I am an exclusive flatpak user (as much as possible at least)

In that case I will certainly encourage you to get more comfortable with the flatpackaging side and getting that local build env up for yourself! Having self-hosted repo for self-built packages¹ in whatever format you use is one of the most liberating things one can set up IMO. Looking forward to seeing you around on the issue tracker ;)

¹: Ideally with sensible lifecycle 🤭

Ah, sorry you’re having issue! Re video playback¹:

• Do you have a URL not working for you I can reproduce your issue with (you can DM me if not want to share public)?
• Media Codec installed and available? about:support and look Media -> Codec Support Information. Are you on Arch perchance?
• Tried the “Basic Functionality” preset? about:welcome should show on first launch, can also be reused later.
• It’s not likely but still possible that some preference set in your old LW profile interferes. Different result in fresh profile?
• Same result without addons? (“Troubleshoot Mode” under about:support)
• Left-hand side of address bar, there should be a shield and couple of icons. You can click those to temporarily or permanently unlock protections for current site.
• In a fresh profile, you could try “Just Make It Work” preset - does it work there? That will, among other things, enable DRM modules and allow the browser to silently download and execute binaries from Cisco and Google in background, just like vanilla FF. This behavior is disabled under the other presets for security reasons and I don’t recommend it much beyond testing and troubleshooting.
• Sometimes, sites blocking you will yield CORS errors in console. If that’s the case you should also see HTTP responses with 4XX status codes under Devtools Network tab. or 5XX if legit server error.

¹: Should work; I’m streaming 4k fine.

Not highly prioritized since:

1. We’d need someone with a Github account (ie not us) to step up as maintainer for that in order to be on flathub.
2. Arguably problematic security tradeoffs for browser (yes flatpak has its own sandboxing but that disables the one of browser)
3. Users run into frustrating and confusing edge-cases with not working devices, directories, addon integrations, etc, and not grokking the security model. Flatseal is a bit obscure still.
4. Container option exists for advanced users who want containerization

That said, there is a starting point - if anyone feels inclined to pick it up shows up on the forge, would be happy to collaborate towards that. You can also just go ahead and package it up independently from us if you wish (free software and all that).

Are you on some dist existing package repos aren’t covering? Or just a matter of preference?

Ah, glad it worked out! Somehow this earlier reply only came in here after posting the same suggestion ;^^

Looking forward to hearing your thoughts and impressions!

Backup / restore is windows only

Ah right, I forgot that part - exposing that feature on Linux is a Konform thing.

Actually, there is one more thing you can try which I should have thought of first and might work better:

Do the original approach of copying the profile dir in place, but start Konform Browser with the --allow-downgrade flag: konform --allow-downgrade

After it has (hopefully successfully) completed the import, it can then use it like normally when started without the flag afterwards. I just tried it with a recent LibreWolf profile and seems to migrate everything fine.

Thanks for trying! Hmm, so I haven’t performed such a profile migration myself recently.

Previously, it was enough to just drop the directory over (which I guess is what you did?) but as Konform and LibreWolf are tracking different FF branches, this kind of things is not unexpected. “Touching tips” is a ~yearly happening and next time is currently many months away - such long time to wait!

Now, I am thinking of two options (in any case: separate backup first!):

• Profile Backup / Restore https://support.mozilla.org/en-US/kb/firefox-backup under about:preferences
• Use a Sync Server (either Firefox Sync or self-hosted syncserver) and sign in with same account in both to sync over.

If you have a librewolf.overrides.cfg, that should still be possible to just copy into your ~/.konform dir or corresponding system path regardless of rest of profile.

While the application code itself is C++/JS, instrumentation code is Python. Sure could use a hand with getting instrumented testing up for existing suites. Automated testing for network leaks etc would also be neat.

(I guess manual testing is not in scope for what you are looking for here but that is of course also welcome)

Feel free to open an issue on tracker if you think it might be relevant and want to discuss ideas, or you can “DM” here!

https://codeberg.org/konform-browser/

EDIT to add: If not (aw), how about QubesOS?

https://github.com/QubesOS/qubes-issues/issues?q=state%3Aopen+label%3A"C%3A tests"

https://github.com/QubesOS/qubes-issues/issues/2916

That is interesting!

BTW in case you’re not aware, direct links to fedia.io like the one you posted just lead to a loginwall so you probably don’t want to share those publicly. This one via beehaw.org works for everyone, though: https://beehaw.org/post/24563411

Thank you for kind words!

Ah, then the hope is that this curiosity will trigger you to dig into it yourself (for example using the provided tool or taking inspiration from it) so that it starts making sense! I know it’s an unconventional format to refrain from laying out my own opinions and analysis but that’s my thing today. So much “everyone knows” and vapid third-hand takes flying around these days that I think we would do well to actually verify (and pick up related knowledge in the process) rather than take forum comments and blog posts for gospel.

OK, all right, I can try. I guess I can point at one thing in the Mozilla telemetry at the very end, doesn’t that look very fine-grained if you look at the URLs (addresses) listed?

We can tell that many of the actions I took were communicated to the mothership for analysis and product improvement. Is this data really anonymized (or anonymizable)? Is it a reasonable amount for a user that has not opted in? My professional and personal opinion is: It is not.

But! That’s just one isolated example. And an extremely limited view. What about Zen? Chrome, Edge and Safari weren’t included here at all. And it’s not at all looking at what happens for a user who probably cares about this: when you go to settings and disable all the telemetry. See I just said that one thing about Mozilla Telemetry and now I’m going to have to run some new tests and write reports about them for days just to set that record straight!

Maybe I’m odd but I think it’s many (100?) times easier and quicker to gain understanding of the kinds of stuff we’re looking at here by getting hands-on than to communicate it verbally. And I’m concerned with this limited attention span so many people are afflicted with these days, and look at how long this comment is already, no we’re done with me telling you how it is, let’s wrap this one up and get on to the juicy stuff.

There’s an expandable section Basic test environment usage under Testing procedure but I realize now that might be easy to miss…

Anyway, to start it: Install podman, docker-compose (v2) and MITM_BROWSER=firefox-esr podman compose up --build. That should be it.

Then the browser pops up (hopefully), you do your thing, and after you Ctrl+C in the console, it will quit and the proxy will dump the recorded .har file which contains all HTTP and websocket traffic that went through the proxy in cleartext, in JSON format. There’re tools online that can help visualize I think but nothing I can recommend off the bat. Simply cating it to the terminal or opening it in a text editor can be educative. Also playing around with variations of the jq snippets and see if you can come up with questions of your own to answer. Or if anything in my numbers make you scratch your head or say “wait a minute” dig there.

In case you want to take a look at what the thing does before running it (trust me bro), these are the files involved when you run that compose up command:

• entrypoint compose.yml
• imported compose/proxy.compose.yml for mitmproxy
• The browser Containerfile (aka Dockerfile)

Available browser images

What about gwenview?

The author seems to think Mozilla should have protected our privacy by having someone act as the proxy for the request.

On the proxy part, they actually already have that and using it for some other parts:

https://support.mozilla.org/en-US/kb/ohttp-explained

TL;DR: Imagine an HTTPS-over-HTTPS proxy. Try to explain it like something groundbreaking without referencing existing tech. Now you have OHTTP.

https://firefox-source-docs.mozilla.org/browser/components/mozcachedohttp/docs/index.html

https://www.fastly.com/blog/firefox-fastly-take-another-step-toward-security-upgrade

It makes me scratch my head a bit why I’ve never see it enabled for DNS-over-HTTP in default stock Firefox config despite it being supported for years - the endpoints are just not configured. You have to know about it and configure the barely documented URL in about:config for that. Unlike for newtabpage and the FF shopping feature where OHTTP is used by default. Infra costs?