this post was submitted on 27 Aug 2024
13 points (61.8% liked)

LibreWolf

3132 readers
1 users here now

Welcome to the official community for LibreWolf.

LibreWolf is designed to increase protection against tracking and fingerprinting techniques, while also including a few security improvements. LibreWolf also aims to remove all the telemetry, data collection and annoyances, as well as disabling anti-freedom features like DRM. If you have any question please visit our FAQ first: https://librewolf.net/docs/faq/

To learn more or to download the browser visit the website: https://librewolf.net/

If you want to contribute head over to our Codeberg: https://codeberg.org/librewolf

founded 3 years ago
MODERATORS
 

WTF @librewolf - you had only one job and you are failing in it.

"No telemetry" -> first thing Librewolf does is connect to Mozilla telemetry services.

Found out this by having @[email protected] installed.

#librewolf #telemetry #cybersecurity

all 22 comments
sorted by: hot top controversial new old
[–] [email protected] 30 points 2 months ago (3 children)
[–] [email protected] 10 points 2 months ago (1 children)

What I don't get is why they don't allow users to decide if they want to connect to Mozilla or not with an option in the settings. Libre means being free (to choose in this case), not being forced.

[–] [email protected] 3 points 2 months ago* (last edited 2 months ago) (1 children)

~~They do. It’s called Deny and it’s right there in the screenshot.~~ never mind. I see it was me who misunderstood.

[–] [email protected] 2 points 2 months ago* (last edited 2 months ago) (1 children)

@dohpaz42 @corvus
You can also easily disable in about:config

[–] [email protected] 2 points 2 months ago (1 children)

Which setting disables it?

[–] [email protected] 4 points 2 months ago (1 children)
[–] [email protected] 1 points 2 months ago* (last edited 2 months ago)

@smpl @corvus and if you want to be double plus sure, set pushServer to “none” instead of the default wss:// address

[–] [email protected] 6 points 2 months ago

But they want to bitch and moan and wave their pitchforks around because their privacy is obviously being violated. 🙄

[–] [email protected] 1 points 2 months ago (1 children)

@TheWorldRolledMe "LibreWolf also maintains an open WebSocket towards Mozilla's push server to check wether you have received push notifications from websites you have subscribed to."

An app that is developed privacy in mind should never connect to anywhere without consent.

Also, I really don't need any freakin' push notifications from websites. I'm not "subscribing" to anything - or never will. What is that even - I didn't know I can subscribe through Mozilla to websites. Weird.

[–] [email protected] 2 points 2 months ago* (last edited 2 months ago) (1 children)

without consent…

~~Um… isn’t that what the screenshot is asking for? I’m missing the part where you’re being forced without consent?~~

Edit: I misunderstood the above screenshot. My apologies.

[–] [email protected] 5 points 2 months ago (1 children)

@dohpaz42 Nope, that is a screen capture from Little Snitch (Firewall) that noticed new outgoing connection.

[–] [email protected] 3 points 2 months ago

I just realized that. My apologies.

[–] [email protected] 3 points 2 months ago (1 children)

@OH3CUF @librewolf I wonder how Mullvad Browser would fare in the same circumstance

[–] [email protected] 2 points 2 months ago (1 children)

@JP3REM @librewolf @JP3REM @librewolf Very badly. I killed the app after 9 requests by just opening the app (and nothing else) and it kept going on. Probably the connections to IP-addresses are Tor-nodes but who knows what they are? (can only attach 4 images in one toot).

Same thing here; telemetry for Mozilla and for many plugin developers (I couldn't attach here but at least three call-homes for the plugins based on the server name).

@mullvadnet

[–] [email protected] 1 points 2 months ago* (last edited 2 months ago) (1 children)

@OH3CUF @librewolf @mullvadnet Just to clarify, that's just opening the browser without any tabs or 'home page'?

[–] [email protected] 2 points 2 months ago* (last edited 2 months ago) (1 children)

@OH3CUF Yeah, LibreWolf needs to jettison associations with Homebrew too.

Homebrew enables Google Analytics by default.

Sending telemetry without even warning users to opt out, was a bad look, even before Google was convicted as a monopoly.

I've mentioned the same thing to LadyBird devs on the FUTO funding YouTube videos.

My comments, were removed.

Not sure if that is due to FUTO being shady a.f. or YouTube being under the convicted monopoly umbrella, but it doesn't leave me with any warm fuzzy feelings aside from affirming that it appears as if the powers that be, are continuing to abuse theirs.

Anyway, you've been warned.

Maybe someone will do something about it?

I've looked into creating MacPorts' Portfiles for both LadyBird and LibreWolf, but couldn't get either project to build from source, which is kind of a prerequisite to making such things easier for others.

Both projects are severely lacking when it comes to useful documentation for developers and package and port maintainers.

I'm not exactly "new here" either, I'm probably one of the only people aside from jkh or Kip Macy who ever bothered to build NeXTBSD (basically FreeBSD with launchd, before TrueOS went for OpenRC) from source. Which, also basically had no documentation. At least in that instance it was very similar to FreeBSD, which has a rational build process with which I was already so familiar with I could basically do it without current build instructions.

@librewolf

[–] [email protected] 3 points 2 months ago* (last edited 2 months ago) (1 children)

Homebrew enables Google Analytics by default. Sending telemetry without even warning users to opt out, was a bad look, even before Google was convicted as a monopoly.

That's not true anymore. All previously saved Google analytics have been deleted and when you install hombrew for the first time you get an info box about how to opt-out.

Source

[–] [email protected] 1 points 2 months ago (1 children)

@N0x0n when did it change?

Because:

"Opting out

Homebrew analytics helps us maintainers and leaving it on is appreciated. However, if you want to opt out of Homebrew’s analytics, you can set this variable in your environment:

export HOMEBREW_NO_ANALYTICS=1

Alternatively, this will prevent analytics from ever being sent:

brew analytics off"

From the URL you provided, seems the same as it has always been, opt-in by default.

[–] [email protected] 2 points 2 months ago* (last edited 2 months ago)

It's still opt-in by default, but as I said:

  • They do not use google analytics anymore
  • You get a text saying how to opt-out when installing before anything is send to their analytic server

They are also very transparent on what is send. That's actually not that bad.