mirror/IronFox
1
0
Fork 0
mirror of https://github.com/ironfox-oss/IronFox.git synced 2025-12-23 22:30:03 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
dev
IronFox/docs/Network-Connections.md
celenity 440d5482a1 IronFox v146.0 
ironfox-oss/IronFox!109
____

## Changes

- [Added missing Gecko icons/branding assets](90e371ec7c).
- Added a toggle in settings that forces the browser to *always* use private mode *(similar to Firefox on Desktop)*. The setting is *disabled* by default, and is located at `Settings` -> `IronFox` -> `IronFox settings` -> `Privacy` -> **`Always use private browsing`**.
- [Disabled Mozilla's new `Unified Trust Panel` by default](2eaa0c7c9a), as it prevents users from being able to control the cookie banner blocker on a per-site basis.
- [Enabled Mozilla's new redesign for private browsing mode](43661d10a7) by default.
- Fixed [an issue with `BankID` authentication](https://gitlab.com/ironfox-oss/IronFox/-/issues/213) on certain websites *(Thanks to [rajtsic](https://gitlab.com/rajtsic)!)*.
- [Removed Mozilla's new `Clear Key` CDM](f9a0a07793).
- Updated cbindgen to [`0.29.2`](https://docs.rs/crate/cbindgen/0.29.2).
- Updated to Firefox [`146.0`](https://firefox.com/firefox/android/146.0/releasenotes/).
- [Various tweaks to improve and refine the build process, as well as other minor changes, tweaks, and fixes](https://gitlab.com/ironfox-oss/IronFox/-/merge_requests/109/diffs).

MR-author: celenity <celenity@celenity.dev>
Co-authored-by: Weblate <hosted@weblate.org>
Co-authored-by: techaddict <20232669-techaddict@users.noreply.gitlab.com>
Co-authored-by: user <user@localhost.localdomain>
Co-authored-by: Akash Yadav <itsaky01@gmail.com>
Approved-by: Akash Yadav <itsaky01@gmail.com>
Merged-by: celenity <celenity@celenity.dev>
2025-12-10 19:08:11 +00:00

216 lines
16 KiB
Markdown
Raw Permalink Blame History

# Network Connections
This page serves to document connections commonly made by IronFox. It will explain the purpose of each connection, what data is shared, and how to disable *(or override if applicable)* the connection if desired.
## Default
These connections are made **by default**, out of the box.
### [Add-on Updates](https://blog.mozilla.org/addons/how-to-turn-off-add-on-updates/)
- `https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=2&*`
If you install add-ons from outside of the AMO *(`addons.mozilla.org`)*, you may notice additional connections to other servers as part of this functionality *(as specified by the extension(s) you install)*.
**Operator**: [Mozilla](https://www.mozilla.org/) - *[Privacy policy](https://www.mozilla.org/privacy/)*
**Purpose**: Downloads updates for installed extensions and themes.
**Type(s) of data shared**: Identifiers of installed add-ons, Current versions of installed add-ons, Browser version, User Agent, public IP address.
**How often the connection occurs**: Hourly *(`extensions.update.interval`)*.
**Control**: You can disable add-on updates globally by setting `extensions.update.enabled` to `false` at [`about:config`](about:config).
You can also disable updates for individual add-ons by setting `extensions.{GUID}.update.enabled` to `false` at [`about:config`](about:config), replacing `{GUID}` with the ID of your desired add-on *(IDs of your installed extensions can be found at [`about:support`](about:support))*. **For example**: if I wanted to disable updates for uBlock Origin, I would set `extensions.uBlock0@raymondhill.net.update.enabled` to `false`.
Note that disabling add-on updates is **NOT** recommended.
### [Autograph](https://github.com/mozilla-services/autograph)
- `https://content-signature-2.cdn.mozilla.net/g/chains/*`
**Operator**: [Mozilla](https://www.mozilla.org/) - *[Privacy policy](https://www.mozilla.org/privacy/)*
**Purpose**: Provides signing/verification for various functionality, including: [content signatures](https://github.com/mozilla-services/autograph/blob/main/signer/contentsignaturepki/README.md), and extension signing *([1](https://github.com/mozilla-services/autograph/blob/main/signer/xpi/README.md), [2](https://wiki.mozilla.org/Add-ons/Extension_Signing))*.
**Type(s) of data shared**: User Agent, public IP address.
**How often the connection occurs**: Every browser launch, and periodically after.
**Control**: This request can be disabled by appending `,content-signature-2.cdn.mozilla.net` to the value of `network.dns.localDomains` at [`about:config`](about:config) *(or by blocking `content-signature-2.cdn.mozilla.net` on the network level)*; though it is **NOT** recommended to disable or block this connection.
### [DNS over HTTPS](https://wikipedia.org/wiki/DNS_over_HTTPS)
- `https://dns.quad9.net/dns-query`
**Operator**: [Quad9](https://quad9.net/) - *[Privacy policy](https://quad9.net/privacy/policy/)*
**Purpose**: Provides encrypted domain name resolution.
**Type(s) of data shared**: Domain names of servers you connect to, User Agent, public IP address.
**How often the connection occurs**: Every time you connect to a domain.
**Control**: You can change DNS providers by navigating to `Privacy and security` -> `DNS over HTTPS` in settings. Under `Max Protection` *(or your chosen mode)*-> `Choose provider:`, you can either select one of our presets:
- **AdGuard** - `https://dns.adguard-dns.com/dns-query` - *[Privacy policy](https://adguard.com/privacy.html)*
- **AdGuard (Unfiltered)** - `https://unfiltered.adguard-dns.com/dns-query` - *[Privacy policy](https://adguard.com/privacy.html)*
- **Cloudflare** - `https://mozilla.cloudflare-dns.com/dns-query` - *[Privacy policy](https://developers.cloudflare.com/1.1.1.1/privacy/cloudflare-resolver-firefox/)*
- **Cloudflare (Malware Protection)** - `https://security.cloudflare-dns.com/dns-query` - *[Privacy policy](https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/)*
- **DNS4EU (Ad Blocking)** - `https://noads.joindns4.eu/dns-query` - *[Privacy policy](https://www.joindns4.eu/privacy-policy)*
- **DNS4EU (Protective)** - `https://protective.joindns4.eu/dns-query` - *[Privacy policy](https://www.joindns4.eu/privacy-policy)*
- **DNS4EU (Unfiltered)** - `https://unfiltered.joindns4.eu/dns-query` - *[Privacy policy](https://www.joindns4.eu/privacy-policy)*
- **Mullvad (Base)** - `https://base.dns.mullvad.net/dns-query` - *[Privacy policy](https://mullvad.net/help/privacy-policy)*
- **Mullvad (Unfiltered)** - `https://dns.mullvad.net/dns-query` - *[Privacy policy](https://mullvad.net/help/privacy-policy)*
- **NextDNS** - `https://firefox.dns.nextdns.io/` - *[Privacy policy](https://nextdns.io/privacy)*
- **Wikimedia** - `https://wikimedia-dns.org/dns-query` - *[Privacy policy](https://meta.wikimedia.org/wiki/Wikimedia_DNS#Privacy_policy)*
**Or** you can add your own provider by selecting `Custom`, and entering your desired URL.
You can also set DNS over HTTPS to use your system's DNS resolver, by selecting `Default Protection` from the same screen.
### Initial add-on installation
- `https://addons.mozilla.org/firefox/downloads/latest/uBlock0@raymondhill.net/latest.xpi`
**Operator**: [Mozilla](https://www.mozilla.org/) - *[Privacy policy](https://www.mozilla.org/privacy/)*
**Purpose**: Downloads and installs the [uBlock Origin](https://addons.mozilla.org/addon/ublock-origin/) extensions.
**Type(s) of data shared**: User Agent, public IP address.
**How often the connection occurs**: Once, on initial set-up.
**Control**: Uncheck the box to install uBlock Origin on the onboarding if desired, though doing so is **NOT** recommended.
### [Push Service](https://mozilla-push-service.readthedocs.io/en/latest/)
- `wss://push.services.mozilla.com/`
**Operator**: [Mozilla](https://www.mozilla.org/) - *[Privacy policy](https://www.mozilla.org/privacy/)*
**Purpose**: Provides support for [web push notifications](https://support.mozilla.org/kb/push-notifications-firefox) and [Remote Settings](https://searchfox.org/mozilla-central/rev/97feebcab27f1a92e70ceacaa77211e9eaba0e6e/services/settings/remote-settings.sys.mjs#593-609).
**Type(s) of data shared**: Random identifier *(`dom.push.userAgentID`)*, User Agent, public IP address.
**How often the connection occurs**: Every browser launch, and periodically after.
**Control**: You can disable this functionality by setting the following preferences at [`about:config`](about:config):
- `dom.push.connection.enabled` -> `false`
- `dom.push.userAgentID` -> ` `
Note that disabling this feature is **NOT** recommended.
### [Remote Settings](https://remote-settings.readthedocs.io/en/latest/)
- `https://firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/*`
- `https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/*`
- `https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=*`
- `https://firefox.settings.services.mozilla.com/v1/buckets/security-state/collections/*`
- `https://firefox-settings-attachments.cdn.mozilla.net/bundles/security-state--intermediates.zip`
- `https://firefox-settings-attachments.cdn.mozilla.net/bundles/startup.json.mozlz4`
- `https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/tracking-protection-lists/*`
- `https://firefox-settings-attachments.cdn.mozilla.net/security-state-staging/cert-revocations/*`
**Operator**: [Mozilla](https://www.mozilla.org/) - *[Privacy policy](https://www.mozilla.org/privacy/)*
**Purpose**: Downloads configurations and databases for [various functionality](https://mozilla-services.github.io/remote-settings-permissions/), including: [Add-on blocklists](https://firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/addons-bloomfilters/changeset?_expected=0), [Certificate Revocations](https://firefox.settings.services.mozilla.com/v1/buckets/security-state/collections/cert-revocations/changeset?_expected=0), [Certificate Transparency logs](https://firefox.settings.services.mozilla.com/v1/buckets/security-state/collections/ct-logs/changeset?_expected=0), [Intermediate Certificates](https://firefox.settings.services.mozilla.com/v1/buckets/security-state/collections/intermediates/changeset?_expected=0), [Tracking Protection lists](https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/tracking-protection-lists/changeset?_expected=0), [Translation models](https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/translations-models/changeset?_expected=0), etc.
**Type(s) of data shared**: User Agent, public IP address.
**How often the connection occurs**: Hourly *(`services.settings.poll_interval`)*.
**Control**: This functionality can be disabled globally by setting `browser.ironfox.services.settings.allowedCollections` to ` ` at [`about:config`](about:config), though it is **NOT** recommended to disable this feature.
You can also disable certain individual parts of this functionality if desired by setting the following preferences at [`about:config`](about:config):
- **[Add-on blocklists](https://support.mozilla.org/kb/add-ons-cause-issues-are-on-blocklist)**: `extensions.blocklist.enabled` -> `false`
- **[CRLite](https://blog.mozilla.org/security/2020/01/09/crlite-part-1-all-web-pki-revocations-compressed/) filters**: `security.remote_settings.crlite_filters.enabled` -> `false`
- **[Intermediate certificate](https://support.globalsign.com/ca-certificates/intermediate-certificates/overview-intermediate-certificates) downloads**: `security.remote_settings.intermediates.enabled` -> `false`
- **[Tracking blocklists](https://support.mozilla.org/kb/trackers-and-scripts-firefox-blocks-enhanced-track)**: `browser.safebrowsing.provider.mozilla.lists` -> `disabled`
Note that disabling this functionality is **NOT** recommended.
### [Safe Browsing](https://support.mozilla.org/kb/how-does-phishing-and-malware-protection-work)
- `https://safebrowsing.ironfoxoss.org/v4/fullHashes:find?$ct=application/x-protobuf&*`
- `https://safebrowsing.ironfoxoss.org/v4/threatListUpdates:fetch?$ct=application/x-protobuf&*`
- `https://safebrowsing.ironfoxoss.org/v5/hashes:search?*`
- `https://safebrowsing.ironfoxoss.org/v5/hashLists:batchGet?*`
**Operator**: [IronFox OSS](https://ironfoxoss.org/) - *[Privacy policy](https://codeberg.org/celenity/Phoenix/wiki/Transparency#google-safe-browsing)*
**Purpose**: Provides real-time protection against malware and phishing *([Proxies `https://safebrowsing.googleapis.com`](https://gitlab.com/ironfox-oss/safebrowsing-proxy))*.
**Type(s) of data shared**: [Partial URL hashes upon potential matches](https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/), User Agent, public IP address.
**How often the connection occurs**: Every browser launch, and every 30 minutes after.
**Control**: See [our `Safe Browsing` page](https://gitlab.com/ironfox-oss/IronFox/-/blob/dev/docs/Safe-Browsing.md) for more details, including how to disable Safe Browsing or change providers if desired. Note that disabling Safe Browsing is **NOT** recommended.
### [System Add-on Updates](https://firefox-source-docs.mozilla.org/toolkit/mozapps/extensions/addon-manager/SystemAddons.html#system-add-on-updates)
- `https://archive.mozilla.org/pub/system-addons/*`
- `https://aus5.mozilla.org/update/3/SystemAddons/*`
**Operator**: [Mozilla](https://www.mozilla.org/) - *[Privacy policy](https://www.mozilla.org/privacy/)*
**Purpose**: Downloads and updates [system add-ons](https://firefox-source-docs.mozilla.org/toolkit/mozapps/extensions/addon-manager/SystemAddons.html).
**Type(s) of data shared**: Browser version, locale, OS, OS architecture, OS version, User Agent, public IP address.
**How often the connection occurs**: Hourly.
**Control**: You can disable this functionality by setting `extensions.systemAddon.update.enabled` to `false` at [`about:config`](about:config); though this is **NOT** recommended.
### uBlock Origin
- `https://cdn.jsdelivr.net/gh/uBlockOrigin/uAssetsCDN@main/*` - *[Privacy Policy](https://www.jsdelivr.com/terms/privacy-policy)*
- `https://cdn.statically.io/gh/uBlockOrigin/uAssetsCDN/main/*` - *[Privacy Policy](https://statically.io/policies/privacy/)*
- `https://filters.adtidy.org/extension/ublock/filters/*` - *[Privacy Policy](https://adguard.com/privacy.html)*
- `https://gitlab.com/celenityy/BadBlock/-/raw/*` - *[Privacy Policy](https://about.gitlab.com/privacy/)*
- `https://gitlab.com/celenityy/Phoenix/-/raw/*` - *[Privacy Policy](https://about.gitlab.com/privacy/)*
- `https://gitlab.com/DandelionSprout/adfilt/-/raw/master/*` - *[Privacy Policy](https://about.gitlab.com/privacy/)*
- `https://gitlab.com/hagezi/mirror/-/raw/main/dns-blocklists/adblock/*` - *[Privacy Policy](https://about.gitlab.com/privacy/)*
- `https://malware-filter.gitlab.io/urlhaus-filter/urlhaus-filter-ag-online.txt` - *[Privacy Policy](https://about.gitlab.com/privacy/)*
- `https://malware-filter.pages.dev/urlhaus-filter-ag-online.txt` - *[Privacy Policy](https://www.cloudflare.com/privacypolicy/)*
- `https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=1&mimetype=plaintext`
- `https://publicsuffix.org/list/public_suffix_list.dat` - *[Privacy policy](https://www.mozilla.org/privacy/)*
- `https://raw.githubusercontent.com/fmhy/FMHYFilterlist/main/filterlist-basic.txt` - *[Privacy Policy](https://docs.github.com/site-policy/privacy-policies/github-general-privacy-statement)*
- `https://raw.githubusercontent.com/yokoffing/filterlists/main/*` - *[Privacy Policy](https://docs.github.com/site-policy/privacy-policies/github-general-privacy-statement)*
- `https://secure.fanboy.co.nz/*`
- `https://someonewhocares.org/hosts/hosts`
- `https://ublockorigin.github.io/uAssets/*` - *[Privacy Policy](https://docs.github.com/site-policy/privacy-policies/github-general-privacy-statement)*
- `https://ublockorigin.github.io/uAssetsCDN/*` - *[Privacy Policy](https://docs.github.com/site-policy/privacy-policies/github-general-privacy-statement)*
- `https://ublockorigin.pages.dev/*` - *[Privacy Policy](https://www.cloudflare.com/privacypolicy/)*
**Purpose**: Downloads and updates for filterlists and other resources in uBlock Origin.
**Type(s) of data shared**: User Agent, public IP address.
**How often the connection occurs**: Periodically.
**Control**: You can disable uBlock Origin by navigating to `Advanced` -> `Extensions` -> `uBlock Origin` in settings, and selecting `Enabled`. You can also uninstall uBlock Origin entirely from the same screen, by selecting `Remove`; though disabling or uninstalling uBlock Origin is **NOT** recommended.
## Additional
The following are **optional**, **non-standard** connections that IronFox might make, depending on the features you decide to use.
### [Geolocation](https://support.mozilla.org/kb/does-firefox-share-my-location-websites)
- `https://api.beacondb.net/v1/geolocate`
**Operator**: [BeaconDB](https://beacondb.net/) - *[Privacy policy](https://beacondb.net/privacy/)*
**Purpose**: Serves as a fallback to provide geolocation when the system's provider is unavailable.
**Type(s) of data shared**: Strength and general information of nearby cellular towards and Wi-Fi networks *(if available/supported)*, User Agent, public IP address.
**How often the connection occurs**: When/if you grant a website permission to access your location **and** if your system's geolocation provider is unavailable.
**Control**: You can simply choose not to grant websites permission to access your location, **or** you can disable the network geolocation provider entirely by setting `geo.provider.network.url` to ` ` at [`about:config`](about:config); though doing so may cause issues with geolocation if your system's geolocation provider is unavailable.
Alternatively, you can change the network geolocation provider if desired by setting the value of `geo.provider.network.url` to your preferred URL at [`about:config`](about:config).
Reference in New Issue View Git Blame Copy Permalink