waspleg writes: Mozilla is now showing ads in the form of sponsored Firefox contextual suggestions when U.S. users type in the URL address bar. Mozilla says the feature was introduced with Firefox 92 in September to fund development and optimization. Mozilla describes Firefox Suggest contextual suggestions as opt-in, in BleepingComputer's tests and from what users have reported, the feature is on by default.

Furthermore, Firefox doesn't tag the ads displayed via Firefox Suggest. There is no clear way to identify what a sponsored suggestion and what a regular unsponsored suggestion should look like.

The only way Firefox users will know whether a sponsored suggestion is an ad would be by looking at the URL, but, in many cases, the URL is not clearly visible.

This week the Free Software Foundation (FSF) announced JShelter, "an anti-malware Web browser extension to mitigate potential threats from JavaScript, including fingerprinting, tracking, and data collection."

The browser add-on — supported by NLnet Foundation's Next Generation Internet (NGI) Zero Privacy & Trust Enhancing Technologies fund — is currently "in development and the first release is available." This browser add-on will limit the potential for JavaScript programs to do harmful actions by restricting default behavior and adding a layer of control... Accessing cookies, performing fingerprinting to track users across multiple sites, revealing the local network address, or capturing the user's input before they submit a form are some examples of JavaScript's capabilities that can be used in harmful ways. JShelter adds a safety layer that allows the user to choose if a certain action should be forbidden on a site, or if it should be allowed with restrictions, such as reducing the accuracy of geolocation to the city area. This layer can also aid as a countermeasure against attacks targeting the browser, operating system, or hardware levels... [The extension] will ask — globally or per site — if specific native functions provided by the JavaScript engine and the Document Object Model (DOM) are allowed by the user. It will also link to an explanatory page for each function, to raise awareness of related threats. Depending on the function being addressed, the user will have the option to allow it, block it, or have it return a custom value...

"Our browsers have become perhaps the most critical of tools we depend on, and yet the browser environment is far from healthy," says Michiel Leenaars, director of strategy at NLnet Foundation and coordinator of NGI Zero. "Dominant corporate behavior from a small amount of actors has been aggressively reshaping the evolution of the Web, and that is starting to wreak havoc. Despite an enormous systemic dependency, we as users have very little control over what browsers allow and share — leading to significant risk as the most powerful tools in the shed are essentially left unprotected for every casual Web site to abuse. JShelter is a great initiative to help empower us all, to help us gain better understanding and to better safeguard ourselves from obvious and otherwise unavoidable harm."

The effort is part of a larger, multi-year campaign from FSF on JavaScript on the Web started in 2013, which among others includes the development of GNU LibreJS and outreach to users and developers about nonfree software inside the browser. The GNU LibreJS extension detects JavaScript web labels and assists users with running only JavaScript distributed under a free software license, according to their ethical convictions and individual preferences.
"JShelter will help protect users from critical threats now, and contribute significantly to progress on the necessary longer-term cultural shift of moving away from nonfree JavaScript," said Ruben Rodriguez, former FSF chief technology officer.

"This is a project I've been looking forward to for years, tired of dealing with all kinds of potential antifeatures in the browsers I use and distribute, and having to figure out some countermeasure for them with configuration changes, patches or extensions. Being able to wrap the JavaScript engine in a layer of protection is a game changer."

The Record reports: The Electronic Frontier Foundation said it is preparing to retire the famous HTTPS Everywhere browser extension after HTTPS adoption has picked up and after several web browsers have introduced HTTPS-only modes." "After the end of this year, the extension will be in 'maintenance mode' for 2022," said Alexis Hancock, Director of Engineering at the EFF. Maintenance mode means the extension will receive minor bug fixes next year but no new features or further development.

No official end-of-life date has been decided, a date after which no updates will be provided for the extension whatsoever.

Launched in June 2010, the HTTPS Everywhere browser extension is one of the most successful browser extensions ever released. The extension worked by automatically switching web connections from HTTP to HTTPS if websites had an HTTPS option available. At the time it was released, it helped upgrade site connections to HTTPS when users clicked on HTTP links or typed domains in their browser without specifying the "https://" prefix. The extension reached cult status among privacy advocates and was integrated into the Tor Browser and, after that, in many other privacy-conscious browsers. But since 2010, HTTPS is not a fringe technology anymore. Currently, around 86.6% of all internet sites support HTTPS connections. Browser makers such as Chrome and Mozilla previously reported that HTTPS traffic usually accounts for 90% to 95% of their daily connections.
From EFF's announcement: The goal of HTTPS Everywhere was always to become redundant. That would mean we'd achieved our larger goal: a world where HTTPS is so broadly available and accessible that users no longer need an extra browser extension to get it. Now that world is closer than ever, with mainstream browsers offering native support for an HTTPS-only mode.

With these simple settings available, EFF is preparing to deprecate the HTTPS Everywhere web extension as we look to new frontiers of secure protocols like SSL/TLS... We know many different kinds of users have this tool installed, and want to give our partners and users the needed time to transition.
The announcement also promises to inform users of browser-native HTTPS-only options before the day when the extension reaches its final sunsetting — and ends with instructions for how to activate the native HTTPS-only features in Firefox, Chrome, Edge, and Safari, "and celebrate with us that HTTPS is truly everywhere for users."

"Mozilla is running an experiment on 1% of the Firefox desktop population currently, which sets the default search engine to Bing in the web browser," reports Ghacks: [I]n most regions, it is Google Search. Mozilla and Google extended the search deal in 2020 for another three years. Google is paying Mozilla "between $400 and $450 million per year" so that its search engine is the default in Firefox in most regions. Google has been Firefox's default search engine since 2017, when Mozilla ended its search deal with Yahoo early.

Firefox users may change the default search engine to one of the other engines that are included by default, or an engine that is not included but can be added...

The study started on September 6 and it will run until early 2022, likely January 2022. About 1% of Firefox desktop users may notice that the default search engine is changed when the installation of Firefox is picked for the experiment.

Tip: load about:studies in the Firefox address bar to list the studies that the browser us currently taking part in and has completed already. Firefox users who don't want to participate in studies can disable the preference "Allow Firefox to install and run studies" on about:preferences#privacy.

New research by Mozilla Fellows Odanga Madung and Brian Obilo reveals that Kenyan journalists, judges, and other members of civil society are facing coordinated disinformation campaigns on Twitter -- and that Twitter is doing very little to stop it. Highlights of the investigation include: Disinformation campaigns are a lucrative business. One interviewee revealed that disinformation influencers are paid roughly between $10 and $15 USD to participate in three campaigns per day. Payments are made directly to the influencers through the mobile money platform MPESA.

Twitter's trending algorithm is amplifying these campaigns, and Twitter is placing ads amid all this misinformation. Eight of the 11 campaigns examined reached the trending section of Twitter. The campaigners we spoke to told us that this is their number one target, as it affords them the amplification they seek.

These campaigns run like a well-oiled machine. One of the influencers who researchers spoke to explained a complex system of using Whatsapp groups to coordinate and synchronize tweets and messaging. Anonymous organizers use these groups to send influencers cash, content, and detailed instructions.

These campaigns are increasingly targeting individuals. No longer focusing on just broad issues and events, disinformation campaigns are increasingly identifying and targeting individuals, like members of the Linda Katiba movement and the Kenyan judiciary. This work is also beginning to border on incitement and advocacy of hatred, which is against Kenyan Law.

Verified accounts are complicit. One influencer we spoke to claimed that the people who own coveted "blue check" accounts will often rent them out for disinformation campaigns. These verified accounts can improve the campaign's chances of trending.

Mozilla has quietly made it easier to switch to Firefox on Windows recently. From a reporrt: While Microsoft offers a method to switch default browsers on Windows 10, it's more cumbersome than the simple one-click process to switch to Edge. This one-click process isn't officially available for anyone other than Microsoft, and Mozilla appears to have grown tired of the situation. In version 91 of Firefox, released on August 10th, Mozilla has reverse engineered the way Microsoft sets Edge as default in Windows 10, and enabled Firefox to quickly make itself the default. Before this change, Firefox users would be sent to the Settings part of Windows 10 to then have to select Firefox as a default browser and ignore Microsoft's plea to keep Edge. Mozilla's reverse engineering means you can now set Firefox as the default from within the browser, and it does all the work in the background with no additional prompts. This circumvents Microsoft's anti-hijacking protections that the company built into Windows 10 to ensure malware couldn't hijack default apps. Microsoft tells us this is not supported in Windows.

This weekend finds some long-time Slashdot readers debating why research shows Firefox losing market share. Long-time Slashdot reader chiguy shares one theory: "Firefox keeps losing users, according to this rant, because it arrogantly refuses to listen to its users."

Slashdot reader BAReFO0t countered that that can't be the reason, "because Google does that too." (They blame Chrome's "feature" addition treadmill, where "they keep adding stupid kitchen sinks for the sole and only purpose to make others unable to keep up.")

Long-time Slashdot reader Z00L00K thinks that "All those totally unnecessary UI changes are what REALLY annoys users. Not only the immediately visible things in the header but also the renaming of items in the menus just bugs people." But long-time Slashdot reader AmiMoJo argues that "the most popular browser, Chrome, has all those things. In fact all the browsers that are more popular than Firefox do, so the idea that those are unpopular and driving people away doesn't really hold up... Firefox's decline is mostly due to Chrome just being really good, and [Firefox] not having a decent mobile version."

I'm still a loyal Firefox user. (Although the thing that annoyed me was when Firefox suddenly changed the keyboard shortcut for copying a link from CNTRL-A to CNTRL-L.) The "rant" at ItsFoss argues that Firefox's original sin was in 2009 when it decided to move tabs to the top of the browser, and when favorite features could no longer be re-enabled in Firefox's about:config file. But that's what I like about Firefox -- at it's best, it's ultimately customizable, with any feature you want easily enabled in what's essentially an incredibly detailed "preferences" menu. Maybe other browsers are just better at attracting new users through purely mechanical advantages like default placement on popular systems?

Long-time Slashdot reader zenlessyank is also a long-time Firefox user -- "Been using it since Netscape" -- and countered all the doubters with a comment headlined "Firefox rocks!"

"Doesn't matter to me how many other users there are or aren't I will still use it as long as it stays updated."

But what are your thoughts? Feel free to share your own opinions and experiences with Firefox in the comments.

"Recently, browsing leader Mozilla shared the result of an independent security audit on its VPN service," reports Fossbytes.

"Upon inspection, a few vulnerabilities were discovered in the VPN, one of which was reportedly a major risk." In a blog post, Mozilla shared that Cure53, a Berlin-based cybersecurity firm, had identified and fixed the security vulnerabilities in its VPN... The most severe issue, labeled "FVP-02-014," made the user vulnerable to cross-site WebSocket hijacking. Moreover, the medium-risk vulnerabilities revolved around "VPN leak via captive portal detection" and "Auth code leak" by injecting the port. However, these sophisticated terms shouldn't worry you anymore as Cure53 has already addressed these weaknesses. There has also been no mention of any Mozilla VPN users falling victim to these either.

The Firefox developer's public post that outlines the security flaws detected by the German firm provides users an insight into the potential risks of using a VPN. Moreover, these audits also help Mozilla iron out any issues that its one-year-old VPN service might have.

Cybercrime and computer security reporter Brian Krebs tells the story of a cybercrime group that compromises up to 100,000 email inboxes per day, and apparently does little else with this access except siphon gift card and customer loyalty program data that can be resold online. From the report: The data in this story come from a trusted source in the security industry who has visibility into a network of hacked machines that fraudsters in just about every corner of the Internet are using to anonymize their malicious Web traffic. For the past three years, the source -- we'll call him "Bill" to preserve his requested anonymity -- has been watching one group of threat actors that is mass-testing millions of usernames and passwords against the world's major email providers each day. Bill said he's not sure where the passwords are coming from, but he assumes they are tied to various databases for compromised websites that get posted to password cracking and hacking forums on a regular basis. Bill said this criminal group averages between five and ten million email authentication attempts daily, and comes away with anywhere from 50,000 to 100,000 of working inbox credentials.

In about half the cases the credentials are being checked via "IMAP," which is an email standard used by email software clients like Mozilla's Thunderbird and Microsoft Outlook. With his visibility into the proxy network, Bill can see whether or not an authentication attempt succeeds based on the network response from the email provider (e.g. mail server responds "OK" = successful access). You might think that whoever is behind such a sprawling crime machine would use their access to blast out spam, or conduct targeted phishing attacks against each victim's contacts. But based on interactions that Bill has had with several large email providers so far, this crime gang merely uses custom, automated scripts that periodically log in and search each inbox for digital items of value that can easily be resold. And they seem particularly focused on stealing gift card data.

"Sometimes they'll log in as much as two to three times a week for months at a time," Bill said. "These guys are looking for low-hanging fruit -- basically cash in your inbox. Whether it's related to hotel or airline rewards or just Amazon gift cards, after they successfully log in to the account their scripts start pilfering inboxes looking for things that could be of value." According to Bill, the fraudsters aren't downloading all of their victims' emails: That would quickly add up to a monstrous amount of data. Rather, they're using automated systems to log in to each inbox and search for a variety of domains and other terms related to companies that maintain loyalty and points programs, and/or issue gift cards and handle their fulfillment. Why go after hotel or airline rewards? Because these accounts can all be cleaned out and deposited onto a gift card number that can be resold quickly online for 80 percent of its value.

"The director of a tiny UK company has apologised after sending letters to businesses suggesting they had infringed his patents that he claimed covered an age-old web standard," writes The Register.

LeeLynx shares their report: The tech in question is the content security policy (CSP) mechanism that websites use to protect their visitors from cross-site scripting (XSS) attacks and similar exploits that steal data and hijack accounts. Specifically, the cryptographic nonce [number-used-once] feature of CSP to stop unauthorized scripts from running. Datawing Ltd sent a number of letters to small businesses this month claiming to own one UK and one US patent on CSP and its use of a nonce.

After an initial wave of alarm and outrage on Twitter when the letters surfaced, The Register tracked down their author: a penitent William Coppock... "What a stupid plonker, all I've done," he sighed, adding that he has six children and has been diagnosed with cancer. Applying for the UK and US patents cost him his "life savings," he said, adding: "I didn't intend any harm to come to anyone. Maybe I've just got to sell or give this thing to Mozilla...."

[H]e denied to The Register that he was a patent troll. A law firm had checked over the letter and the "patent infringement outline" document before he sent them, he claimed. Coppock also apologised to all who received his letters and urged them to contact him if they had any questions about it.

We have asked the law firm Coppock named for comment on the advice he says it gave him and will update this article if we hear back from it.

Elise Blanchard, writing on Mozilla blog: [...]

What happened in 1993 to suddenly make hyperlinks blue? No one knows, but I have some theories. I often hear that blue was chosen as the hyperlink color for color contrast. Well, even though the W3C wasn't created until 1994, and so the standards for which we judge web accessibility weren't yet defined, if we look at the contrast between black as a text color, and blue as a link color, there is a contrast ratio of 2.3:1, which would not pass as enough color contrast between the blue hyperlink and the black text. Instead, I like to imagine that Cello and Mosaic were both inspired by the same trends happening in user interface design at the time. My theory is that Windows 3.1 had just come out a few months before the beginning of both projects, and this interface was the first to use blue prominently as a selection color, paving the way for blue to be used as a hyperlink color.

Additionally, we know that Mosaic was inspired by ViolaWWW, and kept the same gray background and black text that they used for their interface. Reviewing Mosaic's release notes, we see in release 0.7 black text with underlines appearing as the preferred way of conveying hyperlinks, and we can infer that was still the case until something happened around mid April right before when blue hyperlinks made their appearance in release 0.13. In fact, conveying links as black text with underlines had been the standard since 1985 with Microsoft 1, which some once claimed Microsoft had stolen from Apple's Lisa's look and feel.

I think the real reason why we have blue hyperlinks is simply because color monitors were becoming more popular around this time. Mosaic as a product also became popular, and blue hyperlinks went along for the ride. Mosaic came out during an important time where support for color monitors was shifting; the standard was for hyperlinks to use black text with some sort of underline, hover state or border. Mosaic chose to use blue, and they chose to port their browser for multiple operating systems. This helped Mosaic become the standard browser for internet use, and helped solidify its user interface as the default language for interacting with the web.

Mozilla developers are putting the finishing touches on a new feature that will block insecure file downloads in Firefox. From a report: Called mixed content downloaded blocking, the feature works by blocking files downloads initiated from an encrypted HTTPS page but which actually take place via an unencrypted HTTP channel. The idea behind this feature is to prevent Firefox users from getting misled by the URL bar and think they're downloading a file securely via HTTPS when, in reality, the file could be tampered with by third parties while in transit.

Microsoft's upcoming release of Windows 11 will make it even harder to switch default browsers and ignores browser defaults in new areas of the operating system. While Microsoft is making many positive changes to the Windows 11 UI, the default apps experience is a step back and browser competitors like Mozilla, Opera, and Vivaldi are concerned. From a report: In Windows 11, Microsoft has changed the way you set default apps. Like Windows 10, there's a prompt that appears when you install a new browser and open a web link for the first time. It's the only opportunity to easily switch browsers, though. Unless you tick "always use this app," the default will never be changed. It's incredibly easy to forget to toggle the "always use this app" option, and simply launch the browser you want from this prompt and never see this default choice again when you click web links.

If you do forget to set your default browser at first launch, the experience for switching defaults is now very confusing compared to Windows 10. Chrome and many other rival browsers will often prompt users to set them as default and will throw Windows users into the default apps part of settings to enable this. Microsoft has changed the way default apps are assigned in Windows 11, which means you now have to set defaults by file or link type instead of a single switch. In the case of Chrome, that means changing the default file type for HTM, HTML, PDF, SHTML, SVG, WEBP, XHT, XHTML, FTP, HTTP, and HTTPS. Firefox's statement: We have been increasingly worried about the trend on Windows. Since Windows 10, users have had to take additional and unnecessary steps to set and retain their default browser settings. These barriers are confusing at best and seem designed to undermine a user's choice for a non-Microsoft browser.

Mozilla has launched an experiment where they change the Firefox browser user agent to a three-digit "Firefox/100.0" version to see if it will break websites. Bleeping Computer reports: A user agent is a string used by a web browser that includes information about the software, including its name, version, and technologies that it uses. When a new version of a browser is released, the developers also increment the version number in the user agent string. When visiting a website, the user agent strings are sent to a website so that the site knows the software capabilities of the visitor. This information allows the website to modify its response to account for different features of browsers.

As Firefox version numbers are currently two digits, Mozilla developers are investigating if anything breaks when they release Firefox Nightly version 100 in March 2022. "We would like to run an experiment to test whether a UA string with a three-digit Firefox version number will break many sites," Mozilla Staff Engineering Program Manager Chris Peterson said in a bug post first spotted by Techdows. "This new temporary general.useragent.experiment.firefoxVersion pref can override the UA string's Firefox version." When conducting the test, an enrolled Firefox user will have their user agent changed to the following string with the hopes that if anything breaks, they will report it to Mozilla: "Mozilla/5.0 (Windows NT 10.0; rv:100.0) Gecko/20100101 Firefox/100.0."

WIth the release of Firefox 91 on Tuesday, Mozilla has introduced a bigger hammer for smashing the cookies that websites, advertisers and tracking companies can use to record your online behavior. From a report: The new feature, called enhanced cookie clearing, is designed to block tracking not just from a website, but also from third parties whose code appears on the site. The technology is designed to let you clear cookies for a particular website but also the more aggressive "supercookies" designed to evade lesser privacy protections. The feature is an option if you enable Firefox's strict mode for cookie handling, which partitions website data into separate storage containers. "You can easily recognize and remove all data a website has stored on your computer, without having to worry about leftover data from third parties embedded in that website," Mozilla said in a blog post.

An anonymous reader quotes a report from It's FOSS, written by Ankush Das: Mozilla's Firefox is the only popular alternative to Chromium-based browsers. It has been the default choice for Linux users and privacy-conscious users across every platform. However, even with all benefits as one of the best web browsers around, it is losing its grip for the past few years. I came across a Reddit thread by u/nixcraft, which highlighted more details on the decline in the userbase of Firefox since 2018. And surprisingly, the original source for this information is Firefox's Public Data Report.

As per the official stats, the reported number of active (monthly) users was about 244 million at the end of 2018. And, it seems to have declined to 198 million at the end of Q2 2021. So, that makes it a whopping ~46 million decline in the userbase. Considering 2021 is the year when privacy-focused tools saw a big boost in their userbase, Mozilla's Firefox is looking at a constant decline. Especially when Firefox manages to introduce some industry-first privacy practices. Quite the irony, eh? Just for fun, here's a timeline of our stories reporting on Firefox's download milestones from the mid-2000s:

September 19, 2004: 1 Million Firefoxes in 4 Days
December 12, 2004: Firefox Reaches 10 Million Downloads
February 17, 2005: Firefox Breaks 25 Million Downloads
April 26, 2005: Firefox nears 50 Million Downloads
July 29, 2005: Firefox Downloads Reach 75 Million
October 19, 2005: Firefox Tops 100 Million Downloads
September 11, 2007: Firefox Hits 400 Million Downloads
July 3, 2008: Firefox Breaks 8 Million, Gets Into Guinness

A post on Mozilla's security blog calls FTP "by now one of the oldest protocols still in use" — and it's suffering from "a number of serious security issues." The biggest security risk is that FTP transfers data in cleartext, allowing attackers to steal, spoof and even modify the data transmitted. To date, many malware distribution campaigns launch their attacks by compromising FTP servers and downloading malware on an end user's device using the FTP protocol.

Aligning with our intent to deprecate non-secure HTTP and increase the percentage of secure connections, we, as well as other major web browsers, decided to discontinue support of the FTP protocol. Removing FTP brings us closer to a fully-secure web which is on a path to becoming HTTPS only and any modern automated upgrading mechanisms such as HSTS or also Firefox's HTTPS-Only Mode, which automatically upgrade any connection to become secure and encrypted do not apply to FTP.

The FTP protocol itself has been disabled by default since version 88 and now the time has come to end an era and discontinue the support for this outdated and insecure protocol — Firefox 90 will no longer support the FTP protocol.

Inside the World Wide Web Consortium, where the world's top engineers battle over the future of your data. From a report: One of the web's geekiest corners, the W3C is a mostly-online community where the people who operate the internet -- website publishers, browser companies, ad tech firms, privacy advocates, academics and others -- come together to hash out how the plumbing of the web works. It's where top developers from companies like Google pitch proposals for new technical standards, the rest of the community fine-tunes them and, if all goes well, the consortium ends up writing the rules that ensure websites are secure and that they work no matter which browser you're using or where you're using it. The W3C's members do it all by consensus in public GitHub forums and open Zoom meetings with meticulously documented meeting minutes, creating a rare archive on the internet of conversations between some of the world's most secretive companies as they collaborate on new rules for the web in plain sight.

But lately, that spirit of collaboration has been under intense strain as the W3C has become a key battleground in the war over web privacy. Over the last year, far from the notice of the average consumer or lawmaker, the people who actually make the web run have converged on this niche community of engineers to wrangle over what privacy really means, how the web can be more private in practice and how much power tech giants should have to unilaterally enact this change. On one side are engineers who build browsers at Apple, Google, Mozilla, Brave and Microsoft. These companies are frequent competitors that have come to embrace web privacy on drastically different timelines. But they've all heard the call of both global regulators and their own users, and are turning to the W3C to develop new privacy-protective standards to replace the tracking techniques businesses have long relied on. On the other side are companies that use cross-site tracking for things like website optimization and advertising, and are fighting for their industry's very survival. That includes small firms like Rosewell's, but also giants of the industry, like Facebook.

Firefox 90 introduces the next version of SmartBlock, the browser's tracker blocking mechanism built into its private browsing and strict modes, which now has improvements designed to prevent buttons that let you log into websites using your Facebook account from breaking, Mozilla announced on Tuesday. From a report: SmartBlock was first introduced with Firefox 87 in March, and if you aren't familiar, here's Mozilla's description of how it works, from the company's blog: "SmartBlock intelligently fixes up web pages that are broken by our tracking protections, without compromising user privacy. SmartBlock does this by providing local stand-ins for blocked third-party tracking scripts. These stand-in scripts behave just enough like the original ones to make sure that the website works properly. They allow broken sites relying on the original scripts to load with their functionality intact." Sometimes, though, the feature would break Facebook login buttons. In a new blog post, Mozilla's Tom Wisniewski and Arthur Edelstein explain why this would happen, using an example of trying to log in to Etsy.

In a few weeks, Firefox will start the by-default rollout of DNS over HTTPS (or DoH for short) to its Canadian users in partnership with local DoH provider CIRA, the Canadian Internet Registration Authority. From a report: DoH will first become a default for 1% of Canadian Firefox users on July 20 and will gradually reach 100% of Canadian Firefox users in late September 2021 -- thereby further increasing their security and privacy online. This follows the by-default rollout of DoH to US users in February 2020. As part of the rollout, CIRA joins Mozilla's Trusted Recursive Resolver (TRR) Program and becomes the first internet registration authority and the first Canadian organization to provide Canadian Firefox users with private and secure encrypted Domain Name System (DNS) services.