"Mozilla is no longer fighting for market share of its browser: it is fighting for the future of the web," writes the Guardian, citing Mozilla Project co-founder Mitchell Baker: Baker's pitch is that only Mozilla is motivated, first and foremost, to make using the web a pleasurable experience. Google's main priority is to funnel user data into the enormous advertising engine that accounts for most of its revenue. Apple's motivation is to ensure that customers continue to buy a new iPhone every couple of years and don't switch to Android...."

Firefox now runs sites such as Facebook in "containers", effectively hiving the social network off into its own little sandboxed world, where it can't see what's happening on other sites. Baker says: "It reduces Facebook's ability to follow you around the web and track you when you're not on Facebook and just living your life...." Mozilla has launched Monitor, a data-breach reporting service; Lockwise, a password manager; and Send, a privacy-focused alternative to services such as WeSendit. It's also beta-testing a VPN (virtual private network) service, which it hopes to market to privacy-conscious users...

Apple's iOS (mobile operating system) is an acknowledged disaster for Mozilla. Safari is the default and, while users can install other browsers, they come doubly hindered: they can never be set as the default, meaning any link clicked in other applications will open in Safari; and they must use Safari's "rendering engine", a technical limitation that means that even the browsers that Firefox does have on the platform are technically just fancy wrappers for Apple's own browser, rather than full versions of the service that Mozilla has built over the decades... "Even if you do download a replacement, iOS drops you back into the default. I don't know why that's acceptable. Every link you open on a phone is the choice of the phone maker, even if you, as a user, want something else."
Summarizing Baker's concerns, the Guardian writes that "It is perfectly possible to build a browser that prevents advertising companies from aggregating user data. But it is unlikely that any browser made by an advertising company would offer such a feature..."

And an activist for the Small Technology Foundation tells them that Google "wants the web to go through Google. It already mostly does: with eyes on 70% to 80% of the web."

slack_justyb writes: Mozilla has been heavily invested in WebAssembly with Firefox, and today, the organization teamed up with a few others to form the new Bytecode Alliance, which aims to create "new software foundations, building on standards such as WebAssembly and WebAssembly System Interface (WASI)." Mozilla has teamed up with Intel, Red Hat, and Fastly to found the alliance, but more members are likely to join over time. The goal of the Bytecode Alliance is to create a new runtime environment and language toolchains which are secure, efficient, and modular, while also being available on as many platforms and devices as possible. The technologies being developed by the Bytecode Alliance are based on WebAssembly and WASI, which have been seen as a potential replacement for JavaScript due to more efficient code compiling, and the expanded capabilities of being able to port C and C++ code to the web. To kick things off, the founding members have already contributed a number of open-source technologies to the Bytecode Alliance, including Wasmtime, a lightweight WebAssembly runtime; Lucet, an ahead-of-time compiler; WebAssembly Micro Runtime; and Cranelift.

"Microsoft is bringing Edge to Linux, for all the Microsoft fans running Linux," jokes the headline at the Inquirer. ("We can just imagine the amount of bunting and party poppers that the Linux community has just ordered. After all, why wouldn't you want a browser from the company that you joined Linux to get away from?") And the headline at Liliputting quips that the Edge browser "is coming to Linux (whether you want it or not)," calling the move "the latest evidence that Microsoft's relationship to Linux has changed a lot in recent years.

But TechRadar had an even more sardonic headline. "Hell freezes over as Microsoft Edge comes to Linux." One other thing to consider is that the introduction of Edge to Linux is something of a thorny subject in that the folks who choose a Linux distro often do so to break away from the chains of Microsoft and Windows (or indeed Apple). So certainly some of the more fervent open source types out there may not welcome a Microsoft browser with open arms, and doubtless it will be regarded with suspicion in some quarters. No matter how much Microsoft has been banging the open source drum in many different ways in recent times.

That said, there will doubtless be Linux users who are curious, and may want to pick up a mainstream alternative to Firefox on Linux which, when compared to Chrome -- with its famous memory hogging antics -- makes a far preferable choice in some respects. Edge will also do streaming better (by default Chrome limits you to 720p when you're trying to watch a spot of Netflix). All the testing feedback about Edge has been pretty positive in the main thus far, too, so maybe that will persuade even doubters to at least consider it.

One thing's for sure: it will certainly be interesting to see the reaction Microsoft's browser gets when it is deployed to Linux.
Edge may face a rocky reception. "I am not feeling a tingling all over at the thought of Edge coming to Linux," posted one commenter on Beta News. "It's not really necessary to bring Linux down to the level of Windows 10."

But how do Slashdot's readers feel? What's your reaction to the news that Microsoft's Edge browser is coming to Linux?

Long-time Slashdot reader slack_justyb shares this story from Ars Technica: Scammers are actively exploiting a bug in Firefox that causes the browser to lock up after displaying a message warning the computer is running a pirated version of Windows that has been hacked... The message then advises the person to call a toll-free number in the next five minutes or face having the computer disabled...

Jérôme Segura, head of threat intelligence at security provider Malwarebytes, said the Firefox bug is being exploited by several sites... On Monday, Segura reported the bug to the Bugzilla forum. He said he has since received word Mozilla is actively working on a fix. In a statement sent seven hours after this post went live, a Mozilla representative wrote: "We are working on a fix to the authentication prompt bug that we expect to land in the next couple of releases (either in Firefox 71 or 72)."

harrymcc writes: On November 9 2004, a new version of Mozilla's browser called Firefox shipped. It was taking on one of the most daunting monopolies in tech: Microsoft's Internet Explorer, which had more than 90 percent market share. But Firefox was really good, and it became an instant hit, ending Microsoft's dominance of the web. Over at Fast Company, Sean Captain took a look at the browser's original rise, the challenges it faced after Google's Chrome arrived on the scene, and the moves it's currently making to put user privacy first.

All major browsers -- including Chrome, Firefox, Safari, Opera, Microsoft Edge, Vivaldi, Brave -- have plans to support DNS-over-HTTPS (or DoH), a protocol that encrypts DNS traffic and helps improve a user's privacy on the web. From a report: The DoH protocol has been one of the year's hot topics. It's a protocol that, when deployed inside a browser, it allows the browser to hide DNS requests and responses inside regular-looking HTTPS traffic. Doing this makes a user's DNS traffic invisible to third-party network observers, such as ISPs. But while users love DoH and have deemed it a privacy boon, ISPs, networking operators, and cyber-security vendors hate it. A UK ISP called Mozilla an "internet villain" for its plans to roll out DoH, and a Comcast-backed lobby group has been caught preparing a misleading document about DoH that they were planning to present to US lawmakers in the hopes of preventing DoH's broader rollout. However, this may be a little too late. ZDNet has spent the week reaching out to major web browser providers to gauge their future plans regarding DoH, and all vendors plan to ship it, in one form or another.

An anonymous reader quotes a report from Ars Technica: Mozilla is urging Congress to reject the broadband industry's lobbying campaign against encrypted DNS in Firefox and Chrome. The Internet providers' fight against this privacy feature raises questions about how they use broadband customers' Web-browsing data, Mozilla wrote in a letter sent today to the chairs and ranking members of three House of Representatives committees. Mozilla also said that Internet providers have been giving inaccurate information to lawmakers and urged Congress to "publicly probe current ISP data collection and use policies." DNS over HTTPS helps keep eavesdroppers from seeing what DNS lookups your browser is making. This can make it more difficult for ISPs or other third parties to monitor what websites you visit.

"Unsurprisingly, our work on DoH [DNS over HTTPS] has prompted a campaign to forestall these privacy and security protections, as demonstrated by the recent letter to Congress from major telecommunications associations. That letter contained a number of factual inaccuracies," Mozilla Senior Director of Trust and Security Marshall Erwin wrote. This part of Erwin's letter referred to an Ars article in which we examined the ISPs' claims, which center largely around Google's plans for Chrome. The broadband industry claimed that Google plans to automatically switch Chrome users to its own DNS service, but that's not what Google says it is doing. Google's publicly announced plan is to "check if the user's current DNS provider is among a list of DoH-compatible providers, and upgrade to the equivalent DoH service from the same provider." If the user-selected DNS service is not on that list, Chrome would make no changes for that user.

An anonymous reader quotes ZDNet: In a move to fight spam and improve the health of the web, Firefox will hide those annoying notification popups by default starting next year, with the release of Firefox 72, in January 2020, ZDNet has learned from a Mozilla engineer.

The move comes after Mozilla ran an experiment back in April this year to see how users interacted with notifications, and also looked at different ways of blocking notifications from being too intrusive. Usage stats showed that the vast majority (97%) of Firefox users dismissed notifications, or chose to block a website from showing notifications at all...

As a result, Mozilla engineers have decided to hide the notification popup that drops down from Firefox's URL bar, starting with Firefox 72. If a website shows a notification, the popup will be hidden by default, and an icon added to the URL bar instead. Firefox will then animate the icon using a wiggle effect to let the user know there's a notification subscription popup available, but the popup won't be displayed until the user clicks the icon.
Mozilla is the first browser vendor to block notification popups by default, according to the article. It's already available in Firefox Nightly versions, but will be added to the stable branch in January.

"I think Mozilla's decision is good for the health of the web," Jérôme Segura, malware analyst at Malwarebytes tells ZDNet.

An anonymous reader quotes a report from ZDNet: Mozilla has announced today plans to discontinue one of the three methods through which extensions can be installed in Firefox. Starting next year, Firefox users won't be able to install extensions by placing an XPI extension file inside a special folder inside a user's Firefox directory. The method, known as sideloading, was initially created to aid developers of desktop apps. In case they wanted to distribute a Firefox extension with their desktop app, the developers could configure the app's installer to drop a Firefox XPI extension file inside the Firefox browser's folder.

This method has been available to Firefox extension developers since the browser's early days. However, today, Mozilla announced plans to discontinue supporting sideloaded extensions, citing security risks. Mozilla plans to stop supporting this feature next year in a two-phase plan. The first will take place with the release of Firefox 73 in February 2020. Firefox will continue to read sideloaded extensions, but they'll be slowly converted into normal add-ons inside a user's Firefox profile, and made available in the browser's Add-ons section. By March 2020, with the release of Firefox 74, Mozilla plans to completely remove the ability to sideload an extension. By that point, Mozilla hopes that all sideloaded extensions will be moved inside users' Add-ons section.

Fedora 31 has just rolled out the door. From a report: Is it an exciting release? No, not really. Sure, enthusiasts will find themselves thrilled withe inclusion of the GNOME 3.34 desktop environment (with Qt Wayland by default), Linux 5.3 kernel, and Mesa 9.2, but otherwise, it is fairly boring. You know what? That's not a bad thing. In 2019, Fedora is simply a mature and stable operating system that only needs to follow an evolutionary path at this time -- not revolutionary. It stands alone as the world's best desktop Linux distribution. "Fedora 31 Workstation provides new tools and features for general users as well as developers with the inclusion of GNOME 3.34. GNOME 3.34 brings significant performance enhancements which will be especially noticeable on lower-powered hardware. Fedora 31 Workstation also expands the default uses of Wayland, including allowing Firefox to run natively on Wayland under GNOME instead of the XWayland backend as with prior releases," says The Fedora Project.

An anonymous reader writes: Mozilla said today that "no money is being exchanged to route DNS requests to Cloudflare" as part of the DNS-over-HTTPS (DoH) feature that is currently being gradually enabled for Firefox users in the US. The browser maker has been coming under heavy criticism lately for its partnership with Cloudflare. Many detractors say that by using Cloudflare as the default DoH resolver for Firefox, Mozilla will help centralize a large chunk of DNS traffic on Cloudflare's service. Critics of this decision include regular users, but also ISP-backed lobby groups, according to a recent report citing leaked documents. But according to Mozilla, they're not getting paid for this, and are only doing it for Firefox user privacy.

Internet giant Comcast is lobbying U.S. lawmakers against plans to encrypt web traffic that would make it harder for internet service providers (ISPs) to determine your browsing history, Motherboard reported Wednesday, citing a lobbying presentation. From the report: The plan, which Google intends to implement soon, would enforce the encryption of DNS data made using Chrome, meaning the sites you visit. Privacy activists have praised Google's move. But ISPs are pushing back as part of a wider lobbying effort against encrypted DNS, according to the presentation. Technologists and activists say this encryption would make it harder for ISPs to leverage data for things such as targeted advertising, as well as block some forms of censorship by authoritarian regimes.

Mozilla, which makes Firefox, is also planning a version of this encryption. "The slides overall are extremely misleading and inaccurate, and frankly I would be somewhat embarrassed if my team had provided that slide deck to policy makers," Marshall Erwin, senior director of trust and safety at Mozilla, told Motherboard in a phone call after reviewing sections of the slide deck. "We are trying to essentially shift the power to collect and monetize peoples' data away from ISPs and providing users with control and a set of default protections," he added, regarding Mozilla's changes.

An anonymous reader writes: Mozilla developers are working on adding an automatic page translation feature to Firefox, similar to the one included in Google Chrome. However, Firefox's page translation feature will be different from the one supported in Google Chrome. Instead of relying on cloud-based text translation services (like Google Translate, Bing Translator, or Yandex.Translate), Firefox will use a client-side, machine learning-based translation library, currently being developed part of the Bergamot Project, which received $3.35 million in EU funding from the European Union's Horizon 2020 research and innovation programme.

An anonymous reader writes: Mozilla today launched Firefox 70 for Windows, Mac, Linux, Android, and iOS. Firefox 70 includes social tracking protection, a Privacy Protections report, new Lockwise features, and performance improvements on Windows and macOS. Firefox 70 for desktop is available for download now on Firefox.com, and all existing users should be able to upgrade to it automatically. The Android version is trickling out slowly on Google Play and the iOS version is on Apple's App Store. According to Mozilla, Firefox has about 250 million active users, making it a major platform for web developers to consider. With Firefox 70, Mozilla now also includes social tracking protection under the Standard setting. It blocks cross-site tracking cookies from sites like Facebook, Twitter, and LinkedIn.

If you plan on streaming content from the new Disney+ streaming service on Linux devices, you'll likely be greeted with Error Code 83. Fedora Linux package maintainer Hans De Goede from the Netherlands first made the unpleasant discovery. gHacks reports: De Goede noticed that Disney+ would not work in any of the web browsers that he tried on systems running Fedora Linux. He tried Firefox and Chrome, and both times Disney+ threw the error "error code 83." Disney+ Support was not able to assist de Goede. It replied with a generic message stating that the error was known and that it happened often when customers tried to play Disney+ in web browsers or using certain devices. Support recommended to use the official applications on phones or tablets to watch the shows or movies. Other streaming services, e.g. Netflix, work fine on Linux.

A user on the Dutch site Tweakers dug deeper and uncovered the response code that the site returned when a device or browser was used that could not be used to play streams. According to the information, error code 83 means that the platform verification status is incompatible with the security level. Disney uses the DRM solution Widevine to protect its streams from unauthorized activity. Widevine supports three different security levels, called 1, 2 and 3, which have certain requirements. The supported level determines the maximum stream quality and may even prevent access to a stream if the requirements are not met. It appears that Disney set Widevine to a more restrictive level than its competitors. The decision affects Disney+ on Linux devices and on other devices that don't support the selected Widevine security standard.

CNET reports on a new crowdsourced public awareness campaign: Mozilla is publishing anecdotes of YouTube viewing gone awry -- anonymous stories from people who say they innocently searched for one thing but eventually ended up in a dark rabbit hole of videos. It's a campaign aimed at pressuring Google's massive video site to make itself more accessible to independent researchers trying to study its algorithms. "The big problem is we have no idea what is happening on YouTube," said Guillaume Chaslot, who is a fellow at Mozilla, a nonprofit best known for its unit that makes and operates the Firefox web browser.

Chaslot is an ex-Google engineer who has investigated YouTube's recommendations from the outside after he left the company in 2013. (YouTube says he was fired for performance issues.) "We can see that there are problems, but we have no idea if the problem is from people being people or from algorithms," he said....

Mozilla is publishing 28 stories it's terming #YouTubeRegrets; they include, for example, an anecdote from someone who who said a search for German folk songs ended up returning neo-Nazi clips, and a testimonial from a mother who said her 10-year-old daughter searched for tap-dancing videos and ended up watching extreme contortionist clips that affected her body image.

Following the beta period, one of the best and most popular Linux-based desktop operating systems reaches a major milestone -- you can now download Ubuntu 19.10! Code-named "Eoan Ermine", the distro is better and faster then ever. From a report: By default, Ubuntu 19.10 comes with one of the greatest desktop environments -- GNOME 3.34. In addition, users will be delighted by an all-new optional Yaru light theme. There is even baked-in support for the Raspberry Pi 4. The kernel is based on Linux 5.3 and comes with support for AMD Navi GPUs. There are plenty of excellent pre-installed programs too, such as LibreOffice 6.3, Firefox 69, and Thunderbird 68. While many users will be quick to install Google Chrome, I would suggest giving Firefox a try -- it has improved immensely lately. "With GNOME 3.34, Ubuntu 19.10 is the fastest release yet with significant performance improvements delivering a more responsive and smooth experience, even on older hardware. App organization is easier with the ability to drag and drop icons into categorized folders, while users can select light or dark Yaru theme variants depending on their preference or for improved viewing accessibility. Native support for ZFS on the root partition is introduced as an experimental desktop installer option. Coupled with the new zsys package, benefits include automated snapshots of file system states, allowing users to boot to a previous update and easily roll forwards and backwards in case of failure," says Canonical.

An anonymous reader quotes a report from ZDNet: Firefox is the only browser that received top marks in a recent audit carried out by Germany's cyber-security agency -- the German Federal Office for Information Security (or the Bundesamt fur Sicherheit in der Informationstechnik -- BSI). The BSI tested Mozilla Firefox 68 (ESR), Google Chrome 76, Microsoft Internet Explorer 11, and Microsoft Edge 44. The tests did not include other browsers like Safari, Brave, Opera, or Vivaldi. The audit was carried out using rules detailed in a guideline for "modern secure browsers" that the BSI published last month, in September 2019. The BSI normally uses this guide to advise government agencies and companies from the private sector on what browsers are safe to use. The article includes a list of all the minimum requirements required for the BSI to consider a browser "secure." It also lists the areas where the other browsers failed, such as: Lack of support for a master password mechanism (Chrome, IE, Edge); No built-in update mechanism (IE), and No option to block telemetry collection (Chrome, IE, Edge).

An anonymous reader writes: The Mozilla Developer Network just launched their own video channel on YouTube this week. There's currently seven videos, offering tutorials like "The Secret Button to get Three Panels of Developer Tools" and "Coding a Dark Mode for your web site."

And tweets from a Mozilla Community Lead suggest it may soon feature something from the View Source Conference in Amsterdam.

An anonymous reader quotes ZDNet: A Russian cyber-espionage hacker group has been spotted using a novel technique that involves patching locally installed browsers like Chrome and Firefox in order to modify the browsers' internal components. The end goal of these modifications is to alter the way the two browsers set up HTTPS connections, and add a per-victim fingerprint for the TLS-encrypted web traffic that originates from the infected computers...

According to a Kaspersky report published this week, hackers are infecting victims with a remote access trojan named Reductor, through which they are modifying the two browsers. This process involves two steps. They first install their own digital certificates to each infected host. This would allow hackers to intercept any TLS traffic originating from the host. Second, they modify the Chrome and Firefox installation to patch their pseudo-random number generation (PRNG) functions. These functions are used when generating random numbers needed for the process of negotiating and establishing new TLS handshakes for HTTPS connections.

Turla hackers are using these tainted PRNG functions to add a small fingerprint at the start of every new TLS connection.
The attack is being attributed to Turla, "a well-known hacker group believed to operate under the protection of the Russian government," ZDNet reports. And though the remote-access trojan already grants full control over a victim's device, one theory is the modified browsers offer "a secondary surveillance mechanism" if that trojan was discovered and removed. Researchers believe the malware is installed during file transfers over HTTP connections, suggesting an ISP had been compromised, according to the article.

"A January 2018 report from fellow cyber-security firm ESET revealed that Turla had compromised at least four ISPs before, in Eastern Europe and the former Soviet space, also with the purpose of tainting downloads and adding malware to legitimate files."