Mozilla Firefox will soon include a revised Referrer Policy to tighten up queries and better protect user information. From a report: Firefox 87, due to ship on March 23, will cut back on path and query string information from referrer headers "to prevent sites from accidentally leaking sensitive user data." In a blog post on Monday, developer Dimi Lee and security infrastructure engineering manager Christoph Kerschbaumer said the latest browser version will include a "stricter, more privacy-preserving default Referrer Policy." Browsers send HTTP Referrer headers to websites to indicate which location has 'referred' a user to a website server. Full URLs of referring documents are often sent in the HTTP Referrer header with other subresource requests, and while this may contain innocent information used for purposes including analytics, private user data may also be included. Referrer policies aim to protect this data, but if no policy is set by a website, this often defaults to "no-referrer-when-downgrade," an element that Firefox says does trim down the referrer when navigating to a less secure resource, but still "sends the full URL including path and query information of the originating document as the referrer."

Tech companies led by Mozilla are urging the Federal Communications Commission to swiftly reinstate net neutrality rules stripped away under the Trump administration. From a report: In a letter to FCC Acting Chairwoman Jessica Rosenworcel Friday, ADT, Dropbox, Eventbrite, Reddit, Vimeo and Wikimedia joined Mozilla, the maker of the Firefox web browser, in calling net neutrality "critical for preserving the internet as a free and open medium that promotes innovation and spurs economic growth." [...] In a blog post Friday, Mozilla Chief Legal Officer Amy Keating said the pandemic has made the need for net neutrality rules even more clear.

"In a moment where classrooms and offices have moved online by necessity, it is critically important to have rules paired with strong government oversight and enforcement to protect families and businesses from predatory practices," Keating said. "In California, residents will have the benefit of these fundamental safeguards as a result of a recent court decision that will allow the state to enforce its state net neutrality law. However, we believe that users nationwide deserve the same ability to control their own online experiences."

Firefox's "Compact density" option, which reduces the size of the user interface, is set to disappear when Mozilla rolls out its Proton visual redesign for the browser later this year. PCMag reports: A bug was posted on Mozilla's bug tracking system entitled "Remove compact mode inside Density menu of customize palette." The reasons given for its removal include the fact it's "currently fairly hard to discover" and "we assume gets low engagement." The development team wants to "make sure that we design defaults that suit most users and we'll be retiring the compact mode for this reason." The Bugzilla thread highlights a desire for compact density to be retained as an option, but it doesn't seem likely to survive right now.

When Proton arrives, the Normal and Touch density options are expected to remain, with Touch increasing the size of the user interface to make it more finger-friendly. Meanwhile, the development team is optimizing the Normal density for displays that use 768 pixels for height, while most displays now use a higher resolution than that. Hopefully this doesn't mean the UI will be larger than it is now by default.

With the News Media Bargaining Code out of the way, the Australian government has moved its tech giant battle to the browser scene, keeping Google in its crosshairs while putting Apple under the microscope. From a report: Led by the Australian Competition and Consumer Commission (ACCC), the new battle is focused on "choice and competition in internet search and web browsers." The consumer watchdog on Thursday put out a call for submissions, with a number of questions posed in a discussion paper , centred on internet browser defaults. It claimed Apple's Safari is the most common browser used in Australia for smartphones and tablets, accounting for 51% of use. This is followed by Chrome with 39%, Samsung Internet with 7%, and with less than 1%, Mozilla Firefox. This shifts on desktop, with Chrome being the most used browser with 62% market share, followed by Safari with 18%, Edge 9%, and Mozilla 6%.

The ACCC said it's concerned with the impact of pre-installation and default settings on consumer choice and competition, particularly in relation to online search and browsers. It's also seeking views on supplier behaviour and trends in search services, browsers, and operating systems, and device ecosystems that may impact the supply of search and browsers to Australian consumers. It wants views also on the extent to which existing consumer harm can arise from the design of defaults and other arrangements.

Last week Firefox's official blog responded to some viral misinformation about the Firefox logo. "People were up in arms because they thought we had scrubbed fox imagery from our browser. Rest easy knowing nothing could be further from the truth..." Sure, it's stressful to have hundreds of thousands of people shouting things like "justice for the fox" in all-caps in your mentions for three days straight, but ultimately that means people are thinking about the brand in a way they might not have for years. ..

The logo causing all the stir is one we created a while ago with input from our users. Back in 2019, we updated the Firefox browser logo and added the parent brand logo as a new logo for our broader product portfolio that extends beyond the browser... which represents the family of Firefox products we make outside of just the Firefox browser, like Firefox Monitor. It's not an icon you're going to see on a dock, phone's home screen or desktop, though.

We didn't get rid of the fox then and have no plans to do so now, or ever. Plenty of folks jumped in to try and clear things up in the original thread, but once the "they killed the fox" meme caught momentum and became the "Firefox minimalist logo" meme, there was no stopping it. It spread to Instagram and then to Reddit. The memes became so pervasive that there were memes being made about how there were too many Firefox logo memes... Well, fear not, because no matter what you think you heard on the internet, the fox isn't leaving any time soon.

For our Firefox Nightly users out there, we're bringing back a very special version of an older logo, as a treat. Stay tuned.

An anonymous reader quotes a report from ZDNet: Google has announced Flutter 2, a major upgrade to its framework for building user interfaces for mobile, the web and desktop. Flutter promises to allow developers to use the same codebase to build native apps for iOS, Android, Windows 10, macOS, and Linux and for the web on browsers including Chrome, Firefox, Safari or Edge. It can also be embedded in an IoT device with a screen, such as cars, TVs, and home appliances.

The move to Flutter 2 promises to benefit the over 150,000 Flutter Android apps already available on the Play Store. Every app will get a free upgrade with Flutter 2 allowing developers to target desktop and web without rewriting them. Google apps now built with Flutter include Google Pay, Stadia and Google Nest Hub among others. Flutter 2 also brings production quality support for the web, with a focus on progressive web apps (PWAs) that behave like desktop apps, single page apps, and mobile apps on the web. Google has added a new CanvasKit-powered rendering engine built with WebAssembly. For mobile web apps, in recent months it's added autofill, control over address bar URLs and routing, and PWA manifests.

For desktop browsers, it has added interactive scrollbars and keyboard shortcuts, increased the default content density in desktop modes, and added screen reader support for accessibility on Windows, macOS and ChromeOS. Google has been working with Ubuntu maker Canonical to bring Flutter to the desktop. Canonical will make Flutter the default choice for future desktop and mobile apps it creates. Microsoft is also releasing contributions to the Flutter engine that supports foldable Android devices, such as the Microsoft Surface Duo.

The Economic Security Project is trying to make a point about big tech monopolies by releasing a browser plugin that will block any sites that reach out to IP addresses owned by Google, Facebook, Microsoft, or Amazon. From a report: The extension is called Big Tech Detective, and after using the internet with it for a day (or, more accurately, trying and failing to use), I'd say it drives home the point that it's almost impossible to avoid these companies on the modern web, even if you try. Currently, the app has to be side-loaded onto Chrome, and the Economic Security Project expects that will remain the case. It's also available to side-load onto Firefox. By default, it just keeps track of how many requests are sent, and to which companies. If you configure the extension to actually block websites, you'll see a big red popup if the website you're visiting sends a request to any of the four. That popup will also include a list of all the requests so you can get an idea of what's being asked for.

As part of its war on web tracking, Mozilla is adding a new tool to Firefox aimed at stopping cookies from keeping tabs on you across multiple sites. From a report: The "Total Cookie Protection" feature is included in the web browser's latest release -- alongside multiple picture-in-picture views -- and essentially works by keeping cookies isolated between each site you visit. Or, in Mozilla's words: "By creating a separate cookie jar for every website." Firefox's new feature pares with last month's network partitioning tool, which works by splitting the Firefox browser cache on a per-website basis to prevent tracking across the web, itself targeted at blocking more stubborn "supercookies." According to Mozilla, these types of cookies are more difficult to delete and block as they are stored in obscure parts of the browser, including in Flash storage, ETags, and HSTS flags. Both tools are available as part of Firefox's enhanced tracking protection suite in "strict mode" on desktop and Android.

Rust -- the programming language, not the survival game -- now has a new home: the Rust Foundation. From a report: AWS, Huawei, Google, Microsoft and Mozilla banded together to launch this new foundation today and put a two-year commitment to a million-dollar budget behind it. This budget will allow the project to "develop services, programs, and events that will support the Rust project maintainers in building the best possible Rust." Rust started as a side project inside of Mozilla to develop an alternative to C/C++. Designed by Mozilla Research's Graydon Hore, with contributions from the likes of JavaScript creator Brendan Eich, Rust became the core language for some of the fundamental features of the Firefox browser and its Gecko engine, as well as Mozilla's Servo engine. Today, Rust is the most-loved language among developers. But with Mozilla's layoffs in recent months, many on the Rust team lost jobs and the future of the language became unclear without a main sponsor, though the project itself has thousands of contributors and a lot of corporate users, so the language itself wasn't going anywhere.

Tech blogger Paul Thurrott writes: Firefox 85 now protects users against supercookies, which Mozilla says is "a type of tracker that can stay hidden in your browser and track you online, even after you clear cookies. By isolating supercookies, Firefox prevents them from tracking your web browsing from one site to the next." It also includes small improvements to bookmarks and password management.

Unfortunately, Mozilla has separately — and much more quietly — stopped work on Site Specific Browser (SSB) functionality... This feature allowed users to use Firefox to create apps on the local PC from Progressive Web Apps and other web apps, similar to the functionality provided in Chrome, Microsoft Edge, and other Chromium-based web browsers. "The SSB feature has only ever been available through a hidden [preference] and has multiple known bugs," Mozilla's Dave Townsend explains in a Bugzilla issue tracker. "Additionally, user research found little to no perceived user benefit to the feature and so there is no intent to continue development on it at this time. As the feature is costing us time in terms of bug triage and keeping it around is sending the wrong signal that this is a supported feature, we are going to remove the feature from Firefox."
Thurrott's conclusion? "Mozilla is walking away from a key tenet of modern web apps and, in doing so, they are making themselves irrelevant."

With Mozilla's release of Firefox 85 on Tuesday, Adobe's once ubiquitous Flash technology is really gone for good. The software had been widely used to expand gaming, video and animation on the web, though Adobe stopped supporting it at the end of 2020. Firefox was the last major browser to support Flash. From a report: Apple, whose late boss Steve Jobs helped sink Flash by banning it from iPhones and iPads, ditched Flash with Safari 14 in September 2020. Google Chrome, the most widely used browser, completely excised it on Jan. 19 with version 88. Microsoft's Edge 88 followed suit on Jan. 21. The schedule of removals shows just how hard it is to advance technology foundations as widely used as the web. Browser makers for years wanted to remove Flash, replacing it with more advanced standards built directly into the web. Jobs' "Thoughts on Flash" letter in 2010 solidified the opposition, and Adobe started recognizing the software's doom by scrapping the Android version of Flash in 2011. It's taken years of effort to drop Flash completely. Adobe took until 2017 to announce that Flash would be completely unsupported at the end of 2020, and still some are willing to jump through lots of hoops to keep Flash around a little longer.

Mozilla developers plan to remove support for using the Backspace key as a Back button inside Firefox. From a report: The change is currently active in the Firefox Nightly version and is expected to go live in Firefox 86, scheduled to be released next month, in late February 2021. The removal of the Backspace key as a navigational element didn't come out of the blue. It was first proposed back in July 2014, in a bug report opened on Mozilla's bug tracker. At the time, Mozilla engineers argued that many users who press the Backspace key don't always mean to navigate to the previous page (the equivalent of pressing the Back button).

Mozilla is "investigating" a design refresh for its Firefox browser. Ghacks reports that the refresh is referred to internally as "Photon." Information about the design refresh is limited at this point in time. Mozilla created a meta bug on Bugzilla as a reference to keep track of the changes. While there are not any mockups or screenshots posted on the site, the names of the bugs provide information on the elements that will get a refresh. These are:

- The Firefox address bar and tabs bar.
- The main Firefox menu.
- Infobars.
- Doorhangers.
- Context Menus.
- Modals.
Most user interface elements are listed in the meta bug. Mozilla plans to release the new design in Firefox 89; the browser is scheduled for a mid-2021 release. Its release date is set to May 18, 2021...

[Developer/Firefox extension author] Sören Hentzschel revealed that he saw some of the Firefox Proton mockups... He notes that Firefox will look more modern when the designs land and that Mozilla plans to introduce useful improvements, especially in regards to the user experience. Hentzschel mentions two examples of potential improvements to the user experience: a mockup that displays vertical tabs in a compact mode, and another that shows the grouping of tabs on the tab bar.

An anonymous reader quotes a report from ZDNet: Firefox 85, scheduled to be released next month, in January 2021, will ship with a feature named Network Partitioning as a new form of anti-tracking protection. The feature is based on "Client-Side Storage Partitioning," a new standard currently being developed by the World Wide Web Consortium's Privacy Community Group. "Network Partitioning is highly technical, but to simplify it somewhat; your browser has many ways it can save data from websites, not just via cookies," privacy researcher Zach Edwards told ZDNet in an interview this week. "These other storage mechanisms include the HTTP cache, image cache, favicon cache, font cache, CORS-preflight cache, and a variety of other caches and storage mechanisms that can be used to track people across websites." Edwards says all these data storage systems are shared among websites.

The difference is that Network Partitioning will allow Firefox to save resources like the cache, favicons, CSS files, images, and more, on a per-website basis, rather than together, in the same pool. This makes it harder for websites and third-parties like ad and web analytics companies to track users since they can't probe for the presence of other sites' data in this shared pool. The Mozilla team expects [...] performance issues for sites loaded in Firefox, but it's willing to take the hit just to improve the privacy of its users.

The Verge reports: Firefox's latest update brings native support for Macs that run on Apple's Arm-based silicon, Mozilla announced on Tuesday. Mozilla claims that native Apple silicon support brings significant performance improvements: the browser apparently launches 2.5 times faster and web apps are twice as responsive than they were on the previous version of Firefox, which wasn't native to Apple's chips...

Firefox's support of Apple's Arm-based processors follows Chrome, which added support for Apple's new chips shortly after the M1-equipped MacBook Pro, MacBook Air, and Mac mini were released in November.
Firefox 84 will also be the very last release to support Adobe Flash, notes ZDNet, calling both developments "a reminder of the influence Apple co-founder Steve Jobs has had and continues to exert on software and hardware nine years after his death." Jobs wrote off Flash in 2010 as successful Adobe software but one that was a 'closed' product "created during the PC era — for PCs and mice" and not suitable for the then-brand-new iPad, nor any of its prior iPhones. Instead, Jobs said the future of the web was HTML5, JavaScript and CSS.

At the end of this year Google Chrome, Microsoft Edge and Apple Safari also drop support for Flash.

Senior Apple execs recently reflected in an interview with Om Malik what the M1 would have meant to Jobs had been alive today. "Steve used to say that we make the whole widget," Greg Joswiak, Apple's senior vice president of Worldwide Marketing told Malik.

"We've been making the whole widget for all our products, from the iPhone, to the iPads, to the watch. This was the final element to making the whole widget on the Mac."
ZDNet also notes that Firefox 84 offers WebRender, "Mozilla's faster GPU-based 2D rendering engine" for MacOS Big Sur, Windows devices with Intel Gen 6 GPUs, and Intel laptops running Windows 7 and 8. "Mozilla promises it will ship an accelerated rendering pipeline for Linux/GNOME/X11 users for the first time."

Firefox now also uses "more modern techniques for allocating shared memory on Linux," writes Mozilla, "improving performance and increasing compatibility with Docker."

And Firefox 85 will include a new network partitioning feature to make it harder for companies to track your web surfing.

"Cloudflare, Apple, and Fastly have co-designed and proposed a new DNS standard to tackle ongoing privacy issues associated with DNS," reports ZDNet.

Cloudflare calls it "a practical approach for improving privacy" that "aims to improve the overall adoption of encrypted DNS protocols without compromising performance and user experience..." Third-parties, such as ISPs, find it more difficult to trace website visits when DNS over HTTPS (DoH) is enabled. DoH deployment is on the cards for many major browser providers, although rollout plans are ongoing. Now, Oblivious DNS over HTTPS (ODoH) has been proposed by Cloudflare — together with partners PCCW Global, Surf, and Equinix — to improve on these models by adding an additional layer of public key encryption and a network proxy...

The overall aim of ODoH is to decouple client proxies from resolvers. A network proxy is inserted between clients and DoH servers — such as Cloudflare's 1.1.1.1's public DNS resolver — and the combination of both this and public key encryption "guarantees that only the user has access to both the DNS messages and their own IP address at the same time," according to Cloudflare... "The client behaves as it does in DNS and DoH, but differs by encrypting queries for the target, and decrypting the target's responses..."

Test clients for the code have been provided to the open source community to encourage experimentation with the proposed standard. It can take years before support is enabled by vendors for new DNS standards, but Eric Rescorla, Firefox's CTO, has already indicated that Firefox will "experiment" with ODoH.

Microsoft has raised the alarm today about a new malware strain that infects users' devices and then proceeds to modify browsers and their settings in order to inject ads into search results pages. From a report: Named Adrozek, the malware has been active since at least May 2020 and reached its absolute peak in August this year when it controlled more than 30,000 browsers each day. But in a report today, the Microsoft 365 Defender Research Team believes the number of infected users is much, much higher. Microsoft researchers said that between May and September 2020, they observed "hundreds of thousands" of Adrozek detections all over the globe. Based on internal telemetry, the highest concentration of victims appears to be located in Europe, followed by South and Southeast Asia. Microsoft says that, currently, the malware is distributed via classic drive-by download schemes. Users are typically redirected from legitimate sites to shady domains where they are tricked into installing malicious software. The boobytrapped software installs the Androzek malware, which then proceeds to obtain reboot persistence with the help of a registry key.

InfoWorld reports: Firefox users can expect improved JavaScript performance in the Firefox 83 browser, with the Warp update to the SpiderMonkey JavaScript engine enabled by default.

Also called WarpBuilder, Warp improves responsiveness and memory usage and speeds up page loads by making changes to JiT (just-in-time) compilers... Warp has been shown to be faster than Ion, SpiderMonkey's previous optimizing JiT, including a 20 percent improvement on Google Docs load time. Other JavaScript-intensive websites such as Netflix and Reddit also have shown improvement...

Warp has replaced the front end — the MIR building phase — of the IonMonkey JiT... Mozilla also will continue to incrementally optimize the back end of the IonMonkey JiT, as Mozilla believes there is still room for improvement for JavaScript-intensive workloads.

Rudra Saraswat is the creator of the Ubuntu Unity distro (which uses the Unity interface in place of Ubuntu's GNOME shell).

But this week they released Ubuntu Web Remix, "a privacy-focused, open source alternative to Google Chrome OS/Chromium OS" using Firefox instead of Google Chrome/Chromium. Liliputing reports: If the name didn't give it away, this operating system is based on Ubuntu, but it's designed to offer a Chrome OS-like experience thanks to a simplified user interface and a set of pre-installed apps including the Firefox web browser, some web apps from /e/, and Anbox, a tool that allows you to run Android apps in Linux...

You don't get the long battery life, cloud backup, and many other features that make Chromebooks different from other laptops (especially other cheap laptops). But if you're looking for a simple, web-centric operating system that isn't made by a corporate giant? Then I guess it's nice to have the option.
Rudra Saraswat writes: An easy web-app (wapp) format has been created to package web-apps for the desktop. You can now create your own web apps using web technologies, package them for the desktop and install them easily.

An experimental wapp store can be found at store.ubuntuweb.co, for distributing web apps. Developers and packagers can do pull requests at gitlab.com/ubuntu-web/ubuntu-web.gitlab.io to contribute wapps.

Mozilla has opened today a public comment and consultation period about the ways it could enable support for the controversial privacy-centric DNS-over-HTTPS (DoH) protocol inside Firefox. From a report: The browser maker's decision to open a rare public consultation period comes after the organization faced criticism last year in the UK for its plans to support DoH inside Firefox. UK government officials, law enforcement agencies, and local internet service providers criticized Mozilla for developing and wanting to roll out DoH, a feature they said could have helped suspects bypass enterprise firewalls and parental controls blocklists -- even earning the browser maker a nomination for an "Internet Villain" award from a local ISP. All last year's hoopla was caused by DoH, a web protocol developed as an alternative to the classic DNS (Domain Name System). DoH works by encrypting DNS queries (which are normally sent out in clear text) and hiding them inside normal-looking HTTPS web traffic.