Mozilla and Scroll have made an earlier-announced partnership slightly more official today with the wider release of a browser extension called "Firefox Better Web." It's part of Firefox's ongoing effort to combat tracking on the web, but with the small twist that it includes the option to sign up for Scroll. The Verge reports: Scroll, if you don't recall, is the $5-a-month service that stops ads from loading on certain websites. It's not technically an ad blocker, but rather lets publishers know they shouldn't serve them in the first place when you visit. For a limited time, the subscription will cost $2.50 per month for the first six months. The Mozilla partnership essentially builds Scroll into a package of tools that Mozilla offers as a test pilot. The idea is to see how far Firefox can go blocking trackers and other malfeasance (short of full ad blocking) without fully breaking the web or de-funding publishers.

The extension includes Scroll and also a "customized Enhanced Tracking Protection setting that will block third-party trackers, fingerprinters, and cryptominers," according to Mozilla. It will work across different desktop browsers, but of course it is designed primarily to be used with Firefox. The deal with Mozilla should get Scroll a much larger userbase, but neither company would disclose any financial terms. Scroll takes a 30 percent cut of your subscription fee and pays the rest out to its partner publishers based on your web browsing habits. It tracks those habits automatically, and the company tells me that it will soon offer users tools to delete their data -- on top of a pledge to never sell that data. Scroll also pledges to make it easier for small publishers to sign up through an automated system soon.

Firefox, the global web browser from Mozilla, is launching a new subscription product Tuesday called the "Firefox Better Web initiative," and it will feature former Chartbeat CEO Tony Haile's new product Scroll as a launch partner. From a report: It's uncommon for a web browser to launch a product that's explicitly tied to paying out publishers. Scroll's business is all about paying publishers for their content while giving users a better ad experience. The test pilot for the product, which is a subscription to a privacy-first Firefox extension, will only be available in the U.S. The money from a membership ($4.99 monthly, $2,99 for first six months) goes directly to fund publishers and writers.

Mozilla has announced plans to remove support for the FTP protocol from Firefox. Going forward, users won't be able to download files via the FTP protocol and view the content of FTP links/folders inside the Firefox browser. From a report: "We're doing this for security reasons," said Michal Novotny, a software engineer at the Mozilla Corporation, the company behind the Firefox browser. "FTP is an insecure protocol and there are no reasons to prefer it over HTTPS for downloading resources," he said. "Also, a part of the FTP code is very old, unsafe and hard to maintain and we found a lot of security bugs in it in the past." Novotny says Mozilla plans to disable support for the FTP protocol with the release of Firefox 77, scheduled for release in June this year.

Tim Anderson reporting via The Register: The first thing users will see after updating to Mozilla's latest browser, Firefox 74, is a prompt to install the Facebook Container add-on. The Facebook Container add-on is not new, but has been enhanced in its latest version, 2.1.0, with the ability to add custom sites to the container so that you can "login with Facebook wherever you need to." The purpose of the Facebook Container is to let you continue to use Facebook but without having the social network site track your browsing elsewhere. "Installing this extension closes your Facebook tabs, deletes your Facebook cookies, and logs you out of Facebook," say the docs.

When you visit Facebook and log in, the cookies it plants are isolated to the container. This prevents Facebook Like buttons and embedded comments from working on other sites. There is also an issue with sites that require or offer a Facebook login, which you can now overcome by adding those sites to the container. Sites are added by clicking a fence icon and selecting "Allow site in Facebook container." The effect is like having two web browsers, one in which you are logged into Facebook and subject to potential tracking on any site which has Facebook content, and another where Facebook has no knowledge of you.

Mozilla today launched Firefox 74 for Windows, Mac, and Linux. Firefox 74 includes stricter rules for add-ons, TLS 1.0 and TLS 1.1 disabled by default, and a handful of developer features.

"New academic research published last month looked at the phone-home [telemetry] features of six of today's most popular browsers and found that the Brave browser sent the smallest amount of data about its users back to the browser maker's servers," reports ZDNet: The research, conducted by Douglas J. Leith, a professor at Trinity College at the University of Dublin, looked at Google Chrome, Mozilla Firefox, Apple Safari, Brave, Microsoft Edge (the new Chromium-based version), and the Yandex Browser.

"In the first (most private) group lies Brave, in the second Chrome, Firefox, and Safari, and in the third (least private) group lie Edge and Yandex...." [T]he professor found evidence that Chrome, Firefox, and Safari all tagged telemetry data with identifiers that were linked to each browser instance. These identifiers allowed Google, Mozilla, and Apple to track users across browser restarts, but also across browser reinstalls...

[T]he most intrusive phoning-home features were found in the new version of Microsoft Edge and the official Yandex Browser. According to Prof. Leith, both used unique identifiers that were linked to the device's hardware, rather than the browser installation. Tracking users by hardware allows Microsoft and Yandex to follow users across installations and potentially link browser installs with other apps and online identities. The professor said that Edge collected the hardware UUID of the user's computer, an identifier that cannot be easily changed or deleted without altering a computer's hardware. Similarly, Prof. Leith also found that Yandex transmitted a hash of the hardware serial number and MAC address to its backend servers.

"As far as we can tell this behaviour [in Edge and Yandex] cannot be disabled by users," the professor said.
The article also points out that Brave was the only browser that didn't use search autocomplete functionality to collect and send back information on a user's visited web pages. (Even though this can be disabled in Firefox, Chrome, and Safari, it's on by default.)

But Edge and Yandex "also sent back information about visited web pages that did not appear to be related to the search autocomplete feature, suggesting the browsers had other ways to track users' browsing habits."

J. Fergus, writing for Input: Someone finally did it. We can now follow who we want on our own terms and get that information chronologically. Fraidycat is an app and browser extension that allows just that. Though it launched in November 2019, Fraidycat recently got a massive update, widening its compatibility and adding a dark mode. The open-source tool, brought to you by Kicks Condor, is available for Linux, Mac, and Windows in addition to Mozilla Firefox and Chrome as an extension. Fraidycat definitely pulls from RSS feeds more easily, but it also works on Twitter, Instagram, and SoundCloud. You drop the link to the account you'd like to follow -- from Medium bloggers to Twitch streamers to vision board Pinterest-ers -- and set how frequently you'd like to see their posts. Label it, hit save, and posts will appear as often as you'd like. The recent update notably folds Kickstarter into the mix and collapses Twitter threads for readability.

Mozilla will add a new security sandbox system to Firefox on Linux and Firefox on Mac. The new technology, named RLBox, works by separating third-party libraries from an app's native code. From a report: This process is called "sandboxing," and is a widely used technique that can prevent malicious code from escaping from within an app and executing at the OS level. RLBox is an innovative project because it takes sandboxing to the next level. Instead of isolating the app from the underlying operating system, RLBox separates an app's internal components -- namely its third-party libraries -- from the app's core engine. This technique prevents bugs and exploits found inside a third-party library from impacting another project that uses the same library.

Mozilla will bring its new DNS-over-HTTPS security feature to all Firefox users in the U.S. by default in the coming weeks, the browser maker has confirmed. From a report: It follows a year-long effort to test the new security feature, which aims to make browsing the web more secure and private. Whenever you visit a website -- even if it's HTTPS enabled -- the DNS query that converts the web address into an IP address that computers can read is usually unencrypted. DNS-over-HTTPS, or DoH, encrypts the request so that it can't be intercepted or hijacked in order to send a user to a malicious site. These unencrypted DNS queries can also be used to snoop on which websites a user visits. DoH works at the app-level, and is baked into Firefox. The feature relies on sending DNS queries to third-party providers -- such as Cloudflare and NextDNS -- both of which will have their DoH offering baked into Firefox and will process DoH queries.

Apple is considering giving rival apps more prominence on iPhones and iPads and opening its HomePod speaker to third-party music services after criticism the company provides an unfair advantage to its in-house products. From a report: The technology giant is discussing whether to let users choose third-party web browser and mail applications as their default options on Apple's mobile devices, replacing the company's Safari browser and Mail app, according to people familiar with the matter. Since launching the App Store in 2008, Apple hasn't allowed users to replace pre-installed apps such as these with third-party services. That has made it difficult for some developers to compete, and has raised concerns from lawmakers probing potential antitrust violations in the technology industry.

The web browser and mail are two of the most-used apps on the iPhone and iPad. To date, rival browsers like Google Chrome and Firefox and mail apps like Gmail and Microsoft Outlook have lacked the status of Apple's products. For instance, if a user clicks a web link sent to them on an iPhone, it will automatically open in Safari. Similarly, if a user taps an email address -- say, from a text message or a website -- they'll be sent to the Apple Mail app with no option to switch to another email program. The Cupertino, California-based company also is considering loosening restrictions on third-party music apps, including its top streaming rival Spotify, on HomePods, said the people, who asked not to be named discussing internal company deliberations.

Mozilla has a new virtual private network service and if you have a Chromebook, a Windows 10 computer or an Android device in the US, you can start using a beta version now. From a report: Called Firefox Private Network, the new service is designed to function as a full-device VPN and give better protection when surfing the web or when using public Wi-Fi networks. The company offers two options: a free browser-extension version, which it launched in beta last year, that provides 12 one-hour VPN passes when using the Firefox browser and a Firefox account; and a second, $4.99-a-month option that provides a more complete VPN service across your whole device. The new paid option, which runs off of servers provided by Swedish open-source VPN company Mullvad, can protect up to five devices with one account. It allows for faster browsing and streaming, and gives you the ability to tap into servers located in "30-plus countries" for masking your location data.

Waterfox is an open-source web browser for x64, ARM64, and PPC64LE systems, "intended to be speedy and ethical, and maintain support for legacy extensions dropped by Firefox, from which it is forked," according to Wikipedia. (Its tabs also still have angled sides with rounded corners.)

Friday Waterfox's original creator, 24-year-old Alexandros Kontos, announced that the browser "now has funding and a development team, so Waterfox can finally start to grow!" after its acquisition by a company called System1. I started Waterfox when I was 16. It was a way for me to understand how large software projects worked and the Mozilla documentation was a great introduction... I've touted Waterfox as an ethical and privacy friendly browser... I never wanted Waterfox to be a part of the hyper-privacy community. It would just feel like standards that would be impossible to uphold, especially for something such as a web browser on the internet. Throughout the years people have always asked about Waterfox and privacy, and if they've ever wanted more than it can afford, I've always pushed them to use Tor. Waterfox was here for customisations and speed, with a good level of privacy...

I wasn't doing anything with Waterfox except developing it and making some money via search. Why I kept going throughout the years, I'll never know... System1 has been to Waterfox a search syndication partner. Essentially a way to have a search engine partnership (such as Bing) is through them, because companies such as Microsoft are too big and too busy to talk to small players such as Waterfox... It's probably the one easy way a browser can make money without doing anything dodgy, and it's a way I've been happy to do it without having to compromise Waterfox (and will be the same way System1 makes money from Waterfox -- nothing else). People also don't seem to understand what System1 does...
"Now I can finally focus on making Waterfox into a viable alternative to the big browsers," Kontos concludes.

Long-time Slashdot reader Freshly Exhumed contextualized the news with this brief history of the alternate browser ecosystem: As the usage share of web browsers continues to show a lopsideded dominance by Google Chrome, many previously-independent browsers have fallen by the wayside or have been reinvented as Chrome variants (i.e. Opera, Edge, Brave). Apple forges on with its Safari browser while other, smaller projects tend to be quite limited for multi-platform users, such as Dolphin and Bromite.

Mozilla continues independently with Firefox for almost every platform, while variants such as Pale Moon and Sea Monkey have attempted to provide products that avoid drastic and/or controversial changes made by Mozilla but sometimes do not match the multi-platform support of Firefox. Let us not forget Tor, the Firefox-based anonymity-focused browser.

Alex Kontos is a developer who attempted to provide continuity with dropped Firefox capabilities in his multi-platform Waterfox browser, proudly declaring that Firefox's user data sharing and telemetry collection was not included. For that privacy focus a certain popularity of Waterfox occurred. Now Kontos has revealed that his Waterfox project has been sold to System1, a company describing itself as "a consumer internet and applications company with the most powerful audience expansion platform in the industry."

"Lazy Loading" would augment HTML's <img> tag (and <iframe> tag) with two new attributes -- "eager" (to load immediately) and "lazy" (to load only when it becomes relevant in the viewport).

Felix Arntz, a developer programs engineer at Google (and a WordPress core committer) notes the updates in the HTML specification for the lazy loading attributes, adding that it's "already supported by several browsers, including Chrome and Edge" and also the Android browser and Opera.

And lazy loading can now also be toggled on for Firefox 75 Nightly users, reports Neowin, though it's disabled by default: It's not clear if it will be enabled by the time Firefox 75 reaches the stable branch but according to comments on the Bugzilla thread, it's in high demand. Previously, websites could employ lazy loading by using JavaScript but now lazy loading syntax is supported directly in the web browser.

The implementation in Firefox comes after Google added the feature to its browser.
Google's Arntz has also written a post describing a proposal to begin lazy-loading images by default in Wordpress. The proposed solution is available as a feature plugin WP Lazy Loading in the plugin repository. The plugin is being developed on GitHub. Your testing and feedback will be much appreciated.

Mozilla today released Firefox 73 for Windows, Mac, Linux, and Android. Firefox 73 includes a default zoom level setting, a readability backplate option, and a handful of developer features.

The "Suggested" section on the Windows 10 Start Menu used to just promote its own apps, reports MSPowerUser. But for some users (who haven't disable Microsoft's "Suggestions"), that menu is now showing a new kind of ad listing: The listing displays "Still using Firefox? Microsoft Edge is here", to all users of the former -- even with the latter already installed.

The ad provides a link to download the chromium-based browser.

Undoubtedly, the suggestions won't end here. Microsoft is reportedly planning to sprawl similar ads out to Wordpad, to encourage users to download official Office apps.
The Windows Latest blog points out that Microsoft's "Suggestions" can be "permanently disabled with a few tweaks unlike the Chrome ads in Google search results."

There is now a special page in the Firefox browser where users can see what telemetry data Mozilla is collecting from their browser. From a report: Accessible by typing about:telemetry in the browser's URL address bar, this new section is a recent addition to Firefox. The page shows deeply technical information about browser settings, installed add-ons, OS/hardware information, browser session details, and running processes. The information is what you'd expect a software vendor to collect about users in order to fix bugs and keep a statistical track of its userbase. A Firefox engineer told ZDNet the page was primarily created for selfish reasons, in order to help engineers debug Firefox test installs. However, it was allowed to ship to the stable branch also as a PR move, to put users' minds at ease about what type of data the browser maker collects from its users.

Over the past two weeks, Mozilla's add-on review team has banned 197 Firefox add-ons that were caught executing malicious code, stealing user data, or using obfuscation to hide their source code. From a report: The add-ons have been banned and removed from the Mozilla Add-on (AMO) portal to prevent new installs, but they've also been disabled in the browsers of the users who already installed them. The bulk of the ban was levied on 129 add-ons developed by 2Ring, a provider of B2B software. The ban was enforced because the add-ons were downloading and executing code from a remote server. According to Mozilla's rules, add-ons must self-contain all their code, and not download code dynamically from remote locations. Mozilla has recently begun strictly enforcing this rule across its entire add-on ecosystem. A similar ban for downloading and executing remote code in users' Firefox browsers was also levied against six add-ons developed by Tamo Junto Caixa, and three add-ons that were deemed fake premium products (their names were not shared).

Slashdot reader SmartAboutThings writes: While Microsoft Edge is right on track to replace Internet Explorer, it seems that the last one is a bigger security liability then you may think. In a newly released advisory, the Cybersecurity and Infrastructure Security Agency (CISA) [an agency within America's Department of Homeland Security] is warning users about an IE vulnerability.

To keep your personal data safe and don't expose your PC to dangerous malware, the agency further recommends "Consider using Microsoft Edge or an alternate browser until patches are made available." As a reminder, this is not the first international agency that ranks IE's security very low, as Germany's BSI shared a couple of months back a similar study.
Lifehacker's senior technology editor notes that the new vulnerability affects "various permutations of Internet Explorer 9, 10, and 11 across Windows 7, 8.1, and Windows 10 (as well as various editions of Windows Server).

"The bad news is that Microsoft won't likely patch this problem until February -- when the next major batch of security updates hits." But they offer a work-around of their own until then which involves opening an administrative command prompt to restrict access to the deprecated JScript library used by the exploit.

Otherwise, don't click on links from strangers, and if you're using IE switch to Edge. And Microsoft explains what will happen if you used Internet Explorer to visit a web site designed to exploit the vulnerability. "If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system.

"An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."

An anonymous reader quotes a report from Motherboard: The Mozilla Foundation, the non-profit arm of the company known for its privacy-friendly web browser Firefox, released a guide today for helping students navigate ethical issues in the tech industry, in particular, during the recruitment process. The guide advises students not to work for companies that build technology that harms vulnerable communities, and to educate themselves "on governance" inside companies before taking a job. It also discusses unions drives, walkouts, petitions, and other forms of worker organizing.

The guide, which takes the form of a zine titled "With Great Tech Comes Great Responsibility," follows events hosted by the Mozilla Foundation last fall in partnership with six university campuses, including UC Berkeley, N.Y.U., M.I.T., Stanford, UC San Diego, and CSU Boulder. Not so subtly, it calls out Amazon, Palantir, and Google, which have faced backlash in recent months from tech workers as well as students on the campuses where they recruit. "Addressing ethical issues in tech can be overwhelming for students interested in working in tech. But change in the industry is not impossible. And it is increasingly necessary," reads the opening of the 11-page handbook -- citing military contracts, algorithmic bias, inhumane working conditions in warehouses, biased facial recognition software, and intrusive data mining as causes for concern.

The Verge argues that the browser wars "are back, but it's different this time."
The mobile web is broken and unfettered tracking and data sharing have made visiting websites feel toxic, but since the ecosystem of websites and ad companies can't fix it through collective action, it falls on browser makers to use technological innovations to limit that surveillance, however each company that makes a browser is taking a different approach to creating those innovations, and everybody distrusts everybody else to act in the best interest of the web instead of the best interest of their employers' profits... I've been avoiding getting into the precise details of the proposals out there to fix the tracking problem because things are changing so quickly across so many different tracks... Until then, know that there are two important things to know.

First: there are new browser technologies and limits coming that could radically change how ads work and could make it easier for you to protect your privacy no matter what browser you use. Since this is the web, it'll take time, but everybody seems committed. Second: the way many of us think about a Browser War is in terms of marketshare -- and that is the wrong metric this time. There is a browser war, but it won't be won or lost based on who can convince the most people to switch to their browser. Because most people can't or won't switch on the platform that matters: mobile.

In 2020, the desktop is a minor skirmish compared to browsers on phones. On phones, many people aren't really free to choose their browser. That's literally true on the iPhone, which Apple locks down so apps can only use its web rendering technology. And it's for-intents-and-purposes true on Android, where the vast majority of browsers just use Chromium. Yes, there is an Android browser ballot happening in Europe, but it's much too early to know what its effects will be....

The new Browser Wars aren't about who makes the fastest or best browser, they're about whose services you want and whose data policies you trust.