Konform Browser and other bits and bobs.

  • 13 Posts
  • 65 Comments
Joined 6 months ago
cake
Cake day: January 18th, 2026

help-circle


  • If you work for a company or own the company you are still making a self- promotional post for a company, and the rule applies.

    So if the exact same post is posted by a friend instead it’s suddenly accepted? Why is self-promo meaningfully less desired than third-party-promo if they have similar results?

    You seem to be vastly in the minority.

    Might be! That one’s framed as just personal preference and not policy suggestion because I don’t think “allow all things I like and ban everything I don’t” makes for good governance ;)

    So a more restrictive rule?

    More restrictive in one sense (what content and what’s ok to “promote” for) but more allowing in another (you can talk about something even if you are involved or associated).




  • Thank you for thoughtful engagement!

    I think that becomes even more problematic. Why is it better that I shill for a company I’m getting kickbacks from (some VPN providers excel at this game) rather than one I’m responsible for? Besides, this just lead to submarining (“viral marketing” is an entire industry!) and people pretending to “have just stumbled across this project, what do you guys think?” or being “just a happy customer”… And to some extent t becomes a game of social status, where well-connected people can just ask their friends to post on their behalf.

    Judge the message and topic, not the messenger (as long as they are human acting in good faith and not “written with help by AI”, obv).

    Besides of those issues, my personal preference would be to keep the focus on self-hosting. So talk of hardware or shipped software might be on-topic but not service providers. There are plenty of places to discuss cloud-hosting, VPNs, which PaaS is best, or whatnot.

    And I would actually be much more interested in seeing a post from a founder talking about things their company is doing relevant to self-hosters, vs yet another post of “which provider is best right now and what do you use?” or “Company X currently has a sale/launched product Y”.

    While it might filter out some good stuff, I would be all for a ban of any promotion of commercial or proprietary products and services alltogether but allow for self-hostable and in particular FLOSS stuff (where I guess some carve-out or clever formulation could be made to allow for commercial but self-hostable software - either stance on that one seems fine to me).


  • I would like some clarity on general apparent self-promotion of open source projects as well. As in, points 1-4 don’t apply and 5 depends on your definition of “advertisement”.

    I’m bringing this up because I (once) previously attempted to share a project1 I maintain on here. I did take some effort to include some context and discussion points for selfhosters in order to make it more tailored and stay safe on Rule 3. It was quickly removed by mod. I tried reaching out to one of the mods to try to understand what was wrong. They were friendly and said they weren’t involved and would forward to the relevant people and since then I haven’t heard back. It would be very helpful to be able to get some feedback on why submission was removed so we can learn how future submission attempt could be improved (or abandoned).

    1: FLOSS, no commercial or otherwise proprietary parts or relations, no slop or clank in the process


  • Sounds frustrating and I can see how that can be confusing. Had similar peeves with other imposed limitations that initially drove motivation of developing this project so can relate!

    While we have to recognize that there is inherent conflict in expectations of “browser doesn’t disclose my location” and “website knows my timezone” and that Konform Browser will continue defaulting to privacy, you highlight gap in UX and user control that I agree can be improved on. Shouldn’t be too much work to add more make more discoverable selective settings UI for this too in a future release.

    There’s some other aspects that often play into this particular scenario and can vary per site:

    • Apps showing relative time like “10 hours ago” or “in 15 minutes” should not be affected by any of this.
    • Scheduling for events on services like the ones you mention also shouldn’t be affected by this: Time for events is global but display will be affected.
    • There are are a lot of bugs in webapps out there that can be interacting with localtime in incorrect ways. It’s complicated1.

    Try being a part of a team in multiple timezones, some of which follow Daylight Savings Time (from different dates) and some not. Now schedule a recurring weekly meeting for the same time and coordinate that over chat. This is just inherently messy. Communicating this properly in UI is subtle and confusion like the one you described often arise when webapp developers assumptions and user assumptions don’t align. Some even say we should do away with timezones alltogether.

    1: Someone even made list of lists of falsehoods programmers believe about time


  • If you’re talking about Librewolf’s “resist fingerprinting”:

    To set the record straight, ResistFingerprinting was originally developed by Tor Browser developers, and is for some time now part Firefox (and therefore all forks) behind the privacy.resistFingerprinting (“RFP”) preference. So credit there goes to those devs, Tor Projectt, ad Mozilla. Konform Browser and Tor Browser have this on by default. There is also the related more recent and complex privacy.fingerprintingProtection (“FPP”) system. LibreWolf has historically been on RFP too - I’m not up to date if that’s still the case or if they’ve migrated over to FPP yet as I understand that is the intention of maintainers. The difference between the two is more than I bear to explain here and a bit of a rabbit hole x)




  • But can it fool creepjs?

    What does that mean for you, exactly? I know that there is a lot of different ideas out there on how to interpret these results and what “good” means so would be helpful to know what your expectations are to give meaningful answer to such question.

    Anyway, I just tried running the test at creepjs.org and this is result: Test hangs at “57/58: Currently collecting: Private Click Measurement complete”, with no errors in the js console.

    Having compared results with some other fingerprinting suites previously, default settings should give plausible fingerprint corresponding to user base of existing browser. Only Cloudflare seems to hate it: Turnstile in strict mode throws a redirect loop when their troubleshooting tool says all is fine. Is that because fingerprinting protection “works to good” or is broken? You tell me!

    I would appreciate an outside and less biased review, comparison or benchmark on stuff like this! Want to try and report back?





  • There is some talk about this on the readme (“About”) page with more detail on differences in the release notes.

    On “AI”, tooted about this here. As one example, the “AI chatbot” feature is disabled and hidden by default. If user still chooses to enable it via preferences, stock configuration only has one available provider: localhost where user runs their own app (for example llamafile.ai) locally outside of the browser while proprietary integrations1 and telemetry are removed even when feature enabled. I think for all of the AI-features, both the default-disabling and making them work better (or at all) without remote cloud goes deeper in Konform Browser than others like Librewolf.

    Another example is about:translations, which when enabled2 actually works properly when offline after translation models have been downloaded; they are not bundled with browser.

    Let me know if any more questions after reading that!

    1: Like ChatGPT and others

    2: “Basic Functionality” and “Just Make It Work” presets enable local translations feature and downloading of translation models.