Privacy Browser 2.4 has been released. It adds a dark theme option. Originally I planned to do a completely black theme for AMOLED devices. However, as I worked on it, I didn’t like the way the black theme looked. Instead, I decided to go with a dark theme, which works well in low light scenarios.
If there is significant demand, I would consider adding a black theme as a third option. However, the effort to create and maintain the theme is significant, especially when supporting earlier versions of Android, which don’t allow tinting of certain icons, requiring separate drawables for each theme. I think the power saving difference on an AMOLED screen between the dark theme and a black theme is not likely to be significant enough to justify the effort.
Because of the way Android is (currently) designed, Privacy Browser has to be restarted for a change in theme to take effect.
For websites that aren’t encrypted, the “http://” is displayed in red, bold text. Unencrypted websites are very bad for privacy, and in this day and age there is no excuse to run an unencrypted webserver, so whenever you visit a website that is unencrypted it is a warning to you that the website operators don’t understand what they are doing or don’t take your privacy seriously.
Settings were added to control what happens on Clear and Exit. If all of these are disabled, Clear and Exit will close Privacy Browser but leave all data intact.
When clearing cookies, DOM storage, or form data from the options menu, the snackbar now has an undo option.
An updated Italian translation was provided by Francesco Buratti and an updated Spanish translation was provided by Jose A. León Becerra.
The major planned feature for the next release is SSL certificate pinning.
There is a forum topic for discussion of the timeline for the 2.x release series. Feel free to add contribute to the discussion.
Privacy Browser 2.3 has been released. It fixes a longstanding bug that caused redirects to be included in the WebView history. This made it difficult to use the back button to return to the previous website if there was one (or more) redirects that led to the current page.
A feature has been added to disable the loading of images to conserve bandwidth. There is a general system settings, an on-the-fly setting, and controls in domain settings.
The WebView has been changed to use a wide viewport, which fixes the layout of some web pages. For example, prior to the fix, XKCD comics would extend beyond the viewable area of the page.
It is now possible to load host only URLs. Previously, if the URL text box did not contain a FQDN (Fully Qualified Domain Name) or the word
localhost a search would be performed. With this change any text that begins with
https:// will be loaded as a URL. This removes the previous behavior of loading any text that contained
localhost as a URL, which means that a search can now be performed from the URL text box that contains the term
The settings activity now contains icons next to each preference, which in many cases change color based on the status of the item.
The web page title is now prepended to the URL when shared through the options menu. The third-party cookies preference is now disabled on KitKat in the settings activity because it only works on Lollipop or newer. It had previously been hidden from the options menu and domain settings.
Refresh has been moved to the bottom of the options menu to make it easier to find.
As usual, an updated Italian translation was provided by Francesco Buratti and an updated Spanish translation was provided by Jose A. León Becerra.
- High applies to the first half of the 2.x series. All these will be implemented (except for those waiting on a third-party fix) before the addition of the READ_EXTERNAL_STORAGE and WRITE_EXTERNAL_STORAGE dangerous permissions.
- Medium applies to the second half of the 2.x series. All these depend on the addition of these dangerous storage permissions. I expect to begin work on these issues in the second half of 2017.
- Low applies to the 3.x and 4.x series. I would expect 3.0 to be released sometime in 2018.
In general, my design philosophy is to polish off one set of features before moving on to the next set. This is why, for example, there are several issues relating to polishing the bookmarks and domain settings included in the high priority. Not taking time to polish existing features, but constantly rushing on to the next hot thing, is what leads to the morass of poor software that assaults us from almost all sides.
In deciding which order to implement features, I am guided by the following general principles.
- Implement privacy features first.
- Implement those that are quick and easy before those that will require significant investment.
- Prioritize items that are most important to users within the framework of 1 and 2.
From time to time I hear from users, including my wife, who wonder why tabbed browsing is pushed all the way back to version 3. The answer is that the tabbed browsing I intend to implement is quite complicated and will require a large amount of coding. It will also require a lot of work to make sure that the privacy features apply correctly to each of the tabs, especially when each tab has different settings. It makes sense to me to postpone it until after the privacy related features in the 2.x series, which are quicker to implement, have been completed.
Privacy Browser 2.2 has been released. At the request of a user, an Incognito Mode was added, which deletes the cache and history after each webpage loads. This provides protection against someone acquiring a user’s device and being able to see which websites they have visited. Incognito Mode is disabled by default.
The erroneous sections of an SSL error message are now displayed in red.
A user reported that the cache was not being deleted on their device on Clear and Exit. It turns out LineageOS created a custom WebView and did something to break its ability to clear the cache. Clear and Exit now requests that WebView clear its cache and then follows up by manually deleting the cache directory.
A 25% font zoom option was added. A bug was fixed that caused proxying through Orbot to not remove the “Connecting to Orbot” message if the homepage was blank. Torch was removed as a suggested Tor search engine because it doesn’t support HTTPS. A bug was fixed that caused both the Find on Page search bar and the URL bar to be displayed if the Find on Page search bar was displayed during a resume of Privacy Browser.
A Domain Settings tab was added to the Guide.
Privacy Browser 2.1 has been released. It fixes a crash on load introduced in version 2.0.1 if the homepage was set to be blank. When working with blank homepages, I also changed the default behavior so that the URL text box is selected and the keyboard is automatically displayed.
A bug was fixed that prevented Privacy Browser from loading localhost URLs. This was caused because
Patterns.WEB_URL.matcher was used to determine if the input text was a URL or a search term.
Patterns.WEB_URL.matcher does not consider localhost to be a
WEB_URL. The fix causes all entries that contain
localhost to be loaded as a URL. This creates a new problem if someone is searching for a string that contains
localhost. The workaround is to perform these searches directly on the website of a search engine instead of using the URL text bar.
Another bug was fixed that prevented URLs loaded from the URL text bar to load correctly if they contained special characters like : or =. This was caused because the special characters were not being correctly encoded in UTF-8.
The website favorite icon is now reset to the default every time a new domain is loaded. This prevents websites like Evercookie from displaying the favorite icon from the previous domain.
As the most common reason for tapping the URL text bar is to type a new URL, the entire text is now selected when tapped. A second tap will allow editing of the URL. A double tap will provide options for cut, copy, and paste.
The order of the items in the main options menu have been changed so that the options that (I believe) are used least frequently are at the bottom. This is so that users with small screen devices don’t have to scroll as often.
The green highlight that indicates custom domain settings are applied now has rounded corners, which makes it look a little more polished. The URL loading progress bar now goes all the way across the screen instead of being constrained to the width of the URL text box.
As usual, an updated Italian translation was provided by Francesco Buratti and an updated Spanish translation by Jose A. León Becerra. Privacy Browser currently doesn’t have a German translator, so the German translation is getting increasingly out of date. Please contact me if you would like to volunteer as a German translator (or as a translator for any other language).
The next release will continue the work of winnowing down the list of open bugs and feature requests.
The current behavior is as follows:
- When a domain is loaded, Privacy Browser checks to see if there are custom domain settings. If so, they are applied. Otherwise, the default domain settings are applied.
There may be some tweaking in the future of how these features work based on user feedback. Let me know if there is something I can do to better fit your needs.
Two other bugs were fixed regarding correctly applying custom domain settings to subdomains and handling browsing with the system back button. Also, the create bookmark and create shortcut dialogs now autopopulate the bookmark name and shortcut name fields with the website title. These are autoselected, making them easy to delete if different text is desired.
Privacy Browser 2.0 has been released. This version includes a new section in the navigation menu entitled “Domains”. It allows custom settings to be assigned to individual domain names, which are loaded automatically with the domain. When leaving the domain, the default settings are reloaded.
On tablets in landscape mode, a two-paned master/detail layout is used. On smaller devices the domain list loads first, followed by the domain settings.
When visiting a domain with custom domain settings, the background of the URL text box and the favorite icon is set to light green.
Beginning in verison 1.15, Privacy Browser would automatically start Orbot if proxying through the Tor network. With version 2.0, Privacy Browser takes this to the next level by actually waiting for Orbot to connect before trying to load a website. I know, it’s amazing what technology can do.
Updated Spanish translations were provided by Jose A León Becerra. Updated Italian translations were provided by Francesco Buratti.
Because this release added two new activities for the domain settings, and because making any changes or additions to the activities in
AndroidManifest.xml causes homepage icons for the app to be removed (why is that?), if you had a shortcut on your homepage you will have to recreate it after upgrading.
Following the previously published roadmap, the next few releases will consist of closing small bugs and polishing the overall look and feel of Privacy Browser.
I thought it would be valuable to lay down a development roadmap.
- 2.0 – Automatic loading of privacy settings by domain.
- 2.x – Cleanup of small bugs and polishing.
- 2.x – SSL certificate pinning.
- 2.x – Addition of READ_EXTERNAL_STORAGE and WRITE_EXTERNAL_STORAGE permissions.
- 3.0 – Tabbed browsing.
- 4.0 – Create a custom WebView called Privacy WebView.
Most Android browsers’ implementation of tabs are more like quick bookmarks with large thumbnails than real tabbed browsing. My plan is to use a TabView (similar to the Guide and About sections). There are several complexities with doing so, including managing separate privacy settings for each tab, that make this much more complicated that might initially appear. That is why the implementation is pushed all the way to version 3.0. But the final result should be a fully usable tabbed interface that scales well from small phones all the way to laptops and desktops.