Hi beehaw friends! Long time no C^1^!
Konform Browser version 140.12.0-100 was recently released and if you aren't aware it's time to upgrade! ^2^
Konform Browser is a free/libre and open-source (FLOSS) fork of Firefox ESR with the primary goals of security, privacy, and user freedom. Shows by example how these three goals don’t have to be at odds but support each other and work in harmony. Runs lean and light with lights off out of the box, while making it convenient to toggle on the features you want. All telemetry removed, none added. Fingerprinting and tracking extras with base defaults on par with (or exceeding) Tor Browser, still keeping common-sense tweaks like dark mode and installation of self-built addons available without making a fuss about it. Graceful degradation for private networks and more granular control for those who want a browser that really conforms.
"ESR" means there's a major upgrade coming up soon with the expected jump from Firefox ESR version 140 to 153 next month. Work has already been ongoing for a while to prepare Konform Browser v153 to be the most secure Firefox build at release. Early alpha builds based on FF153beta are available for anyone who wants to do early testing or help out with any other contribution.
Current Konform Browser 140.x is production-ready and expected to keep receiving security updates and bugfixes for at least a couple of release cycles after initial v153 release so users can upgrade at their leisure.
If you try it, would love to hear your feedback on the browser - and if you like it, tell your friends!
FAQ
Installation instructions provided for most Linux distros
New: Artix Linux package, Gentoo ebuild
Releases
Mastodon: https://techhub.social/@konform
^1^ ~but~ ~not~ ~without~ ~C++~
^2^ ~or~ ~install~ ~😘~
Ew, a LibreWolf fork that says nothing about fixing the forced time zone-scrambling. I don't think I will touch this since I absolutely despised that.
Still, upvoting for visibility; more competition is generally better than the other way around!
Hm, could you be more specific exactly what your issue is, and what behavior you are expecting? It sounds like you could be referring to this: https://bugzilla.mozilla.org/show_bug.cgi?id=1364261
There is a workaround mentioned at the bottom of that thread which should have the same result on all three browsers (and sounds like what you want, except having to disable ResistFingerprinting?). Just like for the forced-light-theme, I think it can make sense to provide a more convenient and obvious way to change the timezone without having to impact the other privacy protections. Might take a look at that but most likely after ESR153.0 is out of the way. If I read you right: Do you expect to be able to toggle this per-site, or would you be satisfies with a global toggle similar to the one we already have for allowing dynamic themes under RFP?
Thanks for looking into it. Please see my response to other comments around here. Sure, a global toggle would be fine but at least a per-site whitelist for any websites like YouTube, Outlook, Gmail, maybe even Telegram Web (since it can schedule msgs), and any service that offers scheduling of content delivery.
Even greater would be a warning that this is one of the things that the browser does; it should fat-warn you with big, bold or highlighted text during installation that "⚠️ Any scheduled content may end up sending or publishing in a significantly different time zone than your actual. ⚠️"
Why was there literally no warning by anyone at any point? Me having to find out in the morning by just checking was really quite a needlessly rude awakening. "Here is how to turn this off"; nope, no notice at all. I had to go poking around in /r/LibreWolf to find out that the only way to do this is to already know exactly what to look for in the sprawling
about:config, where it doesn't even fall under "time" at all.This sort of forced thing can cause a domino effect of confusion if you need to schedule a private live-stream for a personal event or something and watchers around the world are like, "Wut? Where's the action?" We ended up not doing it for unrelated reasons, but long after I had left LibreWolf, I had a small-yet-international funeral to hold for a traveler (the stream of which was originally to be linked to specific contacts across different time zones), which I would now absolutely not dare to try under LW versus a normal browser. It felt disgusting that the browser forcibly got in the way instead of just being a passive help.
"Do you want to spoof your time zone?" could so easily be just one check box during installation or in the settings anywhere...
Sounds frustrating and I can see how that can be confusing. Had similar peeves with other imposed limitations that initially drove motivation of developing this project so can relate!
While we have to recognize that there is inherent conflict in expectations of "browser doesn't disclose my location" and "website knows my timezone" and that Konform Browser will continue defaulting to privacy, you highlight gap in UX and user control that I agree can be improved on. Shouldn't be too much work to add more make more discoverable selective settings UI for this too in a future release.
There's some other aspects that often play into this particular scenario and can vary per site:
Try being a part of a team in multiple timezones, some of which follow Daylight Savings Time (from different dates) and some not. Now schedule a recurring weekly meeting for the same time and coordinate that over chat. This is just inherently messy. Communicating this properly in UI is subtle and confusion like the one you described often arise when webapp developers assumptions and user assumptions don't align. Some even say we should do away with timezones alltogether.
^1^: Someone even made list of lists of falsehoods programmers believe about time
Time zone scrambling?
Yes. I once set a video to publish in the morning but it ended up publishing it at, like, 3 AM. I had no idea it was trying to obfuscate my location as being in Europe instead of the US or wherever. It was infuriating that there was no indicator of this at all anywhere in the software, and no easy off switch in the settings (you have to dig around in
about:config; really?); that made me return to Waterfox.Ahhh, yeah I can see how that would be really frustrating if thats not communicated to users in any way, and theres no easy way to figure out what you need to change
Thanks for explaining :)
If you're talking about Librewolf's "resist fingerprinting":
To set the record straight, ResistFingerprinting was originally developed by Tor Browser developers, and is for some time now part Firefox (and therefore all forks) behind the
privacy.resistFingerprinting("RFP") preference. So credit there goes to those devs, Tor Projectt, ad Mozilla. Konform Browser and Tor Browser have this on by default. There is also the related more recent and complexprivacy.fingerprintingProtection("FPP") system. LibreWolf has historically been on RFP too - I'm not up to date if that's still the case or if they've migrated over to FPP yet as I understand that is the intention of maintainers. The difference between the two is more than I bear to explain here and a bit of a rabbit hole x)Going into
about:configshouldn't be needed for such a major aspect as a "feature" that messes up the timing of scheduling messages. Why is this not in the official settings page? I'm not saying time zone-scrambling is inherently bad to do, even if it's opt-out, but nowhere is anything said about it even existing during the installation or first-use process, and it's nowhere to be found in the browser's settings page without having to rummage inabout:config. That, I greatly disliked enough to return to Waterfox (and have also branched out to Floorp, but I digress).You do not need to rummage in about:config, there is literally a checkbox for it in settings. Maybe this was not the case when you tried it, I don't know.