Cloudflare has released the beta of its new "browser isolation" service, which runs a web browser in the cloud, reports TechRadar. As more and more computing is done inside a browser as opposed to on a system itself, many enterprise organizations have begun to deploy browser isolation services where the browser doesn't actually run on a user's computer. Instead the browser runs on a virtual machine inside a cloud provider's data center. This means that any threats from the browser will stay in that virtual machine and won't be able to infect a corporate laptop or move laterally across an organization's network...

Cloudflare Browser Isolation does thing a bit differently by sending the final output of a browser's web page rendering. As a result, the only thing every sent to a user's device is a package of draw commands to render the webpage and this also means that the company's new service will be compatible with any HTML5 compliant browser including Chrome, Safari, Edge and Firefox.

As Cloudflare has data centers in 200 cities around the world, its browser isolation service should be able to deliver a responsive web browsing experience regardless of where a user is located.
It's part of a larger push, since this week Cloudflare also released their network-as-a-service solution "Cloudflare One," which according to Cloudflare "protects and accelerates the performance of devices, applications, and entire networks to keep workforces secure." "After decades of building legacy corporate networks, organizations are left with clunky systems designed to protect their now empty offices. The only way to secure today's work-from-anywhere economy is to secure each individual employee, protecting their individual networks, devices, and access to business-critical applications," said Matthew Prince, CEO of Cloudflare... Companies have traditionally used a castle-and-moat approach to security, creating a barrier between the enterprise network and external threats. Now that applications have moved to the cloud, and more employees have moved outside of the office, that model is broken.

Employees are frustrated with the speed and experience of VPNs, and organizations want an alternative to the expensive patchwork of legacy solutions required to secure and connect corporate offices to each other and the internet. Today's new landscape requires a zero trust approach, where organizations do not automatically trust any requests to corporate data or resources, and instead, verify every attempt to connect to corporate systems before allowing them access... This unified solution enables fast and safe connections to workplace applications, allows teams to use an app without exposing it to the public internet, makes personal devices safe for business use, and works in any environment with any cloud provider.

Engadget reports: One big benefit of iOS 14 is that you can set non-Apple-made apps as your default, including for email and web browsing. Hot on the heels of you being able to set Chrome and Gmail as your clients of choice, Firefox is enabling you to make its browser the default on iPhones and iPads. Naturally, you'll need to have both the latest version of the operating system and the apps, and then just make the switch inside settings.
Meanwhile, Bleeping Computer profiles some of the new features in this week's release of Firefox 81, including:

• The ability to control videos via your headset and keyboard even if you're not using Firefox at the time

• A new credit card autofill feature for Firefox users in the U.S. and Canada

• A new theme called AlpenGlow

• Firefox can now be set as the default system PDF viewer

"Mozilla has fixed a bug that can be abused to hijack all the Firefox for Android browsers on the same Wi-Fi network and force users to access malicious sites, such as phishing pages," reports ZDNet: The bug was discovered by Chris Moberly, an Australian security researcher working for GitLab. The actual vulnerability resides in the Firefox SSDP component. SSDP stands for Simple Service Discovery Protocol and is the mechanism through which Firefox finds other devices on the same network in order to share or receive content (i.e., such as sharing video streams with a Roku device).

When devices are found, the Firefox SSDP component gets the location of an XML file where that device's configuration is stored. However, Moberly discovered that in older versions of Firefox, you could hide Android "intent" commands in this XML and have the Firefox browser execute the "intent," which could be a regular command like telling Firefox to access a link...

The bug was fixed in Firefox 79; however, many users may not be running the latest release. Firefox for desktop versions were not impacted.

Wired has highlighted several browser extensions that "are a simple first step in improving your online privacy." Other steps to take include adding a privacy-first browser and VPN to further mask your web activity. An anonymous reader shares the report: Privacy Badger is one of the best options for blocking online tracking in your current browser. For a start, it's created by the Electronic Frontier Foundation, a US-based non-profit digital rights group that's been fighting online privacy battles since 1990. It's also free. Privacy Badger tracks all the elements of web pages you visit -- including plugins and ads placed by external companies. If it sees these appearing across multiple sites you visit then the extension tells your browser not to load any more of that content.

DuckDuckGo is best-known for its anonymous search engine that doesn't collect people's data. DuckDuckGo also makes an extension for Chrome. The Privacy Essentials extension blocks hidden third-party trackers, showing you which advertising networks are following you around the web over time. The tool also highlights how websites collect data through a partnership with Terms of Service Didn't Read and includes scores for sites' privacy policies. It also adds its non-tracking search to Chrome.

The Ghostery browser extension blocks trackers and shows lists of which ones are blocked for each site (including those that are slow to load), allows trusted and restricted sites to be set up and also lets people you block ads. The main Ghostery extension is free but there's also a paid for $49 per month subscription that provides detailed breakdowns of all trackers and can be used for analysis or research. There are Ghostery extensions for Chrome, Firefox, Microsoft Edge and Opera.

Unlike other tools here, Adblock Plus is primarily marketed as an ad blocking tool -- the others don't necessarily block ads by default but aim to be privacy tools that may limit the most intrusive types of ads. Using an ad blocker comes with a different set of ethical considerations to tools that are designed to stop overly intrusive web tracking; ad blockers will block a much wider set of items on a webpage and this can include ads that don't follow people around the web. Adblock Plus is signed up to the Acceptable Ads project that shows non-intrusive ads by default (although this can be turned off). On a privacy front Adblock Plus's free extensions block third party trackers and allow for social media sharing buttons that send information back to their owners to be disabled.

Software engineer Cal Paterson writes: Mozilla recently announced that they would be dismissing 250 people. That's a quarter of their workforce so there are some deep cuts to their work too. The victims include: the MDN docs (those are the web standards docs everyone likes better than w3schools), the Rust compiler and even some cuts to Firefox development. Like most people I want to see Mozilla do well but those three projects comprise pretty much what I think of as the whole point of Mozilla, so this news is a a big let down. The stated reason for the cuts is falling income. Mozilla largely relies on "royalties" for funding. In return for payment, Mozilla allows big technology companies to choose the default search engine in Firefox - the technology companies are ultimately paying to increase the number of searches Firefox users make with them. Mozilla haven't been particularly transparent about why these royalties are being reduced, except to blame the coronavirus. I'm sure the coronavirus is not a great help but I suspect the bigger problem is that Firefox's market share is now a tiny fraction of its previous size and so the royalties will be smaller too - fewer users, so fewer searches and therefore less money for Mozilla.

The real problem is not the royalty cuts, though. Mozilla has already received more than enough money to set themselves up for financial independence. Mozilla received up to half a billion dollars a year (each year!) for many years. The real problem is that Mozilla didn't use that money to achieve financial independence and instead just spent it each year, doing the organisational equivalent of living hand-to-mouth. Despite their slightly contrived legal structure as a non-profit that owns a for-profit, Mozilla are an NGO just like any other. In this article I want to apply the traditional measures that are applied to other NGOs to Mozilla in order to show what's wrong. These three measures are: overheads, ethics and results.

Slashdot reader Hmmmmmm quotes Ghacks: Raymond Hill, known online as gorhill, has set the status of the uMatrix GitHub repository to archived; this means that it is read-only at the time and that no updates will become available.

The uMatrix extension is available for several browsers including Firefox, Google Chrome, and most Firefox and Chromium-based browsers. It is a privacy and security extensions for advanced users that provides firewall-like capabilities when it is installed...

Hill suggests that developers could fork the extension to continue development under a new name. There is also the chance that Hill might resume development in the future but there is no guarantee that this is going to happen.

For now, uMatrix is no longer in active development.

Mozilla is shutting down two of its legacy products, Firefox Send and Firefox Notes, the company announced today. From a report: "Both services are being decommissioned and will no longer be a part of our product family," a Mozilla spokesperson told ZDNet this week. Of the two, the most beloved was Firefox Send, a free file-sharing service, and one of the few that supported sharing files in encrypted formats. Launched in March 2019, the service gained a dedicated fanbase but Send was taken offline earlier this summer after ZDNet reported on its constant abuse by malware groups. At the time, Mozilla said that Send's shutdown was temporary and promised to find a way to curb the service's abuse in malware operations. But weeks later, things changed after Mozilla leadership laid off more than 250 employees as part of an effort to re-focus its business on commercial products.

YouTube's video recommendation system has been repeatedly accused by critics of sending people down rabbit holes of disinformation and extremism. Now Mozilla, the nonprofit that makes the Firefox browser, wants YouTube's users to help it research how the controversial algorithms work. From a report: Mozilla on Thursday announced a project that asks people to download a software tool that gives Mozilla's researchers information on what video recommendations people are receiving on the Google-owned platform. YouTube's algorithms recommend videos in the "What's next" column along the right side of the screen, inside the video player after the content has ended, or on the site's homepage. Each recommendation is tailored to the person watching, taking into account things like their watch history, list of channel subscriptions or location. The recommendations can be benign, like another live performance from the band you're watching. But critics say YouTube's recommendations can also lead viewers to fringe content, like medical misinformation or conspiracy theories.

How-To Geek has discovered three of the world's most popular web browsers contain Easter Eggs: It seems like every browser has a hidden game these days. Chrome has a dinosaur game, Edge has surfing, and Firefox has . . . unicorn pong? Yep, you read that right — here's how to play it.

First, open Firefox. Click the hamburger menu (the three horizontal lines) at the upper right, and then click "Customize." On the "Customize Firefox" tab, you'll see a list of interface elements to configure the toolbar. Click and drag all the toolbar items except "Flexible Space" into the "Overflow Menu" on the right.

Click the Unicorn button that appears at the bottom of the window....
There's screenshots in the article illustrating all of the steps — and the result.

Forbes reports: Firefox is exploring subscriptions and other "value exchange" services to ease its financial dependence on rival Google, according to the browser's lead developer.

Firefox maker, Mozilla, is in the uneasy position of being financially dependent on its search deal with Google, which accounts for the majority of the organization's revenue. Although Mozilla only last month renewed the search deal, ensuring Google remains the default search engine for Firefox in the U.S. and other territories, the company is keen to explore other ways of raising revenue, including charging users for services.

Mozilla's partnership with Google is an uncomfortable alliance, not only because the companies distribute rival browsers, but because their values are markedly different. While Google generates the vast bulk of its revenue from online advertising, Firefox's developers expend much of their effort creating tools that thwart advertisers, including the automatic blocking of third-party tracking tools and social-media trackers. "At Mozilla, we tend to believe things are at their best when users have this transparent value exchange," said Dave Camp, senior vice president of Firefox at Mozilla. "The advertising model has become a default way to fund things on the internet and to fund products, and we're pretty interested — not just for financial reasons, but actually for health of the internet reasons — to explore how can we do better for users than advertising."

Mozilla recently began charging users $4.99 per month for its VPN product and Camp says the company is exploring other subscription products. "We don't have any immediate plans in the Firefox team to do add-on services or anything like that at the moment, but we're going to look at other ways to get some value exchange going on," said Camp.

Mozilla will add a new security feature to Firefox in October that will make it harder for malicious web pages to initiate automatic downloads and plant malware-laced files on a user's computer. From a report: Called a drive-by download, this type of attack has been around for two decades and usually takes place when users visit a website that contains malicious code placed there by an attacker. The role of the malicious code is to abuse legitimate features in browsers and web standards to initiate an automatic file download or download prompt, in the hopes of tricking the user into running a malicious file. There are multiple forms of drive-by downloads, depending on the browser feature attackers decide to use. Browsers like Chrome, Firefox, and Internet Explorer have, across the years, gradually deployed various forms of protections against automatic drive-by downloads, but 100% protection can't be fully achieved because browser makers can't fully block legitimate web features and also because of the shifting landscape of web attacks, with attackers always finding a new hole to poke at.

Today, Mozilla launched the updated Firefox Android app with a version that many thought was a beta because it was full of bugs and UI issues. According to The Register, this was a deliberate software release and is the new version of Firefox for Android, which is set to hit the UK today, August 25, and the U.S. on the 27th. From the report: A Reg reader yesterday alerted us to an August 20 version bump that was causing so many problems, our tipster thought it was a beta that had gone seriously awry. "To sum it up, on 20th of August, Firefox 79 was unexpectedly forced on a large batch of Firefox 68 Android users without any warning, way to opt out or roll back," our reader reported. "A lot got broken in the process: the user interface, tabs, navigation, add-ons." Meanwhile, the Google Play store page for the completely free and open-source Firefox has a rash of one-star reviews echoing similar complaints: after the upgrade, little seemed to work as expected. "This is the worst 'upgrade' I've ever experienced," said netizen Martin Lindenmayer. "My main gripe is that there is no back button (to return to your previous page) anymore."

What's happened is this: the last stable version of Firefox for Android was version 68, released in 2019. For over a year, Mozilla has been working on an overhaul of its browser in a project code-named Fenix. Moz has slowly rolled out the result of its work to netizens in preview and beta form -- and since the end of July, as a proper release: version 79. This new stable version is what appeared on people's devices. As well as changes to the user interface and many new features that have thrown some users, it is also missing support for all extensions. In fact, by last count, only nine add-ons are supported so far, though this is expected to increase over time. The browser has also adopted Mozilla's GeckoView engine. If you accidentally updated the app and would like to roll back the update, you won't be able to. "[O]nce you've upgraded to the new browser, you won't be able to return to the old browser," says Mozilla.

For more information about the upgrade process, you can check out the browser's FAQ page.

An anonymous reader writes: After more than a year of development, Mozilla today launched Firefox 79 for Android, branded Firefox Daylight. Like with Firefox 57 Quantum, Firefox Daylight gets its own name as it marks "a new beginning for our Android browser." The new version is "an entirely overhauled, faster, and more convenient product." Firefox Daylight includes Enhanced Tracking Protection on by default, a new user interface, Mozilla's own mobile browser engine GeckoView, and a slew of new features. Mozilla is rolling out the new Firefox for Android globally, starting in Germany, France, and the U.K. today, and North America starting August 27.

"Even with another infusion of cash from Google, you have to wonder just how long Firefox will survive as a viable, mainstream web browser," argues ZDNet contributing editor Steven J. Vaughan-Nichols: I've been using Mozilla's Firefox browser since it was still in beta. In 2004, for a while, it was my favorite web browser. Not because it was open-source, but because it was so much better and more secure than Internet Explorer. That was then. This is now. Firefox is in real danger of dying off...

Mozilla and Firefox still produced important work. You need to look no further than the JavaScript, Rust, and WebAssembly languages. They were also champions of security and privacy. Projects such as embracing DNS-over-HTTPS (DoH) and overall security improvements were great, but users didn't care. With the arrival of Google's Chrome browser, users turned from Firefox to Chrome as their favorite browser...

Firefox is on its way to irrelevance. Making matters even worse, Mozilla's just had its second round of layoffs... As technology writer Matthew MacDonald put it, "Mozilla "." Firefox's security and development teams have also been hard hit. This is bad. In January. Mitchell Baker, Mozilla Corporation CEO and Mozilla Foundation chairperson, said it let people go because of declining interest in Firefox, and thus reduced earnings, and that Mozilla was looking for more revenue from "sources outside of search" but "this did not happen." It still isn't happening. According to Mozilla's latest annual report, the majority of its revenue is still generated from global browser search partnerships. This includes the deal negotiated with Google in 2017... Baker assured onlookers that Mozilla would "ship new products faster and develop new revenue streams." These include its bookmarking app Pocket; its virtual rooms Hubs; and its $4.99-a-month Firefox VPN. Excuse me if I don't buy any of these new revenue sources....

Firefox will live on in one way or the other. It's open source after all. But Firefox as an important browser, or Mozilla as a significant open-source developer hub? No. I can't see it. Those days are done. Firefox is officially on my endangered species list.
Technology writer Matthew MacDonald ended his Medium essay on a more hopeful note. "If you have the skills and time, the best possible support is to join the Mozilla community and contribute to their code base."

Mozilla and Google have extended their search deal for another three years, news outlet ZDNet reported Wednesday, citing sources familiar with thee matter. Mozilla confirmed the news. From a report: The new search deal will ensure Google remains the default search engine provider inside the Firefox browser until 2023 at an estimated price tag of around $400 million to $450 million per year. Mozilla officials are expected to announce the search deal's extension later this fall, in November, when the organization is scheduled to disclose its 2019 financial figures. Terms of the new deal were leaked to this reporter after Mozilla announced plans to lay off more than 250 employees on Wednesday in a move that had many users fearing for the browser maker's future, as Mozilla's current Google search deal was scheduled to expire at the end of the year. However, several sources have confirmed that the organization is sound financially, and the layoffs were part of a restructuring of its core business, with Mozilla moving away from its current role of internet standards steward and experimental approach to its product catalog to more commercially-viable offerings that generate revenues on their own.

Firefox has fixed a bug that was being exploited in the wild by tech support scammers to create artificial mouse cursors and prevent users from easily leaving malicious sites. From a report: The bug was discovered being abused online by UK cyber-security firm Sophos and reported to Mozilla earlier this year. A bugfix was provided and has been live in Firefox since version 79.0, released last week. he bug is a classic "evil cursor" attack and works because modern browsers allow site owners to modify how the mouse cursor looks while users are navigating their websites. This type of customization might look useless, but it's often used for browser-based games, browser augmented reality, or browser virtual reality experiences. However, custom cursors have been a major problem for the regular web. In evil cursor attacks, malicious websites tamper with cursor settings in order to modify where the actual cursor is visible on screen, and where the actual click area is.

An anonymous reader shares a report: For years now, Google Chrome has been an absolute dominant force in the world of web browsers, but since the relaunch of Microsoft Edge based on Google's Chromium, that position has been challenged. Now, Google is preparing to drive more Android owners back to using Chrome through targeted notifications. Over the admittedly brief history of the Internet, there have been a number of fierce competitions, commonly called "browser wars," between companies, in an effort to get more people to use their particular web browser. Mozilla and Netscape waged war against Internet Explorer, and Chrome fought and won against Firefox. Most recently, Microsoft Edge and Samsung Internet have begun to wage war against Chrome on desktop and Android respectively. Now, we've found that Google is preparing to try and win back some of those who have left Chrome for other browsers, starting on Android. Based on our reading of a series of code changes, we believe Google Chrome for Android will send you a notification if you haven't used Chrome in a while.

An anonymous reader writes: Mozilla today started rolling out Enhanced Tracking Protection (ETP) 2.0 in Firefox. While the company technically launched Firefox 79 for Windows, Mac, and Linux last week, it only unveiled its marquee feature today. Firefox 79 by default blocks redirect tracking, also known as bounce tracking, and adds a handful of new developer features. [...] Since enabling Enhanced Tracking Protection by default, Mozilla says it has blocked 3.4 trillion tracking cookies. But the company notes the ad industry has since created workarounds and new ways to collect user data as you browse the web.

July's statistics from web analytics firm Net Applications showed continuing changes in the most frequently-used web browsers. Softpedia reports: Last month, Google Chrome increased its market share from 70.19% to 71.00%, while Microsoft Edge jumped from 8.07% to 8.46%... The migration to the Chromium engine allowed Microsoft to turn Edge into a cross-platform browser, and this is one of the reasons that contributed to the growth of the new app. Edge is now available not only on Windows 10, but also on Windows 7, Windows 8, Windows 8.1, and even macOS. At the same time, Microsoft is also working on a Linux version of the browser, and a preview build is expected by the end of the year.

But what made Microsoft Edge the second most-used desktop browser out there so fast after the switch to Chromium is definitely Microsoft offering it as the default browser in Windows 10.
But what about Firefox? And Opera, and Apple's Safari? Computerworld reports: A decade ago, Mozilla's browser may have dreamed of upsetting the then-order of things, taking its April 2010 share of 25.1% and parlaying it into victory over IE — down to 61.2% by then... But that was Firefox's peak.

At the end of July, Firefox stood at 7.3%, down three-tenths of a percentage point from the previous month... Firefox let its second-place spot (far, far behind Chrome) slip away in March, when Edge snatched it. That did not change in July. The gap between the two more than doubled, in fact, to 1.2 points. On almost every browser share metric, Firefox is in trouble... Since the end of January, Firefox has been stuck in the 7s; for the eight months before that, it was mired in the 8s; and between May 2018 and March 2019, Firefox floundered in the 9s. The trend is crystal clear...

Elsewhere in Net Applications' numbers, Apple's Safari plunged to 3%, a loss of six-tenths of a point, its lowest mark since late 2008. Opera software's Opera also took a dive, ending July at 0.8%, a decline of three-tenths of a point. Those numbers have to be frightening to both those browsers' makers.

Some Windows 10 users have complained that when Microsoft sets up its Edge browser, it steals data from Chrome and Firefox without asking first, writes ZDNet columnist Chris Matyszczyk.

But today a reader sent him a new complaint involving Windows 7: "My wife's computer, which is running Windows 7, got a Windows update this morning, which then gave the full-screen welcome page for Edge Chromium. She was terrified as this looked exactly as if malware had taken over the machine... How could any application be running that she hadn't started? How is it that Microsoft can't manage to provide security updates for Windows 7, as it is end of life, but still manage to force a new web browser that isn't wanted on Windows 7 users...?"

"The full-screen welcome page for Chomium Edge did have a faint 'close' gadget in the top right, which was the very first thing we clicked... This still left Edge pinned on the taskbar and when I hovered over it, it showed all the recent sites she had visited on Chrome. So it must have stolen that data from Chrome which is the only browser she ever uses."
The ZDNet columnist shared his own reaction to the story. "Edge is a fine browser. It's quick, effective, and has superior privacy instincts than does Chrome. I have begun to use it and I like it. When you launch a new product, however, you have two choices: You can announce it, make people feel good about it, and then rely on word of mouth. Or you can try ramming it down people's throats.

"The former is often more effective. Microsoft has chosen the latter."