mirror/IronFox
1
0
Fork 0
mirror of https://github.com/ironfox-oss/IronFox.git synced 2025-12-24 06:40:28 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
python-build-system
IronFox/docs/FAQ.md

33 KiB
Raw Permalink Blame History

Frequently Asked Questions

How can I download IronFox?

You can currently download IronFox from Accrescent, from our F-Droid repository, or directly from our GitLab releases.

Why isn't IronFox available on F-Droid?

We currently do not support IronFox's inclusion in F-Droid's official repository, due to what we feel are significant privacy and security concerns. For more details, you can read our issue where this was discussed here.

We'd also recommend checking out this article from privacy and security researchers, this post from the developer of WireGuard, and this thread from GrapheneOS.

While we do provide our own F-Droid repository for those who insist on using F-Droid, F-Droid's client isn't without its own privacy and security issues (notably: not properly notifying users of updates...).

For those who do use F-Droid to install and update IronFox, we would recommend using F-Droid Basic as your preferred client of choice, as it is more secure than the standard F-Droid client, due to its reduced feature-set.

How can I download Nightly builds?

IronFox Nightly builds are builds of IronFox that are automatically generated from our GitLab CI. These builds are bleeding edge, and contain the latest changes as we add them. These builds can be installed alongside your main/existing IronFox install.

When reporting an issue, we'll likely direct you to install and attempt to reproduce the issue on the latest Nightly build, to ensure that we haven't already fixed the problem.

You can find and install the latest IronFox Nightly build with the following steps:

1. Navigate to the Artifacts tab on our GitLab repository.

2. Select the folder icon to the right of the latest artifact for your device's architecture. If you're not sure what architecture to use, we'd recommend trying build-apk: [arm64] first. If that doesn't work, you can try build-apk: [arm] instead.

3. Navigate to artifacts -> apk, and select the file ending in .apk.

4. Select Download, and proceed to download and install the application.

Aren't Firefox-based browsers less secure than Chromium?

Yes. While we do as much as possible to improve the situation, IronFox is unfortunately also impacted by some of Firefox's fundamental issues. For more details, please see our Limitations page.

Depending on your threat model, it may be preferable to use a Chromium-based browser, such as Vanadium on GrapheneOS, or Cromite.

We're deeply disappointed by Mozilla's lack of focus in this area, and we hope to see them improve in the future.

So IronFox is insecure? Why should I use it then, what's the point?

It should be noted that there is a difference between something being less secure vs. something being insecure.

To be clear: As noted above, Firefox-based web browsers are objectively less secure than their Chromium counterparts. We are not trying to discredit Firefox's legitimate issues in this area.

However, especially due to the hardening that IronFox provides, assuming that users keep the browser up to date and follow other good privacy and security practices, we believe that IronFox is secure enough for most users and threat models.

While we do as much as we can to improve Firefox's security, we also feel that IronFox's primary strengths are in other areas. Notably, when compared to most Chromium browsers, IronFox offers users with stronger privacy, superior content blocking (uBlock Origin), more freedom, more customization, and more control (ex. about:config) over their browsing experience. IronFox also supports other important features missing from many of these browsers, such as extensions and end-to-end encrypted browser sync.

Additionally, with the notable exception of Cromite, Chromium browsers on Android include proprietary Google Play libraries. Unlike these browsers, IronFox is fully free and open source. Unlike Chromium browsers, IronFox also supports Google Safe Browsing without Google Play Services. Thanks to our support for UnifiedPush, we also provide support for push notifications without Google Play Services.

It should also be noted that Firefox-based web browsers, such as IronFox, help to promote browser engine diversity, and oppose Google's browser engine monoculture/monopoly with Chromium.

Even from a security perspective, IronFox has certain features that a majority of Chromium browsers still lack, such as JavaScript Just-in-time Compilation (JIT) being disabled by default.

Ultimately, while Firefox-based web browsers (including IronFox) provide weaker security compared to their Chromium peers (and this is indeed something important to take into account), we wanted to highlight that IronFox brings a lot to the table in other aspects.

At the end of the day, we're not going to tell you that IronFox is the perfect browser, or even that you should use it at all. Which browser you should use depends on your threat model, personal preference, and values. Most importantly, the browser you should use is the one that works best for you. If that browser turns out to be IronFox? Great, welcome aboard! If not? No problem. Hopefully, you at least learned something.

Does IronFox contain proprietary/tracking libraries?

No. IronFox removes the following proprietary/tracking libraries from Firefox for Android:

Additionally, IronFox removes the proprietary Google Play FIDO library from GeckoView - (Replaced with the microG FIDO library).

IronFox also removes Mozilla's Glean (telemetry) library from Android Components and Application Services (dependencies that provide core functionality for Firefox on Android).

For Firefox for Android itself, while it's untenable to fully remove all references to the Glean library, we do remove the Glean service library, and we stub the Glean library itself at build-time and break/neuter all of its functionality. Note that certain naive apps (ex. App Manager, Exodus, and Tracker Control) do not take this into account, and incorrectly claim that IronFox has tracking libraries (referring to the Glean library). Keep in mind that these same apps claim that Google Chrome has no tracking, and even claim that Tor Browser contains trackers.

App Manager specifically also claims that IronFox includes a Mozilla Crashreport tracking library, though this is incorrect; you can find the specific class it's referencing here, and see for yourself that this is simply an interface, which doesn't include any actual data collection or tracking.

Does IronFox depend on Google Play Services?

No, IronFox does not depend on Google Play Services for any functionality.

Due to our use of the microG FIDO library, GrapheneOS is unfortunately known to incorrectly label IronFox as depending on Google Play services. This also results in IronFox being automatically granted the Dynamic code loading via storage permission, which is unnecessary unless you're using UnifiedPush (as detailed below).

Why is Google Safe Browsing supported and enabled by default?

Please see our Safe Browsing page here.

Why does IronFox crash on GrapheneOS?

On GrapheneOS, if the Dynamic code loading via memory exploit mitigation is enabled, IronFox might crash on launch with an error, stating IronFox tried to perform DCL via memory. Unfortunately, Firefox-based web browsers are currently incompatible with this protection.

If you encounter this issue, you can disable the Dynamic code loading via memory exploit mitigation for IronFox, by navigating to IronFox's App info (You can get there by holding IronFox's app icon and selecting App info, or by navigating to Settings -> Apps, and finding + selecting IronFox), navigating to Exploit protection -> Dynamic code loading via memory, and selecting Allowed).

Can I use FIDO/U2F/Passkeys?

Yes! While IronFox removes the proprietary Google Play FIDO library, it replaces it with its FOSS microG equivalent.

In addition to providing support for FIDO/U2F/Passkeys to users with microG installed, this can also be used without microG or Google Play Services, thanks to the excellent, free and open source HW Fido2 Provider app.

NOTE: After installing HW Fido2 Provider, ensure you set it as Android's Preferred service for passwords, passkeys & autofill (On GrapheneOS, this is located at Settings -> Passwords, passkeys & accounts -> Preferred service).

Can I receive push notifications?

Yes! While IronFox removes the proprietary Google Play Firebase Messaging Library, it adds support for UnifiedPush.

To use UnifiedPush, you'll first need to install and set-up a distributor app - we recommend Sunup for this.

After setting up your distributor, you can enable support for UnifiedPush by selecting the Use UnifiedPush option, located under IronFox -> IronFox settings -> Miscellaneous in settings. You should then receive a prompt to restart IronFox; after restarting, you should be ready to go!

NOTE: By default, IronFox blocks prompts from websites to enable web notifications. If you'd like to receive notifications from websites, you can re-enable notifications prompts by navigating to Privacy and security -> Site settings -> Permissions -> Notification in settings, and selecting Ask to allow.

NOTE: To receive notifications while IronFox is in the background, GrapheneOS users might unfortunately need to disable the Dynamic code loading via storage exploit protection for IronFox. You can do this by navigating to IronFox's App info (You can get there by holding IronFox's app icon and selecting App info, or by navigating to Settings -> Apps, and finding + selecting IronFox), navigating to Exploit protection -> Dynamic code loading via storage, and selecting Allowed).

Why are certain preferences locked?

Due to the nature of Fenix (Firefox for Android)'s design, Gecko preferences don't quite work the same as they do on Firefox for Desktop/how you may expect.

For background, Firefox for Desktop is very deeply integrated with the Gecko engine. Many Gecko preferences directly control/influence UI behavior and elements, and UI settings/behavior itself also directly influences Gecko preferences/behavior.

For Fenix, this is not the case. Gecko is implemented through the separate Engine-Gecko library, which itself implements the separate GeckoView library... this provides multiple degrees of separation between the browser frontend/UI and the Gecko engine backend.

What this means for users is that while Fenix's UI frontend/UI settings can, and often do, modify Gecko preferences: this only goes that one way. Gecko preferences are limited to controlling the behavior of the underlying browser engine itself, and they can't directly modify Fenix's behavior like they would on Desktop.

This can be problematic, as it means that Fenix settings can get out of sync with Gecko preferences. For example, from Fenix's UI settings, a user could leave the Cookie Banner Blocker in private browsing toggle enabled, while setting the cookiebanners.service.mode.privateBrowsing pref from about:config to 0 (Disabled). As you might imagine, the Fenix setting and Gecko preference not matching like this can lead to unexpected behavior and bugs/glitches.

Another concern is that Gecko preferences controlled by Fenix settings like this are also reset on every browser launch. Back to the previous example: A user might set the cookiebanners.service.mode.privateBrowsing pref to 0 from about:config, and it might look like it works to disable the feature (like it does on ex. Firefox for Desktop). However, unbeknownst to them, if they left the Cookie Banner Blocker in private browsing UI setting enabled, the pref would simply reset back to 1 (Enabled) the next time they launch the browser, and the feature would remain enabled (despite them wishing to disable it).

It's actually in large part due to these reasons that Mozilla disables access to about:config on standard Firefox releases. Of course, we disagree with Mozilla's approach here, and believe that preventing access to the about:config is an unacceptable compromise for user freedom and control.

So, to mitigate the concerns detailed above, Gecko preferences controlled by UI settings will appear locked in about:config. The preferences can still be modified by users, but this ensures that the prefs are only set by their proper, corresponding UI toggle(s), and it ensures that the Gecko preferences always remain in sync with the frontend/Fenix's settings.

Why isn't Resist Fingerprinting (RFP) enabled?

Resist Fingerprinting (RFP) is Firefox's traditional fingerprinting protection, designed and intended for use by Tor Browser.

Unfortunately, due to it's design and intended use case, some of RFP's behavior is known to cause breakage and undesired behavior for users. RFP is also an all-or-nothing package, meaning you are forced to pick between having protection, or no protection at all.

Thankfully, for Firefox, Mozilla has recently developed Suspected Fingerprinters Protection (FPP). FPP is far more flexible than RFP, as it allows users to enable or disable specific protections as needed, globally or on a per-site basis.

Due to RFP's issues, we enable FPP instead. Additionally, as Mozilla's default protections for FPP are currently very limited, we use our own hardened configuration for it. Our hardened configuration is designed to match RFP, but with exceptions to avoid certain behaviors that are known to cause issues and undesired behavior for users. You can see our Features page for more details.

We also include a list of default overrides to fix breakage or harden protection on a per-site basis. If desired, you can disable our default overrides with the Enable fingerprinting protection overrides from IronFox toggle, located under Settings -> IronFox -> IronFox settings -> Privacy. Similarly, you can disable Mozilla's default overrides that serve a similar purpose with the Enable fingerprinting protection overrides from Mozilla toggle, located under Settings -> IronFox -> IronFox settings -> Privacy.

Due to our use of FPP, and the reasons listed above, RFP is NOT recommended or supported.

Why can't I install add-ons/extensions?

By default, due to privacy and security concerns, IronFox disables the installation of add-ons. This has no impact on already installed extensions, and updates to those extensions.

To allow the installation of add-ons, at the cost of security, you can navigate to Settings -> IronFox -> IronFox settings -> Security, and select the option to Allow installation of add-ons. It is recommended to disable this option when you are done installing your desired extension(s).

What add-ons/extensions should I install?

Besides uBlock Origin? Ideally, none.

In general, we highly recommend keeping your installed extensions to a minimum; only use what you need. Installing add-ons increases your attack surface, can help aid fingerprinting, degrades performance, and has various other concerns.

For more details, and information on why you don't actually need many of the extensions that you might think you do, take a look at Arkenfox's Extensions wiki page.

Why is IronFox so slow?

By default, in order to improve security, IronFox disables JavaScript Just-in-time Compilation (JIT). While this doesn't cause a noticeable difference on most modern devices, depending on your device, this might be what's causing the slowness you're experiencing.

At the cost of security, you can re-enable JIT by navigating to Settings -> IronFox -> IronFox settings -> Security, and selecting the option to Enable JavaScript Just-in-time Compilation (JIT).

Alternatively, you can also try enabling JIT only for extensions, by navigating to Settings -> IronFox -> IronFox settings -> Security, and selecting the option to Enable JavaScript Just-in-time Compilation (JIT) for extensions.

If re-enabling JIT doesn't give you the desired outcome, at the cost of privacy, you can re-enable disk cache by navigating to Settings -> IronFox -> IronFox settings -> Privacy, and selecting the option to Enable disk cache.

If this still doesn't give you the desired outcome, please file an issue and let us know!

Why can't I stream certain (DRM-protected) content from streaming services (Ex. Amazon Prime Video, Apple TV+, Disney+, HBO Max, Hulu, Netflix, Peacock, Plex, Sling, Spotify, etc?)

IronFox does not support Encrypted Media Extensions (EME), due to privacy, security, freedom, and ideological concerns. For more details, see this article from the EFF, as well as this post.

Unfortunately, certain streaming services (such as the examples listed above) arbitrarily prevent IronFox users (as well as users of other privacy and security-focused projects) from accessing content, by requiring EME for media playback. When you encounter an issue due to this, please report this to the website's operator! Please also file an issue, so that we can track/document impacted services.

At your own risk, at the cost of privacy and security, you can re-enable support for EME with a not supported, not recommended hidden setting, by navigating to Settings -> About -> About IronFox, tapping the IronFox logo 7 times until you see a message stating Debug menu enabled, navigating to Settings -> IronFox -> IronFox settings -> Secret settings, and selecting the Enable Encrypted Media Extensions (EME) option. To play content, you will likely also need to enable the Enable Widevine CDM option from the same screen, which enables Google's Widevine Content Decryption Module (CDM), provided by Android's MediaDrm API.

Why are websites displayed in light mode?

By default, to protect against fingerprinting, IronFox sets the preferred website appearance to Light mode.

At the cost of privacy, you can change this by navigating to Settings -> IronFox -> IronFox settings -> Preferred website appearance, and selecting Dark or Follow browser theme.

NOTE: The Dark Reader add-on is known to cause severe performance issues on hardened Firefox-based browsers/configurations. Installing Dark Reader also poses privacy and security concerns, as detailed above. Dark Reader should be AVOIDED if possible, in favor of the Preferred website appearance setting if necessary.

Why are websites always displayed in English?

By default, to protect against fingerprinting, IronFox spoofs the preferred locale to English (en-US).

At the cost of privacy, you can change this by navigating to Settings -> IronFox -> IronFox settings -> Privacy, and selecting Request English versions of webpages.

How can I allow websites to use WebGL?

By default, IronFox disables WebGL for websites, due to privacy and security concerns.

At the cost of privacy and security, you can re-enable WebGL on a per-site basis by setting the value of privacy.fingerprintingProtection.granularOverrides at about:config to [{"firstPartyDomain":"example.com","overrides":"-DisableWebGL"}], replacing example.com with the base domain of the website you'd like to enable WebGL for.

If desired, at the cost of privacy and security, you can re-enable WebGL for all websites with the Disable WebGL toggle, located under Settings -> IronFox -> IronFox settings -> Privacy and security.

Note that when WebGL is disabled, by default, we re-enable it for certain websites to avoid breakage and unwanted/unexpected behavior. If desired, you can disable our default overrides with the Enable WebGL overrides from IronFox toggle, located under Settings -> IronFox -> IronFox settings -> Privacy and security.

Please file an issue when you encounter breakage related to this, so that we can track/document the issue, and potentially add the site to our list of default overrides.

If timezone spoofing is enabled, how can I allow certain websites to access my real timezone?

To protect against fingerprinting, IronFox offers a setting to spoof the system's timezone to UTC-0, located at Settings -> IronFox -> IronFox settings -> Privacy -> Spoof timezone to UTC-0.

At the cost of privacy, when timezone spoofing is enabled, you can disable it on a per-site basis by setting the value of privacy.fingerprintingProtection.granularOverrides at about:config to [{"firstPartyDomain":"example.com","overrides":"-JSDateTimeUTC"}], replacing example.com with the base domain of the website you'd like to disable timezone spoofing for.

Note that when timezone spoofing is enabled, by default, we re-enable it for certain websites to avoid breakage and unwanted/unexpected behavior. If desired, you can disable our default overrides with the Enable timezone spoofing overrides from IronFox toggle, located under Settings -> IronFox -> IronFox settings -> Privacy.

Please file an issue when you encounter breakage related to this, so that we can track/document the issue, and potentially add the site to our list of default overrides.

Why do some fonts display incorrectly?

By default, to protect against fingerprinting, IronFox restricts the visibility of fonts exposed to websites. Unfortunately, this is known to cause issues with displaying certain text in Korean.

At the cost of privacy, if you encounter this issue, you can disable this protection globally by setting the value of privacy.fingerprintingProtection.overrides at about:config to -FontVisibilityBaseSystem. You can also disable this protection on a per-site basis by setting the value of privacy.fingerprintingProtection.granularOverrides at about:config to [{"firstPartyDomain":"example.com","overrides":"-FontVisibilityBaseSystem"}], replacing example.com with the base domain of the website you'd like to disable this protection for.

Why can't I see emojis?

By default, to protect against fingerprinting, IronFox restricts the visibility of fonts exposed to websites. Unfortunately, this is known to break the display of emojis (See a testing page here) for users on Android 10 or lower.

If you encounter this issue, please upgrade to a newer version of Android as soon as possible ;)... but, for a work-around, at the cost of privacy, you can disable this protection globally by setting the value of privacy.fingerprintingProtection.overrides at about:config to -FontVisibilityBaseSystem,-FontVisibilityLangPack. You can also disable this protection on a per-site basis by setting the value of privacy.fingerprintingProtection.granularOverrides at about:config to [{"firstPartyDomain":"example.com","overrides":"-FontVisibilityBaseSystem,-FontVisibilityLangPack"}], replacing example.com with the base domain of the website you'd like to disable this protection for.

Why doesn't this website work?

For background, IronFox uses configs from Phoenix to harden and configure Gecko's preferences and underlying behavior. While it is both the goal of IronFox and Phoenix to provide users with a balance between strong privacy and security, while also preventing breakage where possible and preserving compatibility with websites, you may occasionally encounter issues.

As these issues generally stem from Gecko, unless you're confident that the issue is caused by a IronFox-specific change, please report the issue on Phoenix's issue tracker. A notable exception to this is issues caused by WebGL being disabled; these are caused by IronFox-specific changes, so should be reported with the IronFox issue tracker.

If you're confident that the change is IronFox-specific, please report the issue on our issue tracker instead.

Regardless of whether you're using Phoenix or IronFox's issue tracker, please do the following before opening an issue:

  • Confirm that the website/issue is not already listed on Phoenix's Website Compatibility page
  • Ensure that IronFox is up-to-date, and confirm that the issue occurs on the latest release
  • Verify that the issue does NOT occur on the latest release of vanilla Firefox from Mozilla - you can find the latest .apks here - just find the version that corresponds to the version of IronFox you're using, this can be found by navigating to Settings -> About -> About IronFox
  • If possible, please check if the issue occurs on a clean install of IronFox, without changing any settings - you can do this without impacting your current installation by using Android's Private Space feature, or with the Shelter app if you're not on Android 15 or newer
Reference in New Issue View Git Blame Copy Permalink