- ironfox doesnt use arkenfox, simple
- based on the above fact, according to me deviated from mull
- arkenfox is synonymous for privacy
Interesting comparison.
Could you not add the arkenfox edits along with Phoenix and Tor Uplift? The more the better in my view.
Its also pretty sad to see how much anger and bitterness there is within a movement designed for freedom.
1 Like
Phoenix includes the same hardening & changes as Arkenfox⌠except as already explained above, is also both more comprehensive and tailored to Android.
Mull itself also made its own changes on top of Arkenfox - so I guess you think Mull deviated from itself? 
Itâs still unclear how this change deviates from Mullâs values and ideals; in fact, Iâd argue that using Phoenix both directly aligned with Mullâs goals & mission, and even furthers its mission.
I encourage you to take a closer look at Phoenix - check out the README, the wiki, look at the configs, etcâŚ
Indeed. I (as well as the other maintainers) genuinely have nothing but respect and support for F-Droid, and its core values/mission. Itâs a truly incredible project that has been invaluable at pushing the FOSS movement forward; F-Droidâs existence is a net good thing IMO. I really wish some folks would understand that our stance isnât meant as a personal attack against F-Droid; we are simply looking at objective, technical issues. We will gladly support IronFoxâs inclusion on F-Droidâs main repo in the future if we feel itâs feasible to do so; but weâre not going to rush an important decision like this - There are a lot of factors to consider, and ultimately, we have to do whatâs right for our users.
3 Likes
No one is stating otherwise that this is one step towards or onwards, but the way stinking has beheath the git, I sincerely believe, everyone needs to calm down and work towards the betterment and not play pickle monday over.
2 Likes
Privacy vs performance? Ironfox is the same as Mull wasâŚ
To my experience uBlock Origin has nothing to do with these tests but FYI it was enabled along with Dark Reader.
Dark Reader is known to cause issues with Mull/IronFox unfortunately (due to Resist Fingerprinting (RFP), which we enable). Iâd be curious to see the results without Dark Reader.
Mull & IronFox do both enable hardening that can lower performance (such as disabling JavaScript JIT due to security reasons), so it wouldnât surprise me if you are seeing lower scores compared to standard Firefox/Fennec.
1 Like
Thank you. I looked over that table a while ago, but I recall also reading somewhere that the differences between desktop and Android Firefox are different enough to warrant different approaches. Would you consider making a similar table for Gecko-based Android browsers?
While Iâm asking for favors, could Betterbird be included on your Dove table?
A compromise that many fail to articulate is that both security and privacy require that trust be placed somewhere. Most of us are unable or unwilling to put in the effort to build (in the broader sense not just building executables/apks) these tools for ourselves. F-Droid has earned a sense of trust from this community over the many years, so that even as there may be faults, there is a safety in knowing that the F-Droid build process can prevent certain things from falling through the cracks. Skewedzepplin had been contributing for a very long time. I personally would get my updates from the DivestOS repository, but had he been a new contributor, I would likely have looked to the main F-Droid repository first. While I would also prefer to get Ironfox releases as fast as possible through either Obtainium or your own repository, having reproducible builds that F-Droid can verify will help in gaining the trust of a community that takes a while to give it.
1 Like
Ironfox without Dark Reader is posted above. Itâs the same performance as Firefox with Dark Reader.
Iâve posted to Mull dev. He had recommended some changes via about:config to what you mention, but they didnât help.
1 Like
Yes, I will, and Iâll post it here when itâs ready. 
Iâll look into it and will likely have it added shortly, thanks for letting me know.
I completely understand your perspective. Ultimately, trust is something that takes time to build, and you should especially be careful trusting something when itâs as critical as a web browserâŚ
We will do what we can to remain as transparent and open as possible with our work, while we remain committed to our goals of enhancing the privacy, security, & freedom of Firefox.
1 Like
dream on⌠having normal builds is good enough for this monster
3 Likes
So⌠Now frdroid is a monster?
Not google?
If you seek for monsters you will find them. Anywhere.
Read againâŚin contextâŚ
1 Like
Those statements are two of the few that make any sense to me in this whole argument, the rest is meaningless mumbo-jumbo as far as I am concerned. As a simple user of this gadget I really donât know and donât care what the technical discussions represent, so I have to place my trust in a body or organisation that most closely matches my wants. At the moment that is F-Droid, and will stay that way unless somebody convinces me otherwise.
To be clear, I have never claimed you shouldnât trust F-Droid.
In the statement you quoted âmonsterâ meant large not evil. It also referred to IronFox not F-Droid.
1 Like
Everyone. Let us not fight, nor keep on mulling over this. Makes no sense and just wastes everyoneâs time.
If ironfox follow what FD inclusion policy is, and wants to provide within FD direct repo, good enough, else let us just let it go. No point in endless arguing, bickering and what not. If they wish to do so in future, or never, one cannot force them.
Finally, if someone has knowledge, fork Mull and do what ironfox does not want to. Straightforward at that.
3 Likes
I know you understandably want to draw a line under things, but could we please get an exact list of the ways in which IronFox differs to Mull (@celenity) just for the sake of direct clarification.
1 Like
This has already been asked several times, and he already said that he is planning to do this. Both Mull and Ironfox are open source, so anyone who canât wait can step in and compare the projects.
2 Likes
Yes, thatâs a reasonable request. This is fairly rough and far from complete, but here are the notable changes off the top of my head:
-
We enable support for Google Safe Browsing. Mull enabled Safe Browsing as well; but Tavi didnât have an API key, so it never actually worked on Mull. We added the API key, so it works. Our plan is to disable Safe Browsing by default and leave it up to the user to enable, but on the current build (134.0.0), itâs partially enabled by default due to a bug, but this will be fixed next release.
-
As discussed above, we now use Phoenix instead of Arkenfox. Phoenix includes the hardening of Arkenfox, but is also more comprehensive, and weâre using the
Androidversion, which is specifically tailored to Android.
In terms of how Phoenix itself compares to Mull/Arkenfox, Phoenix:
- Disables Origin Trials
- Disables X-Frame Options Error Reporting
- Covers more telemetry prefs for defense in depth
- Removes special privileges granted to certain Mozilla domains
- Disables Preconnect
- Disables Early Hints
- Upgrades local content as part of HTTPS-Only Mode
- Blocks insecure display content & object subrequests
- Disables DNS over HTTPS connectivity checks
- Fixes IPv6 connectivity issues when using DNS over HTTPS
- Enables Certificate Transparency
- Disables Region updates
- Sets the fallback network geolocation provider to BeaconDB instead of Google
- Enables WebRTC, but enables mDNS host obfuscation and forces it to exclude local IP addresses. This effectively breaks WebRTC; but itâs superior to outright disabling it like Mull did, as disabling it is fingerprintable. This approach still prevents any leaks. This is similar to the behavior of Arkenfox, though even stricter; Disabling WebRTC entirely was a Mull-specific change.
- Prevents using system accent colors due to fingerprinting concerns
- Enables
fdlimfor math, due to it being more resistant to fingerprinting This is already enabled via âResist Fingerprintingâ (RFP), which both Mull & IronFox enable by default, but this still enables it for users who disable RFP. - Explicitly enables various protections from Firefoxâs âStrictâ tracking protection that are active on desktop, but not mobile in most cases (Ex. bounce tracking protection).
- Uses dFPI/TCP (Firefoxâs Total Cookie Protection) instead of FPI for state partitioning, as FPI is no longer maintained and causes more breakage. Arkenfox itself also uses dFPI instead of FPI, so enabling FPI was a Mull-specific change.
- Restricts tracking referers
- Improves Firefoxâs built-in query stripping by expanding the list to match Brave & LibreWolfâs
- Disables password truncation
- Disables more JIT
- Disables SharedArrayBuffer using
window.postMessage - Prevents websites from downloading unlimited files without user consent⌠can be abused for denial of service
- Enables additional Spectre mitigations
- Enables Cookie
Same-Site Schemeful,Lax by default, andNone only if secure - Enables Trusted Types
- Disables marking JIT codepages as both writable and executable
- Enables certain performance enhancements & minor QOL changes
- Disables ETP WebCompat & Heuristics to harden Firefoxâs tracking protection
- EtcâŚ
Like @Cue said, Iâm planning to create the comparison table as mentioned above, which will give you a better idea of these changes and what they mean in context. Iâm also working on overhauling Phoenixâs features page in general, as itâs fairly outdated at this point.
In the meantime, this should give you a rough idea of IronFox/Phoenixâs changes compared to Mull/Arkenfox.
Also worth noting that this is based off of IronFoxâs current release. IronFoxâs next release will contain more changes when compared to Mull due to various patches weâve introduced, such as:
- Enabling per-site process isolation (Fission) + the option to disable it
- Enabling Firefoxâs built-in cookie banner blocking
- Disabling search suggestions
- Replacing Mozillaâs recommended extensions with exclusively uBlock Origin
- Disabling Password Manager/Autofill by default
- EtcâŚ
2 Likes