**<details><summary>NOTE FOR MACOS USERS**:</summary>
This release adds environment variables for macOS users to disable Mozilla's Crash Reporter *(like we already set for Linux)*, which will be set by default for new Phoenix installations going forward, but won't have an impact on current installs. While it's **not** required to add these environment variables to continue using Phoenix, macOS users with existing installations are **highly recommended** to add them due to the privacy benefits. You can easily set them up by running the following script:
```sh
/bin/zsh -c "$(curl --cert-status --doh-cert-status --no-insecure --no-proxy-insecure --no-sessionid --no-ssl --no-ssl-allow-beast --no-ssl-auto-client-cert --no-ssl-no-revoke --no-ssl-revoke-best-effort --proto -all,https --proto-default https --proto-redir -all,https --show-error -sSL https://gitlab.com/celenityy/Phoenix/-/raw/pages/installer_scripts/macos_env.sh)"
```
</details>
<br>
**NOTE**: Additionally, macOS **(Intel)** is now officially supported. Simply run the [installation script](https://codeberg.org/celenity/Phoenix#install) *(or do a manual installation if you prefer...)*, and choose `Intel` when prompted. :) **This is in addition to [various other improvements to the macOS install/uninstall scripts](https://codeberg.org/celenity/Phoenix/commits/branch/pages/installer_scripts/macos_install.sh).**
It should also be noted that as of this release, **Swisscows** has been removed a default search engine due to concerns regarding [false marketing of their VPN](https://accounts.swisscows.com/products/vpn) and [spreading false claims about other services, such as Signal](https://awiebe.org/warum-man-signal-nicht-trauen-sollte/).
____
* **<details><summary>DESKTOP**: Updated our uBlock Origin config (assets.json) per latest upstream changes.</summary>
See details: https://codeberg.org/celenity/Phoenix/commit/0d26adf11e2c0e62a053ebb0cf3edb78ab9331ea + https://github.com/gorhill/uBlock/commits/master/assets/assets.json
</details>
* **<details><summary>DESKTOP**: Added a 'Quick fixes' list to uBlock Origin + enabled it by default to allow us to fix issues caused by our config/default filterlists significantly faster (while waiting on the respective author to fix the issue upstream).</summary>
See details: https://codeberg.org/celenity/Phoenix/src/branch/pages/uBlock/quick-fixes.txt
</details>
* **<details><summary>ANDROID**: Temporarily excluded various captive portal domains from DNS over HTTPS by default to avoid breakage, as Firefox on Android currently doesn't have a UI to fallback (unlike Desktop).</summary>
See details: https://codeberg.org/celenity/Phoenix/commit/f1a13b77521942740248a66e7b74442392c0e0ef
`network.trr.excluded-domains` -> `aainflight.com,acwifi.com,aircanadawifi.com,airtime.geemedia.com,alaskawifi.com,amtrakconnect.com,amtrakwifi.com,ana-inflight-wifi.com,app-yoda.arubathena.com,aruba.odyssys.net,arubanetworks.com,arubanetworks.com.cn,asset-acms.anuvu.cloud,auth.hpe.com,bap.aws.opennetworkexchange.net,btwifi.com,captive.o2wifi.co.uk,captive-2020.aio.cloudauth.net,captive-2022.aio.cloudauth.net,captivemgr.o2wifi.net.uk,captiveportal-login.belex.com,carnivalwifi.com,cbp-guest.cbp.dhs.gov,cdnhotspot.afd.azureedge.net,cdnhotspot.azureedge.net,central.access.network,cfr-mprtuam-01.cops.us1.pr.anuvu.cloud,checkout.aa.com,cloud.imedia.ie,connect.edge.ihg.com,connect-edge.ihg.com,connected.xfinity.com,controller.access.network,cust.blueprintrf.com,deltawifi.com,device-yoda2.arubadev.cloud.hpe.com,dlrguest-captive.disney.com,ee-wifi.ee.co.uk,etihadwi-fly.com,fedsso.yum.com,flyfi.com,freewlan.sbb.ch,gogoinair.com,gogoinflight.com,gp1.wendys.com,guestinternet.com,guestinternet.com.s3-website-us-east-1.amazonaws.com,hiltonwifi.com,hotspotportals.com,hs.imedia.ie,httpforever.com,iceportal.de,inflight.pacwisp.net,inflight-wifi.com,inflightinternet.com,internal2-public-device-nc-nlb-b71ba3c951b09682.elb.us-west-2.amazonaws.com,internal2-public-device-nlb-2e2273d4267c0682.elb.us-west-2.amazonaws.com,internetupgrade.marriott.com,kong-gtw-portal-apse2prod5-lb-1386339370.ap-southeast-2.elb.amazonaws.com,kong-gtw-portal-eu-lb-1104785228.eu-central-1.elb.amazonaws.com,kong-gtw-portal-mec1prod6-lb-2104849938.me-central-1.elb.amazonaws.com,kong-gtw-portal-production-lb-686216184.us-west-1.elb.amazonaws.com,kong-gtw-portal-use1prod2-lb-291057632.us-east-1.elb.amazonaws.com,krisworld.singaporeair.com,kw.sq.com,landing.sbb.ch,loggedin.wifigem.it,login.attwifi.com,login.cloud5.com,login.cloudi-fi.net,login.innflux.com,login.wifigem.com,login.windstream.com,login-awe-cluster.attwifi.com,login-federated.windstream.com,lounge.aa.com,lpv.attwifi.com,lufthansa-flynet.com,managedwifi.xfinity.com,massportwifi.com,marriottwifi.com,medallionclass.com,mscwifi.com,msftguest-virtual.partners.extranet.microsoft.com,mt1.datavalet.io,network-auth.com,neverssl.com,nossl.com,ofc-yoda2.arubadev.cloud.hpe.com,onboard.eurostar.com,onboard.sbb.ch,onboardicafe.com,portal.ac2.mist.com,portal.ac5.mist.com,portal.ac6.mist.com,portal.eu.mist.com,portal.gc1.mist.com,portal.gc2.mist.com,portal.gc3.mist.com,portal.mist.com,portal.moovmanage.com,qa-connect-edge.ihg.com,rcs.arubathena.com,rcs-m.arubathena.com,rcs-ng-yoda2.arubadev.cloud.hpe.com,regio-guide.de,rsc.att.com,rsc.wayport.net,rougewifi.com,sbux-j3.datavalet.io,sbux-portal.globalreachtech.com,sbux-portal.odyssys.net,secure.11os.com,secure.datavalet.io,secure.wayport.net,secure-login.attwifi.com,service.thecloud.net,shop.ba.com,singaporeair-krisworld.com,sso.wendys.com,stage.connect.edge.ihg.com,starbucks-east.datavalet.io,stay.marriottbonvoy.com,southwestwifi.com,thalysnet.com,thd.cloudauth.net,timhortonswifi.com,tvgreyhound.com,unitedprivatescreening.com,unitedwifi.com,universal-orlando.ampthink.com,viasat.com,virginwifi.com,wanderingwifi.com,we.windstream.com,weconnect.wendys.com,wifi.airasia.com,wifi.bahn.de,wifi.cathaypacific.com,wifi.delta.com,wifi.esa.com,wifi.kfc.com,wifi1.kfc.com,wifi2.kfc.com,wifi.panerabread.com,wifi.singaporeair.com,wifi.sncf,wifi.starbucks.com,wifi.tgv-lyria.com,wifi.tgvlyria.com,wifi.united.com,wifi.united.com.edgekey.net,wifi.we.co,wifi.xfinity.com,wifi-viarail.ca,wifi-xdb.boingohotspot.net,wifihotspot.io,wifilauncher.com,wifilauncher.com.s3-website.us-east-1.amazonaws.com,wifilrn-ch2-1p.xfinity.com,wifionboard.com,wirelessportal.americanexpress.com,wirelessportal.americanexpress.com.akadns.net,wirelessportal2.americanexpress.com.akadns.net,wlb1-1579773356.us-east-1.elb.amazonaws.com,yoda-cgqa.arubathena.com,yoda-cgqa-elb.arubathena.com,yoda2-ofc-nlb-f4f923213a2189c7.elb.us-west-2.amazonaws.com,yoda2-public-device-nlb-8343995ce4714f6f.elb.us-west-2.amazonaws.com,yoda2-rcs-nlb-0c9df3882f3f7416.elb.us-west-2.amazonaws.com,zugportal.de`
</details>
* <details><summary>Enforced the internal Content Security Policy (CSP).</summary>
See details: https://developer.mozilla.org/docs/Web/HTTP/Guides/CSP
`security.browser_xhtml_csp.report-only` -> `false`
</details>
* <details><summary>Explicitly disabled JPEG-XL by default due to security concerns in its current state. </summary>
See details: https://github.com/mozilla/standards-positions/pull/1064
`image.jxl.enabled` -> `false`
</details>
* <details><summary>Prevented bypassing DNS over HTTPS for '/etc/HOSTS' entries by default to protect against HOSTS file hijacking.</summary>
See details: https://codeberg.org/celenity/Phoenix/commit/7ac281d87af2f65ed900e7f10f093311b472cfe5
`network.trr.exclude-etc-hosts` -> `false`
</details>
* <details><summary>Prevented websites from automatically refreshing by default on all configs instead of just 'Extended'.</summary>
`browser.meta_refresh_when_inactive.disabled` -> `true`
**DESKTOP**: `accessibility.blockautorefresh` -> `true`
</details>
* <details><summary>Stopped setting a stricter media autoplay policy in Phoenix 'Extended', due to it causing breakage and not really being privacy/security related (though still nice to have).</summary>
See details: https://codeberg.org/celenity/Phoenix/commit/e8fa1a3215d8693c728620551b4ee0fae09a83dd
`media.autoplay.blocking_policy` -> `0`
</details>
* <details><summary>Disabled add-on metadata updates by default.</summary>
See details: https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
`extensions.getAddons.cache.enabled` -> `false`
</details>
* **<details><summary>DESKTOP**: Disabled Firefox Sync feature recommendations.</summary>
`identity.fxaccounts.toolbar.syncSetup.panelAccessed` -> `true`
</details>
* <details><summary>Disabled Firefox Translations feature recommendations.</summary>
`browser.translations.panelShown` -> `true`
</details>
* <details><summary>Disabled Mozilla's GeoIP/Region Service.</summary>
`browser.region.local-geocoding` -> `false`
`browser.search.region` -> `US`
</details>
* <details><summary>Disabled Mozilla 's Terms of Use.</summary>
`datareporting.policy.dataSubmissionPolicyAcceptedVersion` -> `999`
`datareporting.policy.dataSubmissionPolicyNotifiedTime` -> `999999999`
**DESKTOP**: In addition to these prefs, we're also using the new [`SkipTermsOfUse`](https://mozilla.github.io/policy-templates/#skiptermsofuse) policy:
`SkipTermsOfUse` -> `true`
</details>
* **<details><summary>SPECIALIZED CONFIGS**: Disabled AMRemoteSettings.</summary>
See details: https://searchfox.org/mozilla-central/source/toolkit/mozapps/extensions/docs/AMRemoteSettings-overview.rst + https://searchfox.org/mozilla-central/source/toolkit/mozapps/extensions/AddonManager.sys.mjs
`extensions.remoteSettings.disabled` -> `true`
</details>
* **<details><summary>SPECIALIZED CONFIGS**: Disabled Geolocation network scanning for redundancy.</summary>
`geo.provider.network.scan` -> `false`
`network.wifi.scanning_period` -> `0`
</details>
* **<details><summary>SPECIALIZED CONFIGS**: Disabled Remote Permissions.</summary>
See details: https://searchfox.org/mozilla-central/source/extensions/permissions/docs/remote.rst + https://searchfox.org/mozilla-central/source/extensions/permissions/RemotePermissionService.sys.mjs + https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/remote-permissions/changeset?_expected=0
`permissions.manager.remote.enabled` -> `false`
</details>
* <details><summary>Disabled spoofing WebGL renderer info on 'moviezapiya.fun' by default to fix breakage.</summary>
See details: https://codeberg.org/celenity/Phoenix/issues/95
`privacy.fingerprintingProtection.granularOverrides` -> `{"firstPartyDomain":"moviezapiya.fun","overrides":"-WebGLRenderInfo"}`
</details>
* **<details><summary>ANDROID**: Allowed 'gsi.go.jp', 'harkins.com', 'megacloud.blog', 'megacloud.store', 'nperf.com' & 'pogospike.com' to extract randomized canvas data by default (if the target is enabled) to fix breakage.</summary>
See details: https://codeberg.org/celenity/Phoenix/commit/d0a57128f03f9e6381bb5a22b900901faecb7013 + https://codeberg.org/celenity/Phoenix/commit/7868acadf94ee47a8b69d46eef1c25b8076989b8 + https://codeberg.org/celenity/Phoenix/commit/e6d8e52c01a732b57d5681ac258abe586c3d48fb
`privacy.fingerprintingProtection.granularOverrides` -> `{"firstPartyDomain":"gsi.go.jp","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"harkins.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"megacloud.blog","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"megacloud.store","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"nperf.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"pogospike.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"}`
</details>
* **<details><summary>ANDROID**: Disabled spoofing screen coordinates on 'letterboxd.com' by default to properly display the mobile page instead of desktop.</summary>
See details: https://github.com/webcompat/web-bugs/issues/150661
`privacy.fingerprintingProtection.granularOverrides` -> `{"firstPartyDomain":"letterboxd.com","overrides":"-ScreenRect"}`
</details>
* **<details><summary>DESKTOP**: Blocked canvas data extraction before user input on 'cloudflare.com', 'riverside.fm', 'stacksocial.com', 'tiktok.com', 'tileman.io', 'usps.com', & 'yahoo.com' by default.</summary>
See details: https://codeberg.org/celenity/Phoenix/commit/d5b6477c783ed715e704c129ab3b364f7884419e + https://codeberg.org/celenity/Phoenix/commit/b3616823f0b82998e7bdec0e48d40b6e0643c452 + https://codeberg.org/celenity/Phoenix/commit/17c90cf95bb632d1cc1636719da9fd2ff920c5bb
`privacy.fingerprintingProtection.granularOverrides` -> `{"firstPartyDomain":"cloudflare.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"riverside.fm","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"stacksocial.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"tiktok.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"tileman.io","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"usps.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"yahoo.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"}`
</details>
* **<details><summary>DESKTOP**: Disabled spoofing screen coordinates on 'barnesandnoble.com' by default to unbreak account sign-in.</summary>
`privacy.fingerprintingProtection.granularOverrides` -> `{"firstPartyDomain":"barnesandnoble.com","overrides":"-ScreenRect"}`
</details>
* **<details><summary>DESKTOP**: Disabled pausing on debugger statements by default.</summary>
`devtools.debugger.pause-on-debugger-statement` -> `false`
</details>
* **<details><summary>DESKTOP**: Enabled display of default/browser styles in the Inspector by default.</summary>
`devtools.inspector.showUserAgentStyles` -> `true`
</details>
* <details><summary>Added 'classify-client.nonprod.webservices.mozgcp.net', 'classify-client.prod.webservices.mozgcp.net', 'location.services.mozilla.com', 'locprod2-elb-us-west-2.prod.mozaws.net', 'nonprod.classify-client.nonprod.webservices.mozgcp.net', & 'prod.classify-client.prod.webservices.mozgcp.net' to the internal domain blocklist.</summary>
`network.dns.localDomains` -> `classify-client.nonprod.webservices.mozgcp.net,classify-client.prod.webservices.mozgcp.net,location.services.mozilla.com,locprod2-elb-us-west-2.prod.mozaws.net,nonprod.classify-client.nonprod.webservices.mozgcp.net,prod.classify-client.prod.webservices.mozgcp.net'`
</details>
* **<details><summary>APPLE MAPS SPECIALIZED CONFIG**: Added 'securemetrics.apple.com.cn', 'securemvt.apple.com.cn', & 'smoot-api-glb.v.aaplimg.com' to the internal domain blocklist.</summary>
See details: https://codeberg.org/celenity/Phoenix/commit/5aacd001fce8087518444dfc7da107000bd88a30
`network.dns.localDomains` -> `securemetrics.apple.com.cn,securemvt.apple.com.cn,smoot-api-glb.v.aaplimg.com`
</details>
* **<details><summary>GOOGLE MAPS + YOUTUBE SPECIALIZED CONFIGS**: Added 'app-ads-services.com' to the internal domain blocklist.</summary>
`network.dns.localDomains` -> `app-ads-services.com`
</details>
* **<details><summary>NIGHTLY**: Enabled isolation of resources (ex. referrers & cookies) injected by extensions by default - Currently only supported on Firefox Nightly.</summary>
`privacy.antitracking.isolateContentScriptResources` -> `true`
</details>
* <details><summary>Added built-in example 'templates'/internal preferences to make it easier for users to set custom FPP (Fingerprinting Protection) overrides if needed.</summary>
See details: https://codeberg.org/celenity/Phoenix/commit/ea8b20c4748acb96ed4b3e365d1d7d5efb6ce81b
`privacy.fingerprintingProtection.granularOverrides.0.example` -> `[{"firstPartyDomain":"example1.invalid","overrides":"+ProtectionIWantToEnableOnThisWebsite,-ProtectionIWantToDisableOnThisWebsite"},{"thirdPartyDomain":"example2.invalid","overrides":"+ThirdPartyDomainsAreSupportedTheSameWayToo"}]`
`privacy.fingerprintingProtection.overrides.0.example` -> `+ProtectionIWantToEnableGlobally,-ProtectionIWantToDisableGlobally`
</details>
* <details><summary>Added a built-in note/internal preference so people don't freak out when they see RFP (Resist Fingerprinting) isn't enabled...</summary>
See details: https://codeberg.org/celenity/Phoenix/commit/538ee9f7c423371a02e5a688b29173c29c500d33
`privacy.resistFingerprinting.0.note` -> `RFP is disabled on purpose.`
`privacy.resistFingerprinting.1.note` -> `We use a hardened configuration of FPP instead.`
`privacy.resistFingerprinting.2.note` -> `Using RFP is not recommended or supported.`
</details>
* Other tweaks & fixes
___
Codeberg: See [here](https://codeberg.org/celenity/Phoenix/compare/2025.04.15.1...2025.04.27.1) for more details.
GitLab: See [here](https://gitlab.com/celenityy/Phoenix/-/compare/2025.04.15.1...2025.04.27.1) for more details.
GitHub: See [here](https://github.com/celenityy/Phoenix/compare/2025.04.15.1...2025.04.27.1) for more details.
___
:)