LibreWolf
"A custom version of Firefox, focused on privacy, security and freedom."
Through thick and thin, I have been a long-time die-hard Firefox user. Mozilla has been an… unwell organization for a very long time, but at this point it is basically working as hard as it can to shed the last of its users and supporters. And it’s working!
Get it
Download and install LibreWolf using whatever method you use to download and install other browsers such as Firefox!
I’ve installed LibreWolf on Arch Linux (via the AUR) and Slackware Linux (via slackbuilds.org) and I’ve helped install it on Windows by downloading the installer directly from the LibreWolf website (the link above).
What newly-installed LibreWolf is like
The remarkable thing about LibreWolf is that when it first starts up, it looks exactly like Firefox…after I’ve spent 10 minutes cleaning up the garbage:
-
uBlock Origin is already installed and running.
-
DuckDuckGo is the default search engine.
-
The advertising and clickbait news-laden start page is gone.
-
The increasingly irritating "tips" about the latest hare-brained mis-features Mozilla wants to jam into Firefox are gone.
Yesssss. This is awesome. This is the way it should be. I’m sold.
Allowing LibreWolf to stay logged in to websites
Unless you enjoy doing the login (and two-factor) process for websites every time you start a new session, you probably don’t actually want to clear cookies when you close the browser.
Navigate to about:config in the address bar, then search for
privacy.clearOnShutdown_v2.cookiesAndStorage
Toggle the value to false.
(Or scroll down to Logins and Passwords via Settings.)
Allowing LibreWolf to manage passwords
As with changing the cookie config value above, set the following config values:
signon.rememberSignons = true signon.autofillForms = true
(Or scroll down to Logins and Passwords via Settings.)
Contrary to Internet rumor (and vague misgivings in the LibreWolf FAQ), saving logins works just fine. I’m logged into a variety of services right now using saved logins in LibreWolf. And they stay logged-in across restarts.
One should always make a conscious and intentional decision when picking convenience over security. Also remember that security doesn’t have to be all or nothing. For example, you could choose to let it save the credentials for that one indie game forum, but not your bank. It’s a tool and you’re in control of how it gets used.
Logins and Passwords via Settings
After doing what I describe above with the config values, I discovered that these were available under the regular Settings menu. Silly me.
If you prefer that, I believe the cookie and login options above can all be set
by going to Settings then Privacy & Security (or you can go directly
there by entering about:preferences#privacy in the address bar)
and setting these checkboxes:
-
(UNchecked) Delete cookies and site data when LibreWolf is closed
-
(checked) Ask to save passwords
-
(checked) Fill usernames and passwords automatically
Here’s what it looks like for me:
Enabling Firefox sync
I use Mozilla’s Firefox sync service and I like it a lot. I think it does a remarkably smooth job of keeping my bookmarks and other meta-data in sync without any maintenance on my part. Importantly, it also features end-to-end encryption, so even if/when Mozilla turns completely evil, they cannot read the sync data contents. Private by Design: How we built Firefox Sync (mozilla.org). In theory, you can even run your own sync server.
Navigate to about:config in the address bar, then search for
identity.fxaccounts.enabled
Toggle the value to true.
(After the fact, I’ve also discovered this setting under Settings > LibreWolf as a checkbox named Enable Firefox Sync! I guess the moral of this story is to go see what you can change in the Settings menu before researching config names.)
Restart LibreWolf and now you’ll see the little "Account" icon (little blank avatar in a circle) to the right of the address bar. Clicking on that will take you to the Sync section in Settings.
(You can also just navigate directly there from Settings. And I’m not sure you need to restart LibreWolf to see it in Settings. I just know you do need to restart to see the Account icon.)
Click the Sign in to sync… button and then authenticate as usual with Mozilla’s accounts.firefox.com server.
Now syncing will be active. In my case, my avatar image shows up where the account placeholder was and the bookmark toolbar immediately populates with my precious bookmarks. :-)
Also note that you can choose what gets synced under Settings > Sync.
HTTP-only mode
When I first hit one of my in-house web servers, I got a big "HTTPS-Only Mode Alert Secure Site Not Available" page.
Plain HTTP without TLS is completely fine for these servers (even if someone was intercepting traffic on my internal network, nothing secret is hosted on them - they’re my personal web dev playgrounds and staging sites).
You can temporarily continue to the site with the on-page button.
But to make it permanent, click on the padlock icon next to the domain name in the address bar and change the Automatically upgrade this site to a secure connection drop-down menu from "On" to "Off".
Conclusion
My deep gratitude to the LibreWolf developers for taking the incredible work of the Mozilla software engineers and packaging it up the way it should be!
I’ll update this page as I discover other tweaks I need to make as I fully migrate from the fox to the wolf.