The Mozilla Foundation is pausing accepting donations in cryptocurrency following a backlash from scores of people including a founder of the Mozilla Project. From a report: The foundation, which oversees the development of Firefox browser, on Thursday acknowledged conversations around the environment impact that cryptocurrency potentially pose and said it is reviewing whether its current policy on crypto donations "fits with our climate goals."

The foundation started to face backlash following a tweet late last year that invited people to donate via using a variety of crypto tokens including Bitcoin. In response to it, Jamie Zawinski expressed dismay at the foundation's move. "Everyone involved in the project should be witheringly ashamed of this decision to partner with planet-incinerating Ponzi grifters," he said, adding an expletive.

A user writes: Jamie "jwz" Zawinski, famous for being one of the original Netscape developers, being a founder of the Mozilla project, and for this axiom, has laid into Mozilla after the Firefox developers announced they was accepting Dogecoin, Bitcoin, and Ethereum cryptocurrency payments, via Bitpay, for Mozilla's services and donations. Quote jwz: "I'm here to say fuck you and fuck this. Everyone involved in the project should be witheringly ashamed of this decision to partner with planet-incinerating Ponzi grifters."
UPDATE (1/6/2021): Days later the Mozilla Foundation announced they were instead pausing cryptocurrency donations to review whether the idea "fits with our climate goals."

NBC News writes: VPNs, or virtual private networks, continue to be used by millions of people as a way of masking their internet activity by encrypting their location and web traffic. But on the modern internet, most people can safely ditch them, thanks to the widespread use of encryption that has made public internet connections far less of a security threat, cybersecurity experts say. "Most commercial VPNs are snake oil from a security standpoint," said Nicholas Weaver, a cybersecurity lecturer at the University of California, Berkeley. "They don't improve your security at all...."

Most browsers have quietly implemented an added layer of security in recent years that automatically encrypts internet traffic at most sites with a technology called HTTPS. Indicated by a tiny padlock by the URL, the presence of HTTPS means that worrisome scenario, in which a scammer or a hacker squats on a public Wi-Fi connection in order to watch people's internet habits, isn't feasible. It's not clear that the threat of a hacker at your coffee shop was ever that real to begin with, but it is certainly not a major danger now, Weaver said. "Remember, someone attacking you at the coffee shop needs to be basically at the coffee shop," he said. "I don't know of them ever being used outside of pranks. And those are all irrelevant now with most sites using HTTPS," he said in a text message.

There are still valid uses for VPNs. They're an invaluable tool for getting around certain types of censorship, though other options also exist, such as the Tor Browser, a free web browser that automatically reroutes users' traffic and is widely praised by cybersecurity experts. VPNs are also vital for businesses that need their employees to log in remotely to their internal network. And they're a popular and effective way to watch television shows and movies that are restricted to particular countries on streaming services. But like with antivirus software, the paid VPN industry is a booming global market despite its core mission no longer being necessary for many people.

Most VPNs market their products as a security tool. A Consumer Reports investigation published earlier this month found that 12 of the 16 biggest VPNs make hyperbolic claims or mislead customers about their security benefits. And many can make things worse, either by selling customers' browsing history to data brokers, or by having poor cybersecurity.
The article credits the Electronic Frontier Foundation for popularizing encryption through browser extensions and web site certificates starting in 2010. "In 2015, Google started prioritizing websites that enabled HTTPS in its search results. More and more websites started offering HTTPS connections, and now practically all sites that Google links to do so.

"Since late 2020, major browsers such as Brave, Chrome, Firefox, Safari and Edge all built HTTPS into their programs, making Electronic Frontier Foundation's browser extension no longer necessary for most people."

Mozilla has fixed an issue in its Firefox browser where usernames and passwords were being recorded in the Windows Cloud Clipboard feature, in what the organization categorized as a severe security risk that could have exposed credentials to non-owners whenever users copied or cut a password. From a report: The issue was fixed in Firefox 94, released last month, but was detailed in more depth this week by Mozilla developers. At its core, the bug is related to Windows Cloud Clipboard, a feature added to Windows 10 in September 2018 (v1809 release), a feature that allows users to sync their local clipboard history to their Microsoft accounts. The feature is disabled by default, but once enabled, it allows users to access the cloud clipboard section by pressing the Windows+V shortcut. This grants users access to clipboard data from all devices, but the feature is also used for its clipboard history capabilities, allowing users to go through past items they copied or cut and re-paste the same data in new contexts, making it extremely useful for most IT workers. In a blog post on Wednesday, Mozilla said that they have now modified the Firefox browser so that usernames and passwords copied from the browser's password section (about:logins) won't be stored in the Windows Cloud Clipboard feature, but instead will be stored only locally, in a separate clipboard section.

The Mozilla Foundation today released its financial report for 2020. As usual, this gives us a good picture of the organization's financial health from a year ago, but for the first time this year, Mozilla also provided us with more recent data. From a report: It's no secret that Mozilla recently went through a number of difficult years, with major layoffs in 2020 as it restructured its for-profit arm, Mozilla Corporation. Its flagship Firefox browser, despite a number of technical advances, is also struggling in a marketplace that is now dominated by Chromium-based browsers. Still, in 2020, Mozilla Corporation's revenue was $466 million from its search partnerships (largely driven by its search deal with Google), subscriptions and advertising revenue. That's essentially the same as in 2019, when Mozilla Corporation generated $465 million from these sources.

For 2021, the organization forecasts revenue of over $500 million. What's maybe most important, though, is that Mozilla's new products like its Mozilla VPN service, Firefox Relay Premium, Pocket and other commercial initiatives are slowly but surely starting to pay off. As Mozilla executive VP Angela Plohman and CFO Eric Muhlheim noted in today's announcement, revenue from new product offerings will grow 150% this year and account for 14% of the organization's revenue in 2021. The Mozilla VPN service saw a revenue increase of 450% from 2020 to 2021.

In a recent blog post from the Electronic Frontier Foundation, the digital rights group warns that Google Chrome's latest specification for building Chrome extensions, known as Manifest V3, "is outright harmful to privacy efforts." EFF technologist Daly Barnett writes: Like FLoC and Privacy Sandbox before it, Manifest V3 is another example of the inherent conflict of interest that comes from Google controlling both the dominant web browser and one of the largest internet advertising networks. [...] It will restrict the capabilities of web extensions -- especially those that are designed to monitor, modify, and compute alongside the conversation your browser has with the websites you visit. Under the new specifications, extensions like these -- like some privacy-protective tracker blockers -- will have greatly reduced capabilities. Google's efforts to limit that access is concerning, especially considering that Google has trackers installed on 75% of the top one million websites.

It's also doubtful Mv3 will do much for security. Firefox maintains the largest extension market that's not based on Chrome, and the company has said it will adopt Mv3 in the interest of cross-browser compatibility. Yet, at the 2020 AdBlocker Dev Summit, Firefox's Add-On Operations Manager said about the extensions security review process: "For malicious add-ons, we feel that for Firefox it has been at a manageable level... since the add-ons are mostly interested in grabbing bad data, they can still do that with the current webRequest API that is not blocking." In plain English, this means that when a malicious extension sneaks through the security review process, it is usually interested in simply observing the conversation between your browser and whatever websites you visit. The malicious activity happens elsewhere, after the data has already been read. A more thorough review process could improve security, but Chrome hasn't said they'll do that. Instead, their solution is to restrict capabilities for all extensions.

As for Chrome's other justification for Mv3 -- performance -- a 2020 study (PDF) by researchers at Princeton and the University of Chicago revealed that privacy extensions, the very ones that will be hindered by Mv3, actually improve browser performance. The development specifications of web browser extensions may seem in the weeds, but the broader implications should matter to all internet citizens: it's another step towards Google defining how we get to live online. Considering that Google has been the world's largest advertising company for years now, these new limitations are paternalistic and downright creepy.

Mozilla has announced through its Mozilla Hacks blog that it plans to ship a 'novel sandboxing technology' called RLBox with Firefox 95 which it has been developing alongside researchers from the University of California San Diego and the University of Texas. From a report: It said RLBox makes it easier to isolate subcomponents of the browser efficiently and gives Mozilla more options than traditional sandboxing granted it. Mozilla said this new method of sandboxing, which uses WebAssembly to isolate potentially-buggy code, builds on a prototype that was shipped in Firefox 74 and Firefox 75 to Linux and Mac users respectively. With Firefox 95, RLBox will be deployed on all supported Firefox platforms including desktop and mobile to isolate three different modules: Graphite, Hunspell, and Ogg. With Firefox 96, two more modules, Expat and Woff2, will also be isolated.

Microsoft is backtracking on changes it made to Windows 11 that made it more difficult to switch default browsers. From a report: A new test build of Windows 11 now allows users of Chrome, Firefox, and other browsers to set a default browser with a single button, which is a far simpler process. Rafael Rivera, developer of the excellent EarTrumpet Windows app, discovered the new Windows 11 changes earlier this week. Instead of having to change individual file extensions or protocol handlers for HTTP, HTTPS, .HTML, and .HTM, Windows 11 now offers a simple button that lets people switch default browsers in a similar way to Windows 10. Microsoft has confirmed the changes are intentional and are currently being tested. "In the Windows 11 Insider Preview Build 22509 released to the Dev Channel on Wednesday, we streamlined the ability for a Windows Insider to set the 'default browser' to apps that register for HTTP:, HTTPS:, .HTM, and .HTML," explains Aaron Woodman, vice president of Windows marketing, in a statement to The Verge. "Through the Windows Insider Program you will continue to see us try new things based on customer feedback and testing."

A new browser extension promises to show you which products in your Amazon search results are sold by brands that are either owned by or are exclusive to Amazon, giving you a better idea of who's selling what you're buying. The Verge reports: It's called Amazon Brand Detector, and it uses a list of Amazon brands created by The Markup, along with filters and other techniques (detailed here) to detect and highlight products that are a part of Amazon's Our Brands program. The Markup created this extension after its investigation into how Amazon ranks its in-house brands in search results and says the tool (available for Chrome-like browsers and Firefox) is designed to make searches more transparent. When we tested it, it obviously highlighted Amazon Basics and Essentials products, but it also drew attention to results that were otherwise indistinguishable from ones not affiliated with Amazon: a dog leash labeled as being made by Panykoo, socks by Teebulen, a sweater by Ofeefan.

While Amazon marked some of those results as "featured from our brands," that wasn't the case for all of them. That advisory text is also small and grey, making it easy to miss if you're casually browsing (especially since there may not be any notice of the affiliation on the actual product page), and it didn't show up on every result the tool highlighted. Amazon isn't necessarily shadowy about these brands: it has a page that lists its "private and select exclusive brands," many of which have legit-sounding names: Happy Belly, Wag, Nature's Wonder. Some are private labels owned by Amazon, where some are "curated selections" sold exclusively on Amazon but not necessarily operated by the company. According to The Markup, the extension "does not collect any data" and should be compatible with other extensions.

Mozilla announced last week via a support article that its Firefox Lockwise password manager app will reach end-of-life on December 13th. The final release versions are 1.8.1 (iOS) and 4.0.3 (Android) and will no longer be available to download or reinstall after that date. The Verge reports: What started in 2018 as a small experimental mobile app called Lockbox ended up bringing a way to access saved passwords and perform autofills on iOS, Android, and desktop devices to a small but enthusiastic following of Firefox fans. The app was also later adapted as a Firefox extension. It seemed like it was apt to stick around for the long run.

The support article recommends that users continue accessing passwords using the native Firefox browsers on desktop and mobile. In an added note on the support site, Mozilla suggests that later in December, the Firefox iOS app will gain the ability to manage Firefox passwords systemwide. The note alludes to Mozilla adopting the features of Lockwise and eventually integrating them into the Firefox browser apps natively on all platforms.

Thousands of Firefox cookie databases containing sensitive data are available on request from GitHub repositories, data potentially usable for hijacking authenticated sessions. The Register reports: These cookies.sqlite databases normally reside in the Firefox profiles folder. They're used to store cookies between browsing sessions. And they're findable by searching GitHub with specific query parameters, what's known as a search "dork." Aidan Marlin, a security engineer at London-based rail travel service Trainline, alerted The Register to the public availability of these files after reporting his findings through HackerOne and being told by a GitHub representative that "credentials exposed by our users are not in scope for our Bug Bounty program."

Marlin then asked whether he could make his findings public and was told he's free to do so. "I'm frustrated that GitHub isn't taking its users' security and privacy seriously," Marlin told The Register in an email. "The least it could do is prevent results coming up for this GitHub dork. If the individuals who uploaded these cookie databases were made aware of what they'd done, they'd s*** their pants."

Marlin acknowledges that affected GitHub users deserve some blame for failing to prevent their cookies.sqlite databases from being included when they committed code and pushed it to their public repositories. "But there are nearly 4.5k hits for this dork, so I think GitHub has a duty of care as well," he said, adding that he's alerted the UK Information Commissioner's Office because personal information is at stake. Marlin speculates that the oversight is a consequence of committing code from one's Linux home directory. "I imagine in most of the cases, the individuals aren't aware that they've uploaded their cookie databases," he explained. "A common reason users do this is for a common environment across multiple machines."

Mozilla launched Firefox Relay as a free product that gives you five email aliases you can use every time you need to sign up for a random account online. From a report: Now, the organization has introduced a paid Premium tier for the service that will give you access to even more aliases. You'll get your own subdomain (yourdomain.mozmail.com) when you subscribe, and you'll be able to create an unlimited number of emails. The tier will also give you access to a summary dashboard with the emails you make, the option to use your aliases when you reply to messages and a 150 kb attachment allowance. After you sign up for Relay, you'll have to install its Firefox extension to be able to take advantage of its features. Every time you visit a website that asks for an email address, the Relay icon will appear on your browser, and you can click it to generate a random address.The service will forward messages you get using your aliases to your primary email account, and you can block all messages from coming in or even delete the alias when it starts getting spam. Mozilla didn't say how much a Premium subscription will cost in the future, but it's offering the tier at an introductory price of $1/EUR1 per month for a limited time.

The creator of EdgeDeflector said this week that the latest Insider build of Windows 11 now blocks all default browser workarounds. If this functionality makes its way to the finished product, it will mark a new, dark chapter for Microsoft, which told the media at the Windows 11 launch that it was aware that it had made changing app defaults pointlessly difficult, but that it had not done so maliciously and would fix it. This is the opposite of that claim. From a report: "Something changed between Windows 11 builds 22483 and 22494 (both Windows Insider Preview builds)," EdgeDeflector creator Daniel Aleksandersen writes in a new blog entry. "The build changelog ... omitted the headline news: you can no longer bypass Microsoft Edge using apps like EdgeDeflector."

Microsoft not communicating effectively? I find that hard to believe. Cough. But Microsoft moving to make Windows 11 behave even more maliciously towards its users and browser rivals? That I have a hard time with. Basically, EdgeDeflector, as well as third-party browsers like Mozilla Firefox and Brave, intercept OS-level URL requests that force you to use Microsoft Edge even when you have gone through the incredibly ponderous steps to make a non-Edge browser the default in Windows 11. But in the latest Insider Preview build, Microsoft is changing how these URL requests work. And it's no longer possible to intercept URL requests that force users to use Edge instead of their default browser. (In the Insider builds. This functionality will come to mainstream users in the coming months unless we can change Microsoft's collective mind.)

In case you missed it, Google officially ended support for its Bookmarks service on September 30, 2021. But fear not, you can still export your bookmarks if you haven't already. Long-time Slashdot reader GPS Pilot writes: Google has dropped support for yet another one of its services. If you're like me, you don't visit Google Bookmarks very often, so you're not aware that Google dropped support on September 30th, 2021. The service still had its uses -- like being able to access a collection of bookmarks across different browsers, or when you're using a strange computer. You can still export your Google bookmarks to alternative services that are "arguably better." Some Google Bookmarks alternatives include Saved, Raindrop, Pinboard, and Mozilla Pocket. Which bookmark manager is your favorite?

Scott Gilbertson, writing for The Register: The legacy of Internet Explorer 6 haunts web developer nightmares to this day. Microsoft's browser of yore made their lives miserable and it's only slightly hyperbolic to say it very nearly destroyed the entire internet. It really was that bad, kids. It made us walk to school in the snow. Uphill. Both ways. You wouldn't understand. Or maybe you would. Today developers who want to use "cutting-edge" web APIs find themselves resorting to the same kind of browser-specific workarounds, but this time the browser dragging things down comes from Apple. Apple's Safari lags considerably behind its peers in supporting web features. Whether it's far enough behind to be considered "the new IE" is debatable and may say more about the shadow IE still casts across the web than it does about Safari. But Safari -- or more specifically the WebKit engine that powers it -- is well behind the competition. According to the Web Platform Tests dashboard, Chrome-based browsers support 94 per cent of the test suite, and Firefox pulls off 91 per cent, but Safari only manages 71 per cent.

On the desktop this doesn't matter all that much because users can always switch to Google Chrome (or even better, Vivaldi). On iOS devices, however, that's not possible. According to Apple's App Store rules: "apps that browse the web must use the appropriate WebKit framework and WebKit Javascript." Every iPhone user is a Safari/WebKit user whether they use Safari or Chrome. Apple has a browser monopoly on iOS, which is something Microsoft was never able to achieve with IE. In Windows you could at least install Firefox. If you do that on iOS it might say Firefox, but you're still using WebKit. The reality is if you have an iOS device, you use Safari and are bound by its limitations. Another thing web developers find distressing is Apple's slow development cycle. Apple updates Safari roughly every six months at best. Blink-based browsers update every six weeks (soon every four), Firefox releases every four weeks, and Brave releases every three. This means that not only is Apple slow to add new features, but its development cycle means that even simple bug fixes have to wait a long time before they actually land on users' devices. Safari workarounds are not quick fixes. If your website is affected by a Safari bug, you can expect to wait up to a year before the problem is solved. One theme that emerges when you dig into the Web Platform Tests data on Safari's shortcomings is that even where WebKit has implemented a feature, it's often not complete.

Andrew Cunningham writes via Ars Technica: It has been well over a decade since PowerPC Macs roamed the earth -- so long that the Intel Macs that replaced them are themselves being replaced by something else. But to this day, there's a small community of people still developing software for PowerPC Macs and Mac OS 9. One of those projects was TenFourFox, a fork of the Firefox browser for G3, G4, and G5-based PowerPC Macs running Mac OS X 10.4 or 10.5. Maintained primarily by Cameron Kaiser, the TenFourFox project sprang up in late 2010 after Mozilla pulled PowerPC support from Firefox 4 during its development. And amazingly, the browser has continued to trundle on ever since.

But continuing to backport Firefox features to aging, stuck-in-time PowerPC processors only got more difficult as time went on. And in March of this year, Kaiser announced that TenFourFox updates would be ending after over a decade of development. The final planned release of TenFourFox was earlier this month. Kaiser's full post is long, but it's worth a read for vintage-computer enthusiasts or anyone who works on software -- Kaiser expresses frustration with the realities of developing and supporting a niche app, but he also highlights TenFourFox's impressive technical achievements and ruminates on the nature of the modern Internet and open source software development [...].

Kaiser doesn't intend to fully halt work on the browser, but he is downshifting it into what he calls "hobby mode." He will continue to backport security patches from newer ESR releases of Firefox and post them to the TenFourFox Github page, but anyone who wants to use these will need to build the app themselves. Kaiser also won't commit to providing support for these additions or providing them on any kind of schedule. Other developers are also welcome to continue to release TenFourFox builds on their own.

Following a brief beta-testing period, Ubuntu 21.10 has finally become available to download in the "final" stable form. BetaNews: Code-named "Impish Indri," this version of Ubuntu is not a Long Term Support (LTS) version, so it is only supported for nine months. Ubuntu 21.10 features Linux kernel 5.13 and a Snap variant of the Mozilla Firefox browser. "Ubuntu 21.10 brings the all-new PHP 8 and GCC 11 including full support for static analysis, greatly improving everyday developer security awareness in low-level programming. With Gnome 40 desktop users gain dynamic workspaces and touchpad gestures. The new Firefox snap, published by Mozilla, improves security and guarantees access to both the latest and the extended support release versions of the browser. The exact same versions of the browser are available on multiple different versions of Ubuntu, simplifying enterprise developer platform management," says Canonical.

The best part of Windows 11 is Linux, argues Ars Technica: For years now, Windows 10's Windows Subsystem for Linux has been making life easier for developers, sysadmins, and hobbyists who have one foot in the Windows world and one foot in the Linux world. But WSL, handy as it is, has been hobbled by several things it could not do. Installing WSL has never been as easy as it should be — and getting graphical apps to work has historically been possible but also a pain in the butt that required some fairly obscure third-party software. Windows 11 finally fixes both of those problems. The Windows Subsystem for Linux isn't perfect on Windows 11, but it's a huge improvement over what came before.

Microsoft has traditionally made installing WSL more of a hassle than it should be, but the company finally got the process right in Windows 10 build 2004. Just open an elevated Command prompt (start --> type cmd --> click Run as Administrator), type wsl --install at the prompt, and you're good to go. Windows 11, thankfully, carries this process forward unchanged. A simple wsl --install with no further arguments gets you Hyper-V and the other underpinnings of WSL, along with the current version of Ubuntu. If you aren't an Ubuntu fan, you can see what other easily installable distributions are available with the command wsl --list --online. If you decide you'd prefer a different distro, you can install it instead with — for example — wsl --install -d openSUSE-42. If you're not sure which distribution you prefer, don't fret. You can install as many as you like, simply by repeating wsl --list --online to enumerate your options and wsl --install -d distroname to install whichever you like. Installing a second distribution doesn't uninstall the first; it creates a separate environment, independent of any others. You can run as many of these installed environments as you like simultaneously, without fear of one messing up another.

In addition to easy installation, WSL on Windows 11 brings support for both graphics and audio in WSL apps. This isn't exactly a first — Microsoft debuted WSLg in April, with Windows 10 Insider Build 21364. But Windows 11 is the first production Windows build with WSLg support. If this is your first time hearing of WSLg, the short version is simple: you can install GUI apps — for example, Firefox — from your Ubuntu (or other distro) command line, and they'll work as expected, including sound. When I installed WSLg on Windows 11 on the Framework laptop, running firefox from the Ubuntu terminal popped up the iconic browser automatically. Heading to YouTube in it worked perfectly, too, with neither frame drops in the video nor glitches in the audio....

[T]here is one obvious "killer app" for WSLg that has us excited — and that's virt-manager, the RedHat-originated virtualization management tool. virt-manager is a simple tool that streamlines the creation, management, and operation of virtual machines using the Linux Kernel Virtual Machine... virt-manager never got a Windows port and seems unlikely to. But it runs under WSLg like a champ.
They reported a few problems, like when running GNOME's Software Center app (and the GNOME shell desktop environment).

But "If you're already a Windows Subsystem for Linux (WSL) user, Windows 11 offers an enormously improved experience compared to what you're accustomed to from Windows 10. It installs more easily, makes more functionality available, and offers better desktop integration than older workarounds such as running MobaXTerm's X11 server."

An anonymous reader quotes a report from How-To Geek: Firefox now sends more data than you might think to Mozilla. To power Firefox Suggest, Firefox sends the keystrokes you type into your address bar, your location information, and more to Mozilla's servers. Here's exactly what Firefox is sharing and how to control it. This change was made as part of the introduction of Firefox Suggest in Firefox 93, released on October 5, 2021. As part of Firefox Suggest, Firefox is getting ads in your search bar -- but that's not the only thing that will be news to longtime Firefox users. According to Mozilla, "Firefox Suggest acts as a trustworthy guide to the better web, surfacing relevant information and sites to help people accomplish their goals." In reality, what that means is, when you start typing in your address bar, you won't just see the standard search suggestions from Google or your current search default engine. You'll also see "Firefox Suggest" results pointing to web pages. Some of them are sponsored ads, but you can disable the ads.

Firefox Suggest is on by default. Mozilla's blog post on the subject says Firefox Suggest is an "opt-in experience," which was the case in September 2021 -- but it's now enabled by default in Firefox 93. However, as of Firefox 93's release in October 2021, Firefox Suggest is only enabled in the USA -- for now. It's worth noting that, for many years, Firefox and other web browsers have had search suggestions in their address bar. So, when you start typing "win" in your address bar, you may see suggestions for "Windows 11" and "Window repair." This is accomplished by sending keystrokes to your default search engine as you type in the search bar, as Mozilla's support site explains. Mozilla is also providing contextual suggestions, for which it needs more data, including the city you're located in and whether you're clicking its suggestions.

You can disable Firefox's suggested results, if you like. This will stop Mozilla from collecting the data you type in your search bar, and it will also disable the suggested results and ads. To do so, open Firefox and click menu [and then] Settings. Select "Privacy [and] Security" in the left pane, and scroll down to "Address Bar -- Firefox Suggest." Disable "Contextual suggestions" and "Include occasional sponsored suggestions" to stop Firefox from sending data to Mozilla.

waspleg writes: Mozilla is now showing ads in the form of sponsored Firefox contextual suggestions when U.S. users type in the URL address bar. Mozilla says the feature was introduced with Firefox 92 in September to fund development and optimization. Mozilla describes Firefox Suggest contextual suggestions as opt-in, in BleepingComputer's tests and from what users have reported, the feature is on by default.

Furthermore, Firefox doesn't tag the ads displayed via Firefox Suggest. There is no clear way to identify what a sponsored suggestion and what a regular unsponsored suggestion should look like.

The only way Firefox users will know whether a sponsored suggestion is an ad would be by looking at the URL, but, in many cases, the URL is not clearly visible.