Firefox's "Compact density" option, which reduces the size of the user interface, is set to disappear when Mozilla rolls out its Proton visual redesign for the browser later this year. PCMag reports: A bug was posted on Mozilla's bug tracking system entitled "Remove compact mode inside Density menu of customize palette." The reasons given for its removal include the fact it's "currently fairly hard to discover" and "we assume gets low engagement." The development team wants to "make sure that we design defaults that suit most users and we'll be retiring the compact mode for this reason." The Bugzilla thread highlights a desire for compact density to be retained as an option, but it doesn't seem likely to survive right now.

When Proton arrives, the Normal and Touch density options are expected to remain, with Touch increasing the size of the user interface to make it more finger-friendly. Meanwhile, the development team is optimizing the Normal density for displays that use 768 pixels for height, while most displays now use a higher resolution than that. Hopefully this doesn't mean the UI will be larger than it is now by default.

With the News Media Bargaining Code out of the way, the Australian government has moved its tech giant battle to the browser scene, keeping Google in its crosshairs while putting Apple under the microscope. From a report: Led by the Australian Competition and Consumer Commission (ACCC), the new battle is focused on "choice and competition in internet search and web browsers." The consumer watchdog on Thursday put out a call for submissions, with a number of questions posed in a discussion paper , centred on internet browser defaults. It claimed Apple's Safari is the most common browser used in Australia for smartphones and tablets, accounting for 51% of use. This is followed by Chrome with 39%, Samsung Internet with 7%, and with less than 1%, Mozilla Firefox. This shifts on desktop, with Chrome being the most used browser with 62% market share, followed by Safari with 18%, Edge 9%, and Mozilla 6%.

The ACCC said it's concerned with the impact of pre-installation and default settings on consumer choice and competition, particularly in relation to online search and browsers. It's also seeking views on supplier behaviour and trends in search services, browsers, and operating systems, and device ecosystems that may impact the supply of search and browsers to Australian consumers. It wants views also on the extent to which existing consumer harm can arise from the design of defaults and other arrangements.

Last week Firefox's official blog responded to some viral misinformation about the Firefox logo. "People were up in arms because they thought we had scrubbed fox imagery from our browser. Rest easy knowing nothing could be further from the truth..." Sure, it's stressful to have hundreds of thousands of people shouting things like "justice for the fox" in all-caps in your mentions for three days straight, but ultimately that means people are thinking about the brand in a way they might not have for years. ..

The logo causing all the stir is one we created a while ago with input from our users. Back in 2019, we updated the Firefox browser logo and added the parent brand logo as a new logo for our broader product portfolio that extends beyond the browser... which represents the family of Firefox products we make outside of just the Firefox browser, like Firefox Monitor. It's not an icon you're going to see on a dock, phone's home screen or desktop, though.

We didn't get rid of the fox then and have no plans to do so now, or ever. Plenty of folks jumped in to try and clear things up in the original thread, but once the "they killed the fox" meme caught momentum and became the "Firefox minimalist logo" meme, there was no stopping it. It spread to Instagram and then to Reddit. The memes became so pervasive that there were memes being made about how there were too many Firefox logo memes... Well, fear not, because no matter what you think you heard on the internet, the fox isn't leaving any time soon.

For our Firefox Nightly users out there, we're bringing back a very special version of an older logo, as a treat. Stay tuned.

Two years after publicly launching a privacy-focussed browser, Brave, founded by former Mozilla executive Brendan Eich, is taking on Google's search business, too. From a report: The announcement of Brave Search puts the upstart in the rare position of taking on both Google's browser and search dominance. Eich says that Brave Search, which has opened a waitlist and will launch in the first half of this year, won't track or profile people who use it. "Brave already has a default anonymous user model with no data collection at all," he says adding this will continue in its search engine. No IP addresses will be collected and the company is exploring how it can create both a paid, ad-free search engine and one that comes with ads.

But building a search engine isn't straightforward. [...] Eich says Brave isn't starting its search engine or index from scratch and won't be using indexes from Bing or other tech firms. Instead Brave has purchased Tailcat, an offshoot of German search engine Cliqz, which was owned by Hubert Burda Media and closed down last year. The purchase includes an index of the web that's been created by Tailcat and the technology that powers it. Eich says that some users will be given the ability to opt-in to anonymous data collection to help fine-tune search results. "What Tailcat does is it looks at a query log and a click log anonymously," Eich says. "These allow it to build an index, which Tailcat has done and already did at Cliqz, and it's getting bigger." He admits that the index will not be anywhere near as deep as Google's but that the top results it surfaces are largely the same.

As part of its war on web tracking, Mozilla is adding a new tool to Firefox aimed at stopping cookies from keeping tabs on you across multiple sites. From a report: The "Total Cookie Protection" feature is included in the web browser's latest release -- alongside multiple picture-in-picture views -- and essentially works by keeping cookies isolated between each site you visit. Or, in Mozilla's words: "By creating a separate cookie jar for every website." Firefox's new feature pares with last month's network partitioning tool, which works by splitting the Firefox browser cache on a per-website basis to prevent tracking across the web, itself targeted at blocking more stubborn "supercookies." According to Mozilla, these types of cookies are more difficult to delete and block as they are stored in obscure parts of the browser, including in Flash storage, ETags, and HSTS flags. Both tools are available as part of Firefox's enhanced tracking protection suite in "strict mode" on desktop and Android.

Rust -- the programming language, not the survival game -- now has a new home: the Rust Foundation. From a report: AWS, Huawei, Google, Microsoft and Mozilla banded together to launch this new foundation today and put a two-year commitment to a million-dollar budget behind it. This budget will allow the project to "develop services, programs, and events that will support the Rust project maintainers in building the best possible Rust." Rust started as a side project inside of Mozilla to develop an alternative to C/C++. Designed by Mozilla Research's Graydon Hore, with contributions from the likes of JavaScript creator Brendan Eich, Rust became the core language for some of the fundamental features of the Firefox browser and its Gecko engine, as well as Mozilla's Servo engine. Today, Rust is the most-loved language among developers. But with Mozilla's layoffs in recent months, many on the Rust team lost jobs and the future of the language became unclear without a main sponsor, though the project itself has thousands of contributors and a lot of corporate users, so the language itself wasn't going anywhere.

"The South African Revenue Service (SARS) has released this week its own custom web browser," reports ZDNet, "for the sole purpose of re-enabling Adobe Flash Player support, rather than port its existing website from using Flash to HTML-based web forms." To prevent the app from continuing to be used in the real-world to the detriment of users and their security, Adobe began blocking Flash content from playing inside the app starting January 12, with the help of a time-bomb mechanism... As SARS tweeted on January 12, the agency was impacted by the time-bomb mechanism, and starting that day, the agency was unable to receive any tax filings via its web portal, where the upload forms were designed as Flash widgets. But despite having a three and a half years heads-up, SARS did not choose to port its Flash widgets to basic HTML & JS forms, a process that any web developer would describe as trivial. Instead, the South African government agency decided to take one of the most mind-blowing decisions in the history of bad IT decisions and release its own web browser.

Released on Monday on the agency's official website, the new SARS eFiling Browser is a stripped-down version of the Chromium browser that has two features.

The first is to re-enable Flash support. The second is to let users access the SARS eFiling website.

As Chris Peterson, a software engineer at Mozilla, pointed out, the SARS browser only lets users access the official SARS website, which somewhat reduces the risk of users getting their systems infected via Flash exploits while navigating the web. But as others have also pointed out, this does nothing for accessibility, as the browser is only available for Windows users and not for other operating systems such as macOS, Linux, and mobile users, all of which are still unable to file taxes.

Tech blogger Paul Thurrott writes: Firefox 85 now protects users against supercookies, which Mozilla says is "a type of tracker that can stay hidden in your browser and track you online, even after you clear cookies. By isolating supercookies, Firefox prevents them from tracking your web browsing from one site to the next." It also includes small improvements to bookmarks and password management.

Unfortunately, Mozilla has separately — and much more quietly — stopped work on Site Specific Browser (SSB) functionality... This feature allowed users to use Firefox to create apps on the local PC from Progressive Web Apps and other web apps, similar to the functionality provided in Chrome, Microsoft Edge, and other Chromium-based web browsers. "The SSB feature has only ever been available through a hidden [preference] and has multiple known bugs," Mozilla's Dave Townsend explains in a Bugzilla issue tracker. "Additionally, user research found little to no perceived user benefit to the feature and so there is no intent to continue development on it at this time. As the feature is costing us time in terms of bug triage and keeping it around is sending the wrong signal that this is a supported feature, we are going to remove the feature from Firefox."
Thurrott's conclusion? "Mozilla is walking away from a key tenet of modern web apps and, in doing so, they are making themselves irrelevant."

With Mozilla's release of Firefox 85 on Tuesday, Adobe's once ubiquitous Flash technology is really gone for good. The software had been widely used to expand gaming, video and animation on the web, though Adobe stopped supporting it at the end of 2020. Firefox was the last major browser to support Flash. From a report: Apple, whose late boss Steve Jobs helped sink Flash by banning it from iPhones and iPads, ditched Flash with Safari 14 in September 2020. Google Chrome, the most widely used browser, completely excised it on Jan. 19 with version 88. Microsoft's Edge 88 followed suit on Jan. 21. The schedule of removals shows just how hard it is to advance technology foundations as widely used as the web. Browser makers for years wanted to remove Flash, replacing it with more advanced standards built directly into the web. Jobs' "Thoughts on Flash" letter in 2010 solidified the opposition, and Adobe started recognizing the software's doom by scrapping the Android version of Flash in 2011. It's taken years of effort to drop Flash completely. Adobe took until 2017 to announce that Flash would be completely unsupported at the end of 2020, and still some are willing to jump through lots of hoops to keep Flash around a little longer.

A coalition of tech companies announced today the launch of Open Web Docs, a new initiative to help write documentation for Web APIs, JavaScript, and other web tooling and platforms. From a report: The new project does not view itself as a replacement for MDN Web Docs, a website hosted by Mozilla, where all browser makers agreed to move the official Web API documentation back in October 2017, and stop developing their own, often diverging, documentation sites. Instead, in a press release and FAQ today, the Open Web Docs team said their role is to fund, coordinate, and contribute to MDN Docs going forward. The new initiative comes after Mozilla laid off 250 employees last summer, including many of its MDN Web Docs staff. Open Web Docs comes to fill this void and provide the labor force needed to continue updating the MDN Web Docs portal.

Legendary programmer Jamie Zawinski has worked on everything from the earliest releases of the Netscape Navigator browser to XEmacs, Mozilla, and, of course, the XScreenSaver project.

Now Slashdot reader e432776 writes: JWZ continues to track issues with screensavers on Linux (since 2004!), and discusses a new bug in cinnamon-screensaver. Long-standing topics like X11, developer interaction, and code licensing all feature. Solutions to these long-standing issues remain elusive.
Jamie titled his blog post "I told you so, 2021 edition": You will recall that in 2004 , which is now seventeen years ago, I wrote a document explaining why I made the design trade-offs that I did in XScreenSaver, and in that document I predicted this exact bug as my example of, "this is what will happen if you don't do it this way."

And they went and made that happen.

Repeatedly.

Every time this bug is re-introduced, someone pipes up and says something like, "So what, it was a bug, they've fixed it." That's really missing the point. The point is not that such a bug existed, but that such a bug was even possible. The real bug here is that the design of the system even permits this class of bug. It is unconscionable that someone designing a critical piece of security infrastructure would design the system in such a way that it does not fail safe .

Especially when I have given them nearly 30 years of prior art demonstrating how to do it right, and a two-decades-old document clearly explaining What Not To Do that coincidentally used this very bug as its illustrative strawman!

These bugs are a shameful embarrassment of design -- as opposed to merely bad code...
ZDNet reports that Linux Mint has issued a patch for Cinnamon that fixes the screensaver bug. But HotHardware notes that it was discovered when "one Dad let the kids play with the keyboard. This button-mashing actually crashed the machine's screensaver by sheer luck, allowing them onto the desktop, ultimately leading to the discovery of a high priority security vulnerability for the Linux Mint team."

But that's not the only thing bothering Jamie Zawinski: Just to add insult to injury, it has recently come to my attention that not only are Gnome-screensaver, Mint-screensaver and Cinnamon-screensaver buggy and insecure dumpster fires, but they are also in violation of my license and infringing my copyright.

XScreenSaver was released under the BSD license, one of the oldest and most permissive of the free software licenses. It turns out, the Gnome-screensaver authors copied large parts of XScreenSaver into their program, removed the BSD license and slapped a GPL license on my code instead -- and also removed my name. Rude...

Mint-screensaver and Cinnamon-screensaver, being forks and descendants of Gnome-screensaver, have inherited this license violation and continue to perpetuate it. Every Linux distro is shipping this copyright- and license-infringing code.

I eagerly await hearing how they're going to make this right.

Mozilla developers plan to remove support for using the Backspace key as a Back button inside Firefox. From a report: The change is currently active in the Firefox Nightly version and is expected to go live in Firefox 86, scheduled to be released next month, in late February 2021. The removal of the Backspace key as a navigational element didn't come out of the blue. It was first proposed back in July 2014, in a bug report opened on Mozilla's bug tracker. At the time, Mozilla engineers argued that many users who press the Backspace key don't always mean to navigate to the previous page (the equivalent of pressing the Back button).

Mozilla is "investigating" a design refresh for its Firefox browser. Ghacks reports that the refresh is referred to internally as "Photon." Information about the design refresh is limited at this point in time. Mozilla created a meta bug on Bugzilla as a reference to keep track of the changes. While there are not any mockups or screenshots posted on the site, the names of the bugs provide information on the elements that will get a refresh. These are:

- The Firefox address bar and tabs bar.
- The main Firefox menu.
- Infobars.
- Doorhangers.
- Context Menus.
- Modals.
Most user interface elements are listed in the meta bug. Mozilla plans to release the new design in Firefox 89; the browser is scheduled for a mid-2021 release. Its release date is set to May 18, 2021...

[Developer/Firefox extension author] Sören Hentzschel revealed that he saw some of the Firefox Proton mockups... He notes that Firefox will look more modern when the designs land and that Mozilla plans to introduce useful improvements, especially in regards to the user experience. Hentzschel mentions two examples of potential improvements to the user experience: a mockup that displays vertical tabs in a compact mode, and another that shows the grouping of tabs on the tab bar.

References to decades-old computer software are included in the new Brexit agreement, including a description of Netscape Communicator and Mozilla Mail as being "modern" services. From a report: Experts believe officials must have copied and pasted chunks of text from old legislation into the document. The references are on page 921 of the trade deal, in a section on encryption technology. It also recommends using systems that are now vulnerable to cyber-attacks. The text cites "modern e-mail software packages including Outlook, Mozilla Mail as well as Netscape Communicator 4.x." The latter two are now defunct - the last major release of Netscape Communicator was in 1997. The document also recommends using 1024-bit RSA encryption and the SHA-1 hashing algorithm, which are both outdated and vulnerable to cyber-attacks.

An anonymous reader quotes a report from ZDNet: Firefox 85, scheduled to be released next month, in January 2021, will ship with a feature named Network Partitioning as a new form of anti-tracking protection. The feature is based on "Client-Side Storage Partitioning," a new standard currently being developed by the World Wide Web Consortium's Privacy Community Group. "Network Partitioning is highly technical, but to simplify it somewhat; your browser has many ways it can save data from websites, not just via cookies," privacy researcher Zach Edwards told ZDNet in an interview this week. "These other storage mechanisms include the HTTP cache, image cache, favicon cache, font cache, CORS-preflight cache, and a variety of other caches and storage mechanisms that can be used to track people across websites." Edwards says all these data storage systems are shared among websites.

The difference is that Network Partitioning will allow Firefox to save resources like the cache, favicons, CSS files, images, and more, on a per-website basis, rather than together, in the same pool. This makes it harder for websites and third-parties like ad and web analytics companies to track users since they can't probe for the presence of other sites' data in this shared pool. The Mozilla team expects [...] performance issues for sites loaded in Firefox, but it's willing to take the hit just to improve the privacy of its users.

Browser makers Apple, Google, Microsoft, and Mozilla, have banned a root certificate that was being used by the Kazakhstan government to intercept and decrypt HTTPS traffic for residents in the country's capital, the city of Nur-Sultan (formerly Astana). From a report: The certificate had been in use since December 6, 2020, when Kazakh officials forced local internet service providers to block Nur-Sultan residents from accessing foreign sites unless they had a specific digital certificate issued by the government installed on their devices. While users were able to access most foreign-hosted sites, access was blocked to sites like Google, Twitter, YouTube, Facebook, Instagram, and Netflix, unless they had the certificate installed. Kazakh officials justified their actions claiming they were carrying out a cybersecurity training exercise for government agencies, telecoms, and private companies. Officials cited that cyberattacks targeting "Kazakhstan's segment of the internet" grew 2.7 times during the current COVID-19 pandemic as the primary reason for launching the exercise. The government's explanation did, however, make zero technical sense, as certificates can't prevent mass cyber-attacks and are usually used only for encrypting and safeguarding traffic from third-party observers. After today's ban, even if users have the certificate installed, browsers like Chrome, Edge, Mozilla, and Safari, will refuse to use them, preventing Kazakh officials from intercepting user data.

The Verge reports: Firefox's latest update brings native support for Macs that run on Apple's Arm-based silicon, Mozilla announced on Tuesday. Mozilla claims that native Apple silicon support brings significant performance improvements: the browser apparently launches 2.5 times faster and web apps are twice as responsive than they were on the previous version of Firefox, which wasn't native to Apple's chips...

Firefox's support of Apple's Arm-based processors follows Chrome, which added support for Apple's new chips shortly after the M1-equipped MacBook Pro, MacBook Air, and Mac mini were released in November.
Firefox 84 will also be the very last release to support Adobe Flash, notes ZDNet, calling both developments "a reminder of the influence Apple co-founder Steve Jobs has had and continues to exert on software and hardware nine years after his death." Jobs wrote off Flash in 2010 as successful Adobe software but one that was a 'closed' product "created during the PC era — for PCs and mice" and not suitable for the then-brand-new iPad, nor any of its prior iPhones. Instead, Jobs said the future of the web was HTML5, JavaScript and CSS.

At the end of this year Google Chrome, Microsoft Edge and Apple Safari also drop support for Flash.

Senior Apple execs recently reflected in an interview with Om Malik what the M1 would have meant to Jobs had been alive today. "Steve used to say that we make the whole widget," Greg Joswiak, Apple's senior vice president of Worldwide Marketing told Malik.

"We've been making the whole widget for all our products, from the iPhone, to the iPads, to the watch. This was the final element to making the whole widget on the Mac."
ZDNet also notes that Firefox 84 offers WebRender, "Mozilla's faster GPU-based 2D rendering engine" for MacOS Big Sur, Windows devices with Intel Gen 6 GPUs, and Intel laptops running Windows 7 and 8. "Mozilla promises it will ship an accelerated rendering pipeline for Linux/GNOME/X11 users for the first time."

Firefox now also uses "more modern techniques for allocating shared memory on Linux," writes Mozilla, "improving performance and increasing compatibility with Docker."

And Firefox 85 will include a new network partitioning feature to make it harder for companies to track your web surfing.

Apple, Google, Microsoft and Mozilla have teamed up to block the Kazakhstan government's attempts to force its citizens to install a "national security certificate" on every internet-capable device in the country. "That government-issued root certificate would allow authorities to keep tabs on people's online traffic, essentially becoming a back door to access citizens' data," reports Engadget. From the report: In its announcement, Mozilla said it was recently informed that ISPs in Kazakhstan have recently started telling customers that they're required to install the digital certificate to be able to access foreign websites. ZDNet reported earlier this month that Kazakh IPS have been cutting people's access to websites like Google, Twitter, Facebook, Instagram and Netflix unless they install the certificate.

When users in Kazakhstan who complied with their ISPs' demand try to access websites on their devices, they'll get an error telling them that the certificate shouldn't be trusted. The companies are also encouraging those users to research the use if VPN or the Tor Browser for web browsing and to change the passwords for their accounts. The Kazakhstan's government made a similar attempt back in 2015 and then again in 2019, but tech giants did what they're doing now to put a stop to those plans.

InfoWorld reports: Firefox users can expect improved JavaScript performance in the Firefox 83 browser, with the Warp update to the SpiderMonkey JavaScript engine enabled by default.

Also called WarpBuilder, Warp improves responsiveness and memory usage and speeds up page loads by making changes to JiT (just-in-time) compilers... Warp has been shown to be faster than Ion, SpiderMonkey's previous optimizing JiT, including a 20 percent improvement on Google Docs load time. Other JavaScript-intensive websites such as Netflix and Reddit also have shown improvement...

Warp has replaced the front end — the MIR building phase — of the IonMonkey JiT... Mozilla also will continue to incrementally optimize the back end of the IonMonkey JiT, as Mozilla believes there is still room for improvement for JavaScript-intensive workloads.

Shotgun (Slashdot reader #30,919) shared these thoughts from The Register: Every now and again the U.S. Congress manages to do its job and yesterday was one of those days: the Senate passed a new IoT cybersecurity piece of legislation that the House also approved, and it will now move to the President's desk.

As we noted back in March when the IoT Cybersecurity Improvement Act was introduced, the law bill is actually pretty good: it asks America's National Institute of Standards and Technology (NIST) to come up with guidelines for Internet-of-Things devices and would require any federal agency to only buy products from companies that met the new rules. It gives a minimum list of considerations to be covered: secure code, identity management, patching and configuration management. It also requires the General Services Administration — the arm of the federal government that sources products and comms for federal agencies — to come up with guidelines that would require each agency to report and publish details of security vulnerabilities, and how they resolved them, and coordinate with other agencies.

Industry has also got behind the effort — Symantec, Mozilla, BSA The Software Alliance (which includes Apple, Microsoft, IBM, Cloudflare, the CTIA and others) — and Congress has managed to keep its fingers out of things it knows nothing about by leaving the production of standards with the experts, using federal procurement to create a de facto industry standard.
Though it will still be legal sell insecure IoT devices, "for those looking for good, secure products, there will be a baseline standard across the industry..." the article concludes.

"[T]his is an essential first step to getting secure IoT in place."