mirror of
https://github.com/ironfox-oss/IronFox.git
synced 2026-01-01 10:40:53 -05:00
e6c69ef28d
ironfox-oss/IronFox!92 ____ ## Changes - [Added a separate toggle in settings to enable/disable JIT for **extensions**](48a42e213a) when JIT is otherwise disabled globally *(**Disabled** by default)*, located at `Settings` -> `IronFox` -> `IronFox settings` -> `Security` -> **`Enable JavaScript Just-in-time Compilation (JIT) for extensions`**. - [Added support for natively enabling/disabling WebGL per-site](5e1acb19a6) via FPP overrides. **It is now recommended to disable the uBlock Origin `Block WebGL` lists** *(The `Block WebGL` lists will be removed from the uBlock Origin config entirely in the near future, but we're keeping them for now to ex. give users time to update)*. See [Notes](#notes) below for details, such as how you can manually allow desired websites to use WebGL. - [Added a toggle in settings to enable or disable our default WebGL overrides](c9298799ee) *(**Enabled** by default)*, located at `Settings` -> `IronFox` -> `IronFox settings` -> `Privacy` -> **`Enable WebGL overrides from IronFox`**. When WebGL is enabled, this setting enables WebGL by default for certain websites, to reduce breakage/unexpected behavior. Note that this list is **NOT** fetched/updated remotely. - [Added a toggle in settings to enable or disable spoofing the timezone to `UTC-0`](c8cb5064e4) *(**Disabled** by default)*, located at `Settings` -> `IronFox` -> `IronFox settings` -> `Privacy` -> **`Spoof timezone to UTC-0`**. - [Added a toggle in settings to enable or disable our default timezone overrides](c8cb5064e4) *(**Enabled** by default)*, located at `Settings` -> `IronFox` -> `IronFox settings` -> `Privacy` -> **`Enable timezone spoofing overrides from IronFox`**. When timezone spoofing is enabled, this setting disables timezone spoofing by default for certain websites, to reduce breakage/unexpected behavior. Note that this list is **NOT** fetched/updated remotely. - [Added a toggle in settings to enable or disable *Mozilla's* default fingerprinting protection overrides](64e3706be8) to reduce website breakage *(**Enabled** by default)*, located at `Settings` -> `IronFox` -> `IronFox settings` -> `Privacy` -> **`Enable fingerprinting protection overrides from Mozilla`**. Note that this list **IS** fetched/updated remotely. - [Added a toggle in settings to enable or disable *our* default fingerprinting protection overrides](64e3706be8) to reduce website breakage *(**Enabled** by default)*, located at `Settings` -> `IronFox` -> `IronFox settings` -> `Privacy` -> **`Enable fingerprinting protection overrides from IronFox`**. This toggle does **not** disable fingerprinting protection overrides that we set to **harden** protection for certain websites. Note that this list is **NOT** fetched/updated remotely. - [Implemented](522770b2dc) [Phoenix's extension blocklist](https://codeberg.org/celenity/Phoenix/src/branch/pages/build/policies/blocklist.json) to block malicious/phishing/sketchy extensions. - [Locked Gecko preferences controlled by UI settings](bc9df5c52c) *(See [details](https://gitlab.com/ironfox-oss/IronFox/-/blob/dev/docs/FAQ.md#why-are-certain-preferences-locked))*. - [Prevented the JIT toggle from controlling `javascript.options.main_process_disable_jit`](8171a4da48), as this pref is not required for JIT to function, and is preferable to leave on - even when JIT is enabled, to improve security. - Updated to Firefox [`144.0`](https://firefox.com/firefox/android/144.0/releasenotes/). - Updated microG to [`v0.3.10.250932`](https://github.com/microg/GmsCore/releases/tag/v0.3.10.250932). - Updated Phoenix to [`2025.10.12.1`](https://codeberg.org/celenity/Phoenix/releases/tag/2025.10.12.1). - [Other minor tweaks, adjustments, and enhancements](https://gitlab.com/ironfox-oss/IronFox/-/merge_requests/92/diffs). ## Notes You can manually allow websites to use WebGL with the `privacy.fingerprintingProtection.granularOverrides` preference at `about:config`. For instance, if I want to allow **`example.com`** to use WebGL, I would set the value of `privacy.fingerprintingProtection.granularOverrides` to: ```sh [{"firstPartyDomain":"example.com","overrides":"-DisableWebGL"}] ``` If I *also* wanted to allow `example2.com`, I'd set the value to: ```sh [{"firstPartyDomain":"example.com","overrides":"-DisableWebGL"},{"firstPartyDomain":"example2.com","overrides":"-DisableWebGL"}] ``` **[Please report websites that require WebGL to us if possible](https://gitlab.com/ironfox-oss/IronFox/-/issues)**, so that we can investigate and potentially add them to the default WebGL overrides list. MR-author: celenity <celenity@celenity.dev> Co-authored-by: Weblate <hosted@weblate.org> Co-authored-by: Akash Yadav <itsaky01@gmail.com> Approved-by: celenity <celenity@celenity.dev> Merged-by: celenity <celenity@celenity.dev>
21 lines
2.4 KiB
Markdown
21 lines
2.4 KiB
Markdown
# Safe Browsing
|
|
|
|
**IronFox enables Google Safe Browsing by default to provide users with real-time protection against malware, phishing, and other threats**.
|
|
|
|
Firefox's Safe Browsing implementation is [very well-designed from a privacy perspective](https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/). It is free and open source, and unlike Chromium browsers on Android, does **not** rely on Google Play Services.
|
|
|
|
On top of [Firefox's already privacy-respecting design and implementation of Safe Browsing](https://support.mozilla.org/kb/how-does-phishing-and-malware-protection-work), we take additional measures to further improve privacy for users, by routing connections to Google through our [proxy](https://gitlab.com/ironfox-oss/safebrowsing-proxy).
|
|
|
|
**When Safe Browsing is enabled**, IronFox will periodically update its database *(through our proxy)* to provide protection against the latest threats. Additionally, if a potential match for a malicious website is found, IronFox might submit a partial hash of the suspected URL to Google *(through our proxy)*.
|
|
|
|
**At the cost of security**, you can disable Safe Browsing if desired, by navigating to `Settings` -> `IronFox` -> `IronFox settings` -> `Security` -> `Enable Safe Browsing`.
|
|
|
|
**If you'd like to keep Safe Browsing enabled, but prefer to disable our proxy and connect to Google directly**, you can do this by setting the following preferences in your [`about:config`](about:config):
|
|
|
|
- `browser.safebrowsing.provider.google4.gethashURL` -> `https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSING_API_KEY%&$httpMethod=POST`
|
|
- `browser.safebrowsing.provider.google4.updateURL` -> `https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSING_API_KEY%&$httpMethod=POST`
|
|
- `browser.safebrowsing.provider.google5.gethashURL` -> `https://safebrowsing.googleapis.com/v5/hashes:search?key=%GOOGLE_SAFEBROWSING_API_KEY%`
|
|
- `browser.safebrowsing.provider.google5.updateURL` -> `https://safebrowsing.googleapis.com/v5/hashLists:batchGet?key=%GOOGLE_SAFEBROWSING_API_KEY%`
|
|
|
|
If you'd like to revert back to using our proxy, you can do so at any time by resetting the values of the `browser.safebrowsing.provider.google4.gethashURL`, `browser.safebrowsing.provider.google4.updateURL`, `browser.safebrowsing.provider.google5.gethashURL`, and `browser.safebrowsing.provider.google5.updateURL` preferences.
|