An anonymous reader writes: It's been some 18 months since VentureBeat's last browser benchmark battle. What better time to get the latest results than the start of a new year? Over the past year and a half, Google Chrome has continued to dominate market share, Mozilla Firefox has doubled down on privacy, Microsoft Edge has embraced Chromium, and Brave launched out of beta.

You can click on the individual test to see the results:
SunSpider: Edge wins!
Octane: Chrome wins!
Kraken: Firefox wins!
JetStream: Edge wins!
MotionMark: Edge wins!
Speedometer: Edge wins!
Basemark: Brave wins!
WebXPRT: Firefox wins!

The Chromium version of Edge did a lot better given that the stable release only arrived this week. We were expecting improvements, but not so many outright wins. That said, browser performance was solid across all four contestants -- each browser won at least one test. Performance of course shouldn't be your only consideration when picking your preferred app for consuming internet content. As long as you're using a browser that receives regular updates (and all four of these meet that criteria), you can expect performance to be solid. There is certainly room for improvement, but Chrome, Firefox, and now Edge, as well as Brave, are all quite capable.

According to TechCrunch, Mozilla has laid off about 70 employees today. From the report: In an internal memo, Mozilla chairwoman and interim CEO Mitchell Baker specifically mentions the slow rollout of the organization's new revenue-generating products as the reason for why it needed to take this decision. The overall number may still be higher, though, as Mozilla is still looking into how this decision will affect workers in the UK and France. In 2018, Mozilla Corporation (as opposed to the much smaller Mozilla Foundation) said it had about 1,000 employees worldwide.

Baker says laid-off employees will receive "generous exit packages" and outplacement support. She also notes that the leadership team looked into shutting down the Mozilla innovation fund but decided that it needed it in order to continue developing new products. In total, Mozilla is dedicating $43 million to building new products. "You may recall that we expected to be earning revenue in 2019 and 2020 from new subscription products as well as higher revenue from sources outside of search. This did not happen," Baker writes in her memo. "Our 2019 plan underestimated how long it would take to build and ship new, revenue-generating products. Given that, and all we learned in 2019 about the pace of innovation, we decided to take a more conservative approach to projecting our revenue for 2020. We also agreed to a principle of living within our means, of not spending more than we earn for the foreseeable future."

"As we look to the future, we know we must take bold steps to evolve and ensure the strength and longevity of our mission," Baker adds. "Mozilla has a strong line of sight to future revenue generation, but we are taking a more conservative approach to our finances. This will enable us to pivot as needed to respond to market threats to internet health, and champion user privacy and agency."

Microsoft today launched its new Edge browser based on Google's Chromium open source project. You can download Chromium Edge now for Windows 7, Windows 8, Windows 10, and macOS directly from microsoft.com/edge in more than 90 languages. From a report: Business features aside, there's also support for Chrome-based extensions, 4K streaming, Dolby audio, inking in PDF, and privacy tools. For the last one, it's worth noting that tracking prevention is on by default and offers three levels of control, like Firefox's tracking protection. Chrome extension support is probably the most important feature for most users. By default, extensions that have been ported over to Edge can be downloaded from the Microsoft Store. Chromium Edge also has an option to "Allow extensions from other stores" to get Chrome extensions from the Chrome Web Store. There are still a few features missing from Chromium Edge, most notably history sync and extension sync. Microsoft is working on these and some other inking functionality that it still wants to port from legacy Edge, as Microsoft is calling it. Microsoft also claims that Chromium Edge is "twice as fast as legacy Edge." Curiously, the team isn't making any claims against other browsers -- at least not yet.

In 2018 an associate technology editor at Fast Company's Co.Design wrote an article titled "Why I'm switching from Chrome to Firefox and you should too."

Today shanen shared a similar article from Digital Trends. Their writer announces that after years of experimenting with both browsers, they've also finally switched from Chrome to Mozilla Firefox -- "and you should too." The biggest draw for me was, of course, the fact that Mozilla Firefox can finally go toe-to-toe with Google Chrome on the performance front, and often manages to edge it out as well... Today, in addition to being fast, Firefox is resource-efficient, unlike most of its peers. I don't have to think twice before firing up yet another tab. It's rare that I'm forced to close an existing tab to make room for a new one. On Firefox, my 2015 MacBook Pro's fans don't blast past my noise-canceling headphones, which happened fairly regularly on Chrome as it pushed my laptop's fans to their helicopter-like limits to keep things running. This rare balance of efficiency and performance is the result of the countless under-the-hood upgrades Firefox has rolled out in the last couple of years...

Its Enhanced Tracking Protection framework keeps your identity safe by blocking trackers and cookies that otherwise follow you around the internet and collect sensitive information you probably didn't even know you were giving up. On top of that, Firefox can warn if a website is covertly mining cryptocurrency in the background. Most of these protections kick in by default and you have an exhaustive set of options to customize them the way you want. Firefox also lets you look into just how invasive a website is. It actively updates your personal privacy report so you can check how many trackers it has shut overall and for a specific website...

What really clinched the switch to Mozilla Firefox was the fact that it's the only cross-platform browser that's not running Google's open-source Chromium platform. Microsoft's Edge, Brave, Opera, Vivaldi -- each of these browsers run on Chromium, accelerating Google's dominance over the web even when you're not directly using a Chrome user. Firefox, on the other hand, is powered by Mozilla's in-house Gecko engine that's not dependent on Chromium in any way. It may not seem like as vital of a trait as I make it sound, but it truly is, even though Chromium is open-source. Google oversees a huge chunk of the web, including ads, browser, and search, and this supremacy has allowed the company to pretty much run a monopoly and set its own rules for the open internet...

Mozilla as a company has, despite a rocky journey, often taken bold stances in complex situations. In the Cambridge Analytica aftermath, Mozilla announced it would no longer run Facebook advertisements, cutting off direct marketing to over 2 billion users. In a world of tech companies taking frail, facile shots at protecting user privacy and barely delivering on their commitments, Mozilla is a breath of fresh air and you no longer have to live with any compromises to support it.

Mozilla has warned Firefox users to update their browser to the latest version after security researchers found a vulnerability that hackers were actively exploiting in "targeted attacks" against users. From a report: The vulnerability, found by Chinese security company Qihoo 360, was found in Firefox's just-in-time compiler. The compiler is tasked with speeding up performance of JavaScript to make websites load faster. But researchers found that the bug could allow malicious JavaScript to run outside of the browser on the host computer. In practical terms, that means an attacker can quietly break into a victim's computer by tricking the victim into accessing a website running malicious JavaScript code. But Qihoo did not say precisely how the bug was exploited, who the attackers were, or who was targeted.

Following in Mozilla's footsteps, Google announced today plans to hide notification popup prompts inside Chrome starting next month, February 2020. ZDNet reports: According to a blog post published today, Google plans to roll out a "quieter notification permission UI that reduces the interruptiveness of notification permission requests." The change is scheduled for Google Chrome 80, scheduled for release on February 4, next month.

Starting with Chrome 80 next month, Google's browser will also block most notification popups by default, and show an icon in the URL bar, similar to Firefox. When Chrome 80 launches next month, a new option will be added in the Chrome settings section that allows users to enroll in the new "quieter notification UI." Users can enable this option as soon as Chrome 80 is released, or they can wait for Google to enable it by default as the feature rolls out to the wider Chrome userbase in the following weeks. According to Google, the new feature works by hiding notification requests for Chrome users who regularly dismiss notification prompts. Furthermore, Chrome will also automatically block notification prompts on sites where users rarely accept notifications.

Mozilla today launched Firefox 72 for Windows, Mac, Linux, and Android. Firefox 72 includes fingerprinting scripts blocked by default, less annoying notifications, and Picture-in-Picture video on macOS and Linux. There isn't too much else here, as Mozilla has now transitioned Firefox releases to a four-week cadence (from six to eight weeks).

Mozilla has announced that it's rolling out changes under the California Consumer Privacy Act (CCPA) to all Firefox users worldwide. ZDNet reports: The CCPA, known as America's toughest privacy legislation, came into effect on January 1, 2020, offering Californian users data-protection rules better suited to today's world of data collection. Much like Europe's GDPR, the CCPA gives consumers the right to know what personal information is collected about them and to be able to access it. While the law technically only applies to data processed about residents in California, Microsoft has already announced that it will roll out CCPA rights to all its U.S. users so they can control their data.

The Californian proposal wasn't popular among Silicon Valley tech giants, but Mozilla notes it was one of the few companies to endorse CCPA from the outset. Mozilla has now outlined the key change it's made to Firefox, which will ensure CCPA regulations benefit all its users worldwide. The move would seem to make business sense too, saving Mozilla from having to ship a California-only version of Firefox and another version for the rest of the world. The main change it's introducing is allowing users to request that Mozilla deletes Firefox telemetry data stored on its servers. That data doesn't include web history, which Mozilla doesn't collect anyway, but it does include data about how many tabs were opened and browser session lengths. The new control will ship in the next version of Firefox due out on January 7, which will include a feature to request desktop telemetry data be deleted directly from the browser.

Long-time Slashdot reader UnderAttack writes: DNS over HTTPS has been hailed as part of a "poor mans VPN". Its use of HTTPS to send DNS queries makes it much more difficult to detect and block the use of the protocol.

But there are some kinks in the armor. Current clients, and most current DoH services, do not implement the optional passing option, which is necessary to obscure the length of the requested hostname. The length of the hostname can also be used to restrict which site a user may have access [to].

The Internet Storm Center is offering some data to show how this can be done.
Their article is by Johannes B. Ullrich, Ph.D. and Dean of Research at the SANS Technology Institute.

It notes that Firefox "seems to be the most solid DoH implementation. Firefox DoH queries look like any other Firefox HTTP2 connection except for the packet size I observed." And an open Firefox bug already notes that "With the availability of encrypted DNS transports in Firefox traffic analysis mitigations like padding are becoming relevant."

Because some internet websites unfairly block browsers from accessing their services, starting with Vivaldi 2.10, released today, the Vivaldi browser plans to disguise itself as Chrome to allow users to access websites that unfairly block them. From a report: Vivaldi will do this by modifying its default user-agent (UA) string to the UA string used by Chrome. A UA string is a piece of text that browsers send to websites when they initiate a connection. The UA String contains data about the browser type, rendering engine, and operating system. For example, a UA string for Firefox on Windows looks like this: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0. UA strings have been in use since the 90s. For decades, websites have used UA agent strings to fine-tune performance and features or block outdated browsers. However, many website owners these days use UA strings to block users from accessing their sites. Some do it because they're not willing to deal with browser-specific bugs, some do it because of pettiness, while big tech companies like Google and Microsoft have done it (and continue to do it) to sabotage competitors on the browser market.

Mozilla has announced that NextDNS would be joining Cloudflare as the second DNS-over-HTTPS (DoH) provider inside Firefox. From a report: The browser maker says NextDNS passed the conditions imposed by its Trusted Recursive Resolver (TRR) program, and can now be added as a second option for DoH inside Firefox. These conditions include (1) limiting the data NextDNS collects from the DoH server used by Firefox users; (2) being transparent about the data they collect; and (3) promising not to censor, filter, or block DNS traffic unless specifically requested by law enforcement.

DNS-over-HTTPS, or DoH, is a new feature that was added to Firefox last year. When enabled, it encrypts DNS traffic coming in and out of the browser. DNS traffic is not only encrypted but also moved from port 53 (for DNS traffic) to port 443 (for HTTPS traffic), effectively hiding DNS queries and replies inside the browser's normal stream of HTTPS content. This encrypted DNS traffic reaches a so-called DoH resolver. Here, the DoH traffic is decrypted and the DoH resolver makes the DNS query on the user's behalf, receives the result, encrypts it, and sends it back to the user's browser -- also disguised inside encrypted HTTPS content.

Android Authority argues that the new Microsoft Chromium Edge browser "is full of neat tricks" and "packs more features than Firefox": The final major feature is called Apps. Essentially, Apps allows you to download and install web pages and web apps for use without the Edge browser. Previously, you had to find these dedicated web apps via the Microsoft Store, but now Edge handles downloading and managing web apps all in the browser. For example, you can download the Twitter web app via Edge just by visiting the Twitter website and clicking "install this site as an app" from the settings menu. Once installed, you can run the webpage as an app directly from your desktop, taskbar, or start menu like any other piece of software. It's like saving links only better, as some web apps can run offline too. Alternatively, you can install the Android Authority webpage and run it as an app to catch up with the latest news without having to boot up Edge each time. It's pretty neat and something that I intend to use more often.

Overall, Edge offers everything you'll want in a web browser and more. Microsoft finally feels on the cutting edge of the internet.
The browser does have a smaller range of supported extensions, but you can also manually install Chrome extensions, according to the article. It adds that Microsoft Edge Chromium "typically uses just 70 to 75 percent of the RAM required by Chrome [and] is even more lightweight than Firefox."

And while acknowledging that Microsoft's Windows 10 "has its share" of telemetry issues, the article adds that "at no point during my couple of weeks with Edge have I noticed it thrashing my hard drive.

"Chrome has a habit of scanning various files on my computer, despite opting out of all the available data sharing options. This isn't great for system performance and raises obvious security questions."

An anonymous reader quotes Mike Melanson's "This Week in Programming" column: WebAssembly is a binary instruction format for a stack-based virtual machine and this week, the World Wide Web Consortium (W3C) dubbed it an official web standard and the fourth language for the Web that allows code to run in the browser, joining HTML, CSS and JavaScript... With this week's news, WebAssembly has officially reached version 1.0 and is supported in the browser engines for Firefox, Chrome, Safari, and Internet Explorer, and the Bytecode Alliance launched last month to help ensure "a WebAssembly ecosystem that is secure by default" and for bringing WebAssembly to outside-the-browser use.

Of course, not everything is 100% rosy. As pointed out by an article in The Register, WebAssembly also brings with it an increased level of obfuscation of what exactly is going on, giving it an increased ability to perform some surreptitious actions. For example, they cite one study that "found 'over 50 percent of all sites using WebAssembly apply it for malicious deeds, such as [crypto] mining and obfuscation.'" Nonetheless, with WebAssembly gaining this designation by W3C, it is, indeed, time to pay closer attention to the newly nominated Web language standard.

Mozilla announced this week that all developers of Firefox add-ons must enable a two-factor authentication (2FA) solution for their account. From a report: "Starting in early 2020, extension developers will be required to have 2FA enabled on AMO [the Mozilla Add-Ons portal]," said Caitlin Neiman, Add-ons Community Manager at Mozilla. "This is intended to help prevent malicious actors from taking control of legitimate add-ons and their users," Neiman added. When this happens, hackers can use the developers' compromised accounts to ship tainted add-on updates to Firefox users. Since Firefox add-ons have a pretty privileged position inside the browser, an attacker can use a compromised add-on to steal passwords, authentication/session cookies, spy on a user's browsing habits, or redirect users to phishing pages or malware download sites. These types of incidents are usually referred to as supply-chain attacks.

"Linux users can now stream shows and movies from the Disney+ streaming service after Disney lowered the level of their DRM requirements," reports Bleeping Computer: When Disney+ was first launched, Linux users who attempted to watch shows and movies were shown an error stating "Something went wrong. Please try again. If the problem persists, visit the Disney+ Help Center (Error Code 83)."

As explained by Hans de Goede, this error was being caused by the Disney+ service using the highest level of security for the Widevine Digital Rights Management (DRM) technology. As some Linux and Android devices did not support this higher DRM security level, they were unable to stream Disney+ shows in their browsers... Yesterday, Twitter users discovered that Disney+ had suddenly started working on Linux browsers after the streaming service tweaked their DRM security levels...

Even with Disney+ lowering the DRM requirements, users must first make sure DRM is enabled in the browser. For example, Disney+ will not work with Firefox unless you enable the "Play DRM-controlled content" setting in the browser.

Mozilla today removed four Firefox extensions made by Avast and its subsidiary AVG after receiving credible reports that the extensions were harvesting user data and browsing histories. From a report: The four extensions are Avast Online Security, AVG Online Security, Avast SafePrice, and AVG SafePrice. The first two are extensions that show warnings when navigating to known malicious or suspicious sites, while the last two are extensions for online shoppers, showing price comparisons, deals, and available coupons. Mozilla removed the four extensions from its add-ons portal after receiving a report from Wladimir Palant, the creator of the AdBlock Plus ad-blocking extension. Palant analyzed the Avast Online Security and AVG Online Security extensions in late October and found that the two were collecting much more data than they needed to work -- including detailed user browsing history, a practice prohibited by both Mozilla and Google.

Mozilla today released Firefox 71 for Windows, Mac, Linux, Android, and iOS. Firefox 71 includes Lockwise password manager improvements, Enhanced Tracking Protection tweaks, and Picture-in-Picture video on Windows.

"Mozilla is no longer fighting for market share of its browser: it is fighting for the future of the web," writes the Guardian, citing Mozilla Project co-founder Mitchell Baker: Baker's pitch is that only Mozilla is motivated, first and foremost, to make using the web a pleasurable experience. Google's main priority is to funnel user data into the enormous advertising engine that accounts for most of its revenue. Apple's motivation is to ensure that customers continue to buy a new iPhone every couple of years and don't switch to Android...."

Firefox now runs sites such as Facebook in "containers", effectively hiving the social network off into its own little sandboxed world, where it can't see what's happening on other sites. Baker says: "It reduces Facebook's ability to follow you around the web and track you when you're not on Facebook and just living your life...." Mozilla has launched Monitor, a data-breach reporting service; Lockwise, a password manager; and Send, a privacy-focused alternative to services such as WeSendit. It's also beta-testing a VPN (virtual private network) service, which it hopes to market to privacy-conscious users...

Apple's iOS (mobile operating system) is an acknowledged disaster for Mozilla. Safari is the default and, while users can install other browsers, they come doubly hindered: they can never be set as the default, meaning any link clicked in other applications will open in Safari; and they must use Safari's "rendering engine", a technical limitation that means that even the browsers that Firefox does have on the platform are technically just fancy wrappers for Apple's own browser, rather than full versions of the service that Mozilla has built over the decades... "Even if you do download a replacement, iOS drops you back into the default. I don't know why that's acceptable. Every link you open on a phone is the choice of the phone maker, even if you, as a user, want something else."
Summarizing Baker's concerns, the Guardian writes that "It is perfectly possible to build a browser that prevents advertising companies from aggregating user data. But it is unlikely that any browser made by an advertising company would offer such a feature..."

And an activist for the Small Technology Foundation tells them that Google "wants the web to go through Google. It already mostly does: with eyes on 70% to 80% of the web."

slack_justyb writes: Mozilla has been heavily invested in WebAssembly with Firefox, and today, the organization teamed up with a few others to form the new Bytecode Alliance, which aims to create "new software foundations, building on standards such as WebAssembly and WebAssembly System Interface (WASI)." Mozilla has teamed up with Intel, Red Hat, and Fastly to found the alliance, but more members are likely to join over time. The goal of the Bytecode Alliance is to create a new runtime environment and language toolchains which are secure, efficient, and modular, while also being available on as many platforms and devices as possible. The technologies being developed by the Bytecode Alliance are based on WebAssembly and WASI, which have been seen as a potential replacement for JavaScript due to more efficient code compiling, and the expanded capabilities of being able to port C and C++ code to the web. To kick things off, the founding members have already contributed a number of open-source technologies to the Bytecode Alliance, including Wasmtime, a lightweight WebAssembly runtime; Lucet, an ahead-of-time compiler; WebAssembly Micro Runtime; and Cranelift.

"Microsoft is bringing Edge to Linux, for all the Microsoft fans running Linux," jokes the headline at the Inquirer. ("We can just imagine the amount of bunting and party poppers that the Linux community has just ordered. After all, why wouldn't you want a browser from the company that you joined Linux to get away from?") And the headline at Liliputting quips that the Edge browser "is coming to Linux (whether you want it or not)," calling the move "the latest evidence that Microsoft's relationship to Linux has changed a lot in recent years.

But TechRadar had an even more sardonic headline. "Hell freezes over as Microsoft Edge comes to Linux." One other thing to consider is that the introduction of Edge to Linux is something of a thorny subject in that the folks who choose a Linux distro often do so to break away from the chains of Microsoft and Windows (or indeed Apple). So certainly some of the more fervent open source types out there may not welcome a Microsoft browser with open arms, and doubtless it will be regarded with suspicion in some quarters. No matter how much Microsoft has been banging the open source drum in many different ways in recent times.

That said, there will doubtless be Linux users who are curious, and may want to pick up a mainstream alternative to Firefox on Linux which, when compared to Chrome -- with its famous memory hogging antics -- makes a far preferable choice in some respects. Edge will also do streaming better (by default Chrome limits you to 720p when you're trying to watch a spot of Netflix). All the testing feedback about Edge has been pretty positive in the main thus far, too, so maybe that will persuade even doubters to at least consider it.

One thing's for sure: it will certainly be interesting to see the reaction Microsoft's browser gets when it is deployed to Linux.
Edge may face a rocky reception. "I am not feeling a tingling all over at the thought of Edge coming to Linux," posted one commenter on Beta News. "It's not really necessary to bring Linux down to the level of Windows 10."

But how do Slashdot's readers feel? What's your reaction to the news that Microsoft's Edge browser is coming to Linux?