Maintaining Konform Browser and some other bits and bobs.
The trust comes from the association. You can't remove (or keep private) the association and expect to not have to separately rebuild the trust as a consequence. That what you are trying to do is made is inconvenient in GPG is quite intentional I believe. Or maybe I misunderstand your motivations, it's a bit ambiguous and you leave a lot open for interpretation.
What I hear you say is: This would be convenient and easy for the user. Doing it differently, in a safer way that's not problematically under scope for data protection regulations, would be more effort, not what you're used to and "messy". Certain useful features seem like they'd require more upfront work and the while system would be more complex and unfamiliar.
How is that relevant? None of that changes what you're actually asking about or makes it a good approach. I don't see how it'd make it either safer or less legally problematic?
What purpose does (certifying with) the primary key serve there if you don't disclose it prior to rotation? What do you gain by not disclosing it when its only used in this context? It may be you haven't thought it through fully but otherwise sounds like you can get what you want by separate primary keys which you then manually
--sign-keybetween on demand.The mention of Meta in the summary doesn't fit. The article only mentions them in passing in reference to WhatsApp backups. Misleading and not relevant at all when talking about BitLocker. I think this is an editorial mistake but makes it read like subvertising, which is a shame for reporting on such a serious issue. How Google does keys for ChromeOS and Android would have been much more appropriate to compare with but for some reason this isn't even mentioned.
There's a lot to unpack here but just one thing:
Also potentially thinking may get some free webserver (basically like <20 api calls a days max and small dB with maybe 1000 rows) not for security of the data but more just not having open network ports to the internet without having the security infrastructure.
This sounds like the kind of data you really want to keep locally and I wouldn't trust any free (or even affordable) webhosting business with it. I think it's wise to keep the db and app server local and terminate the TLS locally too. You can still get a cheap VPS or two that you open a secure VPN (like wireguard) and/or SSH tunnel to. Then on the VPS you run can a second, outer, reverse proxy that forwards requests to your internal one over the gateway link. This way you get to keep the data local and safe without having to expose your home net online.
Many people enjoy Tailscale for this. There are full self-hosted options for that too but it sounds like their solution might fit your situation and requirements.
If even that feels unsafe, I really think you need to step up a bit on segregating and isolating your stuff, maybe do some homework on security, before putting sensitive stuff like this on shared infra...
I don’t want to deal with hippa or be responsible for medical data so I specifically don’t want to host the data
The only (legal) way to not deal with HIPPA is to make sure you're not in scope for HIPPA. IANAL but it sounds like you (or worse, somebody else) will retain control and management of medical data with your intended approach no matter where you host it and how other users authorize?
You can't architect, outsource, or encrypt your way out of that. A fully peer-to-peer solution which keeps the data on user devices and under their control and utilizes external server for signalling only but not for relaying or auth might get you there though.
GrapheneOS is as I understand it much less of a one-man party and in a healthier place these days compared to not that long ago. Good to keep in mind when digging up older material.
And whenever Graphene OS is mentioned, one must also mention its leader
Absolutely disagree with that you must do that whenever it is mentioned. That sounds like some unhealthy obsession if anything. There are more interesting conversations to be had. Don't we have bigger fish to fry? Move on, dude.
So let’s say you created a PGP key & then proceeded to create 2 subkeys. Is it possible to just export the particular subkeys only. (let’s say one for encryption & the other for signing) for OTHERS to import into their keyring for authentication & encryption ?
For the private key, yes. First identify the subkey ID:
gpg --keyid=format=long -K sec ed25519/5810B9EFF21686DE 2026-01-23 [SC] [expires: 2029-01-22] C9E33D15E55A3834EE17A9755810B9EFF21686DE uid [ultimate] alice <alice@localhost> ssb cv25519/F1806CEA56544D8D 2026-01-23 [E] [expires: 2029-01-22]Then export it (note the
!):gpg --export-secret-subkeys -a 'F1806CEA56544D8D!'If you want the pubkey subkey only: What's your use-case for sharing a certified key without the certificate chain? There are reasons why exporting just the public subkey isn't really a supported feature (outside of some ugly keyring surgery). If you want unsigned "naked" keys wouldn't it make sense to not use subkeys at all to begin with? Or more practically, generate separate root keys with matching user/expiry but each with different set of subkeys present (like the example above with only
E) ?Update: There is now a Containerfile producing images using the prebuilt
.debif anyone wants to try the container-based approach to run Konform Browser in podman or docker or whatever. Some basic testing done using rootless podman under either Wayland and X11 on Kinoite and both ran fine.https://codeberg.org/konform-browser/oci
If you want it to have the dark theming activate depending on your desktop theme it should work by adding
-v ${HOME}/.config/gtk-3.0:/home/user/.config/gtk-3.0:ro,z. Or-v ${HOME}/.local/share/konform-browser-1:/home/user:Zfor an isolated persistent homedir (similar to Tor Browser).Can I ask why you decided to fork Librewolf?
I wrote a bit of the "why"s already in the OP. Could expand further for you but what do you have in mind? "Why did you choose librewolf as upstream", "why fork and not another approach", "why bother with any of this at all", ...?
Flatpak
Flatpak is something we want and have been looking at already. See here for what's holding that back. There is already an (untested) repo for it.
Appimage.
While AppImages can be very convenient, we are ambivalent on some their security aspects among other things. Currently not prioritizing it until we have what we consider generally more solid options covered but will consider outside contributions if anyone feels motivated and puts in the effort to makes it happen.
Issue thread for new distribution targets where interested Codeberg users can follow up: https://codeberg.org/konform-browser/source/issues/9
for us atomic users
I see why users prefer flatpaks or appimages but just for consideration some ways I can think of one could run it on an atomic distro today:
toolbxstyle running the browser in a rootless podman container 1- Haven't tried straight up installing it in an actual toolbox container so not sure how well that works but maybe it's worth a try if that's something you already use?
- For the Fedora family, should be straightforward to install an
.rpmin your overlay - Run the app from the binary tarball directly on the host, installing it on a user mount somewhere 2
- Use the source, Luke. Build it. 3
1: Would anyone actually use it if there was a
Containerfilefor it? We currently don't have a public one but I can attest this works fine in general and if people indicate interest for it I think it's a neat idea that Konform Browser could provide that as an option.2: I think this is fine for testing and short-lived installations but unless you are technical enough to reason about the trust involved and automate for verified updates (or at least getting notifications for them), I wouldn't recommend it for long-term (>= months) installations so that you don't get stuck on unpatched versions without thinking about it. This is the least secure way to run it. Not generally recommended for non-technical users.
3: Something I recommend becoming more familiar with in general if one has the time, resources, and patience. The catch with updates applies here too if this is for production use.
If only... What does fox say?
I'm so glad you want to try!
The problem with both that and Flathub is that I can't seem to pass Githubs signup CAPTCHA whatever I tried (and yes I tried other browsers too lol). Besides, having my old account there arbitrarily blocked on phone number verification in the past, not feeling super keen on having users rely on them for updates, even putting aside whatever I feel about Microsofts and GitHubs role in the ecosystem in general...
However, if anyone would be up for the literal push-part of pushing it up and wouldn't mind collaborating a bit in the process, would be happy to make that happen together (or use your privilege if you're motivated; it's free software yo, just heed the license ;)). There is an Issue thread for coordinating if this is you.
I don't think it should be too involved as the source repo and source tarballs are built in pretty much the same way as LW, which already has a derivation in nixpkgs. Didn't look closer at that derivation but hopefully shouldn't be much more than copying
pkgs/applications/networking/browsers/librewolfand replacing some strings.There is a longer discussion to be had about both what RFP does, how effective it is, and the relative impact on entropy of this particular feature.
For now I will just say that this: Providing configuration for this serves the projects goal of user control and freedom. It should be up to the user to make that call. Us as developer shouldn't unilaterally decide on behalf of everyone. We can't think of everything and we don't always know best. Of course we can still provide guidance and put what we believe is sensible as defaults. I find it odd to criticize empowering users in this way, in particular considering the status quo.
Were it up to me, everyone should have Letterboxing on by default, probably with similar reasoning. I don't see why you wouldn't use it. Everyone enabling it would make us all (ever so little) less fingerprintable. Arguably more meaningful impact than dark/light-theme. And less of an accessibility issue. Even so, we still leave this configurable in the same way as the dynamic theming.
You can also see this way of thinking reflected in allowing loading of your own add-ons from file and allowing userChrome customization. Probably niche power-user features with risks involved and sharp edges exposed but we are developers and maintainers of software, not your sysadmins1 or caretakers2.
If you fundamentally disagree, well, not all software has to be for everyone. Probably there is already something else (like Tor Browser) that serves your needs and aligns with your philosophy better?
1: ...xcept... you want us to be your sysadmin? 👉👈 Call me when you close that seed round bb 😘
2: Nope.
If you are on Linux I think you will find interest in Konform Browser, which started as a fork of LibreWolf addressing some of your pains. Am dev so please allow me to shill for a bit.
Specifically to your comment:
ResistFingerprinting is IMHO way overkill and breaks nice things like automatic dark modes just for preserving privacy in the 0.001% of cases where browser fingerprinting matters
Konform can respect user theming preferences and dark mode even under Private Mode / RFP.
Firefox Sync,
While Konform still keeps it off by default, it allows configuring endpoints for a self-hosted or third-party Sync server from the Preferences without having to dive into
about:config.Besides that, it goes even further than LW in disabling built-in remote connections, snoopware, and AI integrations.
I hope you might consider it <3
Konform Browser is more recent Firefox (actually LibreWolf) fork which goes even further in debloating, removing "AI" functionality and disabling remote connections. It's based on Firefox ESR (like GNUZilla IceCat).
If you have concerns about the telemetry and browser metadata privacy parts of AI integrations, I think Konform, IceCat, Waterfox and Mullvad Browser are a lot more relevant than Zen...
Also consider Konform Browser! :3
https://codeberg.org/konform-browser/source/releases
Note: It doesn't have auto-updates enabled so if you are currently getting security fixes installed automatically for Waterfox/Librewolf and won't manage to keep the browser up to date yourself, then it may still be a bit early for casual users as an online daily surfboard
Privacy @lemmy.dbzer0.com Konform Browser - Taking privacy, security and freedom to the next level
Went low-key public with our internal browser project by sharing here on the feddit. If you're a dev, packager, Arch Linux user, or already build Firefox from source, this is for you1. More people using it becomes a shared privacy win. I humbly suggest that this is currently the most privacy-friendly general-purpose GUI browser out there1.
1: Others can check back at a later date when perhaps there are more builds running and tested, and more people have looked over the code.
2: Biased? I would never!
It can. Depends on how you use it. Wear gloves and goggles when handling .ml and political memes on .world and such.
Stories?! In MY games?! We have AI for that at home.
do you even raytrace lol
/s
Because it's not something people commonly do. Because the GPG authors wanted to design for and encourage what they consider appropriate use and discourage and make difficult (but not impossible) what they consider inappropriate use. Removing a footgun for people not fully understanding the trust model of PGP or just slipping up doing that and then ending up in situations they didn't account for. In general I could have a lot of criticism of the UI/UX of GPG but in this case I can see where they're coming from and find this thread supporting it as working as intended so far.
That you need to have deep knowledge of obscure GPG internals to pull this off is by design. It's not considered part of intended use. Similar thinking to why in Chromium you don't have a button to bypass HSTS validation error but need to type in the cheat code "thisisunsafe". It nudges users to stop and think more consciously about what's going on.