Disclaimer: Am konform dev so shouldn't be a surprise that it's working well for ourselves I guess. Eager to hear to what extent it's overfitted for our usage or really as great as I think it is ;)
BTW if you, dear reader, think queries in report of results are cherry-picked in a way that favors it (I don't think they are but hey, fair), I'm also eagerly accepting input and especially PRs for queries (still have the raw dumps so I can add this quickly) or steps to test procedure (this means I have to rerun all of them so might take longer to update) that could illustrate different tradeoffs and show a more complete picture. Bring it on <3
Daily-driving it now. I think it's great. If you're somewhat familiar with the landscape otherwise I think readme explains how it's different and why. If you don't mind losing out on some "safety"1 and latest upstream features2 for the sake of a more stable and predictable base, not having reliance on proprietary integrations or even internet, and really removing all non-essential network integrations, then definitely worth a try!
1: A surprising amount of people think (or at least write online) that a browser that doesn't block user requests completely aligned with the Google SafeBrowsing blocklists is unsafe and that doing those syncs is an essential feature. If you think this is the only safe default option in 2026 I'm sorry but please consider uBlock Origin. See how opinions on who to trust can affect what "most secure" means. Konform Browser removes many assumptions of trust. But not all; Everyone still comes with an assumed PKI after all and there exists a default for DNS.
2: Since it's ESR base it means new feature updates from Mozilla ~yearly instead of ~monthly. Still receiving security updates on the rapid schedule. No AI features out of the box.
There can still be winners, the good, the bad, and the ugly. It's just that we have to engage a bit deeper than a quick scroll and a oneliner to figure it out1 than that.
they’re all doing differently privacy impacting things, but there are no “winners”.
The difference matters. Looking into the raw URLs and bodies involved is enlightening. Apart from that, which other queries can we run with jq (or other tools) can we add to the post to add more useful dimensions?
1: The answer might be different for each of us and depend on what we're doing at the moment. Different situations might call for different browsers.
At least in most cases, the data is being leaked back to the developer and not third parties.
What is this based on? Why not see if that assumption is true1? There's quite a big difference in nature and quality here between them. This doesn't really come through in the data aggregation put on display in the post but I hope more people will try to run this on their own. Zen and Mozilla are the only ones with significant (and it is significant) telemetry of their own at all between these while LibreWolf and Konform have 0 data going to the devs, for one.
The whole idea here is to be able to achieve more nuanced and accurate understanding so more educated decisions can be made and enlightening conversation be had. Not just keep rehashing the same memes we based on vibes and hearsay.
Was hoping more for answering questions or getting new input than shooting down uninformed takes 😅
1: Well, staying inside the system we can't prove that no sharing with third-parties is going on if we only see one domain involved. But that is not the case everywhere here. We can easily see when separate servers operated by multiple parties are involved by looking at the URLs and looking up the domain names. And then we can go look at what's being sent to where.
Thanks! Adding Floorp should be straightforward if you feel like tackling it yourself as it's "just another FF fork". Adding a new browser consists of adding a new Containerfile for it. I guess Floorp might be most similar to Mozilla firefox out of the existing ones. PRs much appreciated for new browsers as well as any interesting queries to get more insight into data I can run on existing dumps and add to Report section.
For Brave got it running but didn't yet figure out why it crashes as soon as I try to proceed with the onboarding. Judging by the probably unrelated error noise in the console, it might be trying something weird with a graphics driver or hardware sensor and not gracefully handling not having access to whatever it is 🤷 But didn't even ldd or strace it properly yet so maybe just a missing library.
There's a lot that could be done but had to wrap up and publish somewhere.
I don't think the data supports that. I'm curious what makes you single it out. Mullvad is in the top-tier but it is not alone (or clearly #1 - like the post gets into - it gets nuanced and I think any attempt at general objective "top 5 ranking" will be reductive to the point of being misleading or plain wrong. So I'm not trying that here). Read again? :)
For example of nuance displayed in results:
### Number of requests
119 firefox
81 firefox-esr
0 konform
7 librewolf
30 mullvad-browser
62 zen-browser
Oh and I forgot to mention, we have an Arch repo now with prebuilt bin package too. If you add the repo and pacman -Sy konform-browser-bin, then it will upgrade for you on future pacman -Syu when there are new versions published.
For trying out such a new project I guess you might still want to do the more manual route in the beginning but if/when you feel it's earned your trust now you know <3
Thanks for checking in! Did you try importing the Release PGP Key listed under the release already? ^^ Maybe it's a bit easy to overlook in the release notes but it's right above the debian installation. There should be a pinned comment on that on the AUR package pages already.
If you save key to file on disk:
$ gpg --import ./konform-cb-ci.pgp
Then it should show up with that Key fingerprint when doing gpg -k after.
Oh and one more thing on the overrides: There are a couple of prefs flags that exist in one of Konform/LibreWolf but not the other mostly due to being based on different FF versions - so in case you have some particular override not being effective, I'd first check that it's not just a case of differences between FF versions 140-147. Not expecting that to come up in practice and setting non-recognized prefs should be harmless, but knowing this might save some head scratching in case you have an extensive overrides config with recent additions.
Yes! In fact while the browser otherwise has its own branding, it does recognize override config as librewolf.overrides.cfg so you can literally just drop your existing LibreWolf overrides file into ~/.konform and it should pick it up. Figured this would make it smoother for people migrating from LW or switching between the two.
Not personally daily-driving or actively recommending it but I've had to look closely at Brave as part of browser security work.
Most of the posts, articles and videos I've seen that don't apply approximately equally to the other big names are mostly backed by arguments like "I don't approve of BE behavior and BE made Brave therefore Brave bad", "crypto scammers bad therefore crypto bad and Brave uses crypto therefore Brave bad" or "it's being promoted by bad people and therefore bad". I think such arguments are in themselves without merit, should be dismissed and are not sufficient to tell others they shouldn't use it. Tribalism isn't healthy. An opinion being widely shared doesn't make it true. Your trusted influencer being upset doesn't mean you need to be.
Valid criticisms of Brave and valid reasons for not using the browser exist but that's rare to see written out but buried deep under the bulk of FUD, groupthink and uninformed meme-takes we find all over the stuff shared on socials. On the privacy and security sides it's very much a mixed bag. Scrolling through Brave flags I note more than one thing I think we can take inspiration from. For people locked into corpware and limited to what's on the major app stores, you can certainly do worse. Yet I see little concern-blogging over Copilot 365 .NET Live Edge or Samsung Internet Browser, for example.
Of course I'd personally love if you used Konform Browser (or any other non-chromium browser) instead but I mostly see people bashing Brave for completely confused reasons. Yes there's bloat and ads and telemetry and problematic trust and outbound networking going on out of the box. Yes they inject their own monetization into the user experience if you blindly click "Next, Next, I agree, Next" and run with defaults. All just like for Firefox these days. And just like Firefox, user configuration exists to improve on much of that while the software license and open source code afford fixing the rest for the willing. The differences I've seen when it comes to the browsers are mostly in degrees, not fundamental. Maybe we should have a Brave fork too.
IronFox: Exists. Currently mostly due to hard thankless work of one or two individuals.
somerandomperson: OK they got this; everyone else stop trying and go home now
I don't think dismissing the issue so quickly is fair to either the IronFox maintainer, the state of Android web security, or browser diversity. It is also discouraging for anyone else considering exploring this and sharing their work in public. We need more people working on an open and free mobile browser ecosystem, not less.
I mean technically Android is still somehow Linux so ^^. But it does feel funny when the first (and only?) follow-up comment on the Linux community of this Linux software is about needing an Android version instead :p
The more interested people we have checking it out and poking at the code, the higher chance we can ship Android builds Soontm. Feel free to swing by and stay tuned ;)
You were literally asking for "trustworthy websites with recommendations". GP is telling you to stop looking or even believing in such things existing. I'd agree.
The harder you search for just that, the more targeted you will be be scammers and cybercriminals. Whatever is a credible resource today may turn bad next month and public perception taking years to catch up. It's not like that'd be a first.
Grumpy ken thinks "Just use Foo" meming is promoting mindless use and I think should therefore be discouraged. Even in jest I think this affects us subconsciously to feel more comfortable with not thinking deeper for ourselves. Even if X is the right one. "Use Foo already!" is nicer~!
DM me if you'd like to discuss further consulting on this project. I do think I could help you. However, reaching a proper design for this that is actually appropriate for your situation is non-trivial, goes beyond the scope of lemmy thread and would likely be paid.
I would also like these things to be easier and just be able to point you to something existing but the reality is they currently aren't and such solution isn't. But if you do push ahead and are open to sharing (potential security tradeoffs there too), maybe you're in a position to be part of improving that situation.
Disclaimer: Am konform dev so shouldn't be a surprise that it's working well for ourselves I guess. Eager to hear to what extent it's overfitted for our usage or really as great as I think it is ;)
BTW if you, dear reader, think queries in report of results are cherry-picked in a way that favors it (I don't think they are but hey, fair), I'm also eagerly accepting input and especially PRs for queries (still have the raw dumps so I can add this quickly) or steps to test procedure (this means I have to rerun all of them so might take longer to update) that could illustrate different tradeoffs and show a more complete picture. Bring it on <3