Before we get started: I guess it needs to be said these days that everything here is 100% by carbon-based life-form.

Aside from the latest security fixes from upstream Firefox ESR, Konform Browser now also has:

- Rehauled Security Settings with convenient global configuration for WASM, JIT, WebRTC, WebGPU, Geolocation, DOM Push

- Security Settings now also expose UI for enabling First-Party Isolation (same behavior as Tor Browser) and tweaking Enhanced Tracking Protection

- Spoofing of Navigator.sendBeacon

- Profile Import feature now supports importing profiles from Firefox and compatible browsers (FF ESR, Floorp, IronFox, LibreWolf, Midori, Palemoon, Waterfox, Zen Browser)

- Built-in depropped Multi-Account Containers[0] allows configuring per-container proxies and makes container tabs part of core browser experience.

- Privacy improvements and defense-in-depth[1]

- Various bugfixes and improvements

- Local-only ML/"AI" functionality more robust

Would be keen to hear if anyone checked it out and what you think of changes or project in general.

---

Socials: https://techhub.social/@konform

Releases: https://codeberg.org/konform-browser/source/releases

Past Show HN submissions:

- v140.7.0-103 https://news.ycombinator.com/item?id=46713226

- v140.7.0-108 https://news.ycombinator.com/item?id=46956420

- v140.8.0-105 https://news.ycombinator.com/item?id=47227369

[0]: https://codeberg.org/konsortium/multi-account-containers-lit...

[1]: E.g: Disabling speculative preconnects and disabling background processes for disabled functionality. While these changes are motivated by security, it seems to also have surprisingly positive impact on performance.

Comments URL: https://news.ycombinator.com/item?id=47510201

Points: 4

# Comments: 0

https://f-droid.org/packages/helium314.keyboard/

HeliBoard is currently asking people to volunteer swipe data so they can further improve on free and open alternative for swipe keyboard. Please consider helping out!

https://github.com/Helium314/HeliBoard/wiki/Tutorial:-How-to...

https://makertube.net/w/cQECfDkuLGR9eUQquUEo4K

https://codeberg.org/konform-browser/source/releases

https://techhub.social/@konform

Shared today on Show HN but seems to be drowning in deluge of LLMs...

https://news.ycombinator.com/item?id=47227369

> every single extension provides 100% access to my websites to whoever controls the extension

That feels a like a bit of overstatement and depends on what addons you use and how you install them... CSPs at least make it possible to restrict such things by policy (assuming user has been exposed to it and parsed it...). https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/Web... MV3 introduced further restrictions and controls regarding addon capabilities. While I agree the UI and UX around this could be much better, it's not all hopeless. The underlying pieces are mostly there.

While the fundamental addon execution security model in Konform Browser is inherited from upstream, for core addons like uBO you can improve the supply-chain security situation by loading it under "system scope" and disable addon updates in the browser itself. So while we don't (yet) improve on the runtime aspects you speak of, at least for now we can tighten up the supply-chain side to minimize risk of bad code running in the first place.

Literally `apt-get install webext-ublock-origin-firefox`.

"Enterprise policy files" can be used to change Firefox behavior and tweak security model around addon loading. A little explanation and reference of how it works if you want to do the same in other FF build or for other addons: https://codeberg.org/konform-browser/source#bundled-extensio...

Any particular addon you think is missing from the list there and should also be packaged and easily available? Maybe will be able to improve some of the security-UI/UX here too down the line. I'd be keen to hear your take on how this should be done better!

Regarding what addons can and do leak about you to the outside... I think you may also take interest in FF Bug 1405971. We ship a patch for that which can hopefully be upstreamed Soon (tm).

- Rebased on latest ESR release (obviously) - Been porting over relevant security-motivated changes from Tor Browser[0] and Mozilla. - Significantly improved fingerprinting situation making anonymity less of a pipe-dream - Addons no longer leaking their local IDs in HTTP headers - ML/"AI" features adapted for local/offline use when enabled (while proprietary cloud snoopies fully removed)

Been quiet on HN previously so keeping this submission brief. Release notes are probably the best resource right now to get an overview and feel for the project. Happy to talk more if anyone has any questions!

Would also be nice to hear feedback from anyone who's either tried it out or dug into the repo.

[0]: Big thanks and cred to inspiring maintainers and contributors there

---

Socials: https://techhub.social/@konform

Releases: https://codeberg.org/konform-browser/source/releases

Past Show HN submissions:

- v140.7.0-103 https://news.ycombinator.com/item?id=46713226

- v140.7.0-108 https://news.ycombinator.com/item?id=46956420

Comments URL: https://news.ycombinator.com/item?id=47227369

Points: 4

# Comments: 0

The project started as a fork of LibreWolf and now stands on its own four feet. It takes a harder stance on the three goals of security, privacy and freedom. It's intended to be suitable as a general-purpose daily driver for everything from managing the intranet to surfing the murkier tubes.

This week we added a simple "onboarding" page replacing the about:welcome of Firefox with a page where the user can choose between four different preset configs depending on their scenario and preferences.

If you don't enjoy compiling browser from source, there are prepackaged binaries and probably repos for your Linux dist.

Doors open for users, testers, contributors, as well as hackers itching to (constructively and helpfully pretty please) tear this apart. Looking forward to hear what HN thinks!

Comments URL: https://news.ycombinator.com/item?id=46956420

Points: 8

# Comments: 0

https://codeberg.org/konform-browser

This week added a simple onboarding screen - I don't think a single default config can ever be ideal for even most situations. Intranet admin web UIs and browsing the tubes call for very different default configuration so it makes sense to have more than one and making switching easy.

Konform Browser is free software developed and maintained by 100% organic free-range humans and does not seek revenue. There's no business model beyond this hopefully turning into a neat line on the resume or a lead for gigs down the line. Considering the project "GA" and actively supporting public users as of last month. Contributions are most welcome.

Currently only shipping for Linux and hoping to do Android one day. We do package binaries (transparently in codeberg ci) and provide repos but for those who prefer, building from source is supported and something I hope to make more accessible for those who want to bring their own patches.

Happy to reply to questions and feedback!

https://news.ycombinator.com/item?id=46820977

Comments URL: https://news.ycombinator.com/item?id=46820977

Points: 2

# Comments: 1