Anyone tried already?
It just appeared on F-droid.
Anny notices?
Works fine as a browser… Some parts of the UI are slow, like the tab part. (i blame flutter for that)
Dunno about security, but has some advanced toggles there.
Maybe @SkewedZeppelin already probed it?
1 Like
their F-Droid version is nicely built from source using a fork of fennecbuild
just have to hope it keeps up with updates quickly
but I didn’t specifically look at how they handle (default) settings, hopefully they would be inline with vanilla or arkenfox.
IronFox is likely better for privacy, but I still recommend just sticking to official Firefox or Fennec or Tor Browser.
4 Likes
3 posts were split to a new topic: Questions about Privacy Beowser
I just tried it and:
Appears not to be a WebView browser but contain its own rendering engine, though this raises the question did they rip out all Mozilla’s phone-home parts?
Appears to identify itself as vanilla Firefox. Which is good (but perhaps not the “hide in the crowd” setting it might have once been)
Its initial landing page which has a “search” box doesn’t appear to be able to search for anything. Then upon closing that…
Uses some sort of weird container system for managing tabs… maybe this is what all the kids are using these days but it struck me as non intuitive. Took me longer than I like to admit to even figure out how to navigate.
In the settings… “Enhanced Tracking Protection”… Is that a phone home service? Also I see Google “Safe Browsing” (I hate even using the name) under Web Hardening. A privacy browser that even contains that let alone labels it as a web hardening feature scares me.
My final verdict is that at best it’s no better than my current Cromite, at worst it’s terribly invasive, and most likely mommy medicine. I’m not persuaded to switch.
uses the Mozilla Gecko engine, yes… as it says everywhere https://docs.weblibre.eu/ and WebLibre: Private Browser | F-Droid - Free and Open Source Android App Repository and etc
that’s the name of the thing…
I don’t appear to be able to turn off “Safe Browsing”. That’s a hard no-go for any privacy browser.
If that’s really the case, and I don’t just have some other setting turned on which forces “Safe Browsing”, then that elevates this browser from “I won’t use” to “I actively disuade anyone from using”. And perhaps to advocate for “Tracking” antifeature status to be applied.
Yes, which is why I used it, but it’s a name which belies its purpose, which is why I hate using it.
Why? Firefox’s implementation of this can be configured to performs the checks entirely client side.
This is the standard name of the Firefox feature.
It has to check against something. It’s either sending my URL’s out per URL or reaching out (to where? how often?) to grab blacklist URL hash tables. In the first case it’s 100% tracker. In the second it’s a connection I didn’t authorize or vet and apparently can’t turn off and itself an IP tracker and rough locator.
Neither of those behaviours (behind a fake on-off switch???) are consistent with a privacy-enhanced browser.
Why have the setting with a pretend on-off switch? Am I missing something - this can’t be always on with no option to disable.
Oh fair enough. I just don’t use Firefox, and didn’t recognize it. I wondered if it too was some sort of phone home (per URL or against downloaded lists) system. The name and description are suggestive of something like that.
Mozilla and ~once every 30 minutes.
Gecko inherently makes a bunch of connections to Mozilla regardless.
It should still have an off switch (albeit with a strong warning).
Also I didn’t actually verify they configured Safe Browsing correctly to be strictly client side.
But in general client side Safe Browsing is a very good thing.
Yes, it downloads databases from Mozilla.
WebLibre probably isn’t better than Cromite, but Cromite is currently two weeks behind and has 12 known security issues.
I honestly wouldn’t recommend either.
edit: WebLibre is already 3 minor versions behind: Please display Gecko version prominently · Issue #30 · FaFre/WebLibre · GitHub
edit 2: Document non-libre release channels · Issue #31 · FaFre/WebLibre · GitHub
1 Like
If you don’t mind me asking sorry if I am taking up valuable time. (cause I am not informed on the matter)
Is there any particular reason why you don’t recommend IronFox? Like is it simply cause it hasn’t withstood the test of time or is there technical reasoning behind it or other reasons or all of the above?
Would just like to know so I can make a informed decision myself. Mainly cause I am stuck in a eternal loop of picking out browsers cause I have a lot of needs but that’s not the point. Point being any info that can help point me in the right direction can help.
Also are there any Fennec configurations (in about:config) you would recommend adjusting or would you say leave it be?
May I interrupt and put my 2 €urocents?
Ironfox by default is so much hardened that it breaks browsing and is the slowest of all - even after lowering security.
Even Fennec pulls 4 in my test and fastest is Iceraven - over 5.
I’m just trying it again and guess what - it proposed me Google safe browsing…
I’ve installed via FFUpdater so means Gitlab.
I do understand this but this is pretty usual behaviour amongst hardened Firefox browsers and configs. Well at least for me cause i usually apply some extra touches to them that slow them down even further and break sites even more. So it’s not a dealbreaker for me I am used to torturing myself with that kind of stuff.
Although I do have to agree site performance in IronFox in particular has always been hit or miss with me even in default configuration. A site could not work in it one day and then try it again later and everything’s fine. It definitely is more consistent in other Firefox browsers hardened or not.
Also just saying. I’m pretty sure Iceraven uses Google safe browsing just silently. I have read from sources that it does in fact do so and while i cannot validate those sources i will say i do see Iceraven is occasionally making direct connections to Google Safe Browsing (and it can only be Iceraven as that is the only app i was logging connections for to test.) Whereas while IronFox has it too they at least give you the ability to easily opt out and proxies the Safe Browsing connections so your IP address isn’t revealed to Google. (Once again did log connections to check in a different test and also their past GitLab changelogs did talk about them making a Proxy and Making a user facing toggle for it.)
Bottom line if you really don’t want to even have a single sight of Google Safe Browsing I think Fennec is AFAIK the only good and viable option. Could be wrong there but I have not seen any Safe Browsing connections being made at all and I don’t see a user facing toggle to turn such a feature on. I however don’t like any sign of Google Services myself no matter how private the implementation may be as in I would definitely like to avoid unnecessary references and usage of their services whenever possible.
1 Like