An anonymous reader shares a report: For years YouTube's video-recommending algorithm has stood accused of fuelling a grab bag of societal ills by feeding users an AI-amplified diet of hate speech, political extremism and/or conspiracy junk/disinformation for the profiteering motive of trying to keep billions of eyeballs stuck to its ad inventory. And while YouTube's tech giant parent Google has, sporadically, responded to negative publicity flaring up around the algorithm's antisocial recommendations -- announcing a few policy tweaks or limiting/purging the odd hateful account -- it's not clear how far the platform's penchant for promoting horribly unhealthy clickbait has actually been rebooted. The suspicion remains nowhere near far enough.

New research published today by Mozilla backs that notion up, suggesting YouTube's AI continues to puff up piles of "bottom-feeding"/low-grade/divisive/disinforming content -- stuff that tries to grab eyeballs by triggering people's sense of outrage, sewing division/polarization or spreading baseless/harmful disinformation -- which in turn implies that YouTube's problem with recommending terrible stuff is indeed systemic; a side effect of the platform's rapacious appetite to harvest views to serve ads. That YouTube's AI is still -- per Mozilla's study -- behaving so badly also suggests Google has been pretty successful at fuzzing criticism with superficial claims of reform. The mainstay of its deflective success here is likely the primary protection mechanism of keeping the recommender engine's algorithmic workings (and associated data) hidden from public view and external oversight -- via the convenient shield of "commercial secrecy." But regulation that could help crack open proprietary AI blackboxes is now on the cards -- at least in Europe.

An anonymous reader writes: Following in the footsteps of browsers like Mozilla Firefox and Microsoft Edge, Google Chrome is also in line to receive an HTTPS-Only Mode that will upgrade all unencrypted HTTP connections to encrypted HTTPS alternatives, where possible.

Currently, the new Chrome HTTPS-Only Mode is still under development in Chrome Canary distributions. Work is being done to add specific settings in the browser's interface, and no actual HTTP-to-HTTPS functionality is currently present. The feature is expected to be ready for Chrome 93, set to be released later this fall.

An anonymous reader shares a report: By this point in the internet's history, most of us have come to terms with the fact that accessing the web involves giving up information about ourselves every time we visit a website. Mozilla thinks we can do better, and so it's launching Rally, a data-sharing platform and plugin the company claims is the first-of-its-kind in the browser space. With Rally, Mozilla says it hopes to make a case for an equitable market for data, "one where every party is treated fairly" and "where people understand the value of their data." In practice, Rally will allow you to share your browsing data with computer scientists and sociologists studying the web. Out of the gate, they'll be a single study from Princeton University that seeks to understand how people find, consume and share news about politics and COVID-19. At some point later, Beyond the Paywall from Stanford University will examine the economics needed for a more sustainable news landscape.

Earlier this year a new support page appeared at support.Mozilla.org describing sponsored shortcuts (or sponsored tiles), "an experimental feature currently being tested by a small percentage of Firefox users in a limited number of markets." Mozilla works with advertising partners to place sponsored tiles on the Firefox default home page (or New Tab page) that would be useful to Firefox users. Mozilla is paid when users click on sponsored tiles.... [W]e only work with advertising partners that meet our privacy standards for Firefox.

When you click on a sponsored tile, Firefox sends anonymized technical data to our partner through a Mozilla-owned proxy service. The code for this proxy service is available on GitHub for interested technical audiences. This data does not include any personally identifying information and is only shared when you click on a Sponsored shortcut....

You can disable a specific Sponsored tile... You can also disable Sponsored shortcuts altogether.
Describing the as-yet-experimental feature, Engadget wrote a story headlined "Don't freak out: Firefox is testing advertisements in new tabs." These are just the tests, still mainly aimed at fresh installs of the Firefox web browser and always to beta users, before the rollout of sponsored tiles.

It does sound like adverts are in the pipe, but it depends on the reaction to Mozilla's initial tests. Mozilla's Jonathan Nightingale says that, last time around, the reaction wasn't as positive as his company hoped. "It didn't go over well," he states. Further, he insists that Firefox won't become "a mess of logos sold to the highest bidder; without user control, without user benefit."
Long-time Slashdot reader angryargus says they spotted the feature when they noticed an Ebay advertisement, but appreciated the ability to opt out, and suggested the feature is "an annoying tradeoff off using a browser that's not as directly funded by a search engine."

AmiMoJo writes: Mozilla Ideas is a new platform by Firefox-maker Mozilla to improve communication with the Firefox userbase. At its core, Ideas works similarly to Uservoice and other services of its kind. Firefox users and developers may post new content on the platform, and everyone else may comment and vote on the idea. Users may access the latest, top voted, most discussed or even random topics on the Ideas platform. Current ideas include re-adding the compact interface option, improving the master password protection, or providing a higher contrast default theme.

An anonymous reader quotes a report from AppleInsider: The new WebExtensions Community Group will try to forge a common architecture for future web extensions, and is inviting developers to join the effort. The new group, shortened WECG, consists of members from each of the major browser developers. Member chairs are held by Timothy Hatcher of Apple and Simeon Vincent of Google. Current participants include employees from Apple, Mozilla, and Microsoft.

The WebExtensions Community Group has two goals: Make extension creation easier for developers by specifying a consistent model and common core of functionality, APIs, and permissions; and Outline an architecture that enhances performance and is even more secure and resistant to abuse. The group doesn't want to specify every aspect of the web extensions platform or stifle innovation. Each browser vendor will continue to operate independently with their own policies. Developers and browser vendors interested in contributing to the group can join via the W3C website. The WECG has a dedicated GitHub repository with the community charter and work.

Mozilla's Firefox 89 releases to the general public today complete with the new Proton interface which simplifies the browser's menus and alters the tabs bar beyond anything we've seen from previous Firefox releases or other web browsers. From a report: This update also improves macOS integration and includes further privacy enhancements. The first thing that people will notice in this update is the Proton interface, the browser chrome and toolbar have been simplified so that redundant and less frequently used features have been removed, menus have been altered so that the most used features are prominent and visual noise has been reduced.

Proton also updates prompts so they have a cleaner appearance and unnecessary alerts and messages have been removed. The attached tabs have also been supplanted by floating tabs; Mozilla says the rounded design of the active tab "signals the ability to easily move the tab as needed." While almost everyone will support cleaner menus, the new tabs are drawing the ire of some who are not pleased with the radical departure from the traditional look and feel of tabs.

"The web browser is a crucial part of modern life, and yet it hasn't really been revised since the '90s," writes Protocol. "That may be about to change." The browser tab is an underrated thing. Most people think of them only when there are too many, when their computer once again buckles under Chrome's weight. Even the developers who build the tabs — the engineers and designers working on Chrome, Firefox, Brave and the rest — haven't done much to them. The internet has evolved in massive, earth-shaking ways over the last two decades, but tabs haven't really changed since they became a browser feature in the mid '90s.

Josh Miller, however, has big plans for browser tabs. Miller is the CEO of a new startup called The Browser Company, and he wants to change the way people think about browsers altogether. He sees browsers as operating systems, and likes to wonder aloud what "iOS for the web" might look like. What if your browser could build you a personalized news feed because it knows the sites you go to? What if every web app felt like a native app, and the browser itself was just the app launcher? What if you could drag a file from one tab to another, and it just worked? What if the web browser was a shareable, synced, multiplayer experience? It would be nothing like the simple, passive windows to the web that browsers are now. Which is exactly the goal.

The Browser Company (which everyone on the team just calls Browser) is one of a number of startups that are rethinking every part of the browser stack. Mighty has built a version of Chrome that runs on powerful server hardware and streams the browser itself over the web. Brave is building support for decentralized protocols like IPFS, and experimenting with using cryptocurrencies as a new business model for publishers. Synth is building a new bookmarks system that acts more like a web-wide inbox. Sidekick offers a vertical app launcher and makes tabs easier to organize. "A change is coming," said Mozilla CEO Mitchell Baker. "The question is just the time frame, and what's actually required to make it happen."

They have lots of different ideas, but they share a belief that the browser can, and should, be more than it is. "We don't need a new web browser," Miller said. "We need a new successor to the web browser."

While he was at the White House, Chief Digital Officer (and Miller's boss) Jason Goldman said something Miller couldn't forget. "Platforms have all the leverage," is how Miller remembers it. "And if you care about the future of the internet, or the way we use our computers, or want to improve any of the things that are broken about technology ... you can't really just build an application. Platforms, whether it's iOS or Windows or Android or Mac OS, that's where all the control is."

New stricter European Union guidelines will push Facebook, Google and other big tech companies to commit not to make money from advertising linked to disinformation. From a report: The European Commission said on Wednesday that its strengthened non-binding guidelines, which confirmed a May 19 Reuters report, set out a robust monitoring framework and clear performance indicators for firms to comply with. read more Concerns about the impact of disinformation have intensified during the COVID-19 pandemic and after claims about election fraud in the United States, with some critics pointing to the role of social media and tech giants in spreading it.

"Disinformation cannot remain a source of revenue. We need to see stronger commitments by online platforms, the entire advertising ecosystem and networks of fact-checkers," EU industry chief Thierry Breton said in a statement. "We need online platforms and other players to address the systemic risks of their services and algorithmic amplification, stop policing themselves alone and stop allowing to make money on disinformation, while fully preserving the freedom of speech," she said. Signatories to the code, which was introduced in 2018, include Google, Facebook, Twitter, Microsoft, Mozilla, TikTok and some advertising and tech lobbying groups.

sandbagger shares a report from The Register: FingerprintJS, maker of a browser-fingerprinting library for fraud prevention, on Thursday said it has identified a more dubious fingerprinting technique capable of generating a consistent identifier across different desktop browsers, including the Tor Browser. Konstantin Darutkin, senior software engineer at FingerprintJS, said in a blog post that the company has dubbed the privacy vulnerability "scheme flooding." The name refers to abusing custom URL schemes, which make web links like "skype://" or "slack://" prompt the browser to open the associated application. "The scheme flooding vulnerability allows an attacker to determine which applications you have installed," explains Darutkin. "In order to generate a 32-bit cross-browser device identifier, a website can test a list of 32 popular applications and check if each is installed or not."

Visiting the schemeflood.com site using a desktop (not mobile) browser and clicking on the demo will generate a flood of custom URL scheme requests using a pre-populated list of likely apps. A browser user would typically see a pop-up permission modal window that says something like, "Open Slack.app? A website wants to open this application. [canel] [Open Slack.app]." But in this case, the demo script just cancels if the app is present or reads the error as confirmation of the app's absence. It then displays the icon of the requested app if found, and moves on to its next query. The script uses each app result as a bit to calculate the identifier. The fact that the identifier remains consistent across different browsers means that cross-browser tracking is possible, which violates privacy expectations.

There was a big announcement this week from Mozilla. They've joined Fastly, Intel, and Microsoft "in announcing the incorporation and expansion of the Bytecode Alliance, a cross-industry partnership to advance a vision for fast, secure, and simplified software development based on WebAssembly." Building software today means grappling with a set of vexing trade-offs. If you want to build something big, it's not realistic to build each component from scratch. But relying on a complex supply chain of components from other parties allows a defect anywhere in that chain to compromise the security and stability of the entire program.

Tools like containers can provide some degree of isolation, but they add substantial overhead and are impractical to use at per-supplier granularity. And all of these dynamics entrench the advantages of big companies with the resources to carefully manage and audit their supply chains.

Mozilla helped create WebAssembly to allow the Web to grow beyond JavaScript and run more kinds of software at faster speeds. But as it matured, it became clear that WebAssembly's technical properties — particularly memory isolation — also had the potential to transform software development beyond the browser by resolving the tension described above. Several other organizations shared this view, and we came together to launch the Bytecode Alliance as an informal industry partnership in late 2019. As part of this launch, we articulated our shared vision and called for others to join us in bringing it to life... [W]e asked prospective members to be patient and, in parallel with ongoing technical efforts, worked to incorporate the Alliance as a formal 501(c)(6) organization. That process is now complete, and we're thrilled to welcome Arm, DFINITY Foundation, Embark Studios, Google, Shopify, and University of California at San Diego as official members of the Bytecode Alliance.

We have a real opportunity to change how software is built, and in doing so, enable small teams to build big things that are both secure and fast.

Achieving the elusive trifecta — easy composition, defect isolation, and high performance — requires both the right technology and a coordinated effort across the ecosystem to deploy it in the right way. Mozilla believes that WebAssembly has the right technical ingredients to build a better, more secure Internet, and that the Bytecode Alliance has the vision and momentum to make it happen.

Facebook has joined the Rust Foundation, the organization driving the Rust programming language, alongside Amazon Web Services, Google, Huawei, Microsoft, and Mozilla. From a report: Facebook is the latest tech giant to ramp up its adoption of Rust, a language initially developed by Mozilla that's become popular for systems programming because of its memory safety guarantees compared to fast languages C and C++. Rust is appealing for writing components like drivers and compilers.

The Rust Foundation was established in February with initial backing from Amazon Web Services, Google, Huawei, Microsoft, and Mozilla. Microsoft is exploring Rust for some components of Windows and Azure while Google is using Rust to build new parts of the Android operating system and supporting an effort to bring Rust to the Linux kernel. Facebook's engineering team has now detailed its use of Rust beginning in 2016, a year after Rust reached its 1.0 milestone. "For developers, Rust offers the performance of older languages like C++ with a heavier focus on code safety. Today, there are hundreds of developers at Facebook writing millions of lines of Rust code," Facebook's software engineering team said.

Artem S. Tashkinov writes: Over the past ten years, Firefox market share has decreased substantially and the web browser has lost its appeal and coolness. Seeing that, someone at Mozilla probably decided that the best way to entice people back is by changing its UI, thus Firefox has already seen quite a huge number of changes despite other major web browsers staying relatively the same in terms of their visuals; i.e. Google Chrome and Apple Safari look almost the same as they did a decade ago. The most substantial redesign, which is being prepared for the next release, called Proton, promises to drive most power users away because it's broken on a number of levels and makes using the browser a very unpleasant experience.

So, what has changed:
- The compact density option for the address bar is now gone, and not only that, the title bar is now a lot taller than before. Overall, vertically, the title bar and address bar now take almost a dozen pixels more than previous Firefox releases, which steals very precious vertical space.
- The floating tabs. The active tab is now totally disconnected from the active web page and it looks out of place.
- The inactive tabs now completely lack a delimiter between them; and in the case of websites lacking a favicon, all inactive tabs look like one, which makes understanding what's open and what to click very difficult and time consuming.
- Mozilla has removed icons from menus, which makes navigating them slower and more difficult. Human beings can easily recognize and memorize icons, and now instead you have to read 20 menu items and try to understand what you actually need to click. Just to illustrate it, check how Firefox 88 looks and what is up and coming.

It surely looks like whatever UX studies Mozilla has done were either not run properly, or the data being collected was not properly understood. Mozilla has disabled feedback for Firefox, they've made it abundantly clear that you cannot leave comments in their Bugzilla, and considering they want to deprecate userChrome.css, it makes it impossible to restore the semblance of a good web browser experience. The Slashdot crowd loves free and open-source web browsers, so the question is, how can we make the company stop maiming and destroying their most important product?

ewhac writes: Firefox has long had a built-in PDF viewer, allowing users to view PDF files in the browser without having to install a third-party application. In addition to the other weird things PDF files can contain, one of them is JavaScript. Putatively offered as a way to create self-validating forms, this scripting capability has been abused over the decades in just about every way you can imagine. Firefox's built-in viewer, although it has apparently had the ability to execute embedded JS for some time, never turned that feature on, making it a safe(r) way to open PDFs... Until now. The newly released Firefox version 88 has flipped that switch, and will now blithely execute JavaScript embedded in PDFs. Firefox's main preferences dialog offers no control for turning this "feature" off.

To turn off JavaScript execution in PDFs: Enter about:config in the address bar; click "I'll be careful." In the search box near the top, enter pdfjs.enableScripting. Change the setting to False. Close the page.

Slashdot reader LeeLynx shares news from The Register about a Slackware 15 beta release (following the debut of February's alpha), "nearly five years after the distribution last saw a major update." (And nearly 28 years after its initial release back in 1993...) Created by Patrick Volkerding (who still lays claim to the title Benevolent Dictator For Life), the current release version arrived in the form of 2016's 14.2... The Linux kernel has been updated to 5.10.30 (at time of writing) with 5.11.14 available for testing. Desktop fans may be pleased to see, among the many updates, KDE Plasma hitting 5.21.4 as well as updates for old faithfuls, such as Mozilla Firefox and Thunderbird.

The beta itself dropped on 12 April (with the 5.10.29 kernel) and Volkerding noted: "I'm going to go ahead and call this a beta even though there's still no fix for the illegal instruction issue with 32-bit mariadb. But there should be soon."

Tinkering has continued since, judging by the change log, although the beta tag brings hope there will be a release before long.

Google is all alone with its proposed advertising technology -- FLoC-- to replace third-party cookies. Every major browser that uses the open source Chromium project has declined to use it, and it's unclear what that will mean for the future of advertising on the web. Firefox, Safari, Microsoft Edge, Vivaldi, and Brave have said they are not implementing Google's FLoC into their browsers.

What if the key to improving speech recognition accuracy is simply mixing all available speech datasets together to train one large AI model? That's the hypothesis behind a recent study published by a team of researchers affiliated with Google Research and Google Brain. They claim an AI model named SpeechStew that was trained on a range of speech corpora achieves state-of-the-art or near-state-of-the-art results on a variety of speech recognition benchmarks. VentureBeat reports: In pursuit of a solution, the Google researchers combined all available labeled and unlabelled speech recognition data curated by the community over the years. They drew on AMI, a dataset containing about 100 hours of meeting recordings, as well as corpora that include Switchboard (approximately 2,000 hours of telephone calls), Broadcast News (50 hours of television news), Librispeech (960 hours of audiobooks), and Mozilla's crowdsourced Common Voice. Their combined dataset had over 5,000 hours of speech -- none of which was adjusted from its original form. With the assembled dataset, the researchers used Google Cloud TPUs to train SpeechStew, yielding a model with more than 100 million parameters. In machine learning, parameters are the properties of the data that the model learned during the training process. The researchers also trained a 1-billion-parameter model, but it suffered from degraded performance.

Once the team had a general-purpose SpeechStew model, they tested it on a number of benchmarks and found that it not only outperformed previously developed models but demonstrated an ability to adapt to challenging new tasks. Leveraging Chime-6, a 40-hour dataset of distant conversations in homes recorded by microphones, the researchers fine-tuned SpeechStew to achieve accuracy in line with a much more sophisticated model. Transfer learning entails transferring knowledge from one domain to a different domain with less data, and it has shown promise in many subfields of AI. By taking a model like SpeechStew that's designed to understand generic speech and refining it at the margins, it's possible for AI to, for example, understand speech in different accents and environments.

A new report from The Washington Post reveals how the FBI gained access to an iPhone linked to the 2015 San Bernardino shooting. Apple refused to build a backdoor into the phone, citing the potential to undermine the security of hundreds of millions of Apple users, which kicked off a legal battle that only ended after the FBI successfully hacked the phone. Thanks to the Washington Post's report, we now know the methods the FBI used to get into the iPhone. Mitchell Clark summarizes the key findings via The Verge: The phone at the center of the fight was seized after its owner, Syed Rizwan Farook, perpetrated an attack that killed 14 people. The FBI attempted to get into the phone but was unable to due to the iOS 9 feature that would erase the phone after a certain number of failed password attempts. Apple attempted to help the FBI in other ways but refused to build a passcode bypass system for the bureau, saying that such a backdoor would permanently decrease the security of its phones. After the FBI announced that it had gained access to the phone, there were concerns that Apple's security could have been deeply compromised. But according to The Washington Post, the exploit was simple: [An Australian security firm called Azimuth Security] basically found a way to guess the passcode as many times as it wanted without erasing the phone, allowing the bureau to get into the phone in a matter of hours.

The technical details of how the auto-erase feature was bypassed are fascinating. The actual hacking was reportedly done by two Azimuth employees who gained access to the phone by exploiting a vulnerability in an upstream software module written by Mozilla. That code was reportedly used by Apple in iPhones to enable the use of accessories with the Lightning port. Once the hackers gained initial access, they were able to chain together two more exploits, which gave them full control over the main processor, allowing them to run their own code. After they had this power, they were able to write and test software that guessed every passcode combination, ignoring any other systems that would lock out or erase the phone. The exploit chain, from Lightning port to processor control, was named Condor. As with many exploits, though, it didn't last long. Mozilla reportedly fixed the Lightning port exploit a month or two later as part of a standard update, which was then adopted by the companies using the code, including Apple.

Last year, NetMarketShare showed that Edge's 7.59% desktop market share pushed it past Firefox in March last year. Now, StatCounter reports that Edge has been adding users over the last few months as Firefox's userbase shrinks. TechSpot reports: While the data doesn't prove Firefox users have been leaving for Edge, we see that Microsoft's browser has seen its market share jump from 7.81% to 8.03% this year, while Mozilla's product declined from 8.1% to 7.95%. That's an all-time high for Edge, according to StatCounter. Edge's gain in users hasn't secured it the second position. That honor goes to Safari, which now has a 10.11% share, though its numbers have been falling since December, so Edge could overtake it soon enough.

Like Windows 7, it seems some people are having trouble letting go of the now-discontinued Internet Explorer. It has a 1.7% share that is declining very slowly. The data is only for the desktop market. Looking at all platforms -- desktop, tablet, and mobile -- iPhones and iPads make Safari's second spot more secure with a 19.03% share, while Firefox moves ahead of Edge, albeit by just 0.23%.

This week the lead consumer technology writer for The New York Times urged readers to switch their browser from Chrome, Safari, or Microsoft Edge to a private browser.

"For about a week, I tested three of the most popular options — DuckDuckGo, Brave and Firefox Focus. Even I was surprised that I eventually switched to Brave as the default browser on my iPhone." Firefox Focus, available only for mobile devices like iPhones and Android smartphones, is bare-bones. You punch in a web address and, when done browsing, hit the trash icon to erase the session. Quitting the app automatically purges the history. When you load a website, the browser relies on a database of trackers to determine which to block.

The DuckDuckGo browser, also available only for mobile devices, is more like a traditional browser. That means you can bookmark your favorite sites and open multiple browser tabs. When you use the search bar, the browser returns results from the DuckDuckGo search engine, which the company says is more focused on privacy because its ads do not track people's online behavior. DuckDuckGo also prevents ad trackers from loading. When done browsing, you can hit the flame icon at the bottom to erase the session.

Brave is also more like a traditional web browser, with anti-tracking technology and features like bookmarks and tabs. It includes a private mode that must be turned on if you don't want people scrutinizing your web history. Brave is also so aggressive about blocking trackers that in the process, it almost always blocks ads entirely. The other private browsers blocked ads less frequently....

In the end, though, you probably would be happy using any of the private browsers... For me, Brave won by a hair. My favorite websites loaded flawlessly, and I enjoyed the clean look of ad-free sites, along with the flexibility of opting in to see ads whenever I felt like it. Brendan Eich, the chief executive of Brave, said the company's browser blocked tracking cookies "without mercy."

"If everybody used Brave, it would wipe out the tracking-based ad economy," he said.

Count me in.