Our new officially-supported repository allows users of the F-Droid client to install the browser and receive automatic updates without requiring Google Play.
However, it is maybe a bit excessively prohibitive in it’s attempts to provide privacy/security.
And there are a few issues that leave some privacy options wide open for some reason.
To the 1st point, they use a couple dozen different blocklists, using uBlock. Those default lists block sites that can test your browser for security and privacy vulnerability. Eg one of the most used and ubiquitous sites: browserleaks.org is blocked.
Which brings me to 2nd point.
I always check webrtc for leaks. In Mozilla/Firefox builds that is media.peerconnection.enabled in about:config.
In the plethora of blocklists used by ironfox two are conspicuously left unchecked: block webrtc and unbreak webrtc.
And, for whatever reasoning, in about config, yep, peerconnection is enabled. As is webgl.
Maybe I don’t get out much, but I have never experienced an issue with any website that required webrtc, webgl, or wrbgpu be enabled. (They are each significant attack surfaces and each leak data you didn’t know was being leaked)
I’m not using iron fox to use teams or make a video call. There is zero reason for it.
And blocking sites that check these has me maybe a little cautious on it really being the thing it says it is.
LibreWolf does not exist on Android?
Not in name, but by all means the idea does.
Iron fox is great.
Was my first impression.
However, it is maybe a bit excessively prohibitive in it’s attempts to provide privacy/security.
And there are a few issues that leave some privacy options wide open for some reason.
To the 1st point, they use a couple dozen different blocklists, using uBlock. Those default lists block sites that can test your browser for security and privacy vulnerability. Eg one of the most used and ubiquitous sites: browserleaks.org is blocked.
Which brings me to 2nd point.
I always check webrtc for leaks. In Mozilla/Firefox builds that is
media.peerconnection.enabledin about:config.In the plethora of blocklists used by ironfox two are conspicuously left unchecked: block webrtc and unbreak webrtc.
And, for whatever reasoning, in about config, yep, peerconnection is enabled. As is webgl.
Maybe I don’t get out much, but I have never experienced an issue with any website that required webrtc, webgl, or wrbgpu be enabled. (They are each significant attack surfaces and each leak data you didn’t know was being leaked)
I’m not using iron fox to use teams or make a video call. There is zero reason for it.
And blocking sites that check these has me maybe a little cautious on it really being the thing it says it is.