Librefox, patching Firefox for an enforced privacy and security

Discussion in 'privacy technology' started by mood, Dec 24, 2018.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    13,147
    • Updated browser: because this project is not a fork, it is kept updated with the latest Firefox version.
    • Extensions firewall: limit internet access for extensions (firewall-test-feature)
    • IJWY (I Just Want You To Shut Up): embedded server links and other calling home functions are removed (zero unauthorized connection by default).
    • User settings updates: gHacks/pyllyukko base is kept up to date.
    • Settings protection: important settings are enforced/locked within mozilla.cfg and policies.json, those settings cannot be changed by addons/updates/Firefox or unwanted/accidental manipulation; To change those settings you can easily do it by editing mozilla.cfg and policies.json.
    • Librefox-addons: set of optional Librefox extensions
    • Statistics disabled: telemetry and similar functions are disabled
    • Tested settings: settings are performance aware
    • ESR and Tor version (Librefox TBB Beta)
    • Tor Librefox-addons: adapted Librefox extensions for TBB
    • Multi-platform (Windows/Linux/Mac/and soon Android)
    • Dark theme (classic and advanced)
    • Recommended and code reviewed addons list
    • Community-Driven
    • And much more...
    Librefox v2.1 Released (December 21, 2018)
    Website
    Releases (Windows/Linux/Mac)
    v2.1 :
    • Project renamed to Librefox
    • Reorganizing settings
    • Adding section "Extensions Firewall" (block internet for extensions)
      Only requested domain with permission are allowed
      This is an alpha test feature
    • Adding section "IJWY To Shut Up" (I Want You To Shut Up)
      Objective, zero unauthorized connection (ping/telemetry/mozilla/google...)
    • Fix debugger disabled
    • Added more documentations
    • Defaulting moved to mozilla.cfg
    • Update safebrowsing list
    • Add ESR60x support and section
    • Remove duplicates
    • Update referer settings
    • Update gHacks v63.0.3 08.12.2018
    • Update gHacks v64.0.0 17.12.2018
    • Lock tracking feature
    • Remove false search engine
    • Fix firefox bug not locking safesearch settings
    • Fix and adapt history settings
    • Fix sites settings not saved
    • Update disabled sync services
    • Fix certificate button
    • Fix security device button
    • Fix dark theme history dialog
    • Fixing twitter and some extensions not working
    • Defaulting offline website data on clear dialog
    • Defaulting HW Settings instead of enforcing them
    • Improve HD Video playback
    • Gathering infos/code for firewalling extensions
    • Correct some grammar mistakes, thanks to @mikroskeem
    • Update to firefox v64
    • Adding extension firewall feature
    • Fix referer blocking twitter and many other sites
    • Adding IJWY v64 settings
    • Moving some debug notes from mozilla.cfg to debug-check-todo.log
    • Fix incompatibility with Compare-UserJS.ps1
    • Cleanning with Compare-UserJS.ps1
    • Adding 15 differents releases
    • Adding release x32/x64 linux
    • Adding release x32/x64 esr linux
    • Adding release x32/x64 tor linux
    • Adding release x32/x64 windows
    • Adding release x32/x64 esr windows
    • Adding release x32/x64 tor windows
    • Adding release x64 mac
    • Adding release x64 esr mac
    • Adding release x64 esr mac
    • Add tor compatibility & patches
    • Grammar mistakes, thanks to @brainscar
     
  2. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    801
    Location:
    Land o fruits and nuts, and more crime.
    I am surprised by the lack of comments by the "superior security experts" here at Wilders .
    I see not to many (experts) here anymore!
    Works fine here.
    No news is good news, I guess?:cautious:
     
    Last edited: Dec 26, 2018
  3. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    1,292
    @Circuit
    i think most here like to have their ff tailored by themselves so's to know what's been modified and changed under the hood, like myself, you know?

    it's a one-man project, right?
     
  4. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    801
    Location:
    Land o fruits and nuts, and more crime.
    True or false (about:config) right? Not much ether way, most is fluff that really can't be changed. Just a feel good solution to make the user feel he/she has control.

    One-man means nothing. Most great software came from one man right?
     
    Last edited: Dec 26, 2018
  5. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    1,292
    nah, actually i use js files, not a:c. and it's not a trust issue, it's about tailoring it to one's liking.
     
  6. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    801
    Location:
    Land o fruits and nuts, and more crime.
    Glad you cleared that up.
    Think it is good for people just looking for a secure browser "all taken care for in the privacy dept.", of course everyone will have to let some guard down to get to their favorite sites.

    Off topic; If I cant get to a site because of privacy setting I will skip that site, it's to their loss not mine.
     
  7. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,705
    Location:
    UK
    I think the value of this class of initiative is precisely for people with less time or expertise. If it represents good practice, then that seems worthwhile to me - of course it won't be perfect because that's not possible in the circumstances!
     
  8. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    638
    I think I give it a try...

    Frankly, Im getting extremenly sick of always doing the whole security-privacy dance (going throught all the
    possibly changed and maybe new telemetry settings in each FF release).

    About it being one-man project...it doesn't matter.
    Often one-man projects can be equal or superior to anything produced by bunch of highly paid lazy SW-engineers, be it corporate greedy ******** (a la Google) or supposedly non-profit organization (a la Mozilla).

    The only serious disadvantage is that if something happens to that one-man what will happen to project?
     
  9. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,630
    Stefan, that's actually less troublesome than you think. If you're using the GHacks user.js (which I recommend as its the best maintained, most comprehensive and best documented one) you can easily update it with a script once a new FF version is out. And if you created a user-overrides.js for your specific exceptions that updater script takes that into consideration. Pretty simple, IMO.
     
  10. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    638
    Well, dang...
    I did not know that there was this kind of stuff out there.
    Thanks and Happy New Year ! :)
     
  11. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    387
    Now THIS looks interesting! Anyone tried it on Linux yet? How does it work? Any issues?
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.