So I have seen comments that bitwardens extension works and want to check if no script does. Since libre wolf is just configuration I figure most stuff should work but not real sure. I looked to see if there was something like a pinned questions thread which I would normally put a minor question like this. Considering recent news maybe instead a moving from firefox pinned thread for awhile first.
I’ve only installed a handful, but they’ve all worked fine except for KeePassXC-Browser - and that’s partly q known issue with a workaround and partly Flatpak (which made it hard to apply the workaround)
It’s built against the latest version and kept up to date with it, so you should be fine. The only extension I had an issue with was KeePassXC, but because it communicates with an application outside the browser. I had to symlink a single directory and now everything works just the same.
Adding extensions makes you more fingerprintable, which kind of defeats the purpose of Librewolf versus any other Firefox fork.
Well, I don’t know about OP, but MY purpose for using Librewolf is to have something that is not run by Mozilla and doesn’t call home to Mozilla, has a strong contribution history, exists in nixpkgs, and can be fully configured in Nix Home Manager. Librewolf is the only fork that checks those boxes. The security benefits are just a nice side-effect when they fit with my workflow.
Noob here - How come browser extensions can be used in fingerprinting? Why is the fact that I have an extension shared with servers? Why doesn’t a browser like Libre Wolf refuse to share this? Is it really ingrained in the we browsing process to pass that info back? It seems like it should remain on the client-side. I can see Google sharing it but why can’t LibreWolf decide not to?
It’s not 100% the case that EVERY extension will. A completely local extension that doesn’t ever hit the web or change page layout won’t, but how many of those are there? Anything that changes how you view a page will subtly impact what the server sees in your request, or at least CAN see via javascript, which can be used towards fingerprinting – and because everything is so monopolized, anything making a third party call related to the page is potentially resolvable based on IP and timing because like four companies run everything and share an unknown subset of their data on you. Since your data is the new oil, there’s a robust incentive for ad companies to really break out all the stops trying to fingerprint everything about you. It’s not LibreWolf’s fault, it’s just the incentives that exists out there plus how the web works.
Got it, so it’s not that the browser passes an extension list to the server, but the server could recognize an extensions impact on the page with local JS or something and then send that info home. Could that in theory be blocked?
You could try, but I’ve never heard of a browser that claimed to be able to mitigate fingerprinting with arbitrary extensions. The extension itself could literally be phoning home to Google or anyone else
