Currently, including myself, there’s 4 of us working on it.
We’re still discussing how to handle funding internally; but for the time being, as we start out, we’re just self-financing. We’re going to consider taking donations in the future.
Why is this project any different (security updates wise).
I stand by everything I said there. The key difference is that IronFox provides unique value over standard Firefox, unlike LibreWolf (& other Firefox desktop forks). All of LibreWolf’s privacy & security benefits can be easily applied to any Firefox installation via several methods (Ex. a user.js file, a mozilla.cfg file, an autoconfig.js file, etc. etc.). Why introduce the added risk of using a fork when it’s not necessary?
The case with Android is completely different. You simply don’t have as much control over Firefox as you do on desktop, and there are fundamental issues that can’t be fixed with a simple config file (Ex. the proprietary libraries we remove…).
To put it simply: You can make any standard Firefox desktop installation as private & secure as LibreWolf. You can’t make any standard Firefox Android installation as private & secure as IronFox or Mull.
So, yes, the same risks as with LibreWolf generally still apply to IronFox (as they also did to Mull); the difference is that unlike LibreWolf, we provide meaningful benefits to offset those risks.
As I stated above, there’s also 4 of us working on this; so we have the time, resources, & full intention on keeping up with security updates. For comparison: Mull was maintained by 1 person (a person who was also maintaining a Chromium-based browser, an entire mobile Android operating system, and various other works), yet was still able to keep up with Firefox updates within a day or 2 after release for several years.
I just want to make it clear that as a user, I completely understand your concern here & the importance of security updates, and I wouldn’t have anything to do with IronFox if I wasn’t comfortable guaranteeing we could keep up with them. At the end of the day though, like nearly everything in the privacy & security world, this all comes down to your threat model and what you’re comfortable with. If you value getting the quickest updates possible directly from Mozilla more than the privacy & security hardening of IronFox, then use standard Firefox instead. This same logic also applies to any other Firefox fork & Chromium fork regardless of platform.
The reasons why granting the app management permission is a serious security risk are documented here. I’m concerned about a security-first attitude which is crucial for a worthy successor to Mull.
This is incomparable, and not at all a reasonable comparison IMO.
Dove is a project designed for hardening Thunderbird on desktop, and it fundamentally works by modifying the application’s files and adding a custom mozilla.cfg file, prefs.js file, and policies.json file. I’m aware of the security risk & spent several hours researching & trying to find a better way to support Dove without needing to give Terminal the app management
permission, and was unable to find one. If anyone here has any ideas, let me know!.
I make it clear to the user that this permission is required (As evident by you quickly noticing it), and we support manual installations for users who are uncomfortable granting the Terminal this permission.
We can’t fix fundamental problems with macOS. Apple needs to allow more fine-grained controls (Such as the ability to grant permission to manage only specific applications rather than all or nothing, etc…), and Mozilla needs to allow reading config files for Firefox & Thunderbird without directly modifying the app’s contents.
If you don’t trust IronFox due to fundamental limitations of an unrelated project by 1 of the 4 maintainers, then don’t use it. I won’t tell you who you should or shouldn’t trust at the end of the day; that’s for you and you alone to decide. All I’ll tell you is that every project I’ve ever designed in this space has been done so with a security-first attitude. Myself & the other maintainers take this extremely seriously, and we’re not going to create a project that claims to improve privacy & security, while doing the opposite.