Relatedly, check out AdNauseam.

https://github.com/dhowe/AdNauseam/

https://adnauseam.io/

Or further favourable: Konform Browser.

Tor Browser and Mullvad Browser also worthy mentions.

YSAK: If you care about stuff like this, Konform Browser is likely more suitable for you!

It makes these things easier to configure (e.g: There is UI for toggling RS server or setting a custom URL). It makes it easier to selectively enable only security-related stuff (cert revocation lists) while keeping requests for less important features disabled. It requires opt-in to enable the background fetching and has 0 self-initiated/background outgoing connections on first startup. When request to RemoteSettings is blocked by configuration, it reuses locally available data to a larger extent. It is more selective about what to sync and not. It loads ublock origin from local filesystem instead of downloading it from internet. Etc…

What is particularly annoying is that some of these domains, related to “remote settings”, are essentially hard-coded and cannot be disabled by changing configuration parameters.

This is not entirely true. Relevant prefs for about:config or librewolf.overrides.cfg that are recognized by either browser:

• services.settings.server
• librewolf.services.settings.allowedCollections
• librewolf.services.settings.allowedCollectionsFromDump

For example

If you are on Linux and want to stay private, Konform Browser is to my knowledge the only actively maintained Firefox derivative which will initiate 0 connections to Mozilla (or other) servers under default configuration.

Posted about it the other day here. Spread the word :3

Update: Latest release now has updated preferences pane. Took the opportunity to include some other small changes in that area from the backlog while at it. Improved thanks to your feedback ^^

All good!

Well, you did help with identifying at least one bug: The hints on Konform preferences pane still contained confusing and misleading wording leftover from LibreWolf and I can totally see how it would lead you to believe that enabling that option was a good idea. It was also a bit hectic with all the hints being “warnings” when several of them are more informational. Sorry for the confusion and thanks for mentioning it. Did some changes there today so the pref pane should be calmer and more helpful from next release.

On the CF part, one thing I missed in my previous reply is that they do have reporting channel for users. If you are OK with the data sharing that comes along with that, it could be helpful.

https://developers.cloudflare.com/cloudflare-challenges/troubleshooting/challenge-solve-issues/

If none of the above resolves your issue, contact the website administrator with the error code and Ray ID or submit a feedback report through the Turnstile widget by selecting Submit Feedback.

Glad you figured it out and hope it keeps working without hitches from now on! I’m curious what error you got (feel free to DM) as I do installation in trixie with copy-pasting repo from the package registry instructions as part of testing process and I didn’t catch any issue with that. The format in the instruction is an older one than the one you list (yours is correct and preferred in any case) but works on my trixie installs so far.

I am aware of issue with RPM repo instructions not working, though. Should be fixed in next Forgejo update. These should work.

Thank you for kind feedback! I’m glad you dig and that it fills a spot! Internal network management is very much one of a few use-case categories that’s been motivating this.

I have a question. I’ve read that you position Konform closer to GNU IceCat than to LibreWolf, which makes me worry: does Konform provide at least the same level of fingerprinting resistance as Librewolf does, , if I 1) revert “Allow non-default theme” and 2) re-enable “Enforce OCSP hard-fail” in settings?

I don’t understand the IceCat reference. Anyway, I would argue that Konform Browser has stronger privacy defaults (including less leaks for fingerprinting) and the focus is a natural part of the projects privacy goal. Reverting “allow non-default theme” makes sense but I’m wondering about your motivations for OCSP? I don’t think it should do either for or against vs sites, and if anything making the situation worse vs service provider(s).

See:

• https://youtu.be/Htms5rNy7B8?list=PLeeS-3Ml-rpovBDh6do693We_CP3KTnHU&t=2359
• https://hacks.mozilla.org/2025/08/crlite-fast-private-and-comprehensive-certificate-revocation-checking-in-firefox/

I believe what you probably want instead is CRLite? Will be enabled and receive updates for presets other than Purely Private.

And my first bug report:

Hm, that’s unfortunate. But it’s also not clear to me if this is a bug in Konform Browser or not. Only Cloudflare would really know. Possibilities:

• False flag or misclassification from Cloudflare¹ (ie the bug is @ Cloudflare)
• Legitimate block at Cloudflare. For example, previously they might have been able to categorize with decent certainty in a “LW users on Linux on Tor” bucket but you are fuzzier and get treated like “sus” as you’re not distinguishable enough from skillfully deployed spambot anymore. Should be resolvable on case-by-case-basis by site operator, still. This is unfortunate situation and not really something we can address without more specific information²
• If you get consistently blocked with Konform but not with Tor Browser / FF ESR over Tor, that’s an indication Konform might be distinguishable and treated differently and if so, that could be a bug in Konform Browser. If you can pinpoint what makes the difference, that would be very useful to know. “Cloudflare is blocking me at this site” is unfortunately not really actionable but if a behavioral difference can be identified, it’s possible that it can resolved by change in Konform.

In case it’s not as straightforward, and a workaround would involve something like selective UA-spoofing³, I don’t think that’s something we would work on or implement. If the site has a selective allowlist of UAs, that’s either “working as intended” or a bug on their end, not something I think of as a bug in Konform. Resistance against censorship is of course not undesired - but privacy and security are still the higher priorities.

Still, Konform Browser does bundle WebCompat system addon just like FF. So the third path for fix, if only site-specific workaround can be identified, and the issue can be reproduced in FF ESR (maybe by applying KB userprefs), I think it could be to addressable by reporting and adding such workaround.

Does Cloudflare reliably distinguish between users of LW/FF RR, and KB/TB/FF ESR, etc as part of this turnstile page and does that contribute to the difference outcome you see? If so, how exactly is it done and how exactly does it contribute? Is it explicit or emergent? We don’t know. Assuming answers to first two are yes and yes, the difference could even be explained simply by difference in user numbers. Best we can really do is striking a balance between closing the gap and closing leaks of entropy.

If nothing else, it might just work itself out over time due to unrelated changes on either side. If not before, I expect the ESR bump in a few months could “magically” sort these kinds of things out.

¹: Cloudflare only provides support to their customers; not mere mortals like you and I. Resolution path: User (eg you) reaches out to site (ie NexusMods) who can then either 1) change their CF configuration or 2) contact Cloudflare who may or may not fix the issue.

²: DM me if you actually want to dig into this!

³: Konform is as vague and static as possible while conforming to FF ESR/TB format

It does! While existing userprefs should work for enabling the feature and setting your own syncserver endpoints as expected, Konform Browser also has basic UI for convenient configuration of custom sync URLs under about:preferences -> Konform Browser. Please report if any issue with that <3

Cool. But…, could you name those explicitly?

Thanks for checking out! Not in the readme, because it would be a PITA to keep that up to date over time, especially when rewriting for new context each time. They are already covered in release notes and commit log¹ for the curious. You can also look under patches/kon in the source git repo.

This comes to mind.

Could you please explain why anyone should consider Konform Browser over it?

Am engineer not a salesperson or influencer. I guess that means at this early stage it’s primarily targeting the audience who are able/willing to make sense of and contextualize the given material themselves, or willing to take a leap of faith. The pros/cons vs other browsers is something I hope to leave to other users to talk about and share around. Would be cool to hear your thoughts, for example! Maybe this is relevant for some, though.

Also, pull requests attempting to improve the documentation are very much welcome. Would be great to get more contributors involved and one doesn’t have to be deeply technical to write good docs.

¹: Can click the commit hash for a release under /releases and then xxx commits to list commits for specific release

What an atrocious comment choice.

Update: Readme has been updated to be less out of date and that diff list is now more closely resembling current state of differences. In particular, local full-page translations is supported feature in Konform Browser, unlike the readme previously stated.

It would certainly be nice to be able to pre-download language pair models without selecting to and from and then actually initiating a translation using the model i don’t have yet.

Agreed that would be nice. Closest you get conveniently from inside browser today is to switch temporarily to “Basic Features” preset for model downloads (then maybe restart for good measure) and switch back to “Core Security” preset for actual use.

re: getting uBlock externally, i also see the attraction of that approach but unfortunately Debian’s package was last updated in October (from 1.62 to 1.67) while AMO has a release from January (1.69) :/

I don’t think it will be directly bundled due to the list updates and some users will not want it so it should remain optional. That being said, will already be looking at packaging for NoScript so when that happens I think should be reasonable to do the same with up-to-date uBO.

are there plans to distribute Konform via flathub?

Answered this here.

Officially can’t/won’t due to Github being both unreasonable and a supply-chain risk. Anyone is free to do so independently, however. If done in responsible and reasonable way (don’t introduce breaking patches or leave users hanging weeks without security updates plz) could be supportive of such initiative whether done indepently or via Konform Codeberg.

Oh, thanks for bringing that up - that’s out of date and no longer true so I guess the readme does need an update¹. While you are correct, the offline translations feature wouldn’t actually work when blocking its access to RemoteSettings server. There was also a bug (still present in LW) which prevented locally cached results from being used. As Konform Browser does have a strict policy of not initiating connections to “trusted” servers on its own by default and without explicit user consent, it made more sense to remove it than leaving UI for a completely broken feature until it could be done properly.

Since that was written:

• Bugs fixed in Konform so translations do work fully offline now
• An about:welcome “onboarding” screen was introduced where user has 4 presets to choose from. 3 of them (all but Purely Private 🔒️) allow translations feature and 2 (✳️Basic Functionality and 🦊Just Make It Work) makes it default and enable the automatic downloads of models from Mozilla server like in FF.
• about:translations unhidden and can be used for direct translations of direct input

So in reality I would say offline local translations actually work better in Konform than in FF and other forks.

In the future hoping to improve this further by redistributing the models as packages for separate installation on system. Then you can use them without needing the browser itself to download anything at all. Similarly to how it’s already done for spelling dictionaries and uBlock Origin.

¹: EDIT: Readme has been updated to be less out of date more closely resembling current state of differences.

Care to comment on the actual content of post or the topic of the project rather than aesthetics of the thumbnail icon? It’s a web browser, not a lifestyle brand, and this isn’t c/logodesign 🙄

While that section in readme is not entirely up to date, combining that with release notes should hopefully give decent idea. Let me know if you have remaining questions after returning from those! You could also try it out and see for yourself.

Some day, someone is going to have to explain this one…

There is actually a third visual reference in the logo that may be a bit less obvious.

TY! Would be cool with your feedback if you decide to try it out. And feel free to share around :)

The readme lists some of the motivations as well as distinguishing differences with LW specifically. Though the latter is a bit out of date by now as we’ve further diverged (gaps should be captured in by release notes, which is probably best place to read up on project RN).

What benefits are there for you? IDK, I don’t know you or your needs and priorities! There are a lot of possible different answers to that. Also I’m a dev not a salesperson or influencer 😅

Why not give it a spin and let us know about pros/cons? :)

Separately, this is still relatively early days in public life of the project and I don’t want to say “trust me bro” too much but aside from the actual differences between browsers themselves, we take the supply-chain side seriously and aim to keep a tight ship delivering new security patches from upstream on time while minimizing breakages for users. Since this is built without pinning on past achievements or identity, it will still take time (years I guess) to build track record and make this apparent.

LibreWolf, on the other hand, works by spoofing a different fingerprint every session.

Is that true? I think it’s not that much of a fundamental difference in strategy as you say. While LW (like MB) does randomization of e.g. WebGL and Canvas fingerprints, in general other fingerprintables are also kept static. From my perspective it’s more a difference in degrees than direction. Have you checked how your font fingerprint persist?

I believe both Mullvad Browser and LibreWolf come with uBlockOrigin pre-installed

Not exactly. LW comes without the addon but is configured to download and install uBlock Origin from addons.mozilla.org the very first thing it does. This is in contrast with Mullvad Browser (which does bundle the addon) and Konform Browser (which will load locally installed system uBO from known path if installed from distribution package manager).

If you’re looking for something to use with actual accounts (like banking), use hardened Firefox (with arkenfox) or a hardened chromium browser.

Konform Browser is intended to support that use-case and also worthy for consideration. Would be curious to hear if you agree or how you think it falls short!