AmiMoJo writes: Mozilla Ideas is a new platform by Firefox-maker Mozilla to improve communication with the Firefox userbase. At its core, Ideas works similarly to Uservoice and other services of its kind. Firefox users and developers may post new content on the platform, and everyone else may comment and vote on the idea. Users may access the latest, top voted, most discussed or even random topics on the Ideas platform. Current ideas include re-adding the compact interface option, improving the master password protection, or providing a higher contrast default theme.

An anonymous reader quotes a report from AppleInsider: The new WebExtensions Community Group will try to forge a common architecture for future web extensions, and is inviting developers to join the effort. The new group, shortened WECG, consists of members from each of the major browser developers. Member chairs are held by Timothy Hatcher of Apple and Simeon Vincent of Google. Current participants include employees from Apple, Mozilla, and Microsoft.

The WebExtensions Community Group has two goals: Make extension creation easier for developers by specifying a consistent model and common core of functionality, APIs, and permissions; and Outline an architecture that enhances performance and is even more secure and resistant to abuse. The group doesn't want to specify every aspect of the web extensions platform or stifle innovation. Each browser vendor will continue to operate independently with their own policies. Developers and browser vendors interested in contributing to the group can join via the W3C website. The WECG has a dedicated GitHub repository with the community charter and work.

Mozilla's Firefox 89 releases to the general public today complete with the new Proton interface which simplifies the browser's menus and alters the tabs bar beyond anything we've seen from previous Firefox releases or other web browsers. From a report: This update also improves macOS integration and includes further privacy enhancements. The first thing that people will notice in this update is the Proton interface, the browser chrome and toolbar have been simplified so that redundant and less frequently used features have been removed, menus have been altered so that the most used features are prominent and visual noise has been reduced.

Proton also updates prompts so they have a cleaner appearance and unnecessary alerts and messages have been removed. The attached tabs have also been supplanted by floating tabs; Mozilla says the rounded design of the active tab "signals the ability to easily move the tab as needed." While almost everyone will support cleaner menus, the new tabs are drawing the ire of some who are not pleased with the radical departure from the traditional look and feel of tabs.

"The web browser is a crucial part of modern life, and yet it hasn't really been revised since the '90s," writes Protocol. "That may be about to change." The browser tab is an underrated thing. Most people think of them only when there are too many, when their computer once again buckles under Chrome's weight. Even the developers who build the tabs — the engineers and designers working on Chrome, Firefox, Brave and the rest — haven't done much to them. The internet has evolved in massive, earth-shaking ways over the last two decades, but tabs haven't really changed since they became a browser feature in the mid '90s.

Josh Miller, however, has big plans for browser tabs. Miller is the CEO of a new startup called The Browser Company, and he wants to change the way people think about browsers altogether. He sees browsers as operating systems, and likes to wonder aloud what "iOS for the web" might look like. What if your browser could build you a personalized news feed because it knows the sites you go to? What if every web app felt like a native app, and the browser itself was just the app launcher? What if you could drag a file from one tab to another, and it just worked? What if the web browser was a shareable, synced, multiplayer experience? It would be nothing like the simple, passive windows to the web that browsers are now. Which is exactly the goal.

The Browser Company (which everyone on the team just calls Browser) is one of a number of startups that are rethinking every part of the browser stack. Mighty has built a version of Chrome that runs on powerful server hardware and streams the browser itself over the web. Brave is building support for decentralized protocols like IPFS, and experimenting with using cryptocurrencies as a new business model for publishers. Synth is building a new bookmarks system that acts more like a web-wide inbox. Sidekick offers a vertical app launcher and makes tabs easier to organize. "A change is coming," said Mozilla CEO Mitchell Baker. "The question is just the time frame, and what's actually required to make it happen."

They have lots of different ideas, but they share a belief that the browser can, and should, be more than it is. "We don't need a new web browser," Miller said. "We need a new successor to the web browser."

While he was at the White House, Chief Digital Officer (and Miller's boss) Jason Goldman said something Miller couldn't forget. "Platforms have all the leverage," is how Miller remembers it. "And if you care about the future of the internet, or the way we use our computers, or want to improve any of the things that are broken about technology ... you can't really just build an application. Platforms, whether it's iOS or Windows or Android or Mac OS, that's where all the control is."

New stricter European Union guidelines will push Facebook, Google and other big tech companies to commit not to make money from advertising linked to disinformation. From a report: The European Commission said on Wednesday that its strengthened non-binding guidelines, which confirmed a May 19 Reuters report, set out a robust monitoring framework and clear performance indicators for firms to comply with. read more Concerns about the impact of disinformation have intensified during the COVID-19 pandemic and after claims about election fraud in the United States, with some critics pointing to the role of social media and tech giants in spreading it.

"Disinformation cannot remain a source of revenue. We need to see stronger commitments by online platforms, the entire advertising ecosystem and networks of fact-checkers," EU industry chief Thierry Breton said in a statement. "We need online platforms and other players to address the systemic risks of their services and algorithmic amplification, stop policing themselves alone and stop allowing to make money on disinformation, while fully preserving the freedom of speech," she said. Signatories to the code, which was introduced in 2018, include Google, Facebook, Twitter, Microsoft, Mozilla, TikTok and some advertising and tech lobbying groups.

sandbagger shares a report from The Register: FingerprintJS, maker of a browser-fingerprinting library for fraud prevention, on Thursday said it has identified a more dubious fingerprinting technique capable of generating a consistent identifier across different desktop browsers, including the Tor Browser. Konstantin Darutkin, senior software engineer at FingerprintJS, said in a blog post that the company has dubbed the privacy vulnerability "scheme flooding." The name refers to abusing custom URL schemes, which make web links like "skype://" or "slack://" prompt the browser to open the associated application. "The scheme flooding vulnerability allows an attacker to determine which applications you have installed," explains Darutkin. "In order to generate a 32-bit cross-browser device identifier, a website can test a list of 32 popular applications and check if each is installed or not."

Visiting the schemeflood.com site using a desktop (not mobile) browser and clicking on the demo will generate a flood of custom URL scheme requests using a pre-populated list of likely apps. A browser user would typically see a pop-up permission modal window that says something like, "Open Slack.app? A website wants to open this application. [canel] [Open Slack.app]." But in this case, the demo script just cancels if the app is present or reads the error as confirmation of the app's absence. It then displays the icon of the requested app if found, and moves on to its next query. The script uses each app result as a bit to calculate the identifier. The fact that the identifier remains consistent across different browsers means that cross-browser tracking is possible, which violates privacy expectations.

There was a big announcement this week from Mozilla. They've joined Fastly, Intel, and Microsoft "in announcing the incorporation and expansion of the Bytecode Alliance, a cross-industry partnership to advance a vision for fast, secure, and simplified software development based on WebAssembly." Building software today means grappling with a set of vexing trade-offs. If you want to build something big, it's not realistic to build each component from scratch. But relying on a complex supply chain of components from other parties allows a defect anywhere in that chain to compromise the security and stability of the entire program.

Tools like containers can provide some degree of isolation, but they add substantial overhead and are impractical to use at per-supplier granularity. And all of these dynamics entrench the advantages of big companies with the resources to carefully manage and audit their supply chains.

Mozilla helped create WebAssembly to allow the Web to grow beyond JavaScript and run more kinds of software at faster speeds. But as it matured, it became clear that WebAssembly's technical properties — particularly memory isolation — also had the potential to transform software development beyond the browser by resolving the tension described above. Several other organizations shared this view, and we came together to launch the Bytecode Alliance as an informal industry partnership in late 2019. As part of this launch, we articulated our shared vision and called for others to join us in bringing it to life... [W]e asked prospective members to be patient and, in parallel with ongoing technical efforts, worked to incorporate the Alliance as a formal 501(c)(6) organization. That process is now complete, and we're thrilled to welcome Arm, DFINITY Foundation, Embark Studios, Google, Shopify, and University of California at San Diego as official members of the Bytecode Alliance.

We have a real opportunity to change how software is built, and in doing so, enable small teams to build big things that are both secure and fast.

Achieving the elusive trifecta — easy composition, defect isolation, and high performance — requires both the right technology and a coordinated effort across the ecosystem to deploy it in the right way. Mozilla believes that WebAssembly has the right technical ingredients to build a better, more secure Internet, and that the Bytecode Alliance has the vision and momentum to make it happen.

Facebook has joined the Rust Foundation, the organization driving the Rust programming language, alongside Amazon Web Services, Google, Huawei, Microsoft, and Mozilla. From a report: Facebook is the latest tech giant to ramp up its adoption of Rust, a language initially developed by Mozilla that's become popular for systems programming because of its memory safety guarantees compared to fast languages C and C++. Rust is appealing for writing components like drivers and compilers.

The Rust Foundation was established in February with initial backing from Amazon Web Services, Google, Huawei, Microsoft, and Mozilla. Microsoft is exploring Rust for some components of Windows and Azure while Google is using Rust to build new parts of the Android operating system and supporting an effort to bring Rust to the Linux kernel. Facebook's engineering team has now detailed its use of Rust beginning in 2016, a year after Rust reached its 1.0 milestone. "For developers, Rust offers the performance of older languages like C++ with a heavier focus on code safety. Today, there are hundreds of developers at Facebook writing millions of lines of Rust code," Facebook's software engineering team said.

Artem S. Tashkinov writes: Over the past ten years, Firefox market share has decreased substantially and the web browser has lost its appeal and coolness. Seeing that, someone at Mozilla probably decided that the best way to entice people back is by changing its UI, thus Firefox has already seen quite a huge number of changes despite other major web browsers staying relatively the same in terms of their visuals; i.e. Google Chrome and Apple Safari look almost the same as they did a decade ago. The most substantial redesign, which is being prepared for the next release, called Proton, promises to drive most power users away because it's broken on a number of levels and makes using the browser a very unpleasant experience.

So, what has changed:
- The compact density option for the address bar is now gone, and not only that, the title bar is now a lot taller than before. Overall, vertically, the title bar and address bar now take almost a dozen pixels more than previous Firefox releases, which steals very precious vertical space.
- The floating tabs. The active tab is now totally disconnected from the active web page and it looks out of place.
- The inactive tabs now completely lack a delimiter between them; and in the case of websites lacking a favicon, all inactive tabs look like one, which makes understanding what's open and what to click very difficult and time consuming.
- Mozilla has removed icons from menus, which makes navigating them slower and more difficult. Human beings can easily recognize and memorize icons, and now instead you have to read 20 menu items and try to understand what you actually need to click. Just to illustrate it, check how Firefox 88 looks and what is up and coming.

It surely looks like whatever UX studies Mozilla has done were either not run properly, or the data being collected was not properly understood. Mozilla has disabled feedback for Firefox, they've made it abundantly clear that you cannot leave comments in their Bugzilla, and considering they want to deprecate userChrome.css, it makes it impossible to restore the semblance of a good web browser experience. The Slashdot crowd loves free and open-source web browsers, so the question is, how can we make the company stop maiming and destroying their most important product?

ewhac writes: Firefox has long had a built-in PDF viewer, allowing users to view PDF files in the browser without having to install a third-party application. In addition to the other weird things PDF files can contain, one of them is JavaScript. Putatively offered as a way to create self-validating forms, this scripting capability has been abused over the decades in just about every way you can imagine. Firefox's built-in viewer, although it has apparently had the ability to execute embedded JS for some time, never turned that feature on, making it a safe(r) way to open PDFs... Until now. The newly released Firefox version 88 has flipped that switch, and will now blithely execute JavaScript embedded in PDFs. Firefox's main preferences dialog offers no control for turning this "feature" off.

To turn off JavaScript execution in PDFs: Enter about:config in the address bar; click "I'll be careful." In the search box near the top, enter pdfjs.enableScripting. Change the setting to False. Close the page.

Slashdot reader LeeLynx shares news from The Register about a Slackware 15 beta release (following the debut of February's alpha), "nearly five years after the distribution last saw a major update." (And nearly 28 years after its initial release back in 1993...) Created by Patrick Volkerding (who still lays claim to the title Benevolent Dictator For Life), the current release version arrived in the form of 2016's 14.2... The Linux kernel has been updated to 5.10.30 (at time of writing) with 5.11.14 available for testing. Desktop fans may be pleased to see, among the many updates, KDE Plasma hitting 5.21.4 as well as updates for old faithfuls, such as Mozilla Firefox and Thunderbird.

The beta itself dropped on 12 April (with the 5.10.29 kernel) and Volkerding noted: "I'm going to go ahead and call this a beta even though there's still no fix for the illegal instruction issue with 32-bit mariadb. But there should be soon."

Tinkering has continued since, judging by the change log, although the beta tag brings hope there will be a release before long.

Google is all alone with its proposed advertising technology -- FLoC-- to replace third-party cookies. Every major browser that uses the open source Chromium project has declined to use it, and it's unclear what that will mean for the future of advertising on the web. Firefox, Safari, Microsoft Edge, Vivaldi, and Brave have said they are not implementing Google's FLoC into their browsers.

What if the key to improving speech recognition accuracy is simply mixing all available speech datasets together to train one large AI model? That's the hypothesis behind a recent study published by a team of researchers affiliated with Google Research and Google Brain. They claim an AI model named SpeechStew that was trained on a range of speech corpora achieves state-of-the-art or near-state-of-the-art results on a variety of speech recognition benchmarks. VentureBeat reports: In pursuit of a solution, the Google researchers combined all available labeled and unlabelled speech recognition data curated by the community over the years. They drew on AMI, a dataset containing about 100 hours of meeting recordings, as well as corpora that include Switchboard (approximately 2,000 hours of telephone calls), Broadcast News (50 hours of television news), Librispeech (960 hours of audiobooks), and Mozilla's crowdsourced Common Voice. Their combined dataset had over 5,000 hours of speech -- none of which was adjusted from its original form. With the assembled dataset, the researchers used Google Cloud TPUs to train SpeechStew, yielding a model with more than 100 million parameters. In machine learning, parameters are the properties of the data that the model learned during the training process. The researchers also trained a 1-billion-parameter model, but it suffered from degraded performance.

Once the team had a general-purpose SpeechStew model, they tested it on a number of benchmarks and found that it not only outperformed previously developed models but demonstrated an ability to adapt to challenging new tasks. Leveraging Chime-6, a 40-hour dataset of distant conversations in homes recorded by microphones, the researchers fine-tuned SpeechStew to achieve accuracy in line with a much more sophisticated model. Transfer learning entails transferring knowledge from one domain to a different domain with less data, and it has shown promise in many subfields of AI. By taking a model like SpeechStew that's designed to understand generic speech and refining it at the margins, it's possible for AI to, for example, understand speech in different accents and environments.

A new report from The Washington Post reveals how the FBI gained access to an iPhone linked to the 2015 San Bernardino shooting. Apple refused to build a backdoor into the phone, citing the potential to undermine the security of hundreds of millions of Apple users, which kicked off a legal battle that only ended after the FBI successfully hacked the phone. Thanks to the Washington Post's report, we now know the methods the FBI used to get into the iPhone. Mitchell Clark summarizes the key findings via The Verge: The phone at the center of the fight was seized after its owner, Syed Rizwan Farook, perpetrated an attack that killed 14 people. The FBI attempted to get into the phone but was unable to due to the iOS 9 feature that would erase the phone after a certain number of failed password attempts. Apple attempted to help the FBI in other ways but refused to build a passcode bypass system for the bureau, saying that such a backdoor would permanently decrease the security of its phones. After the FBI announced that it had gained access to the phone, there were concerns that Apple's security could have been deeply compromised. But according to The Washington Post, the exploit was simple: [An Australian security firm called Azimuth Security] basically found a way to guess the passcode as many times as it wanted without erasing the phone, allowing the bureau to get into the phone in a matter of hours.

The technical details of how the auto-erase feature was bypassed are fascinating. The actual hacking was reportedly done by two Azimuth employees who gained access to the phone by exploiting a vulnerability in an upstream software module written by Mozilla. That code was reportedly used by Apple in iPhones to enable the use of accessories with the Lightning port. Once the hackers gained initial access, they were able to chain together two more exploits, which gave them full control over the main processor, allowing them to run their own code. After they had this power, they were able to write and test software that guessed every passcode combination, ignoring any other systems that would lock out or erase the phone. The exploit chain, from Lightning port to processor control, was named Condor. As with many exploits, though, it didn't last long. Mozilla reportedly fixed the Lightning port exploit a month or two later as part of a standard update, which was then adopted by the companies using the code, including Apple.

Last year, NetMarketShare showed that Edge's 7.59% desktop market share pushed it past Firefox in March last year. Now, StatCounter reports that Edge has been adding users over the last few months as Firefox's userbase shrinks. TechSpot reports: While the data doesn't prove Firefox users have been leaving for Edge, we see that Microsoft's browser has seen its market share jump from 7.81% to 8.03% this year, while Mozilla's product declined from 8.1% to 7.95%. That's an all-time high for Edge, according to StatCounter. Edge's gain in users hasn't secured it the second position. That honor goes to Safari, which now has a 10.11% share, though its numbers have been falling since December, so Edge could overtake it soon enough.

Like Windows 7, it seems some people are having trouble letting go of the now-discontinued Internet Explorer. It has a 1.7% share that is declining very slowly. The data is only for the desktop market. Looking at all platforms -- desktop, tablet, and mobile -- iPhones and iPads make Safari's second spot more secure with a 19.03% share, while Firefox moves ahead of Edge, albeit by just 0.23%.

This week the lead consumer technology writer for The New York Times urged readers to switch their browser from Chrome, Safari, or Microsoft Edge to a private browser.

"For about a week, I tested three of the most popular options — DuckDuckGo, Brave and Firefox Focus. Even I was surprised that I eventually switched to Brave as the default browser on my iPhone." Firefox Focus, available only for mobile devices like iPhones and Android smartphones, is bare-bones. You punch in a web address and, when done browsing, hit the trash icon to erase the session. Quitting the app automatically purges the history. When you load a website, the browser relies on a database of trackers to determine which to block.

The DuckDuckGo browser, also available only for mobile devices, is more like a traditional browser. That means you can bookmark your favorite sites and open multiple browser tabs. When you use the search bar, the browser returns results from the DuckDuckGo search engine, which the company says is more focused on privacy because its ads do not track people's online behavior. DuckDuckGo also prevents ad trackers from loading. When done browsing, you can hit the flame icon at the bottom to erase the session.

Brave is also more like a traditional web browser, with anti-tracking technology and features like bookmarks and tabs. It includes a private mode that must be turned on if you don't want people scrutinizing your web history. Brave is also so aggressive about blocking trackers that in the process, it almost always blocks ads entirely. The other private browsers blocked ads less frequently....

In the end, though, you probably would be happy using any of the private browsers... For me, Brave won by a hair. My favorite websites loaded flawlessly, and I enjoyed the clean look of ad-free sites, along with the flexibility of opting in to see ads whenever I felt like it. Brendan Eich, the chief executive of Brave, said the company's browser blocked tracking cookies "without mercy."

"If everybody used Brave, it would wipe out the tracking-based ad economy," he said.

Count me in.

Ashkan Soltani was the Chief Technologist of America's Federal Trade Commission in 2014 — and earlier was a staff technologist in its Division of Privacy and Identity Protection helping investigate tech companies including Google and Facebook

Friday on Twitter he accused another group of privacy violations: the nonprofit rights organization, the American Civil Liberties Union. Yesterday, the ACLU updated their privacy statement to finally disclose that they share constituent information with 'service providers' like Facebook for targeted advertising, flying in the face of the org's public advocacy and statements.

In fact, I was retained by the ACLU last summer to perform a privacy audit after concerns were raised internally regarding their data sharing practices. I only agreed to do this work on the promisee by ACLU's Executive Director that the findings would be made public. Unfortunately, after reviewing my findings, the ACLU decided against publishing my report and instead sat on it for ~6 months before quietly updating their terms of service and privacy policy without explanation for the context or motivations for doing so. While I'm bound by a nondisclosure agreement to not disclose the information I uncovered or my specific findings, I can say with confidence that the ACLU's updated privacy statements do not reflect the full picture of their practices.

For example, public transparency data from Google shows that the ACLU has paid Google nearly half a million dollars to deliver targeted advertisements since 2018 (when the data first was made public). The ACLU also opted to only disclose its advertising relationship with Facebook only began in 2021, when in truth, the relationship spans back years totaling over $5 million in ad-spend. These relationships fly against the principles and public statements of the ACLU regarding transparency, control, and disclosure before use, even as the organization claims to be a strong advocate for privacy rights at the federal and state level. In fact, the NY Attorney General conducted an inquiry into whether the ACLU had violated its promises to protect the privacy of donors and members in 2004. The results of which many aren't aware of. And to be clear, the practices described would very much constitute a 'sale' of members' PII under the California Privacy Rights Act (CPRA).

The irony is not lost on me that the ACLU vehemently opposed the CPRA — the toughest state privacy law in the country — when it was proposed. While I have tremendous respect for the work the ACLU and other NGOs do, it's important that nonprofits are bound by the same privacy standards they espouse for everyone else. (Full disclosure: I'm on the EFF advisory board and was recently invited to join EPIC's board.)

My experience with the ACLU further amplifies the need to have strong legal privacy protections that apply to nonprofits as well as businesses — partially since many of the underlying practices, particularly in the area of fundraising and advocacy, are similar if not worse.
Soltani also re-tweeted an interesting response from Alex Fowler, a former EFF VP who was also Mozilla's chief privacy officer for three years: I'm reminded of EFF co-founder John Gilmore telling me about the Coders' Code: If you find a bug or vulnerability, tell the coder. If coder ignores you or refuses to fix the issue, tell the users.

Sunday IT Wire counted up the number of signatories on two open letters, one opposing Richard Stallman's return to the FSF and one supporting it.

- The pro-Stallman letter had 3,632 individual signers
- The anti-Stallman letter had 2,812 individual signers (plus 48 companies and organizations).

But the question of Stallman's leadership has now also arisen in the GCC community:

A long-time developer of GCC, the compiler created by the GNU Project and used in Linux distributions, has issued a call for the removal of Free Software Founder Richard Stallman from the GCC steering committee. Nathan Sidwell [also a software engineer at Facebook] said in a post directed to the committee that if it was unwilling to remove Stallman, then the panel should explain why it was not able to do so.

Stallman is also the founder of the GNU Project and the original author of GCC.

"RMS [Stallman] is no longer a developer of GCC, the most recent commit I can find regards SCO in 2003," Sidwell wrote in a long email. "Prior to that there were commits in 1997, but significantly less than 1994 and earlier. GCC's implementation language is now C++, which I believe RMS neither uses nor likes.

"When was RMS' most recent positive input to the GCC project? Even if it was recent and significant, that doesn't mean his toxic behaviour should be accepted."
Meanwhile, the following groups have also issued statements opposing Stallman's return to the FSF:

- Mozilla: We can't demand better of the internet if we don't demand better of our leaders, colleagues and ourselves. We're with the Open Source Diversity Community, Outreachy & the Software Conservancy project in supporting this petition.
- The Tor Project: The Tor Project is joining calls for Richard M. Stallman to be removed from board, staff, volunteer, and other leadership positions in the FOSS community, including the Free Software Foundation and the GNU Project.
Rust creator Graydon Hoare: He's been saying sexist shit & driving women away for decades. He can't change, the FSF board knows it, is sending a "sexism doesn't matter" message. This is bad leadership and I'm sad about all of it, agree with calls to resign.

If someone is a public leader their public behaviour matters. I don't criticize private individuals here and I don't think twitter-justice is especially nuanced. But this is so far over the line, such a stupid and tone-deaf choice, and it is about community leadership.
The EFF: We at EFF are profoundly disappointed to hear of the re-election of Richard Stallman to a leadership position at the Free Software Foundation, after a series of serious accusations of misconduct led to his resignation as president and board member of the FSF in 2019. We are also disappointed that this was done despite no discernible steps taken by him to be accountable for, much less make amends for, his past actions or those who have been harmed by them. Finally, we are also disturbed by the secretive process of his re-election, and how it was belatedly conveyed to FSF's staff and supporters.

Stallman's re-election sends a wrong and hurtful message to free software movement, as well as those who have left that movement because of Stallman's previous behavior.

Free software is a vital component of an open and just technological society: its key institutions and individuals cannot place misguided feelings of loyalty above their commitment to that cause. The movement for digital freedom is larger than any one individual contributor, regardless of their role. Indeed, we hope that this moment can be an opportunity to bring in new leaders and new ideas to the free software movement.

We urge the voting members of the FSF1 to call a special meeting to reconsider this decision, and we also call on Stallman to step down: for the benefit of the organization, the values it represents, and the diversity and long-term viability of the free software movement as a whole.
Finally, the Free Software Foundation itself has now pinned the following tweet at the top of its Twitter feed: No LibrePlanet organizers (staff or volunteer), speakers, award winners, exhibitors, or sponsors were made aware of Richard Stallman's announcement until it was public.

Mozilla Firefox will soon include a revised Referrer Policy to tighten up queries and better protect user information. From a report: Firefox 87, due to ship on March 23, will cut back on path and query string information from referrer headers "to prevent sites from accidentally leaking sensitive user data." In a blog post on Monday, developer Dimi Lee and security infrastructure engineering manager Christoph Kerschbaumer said the latest browser version will include a "stricter, more privacy-preserving default Referrer Policy." Browsers send HTTP Referrer headers to websites to indicate which location has 'referred' a user to a website server. Full URLs of referring documents are often sent in the HTTP Referrer header with other subresource requests, and while this may contain innocent information used for purposes including analytics, private user data may also be included. Referrer policies aim to protect this data, but if no policy is set by a website, this often defaults to "no-referrer-when-downgrade," an element that Firefox says does trim down the referrer when navigating to a less secure resource, but still "sends the full URL including path and query information of the originating document as the referrer."

Tech companies led by Mozilla are urging the Federal Communications Commission to swiftly reinstate net neutrality rules stripped away under the Trump administration. From a report: In a letter to FCC Acting Chairwoman Jessica Rosenworcel Friday, ADT, Dropbox, Eventbrite, Reddit, Vimeo and Wikimedia joined Mozilla, the maker of the Firefox web browser, in calling net neutrality "critical for preserving the internet as a free and open medium that promotes innovation and spurs economic growth." [...] In a blog post Friday, Mozilla Chief Legal Officer Amy Keating said the pandemic has made the need for net neutrality rules even more clear.

"In a moment where classrooms and offices have moved online by necessity, it is critically important to have rules paired with strong government oversight and enforcement to protect families and businesses from predatory practices," Keating said. "In California, residents will have the benefit of these fundamental safeguards as a result of a recent court decision that will allow the state to enforce its state net neutrality law. However, we believe that users nationwide deserve the same ability to control their own online experiences."