Add IronFox to F-Droid (Mull continued)

gallegonovato · March 18, 2025, 8:19pm

First of all I apologize for the inconvenience.

But in this latest version of Ironfox, ublock is still happening the same as I commented in Codeberg.

I don’t know if it’s just me

Also a suggestion if I may. Of search engines Qwant I think it was also sold, as well as Metager. I don’t know what you think:

Searx Instances: https://searx.space/
LibreX: GitHub - hnhx/librex: Framework and javascript free privacy respecting meta search engine , searx-instances/searxinstances/instances.yml at master · searxng/searx-instances · GitHub
https://www.mojeek.com/

Also, if you allow me. I don’t know if you could add Chameleon – Consigue esta extensión para 🦊 Firefox (es-ES) to the list of applications you recommend during the installation of Ironfox. Since this add-on serves to further spoof the fingerprint.

A hug

bigsmoke · March 19, 2025, 12:20am

The issue was present in the update before todays and it also affects todays release too

I back adding chameleon too

bond007 · March 19, 2025, 5:49pm

Thanks for your kind reply.
We enable support for Google Safe Browsing
Where is the option to disable it in settings?

When is the per site isolation option going live?

Please share link to the comparison table whenever you make it live.

Oh man that gitlab page seems like a fight ring.

Will test the latest version in different devices and will report back. Few more questions-
Some devices support version armeabi-v7a and arm64-v8a also. Say the latter is installed and then after an update is posted on gitlab, this time the former version is installed (updated is the right word here). Then will there be any issues? The size of both versions is different so this question.

Let us say one has opened 10 tabs in ironfox and then the updated version is installed then will those 10 tabs be still there after an updated version is installed?

I am testing iron fox in some old devices. They keep on becoming slower and slower with the updates as those old devices have like 2gb ram and some low end processor. If the version is not updated then the addons installed automatically get disabled. What string to edit in about:config so that the addons are reactivated even if the version is out of date?

Lastly besides you how many devs are maintaining ironfox?

bond007 · March 19, 2025, 5:51pm

Is chameleon the best addon to spoof the fingerprint and is it like the ublock of anti fingerprints?

@celenity
The browser already has inbuilt features to resist fingerprinting. Is an addon on type of it required?

gallegonovato · March 19, 2025, 6:15pm

Good afternoon:

Ironfox in the user.js it carries has options to mitigate fingerprinting. But it always leaves traces on the Internet.

You can try doing these tests:

https://deviceinfo.me/

https://www.doileak.com/classic.html

https://arkenfox.github.io/TZP/tzp.html

https://abrahamjuliot.github.io/creepjs/index.html
https://fingerprintjs.github.io/fingerprintjs/

To name a few.

The millions of complements you put the footprint will give more. I, for example with chameleon you can put that it comes out that you are browsing in a computer browser, random and x that changes every so often. Among other things.

A hug

celenity · March 19, 2025, 7:17pm

@bigsmoke

What happens if you try a fresh install of IronFox (if you’re able to)?

@bond007

The option isn’t currently exposed in the UI (We’d like to add it though), but you can set browser.safebrowsing.features.malware.update & browser.safebrowsing.features.phishing.update to false in your about:config.

I assume you’re referring to fission: we already enable it by default, but you can disable it with the following steps (though this isn’t recommended):

Navigate to IronFox’s Settings, scroll down to the bottom, and select About IronFox.
Tap the IronFox logo at the top 5 times until you see a message stating Debug menu enabled.
Go back to Settings, and select Nimbus Experiments. It should be at the bottom of the About section, below Secret Debug Info)*.
Select Android Fission+SHIP Nightly experiment (It should be the second option). Choose fission-off, restart IronFox, and you should be good to go. You can also follow these same steps to re-enable Fission, except you’ll want to choose fission-on instead of fission-off…

I haven’t personally tested this (So I may be incorrect), but I believe you would just receive an error when updating, as the architecture wouldn’t match what you currently have installed. This would apply for other apps as well, not exclusively IronFox. Just stick to the same architecture when installing/updating, and you won’t have any issues.

Yes, the 10 tabs would still be there.

I don’t understand what you mean by this, can you please elaborate?

There’s 4 of us total, though most development for the app itself is from me and one other person. (The 3rd person primarily helps with ex. the build server & website, the 4th has been inactive for some time… though helped set-up/organize the community spaces when they were around).

No, it isn’t required, and extensions like Chameleon should be avoided. See here for some reasoning as to why (under the Anti-Fingerprinting Extensions section). Unnecessary extensions like this simply make you more fingerprintable, add additional attack surface, can reduce performance, etc. It’s best to keep extensions at a minimum and only use what you need.

@gallegonovato

Fingerprinting tests like these are flawed and not indicative of what actual fingerprinters are looking for in the real world. This isn’t to say they aren’t useful in certain circumstances, but you have to understand what they’re doing and what you’re looking for.

gallegonovato · March 20, 2025, 1:49pm

Good afternoon @celenity

First of all thank you very much for your work.

Also comment that arkenfox launched some changes in its user ToDo: diffs FF135-FF136 · Issue #1950 · arkenfox/user.js · GitHub

And that already begins to have things of the ia as: 🦊 Firefox AI Chatbot Sidebar | Open WebUI , Playing with AI inference in Firefox Web extensions . And entries like: browser.ml.chat.enabled or browser.ml.

The problem with browser settings is that they are very difficult to adapt to each person. For example arkenfox comments: Arkenfox does not consider Firefox telemetry to be a privacy or security concern ( v135 (#1929) · arkenfox/user.js@3d76c74 · GitHub ). And on the other hand, for me, a browser calling home often and sending things is not good.

It is the same as in Ironfox I see that in about:config is active that currently automatically search for add-ons. And I prefer to do it manually when I want. I know you can tell me that I would be with the bugs of the previous version. But also the browser is always connecting and searching.

A possible attacker would be interested in as much information as possible. Even to the web. So that he can exploit that we have autoplay active, access to storage, camera, sensors,etc…

Any information they can get from us, our devices is vital to them.

For example you can also use CanvasBlocker – Consigue esta extensión para 🦊 Firefox (es-ES) although with the changes in the about:config it is more protected than in older versions such as: Icecat mobile, etc…

For example, Chameleon. Better not to use to randomize our footprint, but to hide the window size, one of the most specific parameters of our browser. According to arkenfox this is undesirable because it shows the css and matchmedia.

To mitigate the above, in Headers we will check Prevent Etag Tracking.

In the Options section, Injection, Block CSS Exfil, protect window name, fake client rects and screen size, choosing 1920x1080.

The other options should be marked by the user.js changes so we won’t touch anything else. It is not necessary then to give privacy permissions, besides that it can cause conflicts with the values of the mentioned user.

If some web gives error, we go to the section of White list, we give to Open in white list and we add this page.

The problem with the fingerprint is that the more completes you have, the worse it is. And nowadays I think it is more complicated not to leave a trace, than the probability of winning the lottery.

Then in the about:config there is a bunch of Google stuff that could be removed.

Then I don’t know if it would be possible to make it possible to copy the title of the entry that is in about:config? This would help a lot to try to find information from it.

The problem of making a browser private varies from person to person. It’s the same as block lists, and allowing things from social networks (for example). And it would give for a dissertation that would last several days. And sometimes it will be impossible to agree.

A hug

Pd: A question if it is not a bother. To lock in the browser without ublock. For example to not enter social networks would be:
“urlclassifier.features.socialtracking.s kipURLs”, “*.instagram.com, *.twitter.com, .twimg.com,.x.com”.

O

“network.dns.blocklist.add”, “tiktok.com, facebook.com, x.com”

If I’m not mistaken I think it’s the second option. And also if I’m not wrong it supports for example: *x.com

But I am not sure

Pd: then it could be used:

user_pref(“urlclassifier.trackingSkipURLs”, “*.reddit.com, *.twitter.com, *.twimg.com, .tiktok.com"); (entre otras webs)
user_pref(“urlclassifier.features.socialtracking.skipURLs”, ".instagram.com, *.twitter.com, *.twimg.com”)
user_pref(“network.cookie.cookieBehavior.optInPartitioning”, true)
user_pref(“browser.download.open_pdf_attachments_inline”, false)
user_pref(“browser.preferences.moreFromMozilla”, false)
user_pref(“extensions.htmlaboutaddons.recommendations.enabled”, false)
user_pref(“browser.preferences.moreFromMozilla”, false);
user_pref(“browser.aboutConfig.showWarning”, false);
user_pref(“browser.aboutwelcome.enabled”, false);
user_pref(“browser.profiles.enabled”, true);
user_pref(“toolkit.legacyUserProfileCustomizations.stylesheets”, true);
user_pref(“browser.compactmode.show”, true);
user_pref(“browser.privateWindowSeparation.enabled”, false);
user_pref(“browser.download.manager.addToRecentDocs”, false)
user_pref(“browser.bookmarks.openInTabClosesMenu”, false);
user_pref(“browser.menu.showViewImageInfo”, true);
user_pref(“findbar.highlightAll”, true);
user_pref(“layout.word_select.eat_space_to_next_word”, false)
user_pref(“cookiebanners.service.mode”, 1);
user_pref(“cookiebanners.service.mode.privateBrowsing”, 1)

And Google Safe Browsing all in false

bigsmoke · March 27, 2025, 1:31am

I’ve uninstalled and reinstalled it several times over now and still getting the glitch where it jumps back to the previous page, no such similar issues in Brave.

bigsmoke · March 30, 2025, 12:19am

@celenity do you think this addon could improve privacy on ironfox?

SkewedZeppelin · March 30, 2025, 12:59am

@bigsmoke
it is in the “Don’t Bother” list: 4.1 Extensions · arkenfox/user.js Wiki · GitHub

celenity · March 30, 2025, 1:14am

Yeah, I agree with the points listed there. The only case where I think LocalCDN might be worth considering is if you block all third party requests with uBlock Origin (/use their advanced blocking modes), as it can help reduce breakage - but otherwise I think it probably does more harm than good and is best to avoid.

bigsmoke · April 3, 2025, 12:28am

Its STILL doing the jump back to previously viewed page thing, its really f+cking annoying

bigsmoke · April 3, 2025, 10:19pm

Now I can’t access anything after installing the latest update. I uninstalled and reinstalled and it worked fine, then I added ublock and it stopped working again. This app has gone to shit

celenity · April 3, 2025, 11:23pm

@bigsmoke

You are the only person who has reported any kind of issue of this nature, so it’s unclear how IronFox is going to shit. I assume that you’re on lower-spec/older hardware, so uBlock Origin may just be taking time to initialize on first set-up due to our custom config. Simply waiting/allowing it time to process/set-up would almost certainly solve the issue. Otherwise you could also try using uBlock Origin with its standard config by setting the value of browser.ironfox.uBO.assetsBootstrapLocation to https://raw.githubusercontent.com/gorhill/uBlock/master/assets/assets.json in your about:config.

Insulting us/our work and complaining on a random forum thread is counter-productive and not at all the proper way to report bugs or seek support - the same applies for any other FOSS software out there, this isn’t just limited to us/IronFox. We’ve previously told you to file reports on our issue tracker (which we have on both Codeberg & GitLab), as it’s otherwise extremely difficult to remember and effectively prioritize + solve issues, but you don’t seem interested in doing that. Nevertheless, up until this point, we’ve still been patient with you and gone out of our way to provide you support, address your concerns, and listen to your feedback.

Unfortunately, since you’ve now resorted to insults, that’s over. We’re no longer going to go out of our way to offer you support unless you use the appropriate channels (again, like you’ve been repeatedly instructed to) and do the bare minimum by ceasing to disrespect and insult us. We do not think this is a big ask, it’s a basic courtesy you should also give to any other FOSS project of similar nature. If you’re willing to change your behavior; great, we’d love to hear from you. Otherwise, no worries, we’re just going to find more productive ways to spend our time.

Cue · April 4, 2025, 1:19pm

The IronFox Matrix space is also quite active in case one has a question that might not be at the level of a bug/issue.

bigsmoke · April 5, 2025, 2:52pm

You haven’t gone out of your way to do anything lol, it usually takes several days for you to respond. And why should I join random sites when you are here? Why do I need to follow you around? I’m probably the only person who has reported an issue of this nature because you expect everybody else to join a different site, learn the interface and post a report for you

vdbhb59 · April 5, 2025, 3:08pm

Okay, I can see we have reached a point where bickering and diaper-fights are ongoing.
Let us cease the fire here and call it a truce. No need to be old and nasty with anyone.
FYI: This is not any random forum, but it maybe for whoever sees it that way.
Finally, if we do not stop the classic nonsense here, I may be forced to tighten the ropes and call out the truce forcibly.

Now to some points:

@bigsmoke : Irrespective of the time taken to respond, if one does revert, I will call that something. You may see it otherwise, but let us take what is provided for here and be happy. If you need quick assistance, please raise it in their official channels. They are under no obligation to anyone. Moreover, I am sure they have a LIFE too, which should take precedence over anything else.

@celenity : While everyone here and I personally am glad you help out as and when feasible, please do us a favor, and understand, F-Droid and this F-Droid Forum are not random. IronFox does have a F-Droid repo for the users to get them. Moreover, every software is ultimately for the end users and definitely by the users. Just want to make everyone understand, this open source community also is same, and hence let us all respect each as we want it back.

Having said this, again, please let us all maintain decorum and be nice to each other, even if we only know each other by some username.

bigsmoke · April 5, 2025, 4:00pm

I agree with this

celenity · April 5, 2025, 6:55pm

Seeing as how we do technically support F-Droid via our repo, you’re right that I shouldn’t have referred to this forum as random @vdbhb59, I didn’t mean any offense by that and I apologize if any was taken.

That being said, I want to emphasize that we put a significant amount of time and resources into developing IronFox, and it’s provided completely free (both free as in free beer and free as in freedom) to anyone who wants to use and modify it. You (referring to users) don’t owe us anything for this, but we also don’t owe you support when you disrespect and insult us/our work completely unprovoked, especially when that support is requested over an unofficial/unsupported channel in the first place.

I’ve personally seen how some developers can act very entitled - and frankly just be assholes to users for trying to help (ex. when people don’t perfectly fill out their issue template in a specific way, etc…), so this is something I’m conscious of and I hope that’s not how this is coming off, as it isn’t the intention. I just feel that asking you to not insult or demean us if you want our support is the bare minimum.

We’ll continue to reply here on a best-effort basis, but we don’t actively use this platform so there are no guarantees at timely replies.

Like others have said here, we offer various official channels to provide support and for users to report issues:

You’re still welcome to report issues or request support on this thread (or anywhere else), but again understand that it will be provided on a best-effort basis, and we may or may not see your reply/concern and fix your issue.

vdbhb59 · April 5, 2025, 8:58pm

No no mate. All in good sense. I know you did not mean that, and I believe I went too much into my mod/admin role there.

I completely agree. Any time, be it 1 second or hours or days, is really appreciated and words can sometimes fall short of our gratitude for the same.

I have faced many a times the burn myself so I know where and how you are coming into this.

Once again, let me emphasise for everyone here: developers do so much in good faith and the least we can do is return the respect and stay humble as possible. If one can donate then as well

Peace sparrows to all (I just love sparrows).