Captchas I have read the instructions. I have searched existing issues and avoided creating duplicates. I am not filing an enhancement request. What happened? There are multiple privacy and telemtr...
I’m not sure why you linked to this irrelevant 3 week old issue while referring to something that was fixed a year ago. Referring to it as a backdoor also implies that I was malicious, when it was simply incompetence. Have there been any security issues since? (Not trying to imply that not having any would make it safe, just wondering).
Zen is an amateur hobbyist project, expecting it to be something else is silly. It isn’t backed by a company. You take on these risks when you use a project like this. Its open source, do your research before using it for anything important. If you don’t want to take those risks, use Firefox.
I’d like to take this opportunity to say Mullvad browser is maintained by Mullvad and Tor Project which in my eyes sets it way apart from these hobby forks (including librewolf)
It does, but less than Firefox does. Their lack of manpower means delayed updates to fix zero days compared to Firefox. It also means less eyes on any patches introduced, so I’d be more concerned about malicious code being introduced.
Their lack of manpower means delayed updates to fix zero days compared to Firefox
From their site:
LibreWolf is always built from the latest Firefox stable source, for up-to-date security and features along with stability.
As soon as firefox pushes a release, for instance to fix a security vulnerability, librewolf can immediately rebuild It is literally just firefox with different setting. Delay between firefox release and librewolf release should be negligible. You can verify this by noting that 136.0 was offered on the same day.
Also want to add that this was caused by a configuration issue. If you want security, don’t use Firefox (or its forks) default configs, look into Betterfox. Apparently Zen also uses this as the base for its default preferences, which is a good decision.
I’m not sure why you linked to this irrelevant 3 week old issue while referring to something that was fixed a year ago. Referring to it as a backdoor also implies that I was malicious, when it was simply incompetence. Have there been any security issues since? (Not trying to imply that not having any would make it safe, just wondering).
Zen is an amateur hobbyist project, expecting it to be something else is silly. It isn’t backed by a company. You take on these risks when you use a project like this. Its open source, do your research before using it for anything important. If you don’t want to take those risks, use Firefox.
I’d like to take this opportunity to say Mullvad browser is maintained by Mullvad and Tor Project which in my eyes sets it way apart from these hobby forks (including librewolf)
I agree, Mullvad is the only fork that I have confidence in the security of (ignoring Tor ofc since it’s not really for general use).
I’ll bite: what’s wrong with LibreWolf?
It just lacks manpower unfortunately. Going with a browser that has the funding for a security team is the safer option.
Librewolf is firefox with different settings how does it not already benefit from Firefox’s security team
It does, but less than Firefox does. Their lack of manpower means delayed updates to fix zero days compared to Firefox. It also means less eyes on any patches introduced, so I’d be more concerned about malicious code being introduced.
From their site:
As soon as firefox pushes a release, for instance to fix a security vulnerability, librewolf can immediately rebuild It is literally just firefox with different setting. Delay between firefox release and librewolf release should be negligible. You can verify this by noting that 136.0 was offered on the same day.
https://codeberg.org/librewolf/source/commit/2b90daeb5aa5a80443f4f7655393f610fb16418a
https://www.mozilla.org/en-US/firefox/136.0/releasenotes/
The difference in time between firefox and librewolf security updates is less than the variance between users updating their machines.
Also want to add that this was caused by a configuration issue. If you want security, don’t use Firefox (or its forks) default configs, look into Betterfox. Apparently Zen also uses this as the base for its default preferences, which is a good decision.