All my reply were a bit mess. My apologies for confusion.
I was referencing your words from another post here. I read it too fastly and memorized this part out-of-context. Nothing bad intended, sorry for the bad phrasing.
“In this sense (and a few others), Konform Browser is closer to IceCat/GNUZilla than it is to Librewolf.”
Now that I re-read whole message together I think I understand what you meant (timely security updates), and it’s a good thing. I just misintrepreted this part on first read.
Thank you for linking that CRLite article. It helped me understand better. I’m not a developer but just a regular user. I wasn’t sure what exactly OCSP is, except for it’s ties to certificates. My impression were based purely on “This increases security …” comment in browser’s settings. The only reason I listed it nearby brower theme override is because those are two things that differ in this regard from Librewolf according to Konform’ readme.
My Tor mention were purely disclaimer in case someone else would feel the urge to comment on that I shouldn’t seek “advanced deanonymization technics” protection from anything other then Tor Browser. I meant that I aware about it’s existence and actively use it whenever I need it. It didn’t imply that I used Konform over Tor during Cloudflare verification fails - no, I used it over just a regular VPN instead, same one VPN that passess those checks in both Librewolf and Mullvad, from the same machine, simultaneously.
My whole blury “I have a question” paragraph should have been written as “Am I right to assume that Konform provides at least same protections as Librewolf does?”. Now I know that answer is “Yes, and much more”, and I’m happy with it.
Please allow me some more time to re-read part of your reply considering Cloudflare so that I can understand it better and give a more appropriate answer. Thanks again for your patience & work.
Sweet <3 Thank you for taking care of it. Looks good now.
May I ask, does Cloudflare verification work on your side, is it issue specific to my setup? Couldn’t read it between the lines of your replies so far ;-) I mean absolutely any website that implements this check. Not specifically one that I mentioned, it were pure example. I haven’t yet met one that succeeds. Other few [pure examples] that fail: xAI account login page (though this one requires some account email to be inserted first to Cloudflare widget to appear), Phoronix forums (link to discussion at any of it’s news articles pages).
And just letting you know one more time I enjoy Konform very much. It impresses me how easily it can be adapted to any use case by simply choosing different option at first start and adjusting extentions. And on top of it, browsing feels very fast (maybe my Librewolf instance just grown fat on user data, I don’t know).
I have some thoughts that are not neccesary specific to Konform by but perhaps generally to Firefox. It’s just an ideas of something that could (or [more probably] could not) be potentially improved, nothing more. You can ignore it alltogether!
Is there a good reason behind not remembering browser window state (windowed/maximized) between sessions while resist fingerprinting and letterboxing are both enabled? Only thing that comes to mind is that if user wrongly resizes the window with dimensions not compatible with any of letterbox resolutions. For example, two of my use cases. 1) LAN-only instance with letterboxing disabled, browser window maximized automatically at start using Openbox window rule. 2) Network instance, heavily sandboxed with Firejail + Xephyr, with correctly calculated Xephyr window dimensions so that exact letterbox resolution fits ideally together with other browser UI elements; still have to use the same Openbox rule in this case since browser does not start maximized automatically (and whenever it’s not the resolution is not right).
And considering pre-activation of system-wide installed extentions listed within /usr/lib/konform/distribution/policies.json file. I like the idea - updating uBlock Origin, Decentraleyes, etc. via Arch repos. But e.g. for LAN-only instance it makes little sense to import uBlock Origin. Since I sandbox everything, I work this around by simply blacklisting /usr/lib/firefox/browser/extensions folder for this particular instance. Works good. But maybe there’s some more elegant way to do this, something like specifying flags on command line and/or reading such file per-user somewhere from ${HOME}/.config? I suspect my ideas are hilariously wrong since I know nothing about it; that’s expected.
As I said, both things are not an issues for me and already resolved on my side. Just wondering if there could be easier solutions for someone else who probably doesn’t sandbox or doesn’t wish to mess with window manager rules.