440d5482a1
ironfox-oss/IronFox!109 ____ ## Changes - [Added missing Gecko icons/branding assets](90e371ec7c). - Added a toggle in settings that forces the browser to *always* use private mode *(similar to Firefox on Desktop)*. The setting is *disabled* by default, and is located at `Settings` -> `IronFox` -> `IronFox settings` -> `Privacy` -> **`Always use private browsing`**. - [Disabled Mozilla's new `Unified Trust Panel` by default](2eaa0c7c9a), as it prevents users from being able to control the cookie banner blocker on a per-site basis. - [Enabled Mozilla's new redesign for private browsing mode](43661d10a7) by default. - Fixed [an issue with `BankID` authentication](https://gitlab.com/ironfox-oss/IronFox/-/issues/213) on certain websites *(Thanks to [rajtsic](https://gitlab.com/rajtsic)!)*. - [Removed Mozilla's new `Clear Key` CDM](f9a0a07793). - Updated cbindgen to [`0.29.2`](https://docs.rs/crate/cbindgen/0.29.2). - Updated to Firefox [`146.0`](https://firefox.com/firefox/android/146.0/releasenotes/). - [Various tweaks to improve and refine the build process, as well as other minor changes, tweaks, and fixes](https://gitlab.com/ironfox-oss/IronFox/-/merge_requests/109/diffs). MR-author: celenity <celenity@celenity.dev> Co-authored-by: Weblate <hosted@weblate.org> Co-authored-by: techaddict <20232669-techaddict@users.noreply.gitlab.com> Co-authored-by: user <user@localhost.localdomain> Co-authored-by: Akash Yadav <itsaky01@gmail.com> Approved-by: Akash Yadav <itsaky01@gmail.com> Merged-by: celenity <celenity@celenity.dev>
16 KiB
Network Connections
This page serves to document connections commonly made by IronFox. It will explain the purpose of each connection, what data is shared, and how to disable (or override if applicable) the connection if desired.
Default
These connections are made by default, out of the box.
Add-on Updates
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=2&*
If you install add-ons from outside of the AMO (addons.mozilla.org), you may notice additional connections to other servers as part of this functionality (as specified by the extension(s) you install).
Operator: Mozilla - Privacy policy
Purpose: Downloads updates for installed extensions and themes.
Type(s) of data shared: Identifiers of installed add-ons, Current versions of installed add-ons, Browser version, User Agent, public IP address.
How often the connection occurs: Hourly (extensions.update.interval).
Control: You can disable add-on updates globally by setting extensions.update.enabled to false at about:config.
You can also disable updates for individual add-ons by setting extensions.{GUID}.update.enabled to false at about:config, replacing {GUID} with the ID of your desired add-on (IDs of your installed extensions can be found at about:support). For example: if I wanted to disable updates for uBlock Origin, I would set extensions.uBlock0@raymondhill.net.update.enabled to false.
Note that disabling add-on updates is NOT recommended.
Autograph
https://content-signature-2.cdn.mozilla.net/g/chains/*
Operator: Mozilla - Privacy policy
Purpose: Provides signing/verification for various functionality, including: content signatures, and extension signing (1, 2).
Type(s) of data shared: User Agent, public IP address.
How often the connection occurs: Every browser launch, and periodically after.
Control: This request can be disabled by appending ,content-signature-2.cdn.mozilla.net to the value of network.dns.localDomains at about:config (or by blocking content-signature-2.cdn.mozilla.net on the network level); though it is NOT recommended to disable or block this connection.
DNS over HTTPS
https://dns.quad9.net/dns-query
Operator: Quad9 - Privacy policy
Purpose: Provides encrypted domain name resolution.
Type(s) of data shared: Domain names of servers you connect to, User Agent, public IP address.
How often the connection occurs: Every time you connect to a domain.
Control: You can change DNS providers by navigating to Privacy and security -> DNS over HTTPS in settings. Under Max Protection (or your chosen mode)-> Choose provider:, you can either select one of our presets:
- AdGuard -
https://dns.adguard-dns.com/dns-query- Privacy policy - AdGuard (Unfiltered) -
https://unfiltered.adguard-dns.com/dns-query- Privacy policy - Cloudflare -
https://mozilla.cloudflare-dns.com/dns-query- Privacy policy - Cloudflare (Malware Protection) -
https://security.cloudflare-dns.com/dns-query- Privacy policy - DNS4EU (Ad Blocking) -
https://noads.joindns4.eu/dns-query- Privacy policy - DNS4EU (Protective) -
https://protective.joindns4.eu/dns-query- Privacy policy - DNS4EU (Unfiltered) -
https://unfiltered.joindns4.eu/dns-query- Privacy policy - Mullvad (Base) -
https://base.dns.mullvad.net/dns-query- Privacy policy - Mullvad (Unfiltered) -
https://dns.mullvad.net/dns-query- Privacy policy - NextDNS -
https://firefox.dns.nextdns.io/- Privacy policy - Wikimedia -
https://wikimedia-dns.org/dns-query- Privacy policy
Or you can add your own provider by selecting Custom, and entering your desired URL.
You can also set DNS over HTTPS to use your system's DNS resolver, by selecting Default Protection from the same screen.
Initial add-on installation
https://addons.mozilla.org/firefox/downloads/latest/uBlock0@raymondhill.net/latest.xpi
Operator: Mozilla - Privacy policy
Purpose: Downloads and installs the uBlock Origin extensions.
Type(s) of data shared: User Agent, public IP address.
How often the connection occurs: Once, on initial set-up.
Control: Uncheck the box to install uBlock Origin on the onboarding if desired, though doing so is NOT recommended.
Push Service
wss://push.services.mozilla.com/
Operator: Mozilla - Privacy policy
Purpose: Provides support for web push notifications and Remote Settings.
Type(s) of data shared: Random identifier (dom.push.userAgentID), User Agent, public IP address.
How often the connection occurs: Every browser launch, and periodically after.
Control: You can disable this functionality by setting the following preferences at about:config:
dom.push.connection.enabled->falsedom.push.userAgentID->
Note that disabling this feature is NOT recommended.
Remote Settings
https://firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/*https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/*https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=*https://firefox.settings.services.mozilla.com/v1/buckets/security-state/collections/*https://firefox-settings-attachments.cdn.mozilla.net/bundles/security-state--intermediates.ziphttps://firefox-settings-attachments.cdn.mozilla.net/bundles/startup.json.mozlz4https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/tracking-protection-lists/*https://firefox-settings-attachments.cdn.mozilla.net/security-state-staging/cert-revocations/*
Operator: Mozilla - Privacy policy
Purpose: Downloads configurations and databases for various functionality, including: Add-on blocklists, Certificate Revocations, Certificate Transparency logs, Intermediate Certificates, Tracking Protection lists, Translation models, etc.
Type(s) of data shared: User Agent, public IP address.
How often the connection occurs: Hourly (services.settings.poll_interval).
Control: This functionality can be disabled globally by setting browser.ironfox.services.settings.allowedCollections to at about:config, though it is NOT recommended to disable this feature.
You can also disable certain individual parts of this functionality if desired by setting the following preferences at about:config:
- Add-on blocklists:
extensions.blocklist.enabled->false - CRLite filters:
security.remote_settings.crlite_filters.enabled->false - Intermediate certificate downloads:
security.remote_settings.intermediates.enabled->false - Tracking blocklists:
browser.safebrowsing.provider.mozilla.lists->disabled
Note that disabling this functionality is NOT recommended.
Safe Browsing
https://safebrowsing.ironfoxoss.org/v4/fullHashes:find?$ct=application/x-protobuf&*https://safebrowsing.ironfoxoss.org/v4/threatListUpdates:fetch?$ct=application/x-protobuf&*https://safebrowsing.ironfoxoss.org/v5/hashes:search?*https://safebrowsing.ironfoxoss.org/v5/hashLists:batchGet?*
Operator: IronFox OSS - Privacy policy
Purpose: Provides real-time protection against malware and phishing (Proxies https://safebrowsing.googleapis.com).
Type(s) of data shared: Partial URL hashes upon potential matches, User Agent, public IP address.
How often the connection occurs: Every browser launch, and every 30 minutes after.
Control: See our Safe Browsing page for more details, including how to disable Safe Browsing or change providers if desired. Note that disabling Safe Browsing is NOT recommended.
System Add-on Updates
https://archive.mozilla.org/pub/system-addons/*https://aus5.mozilla.org/update/3/SystemAddons/*
Operator: Mozilla - Privacy policy
Purpose: Downloads and updates system add-ons.
Type(s) of data shared: Browser version, locale, OS, OS architecture, OS version, User Agent, public IP address.
How often the connection occurs: Hourly.
Control: You can disable this functionality by setting extensions.systemAddon.update.enabled to false at about:config; though this is NOT recommended.
uBlock Origin
https://cdn.jsdelivr.net/gh/uBlockOrigin/uAssetsCDN@main/*- Privacy Policyhttps://cdn.statically.io/gh/uBlockOrigin/uAssetsCDN/main/*- Privacy Policyhttps://filters.adtidy.org/extension/ublock/filters/*- Privacy Policyhttps://gitlab.com/celenityy/BadBlock/-/raw/*- Privacy Policyhttps://gitlab.com/celenityy/Phoenix/-/raw/*- Privacy Policyhttps://gitlab.com/DandelionSprout/adfilt/-/raw/master/*- Privacy Policyhttps://gitlab.com/hagezi/mirror/-/raw/main/dns-blocklists/adblock/*- Privacy Policyhttps://malware-filter.gitlab.io/urlhaus-filter/urlhaus-filter-ag-online.txt- Privacy Policyhttps://malware-filter.pages.dev/urlhaus-filter-ag-online.txt- Privacy Policyhttps://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=1&mimetype=plaintexthttps://publicsuffix.org/list/public_suffix_list.dat- Privacy policyhttps://raw.githubusercontent.com/fmhy/FMHYFilterlist/main/filterlist-basic.txt- Privacy Policyhttps://raw.githubusercontent.com/yokoffing/filterlists/main/*- Privacy Policyhttps://secure.fanboy.co.nz/*https://someonewhocares.org/hosts/hostshttps://ublockorigin.github.io/uAssets/*- Privacy Policyhttps://ublockorigin.github.io/uAssetsCDN/*- Privacy Policyhttps://ublockorigin.pages.dev/*- Privacy Policy
Purpose: Downloads and updates for filterlists and other resources in uBlock Origin.
Type(s) of data shared: User Agent, public IP address.
How often the connection occurs: Periodically.
Control: You can disable uBlock Origin by navigating to Advanced -> Extensions -> uBlock Origin in settings, and selecting Enabled. You can also uninstall uBlock Origin entirely from the same screen, by selecting Remove; though disabling or uninstalling uBlock Origin is NOT recommended.
Additional
The following are optional, non-standard connections that IronFox might make, depending on the features you decide to use.
Geolocation
https://api.beacondb.net/v1/geolocate
Operator: BeaconDB - Privacy policy
Purpose: Serves as a fallback to provide geolocation when the system's provider is unavailable.
Type(s) of data shared: Strength and general information of nearby cellular towards and Wi-Fi networks (if available/supported), User Agent, public IP address.
How often the connection occurs: When/if you grant a website permission to access your location and if your system's geolocation provider is unavailable.
Control: You can simply choose not to grant websites permission to access your location, or you can disable the network geolocation provider entirely by setting geo.provider.network.url to at about:config; though doing so may cause issues with geolocation if your system's geolocation provider is unavailable.
Alternatively, you can change the network geolocation provider if desired by setting the value of geo.provider.network.url to your preferred URL at about:config.