Librefox: A More Secure Version of Firefox
Fans of Mozilla’s Firefox browser may be interested in a new open-source project called Librefox. Librefox is essentially a copy of Firefox with significantly enhanced privacy and security features. It’s important to note that Librefox is not a fork of Firefox; instead, it uses Firefox as its base. The project also incorporates Ghacks user.js and other third-party tools to implement its security features. The goal of the developers is to offer a browser with the best protection features “out of the box.”
Currently, Librefox is available for Windows, macOS, and Linux. On Windows, it can be run without installation. Visually, Librefox looks identical to its base—Firefox—but the differences are under the hood.
Key Differences from Standard Firefox
The development team has removed several components from standard Firefox, such as the updater, crash reporter, and integrated add-ons that “did not meet privacy requirements.” As a result, Librefox comes without add-ons by default, except for a few extensions developed specifically for the project.
Main Features of Librefox
- Removed built-in add-ons, update check code, and crash reporting components that negatively impact privacy.
- Added an add-on firewall that restricts network access for extensions.
- Settings have been cleaned of built-in links to Mozilla servers and functions that make remote calls to services (for example, Google blacklist downloads are disabled). By default, Librefox does not initiate any external connections.
- Over 500 changes have been made to settings focused on improving security, privacy, and performance. The settings templates are based on ghacks-user.js and pyllyukko user.js collections.
- The most important settings are protected from accidental changes, including by add-ons, by moving them to mozilla.cfg and policies.json files.
- All code for collecting statistics and sending telemetry is disabled.
- A dark theme is offered as a recommended option.
- An optional set of custom add-ons (Librefox-addons) is available, including Librefox Dark Theme (dark mode), Librefox HTTP Watcher (changes the address bar color for unencrypted HTTP), and Librefox Reload Button (moves the reload button to the address bar).
- A list of recommended add-ons, which have undergone additional code review, is provided. These include uBlock Origin, Browser Plugs Privacy Firewall, User Agent Platform Spoofer, First Party Isolation, and Cookie Master.
How Librefox Is Built
The Librefox packages are created using the unmodified Firefox codebase from official Mozilla builds (Librefox does not recompile the code but modifies the official Mozilla builds; all executable files remain unchanged). The changes involve replacing the mozilla.cfg, local-settings.js, and policies.json files, removing the updater and crashreporter executables, and deleting related configuration files. The following built-in add-ons are also removed: [email protected], [email protected], [email protected], [email protected], and [email protected].