What is Librewolf ?
LibreWolf is a browser designed to increase protection against tracking and fingerprinting techniques, while also including a few security improvements. This is achieved through our privacy and security oriented settings and patches. LibreWolf also aims to remove all the telemetry, data collection and annoyances, as well as disabling anti-freedom features like DRM.
How to test ??
sudo snap install librewolf --edge or --candidate
I will also add more codecs for media playing in the coming days, stay tuned.
Report Issues At :
https://github.com/CapeCrusader321/Librewolf-snap/issues
Source/Manifest :
https://github.com/CapeCrusader321/Librewolf-snap
As a web browser, this really shouldn’t be disabling the internal browser sandbox. You can use the allow-sandbox attribute on the browser-support interface.
I must say personally I’d be apprehensive using a browser that claims to have security improvements but then runs with its internal sandboxing disabled. The browser can store credit card details, passwords, login cookies to bank accounts, work accounts, social media, etc. It’s generally considered the biggest attack vector on any consumer device (and often commercial workstations too).
Personally, I’d really re-consider whether it’s appropriate to have this publically available in the store in the current state. The snap sandbox will do nothing to stop the browser from itself, and given the commitment required for browsers in particular regarding security and long term support, you really need to be sure you can keep up with it amongst all your other snaps for years, it’s not something someone else would be likely to take responsibility for in the future if you were to no longer have the time free to keep up to it.
I had earlier kept it with allowed sandboxing mode, but then i thought may be its too high-profiled and is available to only vetted organizations,corporate etc.
Do i have to seek approval for that in the forum ??
Regarding the maintenace , its not a big thing even a novice user could maintain it as i have intentionally kept it simple, we are staging the app from a repo and all we need in future will be to just trigger it, and update it for newer core etc.
Edit: Rebuilding with the above mentioned plug, i think i will close the candidate channel atleast for now until its granted ?
There is an approval process to use the allow-sandboxing and it does require vetting because it gives your snap more privileged access over the machine than most other snaps.
But security is multi-facetted. Installing your snap means I give you a lot of trust anyway; but in the case of a browser; that trust is absolutely massive. The snap/browser will by default ask to save the credit card details of the user, passwords, etc. The snap sandboxing IMO means nothing in that instance, the sheer nature of being a general purpose web browser is a huge responsibility and there’s a lot of damage the browser can do to itself. I’d go as far as to say I’d personally prefer a web browser was run in classic confinement where the internal sandbox worked, than in strict where it doesn’t. The snap sandbox protects the machine from the snap. It doesn’t protect the snap against itself.
I do expect if you were to ask for a review for the interface you’d likely be declined it due to the vetting process, if so then that leaves us in the current situation where the snap is already collecting a massive amount of privileged information and exposed to a huge amount of evolving threats with half it’s security model disabled, being direct, I’d say this either needs to be handed up to Librewolf to fit within the current policies or removed for being a liability.
(I don’t want this feedback to come off negative, I do appreciate the effort and it’s nice seeing you grow in your snapping journey. I wouldn’t trust myself with a browser snap either, it’s a lot of potential risk to have in the hands of one person!)
So should i ditch it then, seeing the conditions and the requirements etc ??
If its not viable to be held and maintained by an individual i will close it.
Edit: I too think it will be better to close it.
Edit #2 : Closed it. Thanks for the feedback and insights
