Nord.redken, ken@discuss.tchncs.de
Instance: discuss.tchncs.de
Joined: 3 months ago
Posts: 5
Comments: 34
Konform Browser and other bits and bobs.
Posts and Comments by ken, ken@discuss.tchncs.de
c/opensource
c/linux
c/linux
c/cybersecurityComments by ken, ken@discuss.tchncs.de
You guys hear a lot but you don’t seem to listen
The Lemmy community is broadly 50:50 on their support for said calls for the violence.
There’s astroturfing. Careful with judging community vibes by obviously votes but also comments.
There is more to “The Lemmy community” than what’s on display on .ml.
I also believe nobody here is sending threats.
I wouldn’t be so sure of your tribe. 19 users so far upvoted a comment with among other concerning bits:
if you’re anti this bullshit “law” then you are also pro physically harming poor FOSS “contributors”.
You missed this option:
- Ignore the feature and don’t use it.
systemd is quite modular. For example, if you abhor systemd-resolved (not at unreasonable stance) it’s NBD to disable it.
Recently (<1 year?) I frequently see the notion that software is “tainted” by having been touched by Bad. I find this a bit silly. Especially if it’s from a user who’s not even spending time in the codebase.
No. This is the first time in ~a decade1 I’ve felt anything resembling optimism about Manjaro. That maintainers are acknowledging the deep-rooted issues (resulting in the actual reasons people sneer at Manjaro) and forcing change is something that I think should be supported. Those conversations are necessary and have a higher chance of being healthy if the peanut gallery can hold off from turning spin on everything that smells like drama…
1: About as long as it has been “imploding”
No. It may be worth to try on the side for fun or science though.
TechnologyOr further favourable: Konform Browser.
Tor Browser and Mullvad Browser also worthy mentions.
Update: Latest release now has updated preferences pane. Took the opportunity to include some other small changes in that area from the backlog while at it. Improved thanks to your feedback ^^
All good!
Well, you did help with identifying at least one bug: The hints on Konform preferences pane still contained confusing and misleading wording leftover from LibreWolf and I can totally see how it would lead you to believe that enabling that option was a good idea. It was also a bit hectic with all the hints being “warnings” when several of them are more informational. Sorry for the confusion and thanks for mentioning it. Did some changes there today so the pref pane should be calmer and more helpful from next release.
On the CF part, one thing I missed in my previous reply is that they do have reporting channel for users. If you are OK with the data sharing that comes along with that, it could be helpful.
https://developers.cloudflare.com/cloudflare-challenges/troubleshooting/challenge-solve-issues/
If none of the above resolves your issue, contact the website administrator with the error code and Ray ID or submit a feedback report through the Turnstile widget by selecting Submit Feedback.
Thank you for kind feedback! I’m glad you dig and that it fills a spot! Internal network management is very much one of a few use-case categories that’s been motivating this.
I have a question. I’ve read that you position Konform closer to GNU IceCat than to LibreWolf, which makes me worry: does Konform provide at least the same level of fingerprinting resistance as Librewolf does, , if I 1) revert “Allow non-default theme” and 2) re-enable “Enforce OCSP hard-fail” in settings?
I don’t understand the IceCat reference. Anyway, I would argue that Konform Browser has stronger privacy defaults (including less leaks for fingerprinting) and the focus is a natural part of the projects privacy goal. Reverting “allow non-default theme” makes sense but I’m wondering about your motivations for OCSP? I don’t think it should do either for or against vs sites, and if anything making the situation worse vs service provider(s).
See: - https://youtu.be/Htms5rNy7B8?list=PLeeS-3Ml-rpovBDh6do693We_CP3KTnHU&t=2359 - https://hacks.mozilla.org/2025/08/crlite-fast-private-and-comprehensive-certificate-revocation-checking-in-firefox/
I believe what you probably want instead is CRLite? Will be enabled and receive updates for presets other than Purely Private.
And my first bug report:
Hm, that’s unfortunate. But it’s also not clear to me if this is a bug in Konform Browser or not. Only Cloudflare would really know. Possibilities:
- False flag or misclassification from Cloudflare1 (ie the bug is @ Cloudflare)
- Legitimate block at Cloudflare. For example, previously they might have been able to categorize with decent certainty in a “LW users on Linux on Tor” bucket but you are fuzzier and get treated like “sus” as you’re not distinguishable enough from skillfully deployed spambot anymore. Should be resolvable on case-by-case-basis by site operator, still. This is unfortunate situation and not really something we can address without more specific information2
- If you get consistently blocked with Konform but not with Tor Browser / FF ESR over Tor, that’s an indication Konform might be distinguishable and treated differently and if so, that could be a bug in Konform Browser. If you can pinpoint what makes the difference, that would be very useful to know. “Cloudflare is blocking me at this site” is unfortunately not really actionable but if a behavioral difference can be identified, it’s possible that it can resolved by change in Konform.
In case it’s not as straightforward, and a workaround would involve something like selective UA-spoofing3, I don’t think that’s something we would work on or implement. If the site has a selective allowlist of UAs, that’s either “working as intended” or a bug on their end, not something I think of as a bug in Konform. Resistance against censorship is of course not undesired - but privacy and security are still the higher priorities.
Still, Konform Browser does bundle WebCompat system addon just like FF. So the third path for fix, if only site-specific workaround can be identified, and the issue can be reproduced in FF ESR (maybe by applying KB userprefs), I think it could be to addressable by reporting and adding such workaround.
Does Cloudflare reliably distinguish between users of LW/FF RR, and KB/TB/FF ESR, etc as part of this turnstile page and does that contribute to the difference outcome you see? If so, how exactly is it done and how exactly does it contribute? Is it explicit or emergent? We don’t know. Assuming answers to first two are yes and yes, the difference could even be explained simply by difference in user numbers. Best we can really do is striking a balance between closing the gap and closing leaks of entropy.
If nothing else, it might just work itself out over time due to unrelated changes on either side. If not before, I expect the ESR bump in a few months could “magically” sort these kinds of things out.
1: Cloudflare only provides support to their customers; not mere mortals like you and I. Resolution path: User (eg you) reaches out to site (ie NexusMods) who can then either 1) change their CF configuration or 2) contact Cloudflare who may or may not fix the issue.
2: DM me if you actually want to dig into this!
3: Konform is as vague and static as possible while conforming to FF ESR/TB format
It does! While existing userprefs should work for enabling the feature and setting your own syncserver endpoints as expected, Konform Browser also has basic UI for convenient configuration of custom sync URLs under about:preferences -> Konform Browser. Please report if any issue with that <3
Cool. But…, could you name those explicitly?
Thanks for checking out! Not in the readme, because it would be a PITA to keep that up to date over time, especially when rewriting for new context each time. They are already covered in release notes and commit log1 for the curious. You can also look under patches/kon in the source git repo.
Could you please explain why anyone should consider Konform Browser over it?
Am engineer not a salesperson or influencer. I guess that means at this early stage it’s primarily targeting the audience who are able/willing to make sense of and contextualize the given material themselves, or willing to take a leap of faith. The pros/cons vs other browsers is something I hope to leave to other users to talk about and share around. Would be cool to hear your thoughts, for example! Maybe this is relevant for some, though.
Also, pull requests attempting to improve the documentation are very much welcome. Would be great to get more contributors involved and one doesn’t have to be deeply technical to write good docs.
1: Can click the commit hash for a release under /releases and then xxx commits to list commits for specific release
What an atrocious comment choice.
Update: Readme has been updated to be less out of date and that diff list is now more closely resembling current state of differences. In particular, local full-page translations is supported feature in Konform Browser, unlike the readme previously stated.
It would certainly be nice to be able to pre-download language pair models without selecting to and from and then actually initiating a translation using the model i don’t have yet.
Agreed that would be nice. Closest you get conveniently from inside browser today is to switch temporarily to “Basic Features” preset for model downloads (then maybe restart for good measure) and switch back to “Core Security” preset for actual use.
re: getting uBlock externally, i also see the attraction of that approach but unfortunately Debian’s package was last updated in October (from 1.62 to 1.67) while AMO has a release from January (1.69) :/
I don’t think it will be directly bundled due to the list updates and some users will not want it so it should remain optional. That being said, will already be looking at packaging for NoScript so when that happens I think should be reasonable to do the same with up-to-date uBO.
are there plans to distribute Konform via flathub?
Officially can’t/won’t due to Github being both unreasonable and a supply-chain risk. Anyone is free to do so independently, however. If done in responsible and reasonable way (don’t introduce breaking patches or leave users hanging weeks without security updates plz) could be supportive of such initiative whether done indepently or via Konform Codeberg.
Oh, thanks for bringing that up - that’s out of date and no longer true so I guess the readme does need an update1. While you are correct, the offline translations feature wouldn’t actually work when blocking its access to RemoteSettings server. There was also a bug (still present in LW) which prevented locally cached results from being used. As Konform Browser does have a strict policy of not initiating connections to “trusted” servers on its own by default and without explicit user consent, it made more sense to remove it than leaving UI for a completely broken feature until it could be done properly.
Since that was written:
- Bugs fixed in Konform so translations do work fully offline now
- An about:welcome “onboarding” screen was introduced where user has 4 presets to choose from. 3 of them (all but
Purely Private 🔒️) allow translations feature and 2 (✳️Basic Functionalityand🦊Just Make It Work) makes it default and enable the automatic downloads of models from Mozilla server like in FF. about:translationsunhidden and can be used for direct translations of direct input
So in reality I would say offline local translations actually work better in Konform than in FF and other forks.
In the future hoping to improve this further by redistributing the models as packages for separate installation on system. Then you can use them without needing the browser itself to download anything at all. Similarly to how it’s already done for spelling dictionaries and uBlock Origin.
1: EDIT: Readme has been updated to be less out of date more closely resembling current state of differences.
Care to comment on the actual content of post or the topic of the project rather than aesthetics of the thumbnail icon? It’s a web browser, not a lifestyle brand, and this isn’t c/logodesign 🙄
While that section in readme is not entirely up to date, combining that with release notes should hopefully give decent idea. Let me know if you have remaining questions after returning from those! You could also try it out and see for yourself.
Some day, someone is going to have to explain this one…
There is actually a third visual reference in the logo that may be a bit less obvious.
TenForward: Where Every Vulcan Knows Your NameExperimental JPEG-XL support in Firefox (and forks) can be enabled by setting the pref image.jxl.enabled to true in about:config.
You guys hear a lot but you don’t seem to listen
There’s astroturfing. Careful with judging community vibes by obviously votes but also comments.
There is more to “The Lemmy community” than what’s on display on .ml.
I wouldn’t be so sure of your tribe. 19 users so far upvoted a comment with among other concerning bits:
You missed this option:
systemd is quite modular. For example, if you abhor systemd-resolved (not at unreasonable stance) it’s NBD to disable it.
Recently (<1 year?) I frequently see the notion that software is “tainted” by having been touched by Bad. I find this a bit silly. Especially if it’s from a user who’s not even spending time in the codebase.
Konform Browser 140.9.0-100 - Security-oriented Firefox fork (codeberg.org)
No. This is the first time in ~a decade1 I’ve felt anything resembling optimism about Manjaro. That maintainers are acknowledging the deep-rooted issues (resulting in the actual reasons people sneer at Manjaro) and forcing change is something that I think should be supported. Those conversations are necessary and have a higher chance of being healthy if the peanut gallery can hold off from turning spin on everything that smells like drama…
1: About as long as it has been “imploding”
No. It may be worth to try on the side for fun or science though.
Or further favourable: Konform Browser.
Tor Browser and Mullvad Browser also worthy mentions.
Update: Latest release now has updated preferences pane. Took the opportunity to include some other small changes in that area from the backlog while at it. Improved thanks to your feedback ^^
All good!
Well, you did help with identifying at least one bug: The hints on Konform preferences pane still contained confusing and misleading wording leftover from LibreWolf and I can totally see how it would lead you to believe that enabling that option was a good idea. It was also a bit hectic with all the hints being “warnings” when several of them are more informational. Sorry for the confusion and thanks for mentioning it. Did some changes there today so the pref pane should be calmer and more helpful from next release.
On the CF part, one thing I missed in my previous reply is that they do have reporting channel for users. If you are OK with the data sharing that comes along with that, it could be helpful.
https://developers.cloudflare.com/cloudflare-challenges/troubleshooting/challenge-solve-issues/
Thank you for kind feedback! I’m glad you dig and that it fills a spot! Internal network management is very much one of a few use-case categories that’s been motivating this.
I don’t understand the IceCat reference. Anyway, I would argue that Konform Browser has stronger privacy defaults (including less leaks for fingerprinting) and the focus is a natural part of the projects privacy goal. Reverting “allow non-default theme” makes sense but I’m wondering about your motivations for OCSP? I don’t think it should do either for or against vs sites, and if anything making the situation worse vs service provider(s).
See: - https://youtu.be/Htms5rNy7B8?list=PLeeS-3Ml-rpovBDh6do693We_CP3KTnHU&t=2359 - https://hacks.mozilla.org/2025/08/crlite-fast-private-and-comprehensive-certificate-revocation-checking-in-firefox/
I believe what you probably want instead is CRLite? Will be enabled and receive updates for presets other than
Purely Private.Hm, that’s unfortunate. But it’s also not clear to me if this is a bug in Konform Browser or not. Only Cloudflare would really know. Possibilities:
In case it’s not as straightforward, and a workaround would involve something like selective UA-spoofing3, I don’t think that’s something we would work on or implement. If the site has a selective allowlist of UAs, that’s either “working as intended” or a bug on their end, not something I think of as a bug in Konform. Resistance against censorship is of course not undesired - but privacy and security are still the higher priorities.
Still, Konform Browser does bundle WebCompat system addon just like FF. So the third path for fix, if only site-specific workaround can be identified, and the issue can be reproduced in FF ESR (maybe by applying KB userprefs), I think it could be to addressable by reporting and adding such workaround.
Does Cloudflare reliably distinguish between users of LW/FF RR, and KB/TB/FF ESR, etc as part of this turnstile page and does that contribute to the difference outcome you see? If so, how exactly is it done and how exactly does it contribute? Is it explicit or emergent? We don’t know. Assuming answers to first two are yes and yes, the difference could even be explained simply by difference in user numbers. Best we can really do is striking a balance between closing the gap and closing leaks of entropy.
If nothing else, it might just work itself out over time due to unrelated changes on either side. If not before, I expect the ESR bump in a few months could “magically” sort these kinds of things out.
1: Cloudflare only provides support to their customers; not mere mortals like you and I. Resolution path: User (eg you) reaches out to site (ie NexusMods) who can then either 1) change their CF configuration or 2) contact Cloudflare who may or may not fix the issue.
2: DM me if you actually want to dig into this!
3: Konform is as vague and static as possible while conforming to FF ESR/TB format
It does! While existing userprefs should work for enabling the feature and setting your own syncserver endpoints as expected, Konform Browser also has basic UI for convenient configuration of custom sync URLs under
about:preferences -> Konform Browser. Please report if any issue with that <3Konform Browser 140.8.0-106 - Security- and privacy oriented open source web browser (codeberg.org)
I would like to invite all of you Linux users to check out the latest release of Konform Browser.
Thanks for checking out! Not in the readme, because it would be a PITA to keep that up to date over time, especially when rewriting for new context each time. They are already covered in release notes and commit log1 for the curious. You can also look under
patches/konin the source git repo.This comes to mind.
Am engineer not a salesperson or influencer. I guess that means at this early stage it’s primarily targeting the audience who are able/willing to make sense of and contextualize the given material themselves, or willing to take a leap of faith. The pros/cons vs other browsers is something I hope to leave to other users to talk about and share around. Would be cool to hear your thoughts, for example! Maybe this is relevant for some, though.
Also, pull requests attempting to improve the documentation are very much welcome. Would be great to get more contributors involved and one doesn’t have to be deeply technical to write good docs.
1: Can click the commit hash for a release under
/releasesand thenxxx commitsto list commits for specific releaseWhat an atrocious comment choice.
Update: Readme has been updated to be less out of date and that diff list is now more closely resembling current state of differences. In particular, local full-page translations is supported feature in Konform Browser, unlike the readme previously stated.
Agreed that would be nice. Closest you get conveniently from inside browser today is to switch temporarily to “Basic Features” preset for model downloads (then maybe restart for good measure) and switch back to “Core Security” preset for actual use.
I don’t think it will be directly bundled due to the list updates and some users will not want it so it should remain optional. That being said, will already be looking at packaging for NoScript so when that happens I think should be reasonable to do the same with up-to-date uBO.
Answered this here.
Officially can’t/won’t due to Github being both unreasonable and a supply-chain risk. Anyone is free to do so independently, however. If done in responsible and reasonable way (don’t introduce breaking patches or leave users hanging weeks without security updates plz) could be supportive of such initiative whether done indepently or via Konform Codeberg.
Oh, thanks for bringing that up - that’s out of date and no longer true so I guess the readme does need an update1. While you are correct, the offline translations feature wouldn’t actually work when blocking its access to RemoteSettings server. There was also a bug (still present in LW) which prevented locally cached results from being used. As Konform Browser does have a strict policy of not initiating connections to “trusted” servers on its own by default and without explicit user consent, it made more sense to remove it than leaving UI for a completely broken feature until it could be done properly.
Since that was written:
Purely Private 🔒️) allow translations feature and 2 (✳️Basic Functionalityand🦊Just Make It Work) makes it default and enable the automatic downloads of models from Mozilla server like in FF.about:translationsunhidden and can be used for direct translations of direct inputSo in reality I would say offline local translations actually work better in Konform than in FF and other forks.
In the future hoping to improve this further by redistributing the models as packages for separate installation on system. Then you can use them without needing the browser itself to download anything at all. Similarly to how it’s already done for spelling dictionaries and uBlock Origin.
1: EDIT: Readme has been updated to be less out of date more closely resembling current state of differences.
Care to comment on the actual content of post or the topic of the project rather than aesthetics of the thumbnail icon? It’s a web browser, not a lifestyle brand, and this isn’t c/logodesign 🙄
While that section in readme is not entirely up to date, combining that with release notes should hopefully give decent idea. Let me know if you have remaining questions after returning from those! You could also try it out and see for yourself.