Mozilla flips the default switch on Firefox tracker cookie blocking

From today Firefox users who update to the latest version of the browser will find a pro-privacy setting flipped for them on desktop and Android smartphones, assuming they didn’t already have the anti-tracking cookie feature enabled.

Mozilla launched the Enhanced Tracking Protection (ETP) feature in June as a default setting for new users — but leaving existing Firefox users’ settings unchanged at that point.

It’s now finishing what it started by flipping the default switch across the board in v69.0 of the browser.

The feature takes clear aim at third party cookies that are used to track Internet users for creepy purposes such as ad profiling. (Firefox relies on the Disconnect list to identify creepy cookies to block.)

The anti-tracking feature also takes aim at cryptomining: A background practice which can drain CPU and battery power, negatively impacting the user experience. Again, Firefox will now block cryptomining by default, not only when user activated.

In a blog post about the latest release Mozilla says it represents a “milestone” that marks “a major step in our multi-year effort to bring stronger, usable privacy protections to everyone using Firefox”.

“Currently over 20% of Firefox users have Enhanced Tracking Protection on. With today’s release, we expect to provide protection for 100% of ours users by default,” it predicts, underlining the defining power of default settings.

Firefox users with ETP enabled will see a shield icon in the URL bar to denote the tracker blocking is working. Clicking on this icon takes users to a menu where they can view a list of all the tracking cookies that are being blocked. Users are also able to switch off tracking cookie blocking on a per site basis, via this Content Blocking menu.

While blocking tracking cookies reduces some tracking of internet users it does not offer complete protection for privacy. Mozilla notes that ETP does not yet block browser fingerprinting scripts from running by default, for example.

Browser fingerprinting is another prevalent privacy-hostile technique that’s used to track and profile web users without knowledge or consent by linking online activity to a computer’s configuration and thereby tying multiple browser sessions back to the same device-user.

It’s an especially pernicious technique because it can erode privacy across browser sessions and even different browsers — which an Internet user might be deliberately deploying to try to prevent profiling.

A ‘Strict Mode’ in the Firefox setting can be enabled by Firefox users in the latest release to block fingerprinting. But it’s not on by default.

Mozilla says a future release of the browser will flip fingerprinting blocking on by default too.

The latest changes in Firefox continue Mozilla’s strategy — announced a year ago — of pro-actively defending its browser users’ privacy by squeezing the operational range of tracking technologies.

In the absence of a robust regulatory framework to rein in the outgrowth of the adtech ‘industrial data complex’ that’s addicted to harvesting Internet users’ data for ad targeting, browser makers have found themselves at the coal face of the fight against privacy-hostile tracking technologies.

And some are now playing an increasingly central — even defining role — as they flip privacy and anti-tracking defaults.

Notably, earlier this month, the open source WebKit browser engine, which underpins Apple’s Safari browser, announced a new tracking prevention policy that puts privacy on the same footing as security, saying it would treat attempts to circumvent this as akin to hacking.

Even Google has responded to growing pressure around privacy — announcing changes to how its Chrome browser handles cookies this May. Though it’s not doing that by default yet.

It has also said it’s working on technology to reduce fingerprinting. And recently announced a long term proposal to involve its Chromium browser engine in developing a new open standard for privacy.

Though cynics might suggest the adtech giant is responding to competitive pressure on privacy by trying to frame and steer the debate in a way that elides its own role in data mining Internet users at scale for (huge) profit.

Thus its tardy privacy pronouncements and long term proposals look rather more like an attempt to kick the issue into the long grass and buy time for Chrome to keep being used to undermine web users’ privacy — instead of Google being forced to act now and close down privacy-hostile practices that benefit its business.


Android – TechCrunch

Mozilla previews a redesigned and faster Firefox for Android

Mozilla today announced the first preview of a redesigned version of Firefox for Android that promises to be up to two times faster. The new version also introduces an easier to use and rather minimalist user interface, as well as support for collections, Mozilla’s new take on bookmarks. The new browser also features Firefox’s tracking protection, which is on by default. Over time, this preview will become the default Firefox for Android .

A few years ago, with Quantum, the Firefox team make a number of under-the-hood improvements to the browser’s core backend technologies. Now, it is doing something similar with GeckoView, Mozilla’s browser engine for Android. Implementing the technology the team developed for this in the browser now “paves the way for a complete makeover of the mobile Firefox experience,” the organization writes in today’s announcement.

“While all other major Android browsers today are based on Blink and therefore reflective of Google’s decisions about mobile, Firefox’s GeckoView engine ensures us and our users independence,” says the Firefox team. “Building Firefox for Android on GeckoView also results in greater flexibility in terms of the types of privacy and security features we can offer our mobile users.”

An early version of Firefox with GeckoView is now available for testing on Android under the Firefox Preview moniker. Mozilla notes that the user experience will sill change quite a bit before it is final.

Screenshot 20190627 081245When you first launch it, Preview opens up a new default experience that lets you sign in to a Firefox account, decide on whether you want a light or dark theme (or have the system switch automatically depending on the time of day), turn on privacy features and more.

One feature I really appreciate is that, by default, the preview puts the URL bar at the bottom of the screen, so that it’s within easy reach of your thumb. If you swipe up on the URL bar, you get both a share and bookmark icon, too. That takes some getting used to but quickly becomes second nature.

I haven’t run any formal benchmarks, but the preview definitely feels significantly snappier and smoother than any previews Firefox version on Android, up to the point where I wouldn’t hesitate to make it my default browser on mobile, especially given its built-in privacy features. I haven’t run into any hard crashes so far either, but this is obviously a beta version, so your mileage may vary.

For the rest of the year, the team will focus on optimizing the preview for all Android devices, but for now, it’s already worth a look if you’re looking to play with a new mobile browser on your Android device and not afraid of the occasional bug.

image004


Android – TechCrunch

Mozilla ranks dozens of popular ‘smart’ gift ideas on creepiness and security

If you’re planning on picking up some cool new smart device for a loved one this holiday season, it might be worth your while to check whether it’s one of the good ones or not. Not just in the quality of the camera or step tracking, but the security and privacy practices of the companies that will collect (and sell) the data it produces. Mozilla has produced a handy resource ranking 70 of the latest items, from Amazon Echos to smart teddy bears.

Each of the dozens of toys and devices is graded on a number of measures: what data does it collect? Is that data encrypted when it is transmitted? Who is it shared with? Are you required to change the default password? And what’s the worst case scenario if something went wrong?

Some of the security risks are inherent to the product — for example, security cameras can potentially see things you’d rather they didn’t — but others are oversights on the part of the company. Security practices like respecting account deletion, not sharing data with third parties, and so on.

At the top of the list are items getting most of it right — this Mycroft smart speaker, for instance, uses open source software and the company that makes it makes all the right choices. Their privacy policy is even easy to read! Lots of gadgets seem just fine, really. This list doesn’t just trash everything.

On the other hand, you have something like this Dobby drone. They don’t seem to even have a privacy policy — bad news when you’re installing an app that records your location, HD footage, and other stuff! Similarly, this Fredi baby monitor comes with a bad password you don’t have to change, and has no automatic security updates. Are you kidding me? Stay far, far away.

All together 33 of the products met Mozilla’s recently proposed “minimum security standards” for smart devices (and got a nice badge); 7 failed, and the rest fell somewhere in between. In addition to these official measures there’s a crowd-sourced (hopefully not to be gamed) “creep-o-meter” where prospective buyers can indicate how creepy they find a device. But why is BB-8 creepy? I’d take that particular metric with a grain of salt.

Gadgets – TechCrunch

Mozilla is matching all donations to the Tor Project

Firefox parent Mozilla is returning to back the Tor Project, its long-time ally, after it committed to matching all donations made to fund Tor, the open source initiative to improve online privacy which has just started its annual end of year funding drive.

Tor announced Mozilla’s support today, extending the pair’s partnership which last year helped Tor raise over $ 400,000 from a similar campaign last year. That is a small seed round for a tech startup, but it represents an important source of income for Tor, which began soliciting ‘crowdfunded’ donations in 2015 in a bid to offset its reliance on government grants.

The company’s latest publicly available accounts cover 2015 when Tor received a record $ 3.3 million in donations. That’s up from $ 2.5 million in 2014 and it represented Tor’s highest year of income to date, but state-related grants accounted for 86 percent of the figure. That was an improvement on previous years, but Tor Research Director and President Roger Dingledine admitted that the organization has “more work to do” to change that ratio.

Tor hasn’t made its latest (2016) financials available as of yet, but the past year has seen the organization make big leaps in its product offerings, which are still best known for being used by NSA whistleblower Edward Snowden . Tor launched its first official mobile browser for Android in September and the same month it released Tor Browser 8.0, its most usable browser yet which is based on Firefox’s 2017 Quantum structure. It is also worked closely with Mozilla to bring Tor into Firefox itself as it has already done with Brave, a browser firm led by former Mozilla CEO Brendan Eich.

Beyond the browser and the Tor network itself, which is designed to minimize the potential for network surveillance, the organization also develops a range of other projects. Around two million people are estimated to use Tor, according to data from the organization.

“The Tor Project has a bold mission: to take a stand against invasive and restrictive online practices and bring privacy and freedom to internet users around the world. But we can’t do it alone,” Sarah Stevenson, who is fundraising director at the Tor Foundation, wrote in a blog post.

“Countries like Egypt and Venezuela have tightened restrictions on free expression and accessing the open web; companies like Google and Amazon are mishandling people’s data and growing the surveillance economy; and some nations are even shutting off the internet completely to quell possible dissidence,” she added.

If you feel suitably compelled, you can donate to the Tor Project’s campaign right here.


Android – TechCrunch

Mozilla and NSF awards $380K to small projects connecting the unconnected

 The FCC may be hard at work at “bridging the digital divide,” as Chairman Pai so frequently puts it, and the Connect America Fund II will help. But while the big players are setting up, people all over the U.S. are going without reliable internet. Mozilla and the National Science Foundation are awarding cash to projects that aim to connect those still waiting on the bandwidth we… Read More

Gadgets – TechCrunch