An endangered internet species: Firefox

Even with another infusion of cash from Google, you have to wonder just how long Firefox will survive as a viable, mainstream web browser.

I've been using Mozilla's Firefox browser since it was still in beta. In 2004, for a while, it was my favorite web browser. Not because it was open-source, but because it was so much better and more secure than Internet Explorer. That was then. This is now. Firefox is in real danger of dying off.

Firefox had a great run, but beginning in 2012 with Firefox 11, the once innovative browser began a sharp decline in quality. Over the years, things continued downhill.

https://www.zdnet.com/article/an-endangered-internet-species-firefox/

#Mozilla #Firefox

Firefox Relay: create email aliases to combat spam and improve privacy

Mozilla revealed Firefox Private Relay, an experimental service to protect email addresses through the creation of aliases, in May 2020. The service was invite-only at the time but it is now available to anyone who wants to give it a try.

Now called Firefox Relay, it is available globally. A Firefox Account is required to sign-up for Firefox Relay and Firefox users may install the companion extension to better integrate the service into the browser and improve the generation of aliases, e.g. when signing up for a new service.

https://www.ghacks.net/2020/08/22/firefox-relay-create-email-aliases-to-combat-spam-and-improve-privacy/

#Mozilla #Firefox #Relay #spam

Firefox Daylight for Android arrives with Enhanced Tracking Protection, new UI, and GeckoView

After more than a year of development, Mozilla today launched Firefox 79 for Android, branded Firefox Daylight. Like Firefox 57 Quantum, Firefox Daylight gets its own name as it marks “a new beginning for our Android browser.” The new version is “an entirely overhauled, faster, and more convenient product.” Firefox Daylight includes Enhanced Tracking Protection on by default, a new user interface, Mozilla’s own mobile browser engine GeckoView, and a slew of new features. Mozilla is rolling out the new Firefox for Android globally, starting in Germany, France, and the U.K. today and in North America from August 27.

Firefox has about 200 million active users, according to Mozilla, making it a major platform for web developers to consider. But that number has been steadily falling over the years. Furthermore, on mobile, where users are less likely to change their default browser, Firefox holds less than 1% market share, according to Net Applications. That’s why the company decided to hit reset on its Android browser.

The launch comes at a difficult time for Mozilla, which earlier this month announced layoffs of about 250 employees. We spoke with Mozilla senior product manager Vesta Zare about the Firefox Daylight launch. “I wouldn’t say it was impacted that much by the layoffs, but of course everyone was impacted,” Zare said. “But I do want to stress that this remains a priority, a high area of focus for us, especially on mobile.”

👀 👉🏼 https://venturebeat.com/2020/08/25/firefox-daylight-android-enhanced-tracking-protection-geckoview/

#mozilla #firefox #GeckoView #browser #android #tracking #protection
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

https://www.w3.org/2020/06/machine-learning-workshop/talks/privacy_focused_machine_translation_in_firefox.html

#Mozilla #Firefox #translation #machine #privacy

Firefox Nightly for Android to get full add-ons support

The Nightly version of the new Firefox web browser for Google's Android operating system will soon get full add-ons support according to a post by Mozilla's Add-ons Community Manager Caitlin Neiman on the official Mozilla Add-ons blog.

Mozilla launched a completely redesigned version of Firefox for Android in July 2020. The browser replaced the underlying engine with a Mozilla's new mobile browser engine GeckoView to improve web compatibility and performance of the browser.

Firefox users were migrated to the new version automatically, provided that the automatic update function was not disabled. One of the main issues that some users experienced after the upgrade was that add-ons support was limited.

The new Firefox supported nine extensions, and not the thousands of extensions that were supported by the previous versions. While these were the most popular based on user installs, it meant that Firefox users noticed that all other extensions were disabled and could not be used anymore.

Mozilla did promise to bring full add-ons support to Firefox, and it appears that a first step is being made soon in that regard.

https://www.ghacks.net/2020/09/03/firefox-nightly-for-android-to-get-full-add-ons-support/

#Mozilla #Firefox #Nightly #addons

Exploitation of LAN vulnerability found in Firefox for Android (PoC)

I tested this PoC exploit on 3 devices on same wifi, it worked pretty well.

I was able to open custom URL on every smartphone using vulnerable Firefox (68.11.0 and below)

👀 👉🏼 https://twitter.com/LukasStefanko/status/1307013106615418883

👀 👉🏼 Firefox for Android LAN-Based Intent Triggering:
https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/red-team-tech-notes/-/tree/master/firefox-android-2020

#android #security #exploit #firefox #LAN #vulnerability #poc
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Firefox usage is down 85% despite Mozilla's top exec pay going up 400%

Mozilla is in an absolute state: high overheads, falling usage of Firefox, questionable sources of revenue and now making big cuts to engineering as their income falls.

Mozilla recently announced that they would be dismissing 250 people. That's a quarter of their workforce so there are some deep cuts to their work too. The victims include: the MDN docs (those are the web standards docs everyone likes better than w3schools), the Rust compiler and even some cuts to Firefox development. Like most people I want to see Mozilla do well but those three projects comprise pretty much what I think of as the whole point of Mozilla, so this news is a a big let down.

The stated reason for the cuts is falling income. Mozilla largely relies on "royalties" for funding. In return for payment, Mozilla allows big technology companies to choose the default search engine in Firefox - the technology companies are ultimately paying to increase the number of searches Firefox users make with them. Mozilla haven't been particularly transparent about why these royalties are being reduced, except to blame the corona-virus.

I'm sure the coronavirus is not a great help but I suspect the bigger problem is that Firefox's market share is now a tiny fraction of its previous size and so the royalties will be smaller too - fewer users, so fewer searches and therefore less money for Mozilla.

👀 👉🏼 http://calpaterson.com/mozilla.html

#mozilla #firefox #browser #numbers #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Welcome a new Fennec F-Droid

https://forum.f-droid.org/t/welcome-a-new-fennec-f-droid/11113
By relan F-Droid Contributor
10 days ago

I have just submitted 300 a Fennec update to 81.1.1. Should be available soon™. This version brings a lot of changes, like a new UI and modular codebase. The bad news:

Mozilla now tracks you even more actively using proprietary 3rd party services. I removed all tracking I found. (Firebase, Adjust and Leanplum libraries were replaced with stubs, so some analyzers can erroneously report their presence in the APK.)

The new UI may break your habits and disappoint you. (IMHO it’s not that bad as one can conclude from reading r/Firefox.)

Android 5.0 or later is now required. Mozilla decided so.

x86 devices are not supported anymore. I stumbled upon linkage errors and gave up. Help is welcome.

The good news is that Fennec F-Droid is alive and continues to be truly free software.


#fennec #ff #firefox #fdroid

Google Safebrowsing can no longer be disabled on mobile Firefox

I am reposting this because I was shadowbanned from Reddit with no reason given by their Anti-Evil Operations Team for several days which means nobody saw this even after it was restored:

[No way to disable Phishing and Malware Protection for users who are suspicious of Google and leaking browsing history to Google.](https://github.com/mozilla-mobile/fenix/issues/14163)

Relevant content on the failure of anonymization:

[How safebrowsing fails to protect privacy](https://blog.trailofbits.com/2019/10/30/how-safe-browsing-fails-to-protect-user-privacy/)

[A Privacy Analysis of Google and Yandex Safe Browsing](https://hal.inria.fr/hal-01120186v4/document)

> Our experimental analysis estimates the rate of such collisions and shows that hashing and truncation fails to prevent re-identification when a user visits small-sized domains or certain URLs of larger domains. We further materialize this in the form of an algorithm that Google and Yandex could potentially employ to track users. We conclude this work by providing an analysis of the databases of Google and Yandex (Section 7). By crawling their databases, we detect a number of “suspicious” prefixes that we call orphans. Orphans trigger communication with the servers, but no full digest corresponds to them. We also observe several URLs which have multiples prefixes included in the blacklists. These provide concrete examples of URLs and domains that can be easily tracked by Google and Yandex.

https://github.com/mozilla-mobile/fenix/issues/14163#issuecomment-680291892

> Does it have the potential of sending full URL-s to Google? Yes, it does. From the page given by you:
"Otherwise, send the binary file's metadata to the remote application reputation server (browser.safebrowsing.downloads.remote.url) and block the download if the server indicates that the file isn't safe."
with the link on "metadata" leading to parts of code where there is setting in request properties of origin URL. If I read code correctly - https://dxr.mozilla.org/mozilla-central/source/toolkit/components/reputationservice/ApplicationReputation.cpp#1306 - it is stripped from query params, but full hostname + path ARE included in this case.

https://forum.f-droid.org/t/google-safebrowsing-can-no-longer-be-disabled-on-mobile-firefox/11224

https://redd.it/j5i8h1
@r_privacy

#ff #firefox #Google

Choose your browser carefully

Privacy on the Internet is important because privacy risks range from the gathering of statistics on users to more malicious acts such as the spreading of spyware and the exploitation of various forms of bugs (software faults). Many companies, such as Google, track which websites people visit and then use the information, for instance by sending advertising based on one's web browsing history. Sometimes prices on products are changed on the same website, depending on tracking information, and two people may view the exact same product on the exact same website yet be presented with very different prices.

Information 2020-10-20: This article was originally called "Mozilla is becoming evil - be careful with Firefox" and it was mainly about Firefox, but since this issue is so important and is also very relevant to other browsers, such as Google Chrome, Google Chromium (the Open Source version of Chrome) and Brave, I have changed the name of the article and rewritten the article with relevant information about other browsers as well.

💡 Table of contents: 💡

Mozilla Firefox
Google Chrome and Chromium
Brave
Palemoon
Waterfox
Real privacy respecting browsers
Conclusions
Appendix
Controlling Firefox
Blocking DoH via a firewall

👀 👉🏼 https://unixsheikh.com/articles/choose-your-browser-carefully.html

#firefox #chrome #palemoon #waterfox #browser #privacy #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag