Mozilla, Gecko Archive
Today, Firefox began the rollout of encrypted DNS over HTTPS (DoH) by default for US-based users. The rollout will continue over the next few weeks to confirm no major issues are discovered as this new protocol is enabled for Firefox’s US-based users. At the creation of the internet, these kinds of threats to people’s privacy and security were known, but not being exploited yet. Today, we know that unencrypted DNS is not only vulnerable to spying but is being exploited, and so we are helping the internet to make the shift to more secure alternatives. We do this by performing DNS lookups in an encrypted HTTPS connection. This helps hide your browsing history from attackers on the network, helps prevent data collection by third parties on the network that ties your computer to websites you visit. We can only hope other browsers will follow soon. This is a very important and great improvement.
There was a time when Thunderbird’s future was uncertain, and it was unclear what was going to happen to the project after it was decided Mozilla Corporation would no longer support it. But in recent years donations from Thunderbird users have allowed the project to grow and flourish organically within the Mozilla Foundation. Now, to ensure future operational success, following months of planning, we are forging a new path forward. Moving to MZLA Technologies Corporation will not only allow the Thunderbird project more flexibility and agility, but will also allow us to explore offering our users products and services that were not possible under the Mozilla Foundation. The move will allow the project to collect revenue through partnerships and non-charitable donations, which in turn can be used to cover the costs of new products and services. Thunderbird’s focus isn’t going to change. We remain committed to creating amazing, open source technology focused on open standards, user privacy, and productive communication. The Thunderbird Council continues to steward the project, and the team guiding Thunderbird’s development remains the same. I’m glad Thunderbird and its users found a way forward for the application, but I’ve never been a fan of these complex, overloaded e-mail/groupware applications like Thunderbird, Evolution, and Kmail. I use Geary because it focuses on one thing and does it well – e-mail – and it doesn’t try to also do all sorts of stuff I don’t want an e-mail client to do. As a side note, KDE could really use a Geary-like simple e-mail client – because Kmail is not in a great state.
A couple of weeks ago, we landed a commit that took years of effort at Mozilla. It removed “XBL”, which means we’ve completed the process of migrating the Firefox UI to Web Components. It wasn’t easy – but I’ll get to that later. It’s taken a couple years of work of remarkably steady progress by a small team of engineers along with the support of the rest of the organization, and I’m happy to report that we’ve now finished. This is a big accomplishment on its own, and also a foundational improvement for Firefox. It allows teams to focus efforts on modern web standards, and means we can remove a whole lot of duplicated and complicated functionality that wasn’t exposed to websites. The fact the people at Mozilla have been able to do this without any major disruptions to Firefox users is pretty impressive.
Sideloading is a method of installing an extension in Firefox by adding an extension file to a special location using an executable application installer. This installs the extension in all Firefox instances on a computer. Sideloaded extensions frequently cause issues for users since they did not explicitly choose to install them and are unable to remove them from the Add-ons Manager. This mechanism has also been employed in the past to install malware into Firefox. To give users more control over their extensions, support for sideloaded extensions will be discontinued. This blog post requires some very clear translating before all of grab our pitchforks. Users will still be able to install extensions from outside Mozilla’s own add-on website, and developers will still be able to distribute them separately. The functionality Mozilla is removing from Firefox is the ability for application installers – such as Skype – to dump an extension in a folder and then have that extension be installed in every Firefox profile on the machine.
And today we’re excited to announce that we’re moving to a four-week release cycle! We’re adjusting our cadence to increase our agility, and bring you new features more quickly. In recent quarters, we’ve had many requests to take features to market sooner. Feature teams are increasingly working in sprints that align better with shorter release cycles. Considering these factors, it is time we changed our release cadence. I’ve been incredibly satisfied with Firefox for a long time now, and aside from a few hiccups along the way, I trust the team to handle a faster release cycle just fine.
I’ve found myself agreeing wholeheartedly with the recent pushes to get people to switch from Chrome to Firefox. Google keeps pulling dumb trick after dumb trick in an attempt to have more control over the web. It’s hard not to think that this kind of behavior warrants quitting Chrome and other Google products. But taking a look at Firefox usage statistics, it’s pretty obvious that the trend (looking at Monthly Active Users) is going in the wrong direction. This raises some questions: why is Firefox usage going down, and what does Mozilla need to do to bring it back up? Harsh, but fair. Firefox’s out-of-the-box defaults are very counter-intuitive to its privacy-focused marketing. Nonsense like recommended articles littering the new tab page, forced Pocket integration that you can only disable through about:config, recommended themes and extensions based on your usage, Google being the default browser, and so on, all seem to fly in the face of claims that using Firefox allows you to take control of your privacy. Sure, I disable the Pocket integration, set DDG as my default search engine, and do other things to decrapify Mozilla’s terrible defaults (Firefox is my browser on all my computers and mobile devices), but regular users shouldn’t have to.
At Firefox, we’re passionate about providing solutions for people who care about safety, privacy and independence. For several months, we’ve been working on a new strategy for our Android products to serve you even better. Today we’re very happy to announce a pilot of our new browser for Android devices that is available to early adopters for testing as of now. We’ll have a feature-rich, polished version of this flagship application available for this fall. This version does not yet support extensions, making it a bit useless for me at this stage. I hope they address that soon.
Recently, Firefox had an incident in which most add-ons stopped working. This was due to an error on our end: we let one of the certificates used to sign add-ons expire which had the effect of disabling the vast majority of add-ons. Now that we’ve fixed the problem for most users and most people’s add-ons are restored, I wanted to walk through the details of what happened, why, and how we repaired it. An in-depth look at the cause and fixes for the devastating extensions bug that hit Firefox users over the weekend, written by Firefox CTO Eric Rescorla.
Update: a partial fix has been shipped by Mozilla A few hours ago a security certificate that Mozilla used to sign Firefox add-ons expired. What this means is that every add-on signed by that certificate, which seems to be nearly all of them, will now be automatically disabled by Firefox as security measure. In simpler terms, Firefox doesn’t trust any add-ons right now. Basically, all your Firefox extensions will be disabled and won’t work until Mozilla fixes this embarrassing issue. Until they do, you can go to about:config and set xpinstall.signature.required to false. This is obviously a major security issue, so only change this flag if you know what you’re doing, and don’t forget to set it back to true once Mozilla fixes the issue.
A recently published support document highlights Mozilla’s plans for the current Firefox for Android and also Fenix. Mozilla’s main idea is to maintain the legacy version of Firefox for Android until Fenix reaches migration readiness status. Firefox users on Android should be able to use the legacy version until Fenix is ready while Mozilla wants to minimize support costs. Fenix currently does not support extensions just yet, so I’ll be staying on the regular Firefox for Android until that has been addressed.
It’s no secret that Google Chrome is the world’s most popular browser, and while a lot of that might be owed to its quality, some believe that Google intentionally sabotaged competing browsers in order to grow in popularity. A former Mozilla executive has lashed out at the Mountain View company for repeatedly and continuously finding less-than-desirable ways to promote its own browser. Jonathan Nightingale posted a series of tweets over the weekend, detailing some of the events that took place between Google and Mozilla over the years. Nightingale starts by pointing out that Google typically played nice with Mozilla before Chrome was a thing, but things turned sour once Google’s browser launched. While the company kept trying to convince Mozilla that both organizations were on the same side, things would often break in Firefox for no real reason. This is really not that surprising. The only reason Google plays nice with Mozilla is the same reason Microsoft invested in Apple in the late ’90s and kept its products available on Mac OS despite the fact the Mac was basically dead: they need an antitrust lightning rod.
At Mozilla, we are always committed to people’s security and privacy. It’s part of our long-standing Mozilla Manifesto. We are continually looking for new ways to fulfill that promise, whether it’s through the browser, apps or services. So, it felt natural to graduate one of our popular Test Pilot experiments, Firefox Send. Send is a free encrypted file transfer service that allows users to safely and simply share files from any browser. Additionally, Send will also be available as a an Android app in beta later this week. Now that it’s a keeper, we’ve made it even better, offering higher upload limits and greater control over the files you share. Neat feature, because sending files is still a messy and unpleasant experience. I trust Mozilla to do this right.
We know that unsolicited volume can be a great source of distraction and frustration for users of the web. So we are making changes to how Firefox handles playing media with sound. We want to make sure web developers are aware of this new autoplay blocking feature in Firefox. Starting with the release of Firefox 66 for desktop and Firefox for Android, Firefox will block audible audio and video by default. We only allow a site to play audio or video aloud via the HTMLMediaElement API once a web page has had user interaction to initiate the audio, such as the user clicking on a “play” button. Good move, and long overdue. Autplaying video isn’t just a mere annoyance – it’s incredibly rude, obnoxious and desrespectful.
A Microsoft program manager has caused a stir on Twitter over the weekend by suggesting that Firefox-maker Mozilla should give up on its own rendering engine and move on with Chromium. “Thought: It’s time for @mozilla to get down from their philosophical ivory tower. The web is dominated by Chromium, if they really ‘cared’ about the web, they would be contributing instead of building a parallel universe that’s used by less than five percent?” wrote Kenneth Auchenberg, who builds web developer tools for Microsoft’s Visual Studio Code. This is such a rude and discourteous thing to say to a competitor – a competitor that has played a crucial role in bringing back competition to the browser market back when Internet Explorer 6 kept the web down like an anker. We need competition on the web.
According to Mozilla’s plugin roadmap, the firm planned to disable Flash by default in Firefox sometime this year. Now, a new bug filing has revealed that the plugin will be disabled as of Firefox 69 which is due for release on September 3, 2019. Mozilla will disable Flash beginning with the Nightly builds before it works its way down to the Stable channel. The disabling of Flash comes in anticipation of Adobe ending support for its Flash plugin at the end of 2020. Mozilla has said that it will completely remove Flash support for consumer versions of Firefox in early 2020, while the Extended Support Release (ESR) version will have support until the end of the year. In 2021, Mozilla has said that Firefox will refuse entirely to load the plugin due to a lack of security updates from Adobe. Aside from the occasional Flash-based online game, is Flash even a thing these days? Do any of you still use it on a regular basis?
Mozilla's response to Microsoft adopting Chromium.
Microsoft is officially giving up on an independent shared platform for the internet. By adopting Chromium, Microsoft hands over control of even more of online life to Google.
This may sound melodramatic, but it's not. The "browser engines" - Chromium from Google and Gecko Quantum from Mozilla - are "inside baseball" pieces of software that actually determine a great deal of what each of us can do online. They determine core capabilities such as which content we as consumers can see, how secure we are when we watch content, and how much control we have over what websites and services can do to us. Microsoft's decision gives Google more ability to single-handedly decide what possibilities are available to each one of us.
The question is now how long Firefox will be able to survive. The cold and harsh truth is that Firefox usage hasn't exactly been trending upwards, and with even Microsoft throwing its full weight behind Chromium, even more web developers won't even bother to test against anything other than Chromium and Apple's WebKit. How long can Mozilla and Firefox survive this reality?
As of last nightly (20181115100051), Firefox now supports Wayland on Linux, thanks to the work from Martin Stransky and Jan Horak, mostly.
Before that, it was possible to build your own Firefox with Wayland support (and Fedora does it), but now the downloads from mozilla.org come with Wayland support out of the box for the first time.
The transition to Wayland seems to be taking its time, but with how big of an undertaking this is, that only makes sense.
After considering the maintenance, performance and security costs of the feed preview and subscription features in Firefox, we've concluded that it is no longer sustainable to keep feed support in the core of the product. While we still believe in RSS and support the goals of open, interoperable formats on the Web, we strongly believe that the best way to meet the needs of RSS and its users is via WebExtensions.
With that in mind, we have decided to remove the built-in feed preview feature, subscription UI, and the "live bookmarks" support from the core of Firefox, now that improved replacements for those features are available via add-ons.
I would assume most RSS users already use more capable RSS readers and/or browser extensions, so it makes perfect sense for Firefox developers to remove this functionality from the browser so they no longer have to maintain it.
Web users are increasingly turning to ad blockers to avoid ads, which are often perceived as annoying or an invasion of privacy. While there has been significant research into the factors driving ad blocker adoption and the detrimental effect to ad publishers on the Web, the resulting effects of ad blocker usage on Web users’ browsing experience is not well understood. To approach this problem, we conduct a retrospective natural field experiment using Firefox browser usage data, with the goal of estimating the effect of adblocking on user engagement with the Web. We focus on new users who installed an ad blocker after a baseline observation period, to avoid comparing different populations. Their subsequent browser activity is compared against that of a control group, whose members do not use ad blockers, over a corresponding observation period, controlling for prior baseline usage. In order to estimate causal effects, we employ propensity score matching on a number of other features recorded during the baseline period. In the group that installed an ad blocker, we find significant increases in both active time spent in the browser (+28% over control) and the number of pages viewed (+15% over control), while seeing no change in the number of searches. Additionally, by reapplying the same methodology to other popular Firefox browser extensions, we show that these effects are specific to ad blockers. We conclude that ad blocking has a positive impact on user engagement with the Web, suggesting that any costs of using ad blockers to users' browsing experience are largely drowned out by the utility that they offer.
I, too, use ad blockers on all my browsers and devices - and I can safely say that if ad blockers didn't exist, I'd be spending a lot less time reading websites online. Note that this study was performed by Mozilla employees.
Earlier today, Mozilla pushed Firefox 62 for desktop and Android. With the release, Mozilla has introduced an UI refresh for the new tabs page as well as several dialogs like for adding or editing a bookmark, several performance enhancements to speed up browsing, and some security enhancements.
The first change that users will notice is the refreshed new tab page; with Firefox 62 users can now display up to four rows of top sites, Pocket stories and highlights. Currently, you get one row of top sites, and depending on your location you may not even get shown Pocket stories. Another UI changes that you’ll notice is in the menu where you can toggle tracking protection on and off easily.
On the performance side of things, Windows users will now get improved graphics rendering without accelerated hardware using Parallel-Off-Main-Thread Painting. Additionally, support for CSS Shapes allows for richer web page layouts, and CSS Variable Fonts support allows the browser to render "beautiful typography" with a single font file.
I don't feel it makes any sense to highlight every browser release, but randomly picking a release to talk about here on OSNews only makes sense - especially for a loyal mainstay like Firefox.