Would like to share this FLOSS project been working on for a while now and hope that is cool with you all!

Was not satisfied with status quo on browser options for our use-cases and needs - hence Konform Browser evolved.

Whether accessing private resources and actually wanting to keep that private, or minimizing traces left when surfing online, Konform Browser makes that easier with uncompromising hardened defaults combined with extended configuration UI and features like built-in container tabs for additional isolation and more flexible proxy configuration.

Binaries only provided for Linux but sources should be buildable for other platforms.

Looking forward to hear thoughts and feedback on project!

Source

Readme

Releases

Mastodon: https://techhub.social/@konform

Keeping up with security updates for your web browser is of increasing practical relevance. Under normal conditions this means important updates roughly every couple of weeks.

Mainline firefox or chromium packages are typically easy mode: For most people it's a matter of staying on top of regular pacman updates. torbrowser-launcher updates from inside the browser and is also usually painless to manage.

Running custom builds or forks from AUR requires more attention. Is the AUR package up to date? If it's a fork: Are security updates from Mozilla/Google downstreamed in a timely manner? Have you built it? Can you still build it? How long since you pulled and rebuilt that ungoogled-chromium binary and how many CVEs has it racked up by now?

Anyone running firefox-esr or any derivative like icecat, waterfox^1^, mullvad-browser or konform-browser from AUR should probably be paying attention to this right now:

Arch Linux repositories updated llvm and clang to v22 on 2026-03-07. This caused a regression for Firefox ESR packaging resulting in compilation failure when building.

Firefox ESR 14.9.0 was released on 2026-03-24.

This means that since then, users of the AUR packages for these browsers have not been able to build a new version with security fixes on up to date Arch Linux system. Some users may be prepared to handle this by maintaining separate build infra with internal registry where keeping system packages frozen on older version is acceptable but for everyone else, this is a conundrum.

Anyone browsing the web on firefox-esr or a derivative should make sure you get fixes for the issues addressed in 140.9.0 asap.

konform-browser AUR package has been patched with clang 22 toolchain fixes from mozilla and should now build succesfully. The other forks including firefox-esr will still need manual patching or downgrading clang toolchain packages to v21 to compile. The konform-browser patches for clang 22 are in the AUR repo and should be portable to the other browsers too. If others can share their results in testing (both X11 and Wayland) or reviewing the fix, this might help in sorting out the firefox-esr situation sooner than later, too.

^1^: Looking at git log it claims to build as of the wasi-compiler-rt21 makedepends but I have still not been able to make it compile when attempting. Please LMK if I'm holding it wrong and there is a way!

Announcement brought to you by Konform Browser

Keeping up with security updates for your web browser is of increasing practical relevance. Under normal conditions this means important updates roughly every couple of weeks.

Mainline firefox or chromium packages are typically easy mode: For most people it's a matter of staying on top of regular pacman updates. torbrowser-launcher updates from inside the browser and is also usually painless to manage.

Running custom builds or forks from AUR requires more attention. Is the AUR package up to date? If it's a fork: Are security updates from Mozilla/Google downstreamed in a timely manner? Have you built it? Can you still build it? How long since you pulled and rebuilt that ungoogled-chromium binary and how many CVEs has it racked up by now?

Anyone running firefox-esr or any derivative like icecat, waterfox^1^, mullvad-browser or konform-browser from AUR should probably be paying attention to this right now:

Arch Linux repositories updated llvm and clang to v22 on 2026-03-07. This caused a regression for Firefox ESR packaging resulting in compilation failure when building.

Firefox ESR 14.9.0 was released on 2026-03-24.

This means that since then, users of the AUR packages for these browsers have not been able to build a new version with security fixes on up to date Arch Linux system. Some users may be prepared to handle this by maintaining separate build infra with internal registry where keeping system packages frozen on older version is acceptable but for everyone else, this is a conundrum.

Anyone browsing the web on firefox-esr or a derivative should make sure you get fixes for the issues addressed in 140.9.0 asap.

konform-browser AUR package has been patched with clang 22 toolchain fixes from mozilla and should now build succesfully. The other forks including firefox-esr will still need manual patching or downgrading clang toolchain packages to v21 to compile. The konform-browser patches for clang 22 are in the AUR repo and should be portable to the other browsers too. If others can share their results in testing (both X11 and Wayland) or reviewing the fix, this might help in sorting out the firefox-esr situation sooner than later, too.

^1^: Looking at git log it claims to build as of the wasi-compiler-rt21 makedepends but I have still not been able to make it compile when attempting. Please LMK if I'm holding it wrong and there is a way!

Announcement brought to you by Konform Browser

I would like to invite all of you Linux users to check out the latest release of Konform Browser.

Konform Browser is a free/libre and open-source (FLOSS) fork of Firefox with the primary goals of security, privacy, and user freedom. Hoping to be an example of how these three goals don’t have to be at odds but support each other and work in harmony. Would love to hear your feedback on if it's in the right direction and what can be improved.

Been posting on and off the lemmies about the project during 2026 and previously on this community. Below are major highlights since 140.8.0-103 update from two weeks back:

• Bundling and enforcing use of bundled fonts. Konform Browser now carries the same font-loading patches and bundled fonts as Tor Browser and Mullvad Browser. While this does increase download- and installation sizes, it has two clear benefits: - Significantly improved resistance against font fingerprinting used by tracking scripts. Konform Browser should now be more robust against this attack by having shared global font fingerprint. - All languages and scripts should render as expected regardless of what fonts you have installed on system.
• Also bundled is now Multi-Account Containers Lite addon. It's a debloated^1^ fork of Firefox Multi-Account Containers so you can utilize Container Tabs and set per-container proxies without installing addon for it.
• While "AI chatbot" feature was already disabled and hidden by default, it was previously still possible to trigger activation of proprietary networked centralized cloudbots by setting pref browser.ml.chat.enabled=true. These have now been fully removed and replaced by a single provider utilizing locally running llamafile instance.
• Ported a bunch of security fixes and improvement on fingerprinting protection from FF Rapid Release and Tor Browser which didn't make it into upstream FF ESR.

For details and references see linked release notes. For even more details I hope the commit log is digestible.

Packages available for most Linux distributions.

AUR source package

Releases

README

Konform Browser is also on Mastodon where followers make me happy: https://techhub.social/@konform

^1^: Similarly as rest of Konform Browser: Removal and disabling of telemetry, analytics, ads, touting, nags ("call-to-actions"), and integrations with centralized proprietary service (Mozilla VPN in this case).

I would like to invite all of you Linux users to check out the latest release of Konform Browser.

Konform Browser is a free/libre and open-source (FLOSS) fork of Firefox with the primary goals of security, privacy, and user freedom. Hoping to be an example of how these three goals don’t have to be at odds but support each other and work in harmony. Would love to hear your feedback on if it's in the right direction and what can be improved.

Been posting on and off the lemmies about the project during 2026. Below are major highlights since 140.8.0-103 update from a week and a half back:

• Bundling and enforcing use of bundled fonts. Konform Browser now carries the same font-loading patches and bundled fonts as Tor Browser and Mullvad Browser. While this does increase download- and installation sizes, it has two clear benefits:
  • Significantly improved resistance against font fingerprinting used by tracking scripts. Konform Browser should now be more robust against this attack by having shared global font fingerprint.
  • All languages and scripts should render as expected regardless of what fonts you have installed on system.
• Also bundled is now Multi-Account Containers Lite addon. It's a debloated^1^ fork of Firefox Multi-Account Containers so you can utilize Container Tabs and set per-container proxies without installing addon for it.
• While "AI chatbot" feature was already disabled and hidden by default, it was previously still possible to trigger activation of proprietary networked centralized cloudbots by setting pref browser.ml.chat.enabled=true. These have now been fully removed and replaced by a single provider utilizing locally running llamafile instance.
• Ported a bunch of security fixes and improvement on fingerprinting protection from FF Rapid Release and Tor Browser which didn't make it into upstream FF ESR.

For details and references see linked release notes. For even more details I hope the commit log is digestible.

Packages available for most Linux distributions.

AUR source package

Releases

Konform Browser is also on Mastodon where followers make me happy: https://techhub.social/@konform

^1^: Similarly as rest of Konform Browser: Removal and disabling of telemetry, analytics, ads, touting, nags ("call-to-actions"), and integrations with centralized proprietary service (Mozilla VPN in this case).

Cross-post. Original Thread @ https://discuss.tchncs.de/post/56107349

I would like to invite all of you Linux users^1^ to check out the latest release of Konform Browser.

Konform Browser is a free/libre and open-source (FLOSS) fork of Firefox with the primary goals of security, privacy, and user freedom. Hoping to be an example of how these three goals don’t have to be at odds but support each other and work in harmony. Would love to hear your feedback on if it's in the right direction and what can be improved.

Been posting on and off the lemmies about the project during 2026. Below are major highlights since 140.8.0-103 update from a week and a half back:

• Bundling and enforcing use of bundled fonts. Konform Browser now carries the same font-loading patches and bundled fonts as Tor Browser and Mullvad Browser. While this does increase download- and installation sizes, it has two clear benefits:
  • Significantly improved resistance against font fingerprinting used by tracking scripts. Konform Browser should now be more robust against this attack by having shared global font fingerprint.
  • All languages and scripts should render as expected regardless of what fonts you have installed on system.
• Also bundled is now Multi-Account Containers Lite addon. It's a debloated^2^ fork of Firefox Multi-Account Containers so you can utilize Container Tabs and set per-container proxies without installing addon for it.
• While "AI chatbot" feature was already disabled and hidden by default, it was previously still possible to trigger activation of proprietary networked centralized cloudbots by setting pref browser.ml.chat.enabled=true. These have now been fully removed and replaced by a single provider utilizing locally running llamafile instance.
• Ported a bunch of security fixes and improvement on fingerprinting protection from FF Rapid Release and Tor Browser which didn't make it into upstream FF ESR.

For details and references see linked release notes. For even more details I hope the commit log is digestible.

Packages available for most Linux distributions.

AUR source package

Releases

Konform Browser is also on Mastodon where followers make me happy: https://techhub.social/@konform

^1^: Non-Linux users: This is the year to convert! (Or help out with porting if you're a rare BSDer ;))

^2^: Similarly as rest of Konform Browser: Removal and disabling of telemetry, analytics, ads, touting, nags ("call-to-actions"), and integrations with centralized proprietary service (Mozilla VPN in this case).

Good $TIME_OF_DAY, beehaw folks!

Today I come to share the first announcement of Konform Browser 140.8.0-103 and what's new since previous update post last week!

If you are new to Konform Browser, it was previously introduced to the lemmies in this post. In one sentence, it's a web browser for Linux based on Firefox ESR with the primary goals of security, privacy, and user freedom. Hoping to be an example of how these three goals don't have to be at odds but support each other and work in harmony.

Without more ado, some highlights of the new since last week:

• Exposed UI for "Local AI" features like full-page translations, link previews and configuring local models. These features are all disabled by default but now easier to selectively enable and keeps working locally and offline more gracefully when remote updates are disabled.
  • This coincides funnily with the new "AI killswitch" news from FF v148 this week. Konform Browser approaches the "AI/ML" feature-set from the opposite end from upstream: Selective opt-in, progressive enhancement, and graceful degradation, while making sure any external endpoints or keys are user-configurable.
  • Check out about:translations (which is pretty handy and reliable) and about:inference (where you can now load and test arbitrary models from HuggingFace)!
  • The "Link Preview" feature is rather janky and considered experimental.
  • The "AI chatbot" integration to bigcloudtech is unaffected by these changes and remains disabled under every preset.
• Latest security fixes up to Mozilla Firefox ESR 140.8.0.
• Various privacy improvements
  • navigator.sendBeacon() now disabled by default (re-enabled by "Just Make It Work" preset)
  • Ported over several relevant patches from Tor Browser
  • Proxy bypass protection enabled to reduce risk of network leaks
• Changes made on about:welcome now take effect immediately without requiring browser restart
• UI: Disabled various nags and onboarding callouts (no more "Hey please try the new feature" in the middle of your workflow)

For more details check out release notes and (if that's not detailed enough for you :p) commit log.

If you check it out, would love your feedback on the project in general and, if this isn't a first, your take on development and recent updates. Fellow devs: Doors wide-open for new (carbon-based) contributors ^^

Konform Browser is now also on Mastodon: https://techhub.social/@konform

Packages available for most Linux distributions.

AUR source package

Releases

Hi all!

Latest version of Konform Browser just dropped and now I come here to share with y'all about what's been cooking.

If you are new to Konform Browser, dev writing and previously posted on on this community introducing the project here.

Highlights since last time:

• Latest security fixes from up to most recent Firefox ESR 140.7.1.
• A new welcome screen (pictured) where user can quickly choose between how private vs integrated experience they want, from a locked down "Purely Private" all the way to an unleashed "Just Make It Work" (affectionately referred to as "yolo mode")
  • The "Show detailed information" link leads to a table showing exactly what settings will be impacted by each preset so user can make educated decision and understand impact before choosing.
• Improvements around privacy and fingerprinting. In particular: Closed a significant vector of identity leaks and fingerprinting from unique IDs sent in Origin headers of HTTP requests by addons. This is a previously known issue (1405971) that has been considered wontfix by upstream for 6 years now.
  • To my knowledge, Konform Browser is the only Firefox derivative which protects against this under defaults and improves over status quo in chromium too. Attempts are being made to reach out and see if the patch can also be of interest and benefit for Tor Browser.
  • New user pref network.http.addonOriginBehavior can be tweaked to further change behavior and work around any breaking addons.
  • A future update might change default to 3 (random), which could make browser choice less fingerprintable. The current default is not set in stone and I'd be very curious about what breaks and what doesn't if anyone plays around with this.
• Now also publishing binary packages for easy installation and updates from Alpine Linux and Arch Linux package repos, alongside deb/rpm ones. All builds and releases are produced by Codeberg CI. Building from source is of course still supported.
• Various improvements and fixes for optional features unlocked by "Just Make It Work" preset

There is also now a more official fedi account on Mastodon where an abbreviated version of this post is already shared with a couple of screenshots of the new onboarding: @konform@techhub.social^1^.

As always, installation and build instructions can be found from release notes and doors are open on Codeberg for issue reports and merge requests alike.

https://codeberg.org/konform-browser/source/releases

^1^: Still figuring out how crossposting works or doesn't across the fedis! In case federation clients botcher the link: https://techhub.social/@konform

Hi all!

Latest version of Konform Browser just dropped and now I come here to share with y'all about what's been cooking.

If you are new to Konform Browser, dev writing and previously posted on Lemmy introducing the project here.

Highlights since last time:

• Latest security fixes from up to most recent Firefox ESR 140.7.1.
• A new welcome screen (pictured) where user can quickly choose between how private vs integrated experience they want, from a locked down "Purely Private" all the way to an unleashed "Just Make It Work" (affectionately referred to as "yolo mode")
  • The "Show detailed information" link leads to a table showing exactly what settings will be impacted by each preset so user can make educated decision and understand impact before choosing.
• Improvements around privacy and fingerprinting. In particular: Closed a significant vector of identity leaks and fingerprinting from unique IDs sent in Origin headers of HTTP requests by addons. This is a previously known issue (1405971) that has been considered wontfix by upstream for 6 years now.
  • To my knowledge, Konform Browser is the only Firefox derivative which protects against this under defaults and improves over status quo in chromium too. Attempts are being made to reach out and see if the patch can also be of interest and benefit for Tor Browser.
  • New user pref network.http.addonOriginBehavior can be tweaked to further change behavior and work around any breaking addons.
  • A future update might change default to 3 (random), which could make browser choice less fingerprintable. The current default is not set in stone and I'd be very curious about what breaks and what doesn't if anyone plays around with this.
• Now also publishing binary packages for easy installation and updates from Alpine Linux and Arch Linux package repos, alongside deb/rpm ones. All builds and releases are produced by Codeberg CI. Building from source is of course still supported.
• Various improvements and fixes for optional features unlocked by "Just Make It Work" preset

There is also now a more official fedi account on Mastodon where an abbreviated version of this post is already shared with a couple of screenshots of the new onboarding: @konform@techhub.social^1^.

As always, installation and build instructions can be found from release notes and doors are open on Codeberg for issue reports and merge requests alike.

https://codeberg.org/konform-browser/source/releases

^1^: Still figuring out how crossposting works or doesn't across the fedis! In case federation clients botcher the link: https://techhub.social/@konform

Cross-post. Original Thread @ https://discuss.tchncs.de/post/54998565?scrollToComments=true

Hi all!

Latest version of Konform Browser just dropped and now I come here to share with y'all about what's been cooking.

If you are new to Konform Browser, dev here and previously posted on Lemmy introducing the project here.

Highlights since last time:

• Latest security fixes from up to most recent Firefox ESR 140.7.1.
• A new welcome screen (pictured) where user can quickly choose between how private vs integrated experience they want, from a locked down "Purely Private" all the way to an unleashed "Just Make It Work" (affectionately referred to as "yolo mode")
  • The "Show detailed information" link leads to a table showing exactly what settings will be impacted by each preset so user can make educated decision and understand impact before choosing.
• Improvements around privacy and fingerprinting. In particular: Closed a significant vector of identity leaks and fingerprinting from unique IDs sent in Origin headers of HTTP requests by addons. This is a previously known issue (1405971) that has been considered wontfix by upstream for 6 years now.
  • To my knowledge, Konform Browser is the only Firefox derivative which protects against this under defaults and improves over status quo in chromium too. Attempts are being made to reach out and see if the patch can also be of interest and benefit for Tor Browser.
  • New user pref network.http.addonOriginBehavior can be tweaked to further change behavior and work around any breaking addons.
  • A future update might change default to 3 (random), which could make browser choice less fingerprintable. The current default is not set in stone and I'd be very curious about what breaks and what doesn't if anyone plays around with this.
• Now also publishing binary packages for easy installation and updates from Alpine Linux and Arch Linux package repos, alongside deb/rpm ones. All builds and releases are produced by Codeberg CI. Building from source is of course still supported.
• Various improvements and fixes for optional features unlocked by "Just Make It Work" preset

There is also now a more official fedi account on Mastodon where an abbreviated version of this post is already shared with a couple of screenshots of the new onboarding: @konform@techhub.social^1^. Since I couldn't figure out how to crosspost Mastodon -> Lemmy you get me rambling here instead 😘

As always, installation and build instructions can be found from release notes and doors are open on Codeberg for issue reports and merge requests alike.

https://codeberg.org/konform-browser/source/releases

^1^: In case federation clients botcher the link: https://techhub.social/@konform

Hi all!

Latest version of Konform Browser just dropped and now I come here to share with y'all about what's been cooking.

If you are new to Konform Browser, dev here and previously posted on this community introducing the project here.

Highlights since last time:

• Latest security fixes from up to most recent Firefox ESR 140.7.1.
• A new welcome screen (pictured) where user can quickly choose between how private vs integrated experience they want, from a locked down "Purely Private" all the way to an unleashed "Just Make It Work" (affectionately referred to as "yolo mode")
  • The "Show detailed information" link leads to a table showing exactly what settings will be impacted by each preset so user can make educated decision and understand impact before choosing.
• Improvements around privacy and fingerprinting. In particular: Closed a significant vector of identity leaks and fingerprinting from unique IDs sent in Origin headers of HTTP requests by addons. This is a previously known issue (1405971) that has been considered wontfix by upstream for 6 years now.
  • To my knowledge, Konform Browser is the only Firefox derivative which protects against this under defaults and improves over status quo in chromium too. Attempts are being made to reach out and see if the patch can also be of interest and benefit for Tor Browser.
  • New user pref network.http.addonOriginBehavior can be tweaked to further change behavior and work around any breaking addons.
  • A future update might change default to 3 (random), which could make browser choice less fingerprintable. The current default is not set in stone and I'd be very curious about what breaks and what doesn't if anyone plays around with this.
• Now also publishing binary packages for easy installation and updates from Alpine Linux and Arch Linux package repos, alongside existing deb/rpm ones. Building from source is of course still supported.
• Various improvements and fixes for optional features unlocked by "Just Make It Work" preset

There is also now a more official fedi account on Mastodon where an abbreviated version of this post is already shared with a couple of screenshots of the new onboarding: @konform@techhub.social^1^. Since I couldn't figure out how to crosspost Mastodon -> Lemmy you get me rambling here instead 😘

As always, installation and build instructions can be found from release notes and doors are open on Codeberg for issue reports and merge requests alike.

https://codeberg.org/konform-browser/source/releases

^1^: In case federation clients botcher the link: https://techhub.social/@konform