IronFox/docs/FAQ.md

# Frequently Asked Questions

- [Frequently Asked Questions](#frequently-asked-questions)
	- [How can I download IronFox?](#how-can-i-download-ironfox)
	- [Why isn't IronFox available on F-Droid?](#why-isnt-ironfox-available-on-f-droid)
	- [How can I download Nightly builds?](#how-can-i-download-nightly-builds)
	- [Aren't Firefox-based browsers less secure than Chromium?](#arent-firefox-based-browsers-less-secure-than-chromium)
	- [So IronFox is **insecure**? Why should I use it then, what's the point?](#so-ironfox-is-insecure-why-should-i-use-it-then-whats-the-point)
	- [Does IronFox contain proprietary/tracking libraries?](#does-ironfox-contain-proprietarytracking-libraries)
	- [Does IronFox depend on Google Play Services?](#does-ironfox-depend-on-google-play-services)
	- [Why is Google Safe Browsing supported and enabled by default?](#why-is-google-safe-browsing-supported-and-enabled-by-default)
	- [Why does IronFox crash on GrapheneOS?](#why-does-ironfox-crash-on-grapheneos)
	- [Can I use FIDO/U2F/Passkeys?](#can-i-use-fidou2fpasskeys)
	- [Can I receive push notifications?](#can-i-receive-push-notifications)
	- [Can I use a custom server for Firefox Sync?](#can-i-use-a-custom-server-for-firefox-sync)
	- [Why does IronFox include built-in extensions?](#why-does-ironfox-include-built-in-extensions)
	- [Why are certain preferences locked?](#why-are-certain-preferences-locked)
	- [Will IronFox support "Generative AI"?](#will-ironfox-support-generative-ai)
	- [Why isn't Resist Fingerprinting (RFP) enabled?](#why-isnt-resist-fingerprinting-rfp-enabled)
	- [Why can't I install add-ons/extensions?](#why-cant-i-install-add-onsextensions)
	- [What add-ons/extensions should I install?](#what-add-onsextensions-should-i-install)
	- [Why is IronFox so slow?](#why-is-ironfox-so-slow)
	- [Why can't I stream certain *(DRM-protected)* content from streaming services (Ex. Amazon Prime Video, Apple TV+, Disney+, HBO Max, Hulu, Netflix, Peacock, Plex, Sling, Spotify, etc?)](#why-cant-i-stream-certain-drm-protected-content-from-streaming-services-ex-amazon-prime-video-apple-tv-disney-hbo-max-hulu-netflix-peacock-plex-sling-spotify-etc)
	- [Why are websites displayed in light mode?](#why-are-websites-displayed-in-light-mode)
	- [Why are websites always displayed in English?](#why-are-websites-always-displayed-in-english)
	- [How can I allow websites to use WebGL?](#how-can-i-allow-websites-to-use-webgl)
	- [If timezone spoofing is enabled, how can I allow certain websites to access my real timezone?](#if-timezone-spoofing-is-enabled-how-can-i-allow-certain-websites-to-access-my-real-timezone)
	- [Why do some fonts display incorrectly?](#why-do-some-fonts-display-incorrectly)
	- [Why can't I see emojis?](#why-cant-i-see-emojis)
	- [Why doesn't this website work?](#why-doesnt-this-website-work)

## How can I download IronFox?

You can currently download IronFox from [Accrescent](https://accrescent.app/app/org.ironfoxoss.ironfox), from [our F-Droid repository](https://fdroid.ironfoxoss.org/fdroid/repo/index.html), or directly from [our GitLab releases](https://gitlab.com/ironfox-oss/IronFox/-/releases).

## Why isn't IronFox available on F-Droid?

We currently do not support IronFox's inclusion in F-Droid's official repository, due to what we feel are significant privacy and security concerns. For more details, you can [read our issue where this was discussed here](https://gitlab.com/ironfox-oss/IronFox/-/issues/7).

We'd also recommend checking out [this article from privacy and security researchers](https://privsec.dev/posts/android/f-droid-security-issues/), [this post from the developer of WireGuard](https://gitlab.com/fdroid/fdroiddata/-/issues/3110#note_1613430404), and [this thread from GrapheneOS](https://infosec.exchange/@GrapheneOS@grapheneos.social/113900951182535101).

While we do provide our own [F-Droid repository](https://fdroid.ironfoxoss.org/fdroid/repo/index.html) for those who insist on using F-Droid, F-Droid's client isn't without its own privacy and security issues *(notably: [not properly notifying users of updates...](https://codeberg.org/celenity/Phoenix/issues/89#issuecomment-3145034))*.

For those who do use F-Droid to install and update IronFox, we would recommend using [F-Droid Basic](https://f-droid.org/packages/org.fdroid.basic/) as your preferred client of choice, as it is more secure than the standard F-Droid client, due to its reduced feature-set.

## How can I download Nightly builds?

IronFox `Nightly` builds are builds of IronFox that are automatically generated from our GitLab CI. These builds are bleeding edge, and contain the latest changes as we add them. **These builds can be installed alongside your main/existing IronFox install**. For more details on the differences between IronFox `Release` and `Nightly` builds, you can see [our comparison page here](https://gitlab.com/ironfox-oss/IronFox/-/blob/dev/docs/NightlyVsRelease.md).

When reporting an issue, we'll likely direct you to install and attempt to reproduce the issue on the latest Nightly build, to ensure that we haven't already fixed the problem.

**You can find and install the latest IronFox Nightly build with the following steps**:

**1**. Navigate to [the `Artifacts` tab](https://gitlab.com/ironfox-oss/IronFox/-/artifacts) on our GitLab repository.

**2**. Select the **folder icon** to the right of the latest artifact for your device's architecture. If you're not sure what architecture to use, we'd recommend trying `build-apk:` **[`arm64`]** first. If that doesn't work, you can try `build-apk:` **[`arm`]** instead.

**3**. Navigate to `artifacts` -> `apk`, and select the file ending in `.apk`.

**4**. Select `Download`, and proceed to download and install the application.

## Aren't Firefox-based browsers less secure than Chromium?

**Yes**. While we do as much as possible to improve the situation, IronFox is unfortunately also impacted by some of Firefox's fundamental issues. For more details, please see [our `Limitations` page](https://gitlab.com/ironfox-oss/IronFox/-/blob/dev/docs/Limitations.md#security).

Depending on your threat model, it may be preferable to use a Chromium-based browser, such as [Vanadium](https://grapheneos.org/features#vanadium) on GrapheneOS, or [Cromite](https://github.com/uazo/cromite).

We're deeply disappointed by Mozilla's lack of focus in this area, and we hope to see them improve in the future.

## So IronFox is **insecure**? Why should I use it then, what's the point?

It should be noted that there is a difference between something being *less* secure vs. something being *insecure*.

**To be clear**: As noted above, Firefox-based web browsers are objectively less secure than their Chromium counterparts. We are **not** trying to discredit Firefox's legitimate issues in this area.

**However**, *especially due to [the hardening that IronFox provides](https://gitlab.com/ironfox-oss/IronFox/-/blob/dev/docs/Features.md)*, assuming that users keep the browser up to date and follow other good privacy and security practices, we believe that IronFox is secure *enough* for most users and threat models.

While we do as much as we can to improve Firefox's security, we also feel that IronFox's primary strengths are in other areas. Notably, when compared to most Chromium browsers, IronFox offers users with stronger *privacy*, superior content blocking *([uBlock Origin](https://addons.mozilla.org/addon/ublock-origin/))*, more freedom, more customization, and more control *(ex. `about:config`)* over their browsing experience. IronFox also supports other important features missing from many of these browsers, such as extensions and end-to-end encrypted browser sync.

Additionally, with the notable exception of [Cromite](https://github.com/uazo/cromite), Chromium browsers on Android include proprietary Google Play libraries. **Unlike these browsers, IronFox is fully free and open source**. Unlike Chromium browsers, IronFox also supports [Google Safe Browsing](https://support.mozilla.org/kb/how-does-phishing-and-malware-protection-work) without Google Play Services. Thanks to our support for [UnifiedPush](https://unifiedpush.org/), we also provide support for push notifications without Google Play Services.

It should also be noted that Firefox-based web browsers, such as IronFox, help to promote browser engine diversity, and oppose [Google's browser engine monoculture/monopoly with Chromium](https://contrachrome.com/ContraChrome_en.pdf).

Even from a *security* perspective, IronFox has certain features that a majority of Chromium browsers still lack, such as [JavaScript Just-in-time Compilation *(JIT)*](https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/) being disabled by default.

Ultimately, while Firefox-based web browsers *(including IronFox)* provide weaker security compared to their Chromium peers *(and this is indeed something important to take into account)*, we wanted to highlight that IronFox brings a lot to the table in *other* aspects.

**At the end of the day, we're not going to tell you that IronFox is the perfect browser, or even that you should use it at all**. Which browser you should use depends on your [threat model](https://www.privacyguides.org/en/basics/threat-modeling/), personal preference, and values. **Most importantly, the browser you should use is the one that works best for you**. If that browser turns out to be IronFox? Great, welcome aboard! If not? No problem. Hopefully, you at least learned something.

## Does IronFox contain proprietary/tracking libraries?

**No**. IronFox removes the following proprietary/tracking libraries from Firefox for Android:

- [Adjust](https://github.com/adjust/android_sdk)
- [Google Play Firebase Messaging](https://firebase.google.com/docs/cloud-messaging/) - *(Replaced with [UnifiedPush](https://unifiedpush.org/))*
- [Google Play In-App Reviews](https://developer.android.com/google/play/installreferrer/library)
- [Google Play Install Referrer](https://developer.android.com/google/play/installreferrer/library)
- [Sentry](https://github.com/getsentry/sentry)

Additionally, IronFox removes the proprietary [Google Play FIDO](https://developers.google.com/android/reference/com/google/android/gms/fido/Fido) library from GeckoView - *(Replaced with the [microG](https://github.com/microg/GmsCore/wiki) FIDO library)*.

IronFox also removes Mozilla's [Glean](https://github.com/mozilla/glean) *(telemetry)* library from [Android Components](https://searchfox.org/firefox-main/source/mobile/android/android-components/README.md) and [Application Services](https://github.com/mozilla/application-services) *(dependencies that provide core functionality for Firefox on Android)*.

For Firefox for Android itself, while it's untenable to fully remove all references to the Glean library, we do remove the [Glean *`service`*](https://searchfox.org/firefox-main/source/mobile/android/android-components/components/service/glean/README.md) library, and we stub the Glean library itself at build-time and break/neuter all of its functionality. Note that certain naive apps *(ex. `App Manager`, `Exodus`, and `Tracker Control`)* do not take this into account, and incorrectly claim that IronFox has `tracking` libraries *(referring to the `Glean` library)*. Keep in mind that these same apps claim that [Google Chrome has no tracking](https://reports.exodus-privacy.eu.org/en/reports/com.android.chrome/latest/), and even claim that [Tor Browser contains trackers](https://reports.exodus-privacy.eu.org/en/reports/org.torproject.torbrowser/latest/).

## Does IronFox depend on Google Play Services?

**No**, IronFox does not depend on Google Play Services for any functionality.

Due to our use of the [microG](https://github.com/microg/GmsCore/wiki) FIDO library, **GrapheneOS** is unfortunately known to incorrectly label IronFox as depending on Google Play services. This also results in IronFox being automatically granted the `Dynamic code loading via storage` permission, which is unnecessary unless you're using UnifiedPush *([as detailed below](#can-i-receive-push-notifications))*.

## Why is Google Safe Browsing supported and enabled by default?

Please see [our `Safe Browsing` page here](https://gitlab.com/ironfox-oss/IronFox/-/blob/dev/docs/Safe-Browsing.md).

## Why does IronFox crash on GrapheneOS?

On **GrapheneOS**, if the `Dynamic code loading via memory` exploit mitigation is enabled, IronFox might crash on launch with an error, stating `IronFox tried to perform DCL via memory`. Unfortunately, Firefox-based web browsers are currently incompatible with this protection.

If you encounter this issue, you can disable the `Dynamic code loading via memory` exploit mitigation for IronFox, by navigating to IronFox's `App info` *(You can get there by holding IronFox's app icon and selecting `App info`, or by navigating to `Settings` -> `Apps`, and finding + selecting `IronFox`), navigating to `Exploit protection` -> `Dynamic code loading via memory`, and selecting `Allowed`)*.

## Can I use FIDO/U2F/Passkeys?

Yes! While IronFox removes the proprietary [Google Play FIDO library](https://developers.google.com/android/reference/com/google/android/gms/fido/Fido), it replaces it with its FOSS [microG](https://github.com/microg/GmsCore/wiki) equivalent.

In addition to providing support for FIDO/U2F/Passkeys to users with **microG** installed, this can **also** be used **without microG or Google Play Services**, thanks to the excellent, free and open source [`HW Fido2 Provider` app](https://codeberg.org/s1m/hw-fido2-provider).

**NOTE**: After installing `HW Fido2 Provider`, ensure you set it as Android's `Preferred service for passwords, passkeys & autofill` *(On GrapheneOS, this is located at `Settings` -> `Passwords, passkeys & accounts` -> `Preferred service`)*.

## Can I receive push notifications?

Yes! While IronFox removes the proprietary [Google Play Firebase Messaging Library](https://firebase.google.com/docs/cloud-messaging/), it adds support for [UnifiedPush](https://unifiedpush.org/).

To use UnifiedPush, you'll first need to install and set-up a [distributor app](https://unifiedpush.org/users/distributors/) - we recommend [`Sunup`](https://unifiedpush.org/users/distributors/sunup/) for this.

After setting up your distributor, you can enable support for UnifiedPush by selecting the `Use UnifiedPush` option, located under `IronFox` -> `IronFox settings` -> `Miscellaneous` in settings. You should then receive a prompt to restart IronFox; after restarting, you should be ready to go!

**NOTE**: By default, IronFox blocks prompts from websites to enable web notifications. If you'd like to receive notifications from websites, you can re-enable notifications prompts by navigating to `Privacy and security` -> `Site settings` -> `Permissions` -> `Notification` in settings, and selecting `Ask to allow`.

**NOTE**: To receive notifications while IronFox is in the background, [**GrapheneOS** users might unfortunately need to disable the `Dynamic code loading via storage` exploit protection for IronFox](https://gitlab.com/ironfox-oss/IronFox/-/issues/124). You can do this by navigating to IronFox's `App info` *(You can get there by holding IronFox's app icon and selecting `App info`, or by navigating to `Settings` -> `Apps`, and finding + selecting `IronFox`), navigating to `Exploit protection` -> `Dynamic code loading via storage`, and selecting `Allowed`)*.

## Can I use a custom server for Firefox Sync?

Yes. The steps that apply to standard Firefox for Android also apply to IronFox. For details, see [Mozilla's support article here](https://support.mozilla.org/kb/how-set-firefox-sync-firefox-android#w_connect-to-a-self-hosted-mozilla-account-server).

Additionally, to change the endpoint used by sync for add-ons, from [`about:config`](about:config), you can set the value of `webextensions.storage.sync.serverURL` to your desired endpoint.

## Why does IronFox include built-in extensions?

By default, Firefox for Android includes built-in extensions to support certain functionality. These extensions are usually hidden from users, but IronFox displays them and allows users to enable/disable them if desired. This increases transparency, as it allows users to see what extensions are installed and why, it improves control, and it allows users to decrease attack surface and potentially improve performance if desired by disabling unused/unwanted extensions.

Currently, the following extensions are included by default:

- [`Mozilla Android Components - Browser Icons` *(`icons@mozac.org`)*](https://searchfox.org/firefox-main/source/mobile/android/android-components/components/browser/icons/src/main/assets/extensions/browser-icons)
	- Provides support for the display of favicons *(ex. for websites pinned to the homepage)*
- [`Mozilla Android Components - Firefox Accounts WebChannel` *(`fxa@mozac.org`)*](https://searchfox.org/firefox-main/source/mobile/android/android-components/components/feature/accounts/src/main/assets/extensions/fxawebchannel)
	- Provides support for Firefox Sync authentication
- [`Mozilla Android Components - ReaderView` *(`readerview@mozac.org`)*](https://searchfox.org/firefox-main/source/mobile/android/android-components/components/feature/readerview/src/main/assets/extensions/readerview)
	- Provides support for reader mode
- [`Web Compatibility Interventions` *(`webcompat@mozilla.org`)*](https://searchfox.org/firefox-main/source/browser/extensions/webcompat)
	- Provides support for web compatibility fixes from Mozilla *([`about:compat](about:compat))*

## Why are certain preferences locked?

Due to the nature of Fenix *(Firefox for Android)*'s design, Gecko preferences don't quite work the same as they do on Firefox for Desktop/how you may expect.

For background, Firefox for Desktop is very deeply integrated with the Gecko engine. Many Gecko preferences directly control/influence UI behavior and elements, and UI settings/behavior itself also directly influences Gecko preferences/behavior.

For Fenix, this is **not** the case. Gecko is implemented through [the separate `Engine-Gecko` library](https://searchfox.org/firefox-main/source/mobile/android/android-components/components/browser/engine-gecko/README.md), which itself implements [the separate `GeckoView` library](https://mozilla.github.io/geckoview/)... this provides multiple degrees of separation between the browser frontend/UI and the Gecko engine backend.

What this means for users is that while Fenix's UI frontend/UI settings *can*, and often *do*, modify Gecko preferences: this only goes that one way. Gecko preferences are limited to controlling the behavior of the underlying browser engine itself, and they can't directly modify Fenix's behavior like they would on Desktop.

This can be problematic, as it means that Fenix settings can get out of sync with Gecko preferences. For example, from Fenix's UI settings, a user could leave the `Cookie Banner Blocker in private browsing` toggle enabled, while setting the `cookiebanners.service.mode.privateBrowsing` pref from [`about:config`](about:config) to `0` *(Disabled)*. As you might imagine, the Fenix setting and Gecko preference not matching like this can lead to unexpected behavior and bugs/glitches.

Another concern is that Gecko preferences controlled by Fenix settings like this are also *reset* on every browser launch. Back to the previous example: A user might set the `cookiebanners.service.mode.privateBrowsing` pref to `0` from [`about:config`](about:config), and it might look like it works to disable the feature *(like it does on ex. Firefox for Desktop)*. However, unbeknownst to them, if they left the `Cookie Banner Blocker in private browsing` UI setting enabled, the pref would simply reset back to `1` *(Enabled)* the next time they launch the browser, and the feature would remain enabled *(despite them wishing to disable it)*.

It's actually in large part due to these reasons that Mozilla disables access to [`about:config`](about:config) on standard Firefox releases. Of course, we disagree with Mozilla's approach here, and believe that preventing access to [`about:config`](about:config) is an unacceptable compromise for user freedom and control.

So, to mitigate the concerns detailed above, Gecko preferences controlled by UI settings will appear locked in [`about:config`](about:config). **The preferences can still be modified by users**, but this ensures that the prefs are only set by their proper, corresponding UI toggle(s), and it ensures that the Gecko preferences always remain in sync with the frontend/Fenix's settings.

## Will IronFox support "Generative AI"?

**No**, we have no intention of providing support for "Generative AI" features, as we believe they go against our values and provide a worse browsing experience for users.

Thankfully, Mozilla's "Generative AI" features haven't yet made their way to Android. But, if/when they are implemented, we will disable or remove them as applicable.

We are disappointed by Mozilla's focus in this area, and would rather see them focus on [what we feel are more important matters](#arent-firefox-based-browsers-less-secure-than-chromium).

## Why isn't Resist Fingerprinting (RFP) enabled?

[Resist Fingerprinting *(RFP)*](https://support.mozilla.org/kb/resist-fingerprinting) is Firefox's traditional fingerprinting protection, designed and intended for use by [Tor Browser](https://www.torproject.org/).

Unfortunately, due to it's design and intended use case, some of RFP's behavior is known to cause breakage and undesired behavior for users. RFP is also an all-or-nothing package, meaning you are forced to pick between having protection, or **no protection at all**.

Thankfully, for Firefox, Mozilla has recently developed [Suspected Fingerprinters Protection *(FPP)*](https://support.mozilla.org/kb/firefox-protection-against-fingerprinting#w_suspected-fingerprinters). **FPP** is far more flexible than RFP, as it allows users to enable or disable specific protections as needed, globally or on a per-site basis.

Due to RFP's issues, we enable **FPP** instead. Additionally, as Mozilla's default protections for FPP are currently very limited, we use our own [hardened configuration](https://gitlab.com/ironfox-oss/IronFox/-/blob/dev/patches/gecko-overlay/toolkit/components/resistfingerprinting/RFPTargetsDefault.inc) for it. Our hardened configuration is designed to match RFP, but with exceptions to avoid certain behaviors that are known to cause issues and undesired behavior for users. You can see our [`Features` page](https://gitlab.com/ironfox-oss/IronFox/-/blob/dev/docs/Features.md#fingerprinting) for more details.

We also include [a list](https://gitlab.com/ironfox-oss/IronFox/-/blob/dev/patches/gecko-overlay/mobile/android/branding/ironfox/dumps/ironfox-fingerprinting-protection-overrides-unbreak.json) of default overrides to fix breakage or harden protection on a per-site basis. If desired, you can disable our default overrides with the `Enable fingerprinting protection overrides from IronFox` toggle, located under `Settings` -> `IronFox` -> `IronFox settings` -> `Privacy`. Similarly, you can disable Mozilla's default overrides that serve a similar purpose with the `Enable fingerprinting protection overrides from Mozilla` toggle, located under `Settings` -> `IronFox` -> `IronFox settings` -> `Privacy`.

**Due to our use of FPP, and the reasons listed above, RFP is NOT recommended or supported**.

## Why can't I install add-ons/extensions?

By default, due to privacy and security concerns, IronFox disables the installation of add-ons. This has **no** impact on already installed extensions, and updates to those extensions.

To allow the installation of add-ons, **at the cost of security**, you can navigate to `Settings` -> `IronFox` -> `IronFox settings` -> `Security`, and select the option to `Allow installation of add-ons`. **It is recommended to disable this option when you are done installing your desired extension(s)**.

## What add-ons/extensions should I install?

Besides [uBlock Origin](https://addons.mozilla.org/addon/ublock-origin/)? Ideally, **none**.

In general, we highly recommend keeping your installed extensions to a minimum; **only use what you need**. Installing add-ons increases your attack surface, can help aid fingerprinting, degrades performance, and has various other concerns.

For more details, and information on why you don't actually need many of the extensions that you might think you do, take a look at [Arkenfox's `Extensions` wiki page](https://github.com/arkenfox/user.js/wiki/4.1-Extensions).

## Why is IronFox so slow?

By default, in order to improve security, IronFox disables [JavaScript Just-in-time Compilation *(JIT)*](https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/). While this doesn't cause a noticeable difference on most modern devices, depending on your device, this might be what's causing the slowness you're experiencing.

**At the cost of security**, you can re-enable JIT by navigating to `Settings` -> `IronFox` -> `IronFox settings` -> `Security`, and selecting the option to `Enable JavaScript Just-in-time Compilation (JIT)`.

**Alternatively**, you can also try enabling JIT **only** for extensions, by navigating to `Settings` -> `IronFox` -> `IronFox settings` -> `Security`, and selecting the option to `Enable JavaScript Just-in-time Compilation (JIT) for extensions`.

If re-enabling JIT doesn't give you the desired outcome, **at the cost of privacy**, you can re-enable disk cache by navigating to `Settings` -> `IronFox` -> `IronFox settings` -> `Privacy`, and selecting the option to `Enable disk cache`.

If this *still* doesn't give you the desired outcome, please [file an issue](https://gitlab.com/ironfox-oss/IronFox/-/issues) and let us know!

## Why can't I stream certain *(DRM-protected)* content from streaming services (Ex. Amazon Prime Video, Apple TV+, Disney+, HBO Max, Hulu, Netflix, Peacock, Plex, Sling, Spotify, etc?)

IronFox does not support [Encrypted Media Extensions *(EME)*](https://wikipedia.org/wiki/Encrypted_Media_Extensions), due to privacy, security, freedom, and ideological concerns. For more details, see [this article](https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next) from the EFF, as well as [this post](https://celenity.dev/posts/thoughts/drm/).

Unfortunately, certain streaming services *(such as the examples listed above)* arbitrarily prevent IronFox users *(as well as users of other privacy and security-focused projects)* from accessing content, by requiring EME for media playback. **When you encounter an issue due to this, please report this to the website's operator**! Please also [file an issue](https://codeberg.org/celenity/Phoenix/issues/new?template=.github%2fISSUE_TEMPLATE%2fweb-compat.yml), so that we can track/document impacted services.

**At your own risk**, **at the cost of privacy and security**, you can re-enable support for EME with a **not supported**, **not recommended** Gecko preference, by navigating to [`about:config`](about:config), setting `media.eme.enabled` to `true`, and restarting your browser. To play content, you will likely also need to set `media.mediadrm-widevinecdm.visible` to `true`, which enables Google's Widevine Content Decryption Module *(CDM)*, provided by Android's [`MediaDrm` API](https://developer.android.com/reference/android/media/MediaDrm).

## Why are websites displayed in light mode?

By default, to protect against fingerprinting, IronFox sets the preferred website appearance to Light mode.

**At the cost of privacy**, you can change this by navigating to `Settings` -> `IronFox` -> `IronFox settings` -> `Preferred website appearance`, and selecting `Dark` or `Follow browser theme`.

**NOTE**: The **[Dark Reader](https://addons.mozilla.org/addon/darkreader/)** add-on is known to cause severe performance issues on hardened Firefox-based browsers/configurations. Installing Dark Reader also poses privacy and security concerns, as detailed above. Dark Reader should be **AVOIDED** if possible, in favor of the `Preferred website appearance` setting if necessary.

## Why are websites always displayed in English?

By default, to protect against fingerprinting, IronFox spoofs the preferred locale to English *(`en-US`)*.

**At the cost of privacy**, you can change this by navigating to `Settings` -> `IronFox` -> `IronFox settings` -> `Privacy`, and selecting `Request English versions of webpages`.

## How can I allow websites to use WebGL?

By default, IronFox disables WebGL for websites, due to privacy and security concerns.

**At the cost of privacy and security**, you can re-enable WebGL on a per-site basis by setting the value of `privacy.fingerprintingProtection.granularOverrides` at [`about:config`](about:config) to `[{"firstPartyDomain":"example.com","overrides":"-DisableWebGL"}]`, replacing `example.com` with the base domain of the website you'd like to enable WebGL for.

If desired, **at the cost of privacy and security**, you can re-enable WebGL for *all* websites with the `Disable WebGL` toggle, located under `Settings` -> `IronFox` -> `IronFox settings` -> `Privacy and security`.

Note that when WebGL is disabled, by default, we re-enable it for [certain websites](https://gitlab.com/ironfox-oss/IronFox/-/blob/dev/patches/gecko-overlay/mobile/android/branding/ironfox/dumps/ironfox-fingerprinting-protection-overrides-unbreak-webgl.json) to avoid breakage and unwanted/unexpected behavior. If desired, you can disable our default overrides with the `Enable WebGL overrides from IronFox` toggle, located under `Settings` -> `IronFox` -> `IronFox settings` -> `Privacy and security`.

**Please [file an issue](https://gitlab.com/ironfox-oss/IronFox/-/issues) when you encounter breakage related to this, so that we can track/document the issue, and potentially add the site to [our list](https://gitlab.com/ironfox-oss/IronFox/-/blob/dev/patches/gecko-overlay/mobile/android/branding/ironfox/dumps/ironfox-fingerprinting-protection-overrides-unbreak-webgl.json) of default overrides**.

## If timezone spoofing is enabled, how can I allow certain websites to access my real timezone?

To protect against fingerprinting, IronFox offers a setting to spoof the system's timezone to `UTC-0`, located at `Settings` -> `IronFox` -> `IronFox settings` -> `Privacy` -> `Spoof timezone to UTC-0`.

**At the cost of privacy**, when timezone spoofing is enabled, you can disable it on a per-site basis by setting the value of `privacy.fingerprintingProtection.granularOverrides` at [`about:config`](about:config) to `[{"firstPartyDomain":"example.com","overrides":"-JSDateTimeUTC"}]`, replacing `example.com` with the base domain of the website you'd like to disable timezone spoofing for.

Note that when timezone spoofing is enabled, by default, we re-enable it for [certain websites](https://gitlab.com/ironfox-oss/IronFox/-/blob/dev/patches/gecko-overlay/mobile/android/branding/ironfox/dumps/ironfox-fingerprinting-protection-overrides-unbreak-timezone.json) to avoid breakage and unwanted/unexpected behavior. If desired, you can disable our default overrides with the `Enable timezone spoofing overrides from IronFox` toggle, located under `Settings` -> `IronFox` -> `IronFox settings` -> `Privacy`.

**Please [file an issue](https://codeberg.org/celenity/Phoenix/issues/new?template=.github%2fISSUE_TEMPLATE%2fweb-compat.yml) when you encounter breakage related to this, so that we can track/document the issue, and potentially add the site to [our list](https://gitlab.com/ironfox-oss/IronFox/-/blob/dev/patches/gecko-overlay/mobile/android/branding/ironfox/dumps/ironfox-fingerprinting-protection-overrides-unbreak-timezone.json) of default overrides**.

## Why do some fonts display incorrectly?

By default, to protect against fingerprinting, IronFox restricts the visibility of fonts exposed to websites. Unfortunately, this is known to [cause issues with displaying certain text in Korean](https://gitlab.com/ironfox-oss/IronFox/-/issues/31).

**At the cost of privacy**, if you encounter this issue, you can disable this protection globally by setting the value of `privacy.fingerprintingProtection.overrides` at [`about:config`](about:config) to `-FontVisibilityBaseSystem`. You can also disable this protection on a per-site basis by setting the value of `privacy.fingerprintingProtection.granularOverrides` at [`about:config`](about:config) to `[{"firstPartyDomain":"example.com","overrides":"-FontVisibilityBaseSystem"}]`, replacing `example.com` with the base domain of the website you'd like to disable this protection for.

## Why can't I see emojis?

By default, to protect against fingerprinting, IronFox restricts the visibility of fonts exposed to websites. Unfortunately, this is known to break the display of emojis *(See [a testing page here](https://tmh.conlang.org/emoji-language/all-emoji.html))* for users on **Android 10** or lower.

If you encounter this issue, please upgrade to a newer version of Android as soon as possible ;)... but, for a work-around, **at the cost of privacy**, you can disable this protection globally by setting the value of `privacy.fingerprintingProtection.overrides` at [`about:config`](about:config) to `-FontVisibilityBaseSystem,-FontVisibilityLangPack`. You can also disable this protection on a per-site basis by setting the value of `privacy.fingerprintingProtection.granularOverrides` at [`about:config`](about:config) to `[{"firstPartyDomain":"example.com","overrides":"-FontVisibilityBaseSystem,-FontVisibilityLangPack"}]`, replacing `example.com` with the base domain of the website you'd like to disable this protection for.

## Why doesn't this website work?

For background, IronFox uses configs from **[Phoenix](https://phoenix.celenity.dev)** to harden and configure Gecko's preferences and underlying behavior. While it is both the goal of IronFox *and* Phoenix to provide users with a balance between strong privacy and security, while also preventing breakage where possible and preserving compatibility with websites, you may occasionally encounter issues.

As these issues generally stem from Gecko, **unless you're confident that the issue is caused by a IronFox-specific change**, please report the issue on [Phoenix's issue tracker](https://codeberg.org/celenity/Phoenix/issues/new?template=.github%2fISSUE_TEMPLATE%2fweb-compat.yml). A notable exception to this is issues caused by **WebGL** being disabled; these *are* caused by IronFox-specific changes, so should be reported with the IronFox issue tracker.

**If you're confident that the change is IronFox-specific**, please report the issue on [our issue tracker](https://gitlab.com/ironfox-oss/IronFox/-/issues) instead.

**Regardless of whether you're using Phoenix or IronFox's issue tracker**, please do the following before opening an issue:

- **Confirm that the website/issue is not already listed on [Phoenix's `Website Compatibility` page](https://phoenix.celenity.dev/compat)**
- **Ensure that IronFox is up-to-date, and confirm that the issue occurs on the latest release**
- **Verify that the issue does NOT occur on the latest release of vanilla Firefox from Mozilla** - *you can find [the latest `.apk`s here](https://ftp.mozilla.org/pub/fenix/releases/) - just find the version that corresponds to the version of IronFox you're using, this can be found by navigating to `Settings` -> `About` -> `About IronFox`*
- **If possible, please check if the issue occurs on a clean install of IronFox, without changing any settings** - *you can do this without impacting your current installation by using Android's [`Private Space`](https://source.android.com/docs/security/features/private-space) feature, or with [the Shelter app](https://github.com/PeterCxy/Shelter) if you're not on Android 15 or newer*