PureBrowser vs Firefox


#1

What is the difference, other than name, logo, and a couple of default plugins, between PureBrowser and Firefox?


#2

Helping answer my own question: Google Widevine CDM isn’t supported. This is the Firefox extension that enabled content protected video and audio to play, like anything on Amazon Prime and Netflix.


#3

You can find bits and pieces here in the forums and in the PureOS Tracker for bug reporting.

Just so you understand my perspective, I used PureBrowser until Mozilla stopped supporting the old extensions in Firefox ESR 60.1. Additionally, the Purism webext packages seemed to interfere with my Quantum add-ons and, at that time, were down-level. I wound up uninstalling PureBrowser and the webext packages.

First, last I used it, PureBrowser was based on Mozilla Firefox ESR releases, not Quantum, so it depends a little on what you mean by “Firefox.” Obviously, the use of legacy add-ons in ESR do not matter anymore. Second, in PureBrowser, Purism has turned off any data reporting, so one will not see the option to send error reports, etc.

You may see reports in the forums of folks having trouble with Firefox add-ons in PureBrowser. The most recent work-around I have seen is at the bottom of Mladen’s “Firefox Compat Mode” fix page. That is here.

Purism might do other sanitizing, but I still did a lot of my own. I used these sites among others for guidance:

https://www.ghacks.net/overview-firefox-aboutconfig-security-privacy-preferences
https://www.askvg.com/tip-disable-telemetry-and-data-collection-in-mozilla-firefox-quantum/

I think PureBrowser is always going to be a little behind with updates. It is unavoidable because a modified version is never going to be current with the original on day 1. I did not find that too bad, but it depends on how paranoid you are. :slight_smile: Security is a matter of evaluating risk.


#4

As of today PureBrowser is at version 60.5.0esr. Firefox for Linux is currently at 60.6.1esr for the ESR version and stable is at version 66.0.3. That’s a little more than a “day 1” delay. In fact, PureBrowser is so old that some of my favorite Firefox extensions will no longer run. This wouldn’t be so annoying if actual Firefox were available in the PureOS repository, but it isn’t and they have disabled adding other repositories.


#5

I’ve had no trouble adding repositories in /etc/apt/sources.list.d


#6

We haven’t disabled adding other repositories. Like rjm I can trivially add Debian to my sources list.

Regarding add-ons; there are solutions for PureBrowser: Add-on installation from mozilla.org fails

We’ve had long, technical and trademark discussions with Mozilla regarding PureBrowser and Firefox. At the moment our amicable discussions have led us to leave Firefox packaging as Mozilla prefers to have it and we’re focusing on GNOME’s Web browser as our default in PureOS.

Personally I also use Firefox Developer Edition through flatpak. I pull this down from an unofficial repository but I feel comfortable with it, though I don’t use that often. My recommendation is to use the official Firefox from Debian if you want Firefox; it is packaged by Mozilla officially and has Debian’s security support.


#7

If I’m reading you correctly, PureBrowser will be no more at some point in the future? The options would then be:

  • Firefox, as packaged by Mozilla (to be included in PureOS repos, then?)
  • GNOME Web / Epiphany

?


#8

I don’t believe the options will be limited to that. What we want is our “default” browser to offer the type of security, privacy, and easy-to-use experience that PureOS has. To do that we currently have to change the default debian packaging of Firefox in such a manner as to lose access to add-ons and trademarks. In addition, we think that GNOME Web has the functionality, or is gaining functionality, to meet all our requirements. This is one of the reasons we are implementing a long-held plan to switch “PureBrowser” to GNOME Web.

Firefox of course will remain in Debian and we plan to add it to PureOS in the same form it is upstream. We will not add our patches however unless there a broad-based, explicit request to do so.


#9

So tell me, what happens when you select “Software Repositories” from the Software app? What happens when you launch the Software and Updates program? I believe those are programs Purism officially includes and supports for software management, are they not? As for other programs, what happens when you try to do the same with Synaptic or Discover or Muon or Gnome Packages or just about any other software management tool? And is it just coincidence that Purism’s own software store is the only one available?

Yes, I know that technically I can go in and edit things manually to get around the block. Yes, I know that technically the system is open source so that I can go in and and edit the code to remove the block. But that doesn’t make the block non-existent and claims to the contrary only serve to make it look more nefarious.


#10

@don, if you are referring to the fact that nothing happens when you select “Software Repositories” from the Software application, that is a bug being tracked: https://tracker.pureos.net/T711

If you manually add new sources to /etc/apt/sources.list or sources.d, the packages provided by those repos do then appear in the Software GUI application.


#11

You are derailing this thread. You wanted to answer in a different one.


#12

It is not a “block” to not include other repositories by default. Purism’s default is to only include their repository as this is in line with their goal of only providing free (as in freedom) software.

If they include other repositories they do not control then they are not meeting their promise to their customers. This is not blocking, you still have the freedom to add any repository you want.

Yes their repository only has what they add to it and they do have the ability to “block” things from being added to their repository, but calling this “blocking” of other software stores/repositories is a gross missrepresentation of what is happening.


#13

@jeremiah, can you provide the repo you’re comfortable with?

also, the debian repo for latest available Firefox?


#14

I’m happy to share what I use. It works for me, but CAVEAT EMPTOR. :slight_smile:

“Unofficial firefox developer version”;
https://firefox-flatpak.mojefedora.cz/

Debian Firefox ESR for Buster;
https://packages.debian.org/buster/amd64/firefox-esr/download

  • There are instructions for flatpak and installing the flatpaked version of Firefox.
  • The URL to the debian package allows you to download the deb and install it with dpkg -i firefox-*

#15

Regarding add-ons; there are solutions for PureBrowser: Add-on installation from mozilla.org fails

My comment was concerning extensions for which the base version of PureBrowser is too old. That “solution” does not work for such extensions.


#16

@jeremiah, Is there a comprehensive list or other location of discovery for the PureBrowser patches to FF?

I’m interested in learning more about the changes Purism has made and I’m not sure the OP question is answered here yet…


#17

Here is the list of changes; https://source.puri.sm/pureos/packages/firefox-esr/commits/pureos/esr60/master


#18

PureBrowser is not the most secure version of Firefox.

Binance gives me a security warning about the PureBrowser.

Purism can’t support the most up-to-date patches,
and thus shouldn’t be bundling a web browser.

The attack surface, and therefore the risks, are too large to supply a browser that gets infrequent updates IMO.

https://hacknews.co/malware/20190621/firefox-67-0-4-released-mozilla-patches-second-0-day-flaw-this-week.html