Privacy Browser 2.6

Privacy Browser 2.6 has been released. There is a new night mode for rendering web pages. The night mode overrides certain CSS layout options to create an experience that works well on the majority of websites, especially when paired with the dark theme.

Injecting the custom CSS currently requires JavaScript to be enabled (obviously not desirable from a privacy perspective). When Privacy WebView is released as part of the 4.x series, it will become possible to modify the CSS of the website without enabling JavaScript.

While the website is loading, it is hidden and a dark gray background is displayed. The following CSS code is applied to the website after it has finished loading.

* {
    background-color: #212121 !important;
    color: #BDBDBD !important;
    box-shadow: none !important;
    text-decoration: none !important;
    text-shadow: none !important;
    border: none !important;

"a {
    color: #1565C0 !important;

* formats all elements with the following characteristics. background-color: #212121 sets a dark gray background. color: #BDBDBD sets the text to be a light gray. box-shadow: none removes a form of underline that some websites use for links. text-decoration: none removes the standard underline used for links. text-shadow: none removes text shadows (which don’t often match well against the dark background). border: none removes borders around text and other objects.

a formats links. color: #1565C0 sets the text color to be a dark blue.

!important overrides any more specific directives that may exist unless they also have the !important tag.

Feel free to contact me if there are other CSS attributes that would improve night mode. I am generally inclined to only include tags that work across a large range of websites. After the CSS is applied, there is a 500 millisecond delay before the WebView is displayed. In my testing that is sufficient time for the night mode CSS to be rendered and prevents the brief flashing of a white background when the site is first displayed. However, the time may need to be increased for some devices, especially those with slower processors.

The About and Guide activities have been reworked so that the dark theme displays them in the same way that night mode displays normal websites.

It is now possible to visit websites that require HTTP authentication.

The View SSL Certificate dialog now color codes the Domain and the Common Name. If they match the text will be blue. If they do not match it will be red.

Francesco Buratti provided an updated Italian translation and Jose A. León Becerra provided an updated Spanish translation.

The next release of Privacy Browser will feature several refinements to the bookmarks interface.


User Agent Problems

Some websites don’t work well if they don’t recognize the user agent. Much has been written about how browser detection is a flawed system, but some websites still do it. For Privacy Browser, this means that if the default user agent of PrivacyBrowser/1.0 is used, some aspects of certain websites won’t work because the web server doesn’t have PrivacyBrowser/1.0 on the list of user agents that it knows can run a specific feature, so the webserver doesn’t even try to do it, even though Privacy Browser is perfectly capable of handling the feature.

So, for example, doesn’t allow the user to log on if the user agent is PrivacyBrowser/1.0. Also, the Google Play Console doesn’t layout correctly if it doesn’t recognize the user agent.


WebView Default


WebView Default

Setting a user agent in domain settings that the website recognizes, like WebView Default, resolves the issue.

Privacy Browser 2.5

Privacy Browser 2.5 has been released. It adds support for SSL certificate pinning in the domain settings. There is also a new Guide tab to explain the feature, which contains the following text:

When visiting an encrypted URL (one that begins with HTTPS), the webserver uses an SSL certificate to both encrypt the information sent to the browser and to identify the server. The purpose of the server identification is to prevent a machine located between the browser and the webserver from pretending to be the server and decrypting the information in transit. This type of attack is known as a Man In The Middle (MITM) attack. SSL certificates are generated by certificate authorities: companies that verify a server’s identity and produce a certificate for a fee. Android has a list of trusted certificate authorities, and will accept any of their certificates for any website. It isn’t supposed to be possible for an organization to acquire an SSL certificate for a domain they do not control, but in practice many governments and large corporations have been able to do so.

The purpose of SSL certificate pinning is to tell the browser that only one specific SSL certificate is to be trusted for a particular domain. Any other certificate, even if it is valid, will be rejected.

SSL certificates expire on a specified date, so even pinned SSL certificates will legitimately need to be updated from time to time. As a general rule, pinning SSL certificates probably isn’t needed in the majority of cases. But for those who suspect that powerful organizations may be targeting them, SSL certificate pinning can detect and thwart a MITM attack.

SSL certificates can be pinned in Domain Settings. Besides protecting against MITM attacks, pinning a self-signed certificate for a device like a wireless router or access point will remove the error message that is normally presented every time its website is loaded. was added to the list of default search engines, and the list was reorganized so that the privacy conscious search engines are listed before the others.

The default homepage has been updated to, which works with both JavaScript enabled or disabled. This change will only affect new installations of Privacy Browser. Current users can chose to update their homepage if desired. The Onion site, https://3g2upl4pq6kufc4m.onion, is still broken when using the center search box unless JavaScript is enabled. Those who use this functionality might consider adding their voices to the Reddit thread on this topic.

A bug was fixed that caused the website title to be lost on rotate (and in some other circumstances). The website title is used when sharing a URL.

The options menu now indicates (via ghosting) if there is any DOM storage data that can be cleared. Previously, the entry was always enabled because WebView does not provide an easy way to tell if DOM storage data exists.

In the previous release, unencrypted websites were highlighted with a bold, red “http://” at the beginning of the URL. At the request of a user, the bold was removed and it is now just red text.

A bug was fixed that caused a URL to fail to load if a custom domain user agent was applied and the website performed a redirect on load. Another bug was fixed that caused changes a the website (like the sorting of a list) to be lost if Privacy Browser was moved to the background or otherwise restarted. Many small improvements were made to the Domains activity that should provide a smoother user experience.

Francesco Buratti provided an updated Italian translation and Jose A. León Becerra provided an updated Spanish translation.

The next release of Privacy Browser will enable HTTP authentication requests and implement a night mode.

DuckDuckGo Search Problems

There is currently a problem with searching using the search box in the center of the screen on both and https://3g2upl4pq6kufc4m.onion when JavaScript is disabled.

Searching from the URL bar works correctly. I have reported this bug to DuckDuckGo in two places. If they are not able to fix it soon I may have to do something different with the default homepage.

In the meantime, users can work around the problem by using as the homepage if JavaScript is disabled, or using a domain setting to enable JavaScript for * or 3g2upl4pq6kufc4m.onion.

Privacy Browser 2.4

Privacy Browser 2.4 has been released. It adds a dark theme option. Originally I planned to do a completely black theme for AMOLED devices. However, as I worked on it, I didn’t like the way the black theme looked. Instead, I decided to go with a dark theme, which works well in low light scenarios.

If there is significant demand, I would consider adding a black theme as a third option. However, the effort to create and maintain the theme is significant, especially when supporting earlier versions of Android, which don’t allow tinting of certain icons, requiring separate drawables for each theme. I think the power saving difference on an AMOLED screen between the dark theme and a black theme is not likely to be significant enough to justify the effort.

Because of the way Android is (currently) designed, Privacy Browser has to be restarted for a change in theme to take effect.

The domain name is now printed in black while the rest of the text is printed in gray.

For websites that aren’t encrypted, the “http://” is displayed in red, bold text. Unencrypted websites are very bad for privacy, and in this day and age there is no excuse to run an unencrypted webserver, so whenever you visit a website that is unencrypted it is a warning to you that the website operators don’t understand what they are doing or don’t take your privacy seriously.

Settings were added to control what happens on Clear and Exit. If all of these are disabled, Clear and Exit will close Privacy Browser but leave all data intact.

The default homepage on new installs was changed to When JavaScript is enabled, now has an annoying popup that appears every time cookies are deleted. Note that there is a bug in and https://3g2upl4pq6kufc4m.onion that cause JavaScript-disabled searches to fail. If DuckDuckGo isn’t able to fix this problem soon I may have to do something else with the default homepage.

When clearing cookies, DOM storage, or form data from the options menu, the snackbar now has an undo option.

A bug was fixed that caused pending webpage changes to be lost on restart. Also, a problem with the spinner layout on some Huawei devices was fixed.

An updated Italian translation was provided by Francesco Buratti and an updated Spanish translation was provided by Jose A. León Becerra.

The major planned feature for the next release is SSL certificate pinning.

Privacy Browser 2.3

Privacy Browser 2.3 has been released. It fixes a longstanding bug that caused redirects to be included in the WebView history. This made it difficult to use the back button to return to the previous website if there was one (or more) redirects that led to the current page.

A feature has been added to disable the loading of images to conserve bandwidth. There is a general system settings, an on-the-fly setting, and controls in domain settings.

The WebView has been changed to use a wide viewport, which fixes the layout of some web pages. For example, prior to the fix, XKCD comics would extend beyond the viewable area of the page.

It is now possible to load host only URLs. Previously, if the URL text box did not contain a FQDN (Fully Qualified Domain Name) or the word localhost a search would be performed. With this change any text that begins with http:// or https:// will be loaded as a URL. This removes the previous behavior of loading any text that contained localhost as a URL, which means that a search can now be performed from the URL text box that contains the term localhost.

The settings activity now contains icons next to each preference, which in many cases change color based on the status of the item.

The web page title is now prepended to the URL when shared through the options menu. The third-party cookies preference is now disabled on KitKat in the settings activity because it only works on Lollipop or newer. It had previously been hidden from the options menu and domain settings. Refresh has been moved to the bottom of the options menu to make it easier to find.

As usual, an updated Italian translation was provided by Francesco Buratti and an updated Spanish translation was provided by Jose A. León Becerra.

The next release of Privacy Browser will contain a dark theme option as well as several other features from the high priority list.

Updated Priorities in the Issue Tracker

I updated the priorities of the issues in Redmine to match the February 2017 roadmap. The priorities carry the following meanings.

  • High applies to the first half of the 2.x series.  All these will be implemented (except for those waiting on a third-party fix) before the addition of the READ_EXTERNAL_STORAGE and WRITE_EXTERNAL_STORAGE dangerous permissions.
  • Medium applies to the second half of the 2.x series. All these depend on the addition of these dangerous storage permissions. I expect to begin work on these issues in the second half of 2017.
  • Low applies to the 3.x and 4.x series. I would expect 3.0 to be released sometime in 2018.

In general, my design philosophy is to polish off one set of features before moving on to the next set. This is why, for example, there are several issues relating to polishing the bookmarks and domain settings included in the high priority. Not taking time to polish existing features, but constantly rushing on to the next hot thing, is what leads to the morass of poor software that assaults us from almost all sides.

In deciding which order to implement features, I am guided by the following general principles.

  1. Implement privacy features first.
  2. Implement those that are quick and easy before those that will require significant investment.
  3. Prioritize items that are most important to users within the framework of 1 and 2.

From time to time I hear from users, including my wife, who wonder why tabbed browsing is pushed all the way back to version 3. The answer is that the tabbed browsing I intend to implement is quite complicated and will require a large amount of coding. It will also require a lot of work to make sure that the privacy features apply correctly to each of the tabs, especially when each tab has different settings. It makes sense to me to postpone it until after the privacy related features in the 2.x series, which are quicker to implement, have been completed.

Privacy Browser 2.2

Privacy Browser 2.2 has been released. At the request of a user, an Incognito Mode was added, which deletes the cache and history after each webpage loads. This provides protection against someone acquiring a user’s device and being able to see which websites they have visited. Incognito Mode is disabled by default.

The JavaScript enabled and JavaScript disabled search options have been combined into one entry. This better facilitates how these functions work now that Domain Settings have been added to Privacy Browser. For example, a user could set JavaScript to be disabled by default, but create a domain setting for that enables JavaScript. Setting the search engine to DuckDuckGo - JavaScript enabled will make it so that typing a search query in the URL bar will load the JavaScript enabled version of DuckDuckGo independent of the JavaScript settings in effect when the search is performed.

The erroneous sections of an SSL error message are now displayed in red.

A user reported that the cache was not being deleted on their device on Clear and Exit. It turns out LineageOS created a custom WebView and did something to break its ability to clear the cache. Clear and Exit now requests that WebView clear its cache and then follows up by manually deleting the cache directory.

A 25% font zoom option was added. A bug was fixed that caused proxying through Orbot to not remove the “Connecting to Orbot” message if the homepage was blank. Torch was removed as a suggested Tor search engine because it doesn’t support HTTPS. A bug was fixed that caused both the Find on Page search bar and the URL bar to be displayed if the Find on Page search bar was displayed during a resume of Privacy Browser.

Privacy Browser now displays the Orbot version (if installed) and the APK package signature in About, Version.

The privacy policy has been updated to revision 1.4.

A Domain Settings tab was added to the Guide.

The list of ad servers from has been updated. An updated Italian translation was provided by Francesco Buratti and an updated Spanish translation was provided by Jose A. León Becerra.

The next release of Privacy Browser will likely address problems rendering on some pages, an option to disable downloading of images on webpages, and a dark theme option.

Privacy Browser 2.1

Privacy Browser 2.1 has been released. It fixes a crash on load introduced in version 2.0.1 if the homepage was set to be blank. When working with blank homepages, I also changed the default behavior so that the URL text box is selected and the keyboard is automatically displayed.

A bug was fixed that prevented Privacy Browser from loading localhost URLs. This was caused because Patterns.WEB_URL.matcher was used to determine if the input text was a URL or a search term. Patterns.WEB_URL.matcher does not consider localhost to be a WEB_URL. The fix causes all entries that contain localhost to be loaded as a URL. This creates a new problem if someone is searching for a string that contains localhost. The workaround is to perform these searches directly on the website of a search engine instead of using the URL text bar.

Another bug was fixed that prevented URLs loaded from the URL text bar to load correctly if they contained special characters like : or =. This was caused because the special characters were not being correctly encoded in UTF-8.

The website favorite icon is now reset to the default every time a new domain is loaded. This prevents websites like Evercookie from displaying the favorite icon from the previous domain.

As the most common reason for tapping the URL text bar is to type a new URL, the entire text is now selected when tapped. A second tap will allow editing of the URL. A double tap will provide options for cut, copy, and paste.

The order of the items in the main options menu have been changed so that the options that (I believe) are used least frequently are at the bottom. This is so that users with small screen devices don’t have to scroll as often.

The green highlight that indicates custom domain settings are applied now has rounded corners, which makes it look a little more polished. The URL loading progress bar now goes all the way across the screen instead of being constrained to the width of the URL text box.

As usual, an updated Italian translation was provided by Francesco Buratti and an updated Spanish translation by Jose A. León Becerra. Privacy Browser currently doesn’t have a German translator, so the German translation is getting increasingly out of date. Please contact me if you would like to volunteer as a German translator (or as a translator for any other language).

The next release will continue the work of winnowing down the list of open bugs and feature requests.