ken

@[email protected]

Konform Browser and other bits and bobs.

This profile is from a federated server and may be incomplete. View on remote instance

ken OP , (edited )

Not personally daily-driving or actively recommending it but I've had to look closely at Brave as part of browser security work.

Most of the posts, articles and videos I've seen that don't apply approximately equally to the other big names are mostly backed by arguments like "I don't approve of BE behavior and BE made Brave therefore Brave bad", "crypto scammers bad therefore crypto bad and Brave uses crypto therefore Brave bad" or "it's being promoted by bad people and therefore bad". I think such arguments are in themselves without merit, should be dismissed and are not sufficient to tell others they shouldn't use it. Tribalism isn't healthy. An opinion being widely shared doesn't make it true. Your trusted influencer being upset doesn't mean you need to be.

Valid criticisms of Brave and valid reasons for not using the browser exist but that's rare to see written out but buried deep under the bulk of FUD, groupthink and uninformed meme-takes we find all over the stuff shared on socials. On the privacy and security sides it's very much a mixed bag. Scrolling through Brave flags I note more than one thing I think we can take inspiration from. For people locked into corpware and limited to what's on the major app stores, you can certainly do worse. Yet I see little concern-blogging over Copilot 365 .NET Live Edge or Samsung Internet Browser, for example.

Of course I'd personally love if you used Konform Browser (or any other non-chromium browser) instead but I mostly see people bashing Brave for completely confused reasons. Yes there's bloat and ads and telemetry and problematic trust and outbound networking going on out of the box. Yes they inject their own monetization into the user experience if you blindly click "Next, Next, I agree, Next" and run with defaults. All just like for Firefox these days. And just like Firefox, user configuration exists to improve on much of that while the software license and open source code afford fixing the rest for the willing. The differences I've seen when it comes to the browsers are mostly in degrees, not fundamental. Maybe we should have a Brave fork too.

I hope I'm not canceling myself, here...

ken OP , (edited )

Yes! In fact while the browser otherwise has its own branding, it does recognize override config as librewolf.overrides.cfg so you can literally just drop your existing LibreWolf overrides file into ~/.konform and it should pick it up. Figured this would make it smoother for people migrating from LW or switching between the two.

ken OP ,

Low-effort snark.

Trustworthy websites with recommendations, reviews, discussions about VPN, DNS, and similar?

On matters like VPN providers, DNS providers, and similar topics, often one would like to find websites with recommendations and reviews from other people, especially testers or "experts". But it's SO difficult to find trustworthy websites! The vast majority appearing on searchers are clearly built by untrustworthy parties, or ...

ken , (edited )

You were literally asking for "trustworthy websites with recommendations". GP is telling you to stop looking or even believing in such things existing. I'd agree.

The harder you search for just that, the more targeted you will be be scammers and cybercriminals. Whatever is a credible resource today may turn bad next month and public perception taking years to catch up. It's not like that'd be a first.

That said, lots of good stuff and leads in codeberg.org/pluja/awesome-privacy. And +1 on EFF.

List of public DoT/DoH providers

ken , (edited )

The mention of Meta in the summary doesn't fit. The article only mentions them in passing in reference to WhatsApp backups. Misleading and not relevant at all when talking about BitLocker. I think this is an editorial mistake but makes it read like subvertising, which is a shame for reporting on such a serious issue. How Google does keys for ChromeOS and Android would have been much more appropriate to compare with but for some reason this isn't even mentioned.

ken ,

Grumpy ken thinks "Just use Foo" meming is promoting mindless use and I think should therefore be discouraged. Even in jest I think this affects us subconsciously to feel more comfortable with not thinking deeper for ourselves. Even if X is the right one. "Use Foo already!" is nicer~!

If I may illustrate:

Use Konform Browser^1^ already!

^1^: Disclosures: Am dev; is LibreWolf fork

ken OP , (edited )

There is a longer discussion to be had about both what RFP does, how effective it is, and the relative impact on entropy of this particular feature.

For now I will just say that this: Providing configuration for this serves the projects goal of user control and freedom. It should be up to the user to make that call. Us as developer shouldn't unilaterally decide on behalf of everyone. We can't think of everything and we don't always know best. Of course we can still provide guidance and put what we believe is sensible as defaults. I find it odd to criticize empowering users in this way, in particular considering the status quo.

Were it up to me, everyone should have Letterboxing on by default, probably with similar reasoning. I don't see why you wouldn't use it. Everyone enabling it would make us all (ever so little) less fingerprintable. Arguably more meaningful impact than dark/light-theme. And less of an accessibility issue. Even so, we still leave this configurable in the same way as the dynamic theming.

You can also see this way of thinking reflected in allowing loading of your own add-ons from file and allowing userChrome customization. Probably niche power-user features with risks involved and sharp edges exposed but we are developers and maintainers of software, not your sysadmins^1^ or caretakers^2^.

If you fundamentally disagree, well, not all software has to be for everyone. Probably there is already something else (like Tor Browser) that serves your needs and aligns with your philosophy better?

^1^: ...xcept... you want us to be your sysadmin? 👉👈 Call me when you close that seed round bb 😘

^2^: Nope.

ken OP , (edited )

I'm so glad you want to try!

The problem with both that and Flathub is that I can't seem to pass Githubs signup CAPTCHA whatever I tried (and yes I tried other browsers too lol). Besides, having my old account there arbitrarily blocked on phone number verification in the past, not feeling super keen on having users rely on them for updates, even putting aside whatever I feel about Microsofts and GitHubs role in the ecosystem in general...

However, if anyone would be up for the literal push-part of pushing it up and wouldn't mind collaborating a bit in the process, would be happy to make that happen together (or use your privilege if you're motivated; it's free software yo, just heed the license ;)). There is an Issue thread for coordinating if this is you.

I don't think it should be too involved as the source repo and source tarballs are built in pretty much the same way as LW, which already has a derivation in nixpkgs. Didn't look closer at that derivation but hopefully shouldn't be much more than copying pkgs/applications/networking/browsers/librewolf and replacing some strings.

ken OP , (edited )

If only... What does fox say?

ken OP , (edited )

Can I ask why you decided to fork Librewolf?

I wrote a bit of the "why"s already in the OP. Could expand further for you but what do you have in mind? "Why did you choose librewolf as upstream", "why fork and not another approach", "why bother with any of this at all", ...?

Flatpak

Flatpak is something we want and have been looking at already. See here for what's holding that back. There is already an (untested) repo for it.

Appimage.

While AppImages can be very convenient, we are ambivalent on some their security aspects among other things. Currently not prioritizing it until we have what we consider generally more solid options covered but will consider outside contributions if anyone feels motivated and puts in the effort to makes it happen.

Issue thread for new distribution targets where interested Codeberg users can follow up: https://codeberg.org/konform-browser/source/issues/9

for us atomic users

I see why users prefer flatpaks or appimages but just for consideration some ways I can think of one could run it on an atomic distro today:

  • toolbx style running the browser in a rootless podman container ^1^
    • Haven't tried straight up installing it in an actual toolbox container so not sure how well that works but maybe it's worth a try if that's something you already use?
  • For the Fedora family, should be straightforward to install an .rpm in your overlay
  • Run the app from the binary tarball directly on the host, installing it on a user mount somewhere ^2^
  • Use the source, Luke. Build it. ^3^

^1^: Would anyone actually use it if there was a Containerfile for it? We currently don't have a public one but I can attest this works fine in general and if people indicate interest for it I think it's a neat idea that Konform Browser could provide that as an option.

^2^: I think this is fine for testing and short-lived installations but unless you are technical enough to reason about the trust involved and automate for verified updates (or at least getting notifications for them), I wouldn't recommend it for long-term (>= months) installations so that you don't get stuck on unpatched versions without thinking about it. This is the least secure way to run it. Not generally recommended for non-technical users.

^3^: Something I recommend becoming more familiar with in general if one has the time, resources, and patience. The catch with updates applies here too if this is for production use.

ken OP , (edited )

Update: There is now a Containerfile producing images using the prebuilt .deb if anyone wants to try the container-based approach to run Konform Browser in podman or docker or whatever. Some basic testing done using rootless podman under either Wayland and X11 on Kinoite and both ran fine.

https://codeberg.org/konform-browser/oci

If you want it to have the dark theming activate depending on your desktop theme it should work by adding -v ${HOME}/.config/gtk-3.0:/home/user/.config/gtk-3.0:ro,z.
Or -v ${HOME}/.local/share/konform-browser-1:/home/user:Z for an isolated persistent homedir (similar to Tor Browser).

ken ,

China, known for not caring about its supply-chain and outsourcing everything to other countries? It's funny how they never seem to strategically build alternative pipelines for anything.

/s

ken OP ,

This theme is the one used in my recent unixporn screenshot.

ken OP ,

I'm not the actual theme maintainer but I'm sure they would be receptive of PRs.

I guess the easiest would be using Kvantum to port the existing GTK theme if anyone is up for it.

https://github.com/tsujan/Kvantum/

https://raw.githubusercontent.com/tsujan/Kvantum/refs/heads/master/Kvantum/doc/Theme-Making.pdf

ken OP , (edited )

senpai noticed me *^^*

Cheers and thank you for the work!

ken OP , (edited )

A tangent but in response to something I see around here and the webs recently:

People who say Wayland is ready for everyone and that X11 is no longer of relevance - that distros and projects like KDE dropping and deprecating it is A Good Thing: How do I replicate this in Wayland without having to loosen security boundaries or lose out on core features? Or at all?

Not shown in screenshot but sometimes I also run GUI apps or a nested WM (to get the "classic" VM experience with a windowed or fullscreened isolated desktop) in containers. Also obviously need things like remote screen sharing without having to run such apps in dom0 and Input Method integration for non-latin typing. Even with people working on some parts of that already and some ad-hoc early-stage solutions existing, I don't see it happening this decade... My setup works great for now and I'd hate to have integral parts of it getting fully abandoned or dropped from upstream distros like Fedora or Arch if no drop-in replacements exist. Why the push for deprecation? :/

Next time you see someone saying that Wayland isn't ready for them, maybe take their word for it instead of downvoting and demanding justification? Think about how much I had to expose myself above just to be able to try to make a point. When we're in the long tail of remaining use-cases, they get detailed enough that you can't explain them without getting personal and very profileable.

ken OP , (edited )

Getting a lot of benefits from it. I'm a happy user!

If I mostly talk about downsides in order to keep this brief:

It can work fine to just install and start using out of the box as it is, even for Linux noobs. You can get pretty far without having to dig super deep. But to really customize it you get into things like Salt management (or figuring out an alternative) and building your own templates. This can take a lot of time and effort. Consider it "playing on hard mode". For me it's fine since I enjoy these things and you can take it bit by bit. Lots of helpful stuff shared in the community like the repo I linked.

It's not 100% jank-free. More niche things like ZFS integration, GPU passthrough and sys-gui qubes take some tweaking or even patching depending on your hardware and use and I have run into bugs with all of those. Chaining Tor and DNS on some IPv6 networks is still not all there but looked like WIP last I checked in. If you stay on well-throdden path things are a lot more stable.

Would love if they manage to migrate away from github.com...

That said, things are indeed steadily improving and people generally seem helpful and constructive when I look at the issue tracker^1^. I think it's worth giving it another chance now that 4.3 is out.

^1^: Example: Didn't have to report those bugs myself as someone beat me to it. And fixes for most did come in.

ken OP , (edited )

Sorry, that's totally off topic (rule 1) and none of your business I'm afraid.

Feels like you're meming on some uncharitable stereotype at the expense of myself, QubesOS, and room for more interesting convos in this thread. Comments like this might make other users with less hard skin afraid to post their own setup if stuff like this is all they get back. It leads to less diversity and real talk, more low-effort memes and the sameish sway-with-a-fancy-background-and-fastfetch.

As this little community grows I think it would be sweet to try not to actively reproduce the bad aspects of Reddit.

(Yes, I'm a blast at parties)

ken OP ,

Red Hat's out for us I tell you. Hide your display servers and hide your CPU architectures because they be deprecating e'rybody out here.

ken OP ,

On Android: Been looking a bit at that but right now it's likely not happening in public anytime soon unless someone else jumps in and starts driving it hint hint

Hope it works for you and that we meet again on Codeberg!

ken OP , (edited )

Update: Pre-built packages for Debian/Ubuntu (.deb), Fedora/SUSE (.rpm) and others are now built and published by Codeberg CI for each release:

https://codeberg.org/konform-browser/source/releases

ken OP ,

Update: Pre-built packages for Debian/Ubuntu (.deb), Fedora/SUSE (.rpm) and others (tarball) are now built and published by Codeberg CI for each release:

https://codeberg.org/konform-browser/source/releases

ken , (edited )

Stories?! In MY games?! We have AI for that at home.

do you even raytrace lol

/s

ken , (edited )

It can. Depends on how you use it. Wear gloves and goggles when handling .ml and political memes on .world and such.

ken ,

I wonder if there is any difference between https://noai.duckduckgo.com/lite and https://lite.duckduckgo.com/lite 🤔

To remove room for doubt of that just pushed to change default search engine of Konform Browser to noai domain.

Ty for reminding me of this!

ken , (edited )

Went low-key public with our internal browser project by sharing here on the feddit. If you're a dev, packager, Arch Linux user, or already build Firefox from source, this is for you^1^. More people using it becomes a shared privacy win. I humbly suggest that this is currently the most privacy-friendly general-purpose GUI browser out there^1^.

Announce post

Sources

AUR

^1^: Others can check back at a later date when perhaps there are more builds running and tested, and more people have looked over the code.

^2^: Biased? I would never!

ken ,

Also consider Konform Browser! :3

https://codeberg.org/konform-browser/source/releases

Note: It doesn't have auto-updates enabled so if you are currently getting security fixes installed automatically for Waterfox/Librewolf and won't manage to keep the browser up to date yourself, then it may still be a bit early for casual users as an online daily surfboard

ken , (edited )

GrapheneOS is as I understand it much less of a one-man party and in a healthier place these days compared to not that long ago. Good to keep in mind when digging up older material.

And whenever Graphene OS is mentioned, one must also mention its leader

Absolutely disagree with that you must do that whenever it is mentioned. That sounds like some unhealthy obsession if anything. There are more interesting conversations to be had. Don't we have bigger fish to fry? Move on, dude.

ken , (edited )

So let’s say you created a PGP key & then proceeded to create 2 subkeys. Is it possible to just export the particular subkeys only. (let’s say one for encryption & the other for signing) for OTHERS to import into their keyring for authentication & encryption ?

For the private key, yes. First identify the subkey ID:

gpg --keyid=format=long -K
sec   ed25519/5810B9EFF21686DE 2026-01-23 [SC] [expires: 2029-01-22]
      C9E33D15E55A3834EE17A9755810B9EFF21686DE
uid                 [ultimate] alice <alice@localhost>
ssb   cv25519/F1806CEA56544D8D 2026-01-23 [E] [expires: 2029-01-22]

Then export it (note the !):

gpg --export-secret-subkeys -a 'F1806CEA56544D8D!'

If you want the pubkey subkey only: What's your use-case for sharing a certified key without the certificate chain? There are reasons why exporting just the public subkey isn't really a supported feature (outside of some ugly keyring surgery). If you want unsigned "naked" keys wouldn't it make sense to not use subkeys at all to begin with? Or more practically, generate separate root keys with matching user/expiry but each with different set of subkeys present (like the example above with only E) ?

ken ,

What purpose does (certifying with) the primary key serve there if you don't disclose it prior to rotation? What do you gain by not disclosing it when its only used in this context? It may be you haven't thought it through fully but otherwise sounds like you can get what you want by separate primary keys which you then manually --sign-key between on demand.

ken ,

The trust comes from the association. You can't remove (or keep private) the association and expect to not have to separately rebuild the trust as a consequence. That what you are trying to do is made is inconvenient in GPG is quite intentional I believe. Or maybe I misunderstand your motivations, it's a bit ambiguous and you leave a lot open for interpretation.

ken , (edited )

Because it's not something people commonly do. Because the GPG authors wanted to design for and encourage what they consider appropriate use and discourage and make difficult (but not impossible) what they consider inappropriate use. Removing a footgun for people not fully understanding the trust model of PGP or just slipping up doing that and then ending up in situations they didn't account for. In general I could have a lot of criticism of the UI/UX of GPG but in this case I can see where they're coming from and find this thread supporting it as working as intended so far.

That you need to have deep knowledge of obscure GPG internals to pull this off is by design. It's not considered part of intended use. Similar thinking to why in Chromium you don't have a button to bypass HSTS validation error but need to type in the cheat code "thisisunsafe". It nudges users to stop and think more consciously about what's going on.

ken , (edited )

Konform Browser is more recent Firefox (actually LibreWolf) fork which goes even further in debloating, removing "AI" functionality and disabling remote connections. It's based on Firefox ESR (like GNUZilla IceCat).

fedi thread

If you have concerns about the telemetry and browser metadata privacy
parts of AI integrations, I think Konform, IceCat, Waterfox and Mullvad Browser are a lot more relevant than Zen...

Question on your feelings about accounts

So I've been working a program, exact details don't matter, which stores information in a database(either locally hosted or privately hosted by user). Basically it's to store a history of seizures and medication, so you can give it to a doctor and see something like "well most seizures occur in morning so let's give medication ...

ken , (edited )

There's a lot to unpack here but just one thing:

Also potentially thinking may get some free webserver (basically like <20 api calls a days max and small dB with maybe 1000 rows) not for security of the data but more just not having open network ports to the internet without having the security infrastructure.

This sounds like the kind of data you really want to keep locally and I wouldn't trust any free (or even affordable) webhosting business with it. I think it's wise to keep the db and app server local and terminate the TLS locally too. You can still get a cheap VPS or two that you open a secure VPN (like wireguard) and/or SSH tunnel to. Then on the VPS you run can a second, outer, reverse proxy that forwards requests to your internal one over the gateway link. This way you get to keep the data local and safe without having to expose your home net online.

Many people enjoy Tailscale for this. There are full self-hosted options for that too but it sounds like their solution might fit your situation and requirements.

If even that feels unsafe, I really think you need to step up a bit on segregating and isolating your stuff, maybe do some homework on security, before putting sensitive stuff like this on shared infra...

I don’t want to deal with hippa or be responsible for medical data so I specifically don’t want to host the data

The only (legal) way to not deal with HIPPA is to make sure you're not in scope for HIPPA. IANAL but it sounds like you (or worse, somebody else) will retain control and management of medical data with your intended approach no matter where you host it and how other users authorize?

You can't architect, outsource, or encrypt your way out of that. A fully peer-to-peer solution which keeps the data on user devices and under their control and utilizes external server for signalling only but not for relaying or auth might get you there though.

ken ,

What I hear you say is: This would be convenient and easy for the user. Doing it differently, in a safer way that's not problematically under scope for data protection regulations, would be more effort, not what you're used to and "messy". Certain useful features seem like they'd require more upfront work and the while system would be more complex and unfamiliar.

How is that relevant? None of that changes what you're actually asking about or makes it a good approach. I don't see how it'd make it either safer or less legally problematic?

ken , (edited )

LibreWolf is a great project but was killing my eyes at night by not being able to follow dark-theme preferences in Private Mode. So it was forked into what is now Konform Browser. Besides unlocking theming and some other privacy-related tweaks on the preferences pane, it goes even further than LW in disabling built-in remote connections, snoopware, and AI integrations.

If you are a Linux user who haven't yet found the right Firefox fork for you I hope you will consider it <3

fedi thread

ken , (edited )

If you are on Linux I think you will find interest in Konform Browser, which started as a fork of LibreWolf addressing some of your pains. Am dev so please allow me to shill for a bit.

Specifically to your comment:

ResistFingerprinting is IMHO way overkill and breaks nice things like automatic dark modes just for preserving privacy in the 0.001% of cases where browser fingerprinting matters

Konform can respect user theming preferences and dark mode even under Private Mode / RFP.

Firefox Sync,

While Konform still keeps it off by default, it allows configuring endpoints for a self-hosted or third-party Sync server from the Preferences without having to dive into about:config.

Besides that, it goes even further than LW in disabling built-in remote connections, snoopware, and AI integrations.

I hope you might consider it <3

fedi thread