When Facebook went down yesterday for nearly six hours, so did Oculus' services. Since Facebook owns VR headset maker Oculus, and controversially requires Oculus Quest users to log in with a Facebook account, many Quest owners reported not being able to load their Oculus libraries. "[A]nd those who just took a Quest 2 out of the box have reported that they're unable to complete the initial setup," adds PCGamer. As VRFocus points out, "the issue has raised another important question relating to Oculus' services being so closely linked with a Facebook account, your Oculus Quest/Quest 2 is essentially bricked until services resume." From the report: This vividly highlights the problem with having to connect to Facebook's services to gain access to apps -- the WiFi connection was fine. Even all the ones downloaded and taking up actual storage space didn't show up. It's why some VR fans began boycotting the company when it made all mandatory that all Oculus Quest 2's had to be affiliated with a Facebook account. If you want to unlink your Facebook account from Oculus Quest and don't want to pay extra for that ability, you're in luck thanks to a sideloadable tool called "Oculess." From an UploadVR article published earlier today: You still need a Facebook account to set up the device in the first place and you need to give Facebook a phone number or card details to sideload, but after that you could use Oculess to forgo Facebook entirely -- just remember to never factory reset. The catch is you'll lose access to Oculus Store apps because the entitlement check used upon launching them will no longer function. System apps like Oculus TV and Browser will also no longer launch, and casting won't work. You can still sideload hundreds of apps from SideQuest though, and if you want to keep browsing the web in VR you can sideload Firefox Reality. You can still use Oculus Link to play PC VR content, but only if you stay signed into Facebook on the Oculus PC app. Virtual Desktop won't work because it's a store app, but you can sideload free alternatives such as ALVR.

To use Oculess, just download it from GitHub and sideload it using SideQuest or Oculus Developer Hub, then launch it from inside VR. If your Quest isn't already in developer mode or you don't know how to sideload you can follow our guide here.

The Record reports: The Electronic Frontier Foundation said it is preparing to retire the famous HTTPS Everywhere browser extension after HTTPS adoption has picked up and after several web browsers have introduced HTTPS-only modes." "After the end of this year, the extension will be in 'maintenance mode' for 2022," said Alexis Hancock, Director of Engineering at the EFF. Maintenance mode means the extension will receive minor bug fixes next year but no new features or further development.

No official end-of-life date has been decided, a date after which no updates will be provided for the extension whatsoever.

Launched in June 2010, the HTTPS Everywhere browser extension is one of the most successful browser extensions ever released. The extension worked by automatically switching web connections from HTTP to HTTPS if websites had an HTTPS option available. At the time it was released, it helped upgrade site connections to HTTPS when users clicked on HTTP links or typed domains in their browser without specifying the "https://" prefix. The extension reached cult status among privacy advocates and was integrated into the Tor Browser and, after that, in many other privacy-conscious browsers. But since 2010, HTTPS is not a fringe technology anymore. Currently, around 86.6% of all internet sites support HTTPS connections. Browser makers such as Chrome and Mozilla previously reported that HTTPS traffic usually accounts for 90% to 95% of their daily connections.
From EFF's announcement: The goal of HTTPS Everywhere was always to become redundant. That would mean we'd achieved our larger goal: a world where HTTPS is so broadly available and accessible that users no longer need an extra browser extension to get it. Now that world is closer than ever, with mainstream browsers offering native support for an HTTPS-only mode.

With these simple settings available, EFF is preparing to deprecate the HTTPS Everywhere web extension as we look to new frontiers of secure protocols like SSL/TLS... We know many different kinds of users have this tool installed, and want to give our partners and users the needed time to transition.
The announcement also promises to inform users of browser-native HTTPS-only options before the day when the extension reaches its final sunsetting — and ends with instructions for how to activate the native HTTPS-only features in Firefox, Chrome, Edge, and Safari, "and celebrate with us that HTTPS is truly everywhere for users."

An anonymous reader quotes the Record: An Irish man who ran a cheap dark web hosting service has been sentenced today to 27 years in prison for turning a blind eye to customers hosting child sex abuse material. Eric Eoin Marques, 36, from Dublin, operated the Freedom Hosting service between July 2008 and July 2013, when he was arrested following an FBI investigation.

"The investigation revealed that the hosting service contained over 200 child exploitation websites that housed millions of images of child exploitation material," the US Department of Justice said today, announcing Marques' sentencing. "Over 1.97 million of these images and/or videos were not previously known by law enforcement," officials said.
Flashback to 2013: [T]he FBI yesterday acknowledged that it secretly took control of Freedom Hosting last July, days before the servers of the largest provider of ultra-anonymous hosting were found to be serving custom malware designed to identify visitors. Freedom Hosting's operator, Eric Eoin Marques, had rented the servers from an unnamed commercial hosting provider in France, and paid for them from a bank account in Las Vegas.

It's not clear how the FBI took over the servers in late July, but the bureau was temporarily thwarted when Marques somehow regained access and changed the passwords, briefly locking out the FBI until it gained back control. The new details emerged in local press reports from a Thursday bail hearing in Dublin, Ireland, where Marques, 28, is fighting extradition to America on charges that Freedom Hosting facilitated child pornography on a massive scale...

Security researchers dissected the code and found it exploited a security hole in Firefox to identify users of the Tor Browser Bundle, reporting back to a mysterious server in Northern Virginia. The FBI was the obvious suspect, but declined to comment on the incident. The FBI also didn't respond to inquiries from WIRED today. But FBI Supervisory Special Agent Brooke Donahue was more forthcoming when he appeared in the Irish court yesterday to bolster the case for keeping Marque behind bars."

"Mozilla is running an experiment on 1% of the Firefox desktop population currently, which sets the default search engine to Bing in the web browser," reports Ghacks: [I]n most regions, it is Google Search. Mozilla and Google extended the search deal in 2020 for another three years. Google is paying Mozilla "between $400 and $450 million per year" so that its search engine is the default in Firefox in most regions. Google has been Firefox's default search engine since 2017, when Mozilla ended its search deal with Yahoo early.

Firefox users may change the default search engine to one of the other engines that are included by default, or an engine that is not included but can be added...

The study started on September 6 and it will run until early 2022, likely January 2022. About 1% of Firefox desktop users may notice that the default search engine is changed when the installation of Firefox is picked for the experiment.

Tip: load about:studies in the Firefox address bar to list the studies that the browser us currently taking part in and has completed already. Firefox users who don't want to participate in studies can disable the preference "Allow Firefox to install and run studies" on about:preferences#privacy.

Mozilla has quietly made it easier to switch to Firefox on Windows recently. From a reporrt: While Microsoft offers a method to switch default browsers on Windows 10, it's more cumbersome than the simple one-click process to switch to Edge. This one-click process isn't officially available for anyone other than Microsoft, and Mozilla appears to have grown tired of the situation. In version 91 of Firefox, released on August 10th, Mozilla has reverse engineered the way Microsoft sets Edge as default in Windows 10, and enabled Firefox to quickly make itself the default. Before this change, Firefox users would be sent to the Settings part of Windows 10 to then have to select Firefox as a default browser and ignore Microsoft's plea to keep Edge. Mozilla's reverse engineering means you can now set Firefox as the default from within the browser, and it does all the work in the background with no additional prompts. This circumvents Microsoft's anti-hijacking protections that the company built into Windows 10 to ensure malware couldn't hijack default apps. Microsoft tells us this is not supported in Windows.

This weekend finds some long-time Slashdot readers debating why research shows Firefox losing market share. Long-time Slashdot reader chiguy shares one theory: "Firefox keeps losing users, according to this rant, because it arrogantly refuses to listen to its users."

Slashdot reader BAReFO0t countered that that can't be the reason, "because Google does that too." (They blame Chrome's "feature" addition treadmill, where "they keep adding stupid kitchen sinks for the sole and only purpose to make others unable to keep up.")

Long-time Slashdot reader Z00L00K thinks that "All those totally unnecessary UI changes are what REALLY annoys users. Not only the immediately visible things in the header but also the renaming of items in the menus just bugs people." But long-time Slashdot reader AmiMoJo argues that "the most popular browser, Chrome, has all those things. In fact all the browsers that are more popular than Firefox do, so the idea that those are unpopular and driving people away doesn't really hold up... Firefox's decline is mostly due to Chrome just being really good, and [Firefox] not having a decent mobile version."

I'm still a loyal Firefox user. (Although the thing that annoyed me was when Firefox suddenly changed the keyboard shortcut for copying a link from CNTRL-A to CNTRL-L.) The "rant" at ItsFoss argues that Firefox's original sin was in 2009 when it decided to move tabs to the top of the browser, and when favorite features could no longer be re-enabled in Firefox's about:config file. But that's what I like about Firefox -- at it's best, it's ultimately customizable, with any feature you want easily enabled in what's essentially an incredibly detailed "preferences" menu. Maybe other browsers are just better at attracting new users through purely mechanical advantages like default placement on popular systems?

Long-time Slashdot reader zenlessyank is also a long-time Firefox user -- "Been using it since Netscape" -- and countered all the doubters with a comment headlined "Firefox rocks!"

"Doesn't matter to me how many other users there are or aren't I will still use it as long as it stays updated."

But what are your thoughts? Feel free to share your own opinions and experiences with Firefox in the comments.

"Recently, browsing leader Mozilla shared the result of an independent security audit on its VPN service," reports Fossbytes.

"Upon inspection, a few vulnerabilities were discovered in the VPN, one of which was reportedly a major risk." In a blog post, Mozilla shared that Cure53, a Berlin-based cybersecurity firm, had identified and fixed the security vulnerabilities in its VPN... The most severe issue, labeled "FVP-02-014," made the user vulnerable to cross-site WebSocket hijacking. Moreover, the medium-risk vulnerabilities revolved around "VPN leak via captive portal detection" and "Auth code leak" by injecting the port. However, these sophisticated terms shouldn't worry you anymore as Cure53 has already addressed these weaknesses. There has also been no mention of any Mozilla VPN users falling victim to these either.

The Firefox developer's public post that outlines the security flaws detected by the German firm provides users an insight into the potential risks of using a VPN. Moreover, these audits also help Mozilla iron out any issues that its one-year-old VPN service might have.

Mozilla developers are putting the finishing touches on a new feature that will block insecure file downloads in Firefox. From a report: Called mixed content downloaded blocking, the feature works by blocking files downloads initiated from an encrypted HTTPS page but which actually take place via an unencrypted HTTP channel. The idea behind this feature is to prevent Firefox users from getting misled by the URL bar and think they're downloading a file securely via HTTPS when, in reality, the file could be tampered with by third parties while in transit.

Microsoft's upcoming release of Windows 11 will make it even harder to switch default browsers and ignores browser defaults in new areas of the operating system. While Microsoft is making many positive changes to the Windows 11 UI, the default apps experience is a step back and browser competitors like Mozilla, Opera, and Vivaldi are concerned. From a report: In Windows 11, Microsoft has changed the way you set default apps. Like Windows 10, there's a prompt that appears when you install a new browser and open a web link for the first time. It's the only opportunity to easily switch browsers, though. Unless you tick "always use this app," the default will never be changed. It's incredibly easy to forget to toggle the "always use this app" option, and simply launch the browser you want from this prompt and never see this default choice again when you click web links.

If you do forget to set your default browser at first launch, the experience for switching defaults is now very confusing compared to Windows 10. Chrome and many other rival browsers will often prompt users to set them as default and will throw Windows users into the default apps part of settings to enable this. Microsoft has changed the way default apps are assigned in Windows 11, which means you now have to set defaults by file or link type instead of a single switch. In the case of Chrome, that means changing the default file type for HTM, HTML, PDF, SHTML, SVG, WEBP, XHT, XHTML, FTP, HTTP, and HTTPS. Firefox's statement: We have been increasingly worried about the trend on Windows. Since Windows 10, users have had to take additional and unnecessary steps to set and retain their default browser settings. These barriers are confusing at best and seem designed to undermine a user's choice for a non-Microsoft browser.

Mozilla has launched an experiment where they change the Firefox browser user agent to a three-digit "Firefox/100.0" version to see if it will break websites. Bleeping Computer reports: A user agent is a string used by a web browser that includes information about the software, including its name, version, and technologies that it uses. When a new version of a browser is released, the developers also increment the version number in the user agent string. When visiting a website, the user agent strings are sent to a website so that the site knows the software capabilities of the visitor. This information allows the website to modify its response to account for different features of browsers.

As Firefox version numbers are currently two digits, Mozilla developers are investigating if anything breaks when they release Firefox Nightly version 100 in March 2022. "We would like to run an experiment to test whether a UA string with a three-digit Firefox version number will break many sites," Mozilla Staff Engineering Program Manager Chris Peterson said in a bug post first spotted by Techdows. "This new temporary general.useragent.experiment.firefoxVersion pref can override the UA string's Firefox version." When conducting the test, an enrolled Firefox user will have their user agent changed to the following string with the hopes that if anything breaks, they will report it to Mozilla: "Mozilla/5.0 (Windows NT 10.0; rv:100.0) Gecko/20100101 Firefox/100.0."

WIth the release of Firefox 91 on Tuesday, Mozilla has introduced a bigger hammer for smashing the cookies that websites, advertisers and tracking companies can use to record your online behavior. From a report: The new feature, called enhanced cookie clearing, is designed to block tracking not just from a website, but also from third parties whose code appears on the site. The technology is designed to let you clear cookies for a particular website but also the more aggressive "supercookies" designed to evade lesser privacy protections. The feature is an option if you enable Firefox's strict mode for cookie handling, which partitions website data into separate storage containers. "You can easily recognize and remove all data a website has stored on your computer, without having to worry about leftover data from third parties embedded in that website," Mozilla said in a blog post.

An anonymous reader quotes a report from It's FOSS, written by Ankush Das: Mozilla's Firefox is the only popular alternative to Chromium-based browsers. It has been the default choice for Linux users and privacy-conscious users across every platform. However, even with all benefits as one of the best web browsers around, it is losing its grip for the past few years. I came across a Reddit thread by u/nixcraft, which highlighted more details on the decline in the userbase of Firefox since 2018. And surprisingly, the original source for this information is Firefox's Public Data Report.

As per the official stats, the reported number of active (monthly) users was about 244 million at the end of 2018. And, it seems to have declined to 198 million at the end of Q2 2021. So, that makes it a whopping ~46 million decline in the userbase. Considering 2021 is the year when privacy-focused tools saw a big boost in their userbase, Mozilla's Firefox is looking at a constant decline. Especially when Firefox manages to introduce some industry-first privacy practices. Quite the irony, eh? Just for fun, here's a timeline of our stories reporting on Firefox's download milestones from the mid-2000s:

September 19, 2004: 1 Million Firefoxes in 4 Days
December 12, 2004: Firefox Reaches 10 Million Downloads
February 17, 2005: Firefox Breaks 25 Million Downloads
April 26, 2005: Firefox nears 50 Million Downloads
July 29, 2005: Firefox Downloads Reach 75 Million
October 19, 2005: Firefox Tops 100 Million Downloads
September 11, 2007: Firefox Hits 400 Million Downloads
July 3, 2008: Firefox Breaks 8 Million, Gets Into Guinness

A post on Mozilla's security blog calls FTP "by now one of the oldest protocols still in use" — and it's suffering from "a number of serious security issues." The biggest security risk is that FTP transfers data in cleartext, allowing attackers to steal, spoof and even modify the data transmitted. To date, many malware distribution campaigns launch their attacks by compromising FTP servers and downloading malware on an end user's device using the FTP protocol.

Aligning with our intent to deprecate non-secure HTTP and increase the percentage of secure connections, we, as well as other major web browsers, decided to discontinue support of the FTP protocol. Removing FTP brings us closer to a fully-secure web which is on a path to becoming HTTPS only and any modern automated upgrading mechanisms such as HSTS or also Firefox's HTTPS-Only Mode, which automatically upgrade any connection to become secure and encrypted do not apply to FTP.

The FTP protocol itself has been disabled by default since version 88 and now the time has come to end an era and discontinue the support for this outdated and insecure protocol — Firefox 90 will no longer support the FTP protocol.

Firefox 90 introduces the next version of SmartBlock, the browser's tracker blocking mechanism built into its private browsing and strict modes, which now has improvements designed to prevent buttons that let you log into websites using your Facebook account from breaking, Mozilla announced on Tuesday. From a report: SmartBlock was first introduced with Firefox 87 in March, and if you aren't familiar, here's Mozilla's description of how it works, from the company's blog: "SmartBlock intelligently fixes up web pages that are broken by our tracking protections, without compromising user privacy. SmartBlock does this by providing local stand-ins for blocked third-party tracking scripts. These stand-in scripts behave just enough like the original ones to make sure that the website works properly. They allow broken sites relying on the original scripts to load with their functionality intact." Sometimes, though, the feature would break Facebook login buttons. In a new blog post, Mozilla's Tom Wisniewski and Arthur Edelstein explain why this would happen, using an example of trying to log in to Etsy.

"New data from Statcounter shows that Edge has now overtaken established rival Firefox in the rankings," reports TechRadar: In recent months, the pair have been neck-and-neck, but Microsoft's browser has now put daylight between itself and Firefox. Figures for June suggest Microsoft Edge now holds 3.4% of the browser market, while Firefox has slipped to 3.29%, continuing a downward trajectory that has seen the browser either lose or maintain market share in ten of the last twelve months.

The change pushes Edge into third position in the browser rankings, behind only Chrome (65.27%) and Safari (18.34%). Launched in January 2020, the new Chromium-based Edge got off to a slow start, but began to gather momentum as the year progressed. Since last summer, the browser's market share has more than tripled.

The increase in adoption can be attributed in part to renewed marketing efforts, but also to improvements that brought the experience in line with other modern web browsers.
That may be true, but the article also acknowledges that it was just last month that Microsoft began rolling out Edge to all Windows PCs (via Windows 10 updates), "expanding the install base by millions almost overnight.

"Now, Microsoft is doing everything in its power to encourage users to abandon Internet Explorer in favor of Edge, such as removing support for Microsoft 365 web apps and automatically launching certain web pages in the new browser."

In a few weeks, Firefox will start the by-default rollout of DNS over HTTPS (or DoH for short) to its Canadian users in partnership with local DoH provider CIRA, the Canadian Internet Registration Authority. From a report: DoH will first become a default for 1% of Canadian Firefox users on July 20 and will gradually reach 100% of Canadian Firefox users in late September 2021 -- thereby further increasing their security and privacy online. This follows the by-default rollout of DoH to US users in February 2020. As part of the rollout, CIRA joins Mozilla's Trusted Recursive Resolver (TRR) Program and becomes the first internet registration authority and the first Canadian organization to provide Canadian Firefox users with private and secure encrypted Domain Name System (DNS) services.

An anonymous reader writes: Following in the footsteps of browsers like Mozilla Firefox and Microsoft Edge, Google Chrome is also in line to receive an HTTPS-Only Mode that will upgrade all unencrypted HTTP connections to encrypted HTTPS alternatives, where possible.

Currently, the new Chrome HTTPS-Only Mode is still under development in Chrome Canary distributions. Work is being done to add specific settings in the browser's interface, and no actual HTTP-to-HTTPS functionality is currently present. The feature is expected to be ready for Chrome 93, set to be released later this fall.

Sridhar Ramaswamy and Vivek Raghunathan helped turn Google into an ad giant. Now they're starting over with a service whose only customers are its users. From a report: A new search engine? One that people have to pay to use? At first blush, it may seem like a textbook example of a startup idea destined never to get anywhere. By definition, any new search engine competes with Google, whose 90 percent-plus market share leaves little oxygen for other players. And we've been accustomed to getting our search for free since well before there was a Google -- which might make paying for it sound like being expected to purchase a phone book. But Neeva is indeed a new search engine, officially launching today, that carries a subscription fee.

Though it's extremely similar to Google in many respects -- with a few twists of its own -- it dumps the web giant's venerable ad-based business model in the interest of avoiding distractions, privacy quandaries, and other compromises. It's free for three months -- long enough for users to grow accustomed to it without obligation -- and $4.95 a month thereafter. Apps for iPhones and iPads, and browser extensions for Chrome, Firefox, Safari, Edge, and Brave, are part of the deal. Neeva may have a certain whiff of improbability about it, but its cofounders, Sridhar Ramaswamy and Vivek Raghunathan, are the furthest thing from naifs. Two long-time Google executives with more than a quarter-century of experience at the web giant between them, they have an insider's understanding of how it operates. Moreover, about 30 percent of the roughly 60-person staff they've assembled at Neeva consists of ex-Googlers, including Hall-of-Famers such as Udi Manber (a former head of Google search) and Darin Fisher (one of the inventors of Chrome). They've also secured $77.5 million in funding, including investments from venture-capital titans Greylock and Sequoia.

Google is announcing today that it is delaying its plans to phase out third-party cookies in the Chrome browser until 2023, a year or so later than originally planned. From a report: Other browsers like Safari and Firefox have already implemented some blocking against third-party tracking cookies, but Chrome is the most-used desktop browser, and so its shift will be more consequential for the ad industry. That's why the term "cookiepocalypse" has taken hold. In the blog post announcing the delay, Google says that decision to phase out cookies over a "three month period" in mid-2023 is "subject to our engagement with the United Kingdom's Competition and Markets Authority (CMA)." In other words, it is pinning part of the delay on its need to work more closely with regulators to come up with new technologies to replace third-party cookies for use in advertising. Few will shed tears for Google, but it has found itself in a very difficult place as the sole company that dominates multiple industries: search, ads, and browsers.

Earlier this year a new support page appeared at support.Mozilla.org describing sponsored shortcuts (or sponsored tiles), "an experimental feature currently being tested by a small percentage of Firefox users in a limited number of markets." Mozilla works with advertising partners to place sponsored tiles on the Firefox default home page (or New Tab page) that would be useful to Firefox users. Mozilla is paid when users click on sponsored tiles.... [W]e only work with advertising partners that meet our privacy standards for Firefox.

When you click on a sponsored tile, Firefox sends anonymized technical data to our partner through a Mozilla-owned proxy service. The code for this proxy service is available on GitHub for interested technical audiences. This data does not include any personally identifying information and is only shared when you click on a Sponsored shortcut....

You can disable a specific Sponsored tile... You can also disable Sponsored shortcuts altogether.
Describing the as-yet-experimental feature, Engadget wrote a story headlined "Don't freak out: Firefox is testing advertisements in new tabs." These are just the tests, still mainly aimed at fresh installs of the Firefox web browser and always to beta users, before the rollout of sponsored tiles.

It does sound like adverts are in the pipe, but it depends on the reaction to Mozilla's initial tests. Mozilla's Jonathan Nightingale says that, last time around, the reaction wasn't as positive as his company hoped. "It didn't go over well," he states. Further, he insists that Firefox won't become "a mess of logos sold to the highest bidder; without user control, without user benefit."
Long-time Slashdot reader angryargus says they spotted the feature when they noticed an Ebay advertisement, but appreciated the ability to opt out, and suggested the feature is "an annoying tradeoff off using a browser that's not as directly funded by a search engine."