Cybersecurity

Differences to LibreWolf

While the two projects have shared primary goals of privacy, security, and user freedom and Konform retains most of Librewolf's patches, Konform takes a different stance on some questions and provides a different out-of-the-box experience compared to LibreWolf in name of the project goals. For example^1^:

• Based on Firefox ESR (Extended Support Release) instead of RR (Rapid Release)
  • Less update churn and delayed access to newest features, while staying up to date with security fixes
• Removed integrations with online services for improved privacy and usability
  • "RemoteSettings" is completely disabled by default, also disabling features depending on it
    • Konform Browser will not download or sync updates of settings, preferences, search engines, or AI models at runtime
    • All remote analytics and telemetry disabled
    • "AI chatbot" doesn't have proprietary providers (ChatGPT/Claude/Copilot/Gemini/) preconfigured
    • Full-page machine translations work more reliably when offline
  • Disable OCSP validation
    • Upstream enforces OCSP validation by default, which means it will leak metadata to remote servers and not function in offline/airgapped environments
    • Konform Browser instead enables more modern CRLite for certificate revocation checks
• Features
  • Welcome screen (about:welcome) consisting of a preset switcher allowing user to choose between one of four default presets:
    • Purely Private 🔒️ is ideal for private networks and when you need to keep external trust and communications to an absolute minimum. Disables all integrations with external servers and loading of opague binary blobs.
    • Core Security 🛡️ is great when you want to keep external trust and communications to a minimum without compromising on security and common base features. Enables low-risk optional features and security-related updates from Mozilla (public suffix list, certificate revocation lists, and such).
    • Basic Fuctionality✳️ is great for daily online surfing. Enables common optional features (like WebGPU and local ML) while keeping risky and potentially compromising integrations off.
    • Just Make It Work🦊 is closest to common Firefox defaults. Unlocks RemoteSettings integrations to same extent as FF and re-enables potentially risky and leaky features depending on external providers for greatest out-of-box functionality and website compatibility. Useful for configuration testing and troubleshooting of website compatibility, and for non-sensitive scenarios where privacy is not a concern.
  • Comes with Multi-Acccount Containers Lite pre-enabled for convenient tab compartmentalization
  • Comes with bundled fonts matching Tor Browser and Mullvad Browser. Improved protection against font enumeration attacks while ensuring fonts render consistently regardless of what you have installed on system.
  • about:translation and about:inference for direct access to translation and ML features
• Ported over bug- and security fixes from Tor Browser
• A couple of privacy-related patches not built elsewhere
• Earlier access to upstream security fixes
• Assorted privacy-strengthening of defaults
  • Disable cross-origin referer by default
  • Enable letterboxing by default if ResistFingerPrinting is enabled
• Extended configurability
  • New preference privacy.resistFingerprinting.allowTheming (default true)
  • Allows setting non-default theme when ResistFingerPrinting is enabled
  • Dynamic light/dark theme depending on system preferences
  • LibreWolf requires disabling ResistFingerPrinting for dark mode
  • User-configurable FireFox Sync endpoints
    • For using self-hosted or third-party Sync and Accounts servers
  • User-configurable HTTP Referer spoofing
  • Management UI for ML models and allow loading custom "AI" models from HuggingFace
  • Link Preview feature configurable for use with local ML models
  • Changes to RemoteSettings allowlists take effect without browser restart
• Reskinned logo and privacy-purple color scheme
• ...etc

Bundled extensions

Librewolf will download uBlock Origin from Mozilla Addons on default profile initialization.

Konform Browser does not download any extension by default. Instead, it will attempt to auto-detect and enable the following addons if already installed on the system by the user on a recognized path:

• uBlock Origin
  • Alpine: ublock-origin
  • Arch: firefox-ublock-origin
  • Debian: webext-ublock-origin-firefox
  • Fedora: mozilla-ublock-origin
• No-Script
  • Arch: firefox-noscript
  • Fedora: mozilla-noscript
• Privacy Badger
  • Arch: firefox-extension-privacy-badger (AUR)
  • Fedora: mozilla-privacy-badger

This can be customized without rebuilding the browser by editing /usr/lib/konform/distribution/policies.json (https://codeberg.org/konform-browser/settings) to preload your own extensions or disable any of the defaults.