Konform Browser 140.8.0-106 - Security- and privacy oriented open source web browser

Thank you for kind feedback! I’m glad you dig and that it fills a spot! Internal network management is very much one of a few use-case categories that’s been motivating this.

I have a question. I’ve read that you position Konform closer to GNU IceCat than to LibreWolf, which makes me worry: does Konform provide at least the same level of fingerprinting resistance as Librewolf does, , if I 1) revert “Allow non-default theme” and 2) re-enable “Enforce OCSP hard-fail” in settings?

I don’t understand the IceCat reference. Anyway, I would argue that Konform Browser has stronger privacy defaults (including less leaks for fingerprinting) and the focus is a natural part of the projects privacy goal. Reverting “allow non-default theme” makes sense but I’m wondering about your motivations for OCSP? I don’t think it should do either for or against vs sites, and if anything making the situation worse vs service provider(s).

See: - https://youtu.be/Htms5rNy7B8?list=PLeeS-3Ml-rpovBDh6do693We_CP3KTnHU&t=2359 - https://hacks.mozilla.org/2025/08/crlite-fast-private-and-comprehensive-certificate-revocation-checking-in-firefox/

I believe what you probably want instead is CRLite? Will be enabled and receive updates for presets other than Purely Private.

And my first bug report:

Hm, that’s unfortunate. But it’s also not clear to me if this is a bug in Konform Browser or not. Only Cloudflare would really know. Possibilities:

• False flag or misclassification from Cloudflare¹ (ie the bug is @ Cloudflare)
• Legitimate block at Cloudflare. For example, previously they might have been able to categorize with decent certainty in a “LW users on Linux on Tor” bucket but you are fuzzier and get treated like “sus” as you’re not distinguishable enough from skillfully deployed spambot anymore. Should be resolvable on case-by-case-basis by site operator, still. This is unfortunate situation and not really something we can address without more specific information²
• If you get consistently blocked with Konform but not with Tor Browser / FF ESR over Tor, that’s an indication Konform might be distinguishable and treated differently and if so, that could be a bug in Konform Browser. If you can pinpoint what makes the difference, that would be very useful to know. “Cloudflare is blocking me at this site” is unfortunately not really actionable but if a behavioral difference can be identified, it’s possible that it can resolved by change in Konform.

In case it’s not as straightforward, and a workaround would involve something like selective UA-spoofing³, I don’t think that’s something we would work on or implement. If the site has a selective allowlist of UAs, that’s either “working as intended” or a bug on their end, not something I think of as a bug in Konform. Resistance against censorship is of course not undesired - but privacy and security are still the higher priorities.

Still, Konform Browser does bundle WebCompat system addon just like FF. So the third path for fix, if only site-specific workaround can be identified, and the issue can be reproduced in FF ESR (maybe by applying KB userprefs), I think it could be to addressable by reporting and adding such workaround.

Does Cloudflare reliably distinguish between users of LW/FF RR, and KB/TB/FF ESR, etc as part of this turnstile page and does that contribute to the difference outcome you see? If so, how exactly is it done and how exactly does it contribute? Is it explicit or emergent? We don’t know. Assuming answers to first two are yes and yes, the difference could even be explained simply by difference in user numbers. Best we can really do is striking a balance between closing the gap and closing leaks of entropy.

If nothing else, it might just work itself out over time due to unrelated changes on either side. If not before, I expect the ESR bump in a few months could “magically” sort these kinds of things out.

¹: Cloudflare only provides support to their customers; not mere mortals like you and I. Resolution path: User (eg you) reaches out to site (ie NexusMods) who can then either 1) change their CF configuration or 2) contact Cloudflare who may or may not fix the issue.

²: DM me if you actually want to dig into this!

³: Konform is as vague and static as possible while conforming to FF ESR/TB format

It does! While existing userprefs should work for enabling the feature and setting your own syncserver endpoints as expected, Konform Browser also has basic UI for convenient configuration of custom sync URLs under about:preferences -> Konform Browser. Please report if any issue with that <3

TY! Would be cool with your feedback if you decide to try it out. And feel free to share around :)

The readme lists some of the motivations as well as distinguishing differences with LW specifically. Though the latter is a bit out of date by now as we’ve further diverged (gaps should be captured in by release notes, which is probably best place to read up on project RN).

What benefits are there for you? IDK, I don’t know you or your needs and priorities! There are a lot of possible different answers to that. Also I’m a dev not a salesperson or influencer 😅

Why not give it a spin and let us know about pros/cons? :)

Separately, this is still relatively early days in public life of the project and I don’t want to say “trust me bro” too much but aside from the actual differences between browsers themselves, we take the supply-chain side seriously and aim to keep a tight ship delivering new security patches from upstream on time while minimizing breakages for users. Since this is built without pinning on past achievements or identity, it will still take time (years I guess) to build track record and make this apparent.

Some day, someone is going to have to explain this one…

There is actually a third visual reference in the logo that may be a bit less obvious.

Oh, thanks for bringing that up - that’s out of date and no longer true so I guess the readme does need an update¹. While you are correct, the offline translations feature wouldn’t actually work when blocking its access to RemoteSettings server. There was also a bug (still present in LW) which prevented locally cached results from being used. As Konform Browser does have a strict policy of not initiating connections to “trusted” servers on its own by default and without explicit user consent, it made more sense to remove it than leaving UI for a completely broken feature until it could be done properly.

Since that was written:

• Bugs fixed in Konform so translations do work fully offline now
• An about:welcome “onboarding” screen was introduced where user has 4 presets to choose from. 3 of them (all but Purely Private 🔒️) allow translations feature and 2 (✳️Basic Functionality and 🦊Just Make It Work) makes it default and enable the automatic downloads of models from Mozilla server like in FF.
• about:translations unhidden and can be used for direct translations of direct input

So in reality I would say offline local translations actually work better in Konform than in FF and other forks.

In the future hoping to improve this further by redistributing the models as packages for separate installation on system. Then you can use them without needing the browser itself to download anything at all. Similarly to how it’s already done for spelling dictionaries and uBlock Origin.

¹: EDIT: Readme has been updated to be less out of date more closely resembling current state of differences.

Cool. But…, could you name those explicitly?

Thanks for checking out! Not in the readme, because it would be a PITA to keep that up to date over time, especially when rewriting for new context each time. They are already covered in release notes and commit log¹ for the curious. You can also look under patches/kon in the source git repo.

This comes to mind.

Could you please explain why anyone should consider Konform Browser over it?

Am engineer not a salesperson or influencer. I guess that means at this early stage it’s primarily targeting the audience who are able/willing to make sense of and contextualize the given material themselves, or willing to take a leap of faith. The pros/cons vs other browsers is something I hope to leave to other users to talk about and share around. Would be cool to hear your thoughts, for example! Maybe this is relevant for some, though.

Also, pull requests attempting to improve the documentation are very much welcome. Would be great to get more contributors involved and one doesn’t have to be deeply technical to write good docs.

¹: Can click the commit hash for a release under /releases and then xxx commits to list commits for specific release

While that section in readme is not entirely up to date, combining that with release notes should hopefully give decent idea. Let me know if you have remaining questions after returning from those! You could also try it out and see for yourself.

Care to comment on the actual content of post or the topic of the project rather than aesthetics of the thumbnail icon? It’s a web browser, not a lifestyle brand, and this isn’t c/logodesign 🙄

What an atrocious comment choice.