An anonymous reader quotes a report from Gizmodo: Researchers at Mozilla announced this week the launch of its "Facebook Pixel Hunt" study, which seeks to track the company's immense web-wide tracking network and investigate the intel it's collecting on users. As the name suggests, this study is focused on a piece of tracking tech known as the "Facebook pixel." Chances are, you've visited a site that uses it; these tiny pieces of tech are buried in literally millions of sites across the web, from online stores to news outlets to... well, you name it. In exchange for onboarding a free pixel on their site, these sites can then track their own visitors and microtarget ads with the same sort of precision you'd expect from a data-hungry company like Facebook.

In exchange for giving these sites the power to track every pageview, purchase, search query, and much, much more, Facebook (naturally) requires that this data be shared with it, too. In cases where the website visitor has an account on some Facebook platform, this offsite data just gets glombed onto whatever Facebook already knows about that person. If they don't have a Facebook account, then the company collects that data anyway, and uses it to create a "shadow profile" of that particular person. These are the sorts of shadowy practices that Mozilla's team wants to research with this study -- and you can help them do it if you're a Firefox user. Mozilla teamed up with reporters from the Markup to gather details about Facebook tracking using a free-to-download browser extension, Mozilla Rally, that will hoover up data sent out by Facebook's pixels as you browse across the web. Aside from that data, the extension also keeps track of the time spent on different web pages, the URLs that the browser visits, and more. Mozilla was quick to note in its announcement that the only data being exported from the extension will be de-identified, and not shared with any third parties besides the Markup's reporters.

Firefox 96.0 is officially shipping today as the first update of 2022 for this open-source web browser. From a report: Firefox 96.0 has "significantly" reduced the amount of load placed on the browser's main thread and there is also "significant" improvements in noise suppression and auto-gain-control and improvements in echo cancellation. In addition to that performance work, there are also WebRTC improvements, an improved cookie policy to reduce the likelihood of Cross-Site Request Forgery (CSRF) attacks, video quality degradation fixes, and other fixes. Over on developer.mozilla.org are some of the web developer changes with Firefox 96 including CSS color value function hwb() support for specifying the hue/whiteness/blackness, support for the CSS color-scheme property, the Web Locks API is enabled by default, image encoder support for WebP for exporting HTML5 canvas elements, and other additions.

Brian Fagioli, reporting for BetaNews: The developers of the Ubuntu-based operating system have agreed to accept an undisclosed amount of money from Mozilla in exchange for making significant changes to Linux Mint. This includes removal of modifications to Firefox and a big change for search. The devs share the upcoming changes to Firefox in Linux Mint 19 and higher.
The default start page no longer points to https://www.linuxmint.com/start/
The default search engines no longer include Linux Mint search partners (Yahoo, DuckDuckGo...) but Mozilla search partners (Google, Amazon, Bing, DuckDuckGo, Ebay...)
The default configuration switches from Mint defaults to Mozilla defaults.
Firefox no longer includes code changes or patches from Linux Mint, Debian or Ubuntu.

Mike Melanson's "This Week in Programming" column looks at what happened after Mozilla founder Jamie "jwz" Zawinski slammed the group for accepting donations in cryptocurrency (which Zawinski called partnering "with planet-incinerating Ponzi grifters.") Peter Linss, one of the creators of the Gecko browser engine on which Mozilla Firefox is based, also stepped in to back up Zawinski, saying that he was 100% with him and that Mozilla was "meant to be better than this."

When Mozilla first announced it would accept Bitcoin donations in 2014, it cited Khan Academy, Electronic Frontier Foundation, United Way, Greenpeace, and Wikimedia Foundation among its moral and upstanding cryptocurrency-accepting compatriots. Of that list, just Greenpeace has since stopped accepting cryptocurrency donations, telling the Financial Times earlier this year that "as the amount of energy needed to run bitcoin became clearer, this policy [of accepting cryptocurrency donations] became no longer tenable."
Thursday the Mozilla Foundation announced it was pausing cryptocurrency donations to review whether the idea "fits with our climate goals" — a fact the column also addresses: Mike Shaver, another Mozilla project founder, also tweeted his support, writing that he was "glad to see this reflection happening."

In a follow-up blog post to the ordeal, Zawinski doubled down on his condemnation of Mozilla's cryptocurrency acceptance, writing that "cryptocurrencies are not only an apocalyptic ecological disaster, and a greater-fool pyramid scheme, but are also incredibly toxic to the open web, another ideal that Mozilla used to support" — an idea also espoused in many of the comments on the initial Twitter thread.

Meanwhile, although Mozilla says that it is pausing the ability to donate cryptocurrencies during its review, the donations page still lists BitPay among its payment methods.

The Mozilla Foundation is pausing accepting donations in cryptocurrency following a backlash from scores of people including a founder of the Mozilla Project. From a report: The foundation, which oversees the development of Firefox browser, on Thursday acknowledged conversations around the environment impact that cryptocurrency potentially pose and said it is reviewing whether its current policy on crypto donations "fits with our climate goals."

The foundation started to face backlash following a tweet late last year that invited people to donate via using a variety of crypto tokens including Bitcoin. In response to it, Jamie Zawinski expressed dismay at the foundation's move. "Everyone involved in the project should be witheringly ashamed of this decision to partner with planet-incinerating Ponzi grifters," he said, adding an expletive.

A user writes: Jamie "jwz" Zawinski, famous for being one of the original Netscape developers, being a founder of the Mozilla project, and for this axiom, has laid into Mozilla after the Firefox developers announced they was accepting Dogecoin, Bitcoin, and Ethereum cryptocurrency payments, via Bitpay, for Mozilla's services and donations. Quote jwz: "I'm here to say fuck you and fuck this. Everyone involved in the project should be witheringly ashamed of this decision to partner with planet-incinerating Ponzi grifters."
UPDATE (1/6/2021): Days later the Mozilla Foundation announced they were instead pausing cryptocurrency donations to review whether the idea "fits with our climate goals."

NBC News writes: VPNs, or virtual private networks, continue to be used by millions of people as a way of masking their internet activity by encrypting their location and web traffic. But on the modern internet, most people can safely ditch them, thanks to the widespread use of encryption that has made public internet connections far less of a security threat, cybersecurity experts say. "Most commercial VPNs are snake oil from a security standpoint," said Nicholas Weaver, a cybersecurity lecturer at the University of California, Berkeley. "They don't improve your security at all...."

Most browsers have quietly implemented an added layer of security in recent years that automatically encrypts internet traffic at most sites with a technology called HTTPS. Indicated by a tiny padlock by the URL, the presence of HTTPS means that worrisome scenario, in which a scammer or a hacker squats on a public Wi-Fi connection in order to watch people's internet habits, isn't feasible. It's not clear that the threat of a hacker at your coffee shop was ever that real to begin with, but it is certainly not a major danger now, Weaver said. "Remember, someone attacking you at the coffee shop needs to be basically at the coffee shop," he said. "I don't know of them ever being used outside of pranks. And those are all irrelevant now with most sites using HTTPS," he said in a text message.

There are still valid uses for VPNs. They're an invaluable tool for getting around certain types of censorship, though other options also exist, such as the Tor Browser, a free web browser that automatically reroutes users' traffic and is widely praised by cybersecurity experts. VPNs are also vital for businesses that need their employees to log in remotely to their internal network. And they're a popular and effective way to watch television shows and movies that are restricted to particular countries on streaming services. But like with antivirus software, the paid VPN industry is a booming global market despite its core mission no longer being necessary for many people.

Most VPNs market their products as a security tool. A Consumer Reports investigation published earlier this month found that 12 of the 16 biggest VPNs make hyperbolic claims or mislead customers about their security benefits. And many can make things worse, either by selling customers' browsing history to data brokers, or by having poor cybersecurity.
The article credits the Electronic Frontier Foundation for popularizing encryption through browser extensions and web site certificates starting in 2010. "In 2015, Google started prioritizing websites that enabled HTTPS in its search results. More and more websites started offering HTTPS connections, and now practically all sites that Google links to do so.

"Since late 2020, major browsers such as Brave, Chrome, Firefox, Safari and Edge all built HTTPS into their programs, making Electronic Frontier Foundation's browser extension no longer necessary for most people."

Another 12 months gone by, and with it nearly 8,000 new Slashdot headlines — so which ones drew the most views?

Click here for lists of Slashdot's top 10 most-visited and most-commented stories of the year — and also the all-time top 10 lists since Slashdot's creation in 1997.

Here's some of 2021's highlights:

• Two of this year's most-visited stories involved Linus Torvalds. (Although one just reported Torvalds "Tells Anti-Vaxxer To Shut Up On Linux Mailing List.") Another story in April found Torvalds saying Rust was at least closer to use in Linux kernel development — while also calling C++ "a crap language."

• One of the biggest stories of the year was Richard Stallman's return to the Free Software Foundation. The third most-visited story of the year covered the pushback against his return from the EFF, the Tor Project, Mozilla, and the creator of Rust.

• Remember that big electrical outage that left millions of Texans without power in the middle of a winter storm? As the crisis was still raging, CNN asked the million-dollar question: who's actually to blame? This became Slashdot's 9th most-visited story of the year — and also the 7th most-commented.

• Two of the 10 most-visited stories of the year were "Ask Slashdot" technical questions: In April RockDoctor (Slashdot reader #15,477) asked whether a software RAID is better than a hardware RAID? And in January of 2020 Slashdot reader lsllll asked for suggestions on a a battery-powered wi-fi security camera supporting FTP/SMB
  
  Interestingly, one of the year's most-commented poll topics had asked whether bitcoin would break $100,000 before the end of 2021. 4,951 voters — a full 25% — had said "Yes" — and were off by more than half, with bitcoin actually tumbling 8% in the last week of 2021 to wind up somewhere near $46,371 as of late Friday afternoon.
  
  At the time of the poll — October 8th — the price of Bitcoin was already up to $53,963. One month later it had reached it's highest price of 2021 — $67,582 — before dropping 31.7% over the next 53 days.
  
  In the October poll asking whether bitcoin would reach $100,000 in the final 84 days of 2021 — another 14,687 Slashdot readers voted "No."

Mozilla has fixed an issue in its Firefox browser where usernames and passwords were being recorded in the Windows Cloud Clipboard feature, in what the organization categorized as a severe security risk that could have exposed credentials to non-owners whenever users copied or cut a password. From a report: The issue was fixed in Firefox 94, released last month, but was detailed in more depth this week by Mozilla developers. At its core, the bug is related to Windows Cloud Clipboard, a feature added to Windows 10 in September 2018 (v1809 release), a feature that allows users to sync their local clipboard history to their Microsoft accounts. The feature is disabled by default, but once enabled, it allows users to access the cloud clipboard section by pressing the Windows+V shortcut. This grants users access to clipboard data from all devices, but the feature is also used for its clipboard history capabilities, allowing users to go through past items they copied or cut and re-paste the same data in new contexts, making it extremely useful for most IT workers. In a blog post on Wednesday, Mozilla said that they have now modified the Firefox browser so that usernames and passwords copied from the browser's password section (about:logins) won't be stored in the Windows Cloud Clipboard feature, but instead will be stored only locally, in a separate clipboard section.

The Mozilla Foundation today released its financial report for 2020. As usual, this gives us a good picture of the organization's financial health from a year ago, but for the first time this year, Mozilla also provided us with more recent data. From a report: It's no secret that Mozilla recently went through a number of difficult years, with major layoffs in 2020 as it restructured its for-profit arm, Mozilla Corporation. Its flagship Firefox browser, despite a number of technical advances, is also struggling in a marketplace that is now dominated by Chromium-based browsers. Still, in 2020, Mozilla Corporation's revenue was $466 million from its search partnerships (largely driven by its search deal with Google), subscriptions and advertising revenue. That's essentially the same as in 2019, when Mozilla Corporation generated $465 million from these sources.

For 2021, the organization forecasts revenue of over $500 million. What's maybe most important, though, is that Mozilla's new products like its Mozilla VPN service, Firefox Relay Premium, Pocket and other commercial initiatives are slowly but surely starting to pay off. As Mozilla executive VP Angela Plohman and CFO Eric Muhlheim noted in today's announcement, revenue from new product offerings will grow 150% this year and account for 14% of the organization's revenue in 2021. The Mozilla VPN service saw a revenue increase of 450% from 2020 to 2021.

Mozilla has announced through its Mozilla Hacks blog that it plans to ship a 'novel sandboxing technology' called RLBox with Firefox 95 which it has been developing alongside researchers from the University of California San Diego and the University of Texas. From a report: It said RLBox makes it easier to isolate subcomponents of the browser efficiently and gives Mozilla more options than traditional sandboxing granted it. Mozilla said this new method of sandboxing, which uses WebAssembly to isolate potentially-buggy code, builds on a prototype that was shipped in Firefox 74 and Firefox 75 to Linux and Mac users respectively. With Firefox 95, RLBox will be deployed on all supported Firefox platforms including desktop and mobile to isolate three different modules: Graphite, Hunspell, and Ogg. With Firefox 96, two more modules, Expat and Woff2, will also be isolated.

A new browser extension promises to show you which products in your Amazon search results are sold by brands that are either owned by or are exclusive to Amazon, giving you a better idea of who's selling what you're buying. The Verge reports: It's called Amazon Brand Detector, and it uses a list of Amazon brands created by The Markup, along with filters and other techniques (detailed here) to detect and highlight products that are a part of Amazon's Our Brands program. The Markup created this extension after its investigation into how Amazon ranks its in-house brands in search results and says the tool (available for Chrome-like browsers and Firefox) is designed to make searches more transparent. When we tested it, it obviously highlighted Amazon Basics and Essentials products, but it also drew attention to results that were otherwise indistinguishable from ones not affiliated with Amazon: a dog leash labeled as being made by Panykoo, socks by Teebulen, a sweater by Ofeefan.

While Amazon marked some of those results as "featured from our brands," that wasn't the case for all of them. That advisory text is also small and grey, making it easy to miss if you're casually browsing (especially since there may not be any notice of the affiliation on the actual product page), and it didn't show up on every result the tool highlighted. Amazon isn't necessarily shadowy about these brands: it has a page that lists its "private and select exclusive brands," many of which have legit-sounding names: Happy Belly, Wag, Nature's Wonder. Some are private labels owned by Amazon, where some are "curated selections" sold exclusively on Amazon but not necessarily operated by the company. According to The Markup, the extension "does not collect any data" and should be compatible with other extensions.

Mozilla announced last week via a support article that its Firefox Lockwise password manager app will reach end-of-life on December 13th. The final release versions are 1.8.1 (iOS) and 4.0.3 (Android) and will no longer be available to download or reinstall after that date. The Verge reports: What started in 2018 as a small experimental mobile app called Lockbox ended up bringing a way to access saved passwords and perform autofills on iOS, Android, and desktop devices to a small but enthusiastic following of Firefox fans. The app was also later adapted as a Firefox extension. It seemed like it was apt to stick around for the long run.

The support article recommends that users continue accessing passwords using the native Firefox browsers on desktop and mobile. In an added note on the support site, Mozilla suggests that later in December, the Firefox iOS app will gain the ability to manage Firefox passwords systemwide. The note alludes to Mozilla adopting the features of Lockwise and eventually integrating them into the Firefox browser apps natively on all platforms.

Mozilla launched Firefox Relay as a free product that gives you five email aliases you can use every time you need to sign up for a random account online. From a report: Now, the organization has introduced a paid Premium tier for the service that will give you access to even more aliases. You'll get your own subdomain (yourdomain.mozmail.com) when you subscribe, and you'll be able to create an unlimited number of emails. The tier will also give you access to a summary dashboard with the emails you make, the option to use your aliases when you reply to messages and a 150 kb attachment allowance. After you sign up for Relay, you'll have to install its Firefox extension to be able to take advantage of its features. Every time you visit a website that asks for an email address, the Relay icon will appear on your browser, and you can click it to generate a random address.The service will forward messages you get using your aliases to your primary email account, and you can block all messages from coming in or even delete the alias when it starts getting spam. Mozilla didn't say how much a Premium subscription will cost in the future, but it's offering the tier at an introductory price of $1/EUR1 per month for a limited time.

The creator of EdgeDeflector said this week that the latest Insider build of Windows 11 now blocks all default browser workarounds. If this functionality makes its way to the finished product, it will mark a new, dark chapter for Microsoft, which told the media at the Windows 11 launch that it was aware that it had made changing app defaults pointlessly difficult, but that it had not done so maliciously and would fix it. This is the opposite of that claim. From a report: "Something changed between Windows 11 builds 22483 and 22494 (both Windows Insider Preview builds)," EdgeDeflector creator Daniel Aleksandersen writes in a new blog entry. "The build changelog ... omitted the headline news: you can no longer bypass Microsoft Edge using apps like EdgeDeflector."

Microsoft not communicating effectively? I find that hard to believe. Cough. But Microsoft moving to make Windows 11 behave even more maliciously towards its users and browser rivals? That I have a hard time with. Basically, EdgeDeflector, as well as third-party browsers like Mozilla Firefox and Brave, intercept OS-level URL requests that force you to use Microsoft Edge even when you have gone through the incredibly ponderous steps to make a non-Edge browser the default in Windows 11. But in the latest Insider Preview build, Microsoft is changing how these URL requests work. And it's no longer possible to intercept URL requests that force users to use Edge instead of their default browser. (In the Insider builds. This functionality will come to mainstream users in the coming months unless we can change Microsoft's collective mind.)

In case you missed it, Google officially ended support for its Bookmarks service on September 30, 2021. But fear not, you can still export your bookmarks if you haven't already. Long-time Slashdot reader GPS Pilot writes: Google has dropped support for yet another one of its services. If you're like me, you don't visit Google Bookmarks very often, so you're not aware that Google dropped support on September 30th, 2021. The service still had its uses -- like being able to access a collection of bookmarks across different browsers, or when you're using a strange computer. You can still export your Google bookmarks to alternative services that are "arguably better." Some Google Bookmarks alternatives include Saved, Raindrop, Pinboard, and Mozilla Pocket. Which bookmark manager is your favorite?

Andrew Cunningham writes via Ars Technica: It has been well over a decade since PowerPC Macs roamed the earth -- so long that the Intel Macs that replaced them are themselves being replaced by something else. But to this day, there's a small community of people still developing software for PowerPC Macs and Mac OS 9. One of those projects was TenFourFox, a fork of the Firefox browser for G3, G4, and G5-based PowerPC Macs running Mac OS X 10.4 or 10.5. Maintained primarily by Cameron Kaiser, the TenFourFox project sprang up in late 2010 after Mozilla pulled PowerPC support from Firefox 4 during its development. And amazingly, the browser has continued to trundle on ever since.

But continuing to backport Firefox features to aging, stuck-in-time PowerPC processors only got more difficult as time went on. And in March of this year, Kaiser announced that TenFourFox updates would be ending after over a decade of development. The final planned release of TenFourFox was earlier this month. Kaiser's full post is long, but it's worth a read for vintage-computer enthusiasts or anyone who works on software -- Kaiser expresses frustration with the realities of developing and supporting a niche app, but he also highlights TenFourFox's impressive technical achievements and ruminates on the nature of the modern Internet and open source software development [...].

Kaiser doesn't intend to fully halt work on the browser, but he is downshifting it into what he calls "hobby mode." He will continue to backport security patches from newer ESR releases of Firefox and post them to the TenFourFox Github page, but anyone who wants to use these will need to build the app themselves. Kaiser also won't commit to providing support for these additions or providing them on any kind of schedule. Other developers are also welcome to continue to release TenFourFox builds on their own.

Following a brief beta-testing period, Ubuntu 21.10 has finally become available to download in the "final" stable form. BetaNews: Code-named "Impish Indri," this version of Ubuntu is not a Long Term Support (LTS) version, so it is only supported for nine months. Ubuntu 21.10 features Linux kernel 5.13 and a Snap variant of the Mozilla Firefox browser. "Ubuntu 21.10 brings the all-new PHP 8 and GCC 11 including full support for static analysis, greatly improving everyday developer security awareness in low-level programming. With Gnome 40 desktop users gain dynamic workspaces and touchpad gestures. The new Firefox snap, published by Mozilla, improves security and guarantees access to both the latest and the extended support release versions of the browser. The exact same versions of the browser are available on multiple different versions of Ubuntu, simplifying enterprise developer platform management," says Canonical.

An anonymous reader quotes a report from How-To Geek: Firefox now sends more data than you might think to Mozilla. To power Firefox Suggest, Firefox sends the keystrokes you type into your address bar, your location information, and more to Mozilla's servers. Here's exactly what Firefox is sharing and how to control it. This change was made as part of the introduction of Firefox Suggest in Firefox 93, released on October 5, 2021. As part of Firefox Suggest, Firefox is getting ads in your search bar -- but that's not the only thing that will be news to longtime Firefox users. According to Mozilla, "Firefox Suggest acts as a trustworthy guide to the better web, surfacing relevant information and sites to help people accomplish their goals." In reality, what that means is, when you start typing in your address bar, you won't just see the standard search suggestions from Google or your current search default engine. You'll also see "Firefox Suggest" results pointing to web pages. Some of them are sponsored ads, but you can disable the ads.

Firefox Suggest is on by default. Mozilla's blog post on the subject says Firefox Suggest is an "opt-in experience," which was the case in September 2021 -- but it's now enabled by default in Firefox 93. However, as of Firefox 93's release in October 2021, Firefox Suggest is only enabled in the USA -- for now. It's worth noting that, for many years, Firefox and other web browsers have had search suggestions in their address bar. So, when you start typing "win" in your address bar, you may see suggestions for "Windows 11" and "Window repair." This is accomplished by sending keystrokes to your default search engine as you type in the search bar, as Mozilla's support site explains. Mozilla is also providing contextual suggestions, for which it needs more data, including the city you're located in and whether you're clicking its suggestions.

You can disable Firefox's suggested results, if you like. This will stop Mozilla from collecting the data you type in your search bar, and it will also disable the suggested results and ads. To do so, open Firefox and click menu [and then] Settings. Select "Privacy [and] Security" in the left pane, and scroll down to "Address Bar -- Firefox Suggest." Disable "Contextual suggestions" and "Include occasional sponsored suggestions" to stop Firefox from sending data to Mozilla.

waspleg writes: Mozilla is now showing ads in the form of sponsored Firefox contextual suggestions when U.S. users type in the URL address bar. Mozilla says the feature was introduced with Firefox 92 in September to fund development and optimization. Mozilla describes Firefox Suggest contextual suggestions as opt-in, in BleepingComputer's tests and from what users have reported, the feature is on by default.

Furthermore, Firefox doesn't tag the ads displayed via Firefox Suggest. There is no clear way to identify what a sponsored suggestion and what a regular unsponsored suggestion should look like.

The only way Firefox users will know whether a sponsored suggestion is an ad would be by looking at the URL, but, in many cases, the URL is not clearly visible.