Here's a surprising fact: It costs money to watch video online, even on free sites like YouTube. That's because about 4 in 5 videos on the web today rely on a patented technology called the H.264 video codec. From a report: It took years for companies to put this complex, global set of legal and business agreements in place, so H.264 web video works everywhere. Now, as the industry shifts to using more efficient video codecs, those businesses are picking and choosing which next-generation technologies they will support. The fragmentation in the market is raising concerns about whether our favorite web past-time, watching videos, will continue to be accessible and affordable to all.

Over the last decade, several companies started building viable alternatives to patented video codecs. Mozilla worked on the Daala Project, Google released VP9, and Cisco created Thor for low-complexity videoconferencing. All these efforts had the same goal: to create a next-generation video compression technology that would make sharing high-quality video over the internet faster, more reliable, and less expensive. In 2015, Mozilla, Google, Cisco, and others joined with Amazon and Netflix and hardware vendors AMD, ARM, Intel, and NVIDIA to form AOMedia. As AOMedia grew, efforts to create an open video format coalesced around a new codec: AV1. AV1 is based largely on Google's VP9 code and incorporates tools and technologies from Daala, Thor, and VP10.

Mozilla loves AV1 for two reasons: AV1 is royalty-free, so anyone can use it free of charge. Software companies can use it to build video streaming into their applications. Web developers can build their own video players for their sites. The second reason we love AV1 is that it delivers better compression technology than even high-efficiency codecs -- about 30% better, according to a Moscow State University study.

Security researchers have discovered a new malicious campaign that utilizes stolen D-Link certificates to sign malware. From a report: A lesser-known cyber-espionage group known as BlackTech was caught earlier this month using a stolen D-Link certificate to sign malware deployed in a recent campaign. "The exact same certificate had been used to sign [official] D-Link software; therefore, the certificate was likely stolen," says Anton Cherepanov, a security researcher for Slovak antivirus company ESET, and the one who discovered the stolen cert. Cherepanov says BlackTech operators used the stolen cert to sign two malware payloads -- the first is the PLEAD backdoor, while the second is a nondescript password stealer. According to a 2017 Trend Micro report, the BlackTech group has used the PLEAD malware in the past. Just like in previous attacks, the group's targets for these most recent attacks were again located in East Asia, particularly in Taiwan. The password stealer isn't anything special, being capable of extracting passwords from only four apps -- Internet Explorer, Google Chrome, Mozilla Firefox, and Microsoft Outlook.

Web monoculture is well and truly alive when Google cannot be bothered to make a full-featured cross-browser mobile search page. From a report: It has been over five years since Firefox really turned a corner and started to morph from its bloated memory-munching ways into the lightning-quick browser it is today. Buried in Mozilla's issue tracker is a bug that kicked off in February 2014, and is yet to be resolved: Have Google treat Firefox for Android as a first-class citizen and serve up comparable content to what the search giant hands Chrome and Safari. After years of requests, meetings, and to and fro, it has hit a point where the developers of Firefox are experimenting by manipulating the user agent string in its nightly development builds to trick Google into thinking that Firefox Mobile is a Chrome browser. Not only does Google's search page degrade for Firefox on Android, but some new properties like Google Flights have occasionally taken to outright blocking of the browser.

sombragris writes: Stylish, a popular extension available for Chrome and Firefox which allows for easy customization of any website, now phones home and shares its users' browser history with its corporate parent, according to blogger Robert Heaton. This prompted Firefox to ban the extension from its addons site and prompt all users to disable it. The discussion can be seen in the relevant bug report. In Heaton's words:

Stylish is no longer a well-meaning product with your best interests at heart. If you use and like Stylish, please uninstall it and switch to an alternative like Stylus, an offshoot from the good old version of Stylish that works in much the same way, minus the spyware.

Google too has pulled the extension from its extension store. This is not the first time Stylish is at the centre of a privacy debacle

An anonymous reader quotes a report from TechCrunch: Google is turning startup investor to further its goal of putting Google services like search, maps, and its voice assistant front and center for the next billion internet users in emerging markets. It has invested $22 million into KaiOS, the company that has built an eponymous operating system for feature phones that packs a range of native apps and other smartphone-like services. As part of the investment, KaiOS will be working on integrating Google services like search, maps, YouTube and its voice assistant into more KaiOS devices, after initially announcing Google apps for KaiOS-powered Nokia phones earlier this year.

KaiOS is a U.S.-based project that started in 2017, built on the ashes of Mozilla's failed Firefox OS experiment, as a fork of the Linux codebase. Firefox OS was intended to be the basis of a new wave of HTML-5, low-cost smartphones. And while those devices and the wider ecosystem never really took off, KaiOS has fared significantly better. KaiOS powers phones made by OEMs including Nokia (HMD), Micromax and Alcatel, and it works with carriers including Sprint and AT&T -- it counts offices in North America, Europe and Asia. But its most significant deployment to date has been with India's Reliance Jio, the challenger telco that disrupted the Indian market with affordable 4G data packages. "This funding will help us fast-track development and global deployment of KaiOS-enabled smart feature phones, allowing us to connect the vast population that still cannot access the internet, especially in emerging markets," said KaiOS CEO Sebastien Codeville in a statement.

On Tuesday, Mozilla released Firefox 61, the newest version of its web browser for Windows, Mac, Linux, and Android platforms. The release builds on Firefox Quantum, which the company calls "by far the biggest update since Firefox 1.0 in 2004." VentureBeat: Version 61 brings TLS 1.3, the ability to add custom search engines to the location bar, tab warming, retained display lists, WebExtension tab management, and the Accessibility Tools Inspector. Mozilla doesn't break out the exact numbers for Firefox, though the company does say "half a billion people around the world" use the browser. In other words, it's a major platform that web developers have to consider.

Troy Hunt, web security expert and creator of the website Have I Been Pwned (HIBP), wrote a blog post announcing his partnerships with Firefox and 1Password. For those unfamiliar with the site, Have I Been Pwned allows you to search across multiple data breaches to see if your email address has been compromised. The service is especially handy now that data breaches are becoming a daily occurrence. Hunt writes: Last November, there was much press about Mozilla integrating HIBP into Firefox. I was a bit surprised at the time as it was nothing more than their Breach Alerts feature which simply highlighted if the site being visited had previously been in a data breach (it draws this from the freely accessible breach API on HIBP). But the press picked up on some signals which indicated that in the long term, we had bigger plans than that and the whole thing got a heap of very positive attention. I ended up fielding a heap of media calls just on that one little feature - people loved the idea of HIBP in Firefox, even in a very simple form. As it turns out, we had much bigger plans and that's what I'm sharing here today. Over the coming weeks, Mozilla will begin trialling integration between HIBP and Firefox to make breach data searchable via a new tool called "Firefox Monitor." Here's what Hunt has to say about 1Password: As of now, you can search HIBP from directly within 1Password via the Watchtower feature in the web version of the product. This helps Watchtower become "mission control" for accounts and introduces the "Breach Report" feature. If you're a 1Password user you can use this feature right now, just head on over to the 1Password login page.

Another high-profile endorsement for Firefox -- this time from the lead consumer technology writer for The New York Times. (Alternate link here). The web has reached a new low. It has become an annoying, often toxic and occasionally unsafe place to hang out. More important, it has become an unfair trade: You give up your privacy online, and what you get in return are somewhat convenient services and hyper-targeted ads. That's why it may be time to try a different browser.

Remember Firefox...? About two years ago, six Mozilla employees were huddled around a bonfire one night in Santa Cruz, Calif., when they began discussing the state of web browsers. Eventually, they concluded there was a "crisis of confidence" in the web. "If they don't trust the web, they won't use the web," Mark Mayo, Mozilla's chief product officer, said in an interview.... After testing Firefox for the last three months, I found it to be on a par with Chrome in most categories. In the end, Firefox's thoughtful privacy features persuaded me to make the switch and make it my primary browser.
The Times cites privacy features like Firefox's "Facebook Container," which prevents Facebook from tracking you after you've left their site.

While both Chrome and Firefox have tough security (including sandboxing), Cooper Quintin, a security researcher for the Electronic Frontier Foundation, tells the Times that Google "is fundamentally an advertising company, so it's unlikely that they will ever have a business interest in making Chrome more privacy friendly."

An anonymous reader quotes Ars Technica: Pocket, which lets you save articles and videos you find around the web to consume later, now has a home inside Firefox as the engine powering recommendations to 50 million people a month. By analyzing the articles and videos people save into Pocket, [Pocket founder and CEO Nate] Weiner believes the company can show people the best of the web -- in a personalized way -- without building an all-knowing, Facebook-style profile of the user.

"We're testing this really cool personalization system within Firefox where it uses your browser history to target personalized [recommendations], but none of that data actually comes back to Pocket or Mozilla," Weiner said. "It all happens on the client, inside the browser itself. There is this notion today... I feel like you saw it in the Zuckerberg hearings. It was like, 'Oh, users. They will give us their data in return for a better experience.' That's the premise, right? And yes, you could do that. But we don't feel like that is the required premise. There are ways to build these things where you don't have to trade your life profile in order to actually get a good experience."

Pocket can analyze which articles and videos from around the web are being shared as well as which ones are being read and watched. Over time, that gives the company a good understanding of which links lead to high-quality content that users of either Pocket or Firefox might enjoy.
I use Firefox, but I don't use Pocket. Are there any Slashdot readers who want to share their experiences with read-it-later services, or thoughts about what Firefox is attempting?

An anonymous reader quotes an associate technology editor at Fast Company's Co.Design: While the amount of data about me may not have caused harm in my life yet -- as far as I know -- I don't want to be the victim of monopolistic internet oligarchs as they continue to cash in on surveillance-based business models. What's a concerned citizen of the internet to do? Here's one no-brainer: Stop using Chrome and switch to Firefox... [W]hy should I continue to use the company's browser, which acts as literally the window through which I experience much of the internet, when its incentives -- to learn a lot about me so it can sell advertisements -- don't align with mine....?

Unlike Chrome, Firefox is run by Mozilla, a nonprofit organization that advocates for a "healthy" internet. Its mission is to help build an internet in an open-source manner that's accessible to everyone -- and where privacy and security are built in. Contrast that to Chrome's privacy policy, which states that it stores your browsing data locally unless you are signed in to your Google account, which enables the browser to send that information back to Google. The policy also states that Chrome allows third-party websites to access your IP address and any information that site has tracked using cookies. If you care about privacy at all, you should ditch the browser that supports a company using data to sell advertisements and enabling other companies to track your online movements for one that does not use your data at all.... Firefox protects you from being tracked by advertising networks across websites, which has the lovely side effect of making sites load faster...

Ultimately, Firefox's designers have the leeway to make these privacy-first decisions because Mozilla's motivations are fundamentally different from Google's. Mozilla is a nonprofit with a mission, and Google is a for-profit corporation with an advertising-based business model.. While Firefox and Chrome ultimately perform the same service, the browsers' developers approached their design in a radically different way because one organization has to serve a bottom line, and the other doesn't.
The article points out that ironically, Mozilla supports its developers partly with revenue from Google, which (along with other search engines) pays to be listed as one of the search engines available in Firefox's search bar.

"But because it relies on these agreements rather than gathering user data so it can sell advertisements, the Mozilla Corporation has a fundamentally different business model than Google."

Today, Mozilla released Firefox 60 for Windows, Mac, Linux and Android, and with it arrives Web Authentication API for desktop browsers. From a report: Firefox 60 supports technology called Web Authentication, or WebAuthn for short, that can be used to grant you access to websites with a physical authentication device like a YubiKey dongle, biometric identity proof using an Android phone's fingerprint reader or the iPhone's Face ID, and some other alternatives to passwords.

Passwords are a particular problem on the web. Fake websites can coax you to type in credentials that then can be used to steal money from your bank account or snoop your email -- a problem called phishing. Even if you pick hard-to-guess passwords, never reuse them on multiple sites and always remember them, passwords still aren't that strong a foundation for security these days. We're still a long way away from a post-password future, but WebAuthn is an important step, if nothing else, in making sites more secure.

Amazon's product page for its new Echo Dot Kids Edition doesn't mention the words "privacy" or "data." Mozilla thinks it should. From a report: The e-commerce company last month introduced the new, child-friendly Echo device, powered by an Alexa voice assistant that was modified for kids ages 5 to 12. The $80 gadget becomes available Wednesday, along with new kid-friendly services called FreeTime on Alexa and FreeTime Unlimited on Alexa. Just ahead of those launches, Mozilla, the nonprofit behind the Firefox web browser and a growing political force in tech, on Monday said it spoke with Amazon directly about about the new device.

It asked Amazon to update the Echo Dot Kids Edition product page with specific information on how it uses children's data collected through the smart speaker. That way, parents shopping for the gadget could easily read Amazon's privacy information without having to dig around for it, Mozilla argued. Mozilla has already posted a petition on its website calling for these changes, but Ashley Boyd, Mozilla's vice president of advocacy, said in a statement Monday night that Mozilla is "heartened" that Amazon listened to its concerns. She added that Mozilla is pausing that petition while it continues to talk with Amazon.

The new version of Firefox 11.0 for iOS turns on tracking protection by default, lets you reorder your tabs, and adds a handful of iPad-specific features. The latest version is currently available via Apple's App Store. VentureBeat details the new features: Tracking protection means Firefox blocks website elements (ads, analytics trackers, and social share buttons) that could track you while you're surfing the web. It's almost like a built-in ad blocker, though it's really closer to browser add-ons like Ghostery and Privacy Badger because ads that don't track you are allowed through. The feature's blocking list, which is based on the tracking protection rules laid out by the anti-tracking startup Disconnect, is published under the General Public License and available on GitHub. The feature is great for privacy, but it also improves performance. Content loads faster for many websites, which translates into less data usage and better battery life. If tracking protection doesn't work well on a given site, just turn it off there and Firefox for iOS should remember your preference.

Tracking protection aside, iOS users can now reorder their tabs. Organizing your tabs is very straightforward: Long-press the specific tab and drag it either left or right. iPad users have gained two new features, as well. You can now share URLs by just dragging and dropping links to and from Firefox with any other iOS app. If you're in side-by-side view, just drag the link or tab into the other app. Otherwise, bring up the doc or app switcher, drag the link into the other app until it pulses, release the link, and the other app will open the link. Lastly, iPad users have gained a few more keyboard shorts, including the standard navigation keys from the desktop. There's also cursor navigation through the bookmarks and history results, an escape key in the URL bar, and easier tab tray navigation (try using the keyboard shortcut Command + Option + Tab to get to and from the tabs view).

The Mozilla Foundation has called for the regulation of tech giants like Google, Amazon, and Facebook. From a report: Though tech giants in the U.S. and companies like Alibaba and Tencent in China have "helped billions realize the benefits of the internet," the report calls for regulation of these players to mitagate monopolistic business practices that undermine "privacy, openness, and competition on the web." They box out competitors, restricting innovation in the process, Mozilla wrote today in its inaugural Internet Health Report, "As their capacity to make sense of massive amounts of data grows through advances in artificial intelligence and quantum computing, their powers are likely to advance into adjacent businesses through vertical integrations into hardware, software, infrastructure, automobiles, media, insurance, and more -- unless we find a way to disrupt them or break them up." Governments should enforce anti-competitive behavior laws and rethink outdated antitrust models when implementing regulation of tech giants, the report states.

Mozilla says it will follow in the steps of Google Chrome and start blocking the loading of FTP subresources inside HTTP and HTTPS pages. From a report: By FTP subresources, we refer to files loaded via the FTP protocol inside img, script, or iframe tags that have a src="ftp://". FTP links placed inside normal angle bracket links or typed directly in the browser's address bar will continue to work. The reasoning is that FTP is an insecure protocol that doesn't support modern encryption techniques and will inherently break many other built-in browser security and privacy features, such as HSTS, CSP, XSA, or others. Furthermore, many malware distribution campaigns often rely on compromising FTP servers and redirecting or downloading malware on users' computers via FTP subresources. Mozilla engineers say FTP subresource blocking will ship with Firefox 61, currently scheduled for release on June 26.

Soon, it will be much easier to log into more websites using a hardware key plugged into your laptop, a dedicated app, or even the fingerprint scanner on your phone. Motherboard: On Tuesday, a spread of organizations and businesses, including top browser vendors such as Microsoft and Google, announced a new standards milestone that will streamline the process for web developers to add extra login methods to their sites, potentially keeping consumers' accounts and data more secure. "For users, this will be a natural transition. People everywhere are already using their fingers and faces to 'unlock' their mobile phones and PCs, so this will be natural to them -- and more convenient," Brett McDowell, executive director at the FIDO Alliance, one of the organizations involved in setting up the standard, told Motherboard in an email.

"What they use today to 'unlock' will soon allow them to 'login' to all their favorite websites and a growing number of native apps that already includes Bank of America, PayPal, eBay and Aetna," he added. Passwords continue to be one of the weaker points in online security. A hacker may phish a target's password and log into their account, or take passwords from one data breach and use them to break into accounts on another site. The login standard, called Web Authentication (WebAuthn), will let potentially any website or online service use apps, security keys, or biometrics as a login method instead of a password, or use those alternative approaches as a second method of verification. The key here is making it easy and open for developers to use, and for it to work across all different brands of browsers. The functionality is already available in Mozilla's Firefox, and will be rolled out to Microsoft's Edge and Google Chrome in the new few months. Opera has committed to supporting WebAuthn as well.

A video game industry lobby group is joining the lawsuit that seeks to reinstate net neutrality rules in the US, saying that the net neutrality repeal could harm multiplayer online games that require robust Internet connections. From a report: The Entertainment Software Association (ESA) yesterday filed a motion for leave to intervene so that it can support the case against the Federal Communications Commission. The lawsuit, filed by a mix of Democratic state attorneys general, tech companies such as Mozilla, and consumer advocacy groups, seeks to reverse the FCC's December 2017 vote to eliminate net neutrality rules. The ESA said its members will be harmed by the repeal "because the FCC's Order permits ISPs to take actions that could jeopardize the fast, reliable, and low-latency connections that are critical to the video game industry."

Paul Sawers, writing for VentureBeat: On Tuesday, Mozilla announced a new tool it said will help keep Facebook from tracking your browsing across the web. The Facebook Container add-on for Firefox promises to make it "much harder" for Facebook to track you when you're not on its site. Mozilla has been working on the technology for several years already, accelerating its development in response to what it called a "growing demand for tools that help manage privacy and security," according to a statement issued by Mozilla today.

Most people are probably aware that data they directly give to Facebook -- such as "liking" a Page or updating their relationship status -- may be sold to advertisers. But fewer people know that Facebook can also track their activities on other websites that have integrated with aspects of Facebook's tracking technology, such as the pervasive "Like" button. And it's in this scenario that Mozilla is now hoping to play the good guy.

An anonymous reader quotes a report from ZDNet: Firefox maker Mozilla has outlined its 2018 roadmap to make the web less intrusive and safer for users. First up, Mozilla says it will proceed and implement last year's experiment with a breach alerts service, which will warn users when their credentials have been leaked or stolen in a data breach. Mozilla aims to roll out the service around October. Breach Alerts is based on security consultant Troy Hunt's data breach site Have I Been Pwned. Firefox will also implement a similar block on autoplay video to the one Chrome 66 will introduce next month, and that Safari already has. However, Dotzler says Firefox's implementation will "provide users with a way to block video auto-play that doesn't break websites". This feature is set to arrive in Firefox 62, which is scheduled for release in May.

After Firefox 62 the browser will gain an optional Chrome-like ad filter and several privacy-enhancing features similar to those that Apple's WebKit developers have been working on for Safari's Intelligent Tracking Prevention. By the third quarter of 2018, Firefox should also be blocking ad-retargeting through cross-domain tracking. It's also going to move all key privacy controls into a single location in the browser, and offer more "fine-grained" tracking protection. Dotzler says Mozilla is in the "early stages" of determining what types of ads Firefox should block by default. Also on the roadmap is a feature that arrived in Firefox 59, released earlier this month. A new Global Permissions feature will help users avoid having to deny every site that requests permission for location, camera, microphone and notifications. Beyond security and privacy, Mozilla plans to build on speed-focused Quantum improvements that came in Firefox 57 with smoother page rendering.