LibreWolf on FreeBSD: Privacy Browser Review

LibreWolf on FreeBSD: Privacy Browser Review

LibreWolf is a Firefox fork built around one idea: privacy by default. It strips telemetry, disables anti-features, and ships with uBlock Origin pre-installed. On Linux, it has earned a solid reputation among privacy-conscious users. On FreeBSD, the story is more nuanced -- the browser works, but the path to getting it running and keeping it updated requires understanding a few FreeBSD-specific realities.

This review examines LibreWolf's privacy features, its installation and maintenance on FreeBSD, performance characteristics, and how it compares to running stock Firefox with manual hardening or switching to Tor Browser.

What LibreWolf Changes from Firefox

Before diving into FreeBSD specifics, it is worth understanding what LibreWolf actually does. The project maintains a set of patches and configuration overrides on top of each Firefox ESR (Extended Support Release) or stable release:

• Telemetry removed: All Mozilla telemetry, crash reporting, and data collection endpoints are disabled at build time. This is not just about flipping preferences -- the code paths are patched out.
• Search defaults: DuckDuckGo is the default search engine. Google, Bing, and other tracking-heavy engines are not pre-installed.
• Tracking protection: Enhanced Tracking Protection is set to Strict mode. First-party isolation and resist-fingerprinting are enabled.
• uBlock Origin: Ships pre-installed with default filter lists active.
• No Pocket, no Sync, no sponsored content: Mozilla's Pocket integration, Firefox Sync recommendations, and sponsored tiles on the new tab page are all removed.
• WebRTC leak prevention: WebRTC is configured to prevent IP leaks through STUN requests.
• Automatic deletion: Cookies and site data are cleared on browser close by default.

The cumulative effect is significant. A fresh LibreWolf install provides roughly the same privacy posture that takes 30-45 minutes of manual configuration in stock Firefox.

Installation on FreeBSD

LibreWolf is not in the official FreeBSD ports tree as a standalone port. There are a few ways to get it running.

Building from Source

The most reliable method is building from the LibreWolf source, which patches the Firefox source tree:

sh
# Install build dependencies
pkg install autoconf213 bash gmake llvm16 node npm pkgconf python311 rust zip

# Clone the LibreWolf source builder
git clone https://codeberg.org/librewolf/source.git /usr/local/src/librewolf
cd /usr/local/src/librewolf

# Fetch and patch the Firefox source
./fetch.sh
./patch.sh

# Configure for FreeBSD
cd firefox-source
cat > mozconfig <<MOZCONFIG
ac_add_options --enable-application=browser
ac_add_options --enable-optimize
ac_add_options --disable-debug
ac_add_options --enable-release
ac_add_options --with-branding=browser/branding/librewolf
mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-librewolf
MOZCONFIG

# Build (this takes a while)
gmake -f client.mk build
gmake -f client.mk package

Expect build times of 2-4 hours depending on hardware. Firefox-based browsers are among the heaviest builds in the open-source ecosystem. You will need at least 8 GB of RAM and 30 GB of free disk space.

Using the Firefox Port with LibreWolf Overrides

A more practical approach for many users is installing Firefox from ports or packages and then applying LibreWolf's configuration overrides:

sh
pkg install firefox

# Create the LibreWolf-equivalent user.js
mkdir -p ~/.librewolf
fetch -o /tmp/librewolf-settings.js \
  "https://codeberg.org/librewolf/settings/raw/branch/master/librewolf.cfg"

Then create a user.js file in your Firefox profile directory:

sh
# Find your profile directory
ls ~/.mozilla/firefox/*.default-release/

# Copy the LibreWolf settings as user.js
cp /tmp/librewolf-settings.js ~/.mozilla/firefox/*.default-release/user.js

This gives you roughly 90% of the LibreWolf experience on top of the standard FreeBSD Firefox package. You lose the branding and the build-time telemetry removal, but the runtime privacy configuration is equivalent.

Installing uBlock Origin

If you take the Firefox-with-overrides approach, install uBlock Origin manually:

sh
# Download the latest uBlock Origin XPI
fetch -o /tmp/ublock-origin.xpi \
  "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"

Then open Firefox and install the extension from the downloaded file, or navigate to addons.mozilla.org and install it through the browser.

For a system-wide install that applies to all users:

sh
mkdir -p /usr/local/lib/firefox/distribution/extensions
cp /tmp/ublock-origin.xpi \
  /usr/local/lib/firefox/distribution/extensions/uBlock0@raymondhill.net.xpi

Privacy Features in Depth

Fingerprinting Resistance

LibreWolf enables privacy.resistFingerprinting by default. On FreeBSD, this works identically to Linux and includes:

• Spoofed timezone (UTC)
• Rounded screen dimensions
• Generic user agent string
• Canvas and WebGL fingerprint randomization
• Spoofed font enumeration

The trade-off is real: some websites break. Banking sites, some government portals, and sites that rely on precise screen dimensions or timezone detection may malfunction. You can toggle this per-site using the about:config page or by creating site-specific exceptions.

Network Privacy

LibreWolf's network privacy settings on FreeBSD include:

• DNS-over-HTTPS enabled by default (using Mullvad's resolver)
• OCSP stapling preferred over live OCSP queries
• Prefetching disabled (DNS, link, and speculative connections)
• WebRTC restricted to default route only

sh
# Verify DoH is active from about:config
network.trr.mode = 3
network.trr.uri = https://dns.mullvad.net/dns-query

Cookie and Storage Isolation

First-party isolation (privacy.firstparty.isolate) and dynamic state partitioning work together to prevent cross-site tracking. On FreeBSD, the behavior is identical to other platforms:

• Each domain gets its own cookie jar
• LocalStorage is partitioned per first-party domain
• Service workers are isolated
• Cache is partitioned

The automatic cookie clearing on close means that even if a tracker manages to set a cookie, it will not persist across sessions.

Performance on FreeBSD

LibreWolf (or Firefox with LibreWolf settings) performs comparably to stock Firefox on FreeBSD. The privacy features have minimal CPU impact. The main performance considerations are:

• Startup time: Slightly slower than stock Firefox due to the stricter security settings being applied at launch. Negligible on SSDs.
• Page rendering: Identical to Firefox. The Gecko engine performs the same regardless of privacy settings.
• Memory usage: Comparable to Firefox. uBlock Origin actually reduces memory usage by blocking ads and trackers that would otherwise load.
• JavaScript performance: The resistFingerprinting flag can marginally affect JavaScript timing APIs, but this does not translate to perceptible slowdowns.

Hardware acceleration is the main variable on FreeBSD:

sh
# Check if hardware acceleration is available
sysctl hw.dri.0.name

# For Intel/AMD GPUs, ensure drm-kmod is loaded
kldstat | grep drm

# Enable WebRender in about:config if not auto-detected
gfx.webrender.all = true

With working GPU acceleration, LibreWolf on FreeBSD performs smoothly for everyday browsing, video playback, and web applications.

Configuration and Customization

LibreWolf's settings are aggressive by default. Here are common adjustments FreeBSD users make:

Re-enabling Features

sh
# In about:config or user.js

# Allow session restore (disabled by default for privacy)
browser.startup.page = 3

# Keep cookies between sessions for specific sites
# Use the Cookie Exceptions UI in Settings > Privacy

# Reduce fingerprinting resistance if sites break
privacy.resistFingerprinting = false
privacy.resistFingerprinting.pbmode = true  # Keep it in private windows only

Updating Filter Lists

uBlock Origin ships with a standard set of filter lists. For additional blocking:

1. Open uBlock Origin dashboard (click icon, then gear)
2. Go to "Filter lists" tab
3. Enable additional lists: "Annoyances" category is particularly useful
4. Add custom lists if needed

Profile Management

Running multiple profiles is useful for separating browsing contexts:

sh
# Create a new profile
firefox -ProfileManager

# Launch with a specific profile
firefox -P "work" --no-remote

The --no-remote flag allows running multiple instances with different profiles simultaneously.

LibreWolf vs Firefox (Manually Hardened)

The core question for many FreeBSD users: is LibreWolf worth the extra effort over hardening Firefox yourself?

Arguments for LibreWolf:

• Saves 30-45 minutes of manual configuration
• Build-time telemetry removal is stronger than runtime disabling
• Updates maintain the privacy configuration automatically
• Pre-installed uBlock Origin with sensible defaults

Arguments for hardened Firefox on FreeBSD:

• Official FreeBSD package with regular updates through pkg
• Easier to maintain (just pkg upgrade)
• You control exactly which settings to change
• No build-from-source requirement
• Better integration with FreeBSD's security advisory process

For most FreeBSD users, the pragmatic choice is Firefox from packages with a user.js from the LibreWolf or Arkenfox project. You get 90% of the privacy benefit with dramatically less maintenance overhead.

LibreWolf vs Tor Browser

Tor Browser is the gold standard for anonymity, but it serves a different purpose than LibreWolf:

• Tor Browser routes all traffic through the Tor network, providing IP anonymity. It sacrifices speed for privacy. On FreeBSD, it is available as pkg install tor-browser.
• LibreWolf does not anonymize your IP. It focuses on preventing tracking, fingerprinting, and data collection while maintaining normal browsing speed.

Use Tor Browser when you need anonymity (hiding your IP and location). Use LibreWolf when you want privacy (preventing tracking and profiling) at normal speeds.

On FreeBSD, Tor Browser runs well but has the same performance characteristics as on any platform: notably slower page loads due to onion routing, and some sites block Tor exit nodes.

Update Cycle and Maintenance

This is LibreWolf's weakest point on FreeBSD. On Linux, LibreWolf has repository packages that update automatically. On FreeBSD, you are responsible for:

1. Monitoring LibreWolf releases
2. Rebuilding from source when updates are available
3. Handling any FreeBSD-specific build issues

Security updates are time-sensitive for browsers. Firefox vulnerabilities are regularly exploited in the wild, and LibreWolf inherits both the vulnerabilities and the fixes from upstream Firefox. If you cannot rebuild promptly after a security release, the Firefox-with-overrides approach is safer because pkg will deliver security updates automatically.

sh
# Check your current version
firefox --version

# Update Firefox through pkg
pkg upgrade firefox

# Verify the update
firefox --version

Verdict

LibreWolf's privacy model is sound and well-executed. The browser delivers meaningful protection against tracking and fingerprinting without requiring technical expertise to configure.

On FreeBSD specifically, the recommendation depends on your maintenance tolerance. If you are comfortable building from source and staying on top of updates, LibreWolf gives you the cleanest privacy-focused browser available. If you prefer the stability and update reliability of the FreeBSD package ecosystem, install Firefox from pkg and apply the LibreWolf or Arkenfox user.js -- you will get nearly identical privacy protection with far less maintenance burden.

Rating: 7.5/10 -- Excellent privacy browser hampered on FreeBSD by the lack of a native package. The Firefox-with-overrides workaround is practical but not the full experience.

Frequently Asked Questions

Is LibreWolf available as a FreeBSD package?

Not currently. LibreWolf is not in the FreeBSD ports tree as a standalone port. You can build it from source or apply LibreWolf's configuration overrides to the standard Firefox package.

Does LibreWolf break websites?

Some websites malfunction due to the strict privacy settings, particularly resistFingerprinting. Banking sites, CAPTCHA-heavy sites, and some web applications may require toggling specific settings. You can create per-site exceptions.

Can I use Firefox Sync with LibreWolf?

Firefox Sync is disabled by default in LibreWolf. You can re-enable it in about:config by setting identity.fxaccounts.enabled to true. Your sync data is end-to-end encrypted, so re-enabling it does not significantly compromise privacy.

How does LibreWolf handle updates on FreeBSD?

It does not handle them automatically. You must monitor releases and rebuild from source. This is the primary drawback on FreeBSD compared to Linux distributions where LibreWolf has repository packages.

Is LibreWolf faster or slower than Firefox?

Performance is virtually identical. The privacy features have negligible impact on rendering and JavaScript speed. uBlock Origin can actually make browsing faster by blocking resource-heavy ads and trackers.

Should I use LibreWolf or Tor Browser?

They serve different purposes. LibreWolf prevents tracking and fingerprinting at normal browsing speeds. Tor Browser provides IP anonymity through onion routing at slower speeds. Choose based on whether you need anonymity (Tor) or anti-tracking privacy (LibreWolf).