From a report: Google's Chrome now reigns as the biggest browser on the block, and the company is facing challenges similar to Microsoft's from competitors, as well as government scrutiny. But Google faces a new wrinkle -- a growing realization among consumers that their every digital move is tracked. "I think Cambridge Analytica acted as a catalyst to get people aware that their data could be used in ways they didn't expect," said Peter Dolanjski, the product lead for Mozilla's Firefox web browser, referring to the scandal in which a political consulting firm obtained data on millions of Facebook users and their friends.

And in something of a poetic role reversal, Microsoft is positioning itself to pick up the slack from people who may be fed up with Google's Chrome browser and its questionable privacy practices. Microsoft is expected to release an overhaul of its latest browser, called Edge, in the coming months. Microsoft is just one of a number of companies and organizations looking to take a piece out of Google -- some using the company's own open-source software. One name that might be familiar to most consumers -- Mozilla's Firefox browser -- is also a veteran of the "browser wars" of two decades ago. The nonprofit Mozilla, which has been biting at the heels of leading browsers for most of its existence, is introducing more aggressive privacy settings to try to stand out and take advantage of the privacy stumbles by Google and other tech giants.

An industry group of internet service providers has branded Firefox browser maker Mozilla an "internet villain" for supporting a DNS security standard. From a report: Internet Services Providers' Association (ISPA), the trade group for U.K. internet service providers, nominated the browser maker for its proposed effort to roll out the security feature, which they say will allow users to "bypass UK filtering obligations and parental controls, undermining internet safety standards in the U.K." Mozilla said late last year it was planning to test DNS-over-HTTPS to a small number of users.

Whenever you visit a website -- even if it's HTTPS enabled -- the DNS query that converts the web address into an IP address that computers can read is usually unencrypted. The security standard is implemented at the app level, making Mozilla the first browser to use DNS-over-HTTPS. By encrypting the DNS query it also protects the DNS request against man-in-the-middle attacks, which allow attackers to hijack the request and point victims to a malicious page instead. DNS-over-HTTPS also improves performance, making DNS queries -- and the overall browsing experience -- faster. But the ISPA doesn't think DNS-over-HTTPS is compatible with the U.K.'s current website blocking regime.

The Brave web browser "claims to have delivered a '69x average improvement' in its ad-blocking technology using Rust in place of C++" reports ZDNet.

They cite a blog post by Brave performance researcher Dr. Andrius Aucinas and Brave's chief scientist Dr. Ben Livshits: The improvements can be experienced in its experimental developer and nightly channel releases... "We implemented the new engine in Rust as a memory-safe, performant language compilable down to native code and suitable to run within the native browser core as well as being packaged in a standalone Node.js module," the two Brave scientists said. The new engine means the Chromium-based browser can cut the average request classification time down to 5.6 microseconds, a unit of time that's equal to a millionth of one second.

Aucinas and Livshits argue that the micro-improvements in browser performance might not seem significant to end users but do translate to good things for a computer's main processor. "Although most users are unlikely to notice much of a difference in cutting the ad-blocker overheads, the 69x reduction in overheads means the device CPU has so much more time to perform other functions," the pair explain.
Their blog post notes that loading a web page today can be incredibly complex. "Since loading an average website involves 75 requests that need to be checked against tens of thousands of rules, it must also be efficient."

Slashdot's gotten over 17,000 votes in its poll about which web browser people use on their desktop. (The current leader? Firefox, with 53% of the vote, followed by Chrome with 30%.)

But Slashdot reader koavf asks an interesting follow-up question: "What's everyone's go-to Plan B browser and why?"

To start the conversation, here's how James Gelinas (a contributor at Kim Komando's tech advice site) recently reviewed the major browsers:

• He calls Chrome "a safe, speedy browser that's compatible with nearly every page on the internet" but also says that Chrome "is notorious as a resource hog, and it can drastically slow your computer down if you have too many tabs open."
  
  "Additionally, the perks of having your Google Account connected to your browser can quickly turn into downsides for the privacy-minded among is. If you're uncomfortable with your browser knowing your searching and spending behaviors, Chrome may not be the best choice for you."

• He calls Firefox "the choice for safety".
  
  "Predating Chrome by 6 years, Firefox was the top choice for savvy Netizens in the early Aughts. Although Chrome has captured a large segment of its user base, that doesn't mean the Fox is bad. In fact, Mozilla is greatly appreciated by fans and analysts for its steadfast dedication to user privacy... Speedwise, Firefox isn't a slouch either. The browser is lighter weight than Chrome and is capable of loading some websites even faster."

• He calls Apple's Safari and Microsoft Edge "the default choice...because both of these browsers come bundled with new computers."
  
  "Neither one has glaring drawbacks, but they tend to lack some of the security features and extensions found in more popular browsers. Speedwise, however, both Edge and Safari are able to gain the upper hand against their competition. When it comes to startup time and functions, the apps are extremely lightweight on your system's resources. This is because they're part of the Mac and Window's operating systems, respectively, and are optimized for performance in that environment."

Finally, he gives the Tor browser an honorable mention. ("It's still one of the best anonymous web browsers available. It's so reliable, in fact, that people living under repressive governments often turn to it for their internet needs -- installing it on covert USB sticks to use on public computers.") And he awards a "dishonorable mention" to Internet Explorer. ("Not only is the browser no longer supported by Microsoft, but it's also vulnerable to a host of malware and adware threats.")

But what do Slashdot's readers think? Putting aside your primary desktop browser -- what's your own go-to "Plan B" web browser, and why? Leave your best answers in the comments.

What's your "backup" browser?

Mozilla is adding a random password generator to Firefox. From a report: The Firefox random password generator is expected to become publicly available for all Firefox users with the release of Firefox 69, scheduled for release in early September, roughly a year after Chrome 69. Currently, the random password generator is only available in Firefox Nightly, a Firefox version for testing new features before they land in the stable branch. When Firefox 69 will be released, the random password generator is expected to be available as a checkbox in the Firefox settings section, under "Privacy & Security," under "Logins and Passwords."

An anonymous reader writes: Mozilla today announced Firefox Preview, a pilot of its new Android browser. Firefox Preview, which is powered by Mozilla's own GeckoView engine, will ultimately replace the current Firefox for Android mobile app "this fall." At the same time, Mozilla has put Firefox Focus for Android development on hold. If you're a developer or just an early adopter, you can download Firefox Preview from Google Play.

On desktop, Firefox is the second most popular browser after Chrome. Firefox holds about 10% desktop market share, according to Net Applications. On mobile, however, Firefox has less than 0.5% share. Despite regular releases alongside the desktop browser over the years, Firefox's mobile share has not improved.

Security through obscurity is out, security through tomfoolery is in. From a report: That's the basic philosophy sold by Track THIS, "a new kind of incognito" browsing project, which opens up 100 tabs crafted to fit a specific character -- a hypebeast, a filthy rich person, a doomsday prepper, or an influencer. The idea is that your browsing history will be depersonalized and poisoned, so advertisers won't know how to target ads to you. It was developed as a collaboration between mschf (pronounced "mischief") internet studios and Mozilla's Firefox as a way of promoting Firefox Quantum, the newest Firefox browser. [...] Just a warning -- if you use Track THIS it may take several minutes for all 100 tabs to load. (I used Chrome as my browser.) But when as it gradually loads, it's like taking a first-person journey through someone else's consciousness.

An anonymous reader writes: A recent Firefox zero-day that has made headlines across the tech news world this week was actually used in attacks against Coinbase employees, and not the company's users. Furthermore, the attacks used not one, but two Firefox zero-days, according to Philip Martin, a member of the Coinbase security team, which reported the attacks to Mozilla. One was an RCE reported by a Google Project Zero security researcher to Mozilla in April, and the second was a sandbox escape that was spotted in the wild by the Coinbase team together with the RCE, on Monday.

The question here is how an attacker managed to get hold of the details for the RCE vulnerability and use it for his attacks after the vulnerability was privately reported to Mozilla by Google. The attacker could have found the Firefox RCE on his own, he could have bribed a Mozilla/Google insider, hacked a Mozilla/Google employee and viewed details about the RCE, or hacked Mozilla's bug tracker, like another attacker did in 2015.

Google today launched a new Chrome extension that will simplify the process of reporting a malicious site to the Google Safe Browsing team so that it can be analyzed, reviewed, and blacklisted in Chrome and other browsers that support the Safe Browsing API. From a report: Named the Suspicious Site Reporter, this extension adds an icon to the Google Chrome toolbar that when pressed, opens a popup window from where users can file an automatic report for the current site they're on, and which they suspect might be up to no good. "If the site is added to Safe Browsing's lists, you'll not only protect Chrome users but users of other browsers and across the entire web," said Emily Schechter, Chrome Product Manager. The Safe Browsing API is implemented not only in the mobile and desktop versions of Chrome but also in the mobile and desktop versions of Mozilla Firefox and Apple's Safari.

Researchers from Austria's Graz University of Technology "have devised an automated system for browser profiling using two new side channel attacks that can help expose information about software and hardware," reports The Register.

The researchers recently presented a paper titled "JavaScript Template Attacks: Automatically Inferring Host Information for Targeted Exploits," which The Register says "calls into question the effectiveness of anonymized browsing and browser privacy extensions... "

Long-time Slashdot reader Artem S. Tashkinov shared their report: One of the side-channel attacks developed for JavaScript Template Attacks involve measuring runtime differences between two code snippets to infer the underlying instruction set architecture through variations in JIT compiler behavior. The other involves measuring timing differences in the memory allocator to infer the allocated size of a memory region.

The boffins' exploration of the JavaScript environment reveals not only the ability to fingerprint via browser version, installed privacy extension, privacy mode, operating system, device microarchitecture, and virtual machine, but also the properties of JavaScript objects. And their research shows there are far more of these than are covered in official documentation. This means browser fingerprints have the potential to be far more detailed -- have more data points -- than they are now.

The Mozilla Developer Network documentation for Firefox, for example, covers 2,247 browser properties. The researchers were able to capture 15,709. Though not all of these are usable for fingerprinting and some represent duplicates, they say they found about 10,000 usable properties for all browsers.

An anonymous reader writes: Mozilla today introduced a new Firefox family of logos, a rebranding effort it kicked off more than 18 months ago. For most people, Firefox refers to a browser, but the company now wants the brand to encompass the entire Firefox family of apps and services. "The 'Firefox' you've always known as a browser is stretching to cover a family of products and services united by putting you and your privacy first," Mozilla explained. "Firefox is a browser AND an encrypted service to send huge files. It's an easy way to protect your passwords on every device AND an early warning if your email has been part of a data breach. Safe, private, eye-opening. That's just the beginning of the new Firefox family."

An anonymous reader quotes I Programmer: In an interview by Jan Vollmer for the German online magazine site t3n, Mozilla CEO Chris Beard has confirmed plans to launch Firefox Premium later this year. Answering Vollmer's questions about how Mozilla is currently monetized Beard answered:

We are working on three sources of income and we want to rebalance them: We have Search, but we also make content. We have a company called Pocket that discovers and curates content. There is also sponsored content. This is the content business. And the third one we are working on and developing as we think about products and services are premium levels for some of these offerings. You can imagine something like a secure storage solution.

Prompted to say more about a premium offer, he continued:

We also tested VPN. We can tell if you're on a public Wi-Fi network and want to do online banking and say, "Wow, you really should use VPN." You can imagine we'll offer a solution that gives us all a certain amount of free VPN Bandwidth and then offer a premium level over a monthly subscription. We want to add more subscription services to our mix and focus more on the relationship with the user to become more resilient in business issues.

Later in the interview, when asked when the subscription services might start Beard tries to be reassuring, saying:

So, what we want to clarify is that there is no plan to charge money for things that are now free. So we will roll out a subscription service and offer a premium level. And the plan is to introduce the first one this year, towards fall. We aim for October.

An anonymous reader quotes a report from VentureBeat: Mozilla today announced a slew of privacy improvements. The company has turned on Enhanced Tracking Protection, which blocks cookies from third-party trackers in Firefox, by default. Mozilla has also improved its Facebook Container extension, released a Firefox desktop extension for its rebranded Lockwise password keeper, and updated Firefox Monitor with a dashboard for multiple email addresses.

If you download a fresh copy of Firefox today, Enhanced Tracking Protection will be on by default as part of the Standard setting. That means third-party tracking cookies are blocked without users having to change a thing. You will notice Enhanced Tracking Protection working if there is a shield icon in the address bar. If you click on the shield icon and open the Content Blocking section and then Cookies, you'll see a Blocking Tracking Cookies section. There you can see the companies listed as third-party cookies and trackers that Firefox has blocked. You can also turn off blocking for a specific site. The feature focuses on third-party trackers (the ad industry) while allowing first-party cookies (logins, where you last left off, and so on). Mozilla says it is enabling Enhanced Tracking Protection by default because most users don't change their browser settings.

An anonymous reader writes: Mozilla today announced a slew of privacy improvements. The company has turned on Enhanced Tracking Protection, which blocks cookies from third-party trackers in Firefox, by default. Mozilla has also improved its Facebook Container extension, released a Firefox desktop extension for its rebranded Lockwise password keeper, and updated Firefox Monitor with a dashboard for multiple email addresses. Mozilla added basic Tracking Protection to Firefox 42's private browsing mode in November 2015. The feature blocked website elements (ads, analytics trackers, and social share buttons) based on Disconnect's tracking protection rules. With the release of Firefox 57 in November 2017, Mozilla added an option to enable Tracking Protection outside of private browsing. (Tracking Protection was not turned on by default because it can break websites and cut off revenue streams for content creators who depend on third-party advertising.)

Few home-grown Google products have been as successful as Chrome. Launched in 2008, it has more than 63% of the market and about 70% on desktop computers, according to StatCounter data. Mozilla's Firefox is far behind, while Apple's Safari is the default browser for iPhones. Microsoft's Internet Explorer and Edge browsers are punchlines. From a report: Google won by offering consumers a fast, customizable browser for free, while embracing open web standards. Now that Chrome is the clear leader, it controls how the standards are set. That's sparking concern Google is using the browser and its Chromium open-source underpinnings to elbow out online competitors and tilt entire industries in its favor. Most major browsers are now built on the Chromium software code base that Google maintains. Opera, an indie browser that's been used by techies for years, swapped its code base for Chromium in 2013. Even Microsoft is making the switch this year. That creates a snowball effect, where fewer web developers build for niche browsers, leading those browsers to switch over to Chromium to avoid getting left behind.

This leaves Chrome's competitors relying on Google employees who do most of the work to keep Chromium software code up to date. Chromium is open source, so anyone can suggest changes to it, but the majority of programmers who approve contributions are Google employees, and any major disagreements get settled by a small circle of senior Google employees. Chrome is so ascendant these days that web developers often don't bother to test their sites on competing browsers. Google services including YouTube, Docs and Gmail sometimes don't work as well on rival browsers, sending frustrated users to Chrome. Instead of just another ship slicing through the sea of the web, Chrome is becoming the ocean.

Mozilla today launched Firefox 67 for Windows, Mac, Linux, and Android. From a report: The 10th release since Mozilla's big Firefox Quantum launch in November 2017 doubles down on performance and privacy. Firefox 67 includes deprioritizing least commonly used features, suspending unused tabs, faster startup, blocking of cryptomining and fingerprinting, Private Browsing improvements, voice input in the Android search widget, and more. [...] Firefox 67 is better at performing tasks at the optimal time, resulting in faster "painting" of the page. Specifically, the browser deprioritizes least commonly used features and delays set Timeout to prioritize scripts for things you need. Mozilla says Instagram, Amazon, and Google searches now execute between 40% and 80% faster. Firefox also now scans for alternative style sheets after page load and doesn't load the auto-fill module unless there is a form to complete. Next, Firefox 67 detects if your computer's memory is running low (under 400MB) and suspends unused tabs. If you do click on a tab that you haven't used or looked at in a while, it will reload where you left off. Finally, Firefox 67 promises faster startup for users that customized their browser with an add-on.

Developers at Mozilla, Facebook, Cloudflare, and elsewhere have been drafting "BinaryAST" as a new over-the-wire format for JavaScript. From a report: BinaryAST is a binary representation of the original JavaScript code and associated data structures to speed-up the parsing of the code at the page load time compared to the JavaScript source itself. The binary abstract syntax tree format should lead to faster script loading across all web devices. Numbers related today by CloudFlare range from a 4% to 13% drop in load times compared to parsing conventional JavaScript source. Or if taking a "lazified" approach to skip unused functions, it can be upwards of 98% less time necessary. You can read more about it here.

In the wake of the mass disablement of Mozilla Firefox's add-on ecosystem last weekend, Mozilla has committed to improving its asset tracking and developing a mechanism that can quickly push updates to users when needed. From a report: Due to an intermediate certificate expiring on May 4 at 1AM UTC, users found their browser add-ons were switched off and could not be re-enabled. Thanks to timezones and the rotation of the planet, users on the western side of the Pacific were the first hit. Writing in a blog post, Firefox CTO Eric Rescorla detailed some initial thoughts and announced a formal post-mortem would be published next week. "First, we should have a much better way of tracking the status of everything in Firefox that is a potential time bomb and making sure that we don't find ourselves in a situation where one goes off unexpectedly. We're still working out the details here, but at minimum we need to inventory everything of this nature," Rescorla wrote. "Second, we need a mechanism to be able to quickly push updates to our users even when -- especially when -- everything else is down.

Google plans to add support for two new privacy and security features in Chrome, namely same-site cookies and anti-fingerprinting protection. From a report: The biggest change that Google plans to roll out is in regards to how it treats cookie files. These new controls will be based on a new IETF standard that Chrome and Mozilla developers have been working on for more than three years. This new IETF specification describes a new attribute that can be set inside HTTP headers. Called "SameSite," the attribute must be set by the website owner and should describe the situations in which a site's cookies can be loaded.

[...] Google engineers also announced a second major new privacy feature for Chrome. According to Google, the company plans to add support for blocking certain types of "user fingerprinting" techniques that are being abused by online advertisers. Google didn't go into details of what types of user fingerprinting techniques it was planning to block. It is worth mentioning that there are many, which range from scanning locally installed system fonts to abusing the HTML5 canvas element, and from measuring a user's device screen size to reading locally installed extensions.

Google is set to launch new tools to limit the use of tracking cookies, a move that could strengthen the search giant's advertising dominance and deal a blow to other digital-marketing companies, WSJ reported Monday, citing people familiar with the matter. [Editor's note: the link may be paywalled; alternative source.] From the report: After years of internal debate, Google could as soon as this week roll out a dashboard-like function in its Chrome browser that will give internet users more information about what cookies are tracking them and offer options to fend them off, the people said. This is a more incremental approach than less-popular browsers, such as Apple's Safari and Mozilla's Firefox, which introduced updates to restrict by default the majority of tracking cookies in 2017 and 2018, respectively. Google's move, which could be announced at its developer conference in Mountain View, Calif., starting Tuesday, is expected to be touted as part of the company's commitment to privacy -- a complicated sell, given the torrent of data it continues to store on users -- and press its sizable advantage over online-advertising rivals.