Skip to content

Releases: celenityy/Phoenix

2025.01.27.1

27 Jan 01:42
@celenityy celenityy
2025.01.27.1
74b69c2
This commit was signed with the committer’s verified signature.
celenityy 💘
GPG key ID: D78A401467CD0C35
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
2025.01.27.1 Latest
Latest

  • ANDROID: Re-enabled the JIT Baseline Interpreter by default to fix severe performance issues. We still disable the JIT Baseline Interpreter on desktop, and even on Android, we still disable JIT via various other prefs. - javascript.options.blinterp -> true

  • ANDROID: Manually enabled more ETP/ETP Strict protections - privacy.annotate_channels.strict_list.enabled, privacy.annotate_channels.strict_list.pbmode.enabled, privacy.partition.network_state, privacy.partition.serviceWorkers, privacy.query_stripping.redirect, & privacy.reduceTimerPrecision -> true

  • Disabled sending 'daily usage pings' to Mozilla - datareporting.usage.uploadEnabled -> false

  • Disabled CAPTCHA Detection Pings - captchadetection.actor.enabled -> false, captchadetection.loglevel -> Off

  • Added additional prefs to prevent cross-origin sub-resources from opening HTTP authentication dialogs (These are especially important for ex. Thunderbird...) - network.auth.non-web-content-triggered-resources-http-auth-allow & network.auth.subresource-img-cross-origin-http-auth-allow -> false

  • Disabled automatically clearing net monitor and web console log messages after page reloads/navigation - devtools.netmonitor.persistlog & devtools.webconsole.persistlog -> true

  • Syntax is now highlighted when viewing page sources (view-source:) - view_source.syntax_highlight -> true

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

:)

Assets 2
Loading

2025.01.24.1

24 Jan 14:32
@celenityy celenityy
2025.01.24.1
c13774f
This commit was signed with the committer’s verified signature.
celenityy 💘
GPG key ID: D78A401467CD0C35
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
2025.01.24.1

FYI: Users who manually installed Phoenix on macOS or GNU/Linux who used the sudo mv commands from the README are highly recommended to reinstall Phoenix with the updated steps, due to potential security issues. Thank you to doomedguppy for discovering & reporting this issue, and thank you to @Modaresisofthard for the prompt response and fix.

  • Regardless of Firefox's DoH mode, we now always warn before falling back to the system's native DNS by default. - network.trr.display_fallback_warning & network.trr_ui.show_fallback_warning_option -> true

  • Disabled Firefox's nonfunctional, legacy Safe Browsing API to ensure it's never used and for defense in depth. It's also now explicitly labeled in the case it is ever used for whatever reason. - browser.safebrowsing.provider.google.advisoryName -> Google Safe Browsing (Legacy), browser.safebrowsing.provider.google.gethashURL & browser.safebrowsing.provider.google.updateURL ->

  • Explicitly enabled Firefox's native collector for sessionstore, as the old implementation is incompatible with per-site process isolation (Fission). - browser.sessionstore.disable_platform_collection -> false

  • Added additional prefs to ensure Firefox's Cookie Banner Blocking is properly enabled and fully functional. - cookiebanners.cookieInjector.enabled & cookiebanners.service.enableGlobalRules.subFrames -> true

  • Explicitly disabled EDNS Client Subnet (ECS) by default to prevent leaking general location data to authoritative DNS servers. - network.trr.disable-ECS -> true

  • Sending headers for DoH requests are now explicitly disabled. - network.trr.send_accept-language_headers & network.trr.send_user-agent_headers -> false, network.trr.send_empty_accept-encoding_headers -> true

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

:)

Contributors

Modaresisofthard
Assets 2
Loading

2025.01.22.2

22 Jan 17:51
@celenityy celenityy
2025.01.22.2
f486604
This commit was signed with the committer’s verified signature.
celenityy 💘
GPG key ID: D78A401467CD0C35
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
2025.01.22.2

  • Google Safe Browsing is now proxied on all Phoenix installations, regardless of platform. :D - This proxy is set-up using the servers we've set up for IronFox - which are hosted on Cloudflare (on our bucket located in the EU's jurisdiction...). You can see the source code behind our proxy here.

  • DESKTOP: Fixed a bug that prevented users from installing extensions from addons.mozilla.org until refreshing the page.

  • DESKTOP: Disabled HaGeZi's Badware Hoster Blocklist in uBlock Origin by default, due to causing too much breakage.

  • DESKTOP: Enabled BadBlock - Click Tracking & Dandelion Sprout's Annoyances List in uBlock Origin by default.

  • DESKTOP: Blocked the use of specific broad whitelists in uBlock Origin, that were only designed for/meant to be used on the DNS level.

  • DESKTOP: Switched the links for HaGeZi's filterlists in uBlock Origin to use Codeberg, rather than GitLab (due to Codeberg's superior privacy policy...).

  • DESKTOP: Added preferences back to phoenix.cfg, as some preferences appear to not take effect unless set there. We're still also keeping preferences set in phoenix.js though, for consistency and defense in depth.

  • Other minor tweaks and improvements.

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

:)

Assets 2
Loading

2025.01.22.1

22 Jan 02:34
@celenityy celenityy
2025.01.22.1
ece3eb5
This commit was signed with the committer’s verified signature.
celenityy 💘
GPG key ID: D78A401467CD0C35
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
2025.01.22.1

  • Extensions/themes are now checked for updates hourly by default rather than once every 24 hours... - extensions.update.interval -> 3600

  • Timestamps are now shown in the web console by default. - devtools.webconsole.timestampMessages -> true

  • DESKTOP: Google Safe Browsing is now proxied by default! :) It's using the servers we've set up for IronFox - which are hosted on Cloudflare (on our bucket located in the EU's jurisdiction...). Hopefully these will be working on Android soon.

  • DESKTOP: Enabled Firefox's newer Felt privacy design for Private Browsing & Certificate Errors (browser.privatebrowsing.felt-privacy-v1 & security.certerrors.felt-privacy-v1 -> true)

  • DESKTOP: Moved Phoenix's preferences from phoenix.cfg to phoenix.js, meaning our prefs are now applied globally at a single location.

  • Heavily refined the overall build process, as well as did lots of minor tweaks, enhancements, clean-up, and re-organization.

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

:)

Assets 2
Loading

2025.01.20.2

20 Jan 13:33
@celenityy celenityy
2025.01.20.2
f546810
This commit was signed with the committer’s verified signature.
celenityy 💘
GPG key ID: D78A401467CD0C35
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
2025.01.20.2

  • Enabled Cookies Having Independent Partitioned State (CHIPS) by default - network.cookie.CHIPS.enabled -> true

  • Enabled Smartblock Embeds/Placeholders by default - extensions.webcompat.smartblockEmbeds.enabled -> true

  • ANDROID: Explicitly enabled a couple more ETP Strict protections - network.cookie.cookieBehavior.optInPartitioning.pbmode & network.cookie.cookieBehavior.trackerCookieBlocking -> true

  • DESKTOP: Added an Unload tab option to the context menu when right clicking tabs - browser.tabs.unloadTabInContextMenu -> true

  • DESKTOP: Fixed syntax errors with phoenix.js and policies.json... 😅

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

:)

Assets 2
Loading

2025.01.20.1

20 Jan 02:24
@celenityy celenityy
2025.01.20.1
8277bf9
This commit was signed with the committer’s verified signature.
celenityy 💘
GPG key ID: D78A401467CD0C35
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
2025.01.20.1

  • Enabled light mode by default as part of our new approach to fingerprinting protection (as this matches ex. RFP)... - layout.css.prefers-color-scheme.content-override -> 1

  • Updated specialized configs to use our new approach to fingerprinting protection. - (https://codeberg.org/celenity/Phoenix/issues/46)

  • Explicitly disabled prefetching via proxy. - network.dns.prefetch_via_proxy -> false

  • Explicitly disabled TLS 1.3 0-RTT for HTTP3. - network.http.http3.enable_0rtt -> false

  • URLbar entries no longer open in new tabs by default. - browser.urlbar.openintab

  • Removed the annoying Import data from another browser default bookmark - DisableProfileImport -> true

  • Always ask is now shown in the permissions dropdown for camera and microphone (if that's their current status) - permissions.media.show_always_ask.enabled -> true

  • Updated references to our Hardened config to Extended.

  • ETP WebCompat is no longer disabled in our Extended configs, as it's harmless and actually useful. (We still disable dFPI heuristics though...) - privacy.antitracking.enableWebcompat

  • Specialized configs are now based off of Extended No-Sync instead of No-Sync. The build process itself for specialized configs has also been heavily improved, and unnecessary prefs were removed.

  • DESKTOP: Permission for websites to override keyboard shortcuts is now only blocked on Extended by default rather than all configs. - permissions.default.shortcuts

  • DESKTOP - EXTENDED: WebRTC hardening prefs are now unlocked and can be manually toggled by users if desired. - media.peerconnection.ice.default_address_only & media.peerconnection.ice.no_host

  • DISCORD & ELEMENT specialized configs: Permission to override keyboard shortcuts is no longer blocked by default. - permissions.default.shortcuts -> 0

  • YOUTUBE specialized config: Fixed syntax errors.

  • Replaced the browser.phoenix.*.applied prefs with browser.phoenix.*.status prefs - as this is far cleaner and easy to manage (as well as better organized...)

  • Other minor tweaks, fixes, and enhancements...

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

:)

Assets 2
Loading

2025.01.19.1

19 Jan 01:31
@celenityy celenityy
2025.01.19.1
dac32ca
This commit was signed with the committer’s verified signature.
celenityy 💘
GPG key ID: D78A401467CD0C35
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
2025.01.19.1

  • Changed our approach to fingerprinting protection - See https://codeberg.org/celenity/Phoenix/issues/46 for details.

  • Unlocked the majority of preferences we previously had locked - See https://codeberg.org/celenity/Phoenix/issues/47 for details, as well as for the list of preferences we still lock...

  • Disabled failIfMajorPerformanceCaveat in WebGL contexts due to fingerprinting concerns. - `webgl.disable-fail-if-major-performance-caveat' -> 'true'

  • We no longer disable memory caching, as it can cause breakage in certain contexts, and there's simply no real benefit it brings (Not even Tor Browser sets this...). - browser.cache.memory.enable & browser.cache.memory.capacity

  • Disabled the use of third-party/OS level root certificates. This is commonly abused by malware (including garbage antiviruses...) and these certificates are added to MITM traffic without user knowledge/consent. Users can still manually import their own certificate into Firefox's built-in certificate store - which I think is acceptable, because at least users this way are aware of the certificate(s) they're importing and why... - security.certerrors.mitm.auto_enable_enterprise_roots & security.enterprise_roots.enabled -> false

  • We no longer enable CSS grid Masonry layout, as it could be fingerprintable (and generally best to just leave up to upstream...) - layout.css.grid-template-masonry-value.enabled

  • We now explicitly disable JIT (Ion/WarpMonkey) for extensions. We already did by default, but since we now manually set it, it's exposed in the about:config for users to toggle if desired. - javascript.options.jit_trustedprincipals -> false

  • Switched the target video resolution (when using Firefox's fingerprinting protection from 480p to 1080p - This is also the default on Nightly, and provides for a far better experience... - privacy.resistFingerprinting.target_video_res -> 1080

  • Enabled Firefox's Cosmetic + UI Animations. Firefox already does this by default, but since we now manually set it, it's exposed in the about:config for users to toggle if desired. - toolkit.cosmeticAnimations.enabled -> true, ui.prefersReducedMotion -> 1

  • Desktop: Removed more Mozilla URL tracking paramaters :/ - `browser.contentblocking.report.monitor.url' -> 'https://monitor.firefox.com/' & 'browser.contentblocking.report.monitor.sign_in_url' -> 'https://monitor.firefox.com/oauth/init'

  • Android: Enabled Safe Browsing by default using Android's specific prefs. - browser.safebrowsing.features.malware.update & browser.safebrowsing.features.phishing.update -> true

  • Lots of clean-up and unnecessary prefs removed + re-organization

  • Other minor tweaks, fixes, and enhancements...

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

:)

Assets 2
Loading

2025.01.14.1

14 Jan 00:58
@celenityy celenityy
2025.01.14.1
9a8d914
This commit was signed with the committer’s verified signature.
celenityy 💘
GPG key ID: D78A401467CD0C35
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
2025.01.14.1

  • Disabled the use of system accent colors due to fingerprinting concerns - widget.non-native-theme.use-theme-accent -> false

  • Fixed the URL for BeaconDB - geo.provider.network.url -> https://api.beacondb.net/v1/geolocate (Thanks to @LucasMZ https://codeberg.org/celenity/Phoenix/pulls/45 💜)

  • Desktop: Explicitly opted out of the origin trial for Privacy-Preserving Attribution in policies.json for defense in depth - dom.origin-trials.private-attribution.state -> 2

  • Android: Fully enabled Bounce Tracking Protection (part of ETP Strict) - privacy.bounceTrackingProtection.mode -> 1

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

:)

Contributors

LucasMZ
Assets 2
Loading

2025.01.13.1

13 Jan 02:08
@celenityy celenityy
2025.01.13.1
7bb0a21
This commit was signed with the committer’s verified signature.
celenityy 💘
GPG key ID: D78A401467CD0C35
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
2025.01.13.1

  • Set additional preferences to ensure DNS Prefetching is fully disabled for defense in depth - dom.prefetch_dns_for_anchor_http_document & dom.prefetch_dns_for_anchor_https_document -> false

  • Similarly, set the maximum amount of connections for Preconnect to 0... - network.early-hints.preconnect.max_connections -> 0

  • Disabled saving clipboard history locally and/or to the cloud... - clipboard.copyPrivateDataToClipboardCloudOrHistory -> false

  • Set file:// URLs to open in a separate content process - browser.tabs.remote.separateFileUriProcess -> true

  • Enabled Opaque Response Blocking - browser.opaqueResponseBlocking & browser.opaqueResponseBlocking.javascriptValidator -> true

  • Enabled SHIP (Session History In Parent), as it's required for Per-site process isolation (Fission) - fission.disableSessionHistoryInParent -> false

  • Explicitly opted out of the origin trial for Privacy-Preserving Attribution for defense in depth - dom.origin-trials.private-attribution.state -> 2

  • Enforced blocking access to the AddonManager over insecure protocols - extensions.webapi.testing.http -> false

  • Additionally, blocked certain Mozilla developer websites from accessing the AddonManager... - extensions.webapi.testing -> false

  • Enforced always running web extensions out of process - extensions.webextensions.remote -> true

  • Enabled COEP: credentialless - browser.tabs.remote.coep.credentialless -> true, dom.origin-trials.coep-credentialless.state -> 1

  • Prevented remoteTypes from triggering process switches they shouldn't be able to... - browser.tabs.remote.enforceRemoteTypeRestrictions -> true

  • Switched setting Quad9 as the default DoH provider by now using network.trr.default_provider_uri instead of network.trr.custom_uri & network.trr.uri - network.trr.default_provider_uri -> https://dns.quad9.net/dns-query, network.trr.custom_uri & network.trr.uri ->

  • Minor tweaks & re-organization

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

:)

Assets 2
Loading

2025.01.12.2

12 Jan 02:59
@celenityy celenityy
2025.01.12.2
756643b
This commit was signed with the committer’s verified signature.
celenityy 💘
GPG key ID: D78A401467CD0C35
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
2025.01.12.2

Codeberg: See here for more details.

GitHub: See here for more details.

:)

Assets 2
Loading