gitlab celenityy/Phoenix 2025.04.27.1
on GitLab

latest releases: 2025.09.07.1, 2025.08.06.1, 2025.07.30.1...
4 months ago

NOTE FOR MACOS USERS:

This release adds environment variables for macOS users to disable Mozilla's Crash Reporter (like we already set for Linux), which will be set by default for new Phoenix installations going forward, but won't have an impact on current installs. While it's not required to add these environment variables to continue using Phoenix, macOS users with existing installations are highly recommended to add them due to the privacy benefits. You can easily set them up by running the following script: 

/bin/zsh -c "$(curl --cert-status --doh-cert-status --no-insecure --no-proxy-insecure --no-sessionid --no-ssl --no-ssl-allow-beast --no-ssl-auto-client-cert --no-ssl-no-revoke --no-ssl-revoke-best-effort --proto -all,https --proto-default https --proto-redir -all,https --show-error -sSL https://gitlab.com/celenityy/Phoenix/-/raw/pages/installer_scripts/macos_env.sh)"


NOTE: Additionally, macOS (Intel) is now officially supported. Simply run the installation script (or do a manual installation if you prefer...), and choose Intel when prompted. :) This is in addition to various other improvements to the macOS install/uninstall scripts.

It should also be noted that as of this release, Swisscows has been removed a default search engine due to concerns regarding false marketing of their VPN and spreading false claims about other services, such as Signal.

  • ANDROID: Temporarily excluded various captive portal domains from DNS over HTTPS by default to avoid breakage, as Firefox on Android currently doesn't have a UI to fallback (unlike Desktop).

    See details: https://codeberg.org/celenity/Phoenix/commit/f1a13b77521942740248a66e7b74442392c0e0ef

    network.trr.excluded-domains -> aainflight.com,acwifi.com,aircanadawifi.com,airtime.geemedia.com,alaskawifi.com,amtrakconnect.com,amtrakwifi.com,ana-inflight-wifi.com,app-yoda.arubathena.com,aruba.odyssys.net,arubanetworks.com,arubanetworks.com.cn,asset-acms.anuvu.cloud,auth.hpe.com,bap.aws.opennetworkexchange.net,btwifi.com,captive.o2wifi.co.uk,captive-2020.aio.cloudauth.net,captive-2022.aio.cloudauth.net,captivemgr.o2wifi.net.uk,captiveportal-login.belex.com,carnivalwifi.com,cbp-guest.cbp.dhs.gov,cdnhotspot.afd.azureedge.net,cdnhotspot.azureedge.net,central.access.network,cfr-mprtuam-01.cops.us1.pr.anuvu.cloud,checkout.aa.com,cloud.imedia.ie,connect.edge.ihg.com,connect-edge.ihg.com,connected.xfinity.com,controller.access.network,cust.blueprintrf.com,deltawifi.com,device-yoda2.arubadev.cloud.hpe.com,dlrguest-captive.disney.com,ee-wifi.ee.co.uk,etihadwi-fly.com,fedsso.yum.com,flyfi.com,freewlan.sbb.ch,gogoinair.com,gogoinflight.com,gp1.wendys.com,guestinternet.com,guestinternet.com.s3-website-us-east-1.amazonaws.com,hiltonwifi.com,hotspotportals.com,hs.imedia.ie,httpforever.com,iceportal.de,inflight.pacwisp.net,inflight-wifi.com,inflightinternet.com,internal2-public-device-nc-nlb-b71ba3c951b09682.elb.us-west-2.amazonaws.com,internal2-public-device-nlb-2e2273d4267c0682.elb.us-west-2.amazonaws.com,internetupgrade.marriott.com,kong-gtw-portal-apse2prod5-lb-1386339370.ap-southeast-2.elb.amazonaws.com,kong-gtw-portal-eu-lb-1104785228.eu-central-1.elb.amazonaws.com,kong-gtw-portal-mec1prod6-lb-2104849938.me-central-1.elb.amazonaws.com,kong-gtw-portal-production-lb-686216184.us-west-1.elb.amazonaws.com,kong-gtw-portal-use1prod2-lb-291057632.us-east-1.elb.amazonaws.com,krisworld.singaporeair.com,kw.sq.com,landing.sbb.ch,loggedin.wifigem.it,login.attwifi.com,login.cloud5.com,login.cloudi-fi.net,login.innflux.com,login.wifigem.com,login.windstream.com,login-awe-cluster.attwifi.com,login-federated.windstream.com,lounge.aa.com,lpv.attwifi.com,lufthansa-flynet.com,managedwifi.xfinity.com,massportwifi.com,marriottwifi.com,medallionclass.com,mscwifi.com,msftguest-virtual.partners.extranet.microsoft.com,mt1.datavalet.io,network-auth.com,neverssl.com,nossl.com,ofc-yoda2.arubadev.cloud.hpe.com,onboard.eurostar.com,onboard.sbb.ch,onboardicafe.com,portal.ac2.mist.com,portal.ac5.mist.com,portal.ac6.mist.com,portal.eu.mist.com,portal.gc1.mist.com,portal.gc2.mist.com,portal.gc3.mist.com,portal.mist.com,portal.moovmanage.com,qa-connect-edge.ihg.com,rcs.arubathena.com,rcs-m.arubathena.com,rcs-ng-yoda2.arubadev.cloud.hpe.com,regio-guide.de,rsc.att.com,rsc.wayport.net,rougewifi.com,sbux-j3.datavalet.io,sbux-portal.globalreachtech.com,sbux-portal.odyssys.net,secure.11os.com,secure.datavalet.io,secure.wayport.net,secure-login.attwifi.com,service.thecloud.net,shop.ba.com,singaporeair-krisworld.com,sso.wendys.com,stage.connect.edge.ihg.com,starbucks-east.datavalet.io,stay.marriottbonvoy.com,southwestwifi.com,thalysnet.com,thd.cloudauth.net,timhortonswifi.com,tvgreyhound.com,unitedprivatescreening.com,unitedwifi.com,universal-orlando.ampthink.com,viasat.com,virginwifi.com,wanderingwifi.com,we.windstream.com,weconnect.wendys.com,wifi.airasia.com,wifi.bahn.de,wifi.cathaypacific.com,wifi.delta.com,wifi.esa.com,wifi.kfc.com,wifi1.kfc.com,wifi2.kfc.com,wifi.panerabread.com,wifi.singaporeair.com,wifi.sncf,wifi.starbucks.com,wifi.tgv-lyria.com,wifi.tgvlyria.com,wifi.united.com,wifi.united.com.edgekey.net,wifi.we.co,wifi.xfinity.com,wifi-viarail.ca,wifi-xdb.boingohotspot.net,wifihotspot.io,wifilauncher.com,wifilauncher.com.s3-website.us-east-1.amazonaws.com,wifilrn-ch2-1p.xfinity.com,wifionboard.com,wirelessportal.americanexpress.com,wirelessportal.americanexpress.com.akadns.net,wirelessportal2.americanexpress.com.akadns.net,wlb1-1579773356.us-east-1.elb.amazonaws.com,yoda-cgqa.arubathena.com,yoda-cgqa-elb.arubathena.com,yoda2-ofc-nlb-f4f923213a2189c7.elb.us-west-2.amazonaws.com,yoda2-public-device-nlb-8343995ce4714f6f.elb.us-west-2.amazonaws.com,yoda2-rcs-nlb-0c9df3882f3f7416.elb.us-west-2.amazonaws.com,zugportal.de

  • Prevented websites from automatically refreshing by default on all configs instead of just 'Extended'.

browser.meta_refresh_when_inactive.disabled -> true

DESKTOP: accessibility.blockautorefresh -> true

  • Stopped setting a stricter media autoplay policy in Phoenix 'Extended', due to it causing breakage and not really being privacy/security related (though still nice to have).

See details: https://codeberg.org/celenity/Phoenix/commit/e8fa1a3215d8693c728620551b4ee0fae09a83dd

media.autoplay.blocking_policy -> 0

  • DESKTOP: Disabled Firefox Sync feature recommendations.

    identity.fxaccounts.toolbar.syncSetup.panelAccessed -> true

  • Disabled Firefox Translations feature recommendations.

    browser.translations.panelShown -> true

  • Disabled Mozilla's GeoIP/Region Service.

    browser.region.local-geocoding -> false
    browser.search.region -> US

  • Disabled Mozilla 's Terms of Use.

    datareporting.policy.dataSubmissionPolicyAcceptedVersion -> 999
    datareporting.policy.dataSubmissionPolicyNotifiedTime -> 999999999

    DESKTOP: In addition to these prefs, we're also using the new SkipTermsOfUse policy:

    SkipTermsOfUse -> true

  • SPECIALIZED CONFIGS: Disabled Geolocation network scanning for redundancy.

    geo.provider.network.scan -> false
    network.wifi.scanning_period -> 0

  • Disabled spoofing WebGL renderer info on 'moviezapiya.fun' by default to fix breakage.

    See details: https://codeberg.org/celenity/Phoenix/issues/95

    privacy.fingerprintingProtection.granularOverrides -> {"firstPartyDomain":"moviezapiya.fun","overrides":"-WebGLRenderInfo"}

  • ANDROID: Disabled spoofing screen coordinates on 'letterboxd.com' by default to properly display the mobile page instead of desktop.

    See details: https://github.com/webcompat/web-bugs/issues/150661

    privacy.fingerprintingProtection.granularOverrides -> {"firstPartyDomain":"letterboxd.com","overrides":"-ScreenRect"}

  • DESKTOP: Disabled spoofing screen coordinates on 'barnesandnoble.com' by default to unbreak account sign-in.

    privacy.fingerprintingProtection.granularOverrides -> {"firstPartyDomain":"barnesandnoble.com","overrides":"-ScreenRect"}

  • DESKTOP: Disabled pausing on debugger statements by default.

devtools.debugger.pause-on-debugger-statement -> false

  • DESKTOP: Enabled display of default/browser styles in the Inspector by default.

    devtools.inspector.showUserAgentStyles -> true

  • Added 'classify-client.nonprod.webservices.mozgcp.net', 'classify-client.prod.webservices.mozgcp.net', 'location.services.mozilla.com', 'locprod2-elb-us-west-2.prod.mozaws.net', 'nonprod.classify-client.nonprod.webservices.mozgcp.net', & 'prod.classify-client.prod.webservices.mozgcp.net' to the internal domain blocklist.

    network.dns.localDomains -> classify-client.nonprod.webservices.mozgcp.net,classify-client.prod.webservices.mozgcp.net,location.services.mozilla.com,locprod2-elb-us-west-2.prod.mozaws.net,nonprod.classify-client.nonprod.webservices.mozgcp.net,prod.classify-client.prod.webservices.mozgcp.net'

  • GOOGLE MAPS + YOUTUBE SPECIALIZED CONFIGS: Added 'app-ads-services.com' to the internal domain blocklist.

    network.dns.localDomains -> app-ads-services.com

  • NIGHTLY: Enabled isolation of resources (ex. referrers & cookies) injected by extensions by default - Currently only supported on Firefox Nightly.

    privacy.antitracking.isolateContentScriptResources -> true

  • Added built-in example 'templates'/internal preferences to make it easier for users to set custom FPP (Fingerprinting Protection) overrides if needed.

See details: https://codeberg.org/celenity/Phoenix/commit/ea8b20c4748acb96ed4b3e365d1d7d5efb6ce81b 

`privacy.fingerprintingProtection.granularOverrides.0.example` -> `[{"firstPartyDomain":"example1.invalid","overrides":"+ProtectionIWantToEnableOnThisWebsite,-ProtectionIWantToDisableOnThisWebsite"},{"thirdPartyDomain":"example2.invalid","overrides":"+ThirdPartyDomainsAreSupportedTheSameWayToo"}]`
`privacy.fingerprintingProtection.overrides.0.example` -> `+ProtectionIWantToEnableGlobally,-ProtectionIWantToDisableGlobally`

  • Added a built-in note/internal preference so people don't freak out when they see RFP (Resist Fingerprinting) isn't enabled...

See details: https://codeberg.org/celenity/Phoenix/commit/538ee9f7c423371a02e5a688b29173c29c500d33 

`privacy.resistFingerprinting.0.note` -> `RFP is disabled on purpose.`
`privacy.resistFingerprinting.1.note` -> `We use a hardened configuration of FPP instead.`
`privacy.resistFingerprinting.2.note` -> `Using RFP is not recommended or supported.`

  • Other tweaks & fixes
    ___

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

:)

Check out latest releases or
releases around celenityy/Phoenix 2025.04.27.1

Don't miss a new Phoenix release

NewReleases is sending notifications on new releases.

Get notifications