e6c69ef28d
ironfox-oss/IronFox!92 ____ ## Changes - [Added a separate toggle in settings to enable/disable JIT for **extensions**](48a42e213a) when JIT is otherwise disabled globally *(**Disabled** by default)*, located at `Settings` -> `IronFox` -> `IronFox settings` -> `Security` -> **`Enable JavaScript Just-in-time Compilation (JIT) for extensions`**. - [Added support for natively enabling/disabling WebGL per-site](5e1acb19a6) via FPP overrides. **It is now recommended to disable the uBlock Origin `Block WebGL` lists** *(The `Block WebGL` lists will be removed from the uBlock Origin config entirely in the near future, but we're keeping them for now to ex. give users time to update)*. See [Notes](#notes) below for details, such as how you can manually allow desired websites to use WebGL. - [Added a toggle in settings to enable or disable our default WebGL overrides](c9298799ee) *(**Enabled** by default)*, located at `Settings` -> `IronFox` -> `IronFox settings` -> `Privacy` -> **`Enable WebGL overrides from IronFox`**. When WebGL is enabled, this setting enables WebGL by default for certain websites, to reduce breakage/unexpected behavior. Note that this list is **NOT** fetched/updated remotely. - [Added a toggle in settings to enable or disable spoofing the timezone to `UTC-0`](c8cb5064e4) *(**Disabled** by default)*, located at `Settings` -> `IronFox` -> `IronFox settings` -> `Privacy` -> **`Spoof timezone to UTC-0`**. - [Added a toggle in settings to enable or disable our default timezone overrides](c8cb5064e4) *(**Enabled** by default)*, located at `Settings` -> `IronFox` -> `IronFox settings` -> `Privacy` -> **`Enable timezone spoofing overrides from IronFox`**. When timezone spoofing is enabled, this setting disables timezone spoofing by default for certain websites, to reduce breakage/unexpected behavior. Note that this list is **NOT** fetched/updated remotely. - [Added a toggle in settings to enable or disable *Mozilla's* default fingerprinting protection overrides](64e3706be8) to reduce website breakage *(**Enabled** by default)*, located at `Settings` -> `IronFox` -> `IronFox settings` -> `Privacy` -> **`Enable fingerprinting protection overrides from Mozilla`**. Note that this list **IS** fetched/updated remotely. - [Added a toggle in settings to enable or disable *our* default fingerprinting protection overrides](64e3706be8) to reduce website breakage *(**Enabled** by default)*, located at `Settings` -> `IronFox` -> `IronFox settings` -> `Privacy` -> **`Enable fingerprinting protection overrides from IronFox`**. This toggle does **not** disable fingerprinting protection overrides that we set to **harden** protection for certain websites. Note that this list is **NOT** fetched/updated remotely. - [Implemented](522770b2dc) [Phoenix's extension blocklist](https://codeberg.org/celenity/Phoenix/src/branch/pages/build/policies/blocklist.json) to block malicious/phishing/sketchy extensions. - [Locked Gecko preferences controlled by UI settings](bc9df5c52c) *(See [details](https://gitlab.com/ironfox-oss/IronFox/-/blob/dev/docs/FAQ.md#why-are-certain-preferences-locked))*. - [Prevented the JIT toggle from controlling `javascript.options.main_process_disable_jit`](8171a4da48), as this pref is not required for JIT to function, and is preferable to leave on - even when JIT is enabled, to improve security. - Updated to Firefox [`144.0`](https://firefox.com/firefox/android/144.0/releasenotes/). - Updated microG to [`v0.3.10.250932`](https://github.com/microg/GmsCore/releases/tag/v0.3.10.250932). - Updated Phoenix to [`2025.10.12.1`](https://codeberg.org/celenity/Phoenix/releases/tag/2025.10.12.1). - [Other minor tweaks, adjustments, and enhancements](https://gitlab.com/ironfox-oss/IronFox/-/merge_requests/92/diffs). ## Notes You can manually allow websites to use WebGL with the `privacy.fingerprintingProtection.granularOverrides` preference at `about:config`. For instance, if I want to allow **`example.com`** to use WebGL, I would set the value of `privacy.fingerprintingProtection.granularOverrides` to: ```sh [{"firstPartyDomain":"example.com","overrides":"-DisableWebGL"}] ``` If I *also* wanted to allow `example2.com`, I'd set the value to: ```sh [{"firstPartyDomain":"example.com","overrides":"-DisableWebGL"},{"firstPartyDomain":"example2.com","overrides":"-DisableWebGL"}] ``` **[Please report websites that require WebGL to us if possible](https://gitlab.com/ironfox-oss/IronFox/-/issues)**, so that we can investigate and potentially add them to the default WebGL overrides list. MR-author: celenity <celenity@celenity.dev> Co-authored-by: Weblate <hosted@weblate.org> Co-authored-by: Akash Yadav <itsaky01@gmail.com> Approved-by: celenity <celenity@celenity.dev> Merged-by: celenity <celenity@celenity.dev>
16 KiB
Network Connections
This page serves to document connections commonly made by IronFox. It will explain the purpose of each connection, what data is shared, and how to disable (or override if applicable) the connection if desired.
Default
These connections are made by default, out of the box.
Add-on Updates
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=2&*
If you install add-ons from outside of the AMO (addons.mozilla.org), you may notice additional connections to other servers as part of this functionality (as specified by the extension(s) you install).
Operator: Mozilla - Privacy policy
Purpose: Downloads updates for installed extensions and themes.
Type(s) of data shared: Identifiers of installed add-ons, Current versions of installed add-ons, Browser version, User Agent, public IP address.
How often the connection occurs: Hourly (extensions.update.interval).
Control: You can disable add-on updates globally by setting extensions.update.enabled to false in your about:config.
You can also disable updates for individual add-ons by setting extensions.{GUID}.update.enabled to false in your about:config, replacing {GUID} with the ID of your desired add-on (IDs of your installed extensions can be found at about:support). For example: if I wanted to disable updates for uBlock Origin, I would set extensions.uBlock0@raymondhill.net.update.enabled to false.
Note that disabling add-on updates is NOT recommended.
Autograph
https://content-signature-2.cdn.mozilla.net/g/chains/*
Operator: Mozilla - Privacy policy
Purpose: Provides signing/verification for various functionality, including: content signatures, and extension signing (1, 2).
Type(s) of data shared: User Agent, public IP address.
How often the connection occurs: Every browser launch, and periodically after.
Control: This request can be disabled by appending ,content-signature-2.cdn.mozilla.net to the value of network.dns.localDomains in your about:config (or by blocking content-signature-2.cdn.mozilla.net on the network level); though it is NOT recommended to disable or block this connection.
DNS over HTTPS
https://dns.quad9.net/dns-query
Operator: Quad9 - Privacy policy
Purpose: Provides encrypted domain name resolution.
Type(s) of data shared: Domain names of servers you connect to, User Agent, public IP address.
How often the connection occurs: Every time you connect to a domain.
Control: You can change DNS providers by navigating to Privacy and security -> DNS over HTTPS in settings. Under Max Protection (or your chosen mode)-> Choose provider:, you can either select one of our presets:
- AdGuard -
https://dns.adguard-dns.com/dns-query- Privacy policy - AdGuard (Unfiltered) -
https://unfiltered.adguard-dns.com/dns-query- Privacy policy - Cloudflare -
https://mozilla.cloudflare-dns.com/dns-query- Privacy policy - Cloudflare (Malware Protection) -
https://security.cloudflare-dns.com/dns-query- Privacy policy - DNS0 -
https://dns0.eu- Privacy policy - DNS0 (ZERO) -
https://zero.dns0.eu- Privacy policy - DNS4EU (Ad Blocking) -
https://noads.joindns4.eu/dns-query- Privacy policy - DNS4EU (Protective) -
https://protective.joindns4.eu/dns-query- Privacy policy - DNS4EU (Unfiltered) -
https://unfiltered.joindns4.eu/dns-query- Privacy policy - Mullvad (Base) -
https://base.dns.mullvad.net/dns-query- Privacy policy - Mullvad (Unfiltered) -
https://dns.mullvad.net/dns-query- Privacy policy - NextDNS -
https://firefox.dns.nextdns.io/- Privacy policy - Wikimedia -
https://wikimedia-dns.org/dns-query- Privacy policy
Or you can add your own provider by selecting Custom, and entering your desired URL.
You can also set DNS over HTTPS to use your system's DNS resolver, by selecting Default Protection from the same screen.
Initial add-on installation
https://addons.mozilla.org/firefox/downloads/latest/uBlock0@raymondhill.net/latest.xpi
Operator: Mozilla - Privacy policy
Purpose: Downloads and installs the uBlock Origin extensions.
Type(s) of data shared: User Agent, public IP address.
How often the connection occurs: Once, on initial set-up.
Control: Uncheck the box to install uBlock Origin on the onboarding if desired, though doing so is NOT recommended.
Push Service
wss://push.services.mozilla.com/
Operator: Mozilla - Privacy policy
Purpose: Provides support for web push notifications and Remote Settings.
Type(s) of data shared: Random identifier (dom.push.userAgentID), User Agent, public IP address.
How often the connection occurs: Every browser launch, and periodically after.
Control: You can disable this functionality by setting the following preferences in your about:config:
dom.push.connection.enabled->falsedom.push.userAgentID->
Note that disabling this feature is NOT recommended.
Remote Settings
https://firefox.settings.services.mozilla.com/v1/buckets/blocklists/collections/*https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/*https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=*https://firefox.settings.services.mozilla.com/v1/buckets/security-state/collections/*https://firefox-settings-attachments.cdn.mozilla.net/bundles/security-state--intermediates.ziphttps://firefox-settings-attachments.cdn.mozilla.net/bundles/startup.json.mozlz4https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/tracking-protection-lists/*https://firefox-settings-attachments.cdn.mozilla.net/security-state-staging/cert-revocations/*
Operator: Mozilla - Privacy policy
Purpose: Downloads configurations and databases for various functionality, including: Add-on blocklists, Certificate Revocations, Certificate Transparency logs, Intermediate Certificates, Tracking Protection lists, Translation models, etc.
Type(s) of data shared: User Agent, public IP address.
How often the connection occurs: Hourly (services.settings.poll_interval).
Control: This functionality can be disabled globally by setting browser.ironfox.services.settings.allowedCollections to in your about:config, though it is NOT recommended to disable this feature.
You can also disable certain individual parts of this functionality if desired by setting the following preferences in your about:config:
- Add-on blocklists:
extensions.blocklist.enabled->false - CRLite filters:
security.remote_settings.crlite_filters.enabled->false - Intermediate certificate downloads:
security.remote_settings.intermediates.enabled->false - Tracking blocklists:
browser.safebrowsing.provider.mozilla.lists->disabled
Note that disabling this functionality is NOT recommended.
Safe Browsing
https://safebrowsing.ironfoxoss.org/v4/fullHashes:find?$ct=application/x-protobuf&*https://safebrowsing.ironfoxoss.org/v4/threatListUpdates:fetch?$ct=application/x-protobuf&*https://safebrowsing.ironfoxoss.org/v5/hashes:search?*https://safebrowsing.ironfoxoss.org/v5/hashLists:batchGet?*
Operator: IronFox OSS - Privacy policy
Purpose: Provides real-time protection against malware and phishing (Proxies https://safebrowsing.googleapis.com).
Type(s) of data shared: Partial URL hashes upon potential matches, User Agent, public IP address.
How often the connection occurs: Every browser launch, and every 30 minutes after.
Control: See our Safe Browsing page for more details, including how to disable Safe Browsing or change providers if desired. Note that disabling Safe Browsing is NOT recommended.
System Add-on Updates
https://archive.mozilla.org/pub/system-addons/*https://aus5.mozilla.org/update/3/SystemAddons/*
Operator: Mozilla - Privacy policy
Purpose: Downloads and updates system add-ons.
Type(s) of data shared: Browser version, locale, OS, OS architecture, OS version, User Agent, public IP address.
How often the connection occurs: Hourly.
Control: You can disable this functionality by setting extensions.systemAddon.update.enabled to false in your about:config; though this is NOT recommended.
uBlock Origin
https://cdn.jsdelivr.net/gh/uBlockOrigin/uAssetsCDN@main/*- Privacy Policyhttps://cdn.statically.io/gh/uBlockOrigin/uAssetsCDN/main/*- Privacy Policyhttps://filters.adtidy.org/extension/ublock/filters/*- Privacy Policyhttps://gitlab.com/celenityy/BadBlock/-/raw/*- Privacy Policyhttps://gitlab.com/celenityy/Phoenix/-/raw/*- Privacy Policyhttps://gitlab.com/DandelionSprout/adfilt/-/raw/master/*- Privacy Policyhttps://gitlab.com/hagezi/mirror/-/raw/main/dns-blocklists/adblock/*- Privacy Policyhttps://malware-filter.gitlab.io/urlhaus-filter/urlhaus-filter-ag-online.txt- Privacy Policyhttps://malware-filter.pages.dev/urlhaus-filter-ag-online.txt- Privacy Policyhttps://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=1&mimetype=plaintexthttps://publicsuffix.org/list/public_suffix_list.dat- Privacy policyhttps://raw.githubusercontent.com/fmhy/FMHYFilterlist/main/filterlist-basic.txt- Privacy Policyhttps://raw.githubusercontent.com/yokoffing/filterlists/main/*- Privacy Policyhttps://secure.fanboy.co.nz/*https://someonewhocares.org/hosts/hostshttps://ublockorigin.github.io/uAssets/*- Privacy Policyhttps://ublockorigin.github.io/uAssetsCDN/*- Privacy Policyhttps://ublockorigin.pages.dev/*- Privacy Policy
Purpose: Downloads and updates for filterlists and other resources in uBlock Origin.
Type(s) of data shared: User Agent, public IP address.
How often the connection occurs: Periodically.
Control: You can disable uBlock Origin by navigating to Advanced -> Extensions -> uBlock Origin in settings, and selecting Enabled. You can also uninstall uBlock Origin entirely from the same screen, by selecting Remove; though disabling or uninstalling uBlock Origin is NOT recommended.
Additional
The following are optional, non-standard connections that IronFox might make, depending on the features you decide to use.
Geolocation
https://api.beacondb.net/v1/geolocate
Operator: BeaconDB - Privacy policy
Purpose: Serves as a fallback to provide geolocation when the system's provider is unavailable.
Type(s) of data shared: Strength and general information of nearby cellular towards and Wi-Fi networks (if available/supported), User Agent, public IP address.
How often the connection occurs: When/if you grant a website permission to access your location and if your system's geolocation provider is unavailable.
Control: You can simply choose not to grant websites permission to access your location, or you can disable the network geolocation provider entirely by setting geo.provider.network.url to in your about:config; though doing so may cause issues with geolocation if your system's geolocation provider is unavailable.
You can also change the network geolocation provider if desired by setting the value of geo.provider.network.url to your preferred URL in the about:config.