faq.asciidoc

Frequently asked questions

1. What is qutebrowser based on?

   qutebrowser uses Python, Qt and PyQt.

   The concept of it is largely inspired by dwb and Vimperator. Many actions and key bindings are similar to dwb.

2. Why another browser?

   It might be hard to believe, but I didn’t find any browser which I was happy with, so I started to write my own. Also, I needed a project to get into writing GUI applications with Python and Qt/PyQt.

   Read the next few questions to find out why I was unhappy with existing software.

3. What’s wrong with dwb/vimprobable/luakit/jumanji/…​ (projects based on WebKitGTK)?

   Most of them are based on the WebKitGTK+ WebKit1 API, which causes a lot of crashes. As the GTK API using WebKit1 is deprecated, these bugs are never going to be fixed.

   When qutebrowser was created, the newer WebKit2 API lacked basic features like proxy support, and almost no projects have started porting to WebKit2. In the meantime, this situation has improved a bit, but there are still only a few projects which have some kind of WebKit2 support (see the list of alternatives).

   qutebrowser uses Qt and QtWebEngine by default (and supports QtWebKit optionally). QtWebEngine is based on Google’s Chromium. With an up-to-date Qt, it has much more man-power behind it than WebKitGTK+ has, and thus supports more modern web features - it’s also arguably more secure.

4. What’s the difference to Firefox/Chromium addons like Tridactyl or Vimium?

   The WebExtensions API doesn’t seem to allow much freedom for plugin writers, which results in Vimium/Tridactyl not really having all the features you’d expect from a proper minimal, vim-like browser. Due to the same reason, those addons are quite inconsistent - on some pages, they can’t run and intercept keyboard inputs correctly. Tridactyl gets around those limitations with various measures (such as a native messenger written in Python doing some work which can’t be done from the addon directly), but there’s only so much that can be done.

5. Why Python?

   I enjoy writing Python since 2011, which made it one of the possible choices. I wanted to use Qt because of QtWebKit so I didn’t have many other choices. At that point, I wasn’t comfortable with C++ so that wasn’t an alternative.

6. But isn’t Python too slow for a browser?

   It’s generally less of a problem than one would expect. Most of the heavy lifting of qutebrowser is done by Qt and QtWebKit/QtWebEngine in C++, with the GIL released.

   It can be problematic in some areas, but various performance optimizations have been carried out to problematic portions of the code.

7. Is qutebrowser secure?

   Most security issues are in the backend (which handles networking, rendering, JavaScript, etc.) and not qutebrowser itself.

   qutebrowser uses QtWebEngine by default. QtWebEngine is based on Google’s Chromium. While Qt only updates to a new Chromium release on every minor Qt release (all ~6 months), every patch release backports security fixes from newer Chromium versions. In other words: As long as you’re using an up-to-date Qt, you should be receiving security updates on a regular basis, without qutebrowser having to do anything. Chromium’s process isolation and sandboxing features are also enabled as a second line of defense.

   QtWebKit is also supported as an alternative backend, but hasn’t seen new releases in a while. It also doesn’t have any process isolation or sandboxing. See #4039 for more details.

   Security issues in qutebrowser’s code happen very rarely (as per September 2019, there have been three security issues caused by qutebrowser in almost 6 years). Those were handled appropriately (example) and fixed timely. To report security bugs, please contact me directly at [email protected], GPG ID 0x916eb0c8fd55a072.

8. Is there an ad blocker?

   There is a simple host-based ad blocker that takes /etc/hosts-like lists.

   More advanced ad blockers can have a big impact on browsing speed and RAM usage, so implementing support for AdBlock Plus-like lists is not a priority.

9. How can I get No-Script-like behavior?

   To disable JavaScript by default:

   :set content.javascript.enabled false

   The basic command for enabling JavaScript for the current host is tsh. This will allow JavaScript execution for the current session. Use S instead of s to make the exception permanent. With H instead of h, subdomains are included. With u instead of h, only the current URL is whitelisted (not the whole host).

10. How do I play Youtube videos with mpv?

    You can easily add a key binding to play youtube videos inside a real video player - optionally even with hinting for links:

    :bind ,m spawn mpv {url}
    :bind ,M hint links spawn mpv {hint-url}

    The comma prefix is used to make sure user-defined bindings don’t conflict with the built-in ones.

    Note that you might need an additional package (e.g. youtube-dl on Archlinux) to play web videos with mpv.

    There is a very useful script for mpv, which emulates "unique application" functionality. This way you can add links to the mpv playlist instead of playing them all at once.

    You can find the script here: https://github.com/mpv-player/mpv/blob/master/TOOLS/umpv

    It also works nicely with rapid hints:

    :bind ,m spawn umpv {url}
    :bind ,M hint links spawn umpv {hint-url}
    :bind ;M hint --rapid links spawn umpv {hint-url}

11. How do I use qutebrowser with mutt?

    For security reasons, local files without .html extensions aren’t rendered as HTML, see this Chromium issue for details. You can do this in your mailcap file to get a proper extension:

        text/html; qutebrowser %s; needsterminal; nametemplate=%s.html

12. What is the difference between bookmarks and quickmarks?

    Bookmarks will always use the title of the website as their name, but with quickmarks you can set your own title.

    For example, if you bookmark multiple food recipe websites and use :open, you have to type the title or address of the website.

    When using quickmark, you can give them all names, like foodrecipes1, foodrecipes2 and so on. When you type :open foodrecipes, you will see a list of all the food recipe sites, without having to remember the exact website title or address.

13. How do I use spell checking?

    Configuring spell checking in qutebrowser depends on the backend in use (see #700 for a more detailed discussion).

    For QtWebKit:

    1. Install qtwebkit-plugins.

    2. Note: with QtWebKit reloaded you may experience some issues. See #10.

    3. The dictionary to use is taken from the DICTIONARY environment variable. The default is en_US. For example to use Dutch spell check set DICTIONARY to nl_NL; you can’t use multiple dictionaries or change them at runtime at the moment. (also see the README file for qtwebkit-plugins).

    4. Remember to install the hunspell dictionaries if you don’t have them already (most distros should have packages for this).

    For QtWebEngine:

    1. Make sure your versions of PyQt and Qt are 5.8 or higher.

    2. Use dictcli.py script to install dictionaries. Run the script with -h for the parameter description.

    3. Set spellcheck.languages to the desired list of languages, e.g.: :set spellcheck.languages "['en-US', 'pl-PL']"

14. How do I use Tor with qutebrowser?

    Start tor on your machine, and do :set content.proxy socks://localhost:9050/ in qutebrowser. Note this won’t give you the same amount of fingerprinting protection that the Tor Browser does, but it’s useful to be able to access .onion sites.

15. Why does J move to the next (right) tab, and K to the previous (left) one?

    One reason is because dwb did it that way, and qutebrowser’s keybindings are designed to be compatible with dwb’s. The rationale behind it is that J is "down" in vim, and K is "up", which corresponds nicely to "next"/"previous". It also makes much more sense with vertical tabs (e.g. :set tabs.position left).

16. What’s the difference between insert and passthrough mode?

    They are quite similar, but insert mode has some bindings (like Ctrl-e to open an editor) while passthrough mode only has shift+escape bound. This is because shift+escape is unlikely to be a useful binding to be passed to a webpage. However, any other keys may be assigned to leaving passthrough mode instead of shift+escape should this be desired.

17. Why does it take longer to open a URL in qutebrowser than in chromium?

    When opening a URL in an existing instance, the normal qutebrowser Python script is started and a few PyQt libraries need to be loaded until it is detected that there is an instance running to which the URL is then passed. This takes some time. One workaround is to use this script and place it in your $PATH with the name "qutebrowser". This script passes the URL via an unix socket to qutebrowser (if its running already) using socat which is much faster and starts a new qutebrowser if it is not running already.

18. How do I make qutebrowser use greasemonkey scripts?

    There is currently no UI elements to handle managing greasemonkey scripts. All management of what scripts are installed or disabled is done in the filesystem by you. qutebrowser reads all files that have an extension of .js from the <data>/greasemonkey/ folder and attempts to load them. Where <data> is the qutebrowser data directory shown in the Paths section of the page displayed by :version. If you want to disable a script just rename it, for example, to have .disabled on the end, after the .js extension. To reload scripts from that directory run the command :greasemonkey-reload.

    Troubleshooting: to check that your script is being loaded when :greasemonkey-reload runs you can start qutebrowser with the arguments --debug --logfilter greasemonkey,js and check the messages on the program’s standard output for errors parsing or loading your script. You may also see javascript errors if your script is expecting an environment that we fail to provide.

    Note that there are some missing features which you may run into:

    1. Some scripts expect GM_xmlhttpRequest to ignore Cross Origin Resource Sharing restrictions, this is currently not supported, so scripts making requests to third party sites will often fail to function correctly.

    2. If your backend is a QtWebEngine version 5.8, 5.9 or 5.10 then regular expressions are not supported in @include or @exclude rules. If your script uses them you can re-write them to use glob expressions or convert them to @match rules. See the wiki for more info.

    3. Any greasemonkey API function to do with adding UI elements is not currently supported. That means context menu extentensions and background pages.

19. How do I change the WM_CLASS used by qutebrowser windows?

    Qt only supports setting WM_CLASS globally, which you can do by starting with --qt-arg name foo. Note that all windows are part of the same qutebrowser instance (unless you use --temp-basedir or --basedir), so they all will share the same WM_CLASS.

20. How do I use X.509 Client Certificates?

    Right now there is no certificate-chooser prompt implemented when there are multiple matches. Subscribe to Issue#4587 for progress notifications.

    QtWebEngine will attempt to use certificates stored in ${HOME}/.pki/nssdb. If you have Chromium installed, you can import the certificate there and qutebrowser will pick it up as well. Alternatively, you can use the certutil commandline tool:

    Assuming you have a CA Certificate and a Client Certificate that you want for authenticating yourself on a web service that validates against this CA Certificate, you need to perform the following steps.

    1. Import the CA Certificate

       certutil -D "sql:${HOME}/.pki/nssdb" -A -i <path_to_ca_cert.pem> -n "My Fancy CA" -t "TC,C,T"

    2. Merge your <cert.crt> and <privkey.pem> files into a single PKCS#12 certificate file (optional, skip if your Client Certificate already is in PKCS#12 format)

       openssl pkcs12 -export -in <path_to_client_cert.crt> -inkey <path_to_client_cert_privkey.pem> -out my_fancy_client_cert.pkcs12

    3. Import your Client Certificate into the certificate store

       pk12util -d "sql:${HOME}/.pki/nssdb" -i <path_to_my_fancy_client_cert.pkcs12> -n "My Fancy Client Certificate"

       Upon visiting a website that requests a Client Certificate you should now be prompted by qutebrowser whether you want to submit the newly imported Client Certificate or not.

       If you ever need to renew any of these certificates, you can take a look at the currently imported certificates using:

       certutil -D "sql:${HOME}/.pki/nssdb" -L

       Then remove the expired certificates using:

       certutil -D "sql:${HOME}/.pki/nssdb" -D -n "My Fancy Certificate Nickname"

       And then import the new and valid certificates using the procedure described above.

Troubleshooting

Unable to view Flash content.

If you have Flash installed for on your system, it’s necessary to enable plugins to use the flash plugin. Using the command :set content.plugins true in qutebrowser will enable plugins. Packages for Flash should be provided for your platform or it can be obtained from Adobe. Note that QtWebEngine needs PPAPI Flash, while QtWebKit needs NPAPI Flash.

Unable to view DRM content (Netflix, Spotify, etc.).

On Arch Linux, simply install chromium-widevine from the AUR.

For other distributions, it should be possible to obtain the needed widevine files and store them in the correct places, but the details differ wildly between various Qt versions.

Unable to use spawn on MacOS.

When running qutebrowser from the prebuilt binary (qutebrowser.app) it will not read any files that would alter your $PATH (e.g. .profile, .bashrc, etc). This is not a bug, just that .profile is not propagated to GUI applications in MacOS.

See Issue #4273 for details and potential workarounds.

QtWebKit: Experiencing freezing on sites like DuckDuckGo and YouTube.

This issue could be caused by stale plugin files installed by mozplugger if mozplugger was subsequently removed. Try exiting qutebrowser and removing ~/.mozilla/plugins/mozplugger*.so. See Issue #357 for more details.

My issue is not listed.

If you experience any segfaults or crashes, you can report the issue in the issue tracker or using the :report command. If you are reporting a segfault, make sure you read the guide on how to report them with all needed information.

GitHub Sponsors FAQ

Using GitHub Sponsors, you can sign up for a monthly donation to The-Compiler (qutebrowser’s main developer), allowing him to work part-time on qutebrowser. If you keep your donation level for long enough, you can get some qutebrowser stickers!

Why GitHub Sponsors?

GitHub Sponsors is a crowdfundign platform nicely integrated with qutebrowser’s existing GitHub page and a better offering than alternatives such as Patreon or Liberapay.

It also offers a Matching Fund which matches all donations until a cap of $5000, which has already been reached by qutebrowser.

Is it possible to contribute via a one-time donation instead?

If you prefer a one-time donation, there are various possibilities:

• Select a tier which covers the total amount you’d like to donate (note that payments are prorated based on the current date). After the payment is processed, cancel your GitHub sponsors subscription again. This has a big benefit: There are no fees deducted from your amount.

• Sign up for a lower recurring donation instead.

• Do so via the existing donation methods. Rewards (shirts/stickers/swag) are handled on a case-by-case basis as GitHub’s matching fund isn’t applicable and there might be relatively high fees which make this tricky.

• If you want to contribute via a one-time donation and want to make sure you’ll receive a reward, you might want to sign up to the qutebrowser-announce mailinglist and wait until there is an official way to do so. It’s planned to set this up at a later date. Note that the thresholds for perks will be higher because those donations aren’t matched by GitHub and fees are relatively high.

I’d like a certain reward (e.g. a t-shirt) but I’d prefer making a smaller monthly donation. Can I upgrade via a one-time donation?

It’s planned to set up a donation page to allow this at a later date. However, the thresholds for perks will be higher because those donations aren’t matched by GitHub and fees are relatively high. Note that you can switch tiers on GitHub sponsors at any time.

GitHub tries to charge me for an entire year. What gives?

This happens if you have an existing annual billing cycle with GitHub (for example a Pro membership or Marketplace subscription). At the moment, GitHub’s billing system only supports annual sponsor payments in that case.

Can I support you without getting any rewards/merchandise?

Absolutely! Any merchandise is optional. Before sending out merchandise I’ll distribute forms asking for size/address/etc. - those forms will have an option to not get any merch at all.

Can I select my own amount rather than using the predefined tiers?

Unfortunately, GitHub sponsors doesn’t support this at the moment. The existing tiers should hopefully cover various options. If you disagree, please get in touch - I might be able to add a new sponsorship tier.

When will rewards be shipped?

Rewards will be ordered and subsequently shipped once it’s clear how many people are eliglible. The cut-off date for the donation goals is May 2020, so rewards will likely be shipped Q2/2020. This also applies to tiers which make you eliglible for a certain perk immediately, though stickers might be shipped earlier depending on how many people this affects.

I’d like some stickers, but I can’t donate anything because of my financial situation.

Please get in touch! As long as this doesn’t get abused, I’d happily send stickers for free.

We’re a company interested in sponsoring qutebrowser, can you invoice us for the sponsored amount?

You will receive a confirmation mail including a PDF receipt from GitHub when sponsoring qutebrowser. If you really need an invoice, I can bill you via my company, Bruhin Software. Please get in touch to discuss details!

Can you share details on the stickers?

There are two sticker designs: Rectangular stickers (with text) and round vinyl stickers. Those are the same as during the 2016/2017 crowdfundings.

Can you share details on the swag?

A limited number of metal buttons and magnets is available:

It’s planned to order more swag, depending on the exact demand. Possibilites would include:

• qutebrowser pens (refillable)

• notebooks (the paper kind)

• USB-sticks (for the "expensive swag" reward).

Can you share details on the t-shirts?

The shirts will be B&C #E190 shirts which are the successor to the "Exact 190" shirts distributed in the previous crowdfundings: 100% cotton and relatively thick/heavy.

Sizes from XS and 5XL are available, most of them also as a fitted (women) cut. Up to 40 colors are available from the supplier - there will be a selection of recommended/tested colors, but any available color can be selected on your own risk.

The print will be a white silk-screen print, with the same design as in the 2016 crowdfunding:

Privacy Policy

Being a mostly volunteer-run project, qutebrowser does not have the resources for a full legalese version of a privacy policy. Instead, this overview should answer the most common questions.

For any privacy questions, please contact [email protected].

Website

The qutebrowser.org website does not use any cookies or trackers.

However, IP addresses are currently (October 2019) logged and stored indefinitely. It’s planned to change this soon by migrating qutebrowser.org to a different server.

Note that some services related to qutebrowser are stored on third-party services such as GitHub, Travis CI or AppVeyor. By using their websites, you’re subject to their privacy policies.

Crash reports

When qutebrowser crashes or you use the :report command, you have the possibility to send a crash report. If you decide to do so, your crash report is stored on qutebrowser’s server, where core qutebrowser developers (four people at the time of writing) can access it.

If you select the option to include a debug log with your report, it’s possible that sensitive information is contained in your report. You can show and edit the log in the crash report window to redact any such information as you see fit. Additionally, qutebrowser tries to avoid logging information such as passwords entirely (by not logging any input going to websites).

Currently, crash reports are stored indefinitely for technical reasons. With a new tool designed for crash reports, it’ll become possible to delete crashreports after the underlying issue is fixed, but that tool needs some more work before qutebrowser can use it.

Application

Without any user interaction, qutebrowser can be expected to make no unsolicited requests. It does not contain any telemetry code.

The QtWebEngine library (on which qutebrowser is based on) strips out any Chromium features which talk to Google servers, so any unsolicited requests should be treated as a bug.

While qutebrowser uses DuckDuckGo as the default search page, no advertising deal exists between DuckDuckGo and qutebrowser. Note that by visiting DuckDuckGo, you’re subject to their privacy policy.

With regard to websites you visit, qutebrowser tries to strike a balance between usability/compatibility and privacy. There are various content.* settings which can be used to tweak such behavior, reduce fingerprinting or disable various features (usually at a cost of website compatibility).