Add IronFox to F-Droid (Mull continued)

celenity · January 15, 2025, 3:52am

Yes, that’s a reasonable request. This is fairly rough and far from complete, but here are the notable changes off the top of my head:

We enable support for Google Safe Browsing. Mull enabled Safe Browsing as well; but Tavi didn’t have an API key, so it never actually worked on Mull. We added the API key, so it works. Our plan is to disable Safe Browsing by default and leave it up to the user to enable, but on the current build (134.0.0), it’s partially enabled by default due to a bug, but this will be fixed next release.
As discussed above, we now use Phoenix instead of Arkenfox. Phoenix includes the hardening of Arkenfox, but is also more comprehensive, and we’re using the Android version, which is specifically tailored to Android.

In terms of how Phoenix itself compares to Mull/Arkenfox, Phoenix:

Disables Origin Trials
Disables X-Frame Options Error Reporting
Covers more telemetry prefs for defense in depth
Removes special privileges granted to certain Mozilla domains
Disables Preconnect
Disables Early Hints
Upgrades local content as part of HTTPS-Only Mode
Blocks insecure display content & object subrequests
Disables DNS over HTTPS connectivity checks
Fixes IPv6 connectivity issues when using DNS over HTTPS
Enables Certificate Transparency
Disables Region updates
Sets the fallback network geolocation provider to BeaconDB instead of Google
Enables WebRTC, but enables mDNS host obfuscation and forces it to exclude local IP addresses. This effectively breaks WebRTC; but it’s superior to outright disabling it like Mull did, as disabling it is fingerprintable. This approach still prevents any leaks. This is similar to the behavior of Arkenfox, though even stricter; Disabling WebRTC entirely was a Mull-specific change.
Prevents using system accent colors due to fingerprinting concerns
Enables fdlim for math, due to it being more resistant to fingerprinting This is already enabled via ‘Resist Fingerprinting’ (RFP), which both Mull & IronFox enable by default, but this still enables it for users who disable RFP.
Explicitly enables various protections from Firefox’s ‘Strict’ tracking protection that are active on desktop, but not mobile in most cases (Ex. bounce tracking protection).
Uses dFPI/TCP (Firefox’s Total Cookie Protection) instead of FPI for state partitioning, as FPI is no longer maintained and causes more breakage. Arkenfox itself also uses dFPI instead of FPI, so enabling FPI was a Mull-specific change.
Restricts tracking referers
Improves Firefox’s built-in query stripping by expanding the list to match Brave & LibreWolf’s
Disables password truncation
Disables more JIT
Disables SharedArrayBuffer using window.postMessage
Prevents websites from downloading unlimited files without user consent… can be abused for denial of service
Enables additional Spectre mitigations
Enables Cookie Same-Site Schemeful, Lax by default, and None only if secure
Enables Trusted Types
Disables marking JIT codepages as both writable and executable
Enables certain performance enhancements & minor QOL changes
Disables ETP WebCompat & Heuristics to harden Firefox’s tracking protection
Etc…

Like @Cue said, I’m planning to create the comparison table as mentioned above, which will give you a better idea of these changes and what they mean in context. I’m also working on overhauling Phoenix’s features page in general, as it’s fairly outdated at this point.

In the meantime, this should give you a rough idea of IronFox/Phoenix’s changes compared to Mull/Arkenfox.

Also worth noting that this is based off of IronFox’s current release. IronFox’s next release will contain more changes when compared to Mull due to various patches we’ve introduced, such as:

Enabling per-site process isolation (Fission) + the option to disable it
Enabling Firefox’s built-in cookie banner blocking
Disabling search suggestions
Replacing Mozilla’s recommended extensions with exclusively uBlock Origin
Disabling Password Manager/Autofill by default
Etc…