An anonymous reader quotes a report from Patently Apple: Firefox browser-maker Mozilla is considering whether to block cybersecurity company DarkMatter from serving as one of its internet security gatekeepers after a Reuters report linked the United Arab Emirates-based firm to a cyber espionage program. Reuters reported in January that DarkMatter provided staff for a secret hacking operation, codenamed Project Raven, on behalf of an Emirati intelligence agency. The unit was largely comprised of former U.S. intelligence officials who conducted offensive cyber operations for the UAE government. Former Raven operatives told Reuters that many DarkMatter executives were unaware of the secretive program, which operated from a converted Abu Dhabi mansion away from DarkMatter's headquarters.

Those operations included hacking into the internet accounts of human rights activists, journalists and officials from rival governments, Reuters found. DarkMatter has denied conducting the operations and says it focuses on protecting computer networks. While Mozilla had been considering whether to grant DarkMatter the authority to certify websites as safe, two Mozilla executives said in an interview last week that Reuters' report raised concerns about whether DarkMatter would abuse that authority. Mozilla said the company has not yet come to a decision on whether to deny the authority to DarkMatter, but expects to decide within weeks. Further reading available via Reuters

The World Wide Web Consortium (W3C) today declared that the Web Authentication API (WebAuthn) is now an official web standard. From a report: First announced by the W3C and the FIDO Alliance in February 2016, WebAuthn is now an open standard for password-free logins on the web. It is supported by W3C contributors, including Airbnb, Alibaba, Apple, Google, IBM, Intel, Microsoft, Mozilla, PayPal, SoftBank, Tencent, and Yubico. The specification lets users log into online accounts using biometrics, mobile devices, and/or FIDO security keys. WebAuthn is supported by Android and Windows 10. On the browser side, Google Chrome, Mozilla Firefox, and Microsoft Edge all added support last year. Apple has supported WebAuthn in preview versions of Safari since December.

Mozilla wants to make it easier for startups, researchers, and hobbyists to build voice-enabled apps, services, and devices. From a report: Toward that end, it's today releasing the latest version of Common Voice, its open source collection of transcribed voice data that now comprises over 1,400 hours of voice samples from 42,000 contributors across 18 languages, including English, French, German, Dutch, Hakha-Chin, Esperanto, Farsi, Basque, Spanish, Mandarin Chinese, Welsh, and Kabyle. It's one of the largest multi-language dataset of its kind, Mozilla claims -- substantially larger than the Common Voice corpus it made publicly available eight months ago, which contained 500 hours (400,000 recordings) from 20,000 volunteers in English -- and the corpus will soon grow larger still. The organization says that data collection efforts in 70 languages are actively underway via the Common Voice website and mobile apps.

An anonymous reader shares a report: News subscription service Scroll, which is yet to launch to consumers but has received the backing of several top publishers, courted another major player today: Mozilla. The browser maker says it will work with Scroll to better understand how consumers react to ad-free experiences on the web and subscription-based funding models. As part of the deal, Mozilla said it would test features and product ideas provided by Scroll, which itself has been conducting internal tests with a number of outlets. Small groups of Firefox users will be invited at random to share feedback and also respond to surveys, Mozilla said.

Video game publisher Ubisoft is working with Mozilla to develop an AI coding assistant called Clever-Commit, head of Ubisoft La Forge Yves Jacquier announced during DICE Summit 2019 on Tuesday. From a report: Clever-Commit reportedly helps programmers evaluate whether or not a code change will introduce a new bug by learning from past bugs and fixes. The prototype, called Commit-Assistant, was tested using data collected during game development, Ubisoft said, and it's already contributing to some major AAA titles. The publisher is also working on integrating it into other brands. "Working with Mozilla on Clever-Commit allows us to support other programming languages and increase the overall performances of the technology. Using this tech in our games and Firefox will allow developers to be more productive as they can spend more time creating the next feature rather than fixing bugs. Ultimately, this will allow us to create even better experiences for our gamers and increase the frequency of our game updates," said Mathieu Nayrolles, technical architect, data scientist, and member of the Technological Group at Ubisoft Montreal.

"While it's creepy to imagine companies are listening in to your conversations, it's perhaps more creepy that they can predict what you're talking about without actually listening," writes an NBC News technology correspondent, arguing that data, not privacy, is the real danger. Your data -- the abstract portrait of who you are, and, more importantly, of who you are compared to other people -- is your real vulnerability when it comes to the companies that make money offering ostensibly free services to millions of people. Not because your data will compromise your personal identity. But because it will compromise your personal autonomy. "Privacy as we normally think of it doesn't matter," said Aza Raskin, co-founder of the Center for Humane Technology [and a former Mozilla team leader]. "What these companies are doing is building little models, little avatars, little voodoo dolls of you. Your doll sits in the cloud, and they'll throw 100,000 videos at it to see what's effective to get you to stick around, or what ad with what messaging is uniquely good at getting you to do something...."

With 2.3 billion users, "Facebook has one of these models for one out of every four humans on earth. Every country, culture, behavior type, socio-economic background," said Raskin. With those models, and endless simulations, the company can predict your interests and intentions before you even know them.... Without having to attach your name or address to your data profile, a company can nonetheless compare you to other people who have exhibited similar online behavior...
A professor at Columbia law school decries the concentrated power of social media as "a single point of failure for democracy." But the article also warns about the dangers of health-related data collected from smartwatches. "How will people accidentally cursed with the wrong data profile get affordable insurance?"

An anonymous reader quotes a report from ZDNet: After a year of secret preparations, Mozilla has publicly announced plans today to implement a "site isolation" feature, which works by splitting Firefox code in isolated OS processes, on a per-domain (site) basis. The concept behind this feature isn't new, as it's already present in Chrome, since May 2018. Currently, Firefox comes with one process for the browser's user interface, and a few (two to ten) processes for the Firefox code that renders the websites. With Project Fission (as this was named), Firefox split processes will change, and a separate one will be created for each website a user is accessing. This separation will be so fine-grained that just like in Chrome, if there's an iframe on the page, that iframe will receive its own process as well, helping protect users from threat actors that hide malicious code inside iframes (HTML elements that load other websites inside the current website). This is the same approach Chrome has taken with its "Site Isolation."

slack_justyb shares a report from Ars Technica: The House Commerce Committee is "reassuming its traditional role of oversight to ensure the agency is acting in the best interest of the public and consistent with its legislative authority," Commerce Committee Chairman Frank Pallone, Jr. (D-N.J.) and Communications and Technology Subcommittee Chairman Mike Doyle (D-Penn.) said in an announcement yesterday. Pallone, Jr. and Doyle wrote a letter to Pai, saying that he has made the FCC too secretive and has repeatedly advanced the interests of corporations over consumers. They wrote: "Not only have you have failed on numerous occasions to provide Democratic members of this committee with responses to their inquiries, you have also repeatedly denied or delayed responding to legitimate information requests from the public about agency operations. These actions have denied the public of a full and fair understanding of how the FCC under your leadership has arrived at public policy decisions that impact Americans every day in communities across the country. Under your leadership, the FCC has failed repeatedly to act in the public interest and placed the interest of corporations over consumers. The FCC should be working to advance the goals of public safety, consumer protection, affordable access, and connectivity across the United States. To that end, it is incumbent upon the Committee's leadership and its members to oversee the activities of the FCC."

On Thursday this week, the Communications Subcommittee will hold a hearing about the impact of Pai's net neutrality repeal on consumers, small businesses, and free speech. Witnesses who have been invited to testify at the hearing include former FCC Chairman Tom Wheeler, cable industry chief lobbyist Michael Powell (who is also a former FCC chairman), and representatives of Mozilla, Free Press, and Eastern Oregon Telecom.

An anonymous reader writes: Starting with Firefox 66 -- scheduled for release on March 19, 2019 -- Mozilla plans to block auto-playing audio on both desktop and mobile -- a feature it began to test on Nightly builds last year. The new rule will apply to any website that plays audio without user interaction in advance -- such as a user clicking a button. The audio autoplay ban will apply to both HTML5 audio and video elements used for media playback in modern browsers, meaning Firefox will block sound coming from both ads and video players, the most common sources of such abuse. Mozilla's move comes almost a year after Chrome took a similar decision to block all auto-playing sound by default with the release of Chrome 66 in April 2018. Microsoft similarly announced plans to block auto-playing sounds in Edge, but the feature never made it to production.

Mozilla has halted the rollout of v65 update to Firefox browser on Windows platform after learning about an issue with certain antivirus products. Users of Firefox 65, an update which was released last week, reported seeing "Your connection is not secure" error warnings when visiting popular sites. From a report: The issue mostly affected Firefox 65 users running AVG or Avast antivirus. The message appeared when users visited an HTTPS website and stated the 'Certificate is not trusted because the issuer is unknown' and that 'The server might not be sending the inappropriate intermediate certificates'.

The problem, reported on Mozilla's bug report page and first spotted by Techdows, is due to the HTTPS-filtering feature in Avast and AVG antivirus. Avast owns AVG. The bug prevented users from visiting any HTTPS site with Firefox 65. To limit the impact on users, Mozilla decided to temporarily halt all automatic updates on Windows. In the meantime, Avast, which owns AVG, released a new virus engine update that completely disabled Firefox HTTPS filtering in Avast and AVG products. HTTPS filtering remains enabled on other browsers.

Senator Ed Markey (D-MA) said today he would "soon" introduce a bill to permanently reinstate the net neutrality rules that were repealed by the Federal Communications Commission, led by chairman Ajit Pai, in 2017. From a report: Markey's announcement comes as a federal court is set to hear oral arguments over the FCC's repeal of net neutrality regulations in 2017. Markey, who is a member of the Senate Commerce Committee, has previously introduced a bill that would permanently reinstate net neutrality as a member of the House of Representatives, although the measure ultimately failed.

It's unclear when the bill would be formally introduced, but Markey said it was imminent. "We will soon lay down a legislative marker in the Senate in support of net neutrality to show the American people that we are on their side in overwhelming supporting a free and open internet." Further reading: Net Neutrality Repeal at Stake as Key Court Case Starts: Oral arguments are set to begin Friday in the most prominent lawsuit challenging the federal government's repeal of broadband access rules known as net neutrality. The Federal Communications Commission approved the rules in 2015 to ensure internet users equal and open access to all websites and services. The commission, under new leadership, rolled the rules back in 2017. The plaintiffs in the suit to be argued Friday, led by the internet company Mozilla and supported by 22 state attorneys general, say the commission lacked a sound legal reason for scrapping the regulations. The government is expected to argue that the rules were repealed because of the burden they imposed on broadband providers like Verizon and Comcast.

The Firefox browser will soon come with a new security feature that will detect and then warn users when a third-party app is performing a Man-in-the-Middle (MitM) attack by hijacking the user's HTTPS traffic. From a report: The new feature is expected to land in Firefox 66, Firefox's current beta version, scheduled for an official release in mid-March. The way this feature works is to show a visual error page when, according to a Mozilla help page, "something on your system or network is intercepting your connection and injecting certificates in a way that is not trusted by Firefox." An error message that reads "MOZILLA_PKIX_ERROR_MITM_DETECTED" will be shown whenever something like the above happens.

Mark Wilson writes: Facebook has been no stranger to controversy and scandal over the years, but things have been particularly bad over the last twelve months. The latest troubles find Mozilla complaining to the European Commission about the social network's lack of transparency, particularly when it comes to political advertising. Mozilla's Chief Operating Officer, Denelle Dixon, has penned a missive to Mariya Gabriel, the European Commissioner for Digital Economy and Society. She bemoans the fact that Facebook makes it impossible to conduct analysis of ads, and this in turn prevents Mozilla from offering full transparency to European citizens -- something it sees as important in light of the impending EU elections.

Following Mozilla's footsteps, Google has released Chrome 72 for Windows, Mac, and Linux. From a report: The release includes code injection blocking and new developer features. You can update to the latest version now using Chrome's built-in updater or download it directly from google.com/chrome. With over 1 billion users, Chrome is both a browser and a major platform that web developers must consider. In fact, with Chrome's regular additions and changes, developers often must make an effort to stay on top of everything available -- as well as what has been deprecated or removed -- most notably, Chrome 72 removes support for Chromecast setup on a computer. To set up a Chromecast, you'll now need to use a mobile device.

As this isn't a major release, there aren't many new features to cover. Chrome 72 for Windows, however, blocks code injections, reducing crashes caused by third-party software. The initiative to block code injections in Chrome started last year, with warnings letting users know that Chrome was fighting back. Those warnings are now gone, and Chrome blocks code injections full stop. Further reading: All the Chromium-based browsers.

Firefox 65, the latest version of Mozilla's web browser, is now available for Windows, Mac, Linux, and Android platforms. The release brings simplified Content Blocking controls for Enhanced Tracking Protection, support for WebP image support with the Windows client getting an additional feature: support for AV1 format. From a report: Across all platforms, Firefox can now handle Google's WebP image format. WebP supports both lossy and lossless compression and promises the same image quality as existing formats at smaller file sizes. Firefox 65 for desktop brings redesigned controls for the Content Blocking section to let users choose their desired level of privacy protection. You can access it by either clicking on the small "i" icon in the address bar and clicking on the gear on the right side under Content Blocking or by going to Preferences, Privacy & Security, and then Content Blocking.

Next, Firefox now supports AV1, the royalty-free video codec developed by the Alliance for Open Media. AV1 improves compression efficiency by more than 30 percent over the codec VP9, which it is meant to succeed. Lastly, Firefox's new Task Manager page (just navigate to about:performance or find it under "Other" in the main menu) is complete. Introduced in Firefox 64, Task Manager now reports memory usage for tabs and add-ons.

An anonymous reader quotes a report from ZDNet: A Microsoft program manager has caused a stir on Twitter over the weekend by suggesting that Firefox-maker Mozilla should give up on its own rendering engine and move on with Chromium. "Thought: It's time for @mozilla to get down from their philosophical ivory tower. The web is dominated by Chromium, if they really 'cared' about the web, they would be contributing instead of building a parallel universe that's used by less than five percent?" wrote Kenneth Auchenberg, who builds web developer tools for Microsoft's Visual Studio Code.

Auchenberg's post referred to Mozilla's response to Microsoft's announcement in December that it would scrap Edge's EdgeHTML rendering engine for Chromium's. The move will leave Firefox's Gecko engine as the only alternative to Chromium, which is used by Opera and dozens of other browsers. Few people agreed with Auchenberg, including engineers from both Mozilla and Chromium. Long-serving Mozillian Asa Dotzler was not impressed. "Just because your employer gave up on its own people and technology doesn't mean that others should follow," Dotzler replied to Auchenberg. Auchenberg clarified that he didn't want to see Mozilla vanish, but said it should reorganize into a research institution "instead of trying to to justify themselves with the 'protectors of the web' narrative."

After months of user complaints, Mozilla will remove a misleading "dark pattern" from its page screenshot utility. From a report: The problematic feature is the "Save" button that appears when Firefox users take a screenshot. The issue is that the Save button doesn't save the screenshot to the PC, as most users would naturally expect, but uploads the image to a Mozilla server. This is both a privacy violation, as some users don't appreciate being tricked into uploading sensitive images saved on remote servers, but also an incovenience as users would still have to download the image locally, but in multiple steps afterward.

Mozilla has announced that it is closing Firefox Test Pilot, an experimental program it launched three years ago. Firefox Test Pilot allowed users to try out potential new built-in Firefox features and offer feedback to the browser maker. The company says the program was used by an average of 100,000 daily users. A report adds: It's worth noting here that Test Pilot is separate from the various beta versions of Firefox, which are early iterations designed to fine-tune features intended for the prime-time Firefox. Test Pilot, on the other hand, is more about Mozilla dipping its toes in the water to see whether a new feature is worth pursuing at all in the main version of the app, or even as a standalone product. Ultimately, it allows Firefox developers to take bigger risks with their ideas.

The Model 3 will be entered into Pwn2Own this year, the first time a car has been included in the annual high-profile hacking contest. The prize for the winning security researchers: a Model 3. TechCrunch reports: Pwn2Own, which is in its 12th year and run by Trend Micro's Zero Day Initiative, is known as one of the industry's toughest hacking contests. ZDI has awarded more than $4 million over the lifetime of the program. Pwn2Own's spring vulnerability research competition, Pwn2Own Vancouver, will be held March 20 to 22 and will feature five categories, including web browsers, virtualization software, enterprise applications, server-side software and the new automotive category. The targets, chosen by ZDI, include software products from Apple, Google, Microsoft, Mozilla, Oracle and VMware. And, of course, Tesla . Pwn2Own is run in conjunction with the CanSec West conference. There will be "more than $900,000 worth of prizes available for attacks that subvert a variety of [the Model 3's] onboard systems," reports Ars Technica. "The biggest prize will be $250,000 for hacks that execute code on the car's getaway, autopilot, or VCSEC."

"A gateway is the central hub that interconnects the car's powertrain, chassis, and other components and processes the data they send. The autopilot is a driver assistant feature that helps control lane changing, parking, and other driving functions. Short for Vehicle Controller Secondary, VCSEC is responsible for security functions, including the alarm."

Mozilla will take the next major step in disabling support for the Adobe Flash plugin later this year when it releases Firefox 69. From a report: Firefox 69 will be Mozilla's third last step to completely dropping support for the historically buggy plugin, which will reach end of life on December 31, 2020. Flash is the last remaining NPAPI plugin that Firefox supports. Mozilla flagged the change, spotted by Ghacks, in a new bug report that notes "we'll disable Flash by default in Nightly 69 and let that roll out". Firefox 69 stable will be released in early September, according to Mozilla's release calendar.