This project is a custom and independent version of Firefox, with the primary goals of privacy, security and user freedom.

LibreWolf is designed to increase protection against tracking and fingerprinting techniques, while also including a few security improvements. This is achieved through our privacy and security oriented settings and patches. LibreWolf also aims to remove all the telemetry, data collection and annoyances, as well as disabling anti-freedom features like DRM.

No Telemetry

No experiments, adware, annoyances, or unnecessary distractions.

Private Search

Privacy-conscious search providers: DuckDuckGo, Searx, Qwant and more.

Content Blocker Included

uBlock Origin is already included for your convenience.

Enhanced Privacy

Hardened to maximize privacy, without sacrificing usability.

Fast Updates

LibreWolf is always built from the latest Firefox stable source, for up-to-date security and features along with stability.

Open Source

Everyone can participate in the development of LibreWolf. Join us on Codeberg and Matrix.

How often do you update LibreWolf?

LibreWolf is always based on the latest version of Firefox. Updates usually come within three days from each upstream stable release, at times even the same day. Unless problems arise, we always try to release often and in a timely manner.

It should however be noted that LibreWolf does not have auto-update capabilities, and therefore it relies on package managers or users to apply them.

Can I use LibreWolf with Tor?

Please don't. The Tor network is designed to give you complete anonymity, but it can be compromised if you use it with any browser other than the Tor Browser. If you want anonymity, download the Tor Browser.

The Tor Browser is specifically designed to reduce fingerprintability and to work on Tor. Using LibreWolf or any other browser would make you stand out and it is not recommended.

Does LibreWolf make any outgoing connections?

Yes, but they aren't in any way privacy invading and they were carefully evaluated. Specifically they are needed to fetch and update the blocking lists used by uBO, Tracking Protection and certificate revocation, which we considered more important than disabling all outgoing connections, especially ones that are harmless. LibreWolf also maintains an open WebSocket towards Mozilla's push server to check wether you have received push notifications from websites you have subscribed to.

With that being said, LibreWolf is still committed to removing all privacy invading connections, and to keep all connections to the bare minimum required to maximize and balance privacy and security.

What's New

Privacy

  • Delete cookies and website data on close.
  • Include only privacy respecting search engines like DuckDuckGo and Searx.
  • Include uBlockOrigin with custom default filter lists, and Tracking Protection in strict mode, to block trackers and ads.
  • Strip tracking elements from URLs, both natively and through uBO.
  • Enable dFPI, also known as Total Cookie Protection.
  • Enable RFP which is part of the Tor Uplift project. RFP is considered the best in class anti-fingerprinting solution, and its goal is to make users look the same and cover as many metrics as possible, in an effort to block fingerprinting techniques.
  • Always display user language as en-US to websites, in order to protect the language used in the browser and in the OS.
  • Disable WebGL, as it is a strong fingerprinting vector.
  • Prevent access to the location services of the OS, and use Mozilla's location API instead of Google's API.
  • Limit ICE candidates generation to a single interface when sharing video or audio during a videoconference.
  • Force DNS and WebRTC inside the proxy, when one is being used.
  • Trim cross-origin referrers, so that they don't include the full URI.
  • Disable search and form history.
  • Disable form autofill.
  • Disable link prefetching and speculative connections.
  • Disable disk cache and clear temporary files on close.
  • Use CRL as the default certificate revocation mechanism, as it is faster and privacy oriented. For security and usability reasons, the browser might fall back to OCSP in some instances: when that happens, OCSP will be stapled to preserve privacy.

Security

  • Stay up to date with upstream Firefox releases, in order to timely apply security patches.
  • Enable HTTPS-only mode.
  • Enable stricter negotiation rules for TLS/SSL.
  • Always force user interaction when deciding the download location of a file.
  • Disable scripting in the built in pdf reader.
  • Protect against IDN homograph attack.
  • Implement optional extension firewall, which can be enabled manually.
  • Revert user-triggered TLS downgrades at the end of each session.
  • Set OCSP to hard-fail in case a certain CA cannot be reached.

Annoyances

  • Prevent window resizing from scripts.
  • Disable autoplay of media.
  • Disable search suggestions and ads in the urlbar.
  • Remove all the distracting and sponsored content from the home page.
  • Remove the Pocket extension at compile time.
  • Remove Mozilla VPN ads.
  • Disable Firefox Sync, unless explicitly enabled by the user.
  • Disable extension recommendations.