2026.02.16.1

Signed-off-by: celenity <celenity@celenity.dev>

Author: celenityy

android/phoenix-extended.cfg

@@ -0,0 +1,102 @@
+
+//
+
+//
+// Copyright (C) 2024-2026 celenity
+//
+// This file is part of Phoenix.
+//
+// Phoenix is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
+//
+// Phoenix is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along with Phoenix. If not, see https://www.gnu.org/licenses/.
+//
+
+// This file contains preferences shared across Phoenix 'Extended' configs.
+
+/* INDEX 
+
+001: FINGERPRINTING PROTECTION
+002: WEBRTC
+003: ATTACK SURFACE REDUCTION
+004: MISC. PRIVACY + SECURITY (ANDROID ONLY)
+005: MISC. PRIVACY
+
+*/
+
+/* KEY
+
+Unspecified = This preference should be set EVERYWHERE
+
+[ANDROID-ONLY] = This preference should ONLY be set for Android
+
+[NO-FLATPAK-LINUX] = This preference should be set everywhere, EXCEPT for GNU/Linux (Flatpak)
+[NO-LINUX] = This preference should be set everywhere, EXCEPT for GNU/Linux
+[NO-NON-FLATPAK-LINUX] = This preference should be set everywhere, EXCEPT for GNU/Linux (non-Flatpak)
+[NO-MAIL] = This preference should be set everywhere, EXCEPT for Thunderbird (Useful for ex. Dove)
+[NO-OSX] = This preference should be set everywhere, EXCEPT for macOS
+[NO-INTEL-OSX] = This preference should be set everywhere, EXCEPT for macOS on Intel
+[NO-SILICON-OSX] = This preference should be set everywhere, EXCEPT for macOS on Apple Silicon
+[NO-WINDOWS] = This preference should be set everywhere, EXCEPT for Windows
+
+*/
+
+/// Add custom branding at `about:support`
+defaultPref("app.support.vendor", "Phoenix - Extended: 2026.02.16.1"); // [NO-MAIL] [HIDDEN]
+
+
+/*** 001 FINGERPRINTING PROTECTION ***/
+
+
+/// Further harden FPP...
+// As explained here: https://codeberg.org/celenity/Phoenix/wiki/Extended#fingerprinting
+// Compared to standard, this just removes '-JSDateTimeUTC' - meaning timezone is spoofed to UTC-0
+defaultPref("privacy.fingerprintingProtection.overrides", "+AllTargets,-CanvasExtractionBeforeUserInputIsBlocked,-CSSPrefersColorScheme,-EfficientCanvasRandomization,-FrameRate,-CanvasImageExtractionPrompt"); // [ANDROID-ONLY]
+defaultPref("browser.phoenix.status.extended", "001");
+
+/*** 002 WEBRTC ***/
+// This will likely break WebRTC...
+
+/// Always exclude local IP addresses, even in trusted scenarios
+defaultPref("media.peerconnection.ice.no_host", true);
+
+/// Force a single candidate for ICE generation
+defaultPref("media.peerconnection.ice.default_address_only", true);
+
+/// Only use TURN servers/relays
+// No P2P
+// https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/issues/40#note_2884663
+defaultPref("media.peerconnection.ice.relay_only", true);
+
+defaultPref("browser.phoenix.status.extended", "002");
+
+/*** 003 ATTACK SURFACE REDUCTION ***/
+
+/// Disable WebAssembly (WASM)
+// https://spectrum.ieee.org/more-worries-over-the-security-of-web-assembly
+defaultPref("javascript.options.wasm", false);
+
+defaultPref("browser.phoenix.status.extended", "003");
+
+/*** 004 MISC. PRIVACY + SECURITY ***/
+
+/// Disable WebGL [ANDROID-ONLY]
+// PRIVACY: Fingerprinting concerns [ANDROID-ONLY]
+// SECURITY: Attack Surface Reduction [ANDROID-ONLY]
+// https://blog.browserscan.net/docs/webgl-fingerprinting [ANDROID-ONLY]
+// https://security.stackexchange.com/questions/13799/is-webgl-a-security-concern [ANDROID-ONLY]
+// On desktop we're no longer setting/recommending this in favor of the built-in `Block WebGL` filterlist in uBlock Origin, but on Android, we can't necessarily control uBlock Origin/set policies, so let's just make sure this is disabled. [ANDROID-ONLY]
+defaultPref("webgl.disabled", true); // [ANDROID-ONLY]
+
+defaultPref("browser.phoenix.status.extended", "004");
+
+/*** 005 MISC. PRIVACY ***/
+
+/// Only send cross-origin referers if hosts match
+// https://wiki.mozilla.org/Security/Referrer
+defaultPref("network.http.referer.XOriginPolicy", 2);
+
+defaultPref("browser.phoenix.status.extended", "005");
+
+lockPref("browser.phoenix.status.extended", "successfully applied :D");

android/phoenix-extended.js

@@ -43,7 +43,7 @@ Unspecified = This preference should be set EVERYWHERE
 */
 
 /// Add custom branding at `about:support`
-pref("app.support.vendor", "Phoenix - Extended: 2026.01.21.1"); // [NO-MAIL] [HIDDEN]
+pref("app.support.vendor", "Phoenix - Extended: 2026.02.16.1"); // [NO-MAIL] [HIDDEN]
 
 
 /*** 001 FINGERPRINTING PROTECTION ***/
@@ -52,7 +52,7 @@ pref("app.support.vendor", "Phoenix - Extended: 2026.01.21.1"); // [NO-MAIL] [HI
 /// Further harden FPP...
 // As explained here: https://codeberg.org/celenity/Phoenix/wiki/Extended#fingerprinting
 // Compared to standard, this just removes '-JSDateTimeUTC' - meaning timezone is spoofed to UTC-0
-pref("privacy.fingerprintingProtection.overrides", "+AllTargets,-CanvasExtractionBeforeUserInputIsBlocked,-CSSPrefersColorScheme,-FrameRate,-CanvasImageExtractionPrompt"); // [ANDROID-ONLY]
+pref("privacy.fingerprintingProtection.overrides", "+AllTargets,-CanvasExtractionBeforeUserInputIsBlocked,-CSSPrefersColorScheme,-EfficientCanvasRandomization,-FrameRate,-CanvasImageExtractionPrompt"); // [ANDROID-ONLY]
 pref("browser.phoenix.status.extended", "001");
 
 /*** 002 WEBRTC ***/