Apple is considering giving rival apps more prominence on iPhones and iPads and opening its HomePod speaker to third-party music services after criticism the company provides an unfair advantage to its in-house products. From a report: The technology giant is discussing whether to let users choose third-party web browser and mail applications as their default options on Apple's mobile devices, replacing the company's Safari browser and Mail app, according to people familiar with the matter. Since launching the App Store in 2008, Apple hasn't allowed users to replace pre-installed apps such as these with third-party services. That has made it difficult for some developers to compete, and has raised concerns from lawmakers probing potential antitrust violations in the technology industry.

The web browser and mail are two of the most-used apps on the iPhone and iPad. To date, rival browsers like Google Chrome and Firefox and mail apps like Gmail and Microsoft Outlook have lacked the status of Apple's products. For instance, if a user clicks a web link sent to them on an iPhone, it will automatically open in Safari. Similarly, if a user taps an email address -- say, from a text message or a website -- they'll be sent to the Apple Mail app with no option to switch to another email program. The Cupertino, California-based company also is considering loosening restrictions on third-party music apps, including its top streaming rival Spotify, on HomePods, said the people, who asked not to be named discussing internal company deliberations.

Mozilla has a new virtual private network service and if you have a Chromebook, a Windows 10 computer or an Android device in the US, you can start using a beta version now. From a report: Called Firefox Private Network, the new service is designed to function as a full-device VPN and give better protection when surfing the web or when using public Wi-Fi networks. The company offers two options: a free browser-extension version, which it launched in beta last year, that provides 12 one-hour VPN passes when using the Firefox browser and a Firefox account; and a second, $4.99-a-month option that provides a more complete VPN service across your whole device. The new paid option, which runs off of servers provided by Swedish open-source VPN company Mullvad, can protect up to five devices with one account. It allows for faster browsing and streaming, and gives you the ability to tap into servers located in "30-plus countries" for masking your location data.

Waterfox is an open-source web browser for x64, ARM64, and PPC64LE systems, "intended to be speedy and ethical, and maintain support for legacy extensions dropped by Firefox, from which it is forked," according to Wikipedia. (Its tabs also still have angled sides with rounded corners.)

Friday Waterfox's original creator, 24-year-old Alexandros Kontos, announced that the browser "now has funding and a development team, so Waterfox can finally start to grow!" after its acquisition by a company called System1. I started Waterfox when I was 16. It was a way for me to understand how large software projects worked and the Mozilla documentation was a great introduction... I've touted Waterfox as an ethical and privacy friendly browser... I never wanted Waterfox to be a part of the hyper-privacy community. It would just feel like standards that would be impossible to uphold, especially for something such as a web browser on the internet. Throughout the years people have always asked about Waterfox and privacy, and if they've ever wanted more than it can afford, I've always pushed them to use Tor. Waterfox was here for customisations and speed, with a good level of privacy...

I wasn't doing anything with Waterfox except developing it and making some money via search. Why I kept going throughout the years, I'll never know... System1 has been to Waterfox a search syndication partner. Essentially a way to have a search engine partnership (such as Bing) is through them, because companies such as Microsoft are too big and too busy to talk to small players such as Waterfox... It's probably the one easy way a browser can make money without doing anything dodgy, and it's a way I've been happy to do it without having to compromise Waterfox (and will be the same way System1 makes money from Waterfox -- nothing else). People also don't seem to understand what System1 does...
"Now I can finally focus on making Waterfox into a viable alternative to the big browsers," Kontos concludes.

Long-time Slashdot reader Freshly Exhumed contextualized the news with this brief history of the alternate browser ecosystem: As the usage share of web browsers continues to show a lopsideded dominance by Google Chrome, many previously-independent browsers have fallen by the wayside or have been reinvented as Chrome variants (i.e. Opera, Edge, Brave). Apple forges on with its Safari browser while other, smaller projects tend to be quite limited for multi-platform users, such as Dolphin and Bromite.

Mozilla continues independently with Firefox for almost every platform, while variants such as Pale Moon and Sea Monkey have attempted to provide products that avoid drastic and/or controversial changes made by Mozilla but sometimes do not match the multi-platform support of Firefox. Let us not forget Tor, the Firefox-based anonymity-focused browser.

Alex Kontos is a developer who attempted to provide continuity with dropped Firefox capabilities in his multi-platform Waterfox browser, proudly declaring that Firefox's user data sharing and telemetry collection was not included. For that privacy focus a certain popularity of Waterfox occurred. Now Kontos has revealed that his Waterfox project has been sold to System1, a company describing itself as "a consumer internet and applications company with the most powerful audience expansion platform in the industry."

"Lazy Loading" would augment HTML's <img> tag (and <iframe> tag) with two new attributes -- "eager" (to load immediately) and "lazy" (to load only when it becomes relevant in the viewport).

Felix Arntz, a developer programs engineer at Google (and a WordPress core committer) notes the updates in the HTML specification for the lazy loading attributes, adding that it's "already supported by several browsers, including Chrome and Edge" and also the Android browser and Opera.

And lazy loading can now also be toggled on for Firefox 75 Nightly users, reports Neowin, though it's disabled by default: It's not clear if it will be enabled by the time Firefox 75 reaches the stable branch but according to comments on the Bugzilla thread, it's in high demand. Previously, websites could employ lazy loading by using JavaScript but now lazy loading syntax is supported directly in the web browser.

The implementation in Firefox comes after Google added the feature to its browser.
Google's Arntz has also written a post describing a proposal to begin lazy-loading images by default in Wordpress. The proposed solution is available as a feature plugin WP Lazy Loading in the plugin repository. The plugin is being developed on GitHub. Your testing and feedback will be much appreciated.

Mozilla today released Firefox 73 for Windows, Mac, Linux, and Android. Firefox 73 includes a default zoom level setting, a readability backplate option, and a handful of developer features.

The "Suggested" section on the Windows 10 Start Menu used to just promote its own apps, reports MSPowerUser. But for some users (who haven't disable Microsoft's "Suggestions"), that menu is now showing a new kind of ad listing: The listing displays "Still using Firefox? Microsoft Edge is here", to all users of the former -- even with the latter already installed.

The ad provides a link to download the chromium-based browser.

Undoubtedly, the suggestions won't end here. Microsoft is reportedly planning to sprawl similar ads out to Wordpad, to encourage users to download official Office apps.
The Windows Latest blog points out that Microsoft's "Suggestions" can be "permanently disabled with a few tweaks unlike the Chrome ads in Google search results."

There is now a special page in the Firefox browser where users can see what telemetry data Mozilla is collecting from their browser. From a report: Accessible by typing about:telemetry in the browser's URL address bar, this new section is a recent addition to Firefox. The page shows deeply technical information about browser settings, installed add-ons, OS/hardware information, browser session details, and running processes. The information is what you'd expect a software vendor to collect about users in order to fix bugs and keep a statistical track of its userbase. A Firefox engineer told ZDNet the page was primarily created for selfish reasons, in order to help engineers debug Firefox test installs. However, it was allowed to ship to the stable branch also as a PR move, to put users' minds at ease about what type of data the browser maker collects from its users.

Over the past two weeks, Mozilla's add-on review team has banned 197 Firefox add-ons that were caught executing malicious code, stealing user data, or using obfuscation to hide their source code. From a report: The add-ons have been banned and removed from the Mozilla Add-on (AMO) portal to prevent new installs, but they've also been disabled in the browsers of the users who already installed them. The bulk of the ban was levied on 129 add-ons developed by 2Ring, a provider of B2B software. The ban was enforced because the add-ons were downloading and executing code from a remote server. According to Mozilla's rules, add-ons must self-contain all their code, and not download code dynamically from remote locations. Mozilla has recently begun strictly enforcing this rule across its entire add-on ecosystem. A similar ban for downloading and executing remote code in users' Firefox browsers was also levied against six add-ons developed by Tamo Junto Caixa, and three add-ons that were deemed fake premium products (their names were not shared).

Slashdot reader SmartAboutThings writes: While Microsoft Edge is right on track to replace Internet Explorer, it seems that the last one is a bigger security liability then you may think. In a newly released advisory, the Cybersecurity and Infrastructure Security Agency (CISA) [an agency within America's Department of Homeland Security] is warning users about an IE vulnerability.

To keep your personal data safe and don't expose your PC to dangerous malware, the agency further recommends "Consider using Microsoft Edge or an alternate browser until patches are made available." As a reminder, this is not the first international agency that ranks IE's security very low, as Germany's BSI shared a couple of months back a similar study.
Lifehacker's senior technology editor notes that the new vulnerability affects "various permutations of Internet Explorer 9, 10, and 11 across Windows 7, 8.1, and Windows 10 (as well as various editions of Windows Server).

"The bad news is that Microsoft won't likely patch this problem until February -- when the next major batch of security updates hits." But they offer a work-around of their own until then which involves opening an administrative command prompt to restrict access to the deprecated JScript library used by the exploit.

Otherwise, don't click on links from strangers, and if you're using IE switch to Edge. And Microsoft explains what will happen if you used Internet Explorer to visit a web site designed to exploit the vulnerability. "If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system.

"An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."

An anonymous reader quotes a report from Motherboard: The Mozilla Foundation, the non-profit arm of the company known for its privacy-friendly web browser Firefox, released a guide today for helping students navigate ethical issues in the tech industry, in particular, during the recruitment process. The guide advises students not to work for companies that build technology that harms vulnerable communities, and to educate themselves "on governance" inside companies before taking a job. It also discusses unions drives, walkouts, petitions, and other forms of worker organizing.

The guide, which takes the form of a zine titled "With Great Tech Comes Great Responsibility," follows events hosted by the Mozilla Foundation last fall in partnership with six university campuses, including UC Berkeley, N.Y.U., M.I.T., Stanford, UC San Diego, and CSU Boulder. Not so subtly, it calls out Amazon, Palantir, and Google, which have faced backlash in recent months from tech workers as well as students on the campuses where they recruit. "Addressing ethical issues in tech can be overwhelming for students interested in working in tech. But change in the industry is not impossible. And it is increasingly necessary," reads the opening of the 11-page handbook -- citing military contracts, algorithmic bias, inhumane working conditions in warehouses, biased facial recognition software, and intrusive data mining as causes for concern.

The Verge argues that the browser wars "are back, but it's different this time."
The mobile web is broken and unfettered tracking and data sharing have made visiting websites feel toxic, but since the ecosystem of websites and ad companies can't fix it through collective action, it falls on browser makers to use technological innovations to limit that surveillance, however each company that makes a browser is taking a different approach to creating those innovations, and everybody distrusts everybody else to act in the best interest of the web instead of the best interest of their employers' profits... I've been avoiding getting into the precise details of the proposals out there to fix the tracking problem because things are changing so quickly across so many different tracks... Until then, know that there are two important things to know.

First: there are new browser technologies and limits coming that could radically change how ads work and could make it easier for you to protect your privacy no matter what browser you use. Since this is the web, it'll take time, but everybody seems committed. Second: the way many of us think about a Browser War is in terms of marketshare -- and that is the wrong metric this time. There is a browser war, but it won't be won or lost based on who can convince the most people to switch to their browser. Because most people can't or won't switch on the platform that matters: mobile.

In 2020, the desktop is a minor skirmish compared to browsers on phones. On phones, many people aren't really free to choose their browser. That's literally true on the iPhone, which Apple locks down so apps can only use its web rendering technology. And it's for-intents-and-purposes true on Android, where the vast majority of browsers just use Chromium. Yes, there is an Android browser ballot happening in Europe, but it's much too early to know what its effects will be....

The new Browser Wars aren't about who makes the fastest or best browser, they're about whose services you want and whose data policies you trust.

An anonymous reader writes: It's been some 18 months since VentureBeat's last browser benchmark battle. What better time to get the latest results than the start of a new year? Over the past year and a half, Google Chrome has continued to dominate market share, Mozilla Firefox has doubled down on privacy, Microsoft Edge has embraced Chromium, and Brave launched out of beta.

You can click on the individual test to see the results:
SunSpider: Edge wins!
Octane: Chrome wins!
Kraken: Firefox wins!
JetStream: Edge wins!
MotionMark: Edge wins!
Speedometer: Edge wins!
Basemark: Brave wins!
WebXPRT: Firefox wins!

The Chromium version of Edge did a lot better given that the stable release only arrived this week. We were expecting improvements, but not so many outright wins. That said, browser performance was solid across all four contestants -- each browser won at least one test. Performance of course shouldn't be your only consideration when picking your preferred app for consuming internet content. As long as you're using a browser that receives regular updates (and all four of these meet that criteria), you can expect performance to be solid. There is certainly room for improvement, but Chrome, Firefox, and now Edge, as well as Brave, are all quite capable.

According to TechCrunch, Mozilla has laid off about 70 employees today. From the report: In an internal memo, Mozilla chairwoman and interim CEO Mitchell Baker specifically mentions the slow rollout of the organization's new revenue-generating products as the reason for why it needed to take this decision. The overall number may still be higher, though, as Mozilla is still looking into how this decision will affect workers in the UK and France. In 2018, Mozilla Corporation (as opposed to the much smaller Mozilla Foundation) said it had about 1,000 employees worldwide.

Baker says laid-off employees will receive "generous exit packages" and outplacement support. She also notes that the leadership team looked into shutting down the Mozilla innovation fund but decided that it needed it in order to continue developing new products. In total, Mozilla is dedicating $43 million to building new products. "You may recall that we expected to be earning revenue in 2019 and 2020 from new subscription products as well as higher revenue from sources outside of search. This did not happen," Baker writes in her memo. "Our 2019 plan underestimated how long it would take to build and ship new, revenue-generating products. Given that, and all we learned in 2019 about the pace of innovation, we decided to take a more conservative approach to projecting our revenue for 2020. We also agreed to a principle of living within our means, of not spending more than we earn for the foreseeable future."

"As we look to the future, we know we must take bold steps to evolve and ensure the strength and longevity of our mission," Baker adds. "Mozilla has a strong line of sight to future revenue generation, but we are taking a more conservative approach to our finances. This will enable us to pivot as needed to respond to market threats to internet health, and champion user privacy and agency."

Microsoft today launched its new Edge browser based on Google's Chromium open source project. You can download Chromium Edge now for Windows 7, Windows 8, Windows 10, and macOS directly from microsoft.com/edge in more than 90 languages. From a report: Business features aside, there's also support for Chrome-based extensions, 4K streaming, Dolby audio, inking in PDF, and privacy tools. For the last one, it's worth noting that tracking prevention is on by default and offers three levels of control, like Firefox's tracking protection. Chrome extension support is probably the most important feature for most users. By default, extensions that have been ported over to Edge can be downloaded from the Microsoft Store. Chromium Edge also has an option to "Allow extensions from other stores" to get Chrome extensions from the Chrome Web Store. There are still a few features missing from Chromium Edge, most notably history sync and extension sync. Microsoft is working on these and some other inking functionality that it still wants to port from legacy Edge, as Microsoft is calling it. Microsoft also claims that Chromium Edge is "twice as fast as legacy Edge." Curiously, the team isn't making any claims against other browsers -- at least not yet.

In 2018 an associate technology editor at Fast Company's Co.Design wrote an article titled "Why I'm switching from Chrome to Firefox and you should too."

Today shanen shared a similar article from Digital Trends. Their writer announces that after years of experimenting with both browsers, they've also finally switched from Chrome to Mozilla Firefox -- "and you should too." The biggest draw for me was, of course, the fact that Mozilla Firefox can finally go toe-to-toe with Google Chrome on the performance front, and often manages to edge it out as well... Today, in addition to being fast, Firefox is resource-efficient, unlike most of its peers. I don't have to think twice before firing up yet another tab. It's rare that I'm forced to close an existing tab to make room for a new one. On Firefox, my 2015 MacBook Pro's fans don't blast past my noise-canceling headphones, which happened fairly regularly on Chrome as it pushed my laptop's fans to their helicopter-like limits to keep things running. This rare balance of efficiency and performance is the result of the countless under-the-hood upgrades Firefox has rolled out in the last couple of years...

Its Enhanced Tracking Protection framework keeps your identity safe by blocking trackers and cookies that otherwise follow you around the internet and collect sensitive information you probably didn't even know you were giving up. On top of that, Firefox can warn if a website is covertly mining cryptocurrency in the background. Most of these protections kick in by default and you have an exhaustive set of options to customize them the way you want. Firefox also lets you look into just how invasive a website is. It actively updates your personal privacy report so you can check how many trackers it has shut overall and for a specific website...

What really clinched the switch to Mozilla Firefox was the fact that it's the only cross-platform browser that's not running Google's open-source Chromium platform. Microsoft's Edge, Brave, Opera, Vivaldi -- each of these browsers run on Chromium, accelerating Google's dominance over the web even when you're not directly using a Chrome user. Firefox, on the other hand, is powered by Mozilla's in-house Gecko engine that's not dependent on Chromium in any way. It may not seem like as vital of a trait as I make it sound, but it truly is, even though Chromium is open-source. Google oversees a huge chunk of the web, including ads, browser, and search, and this supremacy has allowed the company to pretty much run a monopoly and set its own rules for the open internet...

Mozilla as a company has, despite a rocky journey, often taken bold stances in complex situations. In the Cambridge Analytica aftermath, Mozilla announced it would no longer run Facebook advertisements, cutting off direct marketing to over 2 billion users. In a world of tech companies taking frail, facile shots at protecting user privacy and barely delivering on their commitments, Mozilla is a breath of fresh air and you no longer have to live with any compromises to support it.

Mozilla has warned Firefox users to update their browser to the latest version after security researchers found a vulnerability that hackers were actively exploiting in "targeted attacks" against users. From a report: The vulnerability, found by Chinese security company Qihoo 360, was found in Firefox's just-in-time compiler. The compiler is tasked with speeding up performance of JavaScript to make websites load faster. But researchers found that the bug could allow malicious JavaScript to run outside of the browser on the host computer. In practical terms, that means an attacker can quietly break into a victim's computer by tricking the victim into accessing a website running malicious JavaScript code. But Qihoo did not say precisely how the bug was exploited, who the attackers were, or who was targeted.

Following in Mozilla's footsteps, Google announced today plans to hide notification popup prompts inside Chrome starting next month, February 2020. ZDNet reports: According to a blog post published today, Google plans to roll out a "quieter notification permission UI that reduces the interruptiveness of notification permission requests." The change is scheduled for Google Chrome 80, scheduled for release on February 4, next month.

Starting with Chrome 80 next month, Google's browser will also block most notification popups by default, and show an icon in the URL bar, similar to Firefox. When Chrome 80 launches next month, a new option will be added in the Chrome settings section that allows users to enroll in the new "quieter notification UI." Users can enable this option as soon as Chrome 80 is released, or they can wait for Google to enable it by default as the feature rolls out to the wider Chrome userbase in the following weeks. According to Google, the new feature works by hiding notification requests for Chrome users who regularly dismiss notification prompts. Furthermore, Chrome will also automatically block notification prompts on sites where users rarely accept notifications.

Mozilla today launched Firefox 72 for Windows, Mac, Linux, and Android. Firefox 72 includes fingerprinting scripts blocked by default, less annoying notifications, and Picture-in-Picture video on macOS and Linux. There isn't too much else here, as Mozilla has now transitioned Firefox releases to a four-week cadence (from six to eight weeks).

Mozilla has announced that it's rolling out changes under the California Consumer Privacy Act (CCPA) to all Firefox users worldwide. ZDNet reports: The CCPA, known as America's toughest privacy legislation, came into effect on January 1, 2020, offering Californian users data-protection rules better suited to today's world of data collection. Much like Europe's GDPR, the CCPA gives consumers the right to know what personal information is collected about them and to be able to access it. While the law technically only applies to data processed about residents in California, Microsoft has already announced that it will roll out CCPA rights to all its U.S. users so they can control their data.

The Californian proposal wasn't popular among Silicon Valley tech giants, but Mozilla notes it was one of the few companies to endorse CCPA from the outset. Mozilla has now outlined the key change it's made to Firefox, which will ensure CCPA regulations benefit all its users worldwide. The move would seem to make business sense too, saving Mozilla from having to ship a California-only version of Firefox and another version for the rest of the world. The main change it's introducing is allowing users to request that Mozilla deletes Firefox telemetry data stored on its servers. That data doesn't include web history, which Mozilla doesn't collect anyway, but it does include data about how many tabs were opened and browser session lengths. The new control will ship in the next version of Firefox due out on January 7, which will include a feature to request desktop telemetry data be deleted directly from the browser.

Long-time Slashdot reader UnderAttack writes: DNS over HTTPS has been hailed as part of a "poor mans VPN". Its use of HTTPS to send DNS queries makes it much more difficult to detect and block the use of the protocol.

But there are some kinks in the armor. Current clients, and most current DoH services, do not implement the optional passing option, which is necessary to obscure the length of the requested hostname. The length of the hostname can also be used to restrict which site a user may have access [to].

The Internet Storm Center is offering some data to show how this can be done.
Their article is by Johannes B. Ullrich, Ph.D. and Dean of Research at the SANS Technology Institute.

It notes that Firefox "seems to be the most solid DoH implementation. Firefox DoH queries look like any other Firefox HTTP2 connection except for the packet size I observed." And an open Firefox bug already notes that "With the availability of encrypted DNS transports in Firefox traffic analysis mitigations like padding are becoming relevant."