find it wasn't signed. I'm going to assume that the binary in the dmg isn't signed, either.
for technical users yes. for grandma, absolutely not
Why is that so? Any idea?
Librewolf isn't signing the binary shipped via brew.
This is a bad idea. I don't know if customization made by LibreWolf to protect your privacy would be undone by using Mozilla's version of the profiles.
I had a bit of a failed transition while hoping for a fast one. I gave the app image for Macos a try. the available binaries are for Intel only, and 120Hz scrolling isn't working despite matching the final Firefox version to the point. I can't tell what else is missed out from Firefox. I didn't have much luck with the Homebrew version either. It doesn't run at all.
Anyone got better luck on Mac?
I don’t know what 120hz scrolling is but it runs fine on intel Monterey default settings plus privacy badger. I wish privacy badger would work in Kagi's Orion.
If you're on macOS, Floorp and Zen Browser are good alternatives.
you don't even know who the person in charge of librewolf is or what their affiliations are and you want people to hop from Firefox to some random dude on the internet because you think they are trustworthy?
But you would trust Mozilla who repeatedly betrayed it's users yet still lying Firefox is a private browser?
Side note: Why does Mozilla pay their CEO $6.9 million as of 2022 [0] while seemingly mismanaging their business? As a Firefox user, Mozilla feels like a hollow company with little impact, existing primarily to give Google the appearance of competition. This seems like just another example of Mozilla sabotaging themselves.
[0] https://assets.mozilla.net/annualreport/2022/mozilla-fdn-990...
Note: there is also the Mullvad browser which is based on the Tor browser (with the Tor bit removed). It works fine without a VPN.
https://mullvad.net/en/browser