Skip to content
IronFox

Privacy Patches

This category includes patches that protect against various forms of tracking, as well as patches that limit data exposure and reduce the browser’s required permissions.

Patches

Configure DNS over HTTPS

Strengthens the default protection level of DNS over HTTPS, and adds additional DNS providers.

Currently, the following DNS providers have been added :

  • Quad9
  • AdGuard
  • AdGuard (Unfiltered)
  • Cloudflare (Malware Protection)
  • DNS0
  • DNS0 (ZERO)
  • DNS4EU (Ad Blocking)
  • DNS4EU (Protective)
  • DNS4EU (Unfiltered)
  • Mullvad (Base)
  • Mullvad (Unfiltered)
  • Wikimedia

Quad9 is used by default.

Reason
To harden DoH out of the box, and to add support for multiple secure DNS providers in the UI settings.
Effect
Improves DNS privacy and security by strengthening DoH’s default protection level, and adds a selection of carefully selected DoH providers for the users to choose from.

Disable Autocomplete

Disables URL autocomplete by default.

Reason
To prevent accidental navigation to incorrect/undesired websites.
Effect
Provides users with more control over the URL bar, and ensures that users only navigate to their intended location.

Disable Password Manager and Address/Credit Card Autofill

Disables password manager and address/credit card autofill by default. Using the built-in password manager in a browser is discouraged. Prefer using external, more secure password managers, such as Bitwarden.

Reason
To prevent automatic storage of sensitive credentials in the browser.
Effect
Reduces risk of credential exposure.

Disables trending search suggestions by default.

Reason
Reduces unwanted network activity and connections to third party services.
Effect
Cleaner, more private address bar experience, without trending search suggestions.

Disable Search Suggestions

Disables search suggestions by default.

Reason
To prevent automatic submission of text entered in the URL bar to search providers.
Effect
Improves privacy by reducing data shared with search engines.

Sanitize Data on Exit

Clears browsing data on exit by default

Reason
Protects privacy between browser sessions.
Effect
Automatically clears tabs, history, cache, and download list when browser closes.

Custom Search Engines

Adds custom privacy-focused search engines.

Reason
To provide alternatives to tracking-heavy default search engines.
Effect
Users can easily use privacy-respecting search engines.

Enable ETP Strict

Sets Enhanced Tracking Protection to Strict mode by default.

Reason
To provide stronger protection against tracking without user configuration.
Effect
Blocks more trackers and fingerprinting scripts out of the box, strengthens state partitioning, and enables protection against various other methods of cross-site tracking.

Enable Local Network Access Restrictions

Enables Local Network Access Restrictions by default.

Reason
To provide websites from accessing local network resources, to reduce fingerprintability, and to prevent unauthorized access to the local network.
Effect
Improves privacy and security for users.

Blocks cookie consent banners in Private Browsing windows by default, enables a UI setting to enable or disable blocking of cookie consent banners in Private Browsing, and allows users to enable or disable cookie banner blocking per-site (in both standard and Private Browsing windows).

Reason
Improves privacy by preventing websites from co-ercing users to enable/agree to tracking, and improves the browsing experience by removing annoying consent pop-ups.
Effect
Cleaner websites without cookie banners, while automatically opting users out of tracking where possible.

Configure uBlock Origin

Sets uBlock Origin to use a custom/enhanced config, and changes certain settings by default.

Reason
To provide stronger out-of-box content blocking.
Effect
Better ad and tracker blocking with optimized filter lists.

Disable Network Connectivity Status Monitoring (Fenix)

Prevents Firefox for Android from monitoring the status of the user’s internet connection.

Reason
To prevent the browser from accessing network information (with the ACCESS_NETWORK_STATE permission).
Effect
Reduces required permissions and limits data exposed to the browser.

Disable Network Connectivity Status Monitoring (GeckoView)

Prevents GeckoView from monitoring the status of the user’s internet connection.

Reason
To prevent the browser from accessing network information (with the ACCESS_NETWORK_STATE permission).
Effect
Reduces required permissions and limits data exposed to the browser.

Disable Network ID generation

Prevents Firefox from generating an internal network ID that could potentially be used to track users (https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/4c548fa04b668a310c90c0e783ec404420f06257).

Reason
To prevent the browser from generating an ID that could be used for tracking/fingerprinting.
Effect
Protects users against tracking/fingerprinting.

Disable Speculative Connections

Prevents GeckoView from generating speculative/predictive connections.

Reason
To prevent unwanted/unsolicited network traffic (In Fenix, this is currently used for certain URL bar suggestions).
Effect
Prevents the browser from connecting to third parties without explicit user consent, and provides users with more control over their network activity.

Stub the Beacon API (navigator.sendBeacon)

To prevent tracking and the submission of analytics, without aiding fingerprinting and causing undesired breakage.

Reason
The Beacon API (navigator.sendBeacon)‘s explicit, stated purpose/use case is for analytics/tracking (https://developer.mozilla.org/docs/Web/API/Beacon_API). However, disabling it entirely (like standard Firefox allows) is undesired, as it causes breakage, aids fingerprinting, and can allow trackers to fallback to other mechanisms for submitting data (as they can tell it’s disabled/unavailable). Stubbing the API instead fixes these issues.
Effect
Users are protected against tracking, and benefit from added attack surface reduction, without causing breakage and having to deal with the usual side effects that appear when the Beacon API is disabled.

Prevent fingerprinting based on whether PDF.js is enabled/disabled

Prevents aiding fingerprinting when Firefox’s internal PDF viewer (PDF.js) is disabled.

Reason
To allow users to disable PDF.js if preferred (ex. in favor of an external viewer, like GrapheneOS’s: https://github.com/GrapheneOS/PdfViewer), without increasing fingerprintability.
Effect
Users can safely disable PDF.js if preferred, without compromising their privacy.

Disable unsolicited favicon fetching

Prevents Firefox from automatically fetching favicons for websites pinned to the browser homepage.

Reason
To prevent unwanted network activity and connections to third parties.
Effect
Reduces network activity, provides users with more control, and provides a faster browser homepage.

Do not allow built-in add-ons to access private browsing windows unconditionally

Prevents built-in add-ons from always being able to access private browsing windows, even if they don’t request or need access.

Reason
To improve privacy and security for users by limiting the amount of access built-in add-ons have to the browser.
Effect
Users are provided with a more private and secure browsing experience.