ken

The mention of Meta in the summary doesn't fit. The article only mentions them in passing in reference to WhatsApp backups. Misleading and not relevant at all when talking about BitLocker. I think this is an editorial mistake but makes it read like subvertising, which is a shame for reporting on such a serious issue. How Google does keys for ChromeOS and Android would have been much more appropriate to compare with but for some reason this isn't even mentioned.

There's a lot to unpack here but just one thing:

Also potentially thinking may get some free webserver (basically like <20 api calls a days max and small dB with maybe 1000 rows) not for security of the data but more just not having open network ports to the internet without having the security infrastructure.

This sounds like the kind of data you really want to keep locally and I wouldn't trust any free (or even affordable) webhosting business with it. I think it's wise to keep the db and app server local and terminate the TLS locally too. You can still get a cheap VPS or two that you open a secure VPN (like wireguard) and/or SSH tunnel to. Then on the VPS you run can a second, outer, reverse proxy that forwards requests to your internal one over the gateway link. This way you get to keep the data local and safe without having to expose your home net online.

Many people enjoy Tailscale for this. There are full self-hosted options for that too but it sounds like their solution might fit your situation and requirements.

If even that feels unsafe, I really think you need to step up a bit on segregating and isolating your stuff, maybe do some homework on security, before putting sensitive stuff like this on shared infra...

I don’t want to deal with hippa or be responsible for medical data so I specifically don’t want to host the data

The only (legal) way to not deal with HIPPA is to make sure you're not in scope for HIPPA. IANAL but it sounds like you (or worse, somebody else) will retain control and management of medical data with your intended approach no matter where you host it and how other users authorize?

You can't architect, outsource, or encrypt your way out of that. A fully peer-to-peer solution which keeps the data on user devices and under their control and utilizes external server for signalling only but not for relaying or auth might get you there though.

GrapheneOS is as I understand it much less of a one-man party and in a healthier place these days compared to not that long ago. Good to keep in mind when digging up older material.

And whenever Graphene OS is mentioned, one must also mention its leader

Absolutely disagree with that you must do that whenever it is mentioned. That sounds like some unhealthy obsession if anything. There are more interesting conversations to be had. Don't we have bigger fish to fry? Move on, dude.

So let’s say you created a PGP key & then proceeded to create 2 subkeys. Is it possible to just export the particular subkeys only. (let’s say one for encryption & the other for signing) for OTHERS to import into their keyring for authentication & encryption ?

For the private key, yes. First identify the subkey ID:

gpg --keyid=format=long -K
sec   ed25519/5810B9EFF21686DE 2026-01-23 [SC] [expires: 2029-01-22]
      C9E33D15E55A3834EE17A9755810B9EFF21686DE
uid                 [ultimate] alice <alice@localhost>
ssb   cv25519/F1806CEA56544D8D 2026-01-23 [E] [expires: 2029-01-22]

Then export it (note the !):

gpg --export-secret-subkeys -a 'F1806CEA56544D8D!'

If you want the pubkey subkey only: What's your use-case for sharing a certified key without the certificate chain? There are reasons why exporting just the public subkey isn't really a supported feature (outside of some ugly keyring surgery). If you want unsigned "naked" keys wouldn't it make sense to not use subkeys at all to begin with? Or more practically, generate separate root keys with matching user/expiry but each with different set of subkeys present (like the example above with only E) ?

Update: There is now a Containerfile producing images using the prebuilt .deb if anyone wants to try the container-based approach to run Konform Browser in podman or docker or whatever. Some basic testing done using rootless podman under either Wayland and X11 on Kinoite and both ran fine.

https://codeberg.org/konform-browser/oci

If you want it to have the dark theming activate depending on your desktop theme it should work by adding -v ${HOME}/.config/gtk-3.0:/home/user/.config/gtk-3.0:ro,z. Or -v ${HOME}/.local/share/konform-browser-1:/home/user:Z for an isolated persistent homedir (similar to Tor Browser).

Can I ask why you decided to fork Librewolf?

I wrote a bit of the "why"s already in the OP. Could expand further for you but what do you have in mind? "Why did you choose librewolf as upstream", "why fork and not another approach", "why bother with any of this at all", ...?

Flatpak

Flatpak is something we want and have been looking at already. See here for what's holding that back. There is already an (untested) repo for it.

Appimage.

While AppImages can be very convenient, we are ambivalent on some their security aspects among other things. Currently not prioritizing it until we have what we consider generally more solid options covered but will consider outside contributions if anyone feels motivated and puts in the effort to makes it happen.

Issue thread for new distribution targets where interested Codeberg users can follow up: https://codeberg.org/konform-browser/source/issues/9

for us atomic users

I see why users prefer flatpaks or appimages but just for consideration some ways I can think of one could run it on an atomic distro today:

• toolbx style running the browser in a rootless podman container ^1^
  • Haven't tried straight up installing it in an actual toolbox container so not sure how well that works but maybe it's worth a try if that's something you already use?
• For the Fedora family, should be straightforward to install an .rpm in your overlay
• Run the app from the binary tarball directly on the host, installing it on a user mount somewhere ^2^
• Use the source, Luke. Build it. ^3^

^1^: Would anyone actually use it if there was a Containerfile for it? We currently don't have a public one but I can attest this works fine in general and if people indicate interest for it I think it's a neat idea that Konform Browser could provide that as an option.

^2^: I think this is fine for testing and short-lived installations but unless you are technical enough to reason about the trust involved and automate for verified updates (or at least getting notifications for them), I wouldn't recommend it for long-term (>= months) installations so that you don't get stuck on unpatched versions without thinking about it. This is the least secure way to run it. Not generally recommended for non-technical users.

^3^: Something I recommend becoming more familiar with in general if one has the time, resources, and patience. The catch with updates applies here too if this is for production use.

If only... What does fox say?

I'm so glad you want to try!

The problem with both that and Flathub is that I can't seem to pass Githubs signup CAPTCHA whatever I tried (and yes I tried other browsers too lol). Besides, having my old account there arbitrarily blocked on phone number verification in the past, not feeling super keen on having users rely on them for updates, even putting aside whatever I feel about Microsofts and GitHubs role in the ecosystem in general...

However, if anyone would be up for the literal push-part of pushing it up and wouldn't mind collaborating a bit in the process, would be happy to make that happen together (or use your privilege if you're motivated; it's free software yo, just heed the license ;)). There is an Issue thread for coordinating if this is you.

I don't think it should be too involved as the source repo and source tarballs are built in pretty much the same way as LW, which already has a derivation in nixpkgs. Didn't look closer at that derivation but hopefully shouldn't be much more than copying pkgs/applications/networking/browsers/librewolf and replacing some strings.

There is a longer discussion to be had about both what RFP does, how effective it is, and the relative impact on entropy of this particular feature.

For now I will just say that this: Providing configuration for this serves the projects goal of user control and freedom. It should be up to the user to make that call. Us as developer shouldn't unilaterally decide on behalf of everyone. We can't think of everything and we don't always know best. Of course we can still provide guidance and put what we believe is sensible as defaults. I find it odd to criticize empowering users in this way, in particular considering the status quo.

Were it up to me, everyone should have Letterboxing on by default, probably with similar reasoning. I don't see why you wouldn't use it. Everyone enabling it would make us all (ever so little) less fingerprintable. Arguably more meaningful impact than dark/light-theme. And less of an accessibility issue. Even so, we still leave this configurable in the same way as the dynamic theming.

You can also see this way of thinking reflected in allowing loading of your own add-ons from file and allowing userChrome customization. Probably niche power-user features with risks involved and sharp edges exposed but we are developers and maintainers of software, not your sysadmins^1^ or caretakers^2^.

If you fundamentally disagree, well, not all software has to be for everyone. Probably there is already something else (like Tor Browser) that serves your needs and aligns with your philosophy better?

^1^: ...xcept... you want us to be your sysadmin? 👉👈 Call me when you close that seed round bb 😘

^2^: Nope.

If you are on Linux I think you will find interest in Konform Browser, which started as a fork of LibreWolf addressing some of your pains. Am dev so please allow me to shill for a bit.

Specifically to your comment:

ResistFingerprinting is IMHO way overkill and breaks nice things like automatic dark modes just for preserving privacy in the 0.001% of cases where browser fingerprinting matters

Konform can respect user theming preferences and dark mode even under Private Mode / RFP.

Firefox Sync,

While Konform still keeps it off by default, it allows configuring endpoints for a self-hosted or third-party Sync server from the Preferences without having to dive into about:config.

Besides that, it goes even further than LW in disabling built-in remote connections, snoopware, and AI integrations.

I hope you might consider it <3

fedi thread

LibreWolf is a great project but was killing my eyes at night by not being able to follow dark-theme preferences in Private Mode. So it was forked into what is now Konform Browser. Besides unlocking theming and some other privacy-related tweaks on the preferences pane, it goes even further than LW in disabling built-in remote connections, snoopware, and AI integrations.

If you are a Linux user who haven't yet found the right Firefox fork for you I hope you will consider it <3

fedi thread