An anonymous reader writes: Mozilla developers are working on adding an automatic page translation feature to Firefox, similar to the one included in Google Chrome. However, Firefox's page translation feature will be different from the one supported in Google Chrome. Instead of relying on cloud-based text translation services (like Google Translate, Bing Translator, or Yandex.Translate), Firefox will use a client-side, machine learning-based translation library, currently being developed part of the Bergamot Project, which received $3.35 million in EU funding from the European Union's Horizon 2020 research and innovation programme.

An anonymous reader writes: Mozilla today launched Firefox 70 for Windows, Mac, Linux, Android, and iOS. Firefox 70 includes social tracking protection, a Privacy Protections report, new Lockwise features, and performance improvements on Windows and macOS. Firefox 70 for desktop is available for download now on Firefox.com, and all existing users should be able to upgrade to it automatically. The Android version is trickling out slowly on Google Play and the iOS version is on Apple's App Store. According to Mozilla, Firefox has about 250 million active users, making it a major platform for web developers to consider. With Firefox 70, Mozilla now also includes social tracking protection under the Standard setting. It blocks cross-site tracking cookies from sites like Facebook, Twitter, and LinkedIn.

If you plan on streaming content from the new Disney+ streaming service on Linux devices, you'll likely be greeted with Error Code 83. Fedora Linux package maintainer Hans De Goede from the Netherlands first made the unpleasant discovery. gHacks reports: De Goede noticed that Disney+ would not work in any of the web browsers that he tried on systems running Fedora Linux. He tried Firefox and Chrome, and both times Disney+ threw the error "error code 83." Disney+ Support was not able to assist de Goede. It replied with a generic message stating that the error was known and that it happened often when customers tried to play Disney+ in web browsers or using certain devices. Support recommended to use the official applications on phones or tablets to watch the shows or movies. Other streaming services, e.g. Netflix, work fine on Linux.

A user on the Dutch site Tweakers dug deeper and uncovered the response code that the site returned when a device or browser was used that could not be used to play streams. According to the information, error code 83 means that the platform verification status is incompatible with the security level. Disney uses the DRM solution Widevine to protect its streams from unauthorized activity. Widevine supports three different security levels, called 1, 2 and 3, which have certain requirements. The supported level determines the maximum stream quality and may even prevent access to a stream if the requirements are not met. It appears that Disney set Widevine to a more restrictive level than its competitors. The decision affects Disney+ on Linux devices and on other devices that don't support the selected Widevine security standard.

CNET reports on a new crowdsourced public awareness campaign: Mozilla is publishing anecdotes of YouTube viewing gone awry -- anonymous stories from people who say they innocently searched for one thing but eventually ended up in a dark rabbit hole of videos. It's a campaign aimed at pressuring Google's massive video site to make itself more accessible to independent researchers trying to study its algorithms. "The big problem is we have no idea what is happening on YouTube," said Guillaume Chaslot, who is a fellow at Mozilla, a nonprofit best known for its unit that makes and operates the Firefox web browser.

Chaslot is an ex-Google engineer who has investigated YouTube's recommendations from the outside after he left the company in 2013. (YouTube says he was fired for performance issues.) "We can see that there are problems, but we have no idea if the problem is from people being people or from algorithms," he said....

Mozilla is publishing 28 stories it's terming #YouTubeRegrets; they include, for example, an anecdote from someone who who said a search for German folk songs ended up returning neo-Nazi clips, and a testimonial from a mother who said her 10-year-old daughter searched for tap-dancing videos and ended up watching extreme contortionist clips that affected her body image.

Following the beta period, one of the best and most popular Linux-based desktop operating systems reaches a major milestone -- you can now download Ubuntu 19.10! Code-named "Eoan Ermine", the distro is better and faster then ever. From a report: By default, Ubuntu 19.10 comes with one of the greatest desktop environments -- GNOME 3.34. In addition, users will be delighted by an all-new optional Yaru light theme. There is even baked-in support for the Raspberry Pi 4. The kernel is based on Linux 5.3 and comes with support for AMD Navi GPUs. There are plenty of excellent pre-installed programs too, such as LibreOffice 6.3, Firefox 69, and Thunderbird 68. While many users will be quick to install Google Chrome, I would suggest giving Firefox a try -- it has improved immensely lately. "With GNOME 3.34, Ubuntu 19.10 is the fastest release yet with significant performance improvements delivering a more responsive and smooth experience, even on older hardware. App organization is easier with the ability to drag and drop icons into categorized folders, while users can select light or dark Yaru theme variants depending on their preference or for improved viewing accessibility. Native support for ZFS on the root partition is introduced as an experimental desktop installer option. Coupled with the new zsys package, benefits include automated snapshots of file system states, allowing users to boot to a previous update and easily roll forwards and backwards in case of failure," says Canonical.

An anonymous reader quotes a report from ZDNet: Firefox is the only browser that received top marks in a recent audit carried out by Germany's cyber-security agency -- the German Federal Office for Information Security (or the Bundesamt fur Sicherheit in der Informationstechnik -- BSI). The BSI tested Mozilla Firefox 68 (ESR), Google Chrome 76, Microsoft Internet Explorer 11, and Microsoft Edge 44. The tests did not include other browsers like Safari, Brave, Opera, or Vivaldi. The audit was carried out using rules detailed in a guideline for "modern secure browsers" that the BSI published last month, in September 2019. The BSI normally uses this guide to advise government agencies and companies from the private sector on what browsers are safe to use. The article includes a list of all the minimum requirements required for the BSI to consider a browser "secure." It also lists the areas where the other browsers failed, such as: Lack of support for a master password mechanism (Chrome, IE, Edge); No built-in update mechanism (IE), and No option to block telemetry collection (Chrome, IE, Edge).

An anonymous reader writes: The Mozilla Developer Network just launched their own video channel on YouTube this week. There's currently seven videos, offering tutorials like "The Secret Button to get Three Panels of Developer Tools" and "Coding a Dark Mode for your web site."

And tweets from a Mozilla Community Lead suggest it may soon feature something from the View Source Conference in Amsterdam.

An anonymous reader quotes ZDNet: A Russian cyber-espionage hacker group has been spotted using a novel technique that involves patching locally installed browsers like Chrome and Firefox in order to modify the browsers' internal components. The end goal of these modifications is to alter the way the two browsers set up HTTPS connections, and add a per-victim fingerprint for the TLS-encrypted web traffic that originates from the infected computers...

According to a Kaspersky report published this week, hackers are infecting victims with a remote access trojan named Reductor, through which they are modifying the two browsers. This process involves two steps. They first install their own digital certificates to each infected host. This would allow hackers to intercept any TLS traffic originating from the host. Second, they modify the Chrome and Firefox installation to patch their pseudo-random number generation (PRNG) functions. These functions are used when generating random numbers needed for the process of negotiating and establishing new TLS handshakes for HTTPS connections.

Turla hackers are using these tainted PRNG functions to add a small fingerprint at the start of every new TLS connection.
The attack is being attributed to Turla, "a well-known hacker group believed to operate under the protection of the Russian government," ZDNet reports. And though the remote-access trojan already grants full control over a victim's device, one theory is the modified browsers offer "a secondary surveillance mechanism" if that trojan was discovered and removed. Researchers believe the malware is installed during file transfers over HTTP connections, suggesting an ISP had been compromised, according to the article.

"A January 2018 report from fellow cyber-security firm ESET revealed that Turla had compromised at least four ISPs before, in Eastern Europe and the former Soviet space, also with the purpose of tainting downloads and adding malware to legitimate files."

"On Friday, Gizmodo uncovered shocking new evidence that Facebook is using its platform to suppress stories about CEO Mark Zuckerberg..." reports Gizmodo, adding "or maybe his janky, busted-ass website is just bugging out again for no reason. It's hard to say, really. That's sort of the problem..." For some reason, a story about Zuckerberg we posted to our Facebook page was hidden from many readers. The post was fully visible through web browsers in incognito mode, but an unclear percentage of users were told, "Sorry, this content is not available," when they tried to view it while signed in. In short, lots of people (including several Gizmodo staffers and at least one of their parents) could not see the story.

By Friday afternoon, the issue seemed to resolve itself just as mysteriously. Was it a bug, a moderation error, or something more nefarious? Personally, I find it hard to imagine Zuckerberg furiously refreshing Gizmodo's page, just waiting to slam the giant red button on his desk labeled "WRONGTHINK." But it's easy to see why some people believe similar (if less cinematic) conspiracy theories. When Facebook acts strangely -- which is fairly often! -- users have to draw their own conclusions about what's happening. Like most big tech companies, Facebook doesn't offer a phone number to call if you're having issues. If you want a response from a social network about your specific problem, your best bet is to be a journalist, a celebrity, or someone else with the power to give headaches. To understand their experiences with social media, then, most people are left with two choices: trust the system (lol) or develop their own, potentially very wacky, explanations...

Some may believe -- as Zuckerberg himself seems to -- that companies like Facebook are just too big to explain every little thing they do to their millions of users. Maybe so, but is it any surprise, then, that no one fucking trusts them?

Google's plans to implement DNS over HTTPS in Chrome are being investigated by a committee in the U.S. House of Representatives, while the Justice Department has "recently received complaints" about the practice, according to the Wall Street Journal.

An anonymous reader quotes Engadget: While Google says it's pushing for adoption of the technology to prevent spying and spoofing, House investigators are worried this would give the internet giant an unfair advantage by denying access to users' data. The House sent a letter on September 13th asking if Google would use data handled through the process for commercial purposes... Internet service providers are worried that they may be shut out of the data and won't know as much about their customers' traffic patterns. This could "foreclose competition in advertising and other industries," an alliance of ISPs told Congress in a September 19th letter...

Mozilla also wants to use the format to secure DNS in Firefox, and the company's Marshall Erwin told the WSJ that the antitrust gripes are "fundamentally misleading." ISPs are trying to undermine the standard simply because they want continued access to users' data, Erwin said. Unencrypted DNS helps them target ads by tracking your web habits, and it's harder to thwart DNS tracking than cookies and other typical approaches.

"Despite looking to make DNS-over-HTTPS the default for its American users, Mozilla has assured culture secretary Nicky Morgan that this won't be the case in the UK," reports Gizmodo: DNS-over-HTTPS has been fairly controversial, with the Internet Services Providers Association nominating Mozilla for an 'Internet Villain' over the whole thing, saying it will "bypass UK filtering obligations and parental controls, undermining internet safety standards in the UK."

In his letter to Morgan, Mozilla vice president of global policy, trust and security, Alan Davidson, stressed that the company "has no plans to turn on our DNS-over-HTTPS feature by default in the United Kingdom and will not do so without further engagement with public and private stakeholders". He did add that Mozilla does "strongly believe that DNS-over-HTTPS would offer real security benefits to UK citizens. The DNS is one of the oldest parts of the internet's architecture, and remains largely untouched by efforts to make the web more secure.

"Because current DNS requests are unencrypted, the road that connects your citizens to their online destination is still open and used by bad actors looking to violate user privacy, attack communications, and spy on browsing activity. People's most personal information, such as their health-related data, can be tracked, collected, leaked and used against people's best interest. Your citizens deserve to be protected from that threat."

HTTP/3, the next major iteration of the HTTP protocol, is getting a big boost today with support added in Cloudflare, Google Chrome, and Mozilla Firefox. From a report: Starting today, Cloudflare announced that customers will be able to enable an option in their dashboards and turn on HTTP/3 support for their domains. That means that whenever users visit a Cloudflare-hosted website from an HTTP/3-capable client, the connection will automatically upgrade to the new protocol, rather than being handled via older versions. On the browser side, Chrome Canary added support for HTTP/3 earlier this month. Users can enable it by using the Chrome command-line flags of "--enable-quic --quic-version=h3-23". In addition, Mozilla too announced it would roll out support for HTTP/3. The browser maker is scheduled to ship HTTP/3 in an upcoming Firefox Nightly version later this fall.

Mozilla announces in a blog post: We typically ship a major Firefox browser (Desktop and Android) release every 6 to 8 weeks. Building and releasing a browser is complicated and involves many players. To optimize the process, and make it more reliable for all users, over the years we've developed a phased release strategy that includes 'pre-release' channels: Firefox Nightly, Beta, and Developer Edition. With this approach, we can test and stabilize new features before delivering them to the majority of Firefox users via general release.

And today we're excited to announce that we're moving to a four-week release cycle! We're adjusting our cadence to increase our agility, and bring you new features more quickly. In recent quarters, we've had many requests to take features to market sooner. Feature teams are increasingly working in sprints that align better with shorter release cycles. Considering these factors, it is time we changed our release cadence. Starting Q1 2020, we plan to ship a major Firefox release every 4 weeks. Firefox ESR release cadence (Extended Support Release for the enterprise) will remain the same. In the years to come, we anticipate a major ESR release every 12 months with 3 months support overlap between new ESR and end-of-life of previous ESR. The next two major ESR releases will be ~June 2020 and ~June 2021.

Mozilla has quietly launched a new product for enterprise customers: Ability to buy paid premium support for Firefox. From a report: The premium enterprise support for Firefox costs $10 per supported installation and offers customers the ability to submit bugs privately, get critical security bug fixes, get access to a private customer portal, get access to the enterprise critical issues distribution list, and have the ability to contribute to Firefox and its roadmap. According to Mozilla, it will support Firefox installations as long as they are running on machines that meet the system requirements. Windows, Mac, and Linux based operating systems are listed in the systems requirements so all platforms should be covered by the premium support.

Google has announced plans to test the new DNS-over-HTTPS (DoH) protocol inside Google Chrome starting with v78, scheduled for release in late October this year. From a report: The DNS-over-HTTPS protocol works by sending DNS requests to special DoH-compatible DNS resolvers. The benefit comes from the fact that DNS requests are sent via port 443, as encrypted HTTPS traffic, rather than cleartext, via port 53. This hides DoH requests in the unending stream of HTTPS traffic that moves across the web at any moment of the day and prevents third-party observers from tracking users' browsing histories by recording and looking at their unencrypted DNS data. The news that Google is looking into testing DoH in Chrome comes just as Mozilla announced plans over the weekend to gradually enable DoH by default for a small subset of users in the US later this month.

Mozilla is resurrecting its recently expunged Test Pilot program with a renewed focus on privacy-focused tools and products. The Firefox developer today lifted the lid on the first product to emerge from the new Test Pilot, and it appears to be something akin to a virtual private network (VPN) in all but name. From a report: Firefox Private Network, as the new tool is called, is available in beta today for logged-in Firefox desktop users in the U.S. only, and is accessible through a browser extension. By way of a quick recap, Mozilla debuted Firefox Test Pilot a decade ago but then relaunched it back in 2016. Test Pilot went on to attain an average of 100,000 daily users, each looking to test Mozilla's latest developments -- including a price-tracking feature for online shoppers, content recommendations based on browsing activity, and more.

Some of these became full-fledged features within Firefox and others did not, but back in January Mozilla announced it was killing its Test Pilot program altogether. This came as something of a surprise given Mozilla's own statements about the success of the program. At the time, Mozilla said it was "evolving" its approach to experimentation and suggested it was looking to ideate more widely across the company. Fast-forward nine months, and Firefox Test Pilot is back for a third time.

This month Firefox will make DNS over encrypted HTTPS the default for the U.S., with a gradual roll-out starting in late September, reports Engadget: Your online habits should be that much more private and secure, with fewer chances for DNS hijacking and activity monitoring.

Not every request will use HTTPS. Mozilla is relying on a "fallback" method that will revert to your operating system's default DNS if there's either a specific need for them (such as some parental controls and enterprise configurations) or an outright lookup failure. This should respect the choices of users and IT managers who need the feature turned off, Mozilla said. The team is watching out for potential abuses, though, and will "revisit" its approach if attackers use a canary domain to disable the technology.
Users will be given the option to opt-out, explains Mozilla's official announcement. "After many experiments, we've demonstrated that we have a reliable service whose performance is good, that we can detect and mitigate key deployment problems, and that most of our users will benefit from the greater protections of encrypted DNS traffic."

"We feel confident that enabling DNS-over-HTTPS by default is the right next step."

New submitter q4Fry writes: When Google released its changes to the Chrome WebExtensions API for comment, many groups criticized them for cutting off ad-blockers at the knees. Now, Mozilla has released its plan for following (and departing from) the APIs that Chrome may adopt.

Mozilla has switched on Firefox's tracking protection feature for everyone on Windows and Android, dialing up its effort to protect privacy from website publishers and advertisers that would like to keep tabs on your online behavior. From a report: Mozilla enabled tracking protection for new Firefox users in June, but now it's on for everyone, the nonprofit said Tuesday. Tracking protection is all the rage among browser makers, including Apple's Safari, Brave Software's Brave and Microsoft's new Chromium-based Edge. Even Google's Chrome, long the laggard among major browsers, is starting to tackle the problem. It's a thorny issue for websites and advertisers that seek to improve advertising revenue by targeting ads based on their assessment of your interests. "Currently over 20% of Firefox users have Enhanced Tracking Protection on. With today's release, we expect to provide protection for 100% of ours users by default," Mozilla said in a blog post Tuesday.

Mozilla teased today an upcoming update for Firefox on macOS that it says will reduce power consumption by a factor of up to three. From a report: The primary beneficiaries of this upcoming update are Macbook users, who can now expect longer battery lives while using Firefox. Firefox's increased battery consumption has been a problem for Mozilla, and a black stain on the Firefox Quantum release -- a revamped, performance-centric version of the older Firefox browser. While Firefox Quantum has received praises for its increased page loading speeds, Macbook users haven't been that delighted, especially when they're mobile and have to rely on the notebook's battery as long as possible.