Jump to content

Search the Community

Showing results for tags 'mozilla'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 87 results

  1. Facebook Container 2.0 for Firefox blocks Facebook's third-party site tracking Mozilla announced a big privacy push yesterday on the official site. The organization revealed that Firefox's Tracking Protection would be enabled by default for non-private browser windows for new and existing users to improve user privacy and minimize tracking. Mozilla published an updated version of its Facebook Container add-on for Firefox on June 4, 2019 as well which improves user privacy significantly. Facebook Container was released in March 2018 officially to separate activity on Facebook from other web activity. Mozilla launched a Container test pilot experiment in 2017 to find out if there was interest for a container-based solution to contain sites in containers. The organization launched the Multi-Account Container add-on which gives Firefox users the tools at hand to create containers of their own. Facebook Container is designed specifically for Facebook: official Facebook pages are loaded in a container to make it more difficult for Facebook to generate user profiles using third-party data. The main difference to Multi-Account Container is that Facebook Container prevents sites that are not on the allow list from being loaded in the container. It is more set-and-forget, and does not offer many customization options. A handful of cool add-ons are available by third-parties that extend Firefox's container functionality. The add-on Block sites outside container may be used to block sites from running outside designated containers and to allow sites to be run in multiple containers, Temporary Containers creates and deletes containers automatically while you use the browser. Facebook Container 2.0 for Firefox Facebook Container 2.0 improves the tracking protection of the extension further by targeting Facebook scripts on third-party sites. Today, we’re releasing the latest update for Facebook Container which prevents Facebook from tracking you on other sites that have embedded Facebook capabilities such as the Share and Like buttons on their site. The new version of Facebook Container blocks Facebook scripts on third-party sites by default. Note that the blocking affects only active scripts; the Facebook button here on this site is passive and does not submit any data to Facebook on page load. The new version of Facebook Container works for signed-in and anonymous users. Mozilla notes that the blocking makes it more difficult for Facebook to create so-called Shadow Profiles which contain data about users who are not on Facebook or data that cannot be linked to an existing Facebook user. Firefox adds a purple fence badge to Facebook elements that it blocked on third-party websites. The very same blocking icon is also displayed when you load Facebook pages directly; this time it is displayed in the Firefox address bar. Facebook, Instagram, and Messenger are loaded in the container by default. The coloured underline of the container tab in Firefox's tab bar remains as it has before to indicate that the tab was loaded in a container. Facebook Container does not impact functionality on first-party Facebook websites. All features should work on these sites just like before. The container may limit functionality on third-party sites, especially if these sites embed Facebook content or use Facebook's login system. Closing Words Facebook Container 2.0 improves the effectiveness of the Firefox add-on significantly by taking care of Facebook scripts on third-party websites. Source: Facebook Container 2.0 for Firefox blocks Facebook's third-party site tracking (gHacks - Martin Brinkmann)
  2. Ad giant's site slurping tech complicates web security model, could give more power to search engines and social networks, Firefox maker warns Mozilla has published a series of objections to web packaging, a content distribution scheme proposed by engineers at Google that the Firefox maker considers harmful to the web in its current form. At its developer conference earlier this month, Google engineers talked up the tech, which consists of several related projects – Signed Exchanges, the web packaging format and changes to the fetch specification – that allow website resources to be packaged and cryptographically signed for redistribution by third parties. Making websites portable, Google contends, facilitates more efficient delivery, easier sharing and offline access. "With [web] packaging, the model for loading web pages changes from today's model, which we all understand, where the browser requests a page from an origin server, to a new model where developers create a signed package that contains the page," explained Ben Galbraith, senior product director at Google, during Google I/O. "And the browser can load it from anywhere, even potentially other peer devices. And this can enable privacy-safe preloaded models because the data to fetch the package doesn't go back to the origin server. And it gives the browser tremendous flexibility to preload pages more of the time." Mozilla developers have fretted about the potential security consequences for several years because it complicates the same-origin policy that limits how resources (e.g. scripts) loaded in one origin (domain) can interact with resources associated with a different origin. 'Constrained' "At its core, origin substitution enables a fundamental change to the way the web works," Mozilla says in its position paper. "Content is no longer constrained to follow connections to origins, where that content is produced and where it is obtained can become completely decoupled." The Firefox maker worries that allowing aggregators to host content for others opens new security risks, for example a scenario in which an attacker compromises a server key or obtains a certificate through fraud, for the purpose of creating unauthorized or malicious content for the targeted origin. Given that said content may be cached or stored multiple places, there would be a time lag of several days between certificate revocation and the invalidation of malicious distributed web packages. Mozilla nonetheless appears to be optimistic that more robust security measures can be put in place. The company also voices several other concerns about the risk of reduced personalization arising from the pressure to keep package sizes small, the security cost of added complexity, the performance cost imposed by signed exchanges and the storage overhead for publishers and aggregators. While further refinements may be able to overcome the cited technical concerns, Mozilla remains unconvinced web packaging is good for the web. "The question remains about whether this fundamental change to the way that content is delivered on the web represents a problematic shift in the power balance between actors," the browser maker muses. "We have to consider whether aggregators could use this technology to impose their will on publishers." This is Mozilla wondering whether web packaging will just make Facebook and Google more powerful as content distributors and kingmakers. Given the way other technologies and market choices have affected the balance of power online – Google's Accelerated Mobile Pages, Facebook Login, Google Search ranking changes, browser market share, and the like – Mozilla wants the implications of web packaging explored further before it signs on. "The increased exposure to security problems and the unknown effects of this on power dynamics is significant enough that we have to regard this as harmful until more information is available," the company concludes. The Register asked Mozilla to elaborate on its position but the company declined. Google did not respond to a request for comment. Source
  3. Firefox users worldwide experienced something in the past couple of days that should never have happened; users with installed add-ons noticed that all of their installed browser extensions were disabled suddenly in the browser. Firefox notified users that add-ons could not be verified and were disabled as a consequence. Mozilla introduced a security concepts called add-on signing in Firefox 48. The system required the signing of browser extensions so that they could be installed in Firefox. Extensions without certificate or working certificate can't be installed in Firefox; while there are some options to bypass the requirement, loading add-ons temporarily or disabling the signing requirement in development versions of Firefox, it is enforced on the stable channel. What Mozilla needs to do The very first thing is obvious: the issue needs to be fixed for all users involved. Mozilla distributes a patch via the Shield service to Firefox Stable, Dev and Nightly. The organization revealed that Firefox ESR and Android versions need separate fixes. Mozilla should be very transparent about the issue and explain why it happened, and how the organization plans to avoid similar issues in the future. In particular, users would probably like to know how such a critical issue could happen in first place. Going forward, Mozilla needs to change the system to make sure that something like this never happens again. Obviously, if you are working with certificates, you need to make sure that they renew in time. Better, in my opinion, is an updated system that never blocks or disables extensions installed by the user unless they are blacklisted by Mozilla. In other words: a certificate issue, especially one where the error is caused on Mozilla's side of things, should never lead to users losing access to their extensions. Mozilla could implement a system that bypasses certificate checks on the user's request if certificates cannot be verified for whatever reason. A prompt stating that "extension could not be certified, do you want to continue running it" would give the user control over the situation and avoid another PR disaster. While that would mean giving users back some control over the extensions that they run on their devices, it would ensure that users could keep on using installed browser extensions even if certificates cannot be checked. Now you: How should Mozilla react in your opinion? Source: What Mozilla needs to do now (after cert add-on disabling disaster) (gHacks - Martin Brinkmann) Poster's notes: This topic is about what Mozilla could do to make sure the extension problem doesn't recur. Please use this other topic for discussion about fixes, patches, workarounds, etc... https://www.nsaneforums.com/topic/343073-your-firefox-extensions-are-all-disabled-thats-a-bug/
  4. Mozilla wants Apple to change users' iPhone advertiser ID every month Change will make it harder for advertisers to build exhaustive profiles on iOS users. Mozilla has launched a petition today to get Apple to rotate the IDFA unique identifier of iOS users every month. The purpose of this request is to prevent online advertisers from creating profiles that contain too much information about iOS users. IDFA stands for "IDentifier For Advertisers" and is a per-device unique ID. Apps running on a device can request access to this ID and relay the number to advertising SDKs/partners they use to show ads to their users. As experts from Singular, a mobile marketing firm explain, "IDFAs take the place of cookies in mobile advertising delivered to iOS devices because cookies are problematic in the mobile world." IDFAs are different from UDIDs, which stand for "unique device identifiers," which are permanent and unchangeable device identifiers. Apple added support for IDFAs specifically to replace UDIDs, which many apps were collecting for all sorts of shady reasons, enabling pervasive tracking of iOS users. Apple now blocks apps on modern iOS versions from accessing the UDID number, which is now considered a sensitive ID and access to it is limited to Apple and a few selected parties. Instead, app makers that need a way to track users for advertising/monetization purposes are encouraged to use the IDFA identifier instead, which Apple allows users to change or turn off, in cases where users want to prevent ad tracking altogether.shortcode MOZILLA: APPLE SHOULD CHANGE IDFAS AUTOMATICALLY "Most people don't know that feature even exists, let alone that they should turn it off," said Ashley Boyd, VP Advocacy, Mozilla Foundation, in regards to users' ability to disable the IDFA identifier. Image: Apple Today, Boyd and the Mozilla Foundation have started a petition to raise signatures in an attempt to convince Apple to implement further privacy-minded changes to the IDFA system. Mozilla wants Apple to change the IDFA for all users every month automatically. The reasoning is that this will protect the privacy of iOS users who didn't know that they could disable or change the IDFA whenever they wanted. "You would still get relevant ads - but it would be harder for companies to build a profile about you over time," Boyd said. "If Apple makes this change, it won't just improve the privacy of iPhones - it will send Silicon Valley the message that users want companies to safeguard their privacy by default," Boyd added. Users who'd like to help convince Apple in taking another step towards improving the privacy of iOS users can sign Mozilla's petition here. Source
  5. However much you love your chosen web browser, you have probably enhanced its capabilities through the use of add-ons. Finding decent, reliable add-ons can be tricky, and this is why Mozilla is launching the Recommended Extensions program. This editor-curated program will surface the very best vetted extensions for Firefox, and it is due to roll out in stages later this summer. Mozilla says that any extensions it recommends through the program will be highlighted across its portfolio of websites and products, including addons.mozilla.org (AMO) and on Firefox's Get Add-Ons page. The company is already identifying extensions it likes the look of, and will soon be reaching out to developers. Changes should be seen on AMO around June. When an extension is chosen, it will be badged to make it easier to identify as a recommendation. Mozilla also says that AMO search results and filtering will be weighted higher toward Recommended extensions In a blog post, Mozilla's Scott DeVaney explains how extensions will be selected for inclusion in the program: Editorial staff will select the initial batch of extensions for the Recommended list. In time, we’ll provide ways for people to nominate extensions for inclusion. When evaluating extensions, curators are primarily concerned with the following: Is the extension really good at what it does? All Recommended extensions should not only do what they promise, but be very good at it. For instance, there are many ad blockers out there, but not all ad blockers are equally effective. Does the extension offer an exceptional user experience? Recommended extensions should be delightful to use. Curators look for content that’s intuitive to manage and well-designed. Common areas of concern include the post-install experience (i.e. once the user installs the extension, is it clear how to use it?), settings management, user interface copy, etc. Is the extension relevant to a general audience? The tightly curated nature of Recommended extensions means we will be selective, and will only recommend extensions that are appealing to a general Firefox audience. Is the extension safe? We’re committed to helping protect users against third-party software that may—intentionally or otherwise—compromise user security. Before an extension receives Recommended status, it undergoes a security review by staff reviewers. (Once on the list, each new version of a Recommended extension must also pass a full review.) Participation in the program will require commitment from developers in the form of active development and a willingness to make improvements. More details will emerge in the coming months. Source
  6. Karlston

    Firefox Send

    Firefox Send is a website anyone can use free of charge to transfer files. Links to the files can be set to expire in a week or less, and downloads can be limited in number. Mozilla Mozilla today debuted a free file-sharing service that works with - but doesn't require - Firefox and touted the service's security and privacy traits. "Send uses end-to-end encryption to keep your data secure from the moment you share to the moment your file is opened," wrote Nick Nguyen, Mozilla's vice president of product strategy. "You can [also] choose when your file link expires, the number of downloads, and whether to add an optional password for an extra layer of security." Firefox Send, formerly one of the experiments run under Mozilla's now-defunct Test Pilot program, is not an app but a website that anyone can use free of charge. Firefox Account holders - accounts are used to synchronize saved bookmarks and passwords to browsers on multiple devices - are given an edge in that they can upload files as large as 2.5GB to the service. Non-account holders are limited to 1GB uploads. Users set each file's download limit - from 1 to 100 downloads - and the download link's expiration, which can range from five minutes to seven days. After uploading the file, the user is given a link to share with others; said link can be shared via email, text or collaboration app. Upon expiration, the link won't operate; instead, the recipient's browser displays "This link has expired." That same message appears if the download count has already been reached. Users can also password-protect the download links as an additional level of security. However, the download limits and expiration do not apply to the file that is downloaded, only to the link. Thus the file, once downloaded, can be copied at will; nor does the downloaded file magically delete itself at the end of the expiration period. For its part, Mozilla explained how it handles files uploaded to Send in this privacy document. "By default, files are stored for a maximum of either 24 hours or 7 days," the notice read. "If you choose a download cap, the file can be deleted from our server sooner." Unlike storage, sharing and syncing services such as Box, Dropbox or OneDrive, Firefox Send doesn't integrate with the device's operating system. It doesn't even integrate with Firefox; users must create a bookmark to send.firefox.com to avoid manually entering the address in a browser. Mozilla also said that a beta version of an Android app version of Firefox Send would be available later this week. Source: Mozilla launches free in-browser (any browser) file-sharing service (Computerworld - Gregg Keizer)
  7. The Firefox browser maker plans to work with Scroll, a news subscription service that charges a flat monthly fee for access to ad-free news from a variety of publishers. Magdalena Petrova/IDG Mozilla will collaborate with the news subscription service Scroll in yet another exploration of separating online advertising from content, the two companies said this week. Scroll, which has yet to officially launch, contends that its business model - a flat monthly fee for reading ad-free news from a variety of publishers - can deliver more revenue to those publishers than they can now reap through traditional on-page advertising. The startup, which has been funded by media organizations such as the New York Times and several venture capital firms, has proposed a $5 per month subscription that will give readers ad-free content to anything not behind a publication-specific paywall. (Scroll will not, for instance, give readers more accessibility to the New York Times than the paper allows people free of charge each month; the news stories, however, will not be accompanied by ads when viewed through Scroll's apps.) Nearly 30 media companies have partnered with Scroll to test the service, in large part to determine whether Scroll's revenue claims are valid. The publications include The Atlantic, USA Today and BuzzFeed. The two companies offered scant details about the planned partnership. "We've moved to a more formal collaboration where we're going to be working together to understand consumer attitudes and interest around alternative funding models and consumer-driven ad-free experiences," Scroll wrote in a Feb. 25 post to its blog. Scroll added that it and Mozilla had been in discussions since late 2018. Mozilla declined to answer questions about the collaboration, including what form that would take within Firefox, Mozilla's open-source browser. Instead, a press representative pointed to a Feb. 4 blog post written by Denelle Dixon, the organization's COO. "There needs to be a profitable revenue ecosystem on the web in order to create, foster and support innovation," Dixon said before adding, "We need to go after the real cause of our online advertising dysfunction by helping publishers earn more than they do from the status quo." That last was probably a reference to Mozilla's plans with Scroll, since it mimicked the latter's pitch to publishers. Mozilla has experimented widely with alternatives to on-page online ads, both as important features and functionality within Firefox and as additional revenue streams for its browser expenses. It has tried and abandoned in-browser ads of its own, for example, dabbled with ad eliminators and instituted aggressive blocking of cross-site tracking that it calls "Enhanced Tracking Protection." That last has not yet been switched on by default within Firefox. The next Firefox update, to version 66, is scheduled for release March 19. The browser has clawed back from yet another brink, reaching a 9.9% user share in January after falling below 9% in November 2018. Source: Mozilla partners with news subscription startup to try and separate web ads from content (Computerworld - Gregg Keizer)
  8. Firefox browser maker Mozilla published an Anti-Tracking policy recently that defines which tracking techniques Firefox will block by default in the future. The organization launched Tracking Protection, a feature to block or restrict certain connections, in 2014, and revealed in 2015 that Tracking Protection would reduce page load times by 44% on average. Tracking Protection launched in Firefox Stable for non-private browsing windows along a new feature called tailing in November 2017 with the release of Firefox 57. Mozilla revealed plans in mid-2018 to push Tracking Protection in Firefox and the Anti-Tracking policy is an important milestone of the process. Mozilla's plan is to implement protection in the Firefox web browser against all practices outlined in the anti-tracking policy. Tracking Protection relies on Disconnect lists currently to identify trackers. Mozilla defines tracking in the following way in the document: Tracking is the collection of data regarding a particular user's activity across multiple websites or applications (i.e., first parties) that aren’t owned by the data collector, and the retention, use, or sharing of data derived from that activity with parties other than the first party on which it was collected. In short: if user activity data is collected and stored, used or shared by third-parties, it is tracking. Mozilla plans to block certain tracking practices. Outlined in the policy are the following types: Cookie-based cross-site tracking -- Cookies and other storage types may be used by third-parties to track users on the Internet. See Firefox new Cookie Jar policy. URL parameter-based cross-site tracking -- Another cross-site tracking practice that relies on URLs instead of cookies to pass on user identifiers. The organization highlights other tracking practices that Firefox's tracking protection won't block from the get-go but might in the future: Browser fingerprinting -- Sites may use data provided by the browser during connections or by using certain web techniques to create user fingerprints. Supercookies -- Also known as Evercookies. Refers to storage used for tracking that is not cleared automatically when a user clears the browsing history and data. See this list of caches that Firefox uses. Firefox won't block techniques described above if they "lower the risk of specific user harm". Mozilla highlights two scenarios where this is the case: When the techniques improve the security of client authentication. To prevent the creation of fraudulent accounts or completion of fraudulent purchases. Closing words Mozilla will implement protection against the outlined forms of tracking in future versions of Firefox. The organization's plan to tackle tracking and not advertisement in its entirety is different from the ad-blocking approach that Opera Software or Brave are pursuing. Ad-blocking takes care of tracking practices automatically by blocking certain content from executing on web pages. I like Mozilla's approach to tracking as a webmaster as it does not block advertising outright and speed up the death of sites like mine. As a user, I think it would only have any chance of being effective if advertising companies like Google would get their act together and a) start to limit tracking and b) deal with malvertising and advertisement that is very taxing to system resources. Source: Mozilla publishes Anti-Tracking Policy (gHacks - Martin Brinkmann)
  9. Facebook has been no stranger to controversy and scandal over the years, but things have been particularly bad over the last twelve months. The latest troubles find Mozilla complaining to the European Commission about the social network's lack of transparency, particularly when it comes to political advertising. Mozilla's Chief Operating Officer, Denelle Dixon, has penned a missive to Mariya Gabriel, the European Commissioner for Digital Economy and Society. She bemoans the fact that Facebook makes it impossible to conduct analysis of ads, and this in turn prevents Mozilla from offering full transparency to European citizens -- something it sees as important in light of the impending EU elections. Dixon calls on the Commission to raise its concerns with Facebook, and to put pressure on the social network to make it Ad Archive API publicly available. Mozilla believes that the inability to conduct analysis of ads "prevents any developer, researcher, or organization to develop tools, critical insights, and research designed to educate and empower users to understand and therefore resist targeted disinformation campaigns". The letter is written as both Mozilla and the European Commission try to battle fake news and misinformation online. Dixon writes: She goes on to complain: In calling for the API to be made public, Dixon says that "transparency cannot just be on the terms with which the world’s largest, most powerful tech companies are most comfortable". While Mozilla has been in talks with Facebook about the matter, Dixon makes it clear that it has been "unable to identify a path towards meaningful public disclosure of the data needed", hence calling on the Commission for help. Source
  10. Prevent Facebook from tracking you around the web. The Facebook Container extension for Firefox helps you take control and isolate your web activity from Facebook. What does it do? Facebook Container works by isolating your Facebook identity into a separate container that makes it harder for Facebook to track your visits to other websites with third-party cookies. How does it work? Installing this extension closes your Facebook tabs, deletes your Facebook cookies, and logs you out of Facebook. The next time you navigate to Facebook it will load in a new blue colored browser tab (the “Container”). You can log in and use Facebook normally when in the Facebook Container. If you click on a non-Facebook link or navigate to a non-Facebook website in the URL bar, these pages will load outside of the container. Clicking Facebook Share buttons on other browser tabs will load them within the Facebook Container. You should know that using these buttons passes information to Facebook about the website that you shared from. Which website features will not function? Because you will be logged into Facebook only in the Container, embedded Facebook comments and Like buttons in tabs outside the Facebook Container will not work. This prevents Facebook from associating information about your activity on websites outside of Facebook to your Facebook identity. In addition, websites that allow you to create an account or log in using your Facebook credentials will generally not work properly. Because this extension is designed to separate Facebook use from use of other websites, this behavior is expected. What does Facebook Container NOT protect against? It is important to know that this extension doesn’t prevent Facebook from mishandling the data that it already has, or permitted others to obtain, about you. Facebook still will have access to everything that you do while you are on facebook.com, including your Facebook comments, photo uploads, likes, any data you share with Facebook connected apps, etc. Rather than stop using a service you find valuable, we think you should have tools to limit what data others can obtain. This extension focuses on limiting Facebook tracking, but other ad networks may try to correlate your Facebook activities with your regular browsing. In addition to this extension, you can change your Facebook settings, use Private Browsing, enable Tracking Protection, block third-party cookies, and/or use Firefox Multi-Account Containers extension to further limit tracking. What data does Mozilla receive from this extension? Mozilla does not collect data from your use of the Facebook Container extension. We do receive the number of times the extension is installed or removed. Learn more Other Containers Facebook Container leverages the Containers feature that is already built in to Firefox. When you enable Facebook Container, you may also see Containers named Personal, Work, Shopping, and Banking while you browse. If you wish to use multiple Containers, you’ll have the best user experience if you install the Firefox Multi-Account Containers extension. Learn more about Containers on our support site. Known Issues When Facebook is open and you navigate to another website using the same tab (by entering an address, doing a search, or clicking a bookmark), the new website will be loaded outside of the Container and you will not be able to navigate back to Facebook using the back button in the browser. NOTE: If you are a Multi-Account Containers user who has already assigned Facebook to a Container, this extension will not work. In an effort to preserve your existing Container set up and logins, this add-on will not include the additional protection to keep other sites out of your Facebook Container. If you would like this additional protection, first unassign facebook.com in the Multi-Account Container extension, and then install this extension. What version of Firefox do I need for this? This extension works with Firefox 57 and higher on Desktop. Note that it does not work on other browsers and it does not work on Firefox for mobile. If you believe you are using Firefox 57+, but the install page is telling you that you are not on a supported browser, you can try installing by selecting or copying and pasting this link. (This may be occurring because you have set a preference or installed an extension that causes your browser to obscure its user agent for privacy or other reasons.) How does this compare to the Firefox Multi-Account Containers extension? Facebook Container specifically isolates Facebook and works automatically. Firefox Multi-Account Containers is a more general extension that allows you to create containers and determine which sites open in each container. You can use Multi-Account Containers to create a container for Facebook and assign facebook.com to it. Multi-Account Containers will then make sure to only open facebook.com in the Facebook Container. However, unlike Facebook Container, Multi-Account Containers doesn’t prevent you from opening non-Facebook sites in your Facebook Container. So users of Multi-Account Containers need to take a bit extra care to make sure they leave the Facebook Container when navigating to other sites. In addition, Facebook Container assigns some Facebook-owned sites like Instagram and Messenger to the Facebook Container. With Multi-Account Containers, you will have to assign these in addition to facebook.com. Facebook Container also deletes Facebook cookies from your other containers on install and when you restart the browser, to clean up any potential Facebook trackers. Multi-Account Containers does not do that for you. Report Issues If you come across any issues with this extension, please let us know by filing an issue here. Thank you! ----- Release Notes: This release also asks for permission to clear recent browsing history, so we can improve its protection and its integration with Multi-Account Containers. 83ae8bf fix #183: Can't search Google/other sites with string "fbclid". Add-on's Permissions: This add-on can: Access your data for all websites Clear recent browsing history, cookies, and related data Monitor extension usage and manage themes Access browser tabs ----- Homepage/Download https://addons.mozilla.org/en-US/firefox/addon/facebook-container/
  11. Thunderbird continues to be one of the most advanced email clients available for download on desktop platforms, and despite Mozilla originally planning to give up on the app, the company now wants to improve it substantially with updates released during the course of 2019. In an announcement published a few days ago, Mozilla says one of the areas where the development team would focus is making the application substantially faster. “This is an area where I think we will see some of the best improvements in Thunderbird for 2019, as we look into methods for testing and measuring slowness – and then put our engineers on architecting solutions to these pain points. Beyond that, we will be looking into leveraging new, faster technologies in rewriting parts of Thunderbird as well as working toward a multi-process Thunderbird,” Mozilla Community Manager Ryan Sipes explained in a blog post. Support for Windows 10 notification system Additionally, Mozilla says it wants Thunderbird to be more beautiful but also to support modern operating systems, including Windows 10. As a result, the email app will integrate the built-in notification system, in an effort to make Thunderbird feel more native on the desktop. At the same time, Mozilla wants Thunderbird to get support for the modern Gmail experience that’s already available on the web. “One area of useability that we are planning on addresssing in 2019 is integration improvements in various areas. One of those in better GMail support, as one of the biggest Email providers it makes sense to focus some resources on this area. We are looking at addressing GMail label support and ensuring that other features specific to the GMail experience translate well into Thunderbird,” Sipes explained. At this point, there’s no ETA as to when major updates would begin shipping, but it’s pretty clear that 2019 is going to be a busy year for the development team. source
  12. But there's a lot of security issues to think about first Combining online and offline could lead to security settings not listed here A CONSORTIUM of developers is looking for a way that will allow users to edit locally saved files in web apps. The grou, led by teams from Google Chrome and Mozilla Firefox, has a few hurdles to overcome before we can even think about this sort of thing as "normal", because exposing offline files to the internet is fraught with danger. At the moment, users need to upload files, edit them and download them again to minimise the risk of dodgy payloads getting a free pass to your hardware. It's one of the reasons that Microsoft still offers native versions of the Office suite, not just the Office 365 versions. Pete LePage, a developer advocate for Google explains the problem of creating a Writable Files API: "Today, if a user wants to edit a local file in a web app, the web app needs to ask the user to open the file. Then, after editing the file, the only way to save changes is by downloading the file to the Downloads folder, or having to replace the original file by navigating the directory structure to find the original folder and file. "This user experience leaves a lot to be desired, and makes it hard to build web apps that access user files." But, he adds that the potential for abusing such a feature is huge, and could even lead to websites with access to your private documents: "The Writable Files API must be designed in such a way as to limit how much damage a website can do, and make sure that the user understands what they're giving the site access to." The W3C Web Incubator Community Group (WICG) is the team working towards finding a safe implementation, and are currently looking at options for security. As well as hidden code, there's also the risk of so-called "super-cookies" which could give the website permanent access to the locally held file. WICG is currently canvassing feedback as it works on the API, and hopes that the hive mind will come up with the right security protocols and permissions, and if there should be any limitations on the types of files that can be made writable. Source
  13. Mozilla is bringing support for Google's WebP image format to Firefox 65. The WebP image format was created by Google as a modern format designed for displaying images on the web. "WebP lossless images are 26% smaller in size compared to PNGs. WebP lossy images are 25-34% smaller than comparable JPEG images at equivalent SSIM quality index." states Google. Popular browsers such as Chrome, Opera, and Edge already support the WebP image format and with the release of version 65, Firefox will as well. Unfortunately, even with Firefox 65, WebP support is not currently enabled by default as can be seen when you go to Google's WebP gallery. WebP not enabled in Firefox 65 To enable WebP support in Firefox, you need to go to the about:config page and set the image.webp.enabled setting to true using the following instructions. In the Firefox address bar enter about:config and press enter. A page will open stating that "This might void your warranty!". Click on the "I accept the risk!" button. 3. To enable WebP, search for webp and when the image.webp.enabled setting appears, double-click on it to set its value to true. Once WebP is enabled, Firefox will be able to properly render WebP images as shown below. While the decision to use the WebP image format is dependent on the particular image, one thing is clear; the more image formats that a browser supports is only better for the end user. Source
  14. There are many problems with web advertising in general, including annoying features like autoplay video ads and pop-ups and also problems like “click fraud” which matter to advertisers. This essay will however be focusing on the privacy issues with some of the kinds of ads that Google produces and the history behind them, and why Larry/Sergey didn’t consider them when buying DoubleClick for example. Also discussed is Mozilla and how they are involved (like in the Google/Mozilla search deal), including Brendan Eich who created JavaScript that eventually left Mozilla to found Brave. There is also the difficulty of solving these issues, which will also be discussed. Of course, advertising is not limited to the web and there are often many benefits and risks (like deceptive advertising) to advertising in general, most of which will not be discussed here. The history of Google and its advertising will be discussed first. Google was founded in 1998 by Larry Page and Sergey Brin while at Stanford, and took VC funding from KP and other partners. Google was founded with the search engine (with the PageRank algorithm) as the first product, but later added products like Gmail. Eric Schmidt was bought in as CEO in 2001 and recently left but are still on the board. Google IPOed in 2004, using dual class stock for example. The first kind of ads that Google did was AdWords, dating back to 2000. AdWords was based on search keywords, and the text ads were displayed at the top of the search results (labelled as ads) and were relatively simple. Typically the highest bidder was shown, and the advertiser paid Google when the user clicked on the ads. AdWords involved relatively little tracking at least initially and will not be mentioned much here. At this time Google was also taking a stand against popup ads. AdSense was ads shown on webpages themselves, based on JavaScript. It was invented in 2003. AdSense at least initially was based on keywords on webpages themselves (which Google fetched from its cache for example), which advertisers could bid on. Like with AdWords, Google and websites gets paid when users click on the ads. It also involved little tracking at least initially. Google bought DoubleClick in 2008. DoubleClick was invented in 1995. It made more sophisticated ad tracking via cookies and the like famous (which was often called “retargeting”), and the problems will be described here. DoubleClick themselves called its product “Dynamic Advertising Reporting and Targeting” at one point for example. Initially DoubleClick was mostly banner ads, and many users developed so-called banner-blindness from these ads. Cookies were itself invented in Netscape in 1994, and the IETF group that developed RFC 2109 and 2965 already know that tracking with “third-party cookies” were a problem (and it was mentioned in these RFCs). Those attempts at IETF cookie standards ultimately failed partly because they were incompatible with current browsers, and led to RFC 6265 that is closer to how cookies are implemented in browsers today. It also led to W3C P3P which was famously implemented in IE6, which also of course failed (partly because it was too complex) and was removed from Windows 10 but was an attempt to get the tracking under control. Google bought Urchin in 2005, turning it into Google Analytics. Urchin was founded in 1998. Initially its product was to analyze web server log files, with JavaScript tags being added in Urchin 4 (called “Urchin Traffic Monitor”). The hosted version based entirely on JavaScript that was created later was initially called “Urchin on Demand” and was introduced in 2004. Of course, the original software that was sold receive little attention once Google bought it and it became Google Analytics and it was discontinued in 2012. One problem with the ads is tracking. The current economy is a debt-based economy based on consumption. The more money advertisers can extract from consumers, the more they are willing to spend on ads. This results in tracking getting creepier and creepier, and encourage consolidation of data for example. Most of the ad tracking is called “retargeting” and it is often based on cookies and JavaScript, and DoubleClick was one of the first to do it. All ads encourages consumption by definition, but tracking ads are particularly bad for these reasons. For example, DoubleClick has cross-device retargeting introduced in 2015. Of course, it is limited to logged-in users tracking via the user account at least initially (which any websites can do), but it illustrated the trend. Google changed the privacy policy to allow Google accounts to be used for such logged-in user tracking in 2016. Recently Google signed an agreement with MasterCard to obtain credit card sales data. Of course, credit cards directly ties an increase in debt to consumer spending, which in turn can go to Google as ad dollars. According to http://adage.com/article/digital/google-turns-behavioral-targeting-beef-display-ads/135152/, “In December 2008 Google added DoubleClick cookies to AdSense ads”, tying the DoubleClick cookie-based tracking (dating long before Google bought it) to AdSense. I assume that AdSense tracking probably did not exist before Google bought DoubleClick. Google Analytics added AdWords and AdSense support in 2009. In 2012, Google changed its privacy policy to allow data to be consolidated, which was also very controversial. In 2014, Google Analytics integrated with DoubleClick, allowing things like remarketing lists to be shared according to https://analytics.googleblog.com/2014/05/google-analytics-summit-2014-whats-next.html. Remarketing lists are basically lists of website visitors that can be uniquely identified by things like cookies, and it is one of the ways of targeting ads to users. It can probably be assumed that sharing remarketing lists basically ties the tracking together. Sharing of Google Analytics remarketing lists with AdWords was introduced in 2015, along with linking of Google Analytics and AdWords “manager” accounts, according to https://adwords.googleblog.com/2015/11/share-google-analytics-data-and.html. “Google Analytics 365” came in 2016, according to https://analytics.googleblog.com/2016/03/introducing-google-analytics-360-suite.html. Remarketing lists for search ads was introduced in 2012 and was tied to Google Analytics in 2015 (though not all data from Google Analytics can be used). It allowed different search ads to be targeted to different visitors based on cookie-based tracking on websites (with sites using special tags for this purpose). For example, you can show different search ads to visitors that visit the site every day. Of course, users often has little control and benefit over storage of user data and ad retargeting by trackers too, especially when many parties are involved. This was mentioned during the Google/DoubleClick acquisition for example. Of course, some provides more control than others, such as AdChoices for example. AdChoices was an attempt at self-regulation for ad publishers, and used an icon to indicate that data was being collected. You can click the icon to display the privacy policy for the ads or opt-out of ad targeting. It was not the same as blocking ads completely though, and did not solve all of the problems of ads either. There was also an attempt at a Do-Not-Track HTTP header, which was probably too simple (and thus was also very vague in its meaning) and there was no guarantee that a site would comply either obviously since it was just an HTTP header (IE11 enabling it by default was also controversial and Windows 10 no longer does so by default). Some of the problems with the opt-out methods are similar to the problems of a national “do not email” registry proposed in the US CAN-SPAM Act of 2003 for spam messages, and such lists to “opt out” of spam are widely considered to be unacceptable in general. Even “opt-out” or “unsubscribe” links in spam is widely considered untrustworthy for obvious reasons, though legitimate mailing lists will also have them. That idea came from the similar “do not call” registry for telephone marketing (to stop annoying marketing phone calls which were considered more annoying than spam of course), but email and internet advertising ended up being very different from telephone calls making these laws difficult to enforce. It is far easier to send an email than to call someone for example, and email is also more difficult to trace to the origin especially given that the Internet is global. FTC has a report at https://www.ftc.gov/reports/can-spam-act-2003-national-do-not-email-registy-federal-trade-commission-report-congress describing these problems (it was a report to Congress that was required by CAN-SPAM), including the possibility that such a list can be abused by spammers for example. “Closed-loop opt-in” using confirmation emails for mailing lists on the other hand is widely accepted, but it is not mentioned in CAN-SPAM. One example includes the tracking of “opt-out” using cookies in things like AdChoices, which themselves can be used for other purposes obviously. There are some reasons why these problems were not apparent (for example to Larry/Sergey) when Google bought DoubleClick, or when remarketing lists was shared, or for that matter when Urchin became Google Analytics and the data was merged with ad data. The difficulty of researching things like the tying of remarketing lists during the writing of this essay shows some of the problems. It seems that no one cared about the privacy implications when remarketing lists in AdSense and DoubleClick was shared for example. In many cases, advertisers managed “remarketing” lists of “anonymous” visitors that was being tracked by cookies from a central console without thinking of the privacy problems, treating visitors almost as numbers. This ties in with the idea of treating people as “consumers” to be extracted from that are also fundamentally flawed. Another example of this is AOL that famously made it difficult to cancel at one point, partly because measuring “customer loyalty” as numbers to be extracted from consumers was part of their culture. To make it worse, they once charged consumers by the time spent on AOL, so the longer they stay the more revenue they made. The Google-DoubleClick acquisitions was also controversial, with EPIC, CDD and US PIRG for example filing complaints with the FTC in April 2007, a “first supplement” to the complaint in June 2007, and a “second supplement” in September 2007. There was also a Senate hearing on Sept 27, 2007 with testimonies from a variety of sources regarding that issue. One of the concerns back then was aggregation of tracking data and lack of control by users, though other issues unrelated to ads like storage of IP addresses by search engines were also mentioned. Ultimately it took the FTC until the end of 2007 to approve the deals, after a “second request”. Before the Google-DoubleClick acquisition, DoubleClick was once planned to merge with Abacus. FTC blocked the merger because of the privacy problems and it never happened. Abacus Direct seems to be a market researching company targeting consumer buying behavior. As a result, Abacus had a lot of personal info about consumers, and there were concerns that this data could be merged with DoubleClick data and may be used to deanonymize them. In 2012, Jonathan Mayer discovered that Google used some tricks in JavaScript to allow tracking in Safari. It involved how Google was able to bypass cookie blocking policy in Safari by using an invisible form to fool Safari into allowing cookies. FTC fined Google $22.5 million over this behaviour, and more recently there has been lawsuits about it in the UK. There has been also a class action lawsuit about this in the US. Google argued the tracking was unintentional at the time and that it was related to Google+ “Plus” buttons on DoubleClick ads (for logged-in users I believe). It is probably worth mentioning here that a lot of these kind of buttons (like Facebook’s Like buttons, to name another example) do their own tracking too (they generally worked by using IFRAMEs to the website involved), and this has been well known for years. For example, according to https://www.technologyreview.com/s/541351/facebooks-like-buttons-will-soon-track-your-web-browsing-to-target-ads/ Facebook started using the tracking Like buttons to target ads in 2015. I think the Facebook-WhatsApp acquisition story is also famous by now BTW, including how they eventually allowed data sharing between the two (presumably after years of losses). It is worth mentioning how even the WhatsApp founders now recommend deleting Facebook (especially after the Cambridge Analytica debacle). Now, let’s discuss Mozilla. Brendan Eich was the creator of JavaScript at Netscape when it was invented in 1995 and was the CTO of Mozilla Corporation from 2005 to 2014. After he stepped down from Mozilla in 2014 (just after he became CEO and after bad publicity stemming from his political donations about things like gay marriage), he was one of the founders of Brave with its Basic Attention Token etc. Andreas Gal joined Mozilla in 2008 and was the CTO from 2014 until 2015 when he left Mozilla. Mozilla signed the Google search deal in 2004, before Google even IPOed (let alone things like DoubleClick). Mozilla switched to a Yahoo search deal in late 2014 (by then the search engine was based on MS’s Bing I think), which was part of Marissa Mayer’s attempt to fix Yahoo before it was sold to Verizon. Recently Mozilla switched back to Google as the default search engine. BrendanEich mentioned in https://twitter.com/BrendanEich/status/932747825833680897 that “It's not a simple Newtonian-physics (or fake economics based on same) problem.” This was about the history of the Google search deal with Mozilla and the fact that it was signed before Google IPOed (when it was being funded by VCs). It is worth mentioning here that Google was founded in 1998 when the now famous dot-com bubble was at the peak and VC funding was common (allowing many startups to grow fast which was considered more important than profits). Many other dot-com startups at the time had problems and ended up failing when the bubble collapsed around 2001. It is worth mentioning that the DoubleClick acquisition dates back to 2007 which was just before the housing bubble famously collapsed leading to another recession, and that bubble probably started just after the dot-com bubble. BrendanEich mentioned in https://twitter.com/BrendanEich/status/932473969625595904 that “A friend said in 2003 that Sergey declared G would not acquire display ads & arb. Search vs. Display as that would be “evil”.”, before Google even IPOed (in 2004). Unfortunately no other source was given. It was mentioned on Twitter that Firefox OS enabled tracking protection by default unlike desktop Firefox. It was mentioned in https://twitter.com/andreasgal/status/932757853504339968 that “Yup. I was able to sneak that past management”. I then asked “I wonder if you ever talked to Larry/Sergey.” and Brendan then answered that Andreas didn’t of course. I wonder what would have happened if they did. https://pagefair.com/blog/2017/gdpr_risk_to_the_duopoly/ has some information on the effect of EU GDPR on Google ads. Notice that AdWords comply if all “personalization” features are removed for example. This included things like “remarketing”. I suspect that AdWords when it was first created in 2000 did not have these features. Other features like “remarketing lists for search ads” are also listed as not compliant, which was of course probably added later too. There was also the infamous cookie law that required notification for placing cookies, which was not that effective but a major step in the direction given that most ad tracking (including DoubleClick) were based on cookies. Google’s implementation of GDPR caused some concerns with publishers (http://adage.com/article/digital/tensions-flare-google-publishers-gdpr-looms/313592/), and some publishers blocked EU IP addresses in response to GDPR. Data breaches are also a problem. The AOL search data breach from 2006 is pretty famous. The data was “anonymized” but the search terms was often enough to deanonymize users. Ad tracking data is likely similar, including browsing history and the like. Anonymizing data is a useful technique to avoid accidental abuse, but some kinds of data are hard to anonymize in a way that prevent all abuse. For example, various techniques for anonymizing IP addresses and MAC addresses has been developed, including hashing and truncation. Of course, the more data that is consolidated and collected, the higher the risk and impact of a breach. Of course, it is worth noting that Google/DoubleClick isn’t the only one involved in the ad bubble (though DoubleClick was one of the first to do ad tracking I think). I think Taboola is often considered even worse than Google for example. The same fundamental problems with tracking however tends to apply to all of the ad networks. Some of the worse ones may use browser fingerpointing via things like JavaScript, which is even worse than the tracking via cookies that is most commonly used. Browser fingerpointing is generally difficult to prevent on the browser side, but it is so famous that the WHATWG HTML spec mentions it and marks the parts of the spec where there is a risk. For example the list of browser plugins (navigator.plugins in JavaScript) could be used at one point (in Firefox it used not to be sorted so it would be unique for each user, which made the fingerpointing even easier), but fortunately plug-ins are dying off anyway because of other problems. EFF created Panopticlick which illustrated some of the fingerpointing that was possible, and other examples that became famous included Evercookie by Samy Kamkar. To make things worse, many plugins like Flash had their own cookies as well (though browsers have been getting better at clearing them). It is also worth noting that the current tracking ads are not the only kind of web advertising. There are so-called “first-party” and “third-party” ads and cookies. Example of first-party ads includes Twitter and Reddit ads. Example of third-party ads includes DoubleClick and Taboola ads. First-party ads don’t have the issues described here. Recently, Google’s ad blocking and “better ads” (including so-called Better Ad Alliance) involves annoying ads, but don’t fix the fundamental issues described here. Apple’s ad blocking targets retargeting by limiting the life of cookies for example (making them less effective for tracking), but does not change the display of ads or make ads less annoying (for example, autoplay video ads are pretty famous as well, especially with Flash). Now, fixing the problems might be difficult. Obviously it would affect not only shareholders but pretty much everyone else if Google completely got rid of tracking ads. This includes sites depending on Google ads for revenue as well as Google itself. One example here is that both Microsoft and Novell used Client Access Licenses (CALs). CALs (called node licenses by Novell I think) are per user or per computer licenses common in server software like NetWare and Windows Server. Of course, when Novell moved to Linux, it was open source software that didn’t have CALs (Like with Red Hat, the company only paid for support) meaning that Novell could not expect the same level of revenue as in the NetWare days (they moved to Linux by buying SUSE). The story about Sun’s open source projects and Jonathan Schwartz (the former “ponytail” CEO), and how they eventually had to sell to Oracle is probably pretty famous as well (some examples of open source projects from that period included OpenSolaris, OpenOffice, and OpenJDK). The ad bubble will probably not last forever though. Bubbles like this one is part of the problem of the current debt-based economy (the main problem is that it allows almost infinite amounts of “debt” in US dollars since we got off the gold standard in 1971, including most commonly government debt), especially it encourage extracting as much money as possible from so-called “consumers” (another example is Adobe Creative Cloud subscriptions and how Adobe’s stock price rose after it was implemented). Google in 2015 hired Ruth Porat as CFO to bring financial discipline to Google. This included cutting unprofitable projects, especially “Google X” research projects and failed projects like Google Glass. According to https://www.bloomberg.com/news/features/2016-12-08/google-makes-so-much-money-it-never-had-to-worry-about-financial-discipline, one of the things they did was “to force the Other Bets to begin paying for the shared Google services they used”. It is probably reasonable to suspect that the increase in ad revenue due to DoubleClick etc is part of why they were able to start so many of these projects in the first place. One recent example is the recent changes in pricing of of Google Maps, mentioned in https://www.inderapotheke.de/blog/farewell-google-maps For Mozilla, a good example to illustrate the problems with funding browser development is the Opera browser. It was founded in 1995 in Norway. First browser was released in 1996. It IPOed in 2004. The browser used its own engine and it had a lot of unique features, like relatively good CSS support early on (unlike Netscape 4 at the time which famously had relatively poor support and was a problem for web developers for years). At first it was officially a paid browser with a trial version (like Netscape was before 1998), but later they used ads (choices included banner ads or text-based Google ads) for non-paying customers. They eventually signed a search deal with Google which removed the ads and instead just used Google as the default search engine (like Mozilla’s). Of course, there wasn’t much profit margin in a web browser, and so they had to cut costs to keep stocks and quarterly earnings going up (so planning for the future was difficult for example). It was strong in the mobile world before WebKit became dominant there though (before things like iPhone and Android and when things like WML was common) and may still be strong in some embedded applications, with products like Opera Mini that was basically remote rendering of web pages (useful when devices had less processing power). Opera never had much market share (though it had plenty of fans back in the day), and in the end Opera had to switch to Chromium (with the Blink engine) instead of their own engine and codebase in the desktop browser (though they did release last updates for the old one that included for example TLS enhancements). Opera was eventually sold to a Chinese consortium, which eventually renamed the company Otello. The founders eventually started the Vivaldi browser, which is also based on Chromium/Blink but has many differences. In contrast, the Mozilla Foundation was created as a non-profit organization in around 2003 as the old Netscape was dying off with AOL’s help (AOL bought Netscape in 1998 BTW). It owns a for-profit Mozilla Corporation for tax reasons (non-profits are not subject to taxes that for-profits have in the US). I think the corporation owns the search deals like Yahoo and Google for example. You can still donate to the Mozilla Foundation today. Mozilla Firefox 1.0 was released in 2004 after the Foundation was created (and after the branded Netscape 6/7 releases) and quickly took market share from the dominant IE6 that was stagnating the web (by being virtually unchanged for a long time without any real development) and was also well known for security problems like the Download.Ject attacks. MS was forced to respond with IE6 in Windows XP SP2 which in addition to security enhancements also added a few features like pop-up blocking and IE7 which finally bought real enhancements to the core engine that help web developers (especially in places like CSS). The old Netscape search deal with Google dates back to 1999 (obviously Netscape.com was Netscape’s home page at the time), and the success of the deal probably inspired the later Google search deal that Mozilla did. One alternative to the current tracking ads is called Basic Attention Token. Basic Attention Token is based on the Ethereum cryptocurrency and blockchain (this is like Bitcoin but it is GPU minable for example using a different algorithm and it is one of the most popular GPU minable coins). It was created by the Brave browser, which supports it directly. It is intended to “directly measure” attention. “Attention” is measured on the client side (based on local browser history) and tokens are rewarded for them (called “basic attention metrics”), eliminating the privacy issues. This is often called a “zero-knowledge proof”. There are also other benefits like reducing so-called “click fraud” that hurts advertisers that is a common problem with current ads and removing the need for intermediaries that do tracking like DoubleClick and Taboola (so advertisers also gets more of the money too since they don’t have to pay them). Many other kinds of tokens and “smart contracts” has been created on Ethereum, and so-called initial coin offerings (ICOs) has been the most common use of Ethereum (helping the price to rise). Of course, there is little to no regulation for them at the moment which results in many scam ICOs too (they tends to raise money very quickly, partly since it is so easy to give coins to them). There are also systems for paying authors directly like Patreon, though it is also trivial to use PayPal or cryptocurrencies for this purpose (though also harder to donate). Patreon allow money to be “pledged” to specific authors. There are also many kinds of “paywalls” implemented on websites, many of which has their own problems like relying on cookies to track how many times people visited a site (to limit the number before the user have to pay of course) or making it difficult to post links on Slashdot, Reddit, and Hacker News that often dislike paywalls for obvious reasons (though some are better than others). Of course, the problems described in the essay as well as other problems of ads (including annoyance and performance cost of ads) led to more use of ad blockers, which also have their own history. Banner ad blindness has also been known for years now, and Google’s ads tends to be simple text-based ads at least initially. One of the first type of blocking was popup blockers, and Google was taking a stand against popups in the early days (they were well known to be annoying). They became common in browsers by the mid-2000s (even IE6 in XP SP2 had them). At one point circa 2002, AOL/Netscape was disabling the popup blocker from Netscape-branded Mozilla releases (at one time there was the Mozilla source code/binaries and the official Netscape-branded builds based on the Mozilla source). Of course after user backlash they backed off from doing so. This was long before Google bought DoubleClick for example. Later more sophisticated ad and cookie blockers like AdBlock Plus and uBlock Origin came out as add-ons to browsers like Firefox, and one is built into Brave of course (along with BAT as a replacement for the lost ad revenue). Many other browsers have also similar tracking protection including Firefox and IE, but they just disable them by default and may require that ad blocking lists (such as EasyList) be manually loaded. Of course, some sites has been attempting to detect ad blockers and ask users to turn them off (even Ars Technica did it at one point though it only lasted one day), which is also ineffective and not a good idea for obvious reasons (including the fact that it reflects badly on the sites that are doing it). Lawsuits against ad blockers was also tried in some countries, which was obviously mostly unsuccessful (like a lawsuit against AdBlock Plus in Germany by publishers there). Source
  15. Mozilla gives back to the Tor Project after it embedded multiple Tor Browser features into Firefox. Mozilla will be matching all donations made to the Tor Project until the end of the year, the Tor Project announced today. The announcement came as the Tor Project launched this week its scheduled end-of-year donations campaign through which the organization supplements its next year's budget. This is the second year in a row that Mozilla has agreed to match Tor Project donations. Last year, the Tor Project raised $200,000 from user donations, and with Mozilla's contribution, that number went to $400,000. With last year's funds, the Tor Project was able to fund a huge facelift of the Tor Browser for Desktop, but also release a dedicated Tor Browser for Android. With funds that it will gather this year, the Tor Project promised today to: Increase the capacity, modularization, and scalability of the Tor network, making improvements and integrations into other privacy and circumvention tools easier and more reliable; Better test for, measure, and design solutions around internet censorship, allowing people around the world living under repressive governments to access the open web safely and privately; and Strengthen our development of Tor Browser for Android, now in alpha, and make sure it's in tip top shape to reach the rising number of people around the world who only access the internet from a mobile device which may have low bandwidth and a costly connection. Mozilla and Tor Project are tied at the hip The Tor and Mozilla organizations are deeply interconnected. While most people already know that the Tor Browser is a privacy-hardened version of Mozilla's Firefox browser working on the Tor Project's Tor and Onion protocols, the connection goes both ways, and Firefox is also hugely dependent on the Tor Browser as well. Since 2016, Mozilla developers have been siphoning privacy-hardening features developed originally for the Tor Browser and integrating them into Firefox, as part of an internal project named Tor Uplift. For example, the Tracking Protection feature that Mozilla enabled for all users yesterday, with the release of Firefox 63, was actually initially based on a list of known user fingerprinting domains that the Tor Project was maintaining to block inside the Tor Browser. Mozilla integrated that list into Firefox 48, and later developed into the more complex Enhanced Tracking Protection feature that it launched yesterday. But that was only the beginning. Another Tor Browser feature landed in Firefox 52, with the addition of a second anti-fingerprinting technique that prevented websites from identifying users based on their OS fonts. This process later continued in Firefox 55 when Mozilla added a Tor Browser feature known as First-Party Isolation (FPI), which worked by separating cookies on a per-domain basis, preventing ad trackers from using cookies to track users across the Internet. Another Tor Browser feature was also added in Firefox 58. Just like in Firefox 52, Mozilla engineers integrated another Tor Browser anti-fingerprinting technique, but this time one that prevented websites from tracking users via the HTML5 canvas element. The connection between the two projects was more than visible again in Firefox 60, which included a feature developed at the request of the Tor Project, whose developers wanted a simple method to disable Firefox Sync in their browser, to prevent users from accidentally syncing Tor browsing data to Mozilla's servers. It's for these reasons that Mozilla has matched Tor Project donations in 2017 and 2018, and will most likely continue to do so in the foreseeable future. Upcoming Tor Uplift plans include Mozilla engineers adding support in Firefox for blocking sites from fingerprinting users via VP8 and VP9 codecs, via the AudioContext API, and support for preventing Firefox from loading user details (username, emails, real names) into the operating system RAM. Source
  16. Mozilla will start the test of a commercial VPN offering tomorrow for a subset of users in the United States. The organization has not created its own VPN network but partnered up with the Swiss VPN provider ProtonVPN to use the established network of the provider. The test starts on October 22, 2018 in the United States for a sample of users of Firefox 62. Only some users who use Firefox 62 in the United States will be invited to participate in the test. There is no surefire way to be selected for the test as criteria for selection are quite diverse. Users who connect to an Open (unencrypted) wireless network, visit privacy focused websites, or streaming sites, may see the recommendation by Firefox. The recommendation highlights the basics behind a VPN, that Mozilla selected ProtonVPN as the partner for the test, and the price of the subscription. The price of the subscription matches the price that users pay for a monthly ProtonVPN subscription when they subscribe directly on the ProtonVPN website. It is unclear whether Firefox users will have the opportunity to pay yearly to get the $2 per month discount on the monthly price that ProtonVPN offers. Firefox users should get access to ProtonVPN Plus when they subscribe. Details are a bit scarce but it seems that the subscription gives Firefox users access to a full VPN that they run on the system and not just in the browser. ProtonVPN's Plus plan can be run on five devices, includes all security features, and gives users access to all countries. Mozilla analyzed VPN services to find the best suitable partner for the VPN offer in Firefox. The organization selected ProtonVPN for a number of reasons that include (according to Mozilla) Strong security practices to make sure that the provider offers excellent protection against hacking attempts. That the VPN service does not store or log information about the browsing of its users. That the VPN provider follows the same mission as Mozilla: to improve data safety and security on the Web. Article Source: gHacks Technology News
  17. Mozilla plans to change the updating logic of Firefox by removing the option to block updates from the browser's user interface and from about:config. Current stable versions of the Firefox web browser support three states when it comes to checking for and installing updates in the web browser. The default setting checks for updates automatically and installs them immediately when found. The second state checks for updates but requires user interaction to start the installation of the update, and the third state disables update checking entirely in the browser. Firefox users can open about:preferences#general in the browser and scroll down to the Firefox Updates section to manage update settings in the Firefox browser. Firefox users could also set the preference app.update.enabled on about:config to false to disable update checks in the browser. Mozilla plans to change the updating logic of Firefox by removing the third option from the browser's user interface and from about:config. The organization does not mention explicitly how it plans to deal with Firefox installations that are set to never check for updates. It seems likely that the setting will be switched to "check but don't install" automatically, but that is not mentioned explicitly anywhere. Firefox users who have set the browser to never check for updates should verify which setting is enabled after upgrading to version 63. Firefox 63 is scheduled to release in October 2018. Why is Mozilla making the change? The bug listing on [email protected] highlights that the option is "easy to enable and forget about", and that it "contributes to orphaned users" and "exposes users to severe security issues". The new method The feature won't be removed entirely, however. The recently introduced policy engine provides an option to block updates in Firefox entirely. Firefox users and system administrators have two options to use policies. They can create a policies.json file manually and fill it with appropriate policies, or use the excellent Enterprise Policy Generator instead. Just install the extension in the Firefox web browser and open its settings with a click on the icon. Locate Updates & Data Collection and check the policy "Prevent Firefox from updating". The policy requires Firefox ESR 60 or higher, or Firefox 62 or higher. The add-on creates a policy file that you need to place in the distribution folder of the Firefox installation. Additional information about policy support is available here. Closing Words While it is generally not recommended to disable the installation of updates, it should be up to the user to make that decision in my opinion. Yes, it would be great if all users would run the latest version of Firefox but users have multiple reasons for not wanting to update. While it is more difficult to block update checking entirely in Firefox, an option to do so still exists even in Firefox 63 and future versions released after Firefox 63. Now You: How do you handle updates in Firefox? (via Deskmodder / Sören Hentzschel) Source PS-2: The current Mozilla devs should understand that if the browser updates are good without ruining the features/non-buggy, most users would update even if check for updates are set to never check. PS-1: It is very sad about Mozilla & Firefox development in the recent months - Very Worse and Worrying Changes! "Real Mozilla Firefox" Fans should improvise Waterfox/Palemoon/push to continue Cyberfox developments or should try to create a better Gecko browser instead of Chromium/Qt engine.
  18. In Changing Our Approach To Anti-Tracking, Mozilla revealed plans to improve the privacy protection of Firefox users and the performance of the browser through the improved implementation of content blocking in the web browser. Firefox will protect users by blocking tracking by default and improve performance at the same time according to Mozilla. We reviewed the new content blocking options that Mozilla tests in Firefox Nightly currently already in July. The new feature, called Content Blocking in Nightly, integrates Firefox's long standing feature Tracking Protection and other content blocking options, and makes these more accessible in the browser. Mozilla launched Tracking Protection in 2014 in Firefox Nightly but enabled it for Private Browsing only in Firefox 42. Two years later, Firefox users could enable Tracking Protection for regular browsing sessions as well. Competing browsers introduced ad-blocking and content blocking functions of their own. Brave browser with its block-all approach, Opera browser with its integrated ad-blocking feature, and even Google launched a content blocker in Chrome to block advertisement on sites that use certain ad formats the company deems undesirable. Mozilla's privacy push in Firefox Mozilla plans to test and implement several privacy-improving features in the Firefox browser in the coming months. A new blog post on the official Mozilla blog highlights three key areas of importance. Page Load Performance improvements thanks to the blocking of slow-loading trackers. Blocking storage access and cookies from third-party tracking content. Blocking harmful practices such as crypto-currency mining or fingerprinting. Starting in Firefox 63 and dependent on a Shield study that Mozilla plans to run in September, Firefox will block slow-loading trackers automatically for all users in all browsing modes. Any tracker with a loading time of 5 seconds or longer is classified as a slow loading tracker by Firefox. Mozilla has high hopes that the blocking of slow loading trackers will improve the performance for Firefox users. In Firefox 65, Mozilla plans to strip cookies from third-party tracking content and block storage access provided that a Shield study in September will yield satisfactory results. Last but not least, Firefox will block harmful scripts and practices by default . Mozilla did not reveal a target version for the implementation only that it will land in a future version of the web browser. Firefox Nightly users can test the content blocking functionality right now already. Current versions of Nightly display content blocking options in the preferences and when users click on the information icon next to the site's address in the address bar. Current options allow users to block slow loading trackers, all detected trackers, and third-party cookie trackers or all third-party cookies. The content blocking functionality supports exceptions to allow certain sites to run identified trackers, e.g. to avoid site breakage. Is it enough? Firefox will block some forms of tracking in the near future and that is definitely a good thing. Some may question why Mozilla makes a distinction between slow-loading trackers and all trackers in Firefox, and why Firefox does not block all trackers automatically by default. One possible explanation for that is that blocking all trackers may prevent certain pages from loading correctly. Still, with Google not being able to implement full-scale ad-blocking in Chrome, it is an area that Firefox could really outshine Google Chrome if implemented correctly. The blocking of slow-loading trackers may be beneficial to privacy as well, but it is first and foremost an attempt to improve the performance of Firefox since any other tracker that is not slow-loading is still loaded by default. Now You: What would you like to see in Firefox in this regard? Source
  19. A team of Belgian researchers discovered privacy issues in how browsers, ad-blocking, and anti-tracking implementations handle third-party cookie requests. A team of Belgian researchers from KU Leuven analyzed third-party cookie policies of seven major web browsers, 31 ad-blockers and 14 anti-tracking extensions and discovered major and minor issues in all of them. Major issues include Microsoft Edge's unwillingness to honor its own "block only third-party cookies" setting, bypasses for Firefox's Tracking Protection feature, and use of the integrated PDF viewer in Chrome and other Chromium-based browsers for invisible tracking. Cookie requests can be sorted into two main groups: first-party requests that come from the address listed in the address bar of the browser and third-party requests that come from all other sites. Advertisement displayed by websites makes use of cookies usually and some of these cookies are used for tracking purposes. Internet users can configure their browsers to block any third-party cookie requests to limit cookie-based tracking. Some browsers, for instance Opera or Firefox, include ad-blockers or anti-tracking functionality that is used in addition to that. Anti-tracking mechanisms have flaws The research paper, "Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies", detailed information about each web browser, tests to find out if a browser is vulnerable to exploits, and bug reports are linked on the research project's website. The researchers created a test framework that they used to verify whether "all imposed cookie- and request-policies are correctly applied". They discovered that "most mechanisms could be circumvented"; all ad-blocking and anti-tracking browser extensions had at least one bypass flaw. In this paper, we show that in the current state, built-in anti-tracking protection mechanisms as well as virtually every popular browser extension that relies on blocking third-party requests to either prevent user tracking or disable intrusive advertisements, can be bypassed by at least one technique The researchers evaluated tracking protection functionality and a new cookie feature called same-site cookies that was introduced recently to defend against cross-site attacks. Results for all tested browsers are shown in the table below. The researchers tested the default configuration of Chrome, Opera, Firefox, Safari, Edge, Cliqz, and Tor Browser, and configurations with third-party cookie blocking disabled, and if available, tracking protection functionality enabled. Tor Browser is the only browser on the list that blocks third-party cookies by default. All browsers did not block cookies for certain redirects regardless of whether third-party cookies were blocked or tracking protection was enabled. Chrome, Opera and other Chromium-based browsers that use the built-in PDF viewer have a major issue in regards to cookies. Furthermore, a design flaw in Chromium-based browsers enabled a bypass for both the built-in third party cookie blocking option and tracking protection provided by extensions. Through JavaScript embedded in PDFs, which are rendered by a browser extension, cookie-bearing POST requests can be sent to other domains, regardless of the imposed policies. Browser extensions for ad-blocking or anti-tracking had weaknesses as well according to the researchers. The list of extensions reads like the who is who of the privacy and content blocking world. It includes uMatrix and uBlock Origin, Adblock Plus, Ghostery, Privacy Badger, Disconnect, or AdBlock for Chrome. The researchers discovered ways to circumvent the protections and reported several bugs to the developers. Some, Raymond Hill who is the lead developer of uBlock Origin and uMatrix, fixed the issues quickly. At least one issue reported to browser makers has been fixed already. "Requests to fetch the favicon are not interceptable by Firefox extensions" has been fixed by Mozilla. Other reported issues are still in the process of being fixed, and a third kind won't be fixed at all. You can run individual tests designed for tested web browsers with the exception of Microsoft Edge on the project website to find out if your browser is having the same issues. Closing Words With more and more technologies being added to browsers, it is clear that the complexity has increased significantly. The research should be an eye opener for web browser makers and things will hopefully get better in the near future. One has to ask whether some browser makers test certain features at all; Microsoft Edge not honoring the built-in setting to block third-party cookies is especially embarrassing in this regard. (via Deskmodder) Now You: Do you use extensions or settings to protect your privacy better? Source
  20. Mozilla removed today 23 Firefox add-ons that snooped on users and sent data to remote servers, a Mozilla engineer has told Bleeping Computer today. The list of blocked add-ons includes "Web Security," a security-centric Firefox add-on with over 220,000 users, which was at the center of a controversy this week after it was caught sending users' browsing histories to a server located in Germany. Mozilla follows through on the promised investigation "The mentioned add-on has been taken down, together with others after I conducted a thorough audit of [the] add-ons," Rob Wu, a Mozilla Browser Engineer and Add-on review, told Bleeping Computer via email. "These add-ons are no longer available at AMO and [have been] disabled in the browsers of users who installed them," Wu said. "I did the investigation voluntarily last weekend after spotting Raymond Hill's (gorhill) comment on Reddit," Wu told us. "I audited the source code of the extension, using tools including my extension source viewer." "After getting a good view of the extension's functionality, I used webextaware to retrieve all publicly available Firefox add-ons from addons.mozilla.org (AMO) and looked for similar patterns. Through this method, I found twenty add-ons that I subjected to an additional review, which can be put in two evenly sized groups based on their characteristics. "The first group is similar to the Web Security add-on. At installation time, a request is sent to a remote server to fetch the URL of another server. Whenever a user navigates to a different location, the URL of the tab is sent to this remote server. This is not just a fire-and-forget request; responses in a specific format can activate remote code execution (RCE) functionality," Wu said. "Fortunately, the extension authors made an implementation mistake in 7 out of 10 extensions (including Web Security), which prevents RCE from working." "The second group does not collect tab URLs in the same way as the first group, but it is able to execute remote code (which has a worse effect), This second group seems like an evolved version of the first group, because the same logic was used for RCE, with more obfuscation than the other group. "All of these extensions used subtle code obfuscation, where actual legitimate extension functionality is mixed with seemingly innocent code, spread over multiple locations and files. The sheer number of misleading identifiers, obfuscated URLs / constants, and covert data flows left me with little doubt about the intentions of the author: It is apparent that they tried to hide malicious code in their add-on." Wu reported these issues to fellow Mozilla engineers, who not only removed the add-ons from the Mozilla website, but also disabled them inside users' browsers. "Although I could have taken down the extensions myself (as a add-on reviewer at AMO), I did not do so, because just taking down the listings would prevent new installations, but still leave a few hundred thousand users vulnerable to an extension from a shady developer," Wu told Bleeping Computer via email. List of banned add-ons A bug report includes the list of all add-ons removed today in Mozilla's purge. The bug report lists the add-ons by their IDs, and not by their names, although Wu provided Bleeping Computer with the names of some add-ons. Besides Web Security, other banned add-ons include Browser Security, Browser Privacy, and Browser Safety. All of these have been observed sending data to the same server as Web Security, located at The other banned add-ons include: YouTube Download & Adblocker Smarttube Popup-Blocker Facebook Bookmark Manager Facebook Video Downloader YouTube MP3 Converter & Download Simply Search Smarttube - Extreme Self Destroying Cookies Popup Blocker Pro YouTube - Adblock Auto Destroy Cookies Amazon Quick Search YouTube Adblocker Video Downloader Google NoTrack Quick AMZ All in all, over 500,000 users had one of these add-ons installed inside Firefox. Offending add-ons have been disabled in users' browsers After a quick test, true to its word, Mozilla has indeed disabled the Web Security add-on in a Firefox instance Bleeping Computer used yesterday for tests. Users of any of the banned add-ons will see a warning like this: The warning message displayed at the top redirects users to this page, where it provides the following explanation for the ban: Sending user data to remote servers unnecessarily, and potential for remote code execution. Suspicious account activity for multiple accounts on AMO. In the bug report, another Mozilla engineer gave additional explanations, consistent with Wu's investigation: A number of reports have come up that the Web Security add-on (https://addons.mozilla.org/addon/web-security/) is sending visited URLs to a remote server. While this may seem reasonable for an add-on that checks visited webpages for their security, other issues have been brought up: 1) The add-on sends more data than what seems necessary to operate. 2) Some of the data is sent unsafely. 3) The add-on doesn't clearly disclose this practice, beyond a mention in a large Privacy Policy. 4) The code has the potential of executing remote code, which is partially obfuscated in its implementation. 5) Multiple add-ons with very different features, and different authors, have the same code. Further inspection reveals they may all be the same person/group. Article updated with the names of other banned add-ons and additional investigation details provided by Wu. Source Source - 2
  21. vissha

    Don't downgrade Firefox 63

    Mozilla plans to change the backend for the storage.local API to indexedDB from JSON to improve performance in Firefox 63. The migration happens in the background and Firefox users who run Firefox 63 should not notice any issues afterward. Problems may arise however if users downgrade Firefox to an earlier version or switch to a channel that is not yet at Firefox 63 or newer. The change will land in Firefox Nightly first and if users load the Beta or Stable version of Firefox with the Nightly profile, they may run into data regression issues with extensions installed in the browser. Mozilla revealed the change on the organization's Add-ons blog that it uses to inform developers of extensions for Firefox about upcoming changes and new features. If your users switch between Firefox channels using the same profile during this time, they may experience data regression in the extensions they have previously installed. Mozilla recommends that users don't downgrade from Firefox 63 in any form (be it by installing an older version and running it, or running an older version that is installed already using the same profile). How to find out if the data has been migrated You can do the following to find out if the storage API has been migrated already to the new storage format: Load about:config?filter=extensions.webextensions.ExtensionStorageIDB.enabled in the address bar of the browser. Check the value of the preference. True means that the data has been migrated. False that Firefox uses the old format. Search for extensions.webextensions.ExtensionStorageIDB.migrated. If the Extension ID is set to true, the extension storage has been migrated. What you can do to re-migrate the data Mozilla published instructions on re-migrating the extension data should it not be there after the migration. Note that it requires quite a few steps including removing the extension from Firefox and reinstalling it. Open about:debugging and write down the extension ID (or remember it). Open the profile folder of Firefox by loading about:profile and there the open folder option. Open the folder browser-extension-data. Open the Extension ID folder. Uninstall the extension. Copy the file storage.js.migrated which you find in the Extensions ID folder to a new file and name it storage.js. Open the browser console by selecting Menu > Web Developer > Browser Console or by using the shortcut Ctrl-Shift-J. Install the extension again. The browser console should display a migration message. Wait for this to happen. Closing Words If you need to run different Firefox channels, use different profiles (and you can even run the profiles simultaneously). You can copy profile data from one profile to the other to create copies if you want to work with the same data set. Source
  22. API glitch also affects Edge, but who the frack cares about that? The Angry Fox is your guarantee that someone at Mozilla is piiiiissed GOOGLE HAS been accused of slowing down YouTube on other browsers by none other than Mozilla. The problem doesn't appear to be so much a case of malice, but more failure to think outside the box, as both Firefox and Microsoft Edge, a browser popular in small communities of primitive computer users, seem to have been affected, claims Chris Peterson, Mozilla's technical program manager. He explains that the issue is being caused by the use of an API called Shadow DOM v0 - which is not only exclusive to Chrome but is actually depreciated already. Up until recently, when YouTube had its 'Polymer' makeover, there was no issue, but now there's one heck of one, from a competitive point of view. As a result, Edge and Firefox are already at a disadvantage and, claims Peterson, the result is noticeable. Now, here's the rub. If YouTube was already being presented as "this is YouTube - if your browser won't support it, it's their problem" then we wouldn't be in this mess. But there was none of that this time and given that Internet Explorer 11 is allowed to run the old YouTube interface, the fact that Firefox and Edge are being made to suffer is partly because it hasn't moved from the obsolete Shadow DOM Polyfill v0 to the current (and supported) v1. Other browsers should be serviced by whichever interface they can support and given the lack of performance for Firefox, the Mozilla Corp argues that Firefox should serve up the old interface until the DOM plug-in has been updated. There are third-party extensions available that allow access to older site designs, but should it be necessary? Is that fair on the less computer savvy YouTube watcher? The accusations have come just a day after Google released Chrome version 68 which made encrypted sites the norm, and unencrypted sites the stuff of flashy-light warning death. Source
  23. An Invisible Tax on the Web: Video Codecs Here’s a surprising fact: It costs money to watch video online, even on free sites like YouTube. That’s because about 4 in 5 videos on the web today rely on a patented technology called the H.264 video codec. A codec is a piece of software that lets engineers shrink large media files and transmit them quickly over the internet. In browsers, codecs decode video files so we can play them on our phones, tablets, computers, and TVs. As web users, we take this performance for granted. But the truth is, companies pay millions of dollars in licensing fees to bring us free video. It took years for companies to put this complex, global set of legal and business agreements in place, so H.264 web video works everywhere. Now, as the industry shifts to using more efficient video codecs, those businesses are picking and choosing which next-generation technologies they will support. The fragmentation in the market is raising concerns about whether our favorite web past-time, watching videos, will continue to be accessible and affordable to all. A drive to create royalty-free codecs Mozilla is driven by a mission to make the web platform more capable, safe, and performant for all users. With that in mind, the company has been supporting work at the Xiph.org Foundation to create royalty-free codecs that anyone can use to compress and decode media files in hardware, software, and web pages. But when it comes to video codecs, Xiph.org Foundation isn’t the only game in town. Over the last decade, several companies started building viable alternatives to patented video codecs. Mozilla worked on the Daala Project, Google released VP9, and Cisco created Thor for low-complexity videoconferencing. All these efforts had the same goal: to create a next-generation video compression technology that would make sharing high-quality video over the internet faster, more reliable, and less expensive. In 2015, Mozilla, Google, Cisco, and others joined with Amazon and Netflix and hardware vendors AMD, ARM, Intel, and NVIDIA to form AOMedia. As AOMedia grew, efforts to create an open video format coalesced around a new codec: AV1. AV1 is based largely on Google’s VP9 code and incorporates tools and technologies from Daala, Thor, and VP10. Why Mozilla loves AV1 Mozilla loves AV1 for two reasons: AV1 is royalty-free, so anyone can use it free of charge. Software companies can use it to build video streaming into their applications. Web developers can build their own video players for their sites. It can open up business opportunities, and remove barriers to entry for entrepreneurs, artists, and regular people. Most importantly, a royalty-free codec can help keep high-quality video affordable for everyone. Source: Graphics & Media Lab Video Group, Moscow State University The second reason we love AV1 is that it delivers better compression technology than even high-efficiency codecs – about 30% better, according to a Moscow State University study. For companies, that translates to smaller video files that are faster and cheaper to transmit and take up less storage space in their data centers. For the rest of us, we’ll have access to gorgeous, high-definition video through the sites and services we already know and love. Open source, all the way down AV1 is well on its way to becoming a viable alternative to patented video codecs. As of June 2018, the AV1 1.0 specification is stable and available for public use on a royalty-free basis. AV1 is the strongest candidate to meet the criteria of the Internet Engineering Task Force (IETF), which seeks to create standards for next-generation, royalty-free video formats for the internet. With the IETF’s support, it may be possible to update the WebRTC standard to list AV1 as the “Mandatory to Implement” codec, which will further encourage broad interoperability. The AV1 project is driven by the NETVC Working Group, whose primary contributors include Netflix, Huawei, Mozilla, Cisco, and others. Technically-minded folks can tune in to the NETVC meeting minutes for news about this promising contender. Looking for a deep dive into the specific technologies that made the leap from Daala to AV1? Check out our Hacks post, AV1: next generation video – The Constrained Directional Enhancement Filter. Source
  24. The new browser might be called Fenix. Firefox is one of the many alternative browsers for Android devices available on the Google Play Store. It’s a favorite of many, especially the privacy-conscious. On Android, though, it has entered a maintenance phase, meaning there are not going to be many updates for the foreseeable future—barring bug fixes and security updates of course. According to Emily Kager, Mobile Engineer at Mozilla, there’s still a lot to look forward to. What does this mean? Well, those who use Firefox for its privacy and security have nothing to worry about. The browser will still get security updates and bug fixes. Maintenance mode just means that there will be no more new features until a later date. So where are Mozilla’s development efforts going to? Mozilla may be working on an entirely new browser based on the open-source Android Components. Android Components is a collection of Android libraries that can be used to build browsers or browser-like applications. Mozilla could use it for all of their browser projects on Android including Firefox Focus/Firefox Klar, Firefox Rocket, and other apps such as Firefox for Fire TV or Firefox Reality. This may have a number of unforeseen ramifications for Mozilla’s browser, though. That’s not to say that there is anything wrong with still using the browser, but users may feel slightly deterred from continuing to use it. With at least a few months ahead of no feature updates, some users may switch to open-source Chromium-based browsers like Bromite or Kiwi. We’ll see what comes of the new browser because it could be worth the wait. More information in the ghacks article. View: Original Article.
  25. Mozilla announced on Monday that its Root Store Policy for Certificate Authorities (CAs) has been updated to version 2.6. The Root Store Policy governs CAs trusted by Firefox, Thunderbird and other Mozilla-related software. The latest version of the policy, discussed by the Mozilla community over a period of several months, went into effect on July 1. The new Root Store Policy includes nearly two dozen changes and some of the more important ones have been summarized in a blog post by Wayne Thayer, CA Program Manager at Mozilla. Version 2.6 of the Root Store Policy requires CAs to clearly disclose email address validation methods in their certificate policy (CP) and certification practice statement (CPS). The CP/CPS must also clearly specify IP address validation methods, which have now been banned in specific circumstances. CAs need to periodically obtain certain audits for their root and intermediate certificates in order to remain in the root store. Mozilla now requires auditors to provide reports written in English. The new policy also states that starting with January 1, 2019, CAs will be required to create separate intermediate certificates for S/MIME and SSL certificates. “Newly issued Intermediate certificates will need to be restricted with an EKU extension that doesn’t contain anyPolicy, or both serverAuth and emailProtection. Intermediate certificates issued prior to 2019 that do not comply with this requirement may continue to be used to issue new end-entity certificates,” Thayer explained. Another new requirement is that root certificates must have complied with the Mozilla Root Store Policy from the moment they were created. “This effectively means that roots in existence prior to 2014 that did not receive BR audits after 2013 are not eligible for inclusion in Mozilla’s program. Roots with documented BR violations may also be excluded from Mozilla’s root store under this policy,” Thayer said. Mozilla takes digital certificate management very seriously. Last year it announced taking action against Chinese certificate authority WoSign and its subsidiary StartCom as a result of over a dozen incidents. It also targeted Symantec after the company and its partners were involved in several incidents involving mississued TLS certificates, and later raised concerns over DigiCert’s acquisition of Symantec’s CA business. More at Mozilla Source
  • Create New...