Or use Pale Moon, forked long ago and developed independently, that respects your privacy out of the box without needing 50 different 'hardening' Arkenfox type changes or having to keep watch every time Mozilla tries to screw over end users like this. Zero telemetry, zero advertising and no mental gymnastics over how we're financially dependent on Google but still value your privacy. And bonus, it retains XUL extension support and the full customizability that went with it (including full support for full themes that can make it resemble Chrome or modern Firefox if you want to).
The first thing that comes to mind when I hear "Pale Moon" is their toxic developers. But let's ignore that... Is it safe to use Pale Moon as your main browser? How many security patches is it missing from upstream Firefox? Do they have any security team?
I don't mind using outdated software for a specific task, but I feel uncomfortable after a certain point. Unless you absolutely need the old XUL-era functionality, does it make sense to use Pale Moon when you can tweak Firefox to be more private? In my case, I'm not sure.
The toxic developer in question quit 2 years ago - things are peaceful now with the community.
Pale Moon isn't a rebuild of Firefox - it's a complete fork with its own rendering engine Goanna based off Gecko 52 and developed independently. Several of the security vulnerabilities introduced due to the larger code base and complexity of a multi process browser (to say nothing of Firefox's additional bloat of adding what are better as extensions to the browser core such as a PDF renderer or Pocket) are simply not applicable to Pale Moon, but the release notes detail the ones that are and have been patched.
The only thing 'outdated' is their not jumping on the minimalist, mobile focused UI that Chrome invented and Firefox copied and retaining a sane, desktop user focused and fully customizable UI that doesn't need digging into about:config or userChrome.css tweaks and can be directly done from the preferences dialog or context menus. The way Firefox used to be until version 4 onwards when the copying Chrome and limiting user choice began.
To your last point, why should you have to tweak Firefox for privacy at all when they keep proclaiming how privacy friendly they supposedly are? Pale Moon is private out of the box - there is no baked in telemetry (they don't run a telemetry server, for starters), analytics, tracking, advertising or anything else on those lines.
> The toxic developer in question quit 2 years ago - things are peaceful now with the community.
It wasn't just "Matt A. Tobin". For example, "Moonchild" was involved in that OpenBSD debacle ( https://archive.is/qbpmL ). Just someone trying to make Pale Moon to work and they approached it like that. Moonchild still blames OpenBSD devs for it... earlier this year he said they were "uncooperative" ( https://forum.palemoon.org/viewtopic.php?t=30732 )... I wonder why.
A few were fine with Tobin's behaviour and happy to support him... and they're still there.
This doesn't affect the performance or security of the browser, but it's something that bothers me and so it's a point against when considering which browser should I use.
The OpenBSD issue was pretty clear - building against system libraries alters the browser configuration and behavior, for which Moonchild would end up being held responsible. Even now there are contributed 3rd party builds on the downloads page for Mac OS and OpenSolaris among others, these are vetted to follow the build procedure and are authorized to use the official branding as a result. OpenBSD can make their own build if they want but they can't call it Pale Moon.
Hyperbola Linux does exactly that - their Iceweasel and IceApe browser/suite are built on Pale Moon's Unified XUL Platform (which is forked from the old Mozilla application platform) but are clearly seen as separate products.
There is already a similar issue with forks for Windows XP called New Moon and My Pal - Pale Moon long since dropped support for XP yet users of these builds show up on the forum asking for help instead of asking the fork maintainers.
The only point that the OpenBSD situation made clear to me was that both Pale Moon developers are good with code, but terrible at basic human interaction.
The maintainer was still in the phase of trying to make it work, the code was on a personal github... there was no Pale Moon for OpenBSD, no decision on actually making it available, let alone forking it or giving it another name... it never got to that point. And that's why approaching the issue with that style made no sense. "You will revise your mozconfig..."? The average person will tell you to take a hike. "I will not be as educational next time."? Would you continue working (for free!) on making someone else's "product" when they make a threat the first time they interact with you?
What's wrong with a "Hey, thanks for working on this, however since you're not using our libraries and <insert reasons>, you'd need to rename the browser as per our license and we also don't want to be associated with ports that do this. Let me know if we can help with anything."
There's nothing wrong with not wanting to be associated with something that might not work as you intend it to, not want to support it, etc, but you can't behave like an asshole if you want people to work with you. Like, you're being more hostile than someone like Mozilla would usually be under similar conditions... no wonder the attempted port died with that Github issue.
In any case, and going back to my point about them being toxic, Moonchild was fine with Tobin's behaviour (and vice-versa) towards others and even joined in sometimes... so only blaming Tobin makes no sense. Moonchild still doesn't see anything wrong with the way they approached the My Pal and OpenBSD situations, so it's only a matter of time until the next drama. Essentially, it might be a less toxic project now, but some of the people who made it toxic are still there and have not changed their ways. That's their right, I guess, but it's not something I want to be associated with.
The author of this is has some pretty ridiculous allegations, from blaming the browser for analytics on its homepage provider (when you can directly change the homepage to whatever you want right from the preferences without digging into about:config or elsewhere) to automatic updates, which is set to notify about them by default, not download and apply them. Firefox was(is?) known to install a separate updater service on Windows, FFS.
And he's complaining about NoScript, which doesn't play well with Pale Moon to the extent of destabilizing the browser and whose Pale Moon compatible XUL version is long abandoned by its developer while there's an alternative (eMatrix, forked from now abandoned uMatrix that was made by uBlock Origin's author) available. (https://forum.palemoon.org/viewtopic.php?f=46&t=17619)
Pale Moon is what Firefox used to be once upon a time in terms of customization and privacy before Mozilla became Google's controlled opposition to guard against browser monopoly allegations.
