Chrome

Former Firefox VP on What It's Like To Be Both a Partner of Google and a Competitor via Google Chrome (twitter.com) 68

Sidewalk Labs, the urban innovation arm of Google's parent company Alphabet, plans to build a $1 billion high-tech neighborhood in Toronto. The problem? It is facing an opposition from residents who have called for its demise. As the backlash gains momentum, it could force Sidewalk Labs to abandon or alter its vision. On paper, Sidewalk Labs' idea arguably has some merits: It wishes to "set new standards" for how cities are designed and built. But some are apprehensive of Google's plans, because the company has a knack for assuming more control over things and killing local competition.

Johnathan Nightingale, a former VP of Firefox, has seen such behavior first hand. He draws some parallels: I spent 8 years at Mozilla working on Firefox and for almost all of that time Google was our biggest partner. Our revenue share deal on search drove 90% of Mozilla's income. When I started at Mozilla in 2007, there was no Google Chrome and most folks we spoke with inside were Firefox fans. They were building an empire on the web, we were building the web itself. I think our friends inside Google genuinely believed that. At the individual level, their engineers cared about most of the same things we did. Their product and design folks made many decisions very similarly and we learned from watching each other.

But Google as a whole is very different than individual Googlers. Google Chrome ads started appearing next to Firefox search terms. Gmail and Google Docs started to experience selective performance issues and bugs on Firefox. Demo sites would falsely block Firefox as "incompatible." All of this is stuff you're allowed to do to compete, of course. But we were still a search partner, so we'd say "hey what gives?" And every time, they'd say, "oops. That was accidental. We'll fix it in the next push in 2 weeks." Over and over. Oops. Another accident. We'll fix it soon. We want the same things. We're on the same team. There were dozens of oopses. Hundreds maybe? I'm all for "don't attribute to malice what can be explained by incompetence" but I don't believe Google is that incompetent.

This is not a thread about blaming Google for Firefox troubles though. We at Mozilla wear that ourselves, me more than anyone for my time as Firefox VP. But I see the same play happening here in my city and I don't like it. And for me it means two things: The question is not whether individual Sidewalk Labs people have pure motives. I know some of them, just like I know plenty on the Chrome team. They're great people. But focus on the behavior of the organism as a whole. At the macro level, Google/Alphabet is very intentional. When Google wants to get a thing done, it is very effective. Mistakes happen, but when you see a sustained pattern of "oops" and delays from this organization -- you're being outfoxed. Get there faster than I did.

Mozilla

Mozilla is Launching Curated Recommended Extensions Program This Summer (betanews.com) 33

An anonymous reader shares a report: However much you love your chosen web browser, you have probably enhanced its capabilities through the use of add-ons. Finding decent, reliable add-ons can be tricky, and this is why Mozilla is launching the Recommended Extensions program. This editor-curated program will surface the very best vetted extensions for Firefox, and it is due to roll out in stages later this summer.

Mozilla says that any extensions it recommends through the program will be highlighted across its portfolio of websites and products, including addons.mozilla.org (AMO) and on Firefox's Get Add-Ons page. The company is already identifying extensions it likes the look of, and will soon be reaching out to developers. Changes should be seen on AMO around June.

Mozilla

12 Years After It Was Notified, Firefox To Add Full Protection Against 'Login Prompt' Spam (zdnet.com) 24

Twelve years after it was first notified of the issue, Mozilla has finally shipped a fix this week that will prevent abusive websites -- usually tech support scam sites -- from flooding users with non-stop "authentication required" login popups and prevent users from leaving or closing their browsers. From a report: The fix has been shipped in Firefox v68, the current Nightly release, and will hit the browser's stable branch sometimes in early July. According to Firefox engineer Johann Hofmann, starting with Firefox 68, web pages won't be allowed to show more than two login prompts. Starting with the third request, Firefox will intervene to suppress the authentication popup.

Mozilla previously shipped a fix for this issue, but it was incomplete, as it blocked authentication prompts that originated from subresources, such as iframes. This latest patch completes the fix by blocking all types of authentication required prompts -- including those generated by the site's main domain.

Firefox

Mozilla Will Run Two Experiments This Month With Firefox To Explore Ways To Fight Push Notification Permission Spam (zdnet.com) 98

Mozilla said this week that it intends to run two experiments over the course of this month to determine the most adequate way of dealing with push notification spam, a growing problem that is slowly deteriorating the web experience for everyone. From a report: The experiments will run in Firefox Nightly (v68) and Firefox Beta (v67). The Firefox Nightly experiment will run from April 1 to April 29. During this time, Mozilla said Firefox Nightly would only allow websites to show a push notification permission only after the user has clicked or pressed a key while on a website. All attempts to show a push notification permission request before a click or key press will be blocked by default. [...] In the last two weeks of the experiment, Firefox will show an icon in the URL bar, but with no visible popup on the page. Users can click this icon and accept any push notification permission requests if they wish so. Further reading: Mozilla and Scroll Partner To Test Alternative Funding Models for the Web.
Microsoft

Microsoft's Collaboration On Google's Chromium Brings a New Feature To Chrome (mspoweruser.com) 95

Remember when Microsoft announced they'd be switching to Google's open source Chromium browser for developing their own Edge browser? At the time Google announced "We look forward to working with Microsoft and the web standards community to advance the open web, support user choice, and deliver great browsing experiences."

Now MSPoweruser reports Microsoft has indeed started collaborating on Chromium -- making suggestions like caret browsing and a native high-contrast mode -- and at least one of Microsoft's suggestions is already coming to Chrome. it looks like there is one feature that Chromium approved which will be making its way to Chrome soon. According to a new bug (via Techdows) filing on Chromium, Google is working on bringing text suggestions for hardware keyboard to Chrome soon. The feature will allow users to get suggestions as they type which is currently available on Windows 10 and on Microsoft Edge.

Google has just started working on the feature and has set the priority to 2 which suggests that the feature should be available sooner than later.

Mozilla

Firefox Lockbox Comes To Android To Ease Password Pain (cnet.com) 38

If you're a Firefox true believer, or even just a Firefox user, your password struggles just got a little easier with the release of Firefox Lockbox for Android devices. From a report: The password manager, based on login information already in Firefox, makes it easier to sign into apps as well. It integrates with login autocomplete systems in both Apple's iOS and Google's Android software, Mozilla said. It's not as fancy as password managers like LastPass, BitWarden, 1Password and Dashlane, and the only browser it works with is Firefox. On the other hand, if you're already in the Firefox world, it's basically already set up for you. There's no migration process as with dedicated password managers.
Bug

Pwn2Own Competitors Crack Tesla, Firefox, Safari, Microsoft Edge, and Windows 10 (zdnet.com) 41

A research duo who hacked a Tesla were the big winners at the annual Pwn2Own white hat security contest, reports ZDNet. "The duo earned $375,000 in prize money, of the total of $545,000 awarded during the whole three-day competition... They also get to keep the car." Team Fluoroacetate -- made up of Amat Cama and Richard Zhu -- hacked the Tesla car via its browser. They used a JIT bug in the browser renderer process to execute code on the car's firmware and show a message on its entertainment system... Besides keeping the car, they also received a $35,000 reward. "In the coming days we will release a software update that addresses this research," a Tesla spokesperson told ZDNet today in regards to the Pwn2Own vulnerability.

Not coincidentally, Team Fluoroacetate also won the three-day contest after earning 36 "Master of Pwn" points for successful exploits in Apple Safari, Firefox, Microsoft Edge, VMware Workstation, and Windows 10... [R]esearchers also exploited vulnerabilities in Apple Safari, Microsoft Edge, VMware Workstation, Oracle Virtualbox, and Windows 10.

Firefox

Firefox 66 Arrives With Autoplaying Blocked by Default, Smoother Scrolling, and Better Search (venturebeat.com) 154

An anonymous reader writes: Mozilla today launched Firefox 66 for Windows, Mac, Linux, and Android. The release includes autoplaying content (audio and video) blocked by default, smoother scrolling, better search, revamped security warnings, WebAuthn support for Windows Hello, and improved extensions. The company says its main goal with this release is to reduce irritating experiences such as auto-playing videos, pop-ups, and page jumps. Firefox 66 for desktop is available for download now on Firefox.com, and all existing users should be able to upgrade to it automatically. The Android version is trickling out slowly on Google Play.
Data Storage

Firefox Send Lets You Share 1GB Files With No Strings Attached (cnet.com) 50

In 2017, Mozilla experimented with a service that let you transfer 1GB files by sharing a web address with the recipient. Firefox Send is now out of testing and boasts a magnified 2.5GB file-size limit if you log into your Firefox account. From a report: Firefox Send is handy for those moments when you need to share video, audio or photo files that can be too big to squeeze into an email attachment. [...] Firefox Send, which will also be available as an Android app, illustrates one of Mozilla's efforts to diversify beyond the Firefox browser. Mozilla touts Firefox Send as focusing on privacy and uses encryption to protect files. Firefox Send files are available for up to seven days and can be password-protected. You can also limit the number of times they're downloaded.
Firefox

Firefox To Add Tor Browser Anti-Fingerprinting Technique Called Letterboxing (zdnet.com) 101

Mozilla is scheduled to add a new user anti-fingerprinting technique to Firefox with the release of version 67, scheduled for mid-May this year. "Called 'letterboxing,' this new technique adds 'gray spaces' to the sides of a web page when the user resizes the browser window, which are then gradually removed after the window resize operation has finished," reports ZDNet. From the report: Advertising networks often sniff certain browser features, such as the window size to create user profiles and track users as they resize their browser and move across new URLs and browser tabs. The general idea is that "letterboxing" will mask the window's real dimensions by keeping the window width and height at multiples of 200px and 100px during the resize operation -- generating the same window dimensions for all users -- and then adding a "gray space" at the top, bottom, left, or right of the current page.

The advertising code, which listens to window resize events, then reads the generic dimensions, sends the data to its server, and only after does Firefox remove the "gray spaces" using a smooth animation a few milliseconds later. In other words, letterboxing delays filling the newly-resized browser window with the actual page content long enough to trick the advertising code into reading incorrect window dimensions.
The feature was first developed for the Tor Browser, and can be seen in action here. In order to enable the feature in Firefox, "users will first need to visit the about:config page, enter 'privacy.resistFingerprinting' in the search box, and toggle the browser's anti-fingerprinting features to 'true,'" reports ZDNet.
Firefox

Firefox Fears UAE Government's Cybersecurity Company 'DarkMatter' May Be Tied To a Cyber Espionage Program (patentlyapple.com) 20

An anonymous reader quotes a report from Patently Apple: Firefox browser-maker Mozilla is considering whether to block cybersecurity company DarkMatter from serving as one of its internet security gatekeepers after a Reuters report linked the United Arab Emirates-based firm to a cyber espionage program. Reuters reported in January that DarkMatter provided staff for a secret hacking operation, codenamed Project Raven, on behalf of an Emirati intelligence agency. The unit was largely comprised of former U.S. intelligence officials who conducted offensive cyber operations for the UAE government. Former Raven operatives told Reuters that many DarkMatter executives were unaware of the secretive program, which operated from a converted Abu Dhabi mansion away from DarkMatter's headquarters.

Those operations included hacking into the internet accounts of human rights activists, journalists and officials from rival governments, Reuters found. DarkMatter has denied conducting the operations and says it focuses on protecting computer networks. While Mozilla had been considering whether to grant DarkMatter the authority to certify websites as safe, two Mozilla executives said in an interview last week that Reuters' report raised concerns about whether DarkMatter would abuse that authority. Mozilla said the company has not yet come to a decision on whether to deny the authority to DarkMatter, but expects to decide within weeks.
Further reading available via Reuters
The Internet

W3C Approves WebAuthn as the Web Standard For Password-Free Logins (venturebeat.com) 55

The World Wide Web Consortium (W3C) today declared that the Web Authentication API (WebAuthn) is now an official web standard. From a report: First announced by the W3C and the FIDO Alliance in February 2016, WebAuthn is now an open standard for password-free logins on the web. It is supported by W3C contributors, including Airbnb, Alibaba, Apple, Google, IBM, Intel, Microsoft, Mozilla, PayPal, SoftBank, Tencent, and Yubico. The specification lets users log into online accounts using biometrics, mobile devices, and/or FIDO security keys. WebAuthn is supported by Android and Windows 10. On the browser side, Google Chrome, Mozilla Firefox, and Microsoft Edge all added support last year. Apple has supported WebAuthn in preview versions of Safari since December.
AI

Mozilla Updates Common Voice Dataset With 1,400 Hours of Speech Across 18 Languages (venturebeat.com) 13

Mozilla wants to make it easier for startups, researchers, and hobbyists to build voice-enabled apps, services, and devices. From a report: Toward that end, it's today releasing the latest version of Common Voice, its open source collection of transcribed voice data that now comprises over 1,400 hours of voice samples from 42,000 contributors across 18 languages, including English, French, German, Dutch, Hakha-Chin, Esperanto, Farsi, Basque, Spanish, Mandarin Chinese, Welsh, and Kabyle. It's one of the largest multi-language dataset of its kind, Mozilla claims -- substantially larger than the Common Voice corpus it made publicly available eight months ago, which contained 500 hours (400,000 recordings) from 20,000 volunteers in English -- and the corpus will soon grow larger still. The organization says that data collection efforts in 70 languages are actively underway via the Common Voice website and mobile apps.
Firefox

Mozilla and Scroll Partner To Test Alternative Funding Models for the Web (venturebeat.com) 86

An anonymous reader shares a report: News subscription service Scroll, which is yet to launch to consumers but has received the backing of several top publishers, courted another major player today: Mozilla. The browser maker says it will work with Scroll to better understand how consumers react to ad-free experiences on the web and subscription-based funding models. As part of the deal, Mozilla said it would test features and product ideas provided by Scroll, which itself has been conducting internal tests with a number of outlets. Small groups of Firefox users will be invited at random to share feedback and also respond to surveys, Mozilla said.
AI

Ubisoft And Mozilla Announce AI Coding Assistant Clever-Commit (variety.com) 40

Video game publisher Ubisoft is working with Mozilla to develop an AI coding assistant called Clever-Commit, head of Ubisoft La Forge Yves Jacquier announced during DICE Summit 2019 on Tuesday. From a report: Clever-Commit reportedly helps programmers evaluate whether or not a code change will introduce a new bug by learning from past bugs and fixes. The prototype, called Commit-Assistant, was tested using data collected during game development, Ubisoft said, and it's already contributing to some major AAA titles. The publisher is also working on integrating it into other brands. "Working with Mozilla on Clever-Commit allows us to support other programming languages and increase the overall performances of the technology. Using this tech in our games and Firefox will allow developers to be more productive as they can spend more time creating the next feature rather than fixing bugs. Ultimately, this will allow us to create even better experiences for our gamers and increase the frequency of our game updates," said Mathieu Nayrolles, technical architect, data scientist, and member of the Technological Group at Ubisoft Montreal.
Privacy

'Why Data, Not Privacy, Is the Real Danger' (nbcnews.com) 99

"While it's creepy to imagine companies are listening in to your conversations, it's perhaps more creepy that they can predict what you're talking about without actually listening," writes an NBC News technology correspondent, arguing that data, not privacy, is the real danger. Your data -- the abstract portrait of who you are, and, more importantly, of who you are compared to other people -- is your real vulnerability when it comes to the companies that make money offering ostensibly free services to millions of people. Not because your data will compromise your personal identity. But because it will compromise your personal autonomy. "Privacy as we normally think of it doesn't matter," said Aza Raskin, co-founder of the Center for Humane Technology [and a former Mozilla team leader]. "What these companies are doing is building little models, little avatars, little voodoo dolls of you. Your doll sits in the cloud, and they'll throw 100,000 videos at it to see what's effective to get you to stick around, or what ad with what messaging is uniquely good at getting you to do something...."

With 2.3 billion users, "Facebook has one of these models for one out of every four humans on earth. Every country, culture, behavior type, socio-economic background," said Raskin. With those models, and endless simulations, the company can predict your interests and intentions before you even know them.... Without having to attach your name or address to your data profile, a company can nonetheless compare you to other people who have exhibited similar online behavior...

A professor at Columbia law school decries the concentrated power of social media as "a single point of failure for democracy." But the article also warns about the dangers of health-related data collected from smartwatches. "How will people accidentally cursed with the wrong data profile get affordable insurance?"
Firefox

Mozilla Announces Project Fission, a Project To Add True Multi-Process Support To Firefox (zdnet.com) 67

An anonymous reader quotes a report from ZDNet: After a year of secret preparations, Mozilla has publicly announced plans today to implement a "site isolation" feature, which works by splitting Firefox code in isolated OS processes, on a per-domain (site) basis. The concept behind this feature isn't new, as it's already present in Chrome, since May 2018. Currently, Firefox comes with one process for the browser's user interface, and a few (two to ten) processes for the Firefox code that renders the websites. With Project Fission (as this was named), Firefox split processes will change, and a separate one will be created for each website a user is accessing. This separation will be so fine-grained that just like in Chrome, if there's an iframe on the page, that iframe will receive its own process as well, helping protect users from threat actors that hide malicious code inside iframes (HTML elements that load other websites inside the current website). This is the same approach Chrome has taken with its "Site Isolation."
Mozilla

House Democrats Tell Ajit Pai: Stop Screwing Over the Public (arstechnica.com) 320

slack_justyb shares a report from Ars Technica: The House Commerce Committee is "reassuming its traditional role of oversight to ensure the agency is acting in the best interest of the public and consistent with its legislative authority," Commerce Committee Chairman Frank Pallone, Jr. (D-N.J.) and Communications and Technology Subcommittee Chairman Mike Doyle (D-Penn.) said in an announcement yesterday. Pallone, Jr. and Doyle wrote a letter to Pai, saying that he has made the FCC too secretive and has repeatedly advanced the interests of corporations over consumers. They wrote: "Not only have you have failed on numerous occasions to provide Democratic members of this committee with responses to their inquiries, you have also repeatedly denied or delayed responding to legitimate information requests from the public about agency operations. These actions have denied the public of a full and fair understanding of how the FCC under your leadership has arrived at public policy decisions that impact Americans every day in communities across the country. Under your leadership, the FCC has failed repeatedly to act in the public interest and placed the interest of corporations over consumers. The FCC should be working to advance the goals of public safety, consumer protection, affordable access, and connectivity across the United States. To that end, it is incumbent upon the Committee's leadership and its members to oversee the activities of the FCC."

On Thursday this week, the Communications Subcommittee will hold a hearing about the impact of Pai's net neutrality repeal on consumers, small businesses, and free speech. Witnesses who have been invited to testify at the hearing include former FCC Chairman Tom Wheeler, cable industry chief lobbyist Michael Powell (who is also a former FCC chairman), and representatives of Mozilla, Free Press, and Eastern Oregon Telecom.

Firefox

Firefox To Block Auto-Playing Audio Starting March 2019 (zdnet.com) 85

An anonymous reader writes: Starting with Firefox 66 -- scheduled for release on March 19, 2019 -- Mozilla plans to block auto-playing audio on both desktop and mobile -- a feature it began to test on Nightly builds last year. The new rule will apply to any website that plays audio without user interaction in advance -- such as a user clicking a button. The audio autoplay ban will apply to both HTML5 audio and video elements used for media playback in modern browsers, meaning Firefox will block sound coming from both ads and video players, the most common sources of such abuse. Mozilla's move comes almost a year after Chrome took a similar decision to block all auto-playing sound by default with the release of Chrome 66 in April 2018. Microsoft similarly announced plans to block auto-playing sounds in Edge, but the feature never made it to production.
Firefox

Mozilla Halts Rollout of Firefox 65 on Windows Platform After Antivirus Issue (zdnet.com) 112

Mozilla has halted the rollout of v65 update to Firefox browser on Windows platform after learning about an issue with certain antivirus products. Users of Firefox 65, an update which was released last week, reported seeing "Your connection is not secure" error warnings when visiting popular sites. From a report: The issue mostly affected Firefox 65 users running AVG or Avast antivirus. The message appeared when users visited an HTTPS website and stated the 'Certificate is not trusted because the issuer is unknown' and that 'The server might not be sending the inappropriate intermediate certificates'.

The problem, reported on Mozilla's bug report page and first spotted by Techdows, is due to the HTTPS-filtering feature in Avast and AVG antivirus. Avast owns AVG. The bug prevented users from visiting any HTTPS site with Firefox 65. To limit the impact on users, Mozilla decided to temporarily halt all automatic updates on Windows. In the meantime, Avast, which owns AVG, released a new virus engine update that completely disabled Firefox HTTPS filtering in Avast and AVG products. HTTPS filtering remains enabled on other browsers.

Slashdot Top Deals