Firefox

Firefox 11.0 For iOS Arrives With Tracking Protection On By Default (venturebeat.com) 16

The new version of Firefox 11.0 for iOS turns on tracking protection by default, lets you reorder your tabs, and adds a handful of iPad-specific features. The latest version is currently available via Apple's App Store. VentureBeat details the new features: Tracking protection means Firefox blocks website elements (ads, analytics trackers, and social share buttons) that could track you while you're surfing the web. It's almost like a built-in ad blocker, though it's really closer to browser add-ons like Ghostery and Privacy Badger because ads that don't track you are allowed through. The feature's blocking list, which is based on the tracking protection rules laid out by the anti-tracking startup Disconnect, is published under the General Public License and available on GitHub. The feature is great for privacy, but it also improves performance. Content loads faster for many websites, which translates into less data usage and better battery life. If tracking protection doesn't work well on a given site, just turn it off there and Firefox for iOS should remember your preference.

Tracking protection aside, iOS users can now reorder their tabs. Organizing your tabs is very straightforward: Long-press the specific tab and drag it either left or right. iPad users have gained two new features, as well. You can now share URLs by just dragging and dropping links to and from Firefox with any other iOS app. If you're in side-by-side view, just drag the link or tab into the other app. Otherwise, bring up the doc or app switcher, drag the link into the other app until it pulses, release the link, and the other app will open the link. Lastly, iPad users have gained a few more keyboard shorts, including the standard navigation keys from the desktop. There's also cursor navigation through the bookmarks and history results, an escape key in the URL bar, and easier tab tray navigation (try using the keyboard shortcut Command + Option + Tab to get to and from the tabs view).

Businesses

Tech Giants Like Amazon and Facebook Should Be Regulated, Disrupted, or Broken Up: Mozilla Foundation (venturebeat.com) 187

The Mozilla Foundation has called for the regulation of tech giants like Google, Amazon, and Facebook. From a report: Though tech giants in the U.S. and companies like Alibaba and Tencent in China have "helped billions realize the benefits of the internet," the report calls for regulation of these players to mitagate monopolistic business practices that undermine "privacy, openness, and competition on the web." They box out competitors, restricting innovation in the process, Mozilla wrote today in its inaugural Internet Health Report, "As their capacity to make sense of massive amounts of data grows through advances in artificial intelligence and quantum computing, their powers are likely to advance into adjacent businesses through vertical integrations into hardware, software, infrastructure, automobiles, media, insurance, and more -- unless we find a way to disrupt them or break them up." Governments should enforce anti-competitive behavior laws and rethink outdated antitrust models when implementing regulation of tech giants, the report states.
Mozilla

Firefox Follows Chrome and Blocks the Loading of Most FTP Resources (bleepingcomputer.com) 89

Mozilla says it will follow in the steps of Google Chrome and start blocking the loading of FTP subresources inside HTTP and HTTPS pages. From a report: By FTP subresources, we refer to files loaded via the FTP protocol inside img, script, or iframe tags that have a src="ftp://". FTP links placed inside normal angle bracket links or typed directly in the browser's address bar will continue to work. The reasoning is that FTP is an insecure protocol that doesn't support modern encryption techniques and will inherently break many other built-in browser security and privacy features, such as HSTS, CSP, XSA, or others. Furthermore, many malware distribution campaigns often rely on compromising FTP servers and redirecting or downloading malware on users' computers via FTP subresources. Mozilla engineers say FTP subresource blocking will ship with Firefox 61, currently scheduled for release on June 26.
Chrome

Biometric and App Logins Will Soon Be Pushed Across the Web (vice.com) 161

Soon, it will be much easier to log into more websites using a hardware key plugged into your laptop, a dedicated app, or even the fingerprint scanner on your phone. Motherboard: On Tuesday, a spread of organizations and businesses, including top browser vendors such as Microsoft and Google, announced a new standards milestone that will streamline the process for web developers to add extra login methods to their sites, potentially keeping consumers' accounts and data more secure. "For users, this will be a natural transition. People everywhere are already using their fingers and faces to 'unlock' their mobile phones and PCs, so this will be natural to them -- and more convenient," Brett McDowell, executive director at the FIDO Alliance, one of the organizations involved in setting up the standard, told Motherboard in an email.

"What they use today to 'unlock' will soon allow them to 'login' to all their favorite websites and a growing number of native apps that already includes Bank of America, PayPal, eBay and Aetna," he added. Passwords continue to be one of the weaker points in online security. A hacker may phish a target's password and log into their account, or take passwords from one data breach and use them to break into accounts on another site. The login standard, called Web Authentication (WebAuthn), will let potentially any website or online service use apps, security keys, or biometrics as a login method instead of a password, or use those alternative approaches as a second method of verification. The key here is making it easy and open for developers to use, and for it to work across all different brands of browsers. The functionality is already available in Mozilla's Firefox, and will be rolled out to Microsoft's Edge and Google Chrome in the new few months. Opera has committed to supporting WebAuthn as well.

Businesses

Online Gaming Could Be Stalled by Net Neutrality Repeal, ESA Tells Court (arstechnica.com) 152

A video game industry lobby group is joining the lawsuit that seeks to reinstate net neutrality rules in the US, saying that the net neutrality repeal could harm multiplayer online games that require robust Internet connections. From a report: The Entertainment Software Association (ESA) yesterday filed a motion for leave to intervene so that it can support the case against the Federal Communications Commission. The lawsuit, filed by a mix of Democratic state attorneys general, tech companies such as Mozilla, and consumer advocacy groups, seeks to reverse the FCC's December 2017 vote to eliminate net neutrality rules. The ESA said its members will be harmed by the repeal "because the FCC's Order permits ISPs to take actions that could jeopardize the fast, reliable, and low-latency connections that are critical to the video game industry."
Mozilla

Mozilla Launches Facebook Container Add-on To Isolate Your Web Browsing Activity From Facebook (venturebeat.com) 112

Paul Sawers, writing for VentureBeat: On Tuesday, Mozilla announced a new tool it said will help keep Facebook from tracking your browsing across the web. The Facebook Container add-on for Firefox promises to make it "much harder" for Facebook to track you when you're not on its site. Mozilla has been working on the technology for several years already, accelerating its development in response to what it called a "growing demand for tools that help manage privacy and security," according to a statement issued by Mozilla today.

Most people are probably aware that data they directly give to Facebook -- such as "liking" a Page or updating their relationship status -- may be sold to advertisers. But fewer people know that Facebook can also track their activities on other websites that have integrated with aspects of Facebook's tracking technology, such as the pervasive "Like" button. And it's in this scenario that Mozilla is now hoping to play the good guy.

Firefox

Firefox In 2018: We'll Tackle Bad Ads, Breach Alerts, Autoplay Video, Says Mozilla (zdnet.com) 84

An anonymous reader quotes a report from ZDNet: Firefox maker Mozilla has outlined its 2018 roadmap to make the web less intrusive and safer for users. First up, Mozilla says it will proceed and implement last year's experiment with a breach alerts service, which will warn users when their credentials have been leaked or stolen in a data breach. Mozilla aims to roll out the service around October. Breach Alerts is based on security consultant Troy Hunt's data breach site Have I Been Pwned. Firefox will also implement a similar block on autoplay video to the one Chrome 66 will introduce next month, and that Safari already has. However, Dotzler says Firefox's implementation will "provide users with a way to block video auto-play that doesn't break websites". This feature is set to arrive in Firefox 62, which is scheduled for release in May.

After Firefox 62 the browser will gain an optional Chrome-like ad filter and several privacy-enhancing features similar to those that Apple's WebKit developers have been working on for Safari's Intelligent Tracking Prevention. By the third quarter of 2018, Firefox should also be blocking ad-retargeting through cross-domain tracking. It's also going to move all key privacy controls into a single location in the browser, and offer more "fine-grained" tracking protection. Dotzler says Mozilla is in the "early stages" of determining what types of ads Firefox should block by default. Also on the roadmap is a feature that arrived in Firefox 59, released earlier this month. A new Global Permissions feature will help users avoid having to deny every site that requests permission for location, camera, microphone and notifications. Beyond security and privacy, Mozilla plans to build on speed-focused Quantum improvements that came in Firefox 57 with smoother page rendering.

Mozilla

Mozilla Pulls Advertising from Facebook (betanews.com) 82

An anonymous reader shares a report: Mozilla is not happy with Facebook. Not happy at all. Having already started a petition to try to force the social network to do more about user privacy, the company has now decided to withdraw its advertising from the platform. The organization is voting with its money following the misuse of user data by Cambridge Analytica, as it tries to force Facebook into taking privacy more seriously. Mozilla says that it is not happy to financially support a platform that does not do enough to protect user privacy. But the company is not severing ties completely. It says that advertising is being "paused" and that if the right steps are taken by Facebook "we'll consider returning."
Facebook

Mozilla Launches a Petition Asking Facebook To Do More For User Privacy (betanews.com) 52

An anonymous reader shares a report: After it was revealed that the personal data of 50 million Facebook users was shared without consent, Mozilla is calling on the social network to ensure that user privacy is protected by default, particularly when it comes to apps.

Ashley Boyd, Mozilla's vice president of advocacy, says that billions of Facebook users are unknowingly at risk of having their data passed on to third parties. He says: "If you play games, read news or take quizzes on Facebook, chances are you are doing those activities through third-party apps and not through Facebook itself. The default permissions that Facebook gives to those third parties currently include data from your education and work, current city and posts on your timeline."

Security

Firefox Master Password System Has Been Poorly Secured for the Past 9 Years, Researcher Says (bleepingcomputer.com) 74

Catalin Cimpanu, writing for BleepingComputer: For at past nine years, Mozilla has been using an insufficiently strong encryption mechanism for the "master password" feature. Both Firefox and Thunderbird allow users to set up a "master password" through their settings panel. This master password plays the role of an encryption key that is used to encrypt each password string the user saves in his browser or email client. Experts have lauded the feature because up until that point browsers would store passwords locally in cleartext, leaving them vulnerable to malware or attackers with physical access to a victim's computer. But Wladimir Palant, the author of the AdBlock Plus extension, says the encryption scheme used by the master password feature is weak and can be easily brute-forced. "I looked into the source code," Palant says, "I eventually found the sftkdb_passwordToKey() function that converts a [website] password into an encryption key by means of applying SHA-1 hashing to a string consisting of a random salt and your actual master password."
Firefox

Mozilla Working On In-Page Popup Blocker For Firefox (androidpolice.com) 53

Firefox is working on a blocker for annoying in-page alerts that often ask you to input your email address to receive a newsletter from the site. "The feature is still in the planning stages, but Mozilla is asking users for any examples of sites with annoying pop-ups," reports Android Police. "Mozilla wants to make Firefox automatically detect and dismiss the popups." From the report: If you know of sites that use in-page popups (whether it be newsletter signups, surveys, or something else), you can fill out the survey here. There are also Firefox and Chrome extensions that make the process easier. I'll be interested to see how Mozilla pulls this off, it will no doubt be difficult to detect the difference between helpful and not-helpful popups.
Programming

Developers Love Trendy New Languages, But Earn More With Functional Programming: Stack Overflow's Annual Survey (arstechnica.com) 111

Stack Overflow has released the results of its annual survey of 100,000 developers, revealing the most-popular, top-earning, and preferred programming languages. ArsTechnica: JavaScript remains the most widely used programming language among professional developers, making that six years at the top for the lingua franca of Web development. Other Web tech including HTML (#2 in the ranking), CSS (#3), and PHP (#9). Business-oriented languages were also in wide use, with SQL at #4, Java at #5, and C# at #8. Shell scripting made a surprising showing at #6 (having not shown up at all in past years, which suggests that the questions have changed year-to-year), Python appeared at #7, and systems programming stalwart C++ rounded out the top 10.

These aren't, however, the languages that developers necessarily want to use. Only three languages from the most-used top ten were in the most-loved list; Python (#3), JavaScript (#7), and C# (#8). For the third year running, that list was topped by Rust, the new systems programming language developed by Mozilla. Second on the list was Kotlin, which wasn't even in the top 20 last year. This new interest is likely due to Google's decision last year to bless the language as an official development language for Android. TypeScript, Microsoft's better JavaScript than JavaScript comes in at fourth, with Google's Go language coming in at fifth. Smalltalk, last year's second-most loved, is nowhere to be seen this time around. These languages may be well-liked, but it looks as if the big money is elsewhere. Globally, F# and OCaml are the top average earners, and in the US, Erlang, Scala, and OCaml are the ones to aim for. Visual Basic 6, Cobol, and CoffeeScript were the top three most-dreaded, which is news that will surprise nobody who is still maintaining Visual Basic 6 applications thousands of years after they were originally written.

Mozilla

Firefox 59, 'By Far the Biggest Update Since Firefox 1.0', Arrives With Faster Page Loads and Improved Private Browsing (venturebeat.com) 104

An anonymous reader shares a VentureBeat report: Mozilla today launched Firefox 59 for Windows, Mac, Linux, and Android. The release builds on Firefox Quantum, which the company calls "by far the biggest update since Firefox 1.0 in 2004." Version 59 brings faster page load times, private browsing mode that strips path information, and Android Assist. In related news, Mozilla is giving Amazon Fire TV owners a new design later this week that lets them save their preferred websites by pinning them to the Firefox home screen. Enterprise users also have something to look forward to: On Wednesday, Firefox Quantum for Enterprise is entering the beta phase. Firefox 59 for the desktop is available for download now on Firefox.com, and all existing users should be able to upgrade to it automatically. As always, the Android version is trickling out slowly on Google Play.
Firefox

Firefox Gets Privacy Boost By Disabling Proximity and Ambient Light Sensor APIs (bleepingcomputer.com) 79

Stating with Firefox 60 -- expected to be released in May 2018 -- websites won't be able to use Firefox to access data from sensors that provide proximity distances and ambient light information. From a report: Firefox was allowing websites to access this data via the W3C Proximity and Ambient Light APIs. But at the start of the month, Mozilla engineers decided to disable access to these two APIs by default. The APIs won't be removed, but their status is now controlled by two Firefox flags that will ship disabled by default. This means users will have to manually enable the two flags before any website can use Firefox to extract proximity and ambient light data from the device's underlying sensors. The two flags will be available in Firefox's about:config settings page. The screenshot below shows the latest Firefox Nightly version, where the two flags are now disabled, while other sensor APIs are enabled.
Mozilla

Firefox Quantum Leader Takes Over All Mozilla Products (cnet.com) 98

CNET reports: Mozilla launched the faster Quantum version of its Firefox browser last fall in a bid to restore the nonprofit's reach and influence. Now, the leader of that effort has been promoted to oversee all Mozilla products. Mark Mayo, formerly senior vice president of Firefox, is now Mozilla's chief product officer, CNET has learned. That means he's taking over more projects, including the Pocket tool and mobile app. Pocket lets people save websites they'd like to revisit, but Mozilla also plans to use the resulting data to help recommend interesting or useful sites to Firefox users. In addition, Mozilla has promoted Denelle Dixon, formerly head of business and legal work, to chief operations officer. She's overseen an effort to diversify Mozilla revenue sources, including through the Pocket acquisition in February 2017.
Businesses

Six Tech Companies Filing Net Neutrality Lawsuit (thehill.com) 31

An anonymous reader quotes a report from The Hill: Six technology companies, including Kickstarter, Foursquare and Etsy, have launched a lawsuit against the Federal Communications Commission (FCC) in an effort to preserve net neutrality rules. The companies, which also include Shutterstock, Expa and Automattic, on Monday filed their petition with the U.S. Court of Appeals for the District of Columbia Circuit. The companies join Vimeo and Mozilla, as well as several state attorneys general who have also filed lawsuits against the FCC in support of the net neutrality rules. Like the other lawsuits, their new case hinges on the Administrative Procedure Act, which they argue prevents the FCC from "arbitrary and capricious" redactions to already existing policy. "Already, over 30,000 Etsy sellers participated in the FCC's public comment process, and tens of thousands more reached out to Congress in support of net neutrality. Now we're bringing their stories and experiences to the courts," said Althea Erickson, head of advocacy and impact at Etsy.
Encryption

23,000 HTTPS Certs Axed After CEO Emails Private Keys (arstechnica.com) 72

An anonymous reader quotes Ars Technica: A major dust-up on an Internet discussion forum is touching off troubling questions about the security of some browser-trusted HTTPS certificates when it revealed the CEO of a certificate reseller emailed a partner the sensitive private keys for 23,000 TLS certificates. The email was sent on Tuesday by the CEO of Trustico, a UK-based reseller of TLS certificates issued by the browser-trusted certificate authorities Comodo and, until recently, Symantec...

In communications earlier this month, Trustico notified DigiCert that 50,000 Symantec-issued certificates Trustico had resold should be mass revoked because of security concerns. When Jeremy Rowley, an executive vice president at DigiCert, asked for proof the certificates were compromised, the Trustico CEO emailed the private keys of 23,000 certificates, according to an account posted to a Mozilla security policy forum. The report produced a collective gasp among many security practitioners who said it demonstrated a shockingly cavalier treatment of the digital certificates that form one of the most basic foundations of website security... In a statement, Trustico officials said the keys were recovered from "cold storage," a term that typically refers to offline storage systems. "Trustico allows customers to generate a Certificate Signing Request and Private Key during the ordering process," the statement read. "These Private Keys are stored in cold storage, for the purpose of revocation."

"There's no indication the email was encrypted," reports Ars Technica, and the next day DigiCert sent emails to Trustico's 23,000+ customers warning that their certificates were being revoked, according to Bleeping Computer.

In a related development, Thursday Trustico's web site went offline, "shortly after a website security expert disclosed a critical vulnerability on Twitter that appeared to make it possible for outsiders to run malicious code on Trustico servers."
Firefox

Mozilla Removes Individual Cookie Management in Firefox 60 (ghacks.net) 177

Martin Brinkmann, writing for Ghacks: The most recent version of Firefox Nightly, currently at version 60, comes with changes to Firefox's cookie management. Mozilla merged cookie settings with site data in the web browser which impacts how you configure and manage cookie options. If you run Firefox 59 or earlier, you can load about:preferences#privacy to manage privacy related settings in Firefox. If you set the history to "use custom settings for history" or "remember history", you get an option manage cookie settings and to remove individual cookies from Firefox. A click on the link or button opens a new browser window in which all set cookies are listed. You can use it to find set cookies, look up information, remove selected or all cookies. Mozilla engineers changed this in recent versions of Firefox 60 (currently on the Nightly channel).
Communications

23 Attorneys General Refile Challenge To FCC Net Neutrality Repeal (engadget.com) 41

An anonymous reader quotes a report from Reuters: A coalition of 22 state attorneys general and the District of Columbia on Thursday refiled legal challenges intended to block the Trump administration's repeal of landmark rules designed to ensure a free and open internet from taking effect. The Federal Communications Commission officially published its order overturning the net neutrality rules in the Federal Register on Thursday, a procedural step that allows for the filing of legal challenges. The states, along with web browser developer Mozilla and video-sharing website Vimeo, had filed petitions preserving their right to sue in January, but agreed to withdraw them last Friday and wait for the FCC's publication. The attorneys general argue that the FCC cannot make "arbitrary and capricious" changes to existing policies and that it misinterpreted and disregarded "critical record evidence on industry practices and harm to consumers and businesses." The White House Office of Management and Budget still must sign off on some aspects of the FCC reversal before it takes legal effect. That could take months.
Software

The Most Popular Linux Desktop Programs (zdnet.com) 228

The most recent Linux Questions poll results are in. Steven J. Vaughan-Nichols, writing for ZDNet: LinuxQuestions, one of the largest internet Linux groups with 550,000 members, has just posted the results from its latest survey of desktop Linux users. In the always hotly-contested Linux desktop environment survey, the winner was the KDE Plasma Desktop. It was followed by the popular lightweight Xfce, Cinnamon, and GNOME. If you want to buy a computer with pre-installed Linux, the Linux Questions crew's favorite vendor by far was System76. Numerous other computer companies offer Linux on their PCs. These include both big names like Dell and dedicated small Linux shops such as ZaReason, Penguin Computing, and Emperor Linux. Many first choices weren't too surprising. For example, Linux users have long stayed loyal to the Firefox web browser, and they're still big fans. Firefox beat out Google Chrome by a five-to-one margin. And, as always, the VLC media player is far more popular than any other Linux media player. For email clients, Mozilla Thunderbird remains on top. That's a bit surprising given how Thunderbird's development has been stuck in neutral for some time now. When it comes to text editors, I was pleased to see vim -- my personal favorite -- win out over its perpetual rival, Emacs. In fact, nano and Kate both came ahead of Emacs.

Slashdot Top Deals