https://github.com/ukkit/wisp-browser
Privacy-hardened browser for Windows, built on LibreWolf. Blocks ads & trackers via DNS-over-HTTPS, resists fingerprinting, no telemetry, always-on private browsing.
https://github.com/ukkit/wisp-browser
ad-blocker anonymity anti-tracking browser dns-over-https fingerprinting firefox foss librewolf mullvad open-source privacy privacy-browser security windows
Last synced: 2 days ago
JSON representation
Privacy-hardened browser for Windows, built on LibreWolf. Blocks ads & trackers via DNS-over-HTTPS, resists fingerprinting, no telemetry, always-on private browsing.
- Host: GitHub
- URL: https://github.com/ukkit/wisp-browser
- Owner: ukkit
- License: mpl-2.0
- Created: 2026-06-18T01:23:10.000Z (11 days ago)
- Default Branch: main
- Last Pushed: 2026-06-20T06:00:58.000Z (9 days ago)
- Last Synced: 2026-06-20T08:05:12.707Z (9 days ago)
- Topics: ad-blocker, anonymity, anti-tracking, browser, dns-over-https, fingerprinting, firefox, foss, librewolf, mullvad, open-source, privacy, privacy-browser, security, windows
- Language: Python
- Homepage: https://github.com/ukkit/wisp-browser/releases/latest
- Size: 222 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Notice: NOTICE
Awesome Lists containing this project
README
WISP
Wisp is a privacy-hardened config overlay on [LibreWolf](https://librewolf.net/), packaged as a self-contained Windows installer.
No engine work, no recompile — Wisp takes the official LibreWolf binary, layers on additional policy/pref hardening and Wisp branding, and wraps it in an installer.
## Status
v1 (Windows) is in development. See [`wisp-v1-build-plan.md`](wisp-v1-build-plan.md) for the build plan.
## Privacy posture
- **DNS-level content blocking**, on by default via DNS-over-HTTPS to [Mullvad's base resolver](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) (ad, tracker, and malware blocking). No in-browser ad blocker.
- **Tradeoff:** this means Mullvad sees Wisp's DNS queries by default. Change it in `Settings → Privacy & Security → DNS over HTTPS` — point it at your own pi-hole/dns0 instance, or pick a different provider from the dropdown.
- Fingerprinting resistance (LibreWolf's `resistFingerprinting`) and HTTPS-only mode are locked on, not just defaulted.
- Telemetry, Firefox Studies, and Pocket are disabled.
- All extension/theme/dictionary installs are blocked (DNS-level blocking only — no in-browser blocker, no exceptions).
## Security updates
Wisp does not auto-update in v1. We commit to a manual rebuild-and-release **within 72 hours** of each upstream LibreWolf security release.
## Known limits (v1)
- No per-site exceptions UI.
- Some sites may break due to the blanket extension-install block.
- The installer is **unsigned** — Windows SmartScreen will warn on first run ("Windows protected your PC"). Click **More info → Run anyway** to proceed. Code signing is being evaluated for a future release (no committed date).
- To verify the download instead of trusting the warning: each release publishes a `.sha256` checksum file alongside the installer. Verify with `Get-FileHash Wisp-Setup-.exe -Algorithm SHA256` and compare against the first field of the matching `.sha256` file.
## Building from source
See [`docs/BUILD.md`](docs/BUILD.md).
## License
MPL-2.0. See [`LICENSE`](LICENSE) and [`NOTICE`](NOTICE).