Fennec - Firefox build with some proprietary stiff removed; repo
IronFox - Firefox fork (forked from Mull) with a bunch of hardening changes (notably resistFingerprinting enabled); repo
IronFox is more ambitious, which means higher maintenance load and more likely to fall behind. Fennec is much simpler, so less likely to fall behind, but also doesn’t change much from Firefox.
The main difference is of philosophy of trust. With F-droid you trust F-droid to build the binary from the developers’ source code. With Accrescent, you trust the developers to build the binary from the source code.
I wish more projects hosted their own F-droid repo and kept it up to date. FUTO has one for their stuff (Grayjay, FUTO Keyboard, etc), but it’s frequently outdated, whereas Bitwarden and a few others I use do a good job.
Maybe Accrescent is what I’m looking for. I just want a store that:
In the play store you’re trusting Google and the developer.
I’m not sure how obtainium works. But if you download binaries from GitHub, you’re trusting the developer to accurately build their source code into the binary without adding anything. You’re also trusting GitHub implicitly – way back when, source forge was sometimes adding malware to downloads iirc.
F-droid is kind of cool in that they are saying, “we will ensure for you that the code you execute is the same as the open source code you can read”. But this added level of insurance comes with downsides – like sometimes it’s harder for the developer to make their code build properly, or maybe updates take longer.
Yes you are trusting them, and the developer. Just like you are trusting F-droid if you download from them. You also have to trust that the compiler program doesn’t do anything fishy. It’s trust all the way down.
The good news is that lots of people are working on making the systems trustworthy, and you as a consumer can learn to distinguish between what can be trusted for your usecase and what can’t.
Get ironfox?
fennec vs ironfox opinions?
resistFingerprintingenabled); repoIronFox is more ambitious, which means higher maintenance load and more likely to fall behind. Fennec is much simpler, so less likely to fall behind, but also doesn’t change much from Firefox.
I would love to see a real comparison.
I like fennec because the name is cute.
I’ve not heard of ironfox before this thread! Could you possibly link it? Doesn’t seem like it’s on FDroid or IzzyOnDroid
You have to add IronFox’s repo in F-Droid before you can install it from there. This is their Github link.
Thanks
In addition to what others have said, it can be downloaded from the Accrescent app store:
https://accrescent.app/
Never heard of that, what’s the benefit over F-Droid?
GrapheneOS posted this on Mastodon about a month & a half back:
https://grapheneos.social/@GrapheneOS/113900949999725460
The main difference is of philosophy of trust. With F-droid you trust F-droid to build the binary from the developers’ source code. With Accrescent, you trust the developers to build the binary from the source code.
Not when using a self-hosted F-Droid Repo - which is the case for Ironfox.
I wish more projects hosted their own F-droid repo and kept it up to date. FUTO has one for their stuff (Grayjay, FUTO Keyboard, etc), but it’s frequently outdated, whereas Bitwarden and a few others I use do a good job.
Maybe Accrescent is what I’m looking for. I just want a store that:
I basically want fdroid, but faster updates.
Yeah that’s like any 3rd party repository
So Accrescent is more like the classic play store or Obtainium?
In the play store you’re trusting Google and the developer.
I’m not sure how obtainium works. But if you download binaries from GitHub, you’re trusting the developer to accurately build their source code into the binary without adding anything. You’re also trusting GitHub implicitly – way back when, source forge was sometimes adding malware to downloads iirc.
F-droid is kind of cool in that they are saying, “we will ensure for you that the code you execute is the same as the open source code you can read”. But this added level of insurance comes with downsides – like sometimes it’s harder for the developer to make their code build properly, or maybe updates take longer.
And here I’m trusting Accrescent to actually deliver me an executable that has not been tampered with
Yes you are trusting them, and the developer. Just like you are trusting F-droid if you download from them. You also have to trust that the compiler program doesn’t do anything fishy. It’s trust all the way down.
The good news is that lots of people are working on making the systems trustworthy, and you as a consumer can learn to distinguish between what can be trusted for your usecase and what can’t.
IronFox is on F-Droid. That where I got it from at least
its for android, mobile.
Duh