Show HN: Fast Transition from Firefox to Librewolf
After looking at various browser alternatives to Firefox (my daily driver for years), I decided to try LibreWolf and the transition was trivial on a Debian based system (by HN standards). My extensions even ran without logging in (YMMV).
First install LibreWolf: sudo apt update && sudo apt install extrepo -y sudo extrepo enable librewolf sudo apt update && sudo apt install librewolf -y
Second: After closing Firefox, copy Firefox profile (in ~/.mozilla/firefox/) to Librevox profile (in ~/.librewolf/).
Note: I copied the profile into the default profile (as seen in about:profiles) not default-default. I then launched the profile and all my tabs were restored, bookmarks, logins, etc. I will update if something seems broken.
Careful with following these instructions, because the profile contains the user settings file. You are effectively nullifying librewolfs changes to the standard settings which are there to disable firefox's tracking/suggestion/analytics features.
Just make sure to diff them at least or migrate the parts you want to keep.
So I did the same thing of installing Waterfox and copying the profile over. In Waterfox, the telemetry remains disabled and cannot be activated even if you want to - the use of an existing FF profile does not enable them. I verified this by going through a howtogeek page[1] and verifying the active settings.
[1] https://www.howtogeek.com/557929/how-to-see-and-disable-the-...
I'm considering moving to LibreWolf, and also promoting it in various ways, so some due diligence questions on my mind:
1. How responsive is LibreWolf to security updates? (Once Firefox pushes them out to users, how soon are LibreWolf users then also protected from the now-public vulnerabilities.)
2. Who maintains LibreWolf? Who is in position to vet Mozilla code, vet LibreWolf-specific code, modify, or release code? How are new people given these powers? What is the protection against bad actors on the team, or compromising people on the team?
3. Given some of the odd behavior in the last few years, is there a plan if, hypothetically, a Mozilla executive were to somehow cut off or sabotage LibreWolf? (For example, plan to pivot to doing a hard fork, while somehow assembling and vetting sufficient volunteers to make that viable? Or plan to rebase off some European or LatAm gov't-funded hard fork, while performing much the same third-party vetting&tweaking distro function as done now? Or plan to give up?)
4. Are there any thoughts on when it might make sense to get under the funding&governance umbrella of some tech public interest organization?
5. Any thoughts on moving to official Debian packages (e.g., a combination of the official Stable-track channels for something Firefox ESR-like, plus the Debian Backports channel for the latest browser features)?
(Please note that these infosec questions aren't intended to reflect negative impressions of LibreWolf. The reason for asking is that there are positive impressions of LibreWolf, and these are some questions to consider when moving forward.)
(2) is a real concern that I also share
on their page, this is the only information on the project admin: https://codeberg.org/ohfp
who is this? can I trust them with literally my entire digital life and that of my family?
this is a serious problem, "ohfp" might very well be trustworthy but at present there's no way to know
your (4) would go a real way to solving this, but for now I'm not biting
I'd rather take the risk that mozilla sell me some ads than use a browser with zero provenance
I wonder how big the patchset is vs. upstream, and how hard it is to compile yourself.
I’m not suggesting end-users do this, but I could see, e.g., a debian maintainer doing it.
It's actually totally managable and reasonable for an end-user to stay on top of their patches and run a personally built subfork. I think it's better to think of it a a starting-point and template for your own builds rather than a Product.
They're reasonably tidy, not too big, and much of the size comes from a typical userprefs a la arkenfox.
I don't see why you would dissuade before even looking? This is one of those scenarios where verifying the work is a small fraction of the time and expertise to produce it.
It's maintained as a set of patch files, so it's at least easy to see how it differs from upstream. The number of patches seemed somewhat manageable, though with the few I looked at I found myself wishing that they had much better documentation.
For no 1 - see https://librewolf.net/docs/faq/ looks like 3 days, sometimes same day
Thank you, that's unfortunate. (Incidentally, I like that their FAQ has some good questions and honest-seeming answers.)
I think I've sometimes seen security update delays that bad from Tor Browser, but that's also bad there.
I think the security update delay situation would need to be improved.
Especially on (2). Given that we are moving away from Firefox because of a trust issue with the maintainer, how does LibreWolf make this any better?
[dead]
If you're interested in moving over to LibreWolf, I also submitted a thread[0] to /r/LibreWolf for recent Firefox refugees asking for suggestions and comments on how people dealt with the transition. It has nearly 100 comments, and some good info.
[0]:https://old.reddit.com/r/LibreWolf/comments/1j0ckr9/recent_f...
I've been using it on macOS for quite some time now, coming from Safari, and am really happy with it. I use homebrew like so:
brew install librewolf --no-quarantine
brew upgrade librewolf --no-quarantine
After a bit of wrestling with a few per page settings, I have most websites running how I like them.
I use Zoom Page WE to manage per page zoom levels, this alone was a game changer for me compared to Safari.
I'm planning to fully switch to Linux someday which will probably be arch so I've done a test setup. I've installed the https://aur.archlinux.org/packages/librewolf-bin package and that worked equally well.
Do note that LW deletes all cookies upon exit. This default setting can be changed of course, but it tripped me up.
I found deleting all cookies upon exit to be really nice, in combination with a whitelist with some often used and trusted sites. The address/search bar is much more responsive and useful! I also adapted the practice of bookmarking anything and everything that I might want to find back later, throwing everything in one folder – only adding a few top-of-the head tags. It has become my second brain, and has made it super easy to fetch back stuff that I only vaguely remember.
Cleaning out all my browser history after every exit really has changed my relationship with the address bar.
Another way of looking at this method is as an antidote to ending up with hundreds of open tabs – I just bookmark it and close it, knowing I'll find it back later when I actually need it :)
It tripped me up too initially, but they added a nice workaround to it so one doesn't need to disable the deleting cookies completely.
On the pages where you want to stay logged in like in HN, click the lock icon left of the URL and toggle "LibreWolf: Always store cookies/data for this site" and that's it.
There's certainly something refreshing about knowing exactly for which sites I'm storing cookies (so far kagi, HN, gmail, YT...)
Interesting. This is actually behavior that I already prefer and enable in Firefox. It makes sense when you leave browser instances open for long periods of time (with multi-account containers for a large number of tabs that you save and restore the session of) and use a password manager to sign in when you do restart.
> sudo apt update && sudo apt install extrepo -y sudo extrepo enable librewolf sudo apt update && sudo apt install librewolf -y
The problem, at least for me, is that it requires confidence and trust to give away what is root access to my system and my life and hope they don't intentionally or unintentionally abuse it (malware). I'm sure they are trustworthy people but I would be lying if I said it didn't fill me with anxiety.
There was a tarball last time I looked.
There is a Flatpak, if you wish; as far as I understand it does not run code as root.
Installing Flatpak itself requires root, which means it's adding just a little more attack surface just to use Flatpak. Not a big concern of mine but I can understand why some might prefer not to.
Also, until I hear otherwise, I’m assuming “the sandbox is still a lie” continues to hold:
https://flatkill.org/2020/
Though, that page says they at least try to make it not setuid root these days. Also relevant: https://xkcd.com/1200/
Interesting read! But from what I understand from the permissions reported in https://flathub.org/apps/io.gitlab.librewolf-community , the Librewolf flatpak does not have access to the user home folder, which is the main security issue reported in that page.
Sounds great.
Related: Self-Hosting a Firefox Sync Server
https://news.ycombinator.com/item?id=43214294
Side note: Why does Mozilla pay their CEO $6.9 million as of 2022 [0] while seemingly mismanaging their business? As a Firefox user, Mozilla feels like a hollow company with little impact, existing primarily to give Google the appearance of competition. This seems like just another example of Mozilla sabotaging themselves.
[0] https://assets.mozilla.net/annualreport/2022/mozilla-fdn-990...
> Show HN: Fast Transition from Firefox to Librewolf
Librewolf is still connecting to e100.net.
Librewolf isn't going to be practical for macOS users. It isn't signed appropriately and will not run unless you xattr -c on the app package. That's unfortunate. I'm not sure if an update will re-establish the macOS quarantine flags or not.
It looks like it's available on homebrew, so that may be a good workaround.
I installed it via brew only to find it wasn't signed. I'm going to assume that the binary in the dmg isn't signed, either.
for technical users yes. for grandma, absolutely not
Why is that so? Any idea?
Librewolf isn't signing the binary shipped via brew.
I had a bit of a failed transition while hoping for a fast one. I gave the app image for Macos a try. the available binaries are for Intel only, and 120Hz scrolling isn't working despite matching the final Firefox version to the point. I can't tell what else is missed out from Firefox. I didn't have much luck with the Homebrew version either. It doesn't run at all.
Anyone got better luck on Mac?
Lack of 120hz scrolling is a bummer, so LF feels somewhat sluggish on a macbook pro compared to other browsers.
I don’t know what 120hz scrolling is but it runs fine on intel Monterey default settings plus privacy badger. I wish privacy badger would work in Kagi's Orion.
If you're on macOS, Floorp and Zen Browser are good alternatives.
This is a bad idea. I don't know if customization made by LibreWolf to protect your privacy would be undone by using Mozilla's version of the profiles.
> If you know CSS, you also know the style framework. If you understand JavaScript, TypeScript is not a big problem for you. And that makes you a Senior or Principal.
Mastery of the languages/frameworks you're working in does not make some a Senior or Principal.
While deep expertise in a language is important, true senior and principal engineers combine this mastery with many other skills.
They demonstrate strong architectural knowledge, guide and mentor others, and champion best practices.
They communicate effectively with colleagues and partners of various levels and roles.
They take ownership of complex initiatives end to end, balancing near-term needs with long-term goals.
Their value lies in how they combine technical excellence with leadership, problem-solving, and the ability to align technology decisions to broader business objectives.
did you mean to comment here? https://news.ycombinator.com/item?id=43227303
you don't even know who the person in charge of librewolf is or what their affiliations are and you want people to hop from Firefox to some random dude on the internet because you think they are trustworthy?
But you would trust Mozilla who repeatedly betrayed it's users yet still lying Firefox is a private browser?
they are accountable. Something goes wrong, atleast you know who to sue compared to this random dude who could steal all your crypto private keys tomorrow because you were busy using his browser. If you going to make an open source project especially a browser, I would prefer a person who is not anonymous
Note: there is also the Mullvad browser which is based on the Tor browser (with the Tor bit removed). It works fine without a VPN.
https://mullvad.net/en/browser