IceRaven setup (WIP)
Last updated : 26/8/2025 (version 2.34.1)
Changelog :
26/8/2025
- Testing extensions on real-life use.
- Mark as WIP, as it should be.
- To do :
	+ Find and block individual Mozilla connections on about:config so it can (hopefully) be fully blocked without using hosts; which will make this a bit more useful for those downloading extensions from AMO.
	+ Maybe make a personal user.js (based on arkenfox?). Except applying user.js requires rw access to /data so not sure for now.

4/8/2025
- Initial commit

Post-installation (no internet)
Setup wizard
- skip everything else
- theme : System auto
- toolbar : top (or bottom, I don't know your UI preference; can be changed later)
- mozilla telemetry : unchecked (opt-out)

Disable / kill all inbuilt shortcuts (long press icon & tap "delete")

about:config (take your time, there's tonnes of 'em and you need rw access to /data for custom user.js like arkenfox) (may break stuff, STFW if not sure)
- browser.formfill.enable=false
- browser.safebrowsing.allowOverride=false
- browser.safebrowsing.blockedURIs.enabled=false
- browser.safebrowsing.debug=false
- browser.safebrowsing.downloads.enabled=false
- browser.safebrowsing.downloads.remote.block_dangerous=false
- browser.safebrowsing.downloads.remote.block_dangerous_host=false
- browser.safebrowsing.downloads.remote.block_potentially_unwanted=false
- browser.safebrowsing.downloads.remote.block_uncommon=false
- browser.safebrowsing.downloads.remote.enabled=false
- browser.safebrowsing.downloads.remote.url=""
- browser.safebrowsing.malware.enabled=false
- browser.safebrowsing.phishing.enabled=false
- datareporting.healthreport.uploadEnabled=false
- datareporting.policy.dataSubmissionEnabled=false
- dom.gamepad.enabled=false
- dom.netinfo.enabled=true
- dom.push.connection.enabled=false
- dom.push.enabled=false
- dom.serviceWorkers.enabled=false
- dom.serviceWorkers.privateBrowsing.enabled=false
- dom.webaudio.enabled=false
- dom.webnotifications.enabled=false
- geo.enabled=false
- geo.provider.network.url=""
- media.peerconnection.enabled=false (webRTC)
- media.peerconnection.ice.default_address_only=true
- network.captive-portal-service.enabled=false
- network.connectivity-service.DNS_HTTPS.domain=""
- network.connectivity-service.enabled=false
- network.connectivity-service.nat64-check=false
- network.connectivity-service.wait_for_idle_startup=false
- network.dns.blockDotOnion=0 (if browsing TOR sites)
- network.dns.disableIPv6=true (I'm curious if anyone exclusively uses IPv6 so consider this "depends on use case")
- network.dns.disablePrefetch=true
- network.http.SendOriginHeader=2 (default)
- network.http.SendRefererHeader=1
- network.predictor.enabled=false
- network.trr.confirmation_telemetry_enabled=false
- network.trr.default_provider.uri="" (defaults to cuckflare, ew)
- network.trr.mode=0
- privacy.donottrackheader.enabled=false (DNT is useless)
- privacy.fingerprintingProtection=true
- privacy.fingerprintingProtection.pbmode=true
- privacy.resistFingerprinting=true
- privacy.resistFingerprinting.randomization.daily_reset.enabled=true
- privacy.resistFingerprinting.randomization.daily_reset.private.enabled=true
- privacy.trackingprotection.enabled=true
- privacy.trackingprotection.fingerprinting.enabled=true
- security.OCSP.enabled=0 (check https://scotthelme.co.uk/revocation-is-broken and/or research into OCSP before committing to any and/or all of these OCSP changes)
- security.OCSP.require=false (STFW OCSP)
- security.ssl.enable_ocsp_stapling=false (STFW OCSP)
- toolkit.coverage.opt-out=true (manual creation)
- toolkit.telemetry.coverage.opt-out=true (manual creation)
- toolkit.telemetry.enabled=false (by default)
- toolkit.telemetry.server=""
- webgl.disabled=true (depends on use case?)
- xpinstall.signatures.required=false (optional, not really required for my extensions of choice... yet.)
- xpinstall.whitelist.required=false

Manual extension installation (https://github.com/fork-maintainers/iceraven-browser/issues/723) (may change if upstream Fenix and/or IceRaven kills MV2 support)
3 dot menu > Extensions > Extensions Manager > puzzle icon (or 3 dot menu > Settings > Extensions > puzzle icon)
Installed extensions (in order of installation from oldest) : uMatrix (or xiMatrix if you need MV3), redirector?, smart https, (optional) decentraleyes or any localcdn extensions, TPRB / BCMA, stylus

Working extensions (extension runs, settings can be tweaked)
- uMatrix (the MOST important)
- xiMatrix (maintained MV3 alternative to uMatrix, though not as refined)
- Smart HTTPS
- Stylus (https://add0n.com/stylus.html)
- Russian? TPRB 1.1.21.2resigned1 (DigDeeper claims TPRB allows blocking cuckflare but I didn't find the relevant settings)
- Block Cloudflare MITM Attack (hey it's the OG)
- Redirector (Einar) (Settings pop up on background, addding regex can be cumbersome as settings page constantly pulls away from input bar which needed zooming on these tiny screens)
I thought Einar's Redirector settings page did not open, but backing out of the Redirector menu properly shows its settings in a new tab.

Failing extensions (extension not running and/or untweakable settings)
- Searxes' TPRB (settings return blank page)

Untested extensions (we'd check if we want to?)
- local cdn extensions (like Decentraleyes) (should work out of the box with CDN links whitelisted in uMatrix)

Settings
Search
+ Default search engine : anything but inbuilt (Bing, Duckduckgo, Google)
+ Examples that I would (kind of) endorse
- 4get.bloat.cat
	- Name : 4get.bloat.cat
	- Search string URL : https://4get.bloat.cat/web?s=%s
- Mojeek
	- Name : Mojeek
	- Search string URL : https://www.mojeek.com/search?q=%s
- Search suggestion API : blanked out (manually apply to each & every search engine)

+ Suggestions from seearch engines
- Show search suggestions disabled
+ Address bar - Iceraven Suggest
- Search browsing history disabled
- Search bookmarks enabled
- Search synced tabs disabled
- Search opened tabs enabled
+ Address bar preferences
- Show home button enabled
- Show clipoard suggestions enabled
- Everything else enabled / disabled left to user preference (I disabled them)

Tabs
+ Tab view : Grid (or list if you want it; UI choice)
+ Close tabs : Never
+ Move old tabs to inactive : untoggled / disabled

Homepage
+ Change homepage : Default homepage (or whatever custom homepage you have?)
+ Shortcuts
- Everything disabled
+ opening screen : Last tab

Customize
+ Theme : follow device theme
+ Address bar location : Top (or bottom, depending on your preference)
- Strip http/https/www from urls disabled
- Show shipped domains suggestions disabled
+ Gestures
- Pull to refresh enabled
- Scroll to hide toolbar enabled
- Swipe address bar sideways to switch tabs disabled
+ Downloads : Completion dialog box disabled
+ Custom add-ons source : untouched
+ Configure system behavior : untouched
+ Others : all disabled

Passwords
+ Save passwords : Never save
+ Everything else disabled

Autofill
+ Everything disabled

Accessibility
+ Automatic font sizing enabled
+ Zoom on all websites enabled

Language
+ Left untouched (Follow device language)

Translations
+ Everything disabled

Private Browsing
- Use screen lock to hide tabs in private browsing enabled (if only to keep anyone else off your "private" browsing sections, but maybe applocking the browser mught be a better idea if possible)
- Everything else untouched (or tweaked ot your preference)

HTTPS-Only Mode
+ depends on user case I suppose...

Enhanced Tracking Protection : Disabled for now
+ If I were to enable it, I'd set them to Custom
- Block all 3rd-party cookies
- Block tracking content in all tabs
- Block cryptominers
- Block known fingerprinters
- Block redirect trackers
- Block suspected fingerprinters in all tabs
- Disable "Tell websites not to share & sell data"

Site settings
- Request desktop site disabled (or enabled depending on user preference)
- Persistent storage : ask to allow
- Everything else is "blocked"

Delete browsing data on quit : on
- Unchecked (disabled) : Open tabs, site permissions
- Checked (enabled) : Browsing history, cached images and files, downloads
- Situational (depends on use case) : cookies and site data