It does not, my browser project is more closer to a scaled-up Arkenfox than a hard-forked Firefox, of which the latter is not within any feasible plan nor scope against my resources. Here is a summary of Arkenfox v144 today:
- 345 preferences, including 28 parrot preferences used for syntax checking
- Otherwise, 317 preferences, no duplicates
My browser project is only focusing on the human-readable information, with the most notable difference being that I will be manually auditing far more than 317 preferences:
This preference dump file of 5,578 preferences and 119 policies is just the start, because the scanner is unable to detect C++/Rust source code preferences at the moment. Despite what appears to be an enormous number, this is all ultimately feasible because regressions are limited in impact and scope, and every preference manually audited now, on average, is a positive investment towards not modifying it again later against any future Firefox release. I am reusing the same logic and reasoning that @Thorin is using with Arkenfox, but for a complete, comprehensive, and curated map of every layer, not just user.js.
Before I continue on, it is also important to understand the power dynamic at play upstream, against me alone downstream:
- Mozilla has access to Claude Mythos Preview
- I do not
My browser project is ambitious, but pragmatic. Instead of “just” 317 preferences, I want access to every option and preference, even implied ones, and if there are any preferences without hooks or toggles, I can force access to them using surgical source transform patches. However, I am not going to reach for the stars and rewrite swathes of Firefox source code itself. Instead, I will be leaving that for Mozilla to deal with upstream at every Firefox release. Firefox 150, which is what FlawlessFox/BaseSecure (tenative name) are currently based on, is the result of Mozilla using Claude Mythos Preview, finding 271 bugs, and patching them:
My position in this downstream project is very clear. I only manually audit options and preferences, not code itself. I cannot claim to understand C++/Rust, but both of us, and more than just us, can claim to understand network.dns.disablePrefetch=true means DNS queries are not prefetched, instead they must be explicitly fetched by the user. If you can imagine reading a preference like that over 5,000 times, with minor variations, then you can understand how someone like me, with zero C++/Rust knowledge, can achieve manually auditing Mozilla’s build options and runtime preferences against every Firefox release, now and in the future.
Fair point, but not a fair argument. If I had to interpret your statement towards its logical conclusion, then I would need to have my own datacentre with myself as its sole tenant, have my own dark fibre network, become my own ISP, have my own AS number, handle my own BGP routing, and have separate root servers, minimum. Instead, it is more productive to flip the interpretation on its head, back to my previous statements:
- Using Hetzner is better than using AWS, Azure, Cloudflare, GitHub, and other Big Tech infrastructure
- I am managing the entire infrastructure otherwise
If I chose to continue seeing every flaw about either of ourselves and/or our situations, then I would have not bothered working towards any solution at all and permanently lurked in the shadows, praying for someone with ample resources and a generous character to come forward, getting everything perfectly done right the first time without any of our inputs. Instead, I am choosing to challenge myself and Mozilla to strive for a better today, regardless of resources, because I understand that I need to become the change I want to see in the world now, not later. Waiting around for Mozilla to actually be on our side, to seriously start considering using OpenPGP to resign 20+ years of code commits and towards strict compliance with the Kicksecure Digital Signature Policy is a fantasy that will ultimately get us both nowhere. In contrast, I am open to accommodating everything Kicksecure needs and/or prefers, as long as it is achievable and realistic without significant external financial support, and I will certainly endeavour to put in the time and work to realize this project’s full potential.
This has been a great discussion so far, but I have important updates:
FlawlessFox and BaseSecure (tenative name) for Linux have been successfully built, so here is what is left short-term:
This is a bit speculative, but if you decide to want your browser on Android later, then my agenda now will have already covered it against Kicksecure’s Digital Signature Policy. Also, the way I am working now, I am more likely to create a name for your browser and the Kicksecure Forum topic as the very last step on the entire roadmap, since I care more about getting my agenda and roadmap done first.