Today we are pleased to announce Total Cookie Protection, a major privacy advance in Firefox built into ETP Strict Mode. Total Cookie Protection confines cookies to the site where they were created, which prevents tracking companies from using these cookies to track your browsing from site to site. I don’t think anybody will be against this.
Mozilla, Gecko Archive
The release of Apple Silicon-based Macs at the end of last year generated a flurry of news coverage and some surprises at the machine’s performance. This post details some background information on the experience of porting Firefox to run natively on these CPUs. We’ll start with some background on the Mac transition and give an overview of Firefox internals that needed to know about the new architecture, before moving on to the concept of Universal Binaries. We’ll then explain how DRM/EME works on the new platform, talk about our experience with macOS Big Sur, and discuss various updater problems we had to deal with. We’ll conclude with the release and an overview of various other improvements that are in the pipeline. These kinds of articles are very valuable, since Apple isn’t always forthcoming with documentation of specifications, and the new M1-based Macs are no exception. Big, massive projects like Firefox sharing their experiences can be quite useful to other developers.
The Servo Project is excited to announce that it has found a new home with the Linux Foundation. Servo was incubated inside Mozilla, and served as the proof that important web components such as CSS and rendering could be implemented in Rust, with all its safety, concurrency and speed. Now it’s time for Servo to leave the nest! Code for this independent web engine is out on Github.
But let’s not bury the lede here: after several days of screaming, ranting and scaring the cat with various failures, this blog post is finally being typed in a fully profile-guided and link-time optimized Firefox 82 tuned for POWER9 little-endian. Although it multiplies compile time by nearly a factor of 3 and the build process intermittently can consume a terrifying amount of memory, the PGO-LTO build is roughly 25% faster than the LTO-only build, which was already 4% faster than the “baseline” -O3 -mcpu=power9 build. That’s worth an 84-minute coffee break! (-j24 on a dual-8 Talos II , 64GB RAM.) This whole post is a ringing endorsement of Firefox and why the technology landscape – especially the alternative operating systems and hardware platforms landscape – needs Firefox. There really isn’t any other viable option. Chromium? Chromium is open source, but a lot of its important functionality is hidden behind a needlessly complex process of setting up and registering API keys that’s about as intuitive as designing an atomic bomb from scratch on a deserted island. On top of that, Chromium is still a Google project, and as Google’s reluctance to support important features on Linux shows, Chromium is designed for Google’s interests – nobody else’s. WebKit? WebKit requires developers to build an entire web browser around it from scratch. While that can lead to awesome applications, it also means replicating every single bit of functionality users have come to expect from their browsers. Things like bookmark and tab sync, extensions, and so on – all have to be built and maintained form scratch. Firefox is the only complete package someone can port to another platform and end up with a complete browser package. Sure, it’s definitely not an easy undertaking to port a program as complex as Firefox, but in a lot of cases, it’s probably easier than porting WebKit/Blink and building a browser around it from scratch.
During the past few days, I’ve been chatting with Firefox users, trying to separate fact from rumor regarding the consequences of the August 2020 Mozilla layoffs. One of the topics that came back a few times was the removal of XUL-based add-ons during the move to Firefox Quantum. I was very surprised to see that, years after it happened, some community members still felt hurt by this choice. And then, as someone pointed out on reddit, I realized that we still haven’t taken the time to explain in-depth why we had no choice but to remove XUL-based add-ons. So, if you’re ready for a dive into some of the internals of add-ons and Gecko, I’d like to take this opportunity to try and give you a bit more detail. David Teller’s been at Mozilla for nearly 10 years, so he knows what he’s talking about. A good and detailed explanation of why Mozilla pretty much had no choice.
Mozilla and Google have extended their current search deal for another three years, multiple sources have told ZDNet. The new search deal will ensure Google remains the default search engine provider inside the Firefox browser until 2023 at an estimated price tag of around $400 million to $450 million per year. Mozilla officials are expected to announce the search deal’s extension later this fall, in November, when the organization is scheduled to disclose its 2019 financial figures. This is definitely good news in terms of Firefox’ continued existence, but the uncertainty every time the deal is about to run out illustrates once again that this situation is entirely untenable. I have no idea how to solve this problem, but my wildest idea is large open source projects like major Linux distributions, GNOME, KDE, and so on, taking an active interest in investing manpower and other resources into ensuring Firefox remains the independent browser for Linux and BSD users. God forbid I have to use Chrome.
Today we announced a significant restructuring of Mozilla Corporation. This will strengthen our ability to build and invest in products and services that will give people alternatives to conventional Big Tech. Sadly, the changes also include a significant reduction in our workforce by approximately 250 people. These are individuals of exceptional professional and personal caliber who have made outstanding contributions to who we are today. To each of them, I extend my heartfelt thanks and deepest regrets that we have come to this point. This is a humbling recognition of the realities we face, and what is needed to overcome them. I feel for the 250 laid off employees – that always sucks and I hope they will be able to find a new job quickly. That being said, I have no idea what to make of this corporate speak word soup, and it’s hard to parse what, exactly, is going to change from here on out. There’s nothing concrete here, no announcements, no goals or targets – just vague evergreen wording. There’s hints that the deal with Google – wherein Google contributes about 90% of Mozilla’s revenue to be the default search engine in Firefox – might expire and not be renewed at the end of this year, which would effectively cut all of Mozilla’s revenue off. That will be an immense shock, and it could easily spell the end of the Mozilla Foundation in its current form – and thus the continued viability of Firefox.
Firefox 75 due to be released next month should finally have its native Wayland support in good order. Merged yesterday were the Firefox Wayland patches for VA-API video acceleration support in conjunction with FFmpeg. And so the slow, almost never-ending march towards Wayland continues. I wonder if the march will ever end,
The SeaMonkey project is a community effort to develop the SeaMonkey Internet Application Suite (see below). Such a software suite was previously made popular by Netscape and Mozilla, and the SeaMonkey project continues to develop and deliver high-quality updates to this concept. Containing an Internet browser, email & newsgroup client with an included web feed reader, HTML editor, IRC chat and web development tools, SeaMonkey is sure to appeal to advanced users, web developers and corporate users. SeaMonkey has been around for a while, and I’m sure many of you are familiar with it. It’s effectively a modern continuation of the more classic Mozilla browser, the Mozilla Application Suite, which also included a news reader, email client, and so on. Not exactly the kind of thing most people want to use today, but there must still be a place for it in today’s era. That being said, the project just released its latest new version, 2.53.1, so I figured I’d highlight it here.
Today, Firefox began the rollout of encrypted DNS over HTTPS (DoH) by default for US-based users. The rollout will continue over the next few weeks to confirm no major issues are discovered as this new protocol is enabled for Firefox’s US-based users. At the creation of the internet, these kinds of threats to people’s privacy and security were known, but not being exploited yet. Today, we know that unencrypted DNS is not only vulnerable to spying but is being exploited, and so we are helping the internet to make the shift to more secure alternatives. We do this by performing DNS lookups in an encrypted HTTPS connection. This helps hide your browsing history from attackers on the network, helps prevent data collection by third parties on the network that ties your computer to websites you visit. We can only hope other browsers will follow soon. This is a very important and great improvement.
There was a time when Thunderbird’s future was uncertain, and it was unclear what was going to happen to the project after it was decided Mozilla Corporation would no longer support it. But in recent years donations from Thunderbird users have allowed the project to grow and flourish organically within the Mozilla Foundation. Now, to ensure future operational success, following months of planning, we are forging a new path forward. Moving to MZLA Technologies Corporation will not only allow the Thunderbird project more flexibility and agility, but will also allow us to explore offering our users products and services that were not possible under the Mozilla Foundation. The move will allow the project to collect revenue through partnerships and non-charitable donations, which in turn can be used to cover the costs of new products and services. Thunderbird’s focus isn’t going to change. We remain committed to creating amazing, open source technology focused on open standards, user privacy, and productive communication. The Thunderbird Council continues to steward the project, and the team guiding Thunderbird’s development remains the same. I’m glad Thunderbird and its users found a way forward for the application, but I’ve never been a fan of these complex, overloaded e-mail/groupware applications like Thunderbird, Evolution, and Kmail. I use Geary because it focuses on one thing and does it well – e-mail – and it doesn’t try to also do all sorts of stuff I don’t want an e-mail client to do. As a side note, KDE could really use a Geary-like simple e-mail client – because Kmail is not in a great state.
A couple of weeks ago, we landed a commit that took years of effort at Mozilla. It removed “XBL”, which means we’ve completed the process of migrating the Firefox UI to Web Components. It wasn’t easy – but I’ll get to that later. It’s taken a couple years of work of remarkably steady progress by a small team of engineers along with the support of the rest of the organization, and I’m happy to report that we’ve now finished. This is a big accomplishment on its own, and also a foundational improvement for Firefox. It allows teams to focus efforts on modern web standards, and means we can remove a whole lot of duplicated and complicated functionality that wasn’t exposed to websites. The fact the people at Mozilla have been able to do this without any major disruptions to Firefox users is pretty impressive.
Sideloading is a method of installing an extension in Firefox by adding an extension file to a special location using an executable application installer. This installs the extension in all Firefox instances on a computer. Sideloaded extensions frequently cause issues for users since they did not explicitly choose to install them and are unable to remove them from the Add-ons Manager. This mechanism has also been employed in the past to install malware into Firefox. To give users more control over their extensions, support for sideloaded extensions will be discontinued. This blog post requires some very clear translating before all of grab our pitchforks. Users will still be able to install extensions from outside Mozilla’s own add-on website, and developers will still be able to distribute them separately. The functionality Mozilla is removing from Firefox is the ability for application installers – such as Skype – to dump an extension in a folder and then have that extension be installed in every Firefox profile on the machine.
And today we’re excited to announce that we’re moving to a four-week release cycle! We’re adjusting our cadence to increase our agility, and bring you new features more quickly. In recent quarters, we’ve had many requests to take features to market sooner. Feature teams are increasingly working in sprints that align better with shorter release cycles. Considering these factors, it is time we changed our release cadence. I’ve been incredibly satisfied with Firefox for a long time now, and aside from a few hiccups along the way, I trust the team to handle a faster release cycle just fine.
I’ve found myself agreeing wholeheartedly with the recent pushes to get people to switch from Chrome to Firefox. Google keeps pulling dumb trick after dumb trick in an attempt to have more control over the web. It’s hard not to think that this kind of behavior warrants quitting Chrome and other Google products. But taking a look at Firefox usage statistics, it’s pretty obvious that the trend (looking at Monthly Active Users) is going in the wrong direction. This raises some questions: why is Firefox usage going down, and what does Mozilla need to do to bring it back up? Harsh, but fair. Firefox’s out-of-the-box defaults are very counter-intuitive to its privacy-focused marketing. Nonsense like recommended articles littering the new tab page, forced Pocket integration that you can only disable through about:config, recommended themes and extensions based on your usage, Google being the default browser, and so on, all seem to fly in the face of claims that using Firefox allows you to take control of your privacy. Sure, I disable the Pocket integration, set DDG as my default search engine, and do other things to decrapify Mozilla’s terrible defaults (Firefox is my browser on all my computers and mobile devices), but regular users shouldn’t have to.
At Firefox, we’re passionate about providing solutions for people who care about safety, privacy and independence. For several months, we’ve been working on a new strategy for our Android products to serve you even better. Today we’re very happy to announce a pilot of our new browser for Android devices that is available to early adopters for testing as of now. We’ll have a feature-rich, polished version of this flagship application available for this fall. This version does not yet support extensions, making it a bit useless for me at this stage. I hope they address that soon.
Recently, Firefox had an incident in which most add-ons stopped working. This was due to an error on our end: we let one of the certificates used to sign add-ons expire which had the effect of disabling the vast majority of add-ons. Now that we’ve fixed the problem for most users and most people’s add-ons are restored, I wanted to walk through the details of what happened, why, and how we repaired it. An in-depth look at the cause and fixes for the devastating extensions bug that hit Firefox users over the weekend, written by Firefox CTO Eric Rescorla.
Update: a partial fix has been shipped by Mozilla A few hours ago a security certificate that Mozilla used to sign Firefox add-ons expired. What this means is that every add-on signed by that certificate, which seems to be nearly all of them, will now be automatically disabled by Firefox as security measure. In simpler terms, Firefox doesn’t trust any add-ons right now. Basically, all your Firefox extensions will be disabled and won’t work until Mozilla fixes this embarrassing issue. Until they do, you can go to about:config and set xpinstall.signature.required to false. This is obviously a major security issue, so only change this flag if you know what you’re doing, and don’t forget to set it back to true once Mozilla fixes the issue.
A recently published support document highlights Mozilla’s plans for the current Firefox for Android and also Fenix. Mozilla’s main idea is to maintain the legacy version of Firefox for Android until Fenix reaches migration readiness status. Firefox users on Android should be able to use the legacy version until Fenix is ready while Mozilla wants to minimize support costs. Fenix currently does not support extensions just yet, so I’ll be staying on the regular Firefox for Android until that has been addressed.