J. Fergus, writing for Input: Someone finally did it. We can now follow who we want on our own terms and get that information chronologically. Fraidycat is an app and browser extension that allows just that. Though it launched in November 2019, Fraidycat recently got a massive update, widening its compatibility and adding a dark mode. The open-source tool, brought to you by Kicks Condor, is available for Linux, Mac, and Windows in addition to Mozilla Firefox and Chrome as an extension. Fraidycat definitely pulls from RSS feeds more easily, but it also works on Twitter, Instagram, and SoundCloud. You drop the link to the account you'd like to follow -- from Medium bloggers to Twitch streamers to vision board Pinterest-ers -- and set how frequently you'd like to see their posts. Label it, hit save, and posts will appear as often as you'd like. The recent update notably folds Kickstarter into the mix and collapses Twitter threads for readability.

Mozilla will add a new security sandbox system to Firefox on Linux and Firefox on Mac. The new technology, named RLBox, works by separating third-party libraries from an app's native code. From a report: This process is called "sandboxing," and is a widely used technique that can prevent malicious code from escaping from within an app and executing at the OS level. RLBox is an innovative project because it takes sandboxing to the next level. Instead of isolating the app from the underlying operating system, RLBox separates an app's internal components -- namely its third-party libraries -- from the app's core engine. This technique prevents bugs and exploits found inside a third-party library from impacting another project that uses the same library.

Mozilla will bring its new DNS-over-HTTPS security feature to all Firefox users in the U.S. by default in the coming weeks, the browser maker has confirmed. From a report: It follows a year-long effort to test the new security feature, which aims to make browsing the web more secure and private. Whenever you visit a website -- even if it's HTTPS enabled -- the DNS query that converts the web address into an IP address that computers can read is usually unencrypted. DNS-over-HTTPS, or DoH, encrypts the request so that it can't be intercepted or hijacked in order to send a user to a malicious site. These unencrypted DNS queries can also be used to snoop on which websites a user visits. DoH works at the app-level, and is baked into Firefox. The feature relies on sending DNS queries to third-party providers -- such as Cloudflare and NextDNS -- both of which will have their DoH offering baked into Firefox and will process DoH queries.

"Earlier this week, the FCC successfully defeated Mozilla's attempt to undo the commission's repeal of net neutrality," reports Engadget.

"But, while siding with the body, judges have asked the FCC to determine if repealing the law to prevent a multi-speed internet has had any negative consequences." That includes checking if net neutrality repeal has harmed public safety, reduced spending in infrastructure or hampered the Lifeline program. Consequently, the FCC will launch a period where the public and interested parties can share their views on the process. This is not an opportunity to re-litigate net neutrality repeal, but it is an opportunity to examine if the FCC acted properly and with regard to its broader obligations. The court, for instance, has directed the body to see if repeal has harmed public safety and reduced investment in critical infrastructure...

The Register claims that the FCC is behaving churlishly, burying its request for comment in a wordy title that does not reflect its true intentions. But FCC Commissioner Jessica Rosenworcel published a statement asking people to "make some noise" and write in. Rosenworcel says that the FCC's decision to repeal net neutrality was on the "wrong side of history" and that the public should demand an "open internet."

Those wishing to make a comment can do so on the FCC's Electronic Filing System, entering 17-108 (Restoring Internet Freedom) in the proceedings box. The deadline for comments is March 30th.

America's Justice Department "has filed a brief in support of Oracle in its Supreme Court battle against Google over whether Java should have copyright protection," reports ZDNet: The Justice Department filed its amicus brief to the Supreme Court this week, joining a mighty list of briefs from major tech companies and industry luminaries — including Scott McNealy, co-founder of Sun, which Oracle bought in 2010, acquiring Sun-built Java in the process. While Microsoft, IBM and others have backed Google's arguments in the decade-long battle, McNealy, like the Justice Department, is opposing Google. McNealy called Google's description of how it uses Java packages a "woeful mischaracterization of the artful design of the Java packages" and "an insult to the hard-working developers at Sun who made Java such a success...."

Joe Tucci, former CEO of now Dell-owned enterprise storage giant EMC, threw in his two cents against Google. "Accepting Google's invitation to upend that system by eliminating copyright protection for creative and original computer software code would not make the system better — it would instead have sweeping and harmful effects throughout the software industry," Tucci's brief reads.
Oracle is also questioning the motives of Google's allies, reports The Verge: After filing a Supreme Court statement last week, Oracle VP Ken Glueck posted a statement over the weekend assailing the motives of Microsoft, IBM, and the CCIA industry group, all of which have publicly supported Google. Glueck's post comes shortly after two groups — an interdisciplinary panel of academics and the American Conservative Union Foundation — submitted legal briefs supporting Oracle. Both groups argued that Google should be liable for copying code from the Java language for the Android operating system. The ACUF argued that protecting Oracle's code "is fundamental to a well-ordered system of private property rights and indeed the rule of law itself...."

Earlier this year, Google garnered around two dozen briefs supporting its position. But Oracle claims that in reality, "Google appears to be virtually alone — at least among the technology community." Glueck says Google's most prominent backers had ulterior motives or "parochial agendas"; either they were working closely with Google, or they had their own designs on Java...

Even if you accept Oracle's arguments wholeheartedly, there's a long list of other Google backers from the tech community. Advocacy groups like the Electronic Frontier Foundation and the Center for Democracy and Technology signed on to amicus briefs last month, as did several prominent tech pioneers, including Linux creator Linus Torvalds and Apple cofounder Steve Wozniak. The CCIA brief was signed by the Internet Association, a trade group representing many of the biggest companies in Silicon Valley. Patreon, Reddit, Etsy, the Mozilla Corporation, and other midsized tech companies also backed a brief raising "fundamental concerns" about Oracle's assertions.

Mozilla has a new virtual private network service and if you have a Chromebook, a Windows 10 computer or an Android device in the US, you can start using a beta version now. From a report: Called Firefox Private Network, the new service is designed to function as a full-device VPN and give better protection when surfing the web or when using public Wi-Fi networks. The company offers two options: a free browser-extension version, which it launched in beta last year, that provides 12 one-hour VPN passes when using the Firefox browser and a Firefox account; and a second, $4.99-a-month option that provides a more complete VPN service across your whole device. The new paid option, which runs off of servers provided by Swedish open-source VPN company Mullvad, can protect up to five devices with one account. It allows for faster browsing and streaming, and gives you the ability to tap into servers located in "30-plus countries" for masking your location data.

Waterfox is an open-source web browser for x64, ARM64, and PPC64LE systems, "intended to be speedy and ethical, and maintain support for legacy extensions dropped by Firefox, from which it is forked," according to Wikipedia. (Its tabs also still have angled sides with rounded corners.)

Friday Waterfox's original creator, 24-year-old Alexandros Kontos, announced that the browser "now has funding and a development team, so Waterfox can finally start to grow!" after its acquisition by a company called System1. I started Waterfox when I was 16. It was a way for me to understand how large software projects worked and the Mozilla documentation was a great introduction... I've touted Waterfox as an ethical and privacy friendly browser... I never wanted Waterfox to be a part of the hyper-privacy community. It would just feel like standards that would be impossible to uphold, especially for something such as a web browser on the internet. Throughout the years people have always asked about Waterfox and privacy, and if they've ever wanted more than it can afford, I've always pushed them to use Tor. Waterfox was here for customisations and speed, with a good level of privacy...

I wasn't doing anything with Waterfox except developing it and making some money via search. Why I kept going throughout the years, I'll never know... System1 has been to Waterfox a search syndication partner. Essentially a way to have a search engine partnership (such as Bing) is through them, because companies such as Microsoft are too big and too busy to talk to small players such as Waterfox... It's probably the one easy way a browser can make money without doing anything dodgy, and it's a way I've been happy to do it without having to compromise Waterfox (and will be the same way System1 makes money from Waterfox -- nothing else). People also don't seem to understand what System1 does...
"Now I can finally focus on making Waterfox into a viable alternative to the big browsers," Kontos concludes.

Long-time Slashdot reader Freshly Exhumed contextualized the news with this brief history of the alternate browser ecosystem: As the usage share of web browsers continues to show a lopsideded dominance by Google Chrome, many previously-independent browsers have fallen by the wayside or have been reinvented as Chrome variants (i.e. Opera, Edge, Brave). Apple forges on with its Safari browser while other, smaller projects tend to be quite limited for multi-platform users, such as Dolphin and Bromite.

Mozilla continues independently with Firefox for almost every platform, while variants such as Pale Moon and Sea Monkey have attempted to provide products that avoid drastic and/or controversial changes made by Mozilla but sometimes do not match the multi-platform support of Firefox. Let us not forget Tor, the Firefox-based anonymity-focused browser.

Alex Kontos is a developer who attempted to provide continuity with dropped Firefox capabilities in his multi-platform Waterfox browser, proudly declaring that Firefox's user data sharing and telemetry collection was not included. For that privacy focus a certain popularity of Waterfox occurred. Now Kontos has revealed that his Waterfox project has been sold to System1, a company describing itself as "a consumer internet and applications company with the most powerful audience expansion platform in the industry."

"Lazy Loading" would augment HTML's <img> tag (and <iframe> tag) with two new attributes -- "eager" (to load immediately) and "lazy" (to load only when it becomes relevant in the viewport).

Felix Arntz, a developer programs engineer at Google (and a WordPress core committer) notes the updates in the HTML specification for the lazy loading attributes, adding that it's "already supported by several browsers, including Chrome and Edge" and also the Android browser and Opera.

And lazy loading can now also be toggled on for Firefox 75 Nightly users, reports Neowin, though it's disabled by default: It's not clear if it will be enabled by the time Firefox 75 reaches the stable branch but according to comments on the Bugzilla thread, it's in high demand. Previously, websites could employ lazy loading by using JavaScript but now lazy loading syntax is supported directly in the web browser.

The implementation in Firefox comes after Google added the feature to its browser.
Google's Arntz has also written a post describing a proposal to begin lazy-loading images by default in Wordpress. The proposed solution is available as a feature plugin WP Lazy Loading in the plugin repository. The plugin is being developed on GitHub. Your testing and feedback will be much appreciated.

Mozilla today released Firefox 73 for Windows, Mac, Linux, and Android. Firefox 73 includes a default zoom level setting, a readability backplate option, and a handful of developer features.

There is now a special page in the Firefox browser where users can see what telemetry data Mozilla is collecting from their browser. From a report: Accessible by typing about:telemetry in the browser's URL address bar, this new section is a recent addition to Firefox. The page shows deeply technical information about browser settings, installed add-ons, OS/hardware information, browser session details, and running processes. The information is what you'd expect a software vendor to collect about users in order to fix bugs and keep a statistical track of its userbase. A Firefox engineer told ZDNet the page was primarily created for selfish reasons, in order to help engineers debug Firefox test installs. However, it was allowed to ship to the stable branch also as a PR move, to put users' minds at ease about what type of data the browser maker collects from its users.

Corporations love to pretend that 'anonymization' of the data they collect protects consumers. Studies keep showing that's not really true. From a report: Last fall, AdBlock Plus creator Wladimir Palant revealed that Avast was using its popular antivirus software to collect and sell user data. While the effort was eventually shuttered, Avast CEO Ondrej Vlcek first downplayed the scandal, assuring the public the collected data had been "anonymized" -- or stripped of any obvious identifiers like names or phone numbers. "We absolutely do not allow any advertisers or any third party...to get any access through Avast or any data that would allow the third party to target that specific individual," Vlcek said. But analysis from students at Harvard University shows that anonymization isn't the magic bullet companies like to pretend it is.

Dasha Metropolitansky and Kian Attari, two students at the Harvard John A. Paulson School of Engineering and Applied Sciences, recently built a tool that combs through vast troves of consumer datasets exposed from breaches for a class paper they've yet to publish. "The program takes in a list of personally identifiable information, such as a list of emails or usernames, and searches across the leaks for all the credential data it can find for each person," Attari said in a press release. They told Motherboard their tool analyzed thousands of datasets from data scandals ranging from the 2015 hack of Experian, to the hacks and breaches that have plagued services from MyHeritage to porn websites. Despite many of these datasets containing "anonymized" data, the students say that identifying actual users wasn't all that difficult. "An individual leak is like a puzzle piece," Harvard researcher Dasha Metropolitansky told Motherboard. "On its own, it isn't particularly powerful, but when multiple leaks are brought together, they form a surprisingly clear picture of our identities. People may move on from these leaks, but hackers have long memories."

The Mozilla Foundation announced today that it was moving its Thunderbird email client to a new subsidiary named the MZLA Technologies Corporation. From a report: Mozilla said that Thunderbird will continue to remain free and open source, but by moving the project away from its foundation into a corporate entity they will be able to monetize the product and pay for its development easier than before. Currently, Thunderbird is primarily being kept alive through charitable donations from the product's userbase. "Moving to MZLA Technologies Corporation will not only allow the Thunderbird project more flexibility and agility, but will also allow us to explore offering our users products and services that were not possible under the Mozilla Foundation," said Philipp Kewisch, Mozilla Product Manager. "The move will allow the project to collect revenue through partnerships and non-charitable donations, which in turn can be used to cover the costs of new products and services," Kewisch added.

Over the past two weeks, Mozilla's add-on review team has banned 197 Firefox add-ons that were caught executing malicious code, stealing user data, or using obfuscation to hide their source code. From a report: The add-ons have been banned and removed from the Mozilla Add-on (AMO) portal to prevent new installs, but they've also been disabled in the browsers of the users who already installed them. The bulk of the ban was levied on 129 add-ons developed by 2Ring, a provider of B2B software. The ban was enforced because the add-ons were downloading and executing code from a remote server. According to Mozilla's rules, add-ons must self-contain all their code, and not download code dynamically from remote locations. Mozilla has recently begun strictly enforcing this rule across its entire add-on ecosystem. A similar ban for downloading and executing remote code in users' Firefox browsers was also levied against six add-ons developed by Tamo Junto Caixa, and three add-ons that were deemed fake premium products (their names were not shared).

ProtonVPN open sourced its code this week, ZDNet reports: On Tuesday, the virtual private network (VPN) provider, also known for the ProtonMail secure email service, said that the code backing ProtonVPN applications on every system -- Microsoft Windows, Apple macOS, Android, and iOS -- is now publicly available for review in what Switzerland-based ProtonVPN calls "natural" progression.

"There is a lack of transparency and accountability regarding who operates VPN services, their security qualifications, and whether they fully conform to privacy laws like GDPR," the company says. "Making all of our applications open source is, therefore, a natural next step." Each application has also undergone a security audit by SEC Consult, which ProtonVPN says builds upon a previous partnership with Mozilla...

The source code for each app is now available on GitHub (Windows, macOS, Android, iOS). "As a community-supported organization, we have a responsibility to be as transparent, accountable, and accessible as possible," ProtonVPN says.

"Going open source helps us to do that and serve you better at the same time."
They're also publishing the results of an independent security audit for each app. "As former CERN scientists, publication and peer review are a core part of our ethos..." the company wrote in a blog post. They also point out that Switzerland has some of the world's strongest privacy laws -- and that ProtonVPN observes a strict no-logs policy.

But how do they feel about their competition? "Studies have found that over one-third of Android VPNs actually contain malware, many VPNs suffered from major security lapses, and many free VPN services that claimed to protect privacy are secretly selling user data to third parties."

An anonymous reader quotes a report from Motherboard: The Mozilla Foundation, the non-profit arm of the company known for its privacy-friendly web browser Firefox, released a guide today for helping students navigate ethical issues in the tech industry, in particular, during the recruitment process. The guide advises students not to work for companies that build technology that harms vulnerable communities, and to educate themselves "on governance" inside companies before taking a job. It also discusses unions drives, walkouts, petitions, and other forms of worker organizing.

The guide, which takes the form of a zine titled "With Great Tech Comes Great Responsibility," follows events hosted by the Mozilla Foundation last fall in partnership with six university campuses, including UC Berkeley, N.Y.U., M.I.T., Stanford, UC San Diego, and CSU Boulder. Not so subtly, it calls out Amazon, Palantir, and Google, which have faced backlash in recent months from tech workers as well as students on the campuses where they recruit. "Addressing ethical issues in tech can be overwhelming for students interested in working in tech. But change in the industry is not impossible. And it is increasingly necessary," reads the opening of the 11-page handbook -- citing military contracts, algorithmic bias, inhumane working conditions in warehouses, biased facial recognition software, and intrusive data mining as causes for concern.

An anonymous reader writes: It's been some 18 months since VentureBeat's last browser benchmark battle. What better time to get the latest results than the start of a new year? Over the past year and a half, Google Chrome has continued to dominate market share, Mozilla Firefox has doubled down on privacy, Microsoft Edge has embraced Chromium, and Brave launched out of beta.

You can click on the individual test to see the results:
SunSpider: Edge wins!
Octane: Chrome wins!
Kraken: Firefox wins!
JetStream: Edge wins!
MotionMark: Edge wins!
Speedometer: Edge wins!
Basemark: Brave wins!
WebXPRT: Firefox wins!

The Chromium version of Edge did a lot better given that the stable release only arrived this week. We were expecting improvements, but not so many outright wins. That said, browser performance was solid across all four contestants -- each browser won at least one test. Performance of course shouldn't be your only consideration when picking your preferred app for consuming internet content. As long as you're using a browser that receives regular updates (and all four of these meet that criteria), you can expect performance to be solid. There is certainly room for improvement, but Chrome, Firefox, and now Edge, as well as Brave, are all quite capable.

According to TechCrunch, Mozilla has laid off about 70 employees today. From the report: In an internal memo, Mozilla chairwoman and interim CEO Mitchell Baker specifically mentions the slow rollout of the organization's new revenue-generating products as the reason for why it needed to take this decision. The overall number may still be higher, though, as Mozilla is still looking into how this decision will affect workers in the UK and France. In 2018, Mozilla Corporation (as opposed to the much smaller Mozilla Foundation) said it had about 1,000 employees worldwide.

Baker says laid-off employees will receive "generous exit packages" and outplacement support. She also notes that the leadership team looked into shutting down the Mozilla innovation fund but decided that it needed it in order to continue developing new products. In total, Mozilla is dedicating $43 million to building new products. "You may recall that we expected to be earning revenue in 2019 and 2020 from new subscription products as well as higher revenue from sources outside of search. This did not happen," Baker writes in her memo. "Our 2019 plan underestimated how long it would take to build and ship new, revenue-generating products. Given that, and all we learned in 2019 about the pace of innovation, we decided to take a more conservative approach to projecting our revenue for 2020. We also agreed to a principle of living within our means, of not spending more than we earn for the foreseeable future."

"As we look to the future, we know we must take bold steps to evolve and ensure the strength and longevity of our mission," Baker adds. "Mozilla has a strong line of sight to future revenue generation, but we are taking a more conservative approach to our finances. This will enable us to pivot as needed to respond to market threats to internet health, and champion user privacy and agency."

In 2018 an associate technology editor at Fast Company's Co.Design wrote an article titled "Why I'm switching from Chrome to Firefox and you should too."

Today shanen shared a similar article from Digital Trends. Their writer announces that after years of experimenting with both browsers, they've also finally switched from Chrome to Mozilla Firefox -- "and you should too." The biggest draw for me was, of course, the fact that Mozilla Firefox can finally go toe-to-toe with Google Chrome on the performance front, and often manages to edge it out as well... Today, in addition to being fast, Firefox is resource-efficient, unlike most of its peers. I don't have to think twice before firing up yet another tab. It's rare that I'm forced to close an existing tab to make room for a new one. On Firefox, my 2015 MacBook Pro's fans don't blast past my noise-canceling headphones, which happened fairly regularly on Chrome as it pushed my laptop's fans to their helicopter-like limits to keep things running. This rare balance of efficiency and performance is the result of the countless under-the-hood upgrades Firefox has rolled out in the last couple of years...

Its Enhanced Tracking Protection framework keeps your identity safe by blocking trackers and cookies that otherwise follow you around the internet and collect sensitive information you probably didn't even know you were giving up. On top of that, Firefox can warn if a website is covertly mining cryptocurrency in the background. Most of these protections kick in by default and you have an exhaustive set of options to customize them the way you want. Firefox also lets you look into just how invasive a website is. It actively updates your personal privacy report so you can check how many trackers it has shut overall and for a specific website...

What really clinched the switch to Mozilla Firefox was the fact that it's the only cross-platform browser that's not running Google's open-source Chromium platform. Microsoft's Edge, Brave, Opera, Vivaldi -- each of these browsers run on Chromium, accelerating Google's dominance over the web even when you're not directly using a Chrome user. Firefox, on the other hand, is powered by Mozilla's in-house Gecko engine that's not dependent on Chromium in any way. It may not seem like as vital of a trait as I make it sound, but it truly is, even though Chromium is open-source. Google oversees a huge chunk of the web, including ads, browser, and search, and this supremacy has allowed the company to pretty much run a monopoly and set its own rules for the open internet...

Mozilla as a company has, despite a rocky journey, often taken bold stances in complex situations. In the Cambridge Analytica aftermath, Mozilla announced it would no longer run Facebook advertisements, cutting off direct marketing to over 2 billion users. In a world of tech companies taking frail, facile shots at protecting user privacy and barely delivering on their commitments, Mozilla is a breath of fresh air and you no longer have to live with any compromises to support it.

Mozilla has warned Firefox users to update their browser to the latest version after security researchers found a vulnerability that hackers were actively exploiting in "targeted attacks" against users. From a report: The vulnerability, found by Chinese security company Qihoo 360, was found in Firefox's just-in-time compiler. The compiler is tasked with speeding up performance of JavaScript to make websites load faster. But researchers found that the bug could allow malicious JavaScript to run outside of the browser on the host computer. In practical terms, that means an attacker can quietly break into a victim's computer by tricking the victim into accessing a website running malicious JavaScript code. But Qihoo did not say precisely how the bug was exploited, who the attackers were, or who was targeted.

Following in Mozilla's footsteps, Google announced today plans to hide notification popup prompts inside Chrome starting next month, February 2020. ZDNet reports: According to a blog post published today, Google plans to roll out a "quieter notification permission UI that reduces the interruptiveness of notification permission requests." The change is scheduled for Google Chrome 80, scheduled for release on February 4, next month.

Starting with Chrome 80 next month, Google's browser will also block most notification popups by default, and show an icon in the URL bar, similar to Firefox. When Chrome 80 launches next month, a new option will be added in the Chrome settings section that allows users to enroll in the new "quieter notification UI." Users can enable this option as soon as Chrome 80 is released, or they can wait for Google to enable it by default as the feature rolls out to the wider Chrome userbase in the following weeks. According to Google, the new feature works by hiding notification requests for Chrome users who regularly dismiss notification prompts. Furthermore, Chrome will also automatically block notification prompts on sites where users rarely accept notifications.