Mozilla today launched Firefox 63 for Windows, Mac, Linux, and Android. The release brings Enhanced Tracking Protection, performance improvements on Windows and macOS, search shortcuts, and Picture-In-Picture on Android. From a report: Firefox 63 for the desktop is available for download now on Firefox.com, and all existing users should be able to upgrade to it automatically. As always, the Android version is trickling out slowly on Google Play. According to Mozilla, Firefox has about 300 million active users. In other words, it's a major platform that web developers must consider. Firefox 63 for desktop brings support for Enhanced Tracking Protection. [...] Firefox 63's Enhanced Tracking Protection blocks cookies and storage access from third-party trackers, which Mozilla says targets the problem of cross-site tracking without breaking sites and impacting revenue streams like the original Tracking Protection. It does this by preventing known trackers from setting third-party cookies -- the primary method of tracking across sites -- but still gives you the option to block all known trackers (under Firefox Options/Preferences).

[...] Search shortcuts essentially pins sites like Google and Amazon on the new tab page. When you click or tap them, you're redirected to Firefox's awesome bar, which automatically fills the corresponding keyword (@google or @amazon in this case) for the search engine. This way, you can type your query, hit enter, and get your search results without having to first load the Google or Amazon homepage. [...] The only major new feature for this Firefox for Android release is a picture-in-picture mode (Android Oreo and up). This means that if you're watching a video in full-screen, when you switch away from Firefox it will move the video into a small floating window, which you can tap to return to the full video player.

Mozilla is reportedly preparing to offer a VPN service for Firefox users to help protect them when surfing the web. According to Trusted Reviews, Mozilla has partnered with the ProtonVPN service, "with a new notification piping-up when the browser detects an unsecured connection, or in a scenario when VPN might be preferable to users." From the report: However, it appears Firefox users will have to pay for the privilege. Austrian site Soeren-hentzschel reports the premium VPN service will be $10 a month, which is what ProtonVPN charges its users. Users will receive a "Firefox Recommends" pop-up when browsing an unsecured wireless network. The pop-up says the VPN service will provide a "private and secure' internet connection. According to the reports, a subset of Firefox 62 users in the United States will begin receiving the pop-up from today. Mozilla will reportedly get a cut of any subscription fee handed over by users to access the VPN service. MSPowerUser points out that this will be the first advertised service that costs money for Firefox users.

Microsoft today said it plans to disable support for Transport Layer Security (TLS) 1.0 and 1.1 in Edge and Internet Explorer browsers by the first half of 2020. From a report: "January 19th of next year marks the 20th anniversary of TLS 1.0, the inaugural version of the protocol that encrypts and authenticates secure connections across the web," said Kyle Pflug, Senior Program Manager for Microsoft Edge. "Two decades is a long time for a security technology to stand unmodified," he said. "While we aren't aware of significant vulnerabilities with our up-to-date implementations of TLS 1.0 and TLS 1.1 [...] moving to newer versions helps ensure a more secure Web for everyone."

The move comes as the Internet Engineering Task Force (IETF) -- the organization that develops and promotes Internet standards -- is hosting discussions to formally deprecated both TLS 1.0 and 1.1. Microsoft is currently working on adding support for the official version of the recently-approved TLS 1.3 standard. Edge already supports draft versions of TLS 1.3, but not yet the final TLS 1.3 version approved in March, this year. Microsoft engineers don't seem to be losing any sleep over their decision to remove both standards from Edge and IE. The company cites public stats from SSL Labs showing that 94 percent of the Internet's sites have already moved to using TLS 1.2, leaving very few sites on the older standard versions. "Less than one percent of daily connections in Microsoft Edge are using TLS 1.0 or 1.1," Pflug said, also citing internal stats. You can check public stats on the usage of TLS 1.0 and 1.1 here.

The head of the Mozilla Foundation, Mitchell Baker, is warning that companies need to diversify their hiring practices to include more people from backgrounds in philosophy and psychology if they want to tackle the problem of misinformation online. He also "warned that hiring employees who mainly come from Stem -- science, technology, engineering and maths -- will produce a new generation of technologists with the same blindspots as those who are currently in charge, a move that will 'come back to bite us,'" reports the Guardian. From the report: "Stem is a necessity, and educating more people in Stem topics clearly critical," Baker told the Guardian. "Every student of today needs some higher level of literacy across the Stem bases. "But one thing that's happened in 2018 is that we've looked at the platforms, and the thinking behind the platforms, and the lack of focus on impact or result. It crystallized for me that if we have Stem education without the humanities, or without ethics, or without understanding human behavior, then we are intentionally building the next generation of technologists who have not even the framework or the education or vocabulary to think about the relationship of Stem to society or humans or life."

"Stem is a necessity, and educating more people in Stem topics clearly critical," Baker told the Guardian. "Every student of today needs some higher level of literacy across the Stem bases. "But one thing that's happened in 2018 is that we've looked at the platforms, and the thinking behind the platforms, and the lack of focus on impact or result. It crystallized for me that if we have Stem education without the humanities, or without ethics, or without understanding human behavior, then we are intentionally building the next generation of technologists who have not even the framework or the education or vocabulary to think about the relationship of Stem to society or humans or life."

Starting with Firefox 64, RSS/Atom feed support will be handled via add-ons, rather than in-product. Mozilla's Gijs Kruitbosch writes: After considering the maintenance, performance and security costs of the feed preview and subscription features in Firefox, we've concluded that it is no longer sustainable to keep feed support in the core of the product. While we still believe in RSS and support the goals of open, interoperable formats on the Web, we strongly believe that the best way to meet the needs of RSS and its users is via WebExtensions.

With that in mind, we have decided to remove the built-in feed preview feature, subscription UI, and the "live bookmarks" support from the core of Firefox, now that improved replacements for those features are available via add-ons.

By virtue of being baked into the core of Firefox, these features have long had outsized maintenance and security costs relative to their usage. Making sure these features are as well-tested, modern and secure as the rest of Firefox would take a surprising amount of engineering work, and unfortunately the usage of these features does not justify such an investment: feed previews and live bookmarks are both used in around 0.01% of sessions.

Firefox has joined Google's WebP party, another endorsement for the internet giant's effort to speed up the web with a better image format. From a report: Google revealed WebP eight years ago and since then has built it into its Chrome web browser, Android phone software and many of its online properties in an effort to put websites on a diet and cut network data usage. But Google had trouble encouraging rival browser makers to embrace it. Mozilla initially rejected WebP as not offering enough of an improvement over more widely used image formats, JPEG and PNG. It seriously evaluated WebP but chose to try to squeeze more out of JPEG. But now Mozilla -- like Microsoft with its Edge browser earlier this week -- has had a change of heart. "Mozilla is moving forward with implementing support for WebP," the nonprofit organization said. WebP will work in versions of Firefox based on its Gecko browser engine, Firefox for personal computers and Android but not for iOS.

Mozilla announced today a new recovery option for Firefox Accounts, the user system included inside the Firefox browser. ZDNet: Starting today, users can generate a one-time recover key that will be associated with their account, and which they can use to regain access to Firefox data if they ever forget their passwords. Firefox Accounts is included with all recent versions of the Firefox browser.

Most users are familiar with it because of Firefox Sync, the system that synchronizes Firefox data such as passwords, browsing history, open tabs, bookmarks, installed add-ons, and general browser options between multiple Firefox instances. But while Sync does the actual synchronization, Firefox Accounts is at the core of Sync and is the system that manages the identities of Firefox users. Sync works by taking a user's Firefox account password and encrypting the user's browser data on the local computer.

Vivaldi announced Wednesday it has released a major update to its namesake desktop web browser, remaining as one of the rare companies that is still attempting to fight Google's monopoly in the space. Major features in Vivaldi 2.0 include: Syncing browsers across computers:Version 2.0 allows users to sync data, including bookmarks, passwords, autofill information, and history. Vivaldi uses its own servers to store the data, which is all encrypted end-to-end.
Panels: These are expandable, multi-tasking dashboards that can be opened in the sidebar.
Tab management: Additional features are included that allow for better searching through tabs, stacking them, and even renaming them.
History: Offers new ways to track your usage, including generating statistics and a visual history feature. Vivaldi was founded by Jon von Tetzchner, who also co-founded Opera and served as its chief executive for a number of years. Jon has been vocal about what many find unfair tactics employed by Google and Microsoft to aggressively expand the user bases of their respective browsers. Slashdot had a chance to speak with Jon recently: Slashdot: One of the biggest complaints that people have about browsers today is just how much memory they consume. Is it a lost-cause? What is Vivaldi doing to address this?
Jon: This is very true. Browsers can use a lot of memory. We have worked hard to reduce that load. The most important thing we have done there is the lazy loading of tabs. When you have a lot of tabs, you use a lot of memory, but with Vivaldi, we will only load the tabs once you need them. We also have the ability to hibernate background tabs, by right clicking the tab bar, which will free up a lot of memory. Besides this we are always looking at how to make the browser use less memory and be faster. There is a lot of details there, but with the feedback from our users, we continue to improve every single part of the browser.

Slashdot: You are offering a browser, and a web email client and service provider. Is Vivaldi attempting to offer a catalog of services? And if so, what more could we expect from the company in the long-term?
Jon: The focus for us is the browser, but we believe the browser should be able to do more than it does today, so we will continue to expand on the features we offer in the browser. We have been open about the fact that we aim to provide an email client in the browser, but that will come in the future, but we are, as you pointed out, providing the free email service. This is in addition to our free blog, forums and sync service. We feel there is a need for these services, free from ads and free from building of super profiles. Our free webmail service is thus without ads and we do not scan mails, except for spam and viruses. We will continue to add services to support the browser or where we feel a service supplements the browser in a good way.

Slashdot: You have been vocal about some of the tactics Google and Microsoft use to promote their own browsers. Following the news cycle, we don't think things have changed much. What's your view on it?
Jon: No, sadly things have not changed much. Microsoft continues to push their browser in their operating system, at times taking over the default browser as well. They also block competing browsers on their Windows 10S. Google sadly blocks some competing browsers from using their services, even browsers such as Vivaldi, that is based on Chromium. We need to change our identity when visiting many Google services. I guess my feeling is that those large companies should not and should not need to behave this way.

Slashdot: Chrome continues to be a market leader. Firefox, despite some of its recent changes, has lost some of the market. How hard is it for a browser company to survive these days? And why is it important that someone continues to fight back?
Jon: We all know that browser choice is a good thing, even more so than for most other products. The browser is your view into the Internet and we all spend a lot of time there. Healthy competition means product innovation and lower prices (this is not only about the price of the product, but also what you have to give up in other ways, such as your private information). Monopolies tend slow down innovation and also there is a tendency for them to use their position in one market to attack another.
It is not trivial to compete with these large corporations, but it is something we enjoy. We fight for our users and for the future of the Internet. That is definitely something worth fighting for.

Slashdot: Are you folks still working on a mobile browser?
Jon: Indeed we are. We aim to get it out there as soon as we can. We are ramping up the team after then 2.0 release to move faster. Further reading: The Next Web, and VentureBeat.

Earlier this year, Mozilla announced Firefox Monitor, a service that will inform you if your online accounts were hacked in a recent data breach. It's now available to general public. A report adds: For the new security-focused tool, Mozilla partnered with Troy Hunt, the renowned security expert behind Have I Been Pwned? (HIBP), which is a database of data breaches that allows anyone to discover whether one of their online accounts has been compromised. The first iteration of Firefox Monitor is, for all intents and purposes, a clone of HIBP. After you enter your email address and hit the scan button, you're told which online services have leaked your personal details (if any). You can also sign up to be notified of any future data breaches involving one or more of your email addresses.

Earlier last week, several users with a new Windows 10 build reported that they were seeing a warning when they attempted to install Chrome or Firefox browser. It turns out, Microsoft has listened to the complaints and is reversing course. CNET reports: A new "fast-ring" test version of Windows, Insider Preview Build 17760, no longer interrupts the installation of rival browsers, a CNET test shows. Earlier this week, an earlier test version of Windows would warn people who tried to install the Chrome, Firefox, Opera or Vivaldi web browsers, "You already have Microsoft Edge -- the safer, faster browser for Windows 10." The dialog box presented two options: "Open Microsoft Edge" -- the default -- and "Install anyway." The feature raised some hackles and brought back memories of Microsoft's strong-arm tactics promoting its old Internet Explorer browser in the first browser wars two decades ago. But Microsoft isn't alone in such tactics: Google promotes its Chrome browser as faster and safer to people who visit its own websites with other browsers.

RoccamOccam writes: WebRender, an experimental GPU-based renderer for web content, written in Rust, is now enabled by default for Firefox Nightly users on desktop Windows 10 with Nvidia GPUs. The announcement was made on the mailing list.

Lin Clark provides an excellent overview of WebRender and, states, "with WebRender, we want apps to run at a silky smooth 60 frames per second (FPS) or better no matter how big the display is or how much of the page is changing from frame to frame. And it works. Pages that chug along at 15 FPS in Chrome or today's Firefox run at 60 FPS with WebRender.

In describing the WebRender approach Clark, asks, "what if we removed this boundary between painting and compositing and just went back to painting every pixel on every frame? This may sound like a ridiculous idea, but it actually has some precedent. Modern day video games repaint every pixel, and they maintain 60 frames per second more reliably than browsers do. And they do it in an unexpected way instead of creating these invalidation rectangles and layers to minimize what they need to paint, they just repaint the whole screen."

An anonymous reader shares a report: If you open Edge and search for "Chrome" or "Firefox" using Bing, Edge's default search engine, you'll be presented with a massive banner informing you that "Microsoft Edge is the faster, safer browser on Windows 10 and is already installed on your PC." Four boxes below then show you how Edge lets you browse longer, and faster, offers built-in protection and built-in assistance. If that doesn't stop you, then Microsoft has a new, much nastier trick up its sleeve -- when you go to install Firefox or Chrome it intercepts the action and pops up a window promoting Edge with the same line about how its browser is faster and safer. It then gives you a blue button to click to open Edge, or a grey one you can click to install the browser you actually want to use. Oh, and this window will keep appearing, unless you go into Settings and stop Windows 10 from offering you app "recommendations."
UPDATE (9/15/18): "After massive backlash by users against this move, Microsoft has finally decided to eliminate the warning message," reports Neowin.

Further reading: Creator of Opera Says Google Deliberately Undermined His New Vivaldi Web Browser.

An anonymous reader writes: Zerodium, a company that buys and sells vulnerabilities in popular software, has published details today on Twitter about a zero-day vulnerability in the Tor Browser, a Firefox-based browser used by privacy-conscious users for navigating the web through the anonymity provided by the Tor network. The vulnerability is a bypass of the NoScript extension that's included by default with all Tor Browser distributions. Once bypassed, an attacker can run malicious code inside the Tor Browser, code that under certain circumstances would have been stopped by NoScript.

"This Tor Browser exploit was acquired by Zerodium many months ago as a zero-day and was shared with our government customers," Zerodium CEO Chaouki Bekrar told ZDNet in an interview. "We have decided to disclose this exploit as it has reached its end-of-life and it's not affecting Tor Browser version 8 which was released last week." The NoScript extension released a patch in record time today to fix the vulnerability, two hours after Zerodium dropped its code on Twitter.

Back in 2014, Mozilla partnered with Bing to translate webpages via Firefox in a similar fashion to Chrome's implementation of Google Translate. The company also added support for Yandex Translate in Firefox 41 in mid-2015, but it went all dark soon after and very few updates were issued. Now, Mozilla is finally starting to add support for Google Translate to the translation engine built into Firefox. gHacks reports: While the feature is not fully functional yet, it is an indicator that Mozilla has not forgotten the translate feature completely. Users who enable the translate functionality in Firefox on about:config will notice that Google is the selected translation engine. Google Translate cannot be used currently in Firefox; the browser throws an error message when you hit the translate button in the UI. Bing and Yandex don't seem to work either at this point in time even though Firefox seems to try and translate the page. The "there has been an error translating this page" error is thrown eventually as well. Google Translate requires API access keys and that is usually only available if companies or users pay for the key. It is unclear if Mozilla plans to make a deal with Google or if users will be required to use their own API keys for the functionality. The latter would surely be very limiting.

An anonymous reader shares a report: When a group of security researchers reported a popular but allegedly dangerous Mac App Store utility to Apple, noting that it secretly sends "highly sensitive user information" to an "unscrupulous" developer, Apple's response for a full month was surprising: "crickets." But after a cluster of bad press today, Apple finally pulled Yongming Zhang's app Adware Doctor: Anti Malware &Ad from the store.

Three researchers, including former NSA staffer Patrick Wardle, Thomas Reed of Malwarebytes, and "privacy fighter" @privacyis1st, said in a blog post today that they reported Adware Doctor last month for sending a user's Safari, Chrome, Firefox, and App Store browsing histories alongside lists of the Mac's apps and running processes to a server in China. Despite receiving confirmation that Apple received the report, the $5 app remained in the App Store -- where it was ranked the number one paid app across all Mac utilities.

The Tor Browser has rolled out a new interface with the release of v8. From a report: The Tor Browser has always been based on the Firefox codebase, but it lagged behind a few releases. Mozilla rolled out a major overhaul of the Firefox codebase in November 2017, with the release of Firefox 57, the first release in the Firefox Quantum series. Firefox Quantum came with a new page rendering engine, a new add-ons API, and a new user interface called the Photon UI. Because these were major, code-breaking changes, it took the smaller Tor team some time to integrate all of them into the Tor Browser codebase and make sure everything worked as intended. The new Tor Browser 8, released yesterday, is now in sync with the most recent version of Firefox, the Quantum release, and also supports all of its features. This means the Tor Browser now uses the same modern Photon UI that current Firefox versions use, it supports the same speed-optimized page rendering engine and has also dropped support for the old XUL-based add-ons system for the new WebExtensions API system used by Chrome, Opera, Vivaldi, Brave, and the rest of the Chromium browsers.

Mark Wilson shares a report from BetaNews: Acknowledging that we are now very much in the streaming age, BitTorrent has launched the first version of Torrent Web. The aim of the browser-based tool is to make torrenting as simple as possible and -- most importantly -- support torrent streaming. It remains to be seen how many people are willing to switch from a dedicated app to a browser-based torrenting experience, but the promise that you can "play while you download, no more staring at progress bars" is certainly alluring. Files are streamable near-instantly as they download, but they are also saved locally in the way you're used to. uTorrent Web is available for Chrome, Firefox, Internet Explorer, Microsoft Edge and Opera and the release finds BitTorrent partnering with Adaware to check torrents for signs of malware, and even download torrents without having to visit websites. Warning: the installer includes (optional) bundleware in the form of Adaware Internet Security and the Opera web browser.

An anonymous reader writes: Mozilla today released Firefox 62 for Windows, Mac, Linux, and Android. The release builds on Firefox Quantum, which the company calls "by far the biggest update since Firefox 1.0 in 2004." Version 62 brings variable fonts, automatic dark theme on macOS, and better scrolling on Android. Firefox 62 for the desktop is available for download now on Firefox.com, and all existing users should be able to upgrade to it automatically. As always, the Android version is trickling out slowly on Google Play. The latest iOS version is available on Apple's App Store.

Google first released its Chrome browser 10 years ago today. Marketed as a "fresh take on the browser," Chrome debuted with a web comic from Google to mark the company's first web browser. From a report: It was originally launched as a Windows-only beta app before making its way to Linux and macOS more than a year later in 2009. Chrome debuted at a time when developers and internet users were growing frustrated with Internet Explorer, and Firefox had been steadily building momentum. Google used components from Apple's WebKit rendering engine and Mozilla's Firefox to help bring Chrome to life, and it made all of Chrome's source code available openly as its Chromium project. Chrome focused on web standards and respected HTML5, and it even passed both the Acid1 and Acid2 tests at the time of its release. This was a significant step as Microsoft was struggling to adhere to open web standards with its Internet Explorer browser.

Another significant part of Chrome's first release was the idea of "sandboxing" individual browser tabs so that if one crashed it wouldn't affect the others. This helped improve the speed and stability of Chrome in general, alongside Google's V8 JavaScript engine that the company constantly tweaked to try and push the web forwards. After a decade of Chrome, this browser now dominates as the primary way most people browse the web. Chrome has secured more than 60 percent of browser market share on desktop, and Google's Chrome engineers continue to improve it with new features and push the latest web standards. To mark the milestone, Google said it would make a surprise announcement on Tuesday -- some improvements coming to Chrome.

Mozilla announced today plans to remove all Firefox legacy add-ons from the official Mozilla add-ons portal in early October. From a report: The move comes after Mozilla updated the Firefox core to use a new add-ons system based on the Chrome-compatible WebExtensions API. This new add-ons API replaced Firefox's old XUL-based add-ons API in November 2017, with the release of Firefox 57. All Firefox legacy add-ons stopped working in Firefox 57, but Mozilla continued to support them in the Firefox Extended Support Release (ESR) 52 branch. Support for Firefox ESR 52 will end on September 5, in two weeks, meaning there won't be any official Firefox version that supports legacy add-ons anymore.