Sidewalk Labs, Alphabet's smart city subsidiary, released its massive plan Monday to transform a slice of Toronto's waterfront into a high-tech utopia. From a report: Eighteen months in the making and clocking in at 1,524 pages, the plan represents Alphabet's first, high-stakes effort to realize Alphabet CEO Larry Page's long-held dream of a city within a city to experiment with innovations like self-driving cars, public Wi-Fi, new health care delivery solutions, and other city planning advances that modern technology makes possible. Previously, Sidewalk Labs called it "a neighborhood built from the internet up." But on Monday, Sidewalk Labs CEO Dan Doctoroff went a step further to describe it as "the most innovative district in the world."

The plan includes: Ten new buildings of mixed-use development consisting primarily of thousands of new residential units, as well as retail and office spaces, all made from mass timber. A proposal to extend the city's light-rail system to serve the new neighborhood. Redesigning streets to reduce car use and promote biking and walking. Installation of public Wi-Fi, in addition to other sensors to collect "urban data" to better inform housing and traffic decisions, for example. Proposal to reduce greenhouse gases by up to 89 percent. Building the new Canadian headquarters of Google on the western edge of Villiers Island. Further reading: Former Firefox VP on What It's Like To Be Both a Partner of Google and a Competitor via Google Chrome; Sidewalk Labs' 1,500-Page Plan for Toronto Is a Democracy Grenade.

"You open your browser to look at the Web. Do you know who is looking back at you?" warns Washington Post technology columnist Geoffrey A. Fowler: Over a recent week of Web surfing, I peered under the hood of Google Chrome and found it brought along a few thousand friends. Shopping, news and even government sites quietly tagged my browser to let ad and data companies ride shotgun while I clicked around the Web. This was made possible by the Web's biggest snoop of all: Google. Seen from the inside, its Chrome browser looks a lot like surveillance software...

My tests of Chrome vs. Firefox unearthed a personal data caper of absurd proportions. In a week of Web surfing on my desktop, I discovered 11,189 requests for tracker "cookies" that Chrome would have ushered right onto my computer but were automatically blocked by Firefox. These little files are the hooks that data firms, including Google itself, use to follow what websites you visit so they can build profiles of your interests, income and personality... And that's not the half of it. Look in the upper right corner of your Chrome browser. See a picture or a name in the circle? If so, you're logged in to the browser, and Google might be tapping into your Web activity to target ads. Don't recall signing in? I didn't, either. Chrome recently started doing that automatically when you use Gmail.

Chrome is even sneakier on your phone. If you use Android, Chrome sends Google your location every time you conduct a search. (If you turn off location sharing it still sends your coordinates out, just with less accuracy.)
The columnist concludes that "having the world's biggest advertising company make the most popular Web browser was about as smart as letting kids run a candy shop," and argues that through its Doubleclick and other ad businesses, Google "is the No. 1 cookie maker -- the Mrs. Fields of the web."

He also reports that Firefox is now working on ways to block browser "fingerprinting".

An anonymous reader writes: A recent Firefox zero-day that has made headlines across the tech news world this week was actually used in attacks against Coinbase employees, and not the company's users. Furthermore, the attacks used not one, but two Firefox zero-days, according to Philip Martin, a member of the Coinbase security team, which reported the attacks to Mozilla. One was an RCE reported by a Google Project Zero security researcher to Mozilla in April, and the second was a sandbox escape that was spotted in the wild by the Coinbase team together with the RCE, on Monday.

The question here is how an attacker managed to get hold of the details for the RCE vulnerability and use it for his attacks after the vulnerability was privately reported to Mozilla by Google. The attacker could have found the Firefox RCE on his own, he could have bribed a Mozilla/Google insider, hacked a Mozilla/Google employee and viewed details about the RCE, or hacked Mozilla's bug tracker, like another attacker did in 2015.

Google today launched a new Chrome extension that will simplify the process of reporting a malicious site to the Google Safe Browsing team so that it can be analyzed, reviewed, and blacklisted in Chrome and other browsers that support the Safe Browsing API. From a report: Named the Suspicious Site Reporter, this extension adds an icon to the Google Chrome toolbar that when pressed, opens a popup window from where users can file an automatic report for the current site they're on, and which they suspect might be up to no good. "If the site is added to Safe Browsing's lists, you'll not only protect Chrome users but users of other browsers and across the entire web," said Emily Schechter, Chrome Product Manager. The Safe Browsing API is implemented not only in the mobile and desktop versions of Chrome but also in the mobile and desktop versions of Mozilla Firefox and Apple's Safari.

Researchers from Austria's Graz University of Technology "have devised an automated system for browser profiling using two new side channel attacks that can help expose information about software and hardware," reports The Register.

The researchers recently presented a paper titled "JavaScript Template Attacks: Automatically Inferring Host Information for Targeted Exploits," which The Register says "calls into question the effectiveness of anonymized browsing and browser privacy extensions... "

Long-time Slashdot reader Artem S. Tashkinov shared their report: One of the side-channel attacks developed for JavaScript Template Attacks involve measuring runtime differences between two code snippets to infer the underlying instruction set architecture through variations in JIT compiler behavior. The other involves measuring timing differences in the memory allocator to infer the allocated size of a memory region.

The boffins' exploration of the JavaScript environment reveals not only the ability to fingerprint via browser version, installed privacy extension, privacy mode, operating system, device microarchitecture, and virtual machine, but also the properties of JavaScript objects. And their research shows there are far more of these than are covered in official documentation. This means browser fingerprints have the potential to be far more detailed -- have more data points -- than they are now.

The Mozilla Developer Network documentation for Firefox, for example, covers 2,247 browser properties. The researchers were able to capture 15,709. Though not all of these are usable for fingerprinting and some represent duplicates, they say they found about 10,000 usable properties for all browsers.

An anonymous reader shares a report: Firefox users are reporting that their saved passwords have been lost, with the problem seemingly caused by antivirus software rather than being an issue with Firefox itself. Antivirus software such as Avast and AVG appear to be corrupting the file in which Firefox stores passwords, rendering it unreadable. Thankfully, passwords can be recovered, but -- for the time being --- they will be corrupted again when you restart your computer.

An anonymous reader writes: Mozilla today introduced a new Firefox family of logos, a rebranding effort it kicked off more than 18 months ago. For most people, Firefox refers to a browser, but the company now wants the brand to encompass the entire Firefox family of apps and services. "The 'Firefox' you've always known as a browser is stretching to cover a family of products and services united by putting you and your privacy first," Mozilla explained. "Firefox is a browser AND an encrypted service to send huge files. It's an easy way to protect your passwords on every device AND an early warning if your email has been part of a data breach. Safe, private, eye-opening. That's just the beginning of the new Firefox family."

An anonymous reader quotes I Programmer: In an interview by Jan Vollmer for the German online magazine site t3n, Mozilla CEO Chris Beard has confirmed plans to launch Firefox Premium later this year. Answering Vollmer's questions about how Mozilla is currently monetized Beard answered:

We are working on three sources of income and we want to rebalance them: We have Search, but we also make content. We have a company called Pocket that discovers and curates content. There is also sponsored content. This is the content business. And the third one we are working on and developing as we think about products and services are premium levels for some of these offerings. You can imagine something like a secure storage solution.

Prompted to say more about a premium offer, he continued:

We also tested VPN. We can tell if you're on a public Wi-Fi network and want to do online banking and say, "Wow, you really should use VPN." You can imagine we'll offer a solution that gives us all a certain amount of free VPN Bandwidth and then offer a premium level over a monthly subscription. We want to add more subscription services to our mix and focus more on the relationship with the user to become more resilient in business issues.

Later in the interview, when asked when the subscription services might start Beard tries to be reassuring, saying:

So, what we want to clarify is that there is no plan to charge money for things that are now free. So we will roll out a subscription service and offer a premium level. And the plan is to introduce the first one this year, towards fall. We aim for October.

An anonymous reader writes: Google this week released Chrome 75 for Windows, Mac, Linux, Android, and iOS. The release includes hint for low latency canvas contexts, files supported in the Web Share API, numeric separators, and more developer features. [...] Next, files are now supported by the Web Share API. For years, Google has been working to bring native sharing capabilities to the web. The Web Share API allows web apps to invoke the same share dialog box as a native app. The implementation brings a new method and a new shareData property. Numeric literals now allow underscores (_, U+005F) as separators to make them more readable. Underscores can only appear between digits, and consecutive underscores are not allowed. There is also a reader mode that is not enabled by default. From a report: The big feature included with Chrome 75 is the addition of a hidden Reader Mode, similar to the one included with Firefox. This new Reader Mode is not active by default and must be turned on using one of Google Chrome's experimental flags -- which until recently has only been available in the Chrome Canary distribution. To enable and test Chrome's new Reader Mode, users must visit the chrome://flags/#enable-reader-mode section, and enable the Reader Mode option, as in the screenshot below. Chrome for Android includes these two features: 1. Generate strong and unique passwords with Chrome's built-in password manager. 2. Quickly look up your passwords by tapping any password field and using the new keyboard option.

An anonymous reader quotes a report from VentureBeat: Mozilla today announced a slew of privacy improvements. The company has turned on Enhanced Tracking Protection, which blocks cookies from third-party trackers in Firefox, by default. Mozilla has also improved its Facebook Container extension, released a Firefox desktop extension for its rebranded Lockwise password keeper, and updated Firefox Monitor with a dashboard for multiple email addresses.

If you download a fresh copy of Firefox today, Enhanced Tracking Protection will be on by default as part of the Standard setting. That means third-party tracking cookies are blocked without users having to change a thing. You will notice Enhanced Tracking Protection working if there is a shield icon in the address bar. If you click on the shield icon and open the Content Blocking section and then Cookies, you'll see a Blocking Tracking Cookies section. There you can see the companies listed as third-party cookies and trackers that Firefox has blocked. You can also turn off blocking for a specific site. The feature focuses on third-party trackers (the ad industry) while allowing first-party cookies (logins, where you last left off, and so on). Mozilla says it is enabling Enhanced Tracking Protection by default because most users don't change their browser settings.

An anonymous reader writes: Mozilla today announced a slew of privacy improvements. The company has turned on Enhanced Tracking Protection, which blocks cookies from third-party trackers in Firefox, by default. Mozilla has also improved its Facebook Container extension, released a Firefox desktop extension for its rebranded Lockwise password keeper, and updated Firefox Monitor with a dashboard for multiple email addresses. Mozilla added basic Tracking Protection to Firefox 42's private browsing mode in November 2015. The feature blocked website elements (ads, analytics trackers, and social share buttons) based on Disconnect's tracking protection rules. With the release of Firefox 57 in November 2017, Mozilla added an option to enable Tracking Protection outside of private browsing. (Tracking Protection was not turned on by default because it can break websites and cut off revenue streams for content creators who depend on third-party advertising.)

An anonymous reader quotes a report from Thurrott: Microsoft started testing a new Microsoft Edge browser based on Chromium a little while ago. The company has been releasing new canary and dev builds for the browser over the last few weeks, and the preview is actually really great. But if you watch YouTube quite a lot, you will face a new problem on the new Edge. It turns out, Google has randomly disabled the modern YouTube experience for users of the new Microsoft Edge. Users are now redirected to the old YouTube experience, which lacks the modern design as well as the dark theme for YouTube, as first spotted by Gustave Monce. And when you try to manually access the new YouTube from youtube.com/new, YouTube simply asks users to download Google Chrome, stating that the Edge browser isn't supported. Ironically, the same page states "We support the latest versions of Chrome, Firefox, Opera, Safari, and Edge." The change affects the latest versions of Microsoft Edge Canary and Dev channels. It is worth noting that the classic Microsoft Edge based on EdgeHTML continues to work fine with the modern YouTube experience.

Few home-grown Google products have been as successful as Chrome. Launched in 2008, it has more than 63% of the market and about 70% on desktop computers, according to StatCounter data. Mozilla's Firefox is far behind, while Apple's Safari is the default browser for iPhones. Microsoft's Internet Explorer and Edge browsers are punchlines. From a report: Google won by offering consumers a fast, customizable browser for free, while embracing open web standards. Now that Chrome is the clear leader, it controls how the standards are set. That's sparking concern Google is using the browser and its Chromium open-source underpinnings to elbow out online competitors and tilt entire industries in its favor. Most major browsers are now built on the Chromium software code base that Google maintains. Opera, an indie browser that's been used by techies for years, swapped its code base for Chromium in 2013. Even Microsoft is making the switch this year. That creates a snowball effect, where fewer web developers build for niche browsers, leading those browsers to switch over to Chromium to avoid getting left behind.

This leaves Chrome's competitors relying on Google employees who do most of the work to keep Chromium software code up to date. Chromium is open source, so anyone can suggest changes to it, but the majority of programmers who approve contributions are Google employees, and any major disagreements get settled by a small circle of senior Google employees. Chrome is so ascendant these days that web developers often don't bother to test their sites on competing browsers. Google services including YouTube, Docs and Gmail sometimes don't work as well on rival browsers, sending frustrated users to Chrome. Instead of just another ship slicing through the sea of the web, Chrome is becoming the ocean.

An anonymous reader writes: For more than a year, mobile browsers like Google Chrome, Firefox, and Safari failed to show any phishing warnings to users, according to a research paper published this week. "We identified a gaping hole in the protection of top mobile web browsers," the research team said. "Shockingly, mobile Chrome, Safari, and Firefox failed to show any blacklist warnings between mid-2017 and late 2018 despite the presence of security settings that implied blacklist protection." The issue only impacted mobile browsers that sued the Google Safe Browsing link blacklisting technology. The research team -- consisting of academics from Arizona State University and PayPal staff -- notified Google of the problem, and the issue was fixed in late 2018. "Following our disclosure, we learned that the inconsistency in mobile GSB blacklisting was due to the transition to a new mobile API designed to optimize data usage, which ultimately did not function as intended," researchers said.

Mozilla today launched Firefox 67 for Windows, Mac, Linux, and Android. From a report: The 10th release since Mozilla's big Firefox Quantum launch in November 2017 doubles down on performance and privacy. Firefox 67 includes deprioritizing least commonly used features, suspending unused tabs, faster startup, blocking of cryptomining and fingerprinting, Private Browsing improvements, voice input in the Android search widget, and more. [...] Firefox 67 is better at performing tasks at the optimal time, resulting in faster "painting" of the page. Specifically, the browser deprioritizes least commonly used features and delays set Timeout to prioritize scripts for things you need. Mozilla says Instagram, Amazon, and Google searches now execute between 40% and 80% faster. Firefox also now scans for alternative style sheets after page load and doesn't load the auto-fill module unless there is a form to complete. Next, Firefox 67 detects if your computer's memory is running low (under 400MB) and suspends unused tabs. If you do click on a tab that you haven't used or looked at in a while, it will reload where you left off. Finally, Firefox 67 promises faster startup for users that customized their browser with an add-on.

In the wake of the mass disablement of Mozilla Firefox's add-on ecosystem last weekend, Mozilla has committed to improving its asset tracking and developing a mechanism that can quickly push updates to users when needed. From a report: Due to an intermediate certificate expiring on May 4 at 1AM UTC, users found their browser add-ons were switched off and could not be re-enabled. Thanks to timezones and the rotation of the planet, users on the western side of the Pacific were the first hit. Writing in a blog post, Firefox CTO Eric Rescorla detailed some initial thoughts and announced a formal post-mortem would be published next week. "First, we should have a much better way of tracking the status of everything in Firefox that is a potential time bomb and making sure that we don't find ourselves in a situation where one goes off unexpectedly. We're still working out the details here, but at minimum we need to inventory everything of this nature," Rescorla wrote. "Second, we need a mechanism to be able to quickly push updates to our users even when -- especially when -- everything else is down.

Google is set to launch new tools to limit the use of tracking cookies, a move that could strengthen the search giant's advertising dominance and deal a blow to other digital-marketing companies, WSJ reported Monday, citing people familiar with the matter. [Editor's note: the link may be paywalled; alternative source.] From the report: After years of internal debate, Google could as soon as this week roll out a dashboard-like function in its Chrome browser that will give internet users more information about what cookies are tracking them and offer options to fend them off, the people said. This is a more incremental approach than less-popular browsers, such as Apple's Safari and Mozilla's Firefox, which introduced updates to restrict by default the majority of tracking cookies in 2017 and 2018, respectively. Google's move, which could be announced at its developer conference in Mountain View, Calif., starting Tuesday, is expected to be touted as part of the company's commitment to privacy -- a complicated sell, given the torrent of data it continues to store on users -- and press its sizable advantage over online-advertising rivals.

An anonymous reader quotes CNET: "Mozilla on Sunday began distributing new Firefox updates to fix a problem that broke extensions for many browser users on Friday," reports CNET: Mozilla had released an update Saturday, but Sunday's fix should help more people who were still affected. "There are some issues we're still working on, but we wanted to get this release out and get your add-ons back up & running before Monday," Mozilla said in a tweet Sunday... "No active steps need to be taken to make add-ons work again. In particular, please do not delete and/or reinstall any add-ons as an attempt to fix the issue," Kev Needham, Mozilla's product manager for add-ons, said in a blog post about the problem.

"When you turn on the setting in your browser that says 'Do Not Track', you probably expect to no longer be tracked on most websites you visit. Right? Well, you would be wrong," explains DuckDuckGo's blog.

Their recent study found "a quarter of people have turned on this setting" -- representing hundreds of millions of web surfers -- and that most of them were unaware that in fact, "no law requires websites to respect your Do Not Track signals, and the vast majority of sites, including most all of the big tech companies, sadly choose to simply ignore them."

Now they've written draft legislation -- "the Do-Not-Track Act of 2019" -- to "serve as a starting point" for legislators to close this loophole. SearchEngineLand reports: If the act picks up steam and passes into law, sites would be required to cease certain user tracking methods, which means less data available to inform marketing and advertising campaigns. The impact could also cascade into platforms that leverage consumer data, possibly making them less effective. For example, one of the advantages of advertising on a platform like Google or Facebook is the ability to target audiences. If a user enables DNT, the ads displayed to them when browsing those websites won't be informed by their external browsing history...

This proposal is quite far from being signed into law, but the technology is already built into Chrome, Firefox, Opera, Edge and Internet Explorer. With the adoption of GDPR just a year behind us and presidential candidate Elizabeth Warren's proposed legislation to regulate "big tech companies" drawing more attention to digital privacy issues in Washington, the Do-Not-Track Act could be a realistic outcome.
DuckDuckGo says they're announcing their draft legislation because "It is extremely rare to have such an exciting legislative opportunity like this, where the hardest work -- coordinated mainstream technical implementation and widespread consumer adoption -- is already done....

"We hope the Do-Not-Track Act of 2019 serves as a useful guide to start thinking seriously about this amazing legislative opportunity."

Did you just open Firefox only to find all of your extensions disabled and/or otherwise not working? You're not alone, and it's nothing you did. From a report: Reports are pouring in of a glitch that has spontaneously disabled effectively all Firefox extensions. Each extension is now being listed as a "legacy" extension, alongside a warning that it "could not be verified for use in Firefox and has been disabled." A ticket submitted to Mozilla's Bugzilla bug tracker first hit at around 5:40 PM Pacific, and suggests the sudden failure is due to a code signing certificate built into the browser that expired just after 5 PM (or midnight on May 4th in UTC time). Because the glitch stems from an underlying certificate, re-installing extensions won't work -- if you try, you'll likely just be met with a different error message. Getting extensions back for everyone is going to require Mozilla to issue a patch.
UPDATE (5/5/2019): On Sunday Firefox released the second of two weekend updates to address the problem, tweeting that "There are some issues we're still working on, but we wanted to get this release out and get your add-ons back up & running before Monday."