Google isn’t the only company prepping a non-Webkit version of its browser, with Mozilla taking similar action.
News broke last week that Google was working on an iOS version of Chrome that used its own Blink rendering engine instead of Apple’s Webkit. App Store rules currently require all iOS web browsers to use Webkit, meaning that front-end features are the only thing that differentiate the options.
According to The Register, Mozilla is also working on a version of its browser that runs on its own Gecko rendering engine instead of Webkit.
Interestingly, while Mozilla and Google are not officially confirming it, it appears both companies may anticipate a future where regulation forces Apple to allow third-party browser engines on iOS. If such an eventuality occurs, both companies will be able to hit the ground running.
Mozilla has released a local, non-cloud translation extension, Firefox Translation, providing a private and secure alternative.
Translation extensions are among the most popular add-ons available for Firefox, but Mozilla has created a new one that focuses on privacy. The vast majority of translation extensions rely on cloud-based services, uploading text to complete the translation. Needless to say, this poses a privacy and security risk, especially for sensitive content.
According to Mozilla, this new add-on “was developed with The Bergamot Project Consortium, coordinated by the University of Edinburgh with partners Charles University in Prague, the University of Sheffield, University of Tartu, and Mozilla.”
The Firefox Translation extension is designed to do all translation locally, on the user’s computer, without uploading anything to the cloud.
Mozilla notes the following requirement:
A CPU that supports SSE4.1 extensions is required for this addon to function properly. If it doesn’t, an error will be displayed when the translation is being started.
Facebook is at it again, encrypting its URLs in an effort to bypass the privacy protections afforded by Brave and Firefox.
According to Ghacks, the issue stems from changes Firefox and Brave made to strip out tracking parameters from URLs. Tracking parameters are trailing characters in a URL that provide no benefit to the user, designed to help the website track them. To get around Brave and Firefox stripping out the tracking parameters, Facebook is working to encrypt its URLs.
Facebook is specifically encrypting the URLS rather than simply changing their parameters in an effort to prevent the browser makers from adapting. URL stripping is based on known tracking parameters. Once Facebook changes the parameters, the browser makers would simply adapt and filter out the new ones. Encrypting the URLs makes it exponentially more difficult, if not impossible, for the browser makers to adapt.
Facebook has a long and well-established reputation for ignoring privacy and going to great lengths to collect any and all information it can on users. Its latest effort completely ignores users’ preferences by bypassing protections they have opted to use. What’s worse, the company has shown the rest of the industry how to bypass this protection.
Apple’s Safari is now the second most popular browser on the market, with more than 1 billion users, although it still comes in a distant second to Google Chrome.
Safari is the default browser on all Macs, iPhones, and iPads. Its default status, especially on Apple’s mobile devices, have helped drive it to second place, passing both Firefox and Microsoft Edge, according to Atlas VPN.
Despite Safari’s gains, Google’s Chrome is still the undisputed 800-lb gorilla in the browser market. Chrome currently has more than 3.3 billion users.
Interestingly, compared to last year, Microsoft Edge has come in third place, surpassing Firefox with 212 million users. In contrast, Firefox has slipped below the 200 million threshold, coming in at 179 million.
Many users are growing increasingly concerned with the reach of Google’s Chrome. Not only does Chrome itself dominate the market, but many other browsers are also based on Chrome. Microsoft Edge, Brave, Vivaldi, Opera, and others all use the same rendering engine as Chrome. Some users fear this gives Google a dangerous amount of influence over the development of the internet and see Firefox as the last best hope for a free internet.
Mozilla has issued updates for Firefox, Firefox for Android, Thunderbird, and Firefox Focus to fix two vulnerabilities being actively exploited in the wild.
Firefox, while not nearly as popular as Chrome, is one of the most important web browsers on the market, an open source alternative with a focus on privacy. Mozilla says both vulnerabilities are being actively exploited by bad actors, making it critically important to update immediately.
CVE-2022-26486: Use-after-free in WebGPU IPC Framework: “An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw.”
Mozilla has updated its VPN service, providing significant privacy improvements over past versions.
Mozilla VPN is one of the organization’s efforts to further privacy. The service has also been a big hit, with Consumer Reports listing it in the top three VPN services they would “feel most comfortable using ourselves or suggesting to a friend.”
The latest edition brings some welcome improvements, including Firefox’s Multi-Account Containers. Multi-Account Containers are designed to help users separate their online activity, for example work and personal, with each activity in its own container. This adds a significant layer of privacy, making it that much harder for companies to track users. It also allows users to sign into the same service with multiple accounts, since each instance is segregated in its own container.
Mozilla is bringing that to its VPN service, allowing users to set containers to use servers in specific locations.
The company is also bringing its multi-hop feature to mobile devices. First introduced on the desktop in September, the feature allows users to connect to two servers in a session, adding a major security boost.
Mozilla is closing in on a major milestone, set to pass $500 million in 2021 revenue as the company’s other services gain ground.
Mozilla has always been in a unique and precarious position. The organization is responsible for one of the most important pieces of software, in its Firefox web browser. Although Chrome has long-since come to dominate the browser market, Firefox consistently wins praise for its focus on user privacy, unlike Chrome. In fact, Mozilla has established itself as a stalwart defender of user privacy, and is on the forefront of such efforts.
Despite its importance, and what the company stands for, Mozilla’s primary financial support has come from search deals with Google, to the tune of nearly 90% of the company’s revenue. Relying on its greatest competitor, one whose values are almost diametrically opposed to Mozilla’s, is a dangerous position to depend on.
According to TechCrunch, the status quo is finally starting to change. While Mozilla reported $466 million in search revenue in 2020, and $465 million in 2019, the organization is set to pass $500 million in 2021.
Most significantly, however, an increasing share of Mozilla’s revenue is coming from its other services, such as Mozilla VPN, Pocket and Firefox Relay Premium. In fact, revenue from these other services is expected to grow 150% in 2020, accounting for 14% of Mozilla’s total revenue. According to TechCrunch, Mozilla’s VPN service alone saw a 450% revenue growth from 2020 to 2021.
While 14% is still a relatively small portion of Mozilla’s total revenue, it’s an excellent start toward finally breaking free of dependence on Google.
The Electronic Frontier Foundation (EFF) is calling out Google’s Manifest V3 (MV3) browser extension plans, calling them “deceitful and threatening.”
MV3 represents a significant change to how Chrome browser extensions are implemented. In an effort to increase compatibility, Mozilla has already announced that Firefox will adopt MV3 too.
According to the EFF, however, MV3 represents a major threat to privacy and security, thanks to the limits it places on how extensions work.
Manifest V3, or Mv3 for short, is outright harmful to privacy efforts. It will restrict the capabilities of web extensions—especially those that are designed to monitor, modify, and compute alongside the conversation your browser has with the websites you visit. Under the new specifications, extensions like these– like some privacy-protective tracker blockers– will have greatly reduced capabilities. Google’s efforts to limit that access is concerning, especially considering that Google has trackers installed on 75% of the top one million websites.
The EFF aren’t the only ones warning about MV3.
“A web browser is supposed to act on behalf of the user and respect the user’s interests,” says Jonathan Mayer, Princeton University. “Unfortunately, Chrome now has a track record as a Google agent, not a user agent. It is the only major web browser that lacks meaningful privacy protections by default, shoves users toward linking activity with a Google Account, and implements invasive new advertising capabilities. Google’s latest changes will break Chrome privacy extensions, despite academic research demonstrating that no change is necessary. These user-hostile decisions are all directly attributable to Google’s surveillance business model and enabled by its dominance of the desktop browser market.”
“Nearly all browser extensions as you know them today will be affected in some way: the more lucky ones will ‘only’ experience problems, some will get crippled, and some will literally cease to exist,” writes AdGuard’s Andrey Meshkov.
It’s unlikely Google will back down from its MV3 plans, given how much it relies on the very kinds of trackers many privacy extensions are designed to combat. Hopefully, however, Mozilla will rethink its adoption of MV3, given the company’s commitment to privacy and security.
Mozilla is killing off its Firefox Lockwise password manager, with the end-of-life (EOL) date set for December 13, 2021.
Password managers are a popular, and important, cybersecurity option. Password managers help users keep track of the myriad of passwords they use for various websites and services, even generating stronger passwords that would otherwise be difficult to remember. Security experts recommend consumers make use of such apps, given the protection they offer.
Firefox Lockwise is Mozilla’s password manager, but its functions are already present in the Firefox web browser, across the various platforms it supports. As a result, Mozilla is killing off Firefox Lockwise.
Mozilla will end support for the Firefox Lockwise app on Android and iOS, effective December 13, 2021. You will no longer be able to install or reinstall Firefox Lockwise from the App Store or Google Play Store. iOS version 1.8.1 and Android version 4.0.3 will be the last releases for Firefox Lockwise. The application may continue to work on your device, but it will no longer receive support or security updates.
After December 13, 2021, you can continue to access your saved passwords and your password management in the Firefox desktop and mobile browsers.
Despite some losses, Firefox is still sitting at a relatively healthy 200 million users a year — not 50 million.
A recent article in Gizmodo cited a Firefox Public Data Report, saying the browsers usage “number has sagged to just under 50 million.” In point of fact, the Firefox Public Data Report shows the browser’s usage share dropped from 253,000,000 in January 2019 to 196,000,000 in August 2021. While a drop of 50+ million is certainly unfortunate, roughly 200,000,000 million active users is a far cry from the 50 million Gizmodo proclaims.
Firefox occupies a unique position in the web browser market. Unlike the more popular alternatives, Firefox is open source, developed and maintained by a non-profit organization, Mozilla. In addition, Firefox is one of the most privacy-conscious browsers on the market.
Anyone interested in privacy and security, as well as supporting a diverse web browser market, would do well to make the switch to Firefox — or at least give it a try.
Mozilla is preparing for the inevitable version 100 of its Firefox browser, testing to make sure a triple-digit user agent won’t break the browser.
Web browsers send websites a string of text including the version number, rendering engine and more. Until now, there’s never been a web browser that has reached version 100, but Firefox is closing in at version 91.
Mozilla is testing to make sure the unprecedented version won’t cause any issues. In a bug post, the organization is trying an experiment to see if a triple-digit user agent breaks any sites.
We would like to run an experiment to test whether a UA string with a three-digit Firefox version number will break many sites. This new temporary general.useragent.experiment.firefoxVersion pref can override the UA string’s Firefox version.
If many sites are broken, we might need to freeze the UA string’s Firefox version at some two-digit number like “Firefox/99.0”:
Mozilla has taken the wraps off of the latest version of Firefox, version 91, and it includes significant privacy improvements.
Firefox is already one of the most secure, private browsers on the market today. The browser’s Total Cookie Protection is one of the features contributing to that, preventing companies from tracking you as you browse across websites.
Version 91’s Enhanced Cookie Clearing builds on that even more, making it much easier to clear cookies for a given site, as well as any third-party cookies that may have been embedded in that site.
Let’s say you have visited facebook.com, comfypants.com and mealkit.com. All of these sites store data in Firefox and leave traces on your computer. This data includes typical storage like cookies and localStorage, but also site settings and cached data, such as the HTTP cache. Additionally, comfypants.com and mealkit.com embed a like button from facebook.com.
Embedded third-party resources complicate data clearing. Before Enhanced Cookie Clearing, Firefox cleared data only for the domain that was specified by the user. That meant that if you were to clear storage for comfypants.com, Firefox deleted the storage of comfypants.com and left the storage of any sites embedded on it (facebook.com) behind. Keeping the embedded storage of facebook.com meant that it could identify and track you again the next time you visited comfypants.com.
With Enhanced Cookie Clearing, Firefox will now display a “cookie jar” for each website you’ve visited, collecting the cookies and data from that website, as well as any third-party cookies and data that may have been embedded in it.
Firefox 91 Enhanced Cookie Clearing – Credit Mozilla
Mozilla says that, in order for Enhanced Cookie Clearing to work, users must have Strict Tracking Protection enabled.
Mozilla has ended support for FTP in Firefox 90, citing security concerns with the aging protocol.
FTP (File Transfer Protocol) is one of the oldest protocols, dating back to the early days of the internet. Unfortunately, unlike newer protocols, basic FTP has no encryption and transmits data in plain text, including usernames and passwords. Mozilla highlights the danger this poses to users.
The biggest security risk is that FTP transfers data in cleartext, allowing attackers to steal, spoof and even modify the data transmitted. To date, many malware distribution campaigns launch their attacks by compromising FTP servers and downloading malware on an end user’s device using the FTP protocol.
As a result of FTP’s security risks, Mozilla has decided to end support for it.
Removing FTP brings us closer to a fully-secure web which is on a path to becoming HTTPS only and any modern automated upgrading mechanisms such as HSTS or also Firefox’s HTTPS-Only Mode, which automatically upgrade any connection to become secure and encrypted do not apply to FTP.
The FTP protocol itself has been disabled by default since version 88 and now the time has come to end an era and discontinue the support for this outdated and insecure protocol — Firefox 90 will no longer support the FTP protocol.
Mozilla is to be commended for its ongoing push to protect user privacy and security, even if that means dropping venerable protocols like FTP.
Mozilla has announced the latest version of Firefox, sporting a new look and improved user experience.
Once the second most popular browser, Firefox is now a distant third, behind Google Chrome and Apple Safari. Microsoft Edge is in fourth place, nipping at its heals. Mozilla has been working to reverse its fortunes in an effort to regain market share.
As part of that effort, the company has released the latest update, a major overhaul of the user experience. According to the company, it analyzed more than 17 billion clicks to better determine how to streamline the browsing experience.
Going into the Firefox redesign, our team studied how people interact with the browser, observing their patterns and behaviors. We listened to feedback and gathered ideas from regular people who just want to have an easier experience on the web. We obsessed over distractions, extra clicks and wasted time. The resulting new design is simple, modern and fast and delivers a beautiful experience to support what people do most in Firefox.
One of the most visible changes is a redesigned tab bar, more rounded and floating above the toolbar. The new update also includes new icons, crisp typography, streamlined menus and improved spacing in the UI.
Privacy features also received a major boost, building on Firefox’s already stellar reputation in that area.
All browsers have a private browsing mode, but none match Firefox. The popular Total Cookie Protection moves from the optional strict setting to always-on in private browsing. This feature maintains a separate “cookie jar” for each website you visit while browsing privately. Any time a site deposits a cookie, Firefox locks it up in its own cookie jar so that it can’t be shared with any other website.
The new version is available for all major platforms, including desktop and mobile.
Mozilla has announced a significant change to how Firefox handles HTTP Referrers, in an effort to improve user privacy.
The HTTP Referrer is header information browsers send to the current website, informing it what website “referred” it. In other words, the current website knows the last website the browser came from.
In many cases, the referrer information is used in harmless ways, but it can be abused to gain access to private information. Because the referrer information includes the specific page a person was previously looking at, in can help a website better understand a visitor’s interests. It can also include a user’s account information from the website they came from.
Mozilla is now trimming the referrer information in an effort to better protect user privacy.
Starting with Firefox 87, we set the default Referrer Policy to ‘strict-origin-when-cross-origin’ which will trim user sensitive information accessible in the URL. As illustrated in the example above, this new stricter referrer policy will not only trim information for requests going from HTTPS to HTTP, but will also trim path and query information for all cross-origin requests. With that update Firefox will apply the new default Referrer Policy to all navigational requests, redirected requests, and subresource (image, style, script) requests, thereby providing a significantly more private browsing experience.
Mozilla’s announcement is a welcome one, as the company continues to be a leading advocate for user privacy.
The latest release of Mozilla’s Firefox includes a significant privacy upgrade, introducing Total Cookie Protection.
Cookies are snippets of code that websites use to identify users. They are responsible for a number of useful features, such as the ability to revisit a site and access personalized information without needing to log in again. Cookies can also be used to track users, however, including by companies that use them to track users across other websites.
In 2019, Firefox introduced Enhanced Tracking Protection (ETP), which blocks cookies from known trackers. Today’s announcement takes it a step further with Total Cookie Protection.
Our new feature, Total Cookie Protection, works by maintaining a separate “cookie jar” for each website you visit. Any time a website, or third-party content embedded in a website, deposits a cookie in your browser, that cookie is confined to the cookie jar assigned to that website, such that it is not allowed to be shared with any other website.
This is an important feature that will go a long way toward protecting user privacy and ensuring cookies aren’t abused as a way of tracking users.
Mozilla has been looking to expand its services and products beyond its Firefox web browser in an effort to diversify its profits. One of those endeavors is its VPN service that started life as a Firefox extension, before transitioning to a closed beta and then a publicly available service.
The initial releases, however, only supported Windows, Android and iOS. The company has now expanded its support to include macOS and Linux, rounding out support for every major platform.
Mozilla VPN currently offers service in the US, the UK, Canada, New Zealand, Singapore and Malaysia. This makes its focus far more narrow than competing services, such as ExpressVPN, although Mozilla says more countries will be added.
Mozilla promises it doesn’t log network activity and doesn’t restrict bandwidth. Like many of its competitors, Mozilla VPN can be run on five different devices from a single account.
The company has claimed that its service is faster than rivals because it uses less code. In our testing, however, those claims seem highly subjective, based on the selected VPN server.
For example, starting with an internet connection that averages 35 to 40 Mbps, we connected to Mozilla VPN using the three closest available locations. Two of the locations yielded speeds ranging from 0.37 to 0.44 Mbps. The third location, Chicago, yielded speeds of 32 and 33 Mbps.
Mozilla VPN Speed Tests
While not comprehensive, our brief testing shows Mozilla still has some work to do before it rivals ExpressVPN, widely considered the fastest service available.
Nonetheless, with Mozilla’s well-established reputation for protecting user privacy, their entry into the market is a welcome one.
Mozilla is planning on a design refresh of its flagship browser, the first such refresh since 2017.
Once one of the most popular web browsers on the market, and the main competitor to Microsoft’s Internet Explorer, Firefox has since fallen to roughly 7.5% as of December 2020. Nonetheless, Firefox remains an important option, given Mozilla’s focus on security and privacy.
According to Ghacks, Mozilla is calling this refresh Photon, as opposed to the last one, which was called Proton. The company has not provided any details, screenshots or mockups, but has posted a meta bug on Bugzilla that provides clues regarding what elements are slated for change. In particular, the following items are covered:
The Firefox address bar and tabs bar
The main Firefox menu
Infobars
Doorhangers
Context Menus
Modals
A design refresh may be just what Firefox needs to prompt people to give it another look and help it regain some market share.
Mozilla has released the latest update to Firefox, bringing full compatibility with Apple’s M1 Macs, as well as significant performance improvements.
The M1 chip is Apple’s custom silicon, based on the same ARM designs Apple uses in its iPhone and iPad. While M1-based Macs can run software designed for Intel chips, and run it well, the best performance is obtained by recompiling an app so it runs natively on the M1.
Microsoft just made headlines with its announcement that Microsoft 365 has been updated to run on the M1 natively, and now Firefox has made the jump as well. The company outlined the benefits in its release notes:
Native support for macOS devices built with Apple Silicon CPUs brings dramatic performance improvements over the non-native build that was shipped in Firefox 83: Firefox launches over 2.5 times faster and web apps are now twice as responsive (per the SpeedoMeter 2.0 test). If you are on a new Apple device, follow these steps to upgrade to the latest Firefox.
As one of the most privacy-focused browsers on the market, it’s good to see Firefox updated for Apple’s new chip.
Mozilla’s latest Firefox release, version 83.0, boosts a major increase to JavaScript performance.
JavaScript, once mainly used for animations and menus, is one of the most important languages of the web. Thanks to JavaScript, developers are able to create complex web applications, many of which rival desktop applications for functionality.
Unfortunately, running JavaScript-heavy websites is one of the most challenging aspects of a web browser’s duties. Every major browser manufacturer constantly works to increase JavaScript performance and responsiveness.
Mozilla’s latest version of Firefox significantly boosts the browser’s performance thanks to a major update to its SpiderMonkey JavaScript engine. The new update, called Warp or WarpBuilder, makes changes to the Just-In-Time (JIT) compilers.
With Warp (also called WarpBuilder) we’re making big changes to our JIT (just-in-time) compilers, resulting in improved responsiveness, faster page loads and better memory usage. The new architecture is also more maintainable and unlocks additional SpiderMonkey improvements.
Traditionally, JavaScript is an interpreted language. That means the code is interpreted on the fly as it is executed. This can result in major performance issues, especially when code must be executed repeatedly, such as code loops. JIT compilers help solve this problem by compiling and storing frequently used code, speeding up operations.
Firefox’s latest boost comes from significantly optimizing those JIT compilers, resulting in significant real-world gains over Warp’s predecessor Ion.
Warp is faster than Ion on many workloads. The picture below shows a couple examples: we had a 20% improvement on Google Docs load time, and we are about 10-12% faster on the Speedometer benchmark.
We’ve seen similar page load and responsiveness improvements on other JS-intensive websites such as Reddit and Netflix. Feedback from Nightly users has been positive as well.
Although Firefox is no longer the leading browser, in terms of market share, it continues to be a major player. Its improved performance, not to mention emphasis on privacy, will hopefully help it gain some ground against its larger rivals.
Brave web browser is making inroads in the market, announcing it now has 20 million monthly active users and 7 million daily active users.
Brave is distinguishing itself as a browser that focuses on privacy and security. By default, the browser is considered to be more secure than Firefox. At the same time, thanks to its Chromium engine—the same engine that powers Google Chrome and Microsoft Edge— Brave generally offers top-tier performance, often beating rivals.
When it comes to monetization, Brave uses a somewhat unique method. The browser aggressively blocks ads, but gives users the option of seeing ads from Brave’s own network that, again, emphasizes privacy. This model seems to be a hit for all parties, as Brave boasts a click-through rate of 9%, well above the industry average of 2%.
In addition, Brave allows individuals to become verified content creators. Other users can then use Brave’s own cryptocurrency, Basic Attention Tokens, to tip their favorite content creators.
Brave’s features and performance seem to be gaining traction. The browser’s current 20 million monthly active users is up from 8.7 million a year ago. Similarly, the 7 million daily active users is up from 3 million a year ago. Since Apple began allowing users to set their default iOS browser in iOS 14, Brave’s daily active iOS users has grown 34%.
At a time when Mozilla is still struggling to break free from its dependance on Google subsidies, and other major browsers are bundled with operating systems, it’s good to see an independent browser succeeding with an innovative approach to monetization and sustainability.
