Kelson Reviews Stuff - Page 12

Customized Firefox, with an eye toward security and privacy. Follows the stable release channel so it’s usually up to date. (Waterfox follows the extended-support releases.) Differences seem to mostly be in default settings (like clearing site data when you close the browser), pre-installed uBlock Origin, plus some security hardening: primarily disabling or altering features that can leak data usable to identify your browser.

Upside: better privacy! From what I can tell, LibreWolf and Brave are comparable in terms of browsing privacy, but of course LibreWolf doesn’t have Brave’s crypto, ads and AI bloat.

Downside: Sites that rely on, say, WebGL, or DRM’d video, or reading Canvas, may not work right (or at all). I’ve only had trouble so far with Panoramax (which needs WebGL) and uploading to Flickr (which might be a Flatpak thing since it also happens with Waterfox). I do find it annoying that anti-fingerprinting blocks auto-switching between light and dark mode. (It’s also worth considering your threat model and the fact that small projects still depend on Mozilla for finding and fixing vulnerabilities, and not all the documentation has been updated to refer or link to LibreWolf.)

Otherwise the experience is very much like using Firefox.

Sync and Extensions

LibreWolf can sync settings and bookmarks through Firefox Sync. That seems like a weird choice for a privacy-focused fork, but the data is encrypted before uploading, so Mozilla shouldn’t be able to read your sync data even if they wanted to. Though if you use other Firefox-based browsers and sync through the same account, you might end up with a weird mix of settings. I already use Floccus (which lets you bring your own storage) to sync bookmarks with other browsers (including Chromium ones), and it works just fine on here.

LibreWolf is compatible with all Firefox Add-ons, but they recommend just installing a password manager and nothing else. Extensions can increase your attack surface, and sites can look for specific add-ons and use the list of which ones they find to identify you.

As for password managers, they recommend KeePassXC-Browser or BitWarden. I use KeePassXC, but it takes a little effort to get it working with KeePassXC-Browser. I’ve been able to get natively-installed packages on Linux and macOS to talk to KeePass just by linking the user config files mentioned there. But Flatpak makes it more complicated, and I haven’t managed to get it to work yet.

Availability and Updates

Windows has an installer with an optional auto-updater.

For macOS they actually recommend HomeBrew. (There’s a disk image too, but it doesn’t auto-update.) Even then, you need to add --no-quarantine when installing or upgrading the cask, or else the system will decide the new version is “damaged” and refuse to run it. (It’s a small team, and the app isn’t signed with a paid Apple Developer account.) Yes, this does limit the audience that might want to run LibreWolf on macOS to those who are also comfortable with installing and running an extra command-line based package manager.

For Linux they have a few repositories you can add for systems based on Fedora, Debian, Arch etc., plus a Flatpak.

And it’s available for all three platforms on both Intel and ARM.

There’s no mobile version, though they recommend IronFox for Android.

This is not a review of the web browser. This is an attempt to explain, as succinctly as possible, what the controversy was, why it was a controversy, and why people might still be leery of the situation. Unfortunately, I’ve had to work mostly from memory, because a lot of it happened on the Fediverse where full-text search is also a controversial idea.

The Facts

In June-July 2024, SerenityOS head Andreas Kling stepped down to focus on Ladybird, the OS’s independent web browser. He subsequently announced a non-profit to build it into a cross-plaform alternative not dependent on the Gecko or WebKit/Blink codebases, to a great deal of appreciation from people who want a break from the Google (with a little Mozilla and Apple on the side) hegemony.

A few days later, someone pointed out an issue in SerenityOS where a new contributor offered to update the documentation to include gender-neutral language instead of always assuming the person building the project was a man. Kling rejected it with the statement: “This project is not an appropriate arena to advertise your personal politics.”

The Controversy

This stirred up a lot of discussion, much of it heated, both on the Fediverse and on GitHub, as there are a lot of people in programming whose presence in the industry – or presence in general – is considered “personal politics.” Transgender individuals especially have often seen this sort of statement used as cover for deliberately excluding them from one sphere or another.

Kling and the Ladybird project doubled down on rejecting active inclusion in the name of being “apolitical.” Others tried to explain that rejecting inclusivity is inherently a political decision.

If you’ve watched enough of these things play out, it’s usually the doubling down that causes a lasting split, more than the original disagreement.

The Policy

As of March 2025, the Ladybird contributing documentation contains the following statements regarding “neutrality”

The project will not be used as a platform to advertise or promote causes unrelated to browser development or web standards.

To maintain a focused and productive environment, discussions on societal politics and other divisive topics are discouraged in project spaces.

and “bad-faith contributions and brigading”

We reserve the right to reject issues and pull requests that appear to be motivated by bad faith.

Additionally, anyone found participating in social media brigading of Ladybird will be permanently banned from the project.

The Fallout

Taken together, and combined with the fact that the pull request that set it all off was simply trying to indicate through language that the project is open to more than just men, the implication is that anyone attempting to include someone whose legal existence or safety is under attack right now by, say, the executive branch of the United States Government, should not bring up anything in the project that might be relevant to their continued existence – like say, privacy features that might be more important to them than for a team largely made up of people who don’t face the same risks.

Here’s the problem: You can say “we strive to set our differences aside and focus on the shared goal of building the browser.” But those differences can (and likely will) include some people on the team thinking other people on the team shouldn’t be alive, or shouldn’t be allowed to participate, or their concerns shouldn’t be taken as seriously based on who they are. Add the explicit promise to reject “bad faith” PRs and ban people permanently? It at least looks like exactly what people were worried about in the first place:

Using the language of neutrality to keep people out.

Brave advertises itself as a privacy-focused browser, but for every cool privacy feature I look at there’s a reminder of how deeply enmeshed it is in the exploitative venture capital side of Silicon Valley, with cryptocurrency features and a core business model that blocks ads on websites and replaces them with its own ads.

So I’ve never really trusted Brave, looking at them with the same kind of skepticism as post-acquisition Opera. But I figured since I’m evaluating (or re-evaluating) a bunch of other browsers, I should upgrade my skeptical opinion to an informed one.

On first run it showed me an ad for a bitcoin credit card.

So there’s that.

Moving on. It also wanted me to opt into a “web discovery project” that would share anonymous search activity to help build up their index. To me it seems like the kind of thing that could be de-anonymized with a little context, but at least it’s opt-in.

I remembered reading that they’d added IPFS support to the browser a while back, which I thought was a good idea. I’ve experimented with it from time to time using an extension with Firefox and Vivaldi, and wanted to try it out in a browser with native support. It turns out Brave just removed IPFS in the second half of 2024. But hey, it’ll still detect NFTs!

As for privacy: it comes with an ad blocker and a bunch of anti-fingerprinting measures (comparable to those in LibreWolf). It can use placeholders for embedded posts like Privacy Badger does, but only supports Facebook, X and LinkedIn. Its sync service uses a single client-side key (in the form of a long pass phrase) instead of an account. There’s also a Tor mode, which is nice if you don’t want to download yet another browser to access onion sites, though it’s still not as private as the official Tor Browser.

But I don’t need a crypto wallet or an AI chatbot built into the browser, and things like Brave Rewards and the Basic Attention Token are basically letting Brave track you itself instead of the sites you visit. And they’ve been known to claim they’ll pay creators who hadn’t actually signed up, and silently add affiliate codes to links using autocomplete. Even some of its fans are complaining about bloat and increased attack surface. (That’s not even getting into the CEO’s unpleasant parting with Mozilla.)

The upshot is that while it does seem the browser is a bit tighter, privacy-wise, than LibreWolf where the sites I visit are concerned…I don’t trust the rest of the application. So now it’s my informed opinion that it’s comparable to post-acquisition Opera. For now I’m sticking with Vivaldi for Chromium compatibility, LibreWolf for a little more privacy, and when I want to use Tor, I’ll just use Tor.

Software developer Brendan Eich invented JavaScript while working on Netscape, and went on to co-found Mozilla. In 2014 he was promoted to CEO, and within days people pointed out that he had made a large-sum donation to the campaign for California’s anti-marriage-equality Proposition 8 in 2008.

A fierce debate ensued as to whether he should be trusted to handle teams that might include people whose lives had been impacted by that campaign – the proposition had passed (though it would later be overturned by the courts, and in 2024 voters elected to repeal it outright and replace it with a clause affirming marriage rights). He resigned after less than two weeks, and not long after co-founded Brave Software.

Legacy

Now, in 2025, barely a week out from the Firefox ToS debacle and looking back at Mozilla over the past decade, I see this episode as a turning point.

• They lost the trust of people who were alarmed to see him promoted.
• They lost the trust of people who were alarmed to see him resign.
• They lost his technical skills.

It’s easy to imagine an alternate timeline in which they put a little more effort into choosing a new CEO, promoted into leadership someone who hadn’t actively campaigned against civil rights, and kept Eich on in a technical role.

Maybe Mozilla would have held onto more support in 2014. Maybe Firefox would have gotten some of the features Brave experimented with. Maybe they would have spent less on C-suite salaries and more on development. And sure, maybe Eich would still have left at some point to build a “Web3” browser, but without the bad blood from the split as it happened here.

And while Brave in our reality launched as an ad company masquerading as a browser company, and Mozilla has turned itself into one over the last couple of years, it’s also easy to imagine a world in which Mozilla didn’t spend the last decade chasing every last trend that might turn up an alternative revenue stream, and instead focused on making the browser as good as possible.

Or maybe it would have played out largely the same, just at a different speed. It’s impossible to know for sure.

What might have been…

Full disclosure: I don’t like the premise of Section 31 (the organization) in the first place. IMO it undermines the concept of the Federation rather than complicating it as Deep Space Nine’s more gray-area episodes did. I didn’t like it when it showed up in DS9, and I was so tired of it by the end of Discovery season 2. (More about that later.)

But I was going to watch this anyway, because Michelle Yeoh is always compelling. As awful a person as Mirror Georgiou is, the character is fascinating to watch – particularly when she’s navigating the different rules of the Prime universe. And she does not disappoint!

The Verdict

Viewed as a pilot for a Star Trek series, it’s…okay. The only really good pilots the franchise has had are “The Caretaker” (Voyager) and “Second Contact” (Lower Decks), with “The Emissary” (DS9) coming close.

As a stand-alone movie, though, it’s a mess. Too much exposition, too little story. Characters drawn with bullet points to be filled in later. A cliffhanger halfway through, with a stark change in setting and supporting cast making it clear that it was two regular-length episodes. And an epilogue that does nothing for this story, serving only to set up a series that won’t happen.

It could have been retooled as a good heist film like Solo (no, seriously), but the seams are way too visible, especially considering that (IIRC) the decision was made before shooting started.

(And as cool as that ship at the end is, it makes absolutely no sense given what it’s being used for.)

Fridge Logic Time

It took a while to figure out that this was Georgiou after her disappearance in Discovery Season 3, having popped up again in the prime universe about halfway between TOS and TNG. That still puts her several decades out of sync with her own time, something which messes with the timeline of her contemporaries in her home universe.

Side Note on Deep Space Nine

Sisko is willing to bend the rules on the regular because he’s working in a place where things are messy, but he bends them to avoid breaking them. We see the murkier side of things during the Dominion War, and when O’Brien gets dragged into an undercover intelligence investigation. But while there’s a lot of gray area, they’re still striving to keep in the light, and there’s a point beyond which the darkness is not acceptable. In “Paradise Lost” Sisko comes down hard against a conspiracy that’s willing to throw out the Federation’s ideals wholesale, claiming that they’ll come back in some nebulous future.

“In the Pale Moonlight” works because it’s a last-ditch plan, and because it shows the decision process. We watch Sisko work through the moral quandary and conclude that this time, in this place with this situation it’s necessary to violate those ideals in order to preserve them in the long run. Whether the audience agrees, he’s at least grappled with the problem.

Similarly, Discovery Season 1 made a very clear point about Starfleet’s ideals being something to keep aspiring to, not to discard for the sake of expedience. Lorca’s approach may have been effective in the short term, but that didn’t mean it was the only solution, or the best one, even in wartime.

That’s a far cry from an entire organization dedicated to assuming the dirty work is always going to be necessary and simply tossing ideals out the window to do it, even if it’s framed as making sure other people don’t have to.