Tags give the ability to mark specific points in history as being important
-
2025.04.11.1
cfa927a0 · ·____ * Heavily optimized and significantly improved the performance of our [uBlock Origin configuration](https://codeberg.org/celenity/Phoenix/src/branch/pages/uBlock/assets.json) - **See [here](https://gitlab.com/ironfox-oss/IronFox/-/releases/v137.0.1#update-your-ublock-origin-configuration) for details on the recommended way to update**. * **DESKTOP**: Added back `Cloudflare` & `NextDNS` as built-in DNS over HTTPS providers, in addition to Cloudflare's `Malware Protection` & `Family Protection` variants. **Note that we still use `Quad9` by default**. **It should also be noted** that the built-in standard, `Cloudflare` **`Unfiltered`** DNS provider has a [stricter privacy policy](https://developers.cloudflare.com/1.1.1.1/privacy/cloudflare-resolver-firefox/) than the `Malware Protection` & `Family Protection` variants, [due to a contract with Mozilla](https://wiki.mozilla.org/Security/DOH-resolver-policy). - `doh-rollout.provider-list` -> `[{"uri":"https://dns.quad9.net/dns-query","UIName":"Quad9 - Real-time Malware Protection","autoDefault":true},{"uri":"https://zero.dns0.eu","UIName":"DNS0 (ZERO) - Hardened Real-time Malware Protection","autoDefault":false},{"uri":"https://dns0.eu","UIName":"DNS0 - Real-time Malware Protection","autoDefault":false},{"uri":"https://base.dns.mullvad.net/dns-query","UIName":"Mullvad (Base) - Ad/Tracking/Limited Malware Protection","autoDefault":false},{"uri":"https://dns.adguard-dns.com/dns-query","UIName":"AdGuard (Public) - Ad/Tracking Protection","autoDefault":false},{"uri":"https://dns.mullvad.net/dns-query","UIName":"Mullvad - Unfiltered","autoDefault":false},{"uri":"https://wikimedia-dns.org/dns-query","UIName":"Wikimedia - Unfiltered","autoDefault":false},{"uri":"https://firefox.dns.nextdns.io/","UIName":"NextDNS (Public) - Unfiltered","autoDefault":false},{"uri":"https://unfiltered.adguard-dns.com/dns-query","UIName":"AdGuard (Public) - Unfiltered","autoDefault":false},{"uri":"https://kids.dns0.eu","UIName":"DNS0 - Kids","autoDefault":false},{"uri":"https://family.dns.mullvad.net/dns-query","UIName":"Mullvad (Family)","autoDefault":false},{"uri":"https://family.adguard-dns.com/dns-query","UIName":"AdGuard (Public) - Family Protection","autoDefault":false},{"uri":"https://extended.dns.mullvad.net/dns-query","UIName":"Mullvad (Extended) - Ad/Tracking/Limited Malware/Social Media Protection","autoDefault":false},{"uri":"https://all.dns.mullvad.net/dns-query","UIName":"Mullvad (All) - Ad/Tracking/Limited Malware/Social Media/Adult/Gambling Protection","autoDefault":false},{"uri":"https://security.cloudflare-dns.com/dns-query","UIName":"Cloudflare - Malware Protection","autoDefault":false},{"uri":"https://mozilla.cloudflare-dns.com/dns-query","UIName":"Cloudflare - Unfiltered (Stricter privacy policy)","autoDefault":false},{"uri":"https://family.cloudflare-dns.com/dns-query","UIName":"Cloudflare - Adult Content/Malware Protection","autoDefault":false}]` * **DESKTOP**: Disabled installation of add-ons by default, and reset it back to `false` per-session. **Note that this has no impact on already installed add-ons, and has no impact on updates. Additionally, Firefox will prompt you to re-enable the ability to install add-ons when you attempt to install one**. To be absolutely clear, I will **never** remove the ability for users to install add-ons in Phoenix. All this does is add an extra layer of protection by ensuring the ability to install add-ons is only enabled when users need it, and disabled the rest of the time. - `xpinstall.enabled` -> `false` * **DESKTOP**: Extensions can now be installed from sources outside of the AMO *(`addons.mozilla.org`)* and our built-in exceptions. **INSTALLING EXTENSIONS FROM OUTSIDE OF THE AMO IS STRONGLY NOT RECOMMENDED**. This gives users greater freedom and control over their browsing experience, which is one of Phoenix's primary goals, and it also has other benefits. For instance, with the previous approach, users couldn't override and prevent the sources we allowed *(ex. the AMO)* from being able to install extensions if they desired. This is no longer the case, meaning users can have an even safer browsing experience if they desire. I believe that the new defenses we've added in this release allow this to be done in a safe way, as we can ensure extensions are only installed when users make the explicit, conscious decision to install them. * **DESKTOP**: Removed our built-in custom add-on recommendations from `about:addons`, as they're incompatible with our recent changes, simply unnecessary, and provide a better, cleaner UX when disabled. We'll just leave these recommendations on our [wiki page](https://codeberg.org/celenity/Phoenix/wiki/Recommended-Extensions). - `extensions.getAddons.discovery.api_url` & `extensions.recommendations.privacyPolicyUrl` -> ` `, `extensions.getAddons.showPane` -> `false` * **DESKTOP**: Stopped enforcing extension updates via policies to ensure that users can always disable if desired, **though this is STRONGLY discouraged**. * **ANDROID**: Explicitly enabled the ability to install add-ons by default to expose the setting via the `about:config`. *(Unlike desktop, Firefox unfortunately doesn't prompt users on mobile to re-enable this functionality, so we won't set it there by default, but we can still expose it via the `about:config` to make it easier for users to disable on their own if desired)* - `xpinstall.enabled` -> `true` * Enabled [HTTPS-First](https://support.mozilla.org/kb/https-first) for local addresses & unknown suffixes - `dom.security.https_first_for_local_addresses` & `dom.security.https_first_for_unknown_suffixes` -> `true` * Excluded third party trackers from storage access auto grants *(if enabled)* by default - `dom.storage_access.auto_grants.exclude_third_party_trackers` -> `true` * Further hardened the extension [Content Security Policy](https://developer.mozilla.org/docs/Web/HTTP/Guides/CSP). - `extensions.webextensions.base-content-security-policy` -> `script-src 'self' 'unsafe-inline'; upgrade-insecure-requests;` * Added a built-in domain blocklist/firewall, primarily consisting of various Mozilla ad/telemetry domains we want to ensure we never connect to, and ads/trackers/etc. that appear on their services. We'll also include domains that appear on other built-in/default connections/services, but we'll generally prefer to keep it limited in favor of ex. uBlock Origin. We've also customized the list for our **specialized** configs on desktop, to include ads/telemetry/trackers/etc. that appear on those services. - `network.dns.localDomains` -> `250analytics.com,a.omappapi.com,ads.allizom.org,ads.mozilla.org,ads.nonprod.webservices.mozgcp.net,ads.prod.webservices.mozgcp.net,analytics.getpocket.com,analytics.google.com,analytics.withgoogle.com,anf1.fuzzing.mozilla.org,anonymco.com,asan-nightly-frontend-elb-1348905149.us-east-2.elb.amazonaws.com,braze.com,contile.services.mozilla.com,contile-images.services.mozilla.com,crash-reports.allizom.org,crash-reports.mozilla.com,crash-reports-xpsp2.mozilla.com,crash-stacks.mozilla.com,crash-stats.allizom.org,crash-stats.mozilla.com,crash-stats.mozilla.org,dap.services.mozilla.com,dap.nonprod.webservices.mozgcp.net,dap.prod.webservices.mozgcp.net,dap-09-3.api.divviup.org,discovery.addons.allizom.org,discovery.addons.mozilla.org,discovery.addons-dev.allizom.org,divviup.org,download-stats.mozilla.org,download-stats.r53-2.services.mozilla.com,experimenter.services.mozilla.com,experimenter.nonprod.webservices.mozgcp.net,experimenter.prod.webservices.mozgcp.net,fhr.data.mozilla.com,fhr.r53-2.services.mozilla.com,firefox-android-home-recommendations.getpocket.com,fuzzing.mozilla.org,google-analytics.com,google-analytics-cn.com,googleanalytics.com,googlesyndication.com,googlesyndication-cn.com,googletagmanager.com,googletagmanager-cn.com,googletagservices.com,googletagservices-cn.com,improving.duckduckgo.com,incoming.telemetry.mozilla.org,incoming.thunderbird.net,incoming-telemetry.thunderbird.net,merino.nonprod.cloudops.mozgcp.net,merino.prod.cloudops.mozgcp.net,merino.services.mozilla.com,metrics-content.duckduckgo.com,mozilla-ohttp.fastly-edge.com,new-sentry.gitlab.net,normandy.cdn.mozilla.net,normandy.nonprod.cloudops.mozgcp.net,normandy.prod.cloudops.mozgcp.net,normandy-cdn.services.mozilla.com,ohttp-gateway.prod.webservices.mozgcp.net,omappapi.com,pagead2.googlesyndication.com,pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.com,prod.experimenter.prod.webservices.mozgcp.net,prod.ohttp-gateway.prod.webservices.mozgcp.net,sdk.iad-05.braze.com,sentry.gitlab.net,sentry.io,sentry.nonprod.cloudops.mozgcp.net,sentry.prod.cloudops.mozgcp.net,sitereview.zscaler.com,snippets.allizom.org,snippets.cdn.mozilla.net,snippets.mozilla.com,snippets-prod.frankfurt.moz.works,snippets-prod.moz.works,snippets-prod.oregon-b.moz.works,snippets-stage.moz.works,snippets-stage.oregon-b.moz.works,snowplow.trx.gitlab.net,snowplowalb-1011729428.us-east-1.elb.amazonaws.com,snowplowprd.trx.gitlab.net,snowplowprdnlb-1490493263.us-east-2.elb.amazonaws.com,socorro.nonprod.webservices.mozgcp.net,socorro.prod.webservices.mozgcp.net,socorro-collector.services.mozilla.com,socorro-webapp-allizom.stage.mozaws.net,socorro-webapp.services.mozilla.com,spocs.getpocket.com,spocs.getpocket.dev,spocs.mozilla.net,ssl.google-analytics.com,ssl-google-analytics.l.google.com,start.fedoraproject.org,start.thunderbird.net,start.ubuntu.com,start-stage.thunderbird.net,symbolication.services.mozilla.com,symbols.mozilla.org,tagmanager.google.com,talkback.mozilla.org,talkback-public.mozilla.org,talkback-reports.mozilla.org,telemetry-coverage.mozilla.org,telemetry-coverage.r53-2.services.mozilla.com,telemetry-incoming.r53-2.services.mozilla.com,telemetry-prod-1054754349.us-east-1.elb.amazonaws.com,updates.thunderbird.net,updates-stage.thunderbird.net,use-application-dns.net,vf.startpage.com,www.250analytics.com,www.google-analytics.com,www.google-analytics-cn.com,www.googleanalytics.com,www.googlesyndication.com,www.googlesyndication-cn.com,www.googletagmanager.com,www.googletagmanager-cn.com,www.googletagservices.com,www.googletagservices-cn.com,www.sentry.io,www-google-analytics.l.google.com,www-googletagmanager.l.google.com` * **DESKTOP**: Disabled `What's New` Pages by default - `startup.homepage_override_nimbus_disable_wnp` -> `true` * Added additional pref to ensure we never fetch experiments from Nimbus/Normandy - `app.normandy.run_interval_seconds` -> `0` * Disabled (in)activity-based ping submission for redundancy. - `telemetry.fog.test.activity_limit` & `telemetry.fog.test.inactivity_limit` -> `-1` * Disabled the `sync` ping for redundancy. - `services.sync.telemetry.maxEventsCount` & `services.sync.telemetry.maxPayloadCount` -> `0`, `services.sync.telemetry.submissionInterval` -> `999999999` * Prevented the `Telemetry` component from initializing. - `toolkit.telemetry.initDelay` -> `999999999` * Opted out of requesting crash reports for background processes from users - `browser.crashReports.crashPull` -> `false` & `browser.crashReports.requestedNeverShowAgain` -> `true` * **DESKTOP**: Added additional prefs to disable Mozilla promotions - `browser.contentblocking.report.mobile-android.url`, `browser.contentblocking.report.mobile-ios.url`, & `browser.contentblocking.report.vpn.url` -> ` ` * **APPLE MAPS SPECIALIZED CONFIG**: Updated the link from `beta.maps.apple.com` to `maps.apple.com` - `browser.newtabpage.pinned` -> `[{"url":"https://maps.apple.com/","label":"Apple Maps"}]` * **ELEMENT SPECIALIZED CONFIG**: Updated FPP overrides to disable timezone spoofing for more Element instances by default - `privacy.fingerprintingProtection.granularOverrides` -> `[{"firstPartyDomain":"arcticfoxes.net","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"aria.im","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"bitcoinist.org","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"chatwave.org","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"cinny.in","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"duesen.chat","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"element.io","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"flieger.chat","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"g24.at","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"gemeinsam.jetzt","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"gnulinux.club","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"hot-chilli.im","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"kde.org","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"kosmikdog.eu","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"mozilla.org","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"mtrx.nz","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"neat.chat","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"nitro.chat","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"nope.chat","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"oblak.be","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"pcriot.org","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"pendora.io","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"rollenspiel.chat","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"socialnetwork24.com","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"studichat.de","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"synod.im","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"the-apothecary.club","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"transfem.dev","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"unredacted.org","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"utwente.io","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"we2.ee","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"yatrix.org","overrides":"-JSDateTimeUTC"}]` * Hid the Title Bar by default - `browser.tabs.inTitlebar` -> `1` * Cleaned-up files/improved organization * Other tweaks & fixes ___ Codeberg: See [here](https://codeberg.org/celenity/Phoenix/compare/2025.04.02.1...2025.04.11.1) for more details. GitLab: See [here](https://gitlab.com/celenityy/Phoenix/-/compare/2025.04.02.1...2025.04.11.1) for more details. GitHub: See [here](https://github.com/celenityy/Phoenix/compare/2025.04.02.1...2025.04.11.1) for more details. ___ :) -
2025.04.02.1
176d5bd4 · ·____ * Phoenix's uBlock Origin configuration, add-on recommendations, and other resources are now downloaded from GitLab instead of Codeberg. Unfortunately, Codeberg is currently too unreliable and unable to properly serve these files, but we hope we'll be able to use them again for downloading these resources in the future. * **DESKTOP**: WebGL is now blocked by default for **all configs** via uBlock Origin. This approach is beneficial to users and heavily improves usability, as it allows users to override it on a per-site basis. See [here](https://gitlab.com/ironfox-oss/IronFox/-/releases/v137.0.0#per-site-webgl-control) for more details. **Users with existing Phoenix installs are highly recommended to enable these `Block WebGL` filterlists in uBlock Origin**. This is especially important for Phoenix **`Extended`** users, as we no longer set `webgl.disabled` to `true` by default in favor of this new approach. * Disabled `Dry Run` mode to enforce [Bounce Tracking Protection](https://support.mozilla.org/kb/enhanced-tracking-protection-firefox-desktop#w_bounce-tracking-protection). - `privacy.bounceTrackingProtection.enableDryRunMode` -> `false` * Disabled [Storage Access Heuristics](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning#storage_access_heuristics) by default for **all configs** - `privacy.restrict3rdpartystorage.heuristic.opened_window_after_interaction`, `privacy.restrict3rdpartystorage.heuristic.recently_visited`, `privacy.restrict3rdpartystorage.heuristic.redirect`, & `privacy.restrict3rdpartystorage.heuristic.window_open` -> `false` * Disabled the new `Navigation` [Storage Access Heuristic](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning#storage_access_heuristics) by default - `privacy.restrict3rdpartystorage.heuristic.navigation` -> `false` * Stopped spoofing the locale reported by the [Internationalization API](https://hacks.mozilla.org/2014/12/introducing-the-javascript-internationalization-api/) to `en-US` by default, as this is useless since we don't also spoof the `Accept-Language HTTP Header` by default, and it's likely doing more harm than good. - `privacy.fingerprintingProtection.overrides` -> `-JSLocale` * **DESKTOP**: Disable the [updated wallpaper experience](https://searchfox.org/mozilla-central/source/toolkit/components/nimbus/FeatureManifest.yaml#1422) to prevent an unsolicited connection to `https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/newtab-wallpapers-v2/...` on every browser launch when navigating to `about:home` - `browser.newtabpage.activity-stream.newtabWallpapers.v2.enabled` -> `false` * **DESKTOP**: Spoofed the [Beacon API](https://developer.mozilla.org/docs/Web/API/Beacon_API) *(`navigator.sendBeacon()`)* to always return `true` via uBlock Origin, despite us not supporting it *(similar to Cromite)*. This improves privacy by improving fingerprinting protection *(so we don't stick out from standard Firefox users for disabling this API)* & breaking a large amount of trackers, and it also fixes unnecessary breakage/compatibility issues - ex. https://gitlab.com/ironfox-oss/IronFox/-/issues/43 - **Users with existing Phoenix installs are highly recommended to enable this `Beacon API Stub` filterlist in uBlock Origin**. Users who previously set `beacon.enabled` to `true` are also now highly recommended to set it back to `false`. * **DESKTOP**: Switched links for the built-in `ABPindo`, `ABPVN`, `Actually Legitimate URL Shortener Tool`, `Dandelion Sprout's Annoyances List`, `Dandelion Sprout's Anti-Malware List`, `Dandelion Sprout's Serbo-Croatian filters`, `Dandelion Sprouts nordiske filtre`, & `Steven Black (Unified)` uBlock Origin filterlists from GitHub to GitLab due to superior privacy practices * **DESKTOP**: Added an additional pref to disable `mozAddonManager`. - `extensions.webapi.enabled` -> `false` * **ANDROID**: Explicitly enabled `mozAddonManager` to prevent issues and ensure users are able to install add-ons from `addons.mozilla.org`. - `extensions.webapi.enabled` -> `true`, `privacy.resistFingerprinting.block_mozAddonManager` -> `false` * **DESKTOP**: Removed [several unnecessary built-in filterlists](https://codeberg.org/celenity/Phoenix/commit/841769096f9519fa935d1b769e5bf721c9c70e73) from our uBlock Origin configuration. * Enabled zoom for all websites by default, even if they try to block it... - `browser.ui.zoom.force-user-scalable` - `true` * Cleaned-up files/improved organization * Other minor tweaks & fixes ___ Codeberg: See [here](https://codeberg.org/celenity/Phoenix/compare/2025.03.25.1...2025.04.02.1) for more details. GitLab: See [here](https://gitlab.com/celenityy/Phoenix/-/compare/2025.03.25.1...2025.04.02.1) for more details. GitHub: See [here](https://github.com/celenityy/Phoenix/compare/2025.03.25.1...2025.04.02.1) for more details. ___ :)
-
2025.03.25.1
7bfa489e · ·____ * Disabled `Dry Run` to enforce [Cookies Having Independent Partitioned State *(CHIPS)*](https://developer.mozilla.org/docs/Web/Privacy/Privacy_sandbox/Partitioned_cookies) - `network.cookie.chips.partitionLimitDryRun` -> `false` * Enabled [Messaging Layer Security](https://blog.mozilla.org/mozilla/messaging-layer-security-is-now-an-internet-standard/) - `dom.origin-trials.mls.state` -> `1` * Added an additional pref to enforce strict MIME types - `dom.workers.importScripts.enforceStrictMimeType` -> `true` * Prevented Glean from initializing on shutdown - `telemetry.fog.init_on_shutdown` -> `false` * Forced telemetry pings to be sent to `localhost` *(with an invalid port)* instead of Mozilla's remote servers *(if somehow enabled...)* for redundancy/defense in depth - `telemetry.fog.test.localhost_port` -> `70000` * Disabled pacing requests to improve performance- *https://codeberg.org/celenity/Phoenix/issues/84* - `network.http.pacing.requests.enabled` -> `false` * Increased TLS token caching to improve performance - *https://codeberg.org/celenity/Phoenix/issues/84* - `network.ssl_tokens_cache_capacity` -> `10240` * Enabled [CSS Masonry Layout](https://www.smashingmagazine.com/native-css-masonry-layout-css-grid/) - *https://codeberg.org/celenity/Phoenix/issues/84* - `layout.css.grid-template-masonry-value.enabled` -> `true` * Prevented including the space next to words when double-clicking/selecting text - *https://codeberg.org/celenity/Phoenix/issues/84* - `layout.word_select.eat_space_to_next_word` -> `false` * **DESKTOP**: Added Unified Search button [to easily switch search engines from the URL Bar](ttps://windowsreport.com/firefox-tests-dedicated-address-bar-button-for-easier-search-engine-switching/) - `browser.urlbar.scotchBonnet.enableOverride` -> `true` * **DESKTOP**: Disabled AI Chat `Link Preview` - `browser.ml.linkPreview.enabled` -> `false` * **DESKTOP**: Disabled tab hover previews by default - `browser.tabs.hoverPreview.enabled` & `browser.tabs.hoverPreview.showThumbnails` -> `false` * **DESKTOP**: Disabled annoying `Actions` URL Bar Shortcut by default - `browser.urlbar.shortcuts.actions` -> `false` * **DESKTOP**: Enabled Backup UI settings *(at `about:preferences#general`)* - `browser.backup.preferences.ui.enabled` -> `true` * **DESKTOP**: Exposed `browser.newtabpage.activity-stream.debug` via the `about:config` - `browser.newtabpage.activity-stream.debug` -> `false` * **DESKTOP**: Unlocked `toolkit.contentRelevancy.log` * Disabled timezone spoofing for [more Element instances](https://codeberg.org/celenity/Phoenix/commit/5b78c7ba676b07c06b6039073e0acb06b03277fe) by default * **DESKTOP**: Re-enabled spoofing WebGL render capability for `apple.com`, as Apple Maps no longer requires it * **SPECIALIZED CONFIGS**: Disabled [`BackupService`](https://searchfox.org/mozilla-central/source/browser/components/backup/content/debug.html) - `browser.backup.enabled` -> `false` * **SPECIALIZED CONFIGS**: Hid the Sidebar toolbar button by default - `browser.uiCustomization.state` -> `{\"placements\":{\"widget-overflow-fixed-list\":[],\"unified-extensions-area\":[\"_aecec67f-0d10-4fa7-b7c7-609a2db280cf_-browser-action\"],\"nav-bar\":[\"back-button\",\"forward-button\",\"vertical-spacer\",\"stop-reload-button\",\"urlbar-container\",\"_testpilot-containers-browser-action\",\"fxa-toolbar-menu-button\",\"reset-pbm-toolbar-button\",\"developer-button\",\"ublock0_raymondhill_net-browser-action\",\"_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action\",\"downloads-button\",\"unified-extensions-button\"],\"toolbar-menubar\":[\"menubar-items\"],\"TabsToolbar\":[\"tabbrowser-tabs\",\"new-tab-button\"],\"vertical-tabs\":[],\"PersonalToolbar\":[\"personal-bookmarks\"]},\"seen\":[\"reset-pbm-toolbar-button\",\"developer-button\",\"_testpilot-containers-browser-action\",\"ublock0_raymondhill_net-browser-action\",\"_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action\",\"_aecec67f-0d10-4fa7-b7c7-609a2db280cf_-browser-action\"],\"dirtyAreaCache\":[\"nav-bar\",\"vertical-tabs\",\"PersonalToolbar\",\"unified-extensions-area\",\"TabsToolbar\",\"toolbar-menubar\"],\"currentVersion\":21,\"newElementCount\":5}` * **APPLE MAPS**, **DISCORD**, & **ELEMENT** SPECIALIZED CONFIGS: Disabled [Cookie Banner Reduction](https://support.mozilla.org/kb/cookie-banner-reduction) - `cookiebanners.bannerClicking.enabled`, `cookiebanners.cookieInjector.enabled`, `cookiebanners.service.enableGlobalRules`, `cookiebanners.service.enableGlobalRules.subFrames`, & `cookiebanners.ui.desktop.enabled` -> `false`, `cookiebanners.service.mode` & `cookiebanners.service.mode.privateBrowsing` -> `0` * **APPLE MAPS** SPECIALIZED CONFIG: Disabled containers and hid Firefox Multi-Account Containers by default - `privacy.userContext.enabled` & `privacy.userContext.ui.enabled` -> `false`, `browser.uiCustomization.state` -> `{\"placements\":{\"widget-overflow-fixed-list\":[],\"unified-extensions-area\":[\"_testpilot-containers-browser-action\"],\"nav-bar\":[\"back-button\",\"forward-button\",\"vertical-spacer\",\"stop-reload-button\",\"urlbar-container\",\"fxa-toolbar-menu-button\",\"reset-pbm-toolbar-button\",\"developer-button\",\"ublock0_raymondhill_net-browser-action\",\"downloads-button\",\"unified-extensions-button\"],\"toolbar-menubar\":[\"menubar-items\"],\"TabsToolbar\":[\"tabbrowser-tabs\",\"new-tab-button\"],\"vertical-tabs\":[],\"PersonalToolbar\":[\"personal-bookmarks\"]},\"seen\":[\"reset-pbm-toolbar-button\",\"developer-button\",\"_testpilot-containers-browser-action\",\"ublock0_raymondhill_net-browser-action\"],\"dirtyAreaCache\":[\"nav-bar\",\"vertical-tabs\",\"PersonalToolbar\",\"unified-extensions-area\",\"TabsToolbar\",\"toolbar-menubar\"],\"currentVersion\":21,\"newElementCount\":4}` * Improved organization * Other minor tweaks & fixes ___ Codeberg: See [here](https://codeberg.org/celenity/Phoenix/compare/2025.03.20.1...2025.03.25.1) for more details. GitLab: See [here](https://gitlab.com/celenityy/Phoenix/-/compare/2025.03.20.1...2025.03.25.1) for more details. GitHub: See [here](https://github.com/celenityy/Phoenix/compare/2025.03.20.1...2025.03.25.1) for more details. ___ :) -
2025.03.20.1
c841aa47 · ·____ * Cleaned up and re-organized preferences... * Disabled [Basic authentication over HTTP](https://chromeenterprise.google/policies/#BasicAuthOverHttpEnabled) by default - `network.http.basic_http_auth.enabled` -> `false` * **DESKTOP**: Enabled + customized the new Sidebar by default - `sidebar.backupState` -> `{\"command\":\"\",\"launcherWidth\":0,\"launcherExpanded\":false,\"launcherVisible\":false}`, `sidebar.main.tools` -> `bookmarks,syncedtabs,history`, `sidebar.revamp` -> `true`, & `sidebar.visibility` -> `hide-sidebar` * **DESKTOP**: Enabled syncing for the **`sidebar.main.tools`** & **`sidebar.revamp`** preferences - `services.sync.prefs.sync.sidebar.main.tools` & `services.sync.prefs.sync.sidebar.revamp` -> `true` * DESKTOP - **WINDOWS**: Enabled [Taskbar Tabs](https://windowsreport.com/firefox-is-bringing-web-apps-to-windows-11-with-taskbar-tabs-first-look/) *(PWAs)* by default - currently only supported on **Nightly** - `browser.taskbarTabs.enabled` -> `true` * Added a FPP override for **`citybbq.com`** to fix display estimated delivery times - `privacy.fingerprintingProtection.granularOverrides` -> `{\"firstPartyDomain\": \"citybbq.com\", \"overrides\": \"-JSDateTimeUTC\"}` * **ANDROID**: Added a FPP override for **`jerseymikes.com`** to fix map display issues - `privacy.fingerprintingProtection.granularOverrides` -> `{\"firstPartyDomain\": \"jerseymikes.com\", \"overrides\": \"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt\"}` * Other minor tweaks & fixes ___ Codeberg: See [here](https://codeberg.org/celenity/Phoenix/compare/2025.03.12.1...2025.03.20.1) for more details. GitLab: See [here](https://gitlab.com/celenityy/Phoenix/-/compare/2025.03.12.1...2025.03.20.1) for more details. GitHub: See [here](https://github.com/celenityy/Phoenix/compare/2025.03.12.1...2025.03.20.1) for more details. ___ :) -
2025.03.12.1
4338c1fa · ·____ * **DESKTOP**: Fixed clicking tiles on `about:home` - *https://codeberg.org/celenity/Phoenix/issues/80* - `browser.newtabpage.activity-stream.feeds.places` -> `true` * **DESKTOP**: Fixed an issue for Firefox Sync users that use both Phoenix & standard Firefox that created an empty `Thought-provoking stories` section on the `about:home` that appeared on the standard Firefox instance - `services.sync.prefs.sync.browser.newtabpage.activity-stream.sectionOrder` -> `false` * Third party trackers are now excluded from TCP/dFPI [storage access heuristics](https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning#storage_access_heuristics) by default - `privacy.restrict3rdpartystorage.heuristic.exclude_third_party_trackers` -> `true` * Added **[`Picky`](https://addons.mozilla.org/firefox/addon/ciuvo/)** to the extension blocklist, due to it tracking users and following poor privacy practices * **DESKTOP**: Removed [uBlock Origin settings](https://codeberg.org/celenity/Phoenix/commit/ef7e414584e1d325cc414893f5756f893f12d650) from policies, as setting them in this way prevents users from overriding the settings if desired. **We still set our own `assets.json`**, and we'll set these values again in the future once/if uBlock Origin adds support for configuring settings as **defaults** rather than *only* **enforcing** them * **DESKTOP**: Added [`HUGE AI Blocklist`](https://raw.githubusercontent.com/laylavish/uBlockOrigin-HUGE-AI-Blocklist/main/list.txt) & [`NUCLEAR AI Blocklist`](https://raw.githubusercontent.com/laylavish/uBlockOrigin-HUGE-AI-Blocklist/main/additional_list_nuclear.txt) to uBlock Origin *(under `Annoyances`)* - *https://codeberg.org/celenity/Phoenix/issues/71* * **DISCORD** & **ELEMENT** **SPECIALIZED CONFIGS**: Stopped blocking the notification permission prompt by default, as it might be useful for users - *https://codeberg.org/celenity/Phoenix/issues/77* - `permissions.default.desktop-notification` -> `0` * Other minor tweaks & fixes ___ Codeberg: See [here](https://codeberg.org/celenity/Phoenix/compare/2025.03.05.1...2025.03.12.1) for more details. GitLab: See [here](https://gitlab.com/celenityy/Phoenix/-/compare/2025.03.05.1...2025.03.12.1) for more details. GitHub: See [here](https://github.com/celenityy/Phoenix/compare/2025.03.05.1...2025.03.12.1) for more details. ___ :)
-
2025.03.05.1
94b000b4 · · -
2025.02.28.1
cf48119d · ·2025.02.28.1 ⚠️ **ALL DESKTOP USERS ARE RECOMMENDED TO UPDATE TO THIS RELEASE ASAP**. This release mitigates [CVE-2025-27091](https://www.cve.org/CVERecord?id=CVE-2025-27091) *(high severity)* from Firefox upstream, [which Mozilla has not yet fixed]( https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2025-27091)... ____ * Disabled OpenH264 to mitigate [CVE-2025-27091](https://www.cve.org/CVERecord?id=CVE-2025-27091), and due to [other security concerns](https://codeberg.org/celenity/Phoenix/commit/12f161dce776b313e611851492e3f79f6f143f69)... - `media.ffmpeg.allow-openh264`, `media.gmp-gmpopenh264.enabled`, `media.gmp-gmpopenh264.provider.enabled`, & `media.gmp-gmpopenh264.visible` -> `false` * Temporarily disabled [Download Spam Prevention](https://bugzilla.mozilla.org/show_bug.cgi?id=1731668) by default, as it's unfortunately still too buggy/experimental... - `browser.download.enable_spam_prevention` -> `false` * **DESKTOP**: Fixed a bug that prevented uBlock Origin's `assets.json` from updating after first set-up - **Note that you MUST reset uBlock Origin by navigating to Settings -> Reset to default settings... to receive the updated configuration**. You can back up your current settings using the **`Back up to file...`** option, and restore your settings after the reset is complete with the **`Restore from file...`** option. Apologies for any convenience, the fix here should help ensure this isn't a problem in the future... * **DESKTOP**: Disabled the ability for uBlock Origin's built-in filterlists to [use filters requiring trust](https://github.com/gorhill/uBlock/wiki/Dashboard:-My-filters#allow-custom-filters-requiring-trust), due to security concerns. * **DESKTOP**: Added new filterlists to uBlock Origin that allow the user to block **SVG**, **WebGL**, **WebGPU**, and **WebRTC** per-site. Users are **highly** recommended to use these filters *(with the exception of **WebGPU** - very few websites use it so we fully disable it via `dom.webgpu.enabled`, though this filter may prove useful for the future if WebGPU does become adopted...)*, and see if it suits them - due to the significant privacy & security advantages. **`Block SVG`** is located under **`Malware protection, security`**, while **`Block WebGL`** and **`Block WebRTC`** are located under **`Multipurpose`**. This is **especially** important for Phoenix **Extended** users, as it's likely we'll stop completely disabling WebGL *(`webgl.disabled`)* in the future, due to this list. - **Please report any breakage caused by these lists [here](https://codeberg.org/celenity/BadBlock/issues).** * Hardened extension CSP policies to disable WebAssembly *(without breaking Firefox Translations... ;))* & upgrade insecure network requests - https://codeberg.org/celenity/Phoenix/commit/58eca0f015c2beacc216182085ddcc37e0348064 * Enabled [Add-on Distribution Control](https://groups.google.com/g/firefox-dev/c/U7GpHE4R-ZY) *(Install Origins)* by default - `extensions.install_origins.enabled` -> `true` * Enabled the [Sanitizer API](https://github.com/WICG/sanitizer-api) by default - `dom.security.sanitizer.enabled` -> `true` * Set Firefox to sync with [Remote Settings](https://remote-settings.readthedocs.io/) hourly, rather than once a day by default, as Remote Settings is used for various security-critical functionality *(Ex. CRLite/revocation checks, malicious add-on blocklists, etc)*, so we want to make sure users are up to date ASAP - `services.settings.poll_interval` -> `3600` * **DESKTOP**: The Firefox logo is now hidden on `about:home` by default - `browser.newtabpage.activity-stream.logowordmark.alwaysVisible` -> `false` * **SPECIALIZED CONFIGS**: Stopped automatically loading websites on browser launch - as uBlock Origin is unfortunately unable to filter on the profile's first launch * **SPECIALIZED CONFIGS**: The search bar is now hidden from `about:home` by default - `browser.newtabpage.activity-stream.showSearch` -> `false` * Other minor tweaks, fixes, & enhancements ___ Codeberg: See [here](https://codeberg.org/celenity/Phoenix/compare/2024.02.21.1...2025.02.28.1) for more details. GitLab: See [here](https://gitlab.com/celenity/Phoenix/-/compare/2024.02.21.1...2025.02.28.1) for more details. GitHub: See [here](https://github.com/celenityy/Phoenix/compare/2024.02.21.1...2025.02.28.1) for more details. ___ :)
-
2025.02.21.1
df05b789 · ·2025.02.21.1 ____ * Re-enabled WebAssembly (WASM) for extensions *(when WASM is disabled)* to unbreak Firefox Translations - `javascript.options.wasm_trustedprincipals` -> `true` - https://codeberg.org/ironfox-oss/IronFox/issues/15 * **DESKTOP**: Removed **Ecosia**, **Qwant**, and **Qwant Junior** as default search engines, due to privacy concerns * **DESKTOP** *(Flatpak)*: Added support for Phoenix `Extended` & specialized configs - *(See updated instructions [here](https://phoenix.celenity.dev#extended-installation) and [here](https://phoenix.celenity.dev#specialized-configs))* * **DESKTOP** *(macOS)*: Fixed an issue that prevented Phoenix `Extended` & specialized configs from being properly applied in certain cases * **DESKTOP**: Added specialized configs for **Apple Maps** & **Google Maps** * **SPECIALIZED CONFIGS**: Disabled PDF.js by default - `pdfjs.disabled` -> `true` * **SPECIALIZED CONFIGS**: Disabled tab hover previews by default - `browser.tabs.hoverPreview.enabled` & `browser.tabs.hoverPreview.showThumbnails` -> `false` * **SPECIALIZED CONFIGS**: Enabled cursor *(arrow key)* navigation by default - `accessibility.browsewithcaret` -> `true` * Enabled H264 hardware decoding by default - `media.webrtc.hw.h264.enabled` -> `true` * **DESKTOP** *(non-macOS)*: All preferences have been removed from `phoenix.cfg` & `policies.json` - now they are **all** configured exclusively by `phoenix-desktop.js` to improve organization & efficiency. * **DESKTOP** *(macOS)*: All preferences have been removed from policies - now they are **all** configured exclusively by `phoenix.cfg`,to improve organization & efficiency. * **DESKTOP**: Removed unnecessary entries from our built-in cookie blocklist to improve performance * Other minor tweaks, fixes, & enhancements ___ Codeberg: See [here](https://codeberg.org/celenity/Phoenix/compare/2024.02.18.1...2025.02.21.1) for more details. GitLab: See [here](https://gitlab.com/celenity/Phoenix/-/compare/2024.02.18.1...2025.02.21.1) for more details. GitHub: See [here](https://github.com/celenityy/Phoenix/compare/2024.02.18.1...2025.02.21.1) for more details. ___ :)
-
2024.02.18.1
c8c82545 · ·2024.02.18.1 **Phoenix now officially supports Flatpaks! 🎉**. Simply install `phoenix-flatpak` rather than `phoenix` or `phoenix-arch` from your package manager. If you prefer, you can also just run the [installation script](https://phoenix.celenity.dev#install) - where Flatpaks have now also been added as an option after selecting your distribution. The only caveat is that your Firefox Flatpak **must** be installed on the **system** level. We unfortunately don't yet support **user** Flatpaks, but we're hoping to in the near future. Additionally, Phoenix for **macOS** has significantly improved - most notably: **you are now no longer required to give your Terminal the `App Management` permission to receive updates!**, resulting in a significant security improvement for your system. **NOTE:** To continue receiving updates, macOS users **must** run the migration script with the command below, depending on your location of Firefox: **System**: ```sh bash -c "$(wget -O- https://codeberg.org/celenity/Phoenix/raw/branch/pages/macos/migration/system.sh 2>/dev/null)" ``` **User**: ```sh bash -c "$(wget -O- https://codeberg.org/celenity/Phoenix/raw/branch/pages/macos/migration/user.sh 2>/dev/null)" ``` After running the migration script, macOS users must **also** run the new installation script: ```sh bash -c "$(wget -O- https://codeberg.org/celenity/Phoenix/raw/branch/pages/installer_scripts/macos_install.sh 2>/dev/null)" ``` Apologies for any inconvenience caused here... but I hope this major security improvement and step forward for Phoenix will make up for it. ;) ____ * Disabled [automatic updates for OpenSearch engines](https://developer.mozilla.org/docs/Web/XML/Guides/OpenSearch#supporting_automatic_updates_for_opensearch_plugins) by default due to security & privacy concerns - `browser.search.update` -> `false` * Disabled timezone spoofing *(`-JSDateTimeUTC`)* for `chipotle.com` to fix order confirmation/estimated arrival times by default * **DESKTOP**: Specified `type` for preferences configured in policies to ensure that they are always set correctly... * **DESKTOP**: Specified specific add-on IDs in links for extensions installed from the AMO in our recommendations and policies - *(Credit to [Brace](https://codeberg.org/divested/brace/commit/a3122affe756a610c737071342f5ad550ea0acfc))* * **SPECIALIZED CONFIGS**: Disabled geolocation, narrator, and tab groups by default - `browser.tabs.groups.enabled`, `geo.provider.use_corelocation`, `geo.provider.use_geoclue`, & `narrate.enabled` -> `false`, `geo.provider.network.url` -> ` ` * Removed various *(mostly regional)* search engines with questionable privacy practices for ESR/Thunderbird *([Dove](https://dove.celenity.dev)* - https://codeberg.org/celenity/Phoenix/commit/fdb894425fc4ac5dcfd0fa284fe289ecd1980266 * Organized and cleaned up more preferences... * Other minor tweaks, fixes, & adjustments ___ Codeberg: See [here](https://codeberg.org/celenity/Phoenix/compare/2025.02.14.1...2024.02.18.1) for more details. GitLab: See [here](https://gitlab.com/celenity/Phoenix/-/compare/2025.02.14.1...2024.02.18.1) for more details. GitHub: See [here](https://github.com/celenityy/Phoenix/compare/2025.02.14.1...2024.02.18.1) for more details. ___ :)
-
2025.02.14.1
9bcab2ed · ·2025.02.14.1 ____ * **DESKTOP**: Disabled the Windows [Media Foundation Engine](https://learn.microsoft.com/windows/win32/medfound/about-the-media-foundation-sdk) for video playback, due to display issues encountered by some users *(notably on `www.youtube.com`)* - `media.wmf.media-engine.enabled` -> `0` * **DESKTOP**: Disabled sharing unnecessary version info as part of [Firefox Sync](https://support.mozilla.org/kb/sync) - `services.sync.sendVersionInfo` -> `false` * **DESKTOP**: Enabled [Tab Groups](https://www.ghacks.net/2024/12/03/how-to-enable-tab-groups-in-firefox/) by default - `browser.tabs.groups.enabled` -> `true` * Updated the default list of languages automatically translated with [Firefox Translation](https://support.mozilla.org/kb/website-translation) - `browser.translations.alwaysTranslateLanguages` -> `bg,ca,cs,da,de,el,en,es,et,fi,fr,hr,hu,id,it,ja,ko,lv,lt,nl,pl,pt,ro,ru,sk,sl,sr,sv,tr,uk,vi,zh-Hans` * **DESKTOP**: Disabled sidebar animations by default to improve Firefox's performance and responsiveness - `sidebar.animation.enabled` -> `false` * Removed various *(mostly regional)* search engines with questionable privacy practices for ESR/Thunderbird *([Dove](https://dove.celenity.dev)* - https://codeberg.org/celenity/Phoenix/commit/fdb894425fc4ac5dcfd0fa284fe289ecd1980266 * Organized and cleaned up more preferences... * Other minor tweaks, fixes, & adjustments ___ Codeberg: See [here](https://codeberg.org/celenity/Phoenix/compare/2025.02.13.1...2025.02.14.1) for more details. GitLab: See [here](https://gitlab.com/celenity/Phoenix/-/compare/2025.02.13.1...2025.02.14.1) for more details. GitHub: See [here](https://github.com/celenityy/Phoenix/compare/2025.02.13.1...2025.02.14.1) for more details. ___ :)
-
2025.02.13.1
6034e8f9 · ·2025.02.13.1 The major focus of this release has been boring, under the hood changes - with the goal to clean up Phoenix and remove unnecessary preferences/files/etc. ____ * **DESKTOP**: Our [configuration of uBlock Origin](https://codeberg.org/celenity/Phoenix/wiki/Content-Blocking.md) has been tweaked to **significantly** improve performance and efficiency. Specifically, we disabled ` HaGeZi's Threat Intelligence Feeds` by default in favor of ` HaGeZi's Threat Intelligence Feeds - Mini`, disabled `HaGeZi - Multi PRO++` by default in favor of `HaGeZi - Multi ULTIMATE - Mini`, and disabled `Dandelion Sprout's Annoyances List` by default. Additionally, the `HaGeZi - Fake`, `HaGeZi - Multi PRO mini`, `HaGeZi - Multi PRO++ mini`, and `HaGeZi - Pop-up Ads` lists have been added to the built-in selection of filterlists, but are **not** enabled by default. **Note that you may need to reset uBlock Origin by navigating to `Settings` -> `Reset to default settings...` to receive the updated configuration**. You can back up your current settings using the **`Back up to file...`** option, and restore your settings after the reset is complete with the **`Restore from file...`** option * Firefox Sync has been configured to **not** sync any items by default, meaning nothing is synced without explicit user consent *(controlled via the checkboxes at `about:preferences#sync`)* - `services.sync.engine.addons`, `services.sync.engine.addresses`, `services.sync.engine.bookmarks`, `services.sync.engine.creditcards`, `services.sync.engine.history`, `services.sync.engine.passwords`, `services.sync.engine.prefs`, & `services.sync.engine.tabs` -> `false` * If Web Assembly (WASM) is disabled *(`javascript.options.wasm`)*, WASM is now *also* disabled for extensions - `javascript.options.wasm_trustedprincipals` -> `false` * Disabled adding downloads to `recent documents` by default - `browser.download.manager.addToRecentDocs` -> `false` * **DESKTOP**: Disabled certain UI animations by default to improve Firefox's performance and responsiveness - `ui.panelAnimations` & `ui.swipeAnimationEnabled` -> `0`, `ui.prefersReducedMotion` -> `1` * **DESKTOP**: Disabled [Windows Media Foundation](https://learn.microsoft.com/windows/win32/medfound/about-the-media-foundation-sdk) for protected content *(DRM)*, but also enabled it for standard content - `media.wmf.media-engine.enabled` -> `3` * Set `toolkit.telemetry.log.level`, `ui.hideCursorWhileTyping`, `ui.prefersReducedTransparency`, `ui.scrollToClick`, & `ui.useAccessibilityTheme` to their default values, so that they can be easily set in the `about:config`... - `toolkit.telemetry.loglevel` -> `Error`, `ui.prefersReducedTransparency` & `ui.useAccessibilityTheme` -> `0`, `ui.scrollToClick` -> `1` * **YOUTUBE SPECIALIZED CONFIG**: Disabled [Trusted Types](https://w3c.github.io/trusted-types/dist/spec/) by default [due to issues with Picture-in-Picture](https://bugzilla.mozilla.org/show_bug.cgi?id=1947672) - `dom.security.trusted_types.enabled` -> `false` * Various other tweaks, fixes, enhancements, and adjustments. ___ Codeberg: See [here](https://codeberg.org/celenity/Phoenix/compare/2025.02.01.1...2025.02.13.1) for more details. GitLab: See [here](https://gitlab.com/celenity/Phoenix/-/compare/2025.02.01.1...2025.02.13.1) for more details. GitHub: See [here](https://github.com/celenityy/Phoenix/compare/2025.02.01.1...2025.02.13.1) for more details. ___ :)
-
2025.02.01.1
b26305eb · ·2025.02.01.1 ____ * **DESKTOP**: Rather than automatically grabbing the latest version of our `assets.json` configuration file for uBlock Origin, we now specify a specific commit and download it directly from Phoenix's Codeberg repo. This helps to improve trust/transparency and security, by ensuring the file is only updated with the rest of Phoenix (rather than updating on its own) - meaning it's easier to audit, and keeps the user always in control. - `assetsBootstrapLocation` *(Policy)* & `librewolf.uBO.assetsBootstrapLocation` -> `https://codeberg.org/celenity/Phoenix/raw/commit/08d147ee865c1d740540e8ec83c758d7a4df3e8b/uBlock/assets.json` - https://codeberg.org/celenity/Phoenix/issues/48#issuecomment-2665313 https://github.com/celenityy/Phoenix/issues/4#issuecomment-2627740229 * **DESKTOP**: Similar to the `assets.json` file, we now also specify both a specific commit and specific version for our included search engines/'extensions' in `policies.json`, and we explicitly disable automatic/out of band updates for them - meaning these 'extensions' are now **also** only updated alongside the rest of Phoenix, and never on their own. This further helps to improve transparency/auditability and protect users. - https://codeberg.org/celenity/Phoenix/issues/48#issuecomment-2665313 https://github.com/celenityy/Phoenix/issues/4#issuecomment-2627740229 * **DESKTOP**: Similar to what we've already been doing on Android, we now manually enable various ETP/ETP Strict tracking protections/features. We still enable & enforce ETP Strict itself *(meaning we're still covered by Mozilla's updates/enhancements)*; but unfortunately, Firefox doesn't honor/configure ETP Strict on its first launch, so we need to ensure we also enable these protections manually to always protect users. - https://codeberg.org/celenity/Phoenix/commit/4a6e135e3647ef34021e3786f28cc64914554335 * Set `browser.policies.loglevel`, `geo.provider.network.logging.enabled`, & `permissions.memory_only` to their default values, so that they can be easily set in the `about:config`... - `browser.policies.loglevel` -> `error`, `geo.provider.network.logging.enabled` & `permissions.memory_only` -> `false` * Disabled the [Beacon API](https://developer.mozilla.org/docs/Web/API/Beacon_API) *([`Navigator.sendBeacon`](https://udn.realityripple.com/docs/Web/API/Navigator/sendBeacon))* - `beacon.enabled` -> `false` - https://codeberg.org/celenity/Phoenix/commit/a3d7322f5de7fe72bf12753e2fa685497a827bcf * Other minor tweaks, fixes, and enhancements. ___ Codeberg: See [here](https://codeberg.org/celenity/Phoenix/compare/2025.01.30.1...2025.02.01.1) for more details. GitLab: See [here](https://gitlab.com/celenity/Phoenix/-/compare/2025.01.30.1...2025.02.01.1) for more details. GitHub: See [here](https://github.com/celenityy/Phoenix/compare/2025.01.30.1...2025.02.01.1) for more details. ___ :)
-
2025.01.30.1
9eafb88a · ·2025.01.30.1 ____ * **DESKTOP**: After careful consideration, Phoenix's default search engine is now **[DuckDuckGo](https://duckduckgo.com/)**. While not perfect, we believe DuckDuckGo has a strong track record and solid reputation for protecting user privacy, and we believe it's simply the most trustworthy/reputable privacy-respecting search engine currently available. **Brave Search has been removed from Phoenix, though it can still be manually added from Brave's website if desired.** * **DESKTOP**: Paid search engines have been removed from Phoenix by default. This includes `Kagi`, `Kagi HTML`, `MetaGer`, `Mullvad Leta (Brave)`, & `Mullvad Leta (Google)`. Users who pay for these search engines can still manually add them if desired. * **DESKTOP**: We now include our own recommended extensions and themes in the `Recommendations` tab of `about:addons`! See [here](https://phoenix.celenity.dev/extension-recommendations) for details on what extensions are included, why, and the criteria for inclusion. Feel free to make suggestions if we're missing an extension or theme you'd like to see! * **DESKTOP**: We no longer enforce `autoUpdate`, `autoUpdatePeriod`, `cnameUncloakEnabled`, `hyperlinkAuditingDisabled`, `prefetchingDisabled`, & `suspendUntilListsAreLoaded` for uBlock Origin in our `policies.json`, **as these settings are already uBlock Origin's defaults**, and configuring them like this unfortunately locks the setting and prevents users from overriding if desired. Hopefully uBlock Origin will add support for configuring settings as only the default, rather than only having the option to enforce them (https://github.com/uBlockOrigin/uBlock-issues/issues/3538). - https://codeberg.org/celenity/Phoenix/issues/56 * Disabled spoofing locale to `en-US` for all configs by default, due to usability concerns for non-English speakers. - `privacy.spoof_english` -> `0` *(We still recommend spoofing your locale if you **are** fluent in English by setting `privacy.spoof_english` in your `about:config` back to `2`)* * Added various new granular FPP overrides - see [here](https://codeberg.org/celenity/Phoenix/commit/0428ad97966f01805172c023e654e9fe4ad43e60) and [here](https://codeberg.org/celenity/Phoenix/commit/146d65032b0450fa306a4a7c5091a02b7bbd1c3e) for details. * **ANDROID**: Removed our FPP override for `apple.com`, as Apple Maps simply isn't supported on Android, so it's unnecessary. - `privacy.fingerprintingProtection.granularOverrides` -> ` ` * **DESKTOP**: uBlock Origin is now enabled in private windows by default, and our search 'extensions' are explicitly disabled in private windows. It should be noted that this currently **only** works on Nightly. * Our search 'extensions' are now explicitly blocked from accessing [restricted domains](https://support.mozilla.org/kb/quarantined-domains). - https://codeberg.org/celenity/Phoenix/commit/6dd7570be8d7a861995131cae0e0f37f5135d8ea * **ANDROID**: Explicitly enabled [SmartBlock](https://support.mozilla.org/kb/smartblock-enhanced-tracking-protection) - `extensions.webcompat.enable_shims`, `extensions.webcompat.perform_injections`, & `extensions.webcompat.perform_ua_overrides` -> `true` * **EXTENDED**: WebRTC will now *only* [use TURN servers/relays](https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/issues/40#note_2884663), rather than connecting via peer to peer directly. - `media.peerconnection.ice.relay_only` -> `true` * **DESKTOP**: WebXR is still blocked by default, but it is now **unlocked** so that users may use it if desired. * Explicitly disabled unprivileged extensions from accessing experimental APIs by default - `extensions.experiments.enabled` -> `false` * Added an additional pref to ensure Early Hints are properly disabled - `network.early-hints.over-http-v1-1.enabled` -> `false` * Enforced the use of Firefox's built-in certificates for installation & updates of extensions - `extensions.install.requireBuiltInCerts` & `extensions.update.requireBuiltInCerts` -> `true` * Prevented [automatic scanning/installation/enabling of extensions in Firefox's application directory](https://support.mozilla.org/kb/deploying-firefox-with-extensions) - `extensions.installDistroAddons` -> `false` * **DESKTOP**: Removed superfluous `WebsiteFilter` policy. * **YOUTUBE SPECIALIZED CONFIG**: Disabled WebRTC for attack surface reduction - `media.peerconnection.enabled` -> `false` * **SPECIALIZED CONFIGS**: Hardened WebRTC and updated the WebRTC overrides where needed to reflect changes described above - See ex. https://codeberg.org/celenity/Phoenix/commit/7a5892bb8da259de6d510347f2d49643f40e169c for details. * Other minor tweaks, fixes, and enhancements. ___ Codeberg: See [here](https://codeberg.org/celenity/Phoenix/compare/2025.01.27.1...2025.01.30.1) for more details. GitLab: See [here](https://gitlab.com/celenity/Phoenix/-/compare/2025.01.27.1...2025.01.30.1) for more details. GitHub: See [here](https://github.com/celenityy/Phoenix/compare/2025.01.27.1...2025.01.30.1) for more details. ___ :)
-
2025.01.27.1
74b69c28 · ·2025.01.27.1 ____ * **ANDROID**: Re-enabled the JIT Baseline Interpreter by default to fix severe performance issues. We still disable the JIT Baseline Interpreter on desktop, and even on Android, we still disable JIT via various other prefs. - `javascript.options.blinterp` -> `true` * **ANDROID**: Manually enabled more ETP/ETP Strict protections - `privacy.annotate_channels.strict_list.enabled`, `privacy.annotate_channels.strict_list.pbmode.enabled`, `privacy.partition.network_state`, `privacy.partition.serviceWorkers`, `privacy.query_stripping.redirect`, & `privacy.reduceTimerPrecision` -> `true` * Disabled sending 'daily usage pings' to Mozilla - `datareporting.usage.uploadEnabled` -> `false` * Disabled [CAPTCHA Detection Pings](https://searchfox.org/mozilla-central/source/toolkit/components/captchadetection) - `captchadetection.actor.enabled` -> `false`, `captchadetection.loglevel` -> `Off` * Added additional prefs to prevent cross-origin sub-resources from opening HTTP authentication dialogs *(These are especially important for ex. Thunderbird...)* - `network.auth.non-web-content-triggered-resources-http-auth-allow` & `network.auth.subresource-img-cross-origin-http-auth-allow` -> `false` * Disabled automatically clearing net monitor and web console log messages after page reloads/navigation - `devtools.netmonitor.persistlog` & `devtools.webconsole.persistlog` -> `true` * Syntax is now highlighted when viewing page sources *(`view-source:`)* - `view_source.syntax_highlight` -> `true` ___ Codeberg: See [here](https://codeberg.org/celenity/Phoenix/compare/2025.01.24.1...2025.01.27.1) for more details. GitLab: See [here](https://gitlab.com/celenity/Phoenix/-/compare/2025.01.24.1...2025.01.27.1) for more details. GitHub: See [here](https://github.com/celenityy/Phoenix/compare/2025.01.24.1...2025.01.27.1) for more details. ___ :)
-
2025.01.24.1
c13774f4 · ·2025.01.24.1 **FYI:** Users who **manually** installed Phoenix on **macOS** or **GNU/Linux** who used the **`sudo mv`** commands from the `README` are highly recommended to reinstall Phoenix with the [updated steps](https://codeberg.org/celenity/Phoenix#manual-installation), [due to potential security issues](https://codeberg.org/celenity/Phoenix/issues/48). Thank you to [doomedguppy](https://codeberg.org/doomedguppy) for discovering & reporting this issue, and thank you to [Seyed Mohamad Amin Modaresi](https://codeberg.org/gnu1) for the prompt response and fix. ____ * Regardless of Firefox's DoH mode, we now always warn before falling back to the system's native DNS by default. - `network.trr.display_fallback_warning` & `network.trr_ui.show_fallback_warning_option` -> `true` * Disabled Firefox's [nonfunctional](https://security.googleblog.com/2018/01/announcing-turndown-of-deprecated.html), [legacy Safe Browsing API](https://code.google.com/archive/p/google-safe-browsing/wikis/Protocolv2Spec.wiki) to ensure it's never used and for defense in depth. It's also now explicitly labeled in the case it is ever used for whatever reason. - `browser.safebrowsing.provider.google.advisoryName` -> `Google Safe Browsing (Legacy)`, `browser.safebrowsing.provider.google.gethashURL` & `browser.safebrowsing.provider.google.updateURL` -> ` ` * Explicitly enabled Firefox's native collector for sessionstore, as the old implementation is incompatible with per-site process isolation *([Fission](https://wiki.mozilla.org/Project_Fission))*. - `browser.sessionstore.disable_platform_collection` -> `false` * Added additional prefs to ensure Firefox's Cookie Banner Blocking is properly enabled and fully functional. - `cookiebanners.cookieInjector.enabled` & `cookiebanners.service.enableGlobalRules.subFrames` -> `true` * Explicitly disabled [EDNS Client Subnet (ECS)](https://wikipedia.org/wiki/EDNS_Client_Subnet) by default to prevent leaking general location data to authoritative DNS servers. - `network.trr.disable-ECS` -> `true` * Sending headers for DoH requests are now explicitly disabled. - `network.trr.send_accept-language_headers` & `network.trr.send_user-agent_headers` -> `false`, `network.trr.send_empty_accept-encoding_headers` -> `true` ___ Codeberg: See [here](https://codeberg.org/celenity/Phoenix/compare/2025.01.22.2...2025.01.24.1) for more details. GitLab: See [here](https://gitlab.com/celenity/Phoenix/-/compare/2025.01.22.2...2025.01.24.1) for more details. GitHub: See [here](https://github.com/celenityy/Phoenix/compare/2025.01.22.2...2025.01.24.1) for more details. ___ :)
-
2025.01.22.2
f4866046 · ·2025.01.22.2 ____ * Google Safe Browsing is now proxied on **all** Phoenix installations, regardless of platform. :D - This proxy is set-up using the servers we've set up for [IronFox](https://ironfoxoss.org) - which are hosted on Cloudflare *(on our bucket located in the EU's jurisdiction...)*. You can see the source code behind our proxy [here](https://gitlab.com/ironfox-oss/safebrowsing-proxy). * **DESKTOP**: Fixed a bug that prevented users from installing extensions from `addons.mozilla.org` until refreshing the page. * **DESKTOP**: Disabled HaGeZi's Badware Hoster Blocklist in uBlock Origin by default, due to causing too much breakage. * **DESKTOP**: Enabled BadBlock - Click Tracking & Dandelion Sprout's Annoyances List in uBlock Origin by default. * **DESKTOP**: Blocked the use of specific broad whitelists in uBlock Origin, that were only designed for/meant to be used on the DNS level. * **DESKTOP**: Switched the links for HaGeZi's filterlists in uBlock Origin to use Codeberg, rather than GitLab *(due to Codeberg's superior privacy policy...)*. * **DESKTOP**: Added preferences back to `phoenix.cfg`, as some preferences appear to not take effect unless set there. We're still also keeping preferences set in `phoenix.js` though, for consistency and defense in depth. * Other minor tweaks and improvements. ___ Codeberg: See [here](https://codeberg.org/celenity/Phoenix/compare/2025.01.22.1...2025.01.22.2) for more details. GitLab: See [here](https://gitlab.com/celenity/Phoenix/-/compare/2025.01.22.1...2025.01.22.2) for more details. GitHub: See [here](https://github.com/celenityy/Phoenix/compare/2025.01.22.1...2025.01.22.2) for more details. ___ :)
-
2025.01.22.1
ece3eb5a · ·2025.01.22.1 ____ * Extensions/themes are now checked for updates **hourly** by default rather than once every 24 hours... - `extensions.update.interval` -> `3600` * Timestamps are now shown in the web console by default. - `devtools.webconsole.timestampMessages` -> `true` * DESKTOP: Google Safe Browsing is now proxied by default! :) It's using the servers we've set up for [IronFox](https://ironfoxoss.org) - which are hosted on Cloudflare *(on our bucket located in the EU's jurisdiction...)*. Hopefully these will be working on Android soon. * DESKTOP: Enabled Firefox's newer `Felt privacy` design for Private Browsing & Certificate Errors (`browser.privatebrowsing.felt-privacy-v1` & `security.certerrors.felt-privacy-v1` -> `true`) * DESKTOP: Moved Phoenix's preferences from `phoenix.cfg` to `phoenix.js`, meaning our prefs are now applied globally at a single location. * Heavily refined the overall build process, as well as did lots of minor tweaks, enhancements, clean-up, and re-organization. ___ Codeberg: See [here](https://codeberg.org/celenity/Phoenix/compare/2025.01.20.2...2025.01.22.1) for more details. GitLab: See [here](https://gitlab.com/celenity/Phoenix/-/compare/2025.01.20.2...2025.01.22.1) for more details. GitHub: See [here](https://github.com/celenityy/Phoenix/compare/2025.01.20.2...2025.01.22.1) for more details. ___ :)
-
2025.01.20.2
f546810c · ·2025.01.20.2 ____ * Enabled [Cookies Having Independent Partitioned State (CHIPS)](https://developer.mozilla.org/docs/Web/Privacy/Privacy_sandbox/Partitioned_cookies) by default - `network.cookie.CHIPS.enabled` -> `true` * Enabled Smartblock Embeds/Placeholders by default - `extensions.webcompat.smartblockEmbeds.enabled` -> `true` * ANDROID: Explicitly enable a couple more ETP Strict protections - `network.cookie.cookieBehavior.optInPartitioning.pbmode` & `network.cookie.cookieBehavior.trackerCookieBlocking` -> `true` * DESKTOP: Added an `Unload tab` option to the context menu when right clicking tabs - `browser.tabs.unloadTabInContextMenu` -> `true` * DESKTOP: Fixed syntax errors with `phoenix.js` and `policies.json`... 😅 ___ Codeberg: See [here](https://codeberg.org/celenity/Phoenix/compare/2025.01.20.1...2025.01.20.2) for more details. GitLab: See [here](https://gitlab.com/celenity/Phoenix/-/compare/2025.01.20.1...2025.01.20.2) for more details. GitHub: See [here](https://github.com/celenityy/Phoenix/compare/2025.01.20.1...2025.01.20.2) for more details. ___ :)
-
2025.01.20.1
8277bf99 · ·2025.01.20.1 ____ * Enabled light mode by default as part of our new approach to fingerprinting protection *(as this matches ex. RFP)*... - `layout.css.prefers-color-scheme.content-override` -> `1` * Updated specialized configs to use our new approach to fingerprinting protection. - (https://codeberg.org/celenity/Phoenix/issues/46) * Explicitly disabled prefetching via proxy. - `network.dns.prefetch_via_proxy` -> `false` * Explicitly disabled TLS 1.3 0-RTT for HTTP3. - `network.http.http3.enable_0rtt` -> `false` * URLbar entries no longer open in new tabs by default. - `browser.urlbar.openintab` * Removed the annoying `Import data from another browser` default bookmark - `DisableProfileImport` -> `true` * `Always ask` is now shown in the permissions dropdown for camera and microphone *(if that's their current status)* - `permissions.media.show_always_ask.enabled` -> `true` * Updated references to our `Hardened` config to `Extended`. * ETP WebCompat is no longer disabled in our `Extended` configs, as it's harmless and actually useful. *(We still disable dFPI heuristics though...)* - `privacy.antitracking.enableWebcompat` * Specialized configs are now based off of `Extended No-Sync` instead of `No-Sync`. The build process itself for specialized configs has also been heavily improved, and unnecessary prefs were removed. * **DESKTOP**: Permission for websites to override keyboard shortcuts is now only blocked on `Extended` by default rather than all configs. - `permissions.default.shortcuts` * **DESKTOP** - **EXTENDED**: WebRTC hardening prefs are now unlocked and can be manually toggled by users if desired. - `media.peerconnection.ice.default_address_only` & `media.peerconnection.ice.no_host` * **DISCORD** & **ELEMENT** specialized configs: Permission to override keyboard shortcuts is no longer blocked by default. - `permissions.default.shortcuts` -> `0` * **YOUTUBE** specialized config: Fixed syntax errors. * Replaced the `browser.phoenix.*.applied` prefs with `browser.phoenix.*.status` prefs - as this is far cleaner and easy to manage (as well as better organized...) * Other minor tweaks, fixes, and enhancements... ___ Codeberg: See [here](https://codeberg.org/celenity/Phoenix/compare/2025.01.19.1...2025.01.20.1) for more details. GitLab: See [here](https://gitlab.com/celenity/Phoenix/-/compare/2025.01.19.1...2025.01.20.1) for more details. GitHub: See [here](https://github.com/celenityy/Phoenix/compare/2025.01.19.1...2025.01.20.1) for more details. ___ :)
-
2025.01.19.1
dac32ca9 · ·2025.01.19.1 ____ * Changed our approach to fingerprinting protection - See https://codeberg.org/celenity/Phoenix/issues/46 for details. * Unlocked the majority of preferences we previously had locked - See https://codeberg.org/celenity/Phoenix/issues/47 for details, as well as for the list of preferences we still lock... * Disabled `failIfMajorPerformanceCaveat` in WebGL contexts due to fingerprinting concerns. - `webgl.disable-fail-if-major-performance-caveat' -> 'true' * We no longer disable memory caching, as it can cause breakage in certain contexts, and there's simply no real benefit it brings *(Not even Tor Browser sets this...)*. - `browser.cache.memory.enable` & `browser.cache.memory.capacity` * Disabled the use of third-party/OS level root certificates. This is commonly abused by malware (including garbage antiviruses...) and these certificates are added to MITM traffic without user knowledge/consent. Users can still manually import their own certificate into Firefox's built-in certificate store - which I think is acceptable, because at least users this way are aware of the certificate(s) they're importing and why... - `security.certerrors.mitm.auto_enable_enterprise_roots` & `security.enterprise_roots.enabled` -> `false` * We no longer enable [CSS grid Masonry layout](https://developer.mozilla.org/docs/Web/CSS/CSS_grid_layout/Masonry_layout), as it could be fingerprintable *(and generally best to just leave up to upstream...)* - `layout.css.grid-template-masonry-value.enabled` * We now explicitly disable JIT (Ion/WarpMonkey) for extensions. We already did by default, but since we now manually set it, it's exposed in the `about:config` for users to toggle if desired. - `javascript.options.jit_trustedprincipals` -> `false` * Switched the target video resolution (when using Firefox's fingerprinting protection from 480p to 1080p - This is also the default on Nightly, and provides for a far better experience... - `privacy.resistFingerprinting.target_video_res` -> `1080` * Enabled Firefox's Cosmetic + UI Animations. Firefox already does this by default, but since we now manually set it, it's exposed in the `about:config` for users to toggle if desired. - `toolkit.cosmeticAnimations.enabled` -> `true`, `ui.prefersReducedMotion` -> `1` * **Desktop**: Removed more Mozilla URL tracking paramaters :/ - `browser.contentblocking.report.monitor.url' -> 'https://monitor.firefox.com/' & 'browser.contentblocking.report.monitor.sign_in_url' -> 'https://monitor.firefox.com/oauth/init' * **Android**: Enabled Safe Browsing by default using Android's specific prefs. - `browser.safebrowsing.features.malware.update` & `browser.safebrowsing.features.phishing.update` -> `true` * Lots of clean-up and unnecessary prefs removed + re-organization * Other minor tweaks, fixes, and enhancements... ___ Codeberg: See [here](https://codeberg.org/celenity/Phoenix/compare/2025.01.14.1...2025.01.19.1) for more details. GitLab: See [here](https://gitlab.com/celenity/Phoenix/-/compare/2025.01.14.1...2025.01.19.1) for more details. GitHub: See [here](https://github.com/celenityy/Phoenix/compare/2025.01.14.1...2025.01.19.1) for more details. ___ :)