Firefox is finally gaining proper AV1 support. Neowin reports: According to an update made to a post on Bugzilla, the Mozilla Foundation is finally ready to add hardware acceleration for the AV1 video format. Developers plan to implement improved AV1 support in the upcoming release of Firefox 100, scheduled to arrive on May 3, 2022. Hardware acceleration for AV1 video brings several noticeable benefits to customers. The standard developed by Alliance for Open Media and initially released in March 2018 offers better video compression than H.264 (about 50%) and VP9 (about 20%). Shifting AV1 video processing from software to hardware improves efficiency and reduces energy consumption, resulting in better battery life on tablets and laptops. Google and Microsoft announced hardware-accelerated AV1 video in Chrome and Edge in late 2020. Mozilla, on the other hand, did not rush to introduce improved AV1 support in Firefox. While it is easy to dunk on Firefox, there is a reason why developers took their time. Hardware-accelerated AV1 video is not something you can add to any computer with Windows 10, and it requires a PC with the most recent and powerful hardware.

Russia has created its own trusted TLS certificate authority (CA) to solve website access problems that have been piling up after sanctions prevent certificate renewals. From a report: The sanctions imposed by western companies and governments are preventing Russian sites from renewing existing TLS certificates, causing browsers to block access to sites with expired certificates. [...] The Russian state has envisioned a solution in a domestic certificate authority for the independent issuing and renewal of TLS certificates. "It will replace the foreign security certificate if it is revoked or expires. The Ministry of Digital Development will provide a free domestic analogue.

The service is provided to legal entities -- site owners upon request within 5 working days," explains the Russian public services portal, Gosuslugi (translated). However, for new Certificate Authorities (CA) to be trusted by web browsers, they first needed to be vetted by various companies, which can take a long time. Currently, the only web browsers that recognize Russia's new CA as trustworthy are the Russia-based Yandex browser and Atom products, so Russian users are told to use these instead of Chrome, Firefox, Edge, etc.

As Google announced today, version 99 of Chrome on macOS manages to score 300 points on the Speedometer benchmark, which was originally developed by Apple's WebKit team. This, Google points out, is the fastest performance of any browser yet. TechCrunch: Speedometer 2.0 tests for responsiveness, which makes it a good proxy for user experience. It's been a while since competition in the browser market focused on speed, especially now that most vendors bet on the same Chromium codebase to build their browsers (with the exception of Mozilla's Firefox and Apple's WebKit-based Safari). But that doesn't mean that the various development teams stopped thinking about how to speed up the user experience. As with a lot of mature technologies, we're just not seeing major breakthroughs these days. That doesn't mean the rivalry between the different vendors has stopped, even as they are now getting together as part of Interop 2022 to better align their browsers with web standards.

The Register reported this week on a group of software developers launching a group called Open Web Advocacy "to help online apps compete with native apps and to encourage or compel Apple to relax its iOS browser restrictions." The group (OWA), organized by UK-based developers Stuart Langridge, Bruce Lawson, and others, aims to promote a more open web by explaining subtle technical details to lawmakers and to help them understand anti-competitive aspects of web technology. Over the past few months, group members have been communicating with the UK Competitions and Markets Authority (CMA) to convince the agency that Apple's iOS browser policy harms competition.

In conjunction with the debut of the group's website, the OWA plans to release a technical paper titled "Bringing Competition to Walled Gardens," that summarizes the group's position and aims to help regulators in the UK and elsewhere understand the consequences of web technology restrictions.

The group is looking for like-minded developers to take up its cause.... The primary concern raised by Langridge and Lawson is that Apple's iOS App Store Guidelines require every browser running on iPhones and iPads to be based on WebKit, the open source project overseen by Apple that serves as the rendering engine for the company's Safari browser.
"The OWA is now urging Apple users to contact regulators and legislators in other jurisdictions to galvanize support and force Apple to end its restrictions around WebKit," reports MacRumors, "although such a move could make sideloading apps from the web a real possibility, and that is something Apple appears equally reluctant to allow.

Reuters reported today that Apple has now written to U.S. lawmakers "to dispute assertions that its concerns about the dangers of sideloading apps into phones were overblown...." Reuters points out that the U.S. Congress "is currently considering a bill aimed at reining in app stores run by Apple and Alphabet's Google, which would require companies to allow sideloading. Apple has argued that such a practice would be a security risk as it keeps tight control of the apps in the store in order to keep users safe."

But OWA organizer Bruce Lawson tells the Register that as things stand now, "at the moment, every browser on iOS, whether it be badged Chrome, Firefox or Edge is actually just a branded skin of Safari, which lags behind [other browsers] because it has no competition on iOS."

And something funny happened when the Register contacted Apple for a comment about why they're against App Store rule changes: To our astonishment, after having queries ignored for months, an Apple spokesperson responded, asking whether the company could correspond off-the-record. We replied that we would be happy to communicate off-the-record and then never heard back.

Or if we did, we couldn't say.

An anonymous reader quotes a report from Motherboard: As of this writing, the Ruble is worth about 0.012 U.S. dollars. The Robux, the money people use to buy things in Roblox, is worth about 0.0125. This means that the Robux has slightly more buying power than the Russian ruble. The Russian economy has been in decline for some time, but both the Ruble and its main stock index took a nose dive on Thursday after Russia invaded Ukraine. As trading began that day, the Ruble collapsed and the Russian equities index, the MOEX, fell 45 percent. Both are in flux and have recovered some of their losses, but the situation with the Ruble is so dire that the Russian central bank has decided to step in and prop it up.

Industry analysts and former Mozilla employees are concerned about Firefox's future, reports Ars Technica, warning that the ultimate fate of Firefox "has larger implications for the web as a whole." Since its release in 2008, [Google's] Chrome has become synonymous with the web: it's used by around 65 percent of everyone online and has a huge influence on how people experience the Internet. When Google launched its AMP publishing standard, websites jumped to implement it. Similar plans to replace third-party cookies in Chrome — a move that will impact millions of marketers and publishers — are shaped in Google's image.

"Chrome has won the desktop browser war," says one former Firefox staff member, who worked on browser development at Mozilla but does not want to be named, as they still work in the industry. Their hopes for a Firefox revival are not high. "It's not super reasonable for Firefox to expect to win back even any browser share at this point." Another former Mozilla employee, who also asked not to be named for fear of career repercussions, says: "They're just going to have to accept the reality that Firefox is not going to come back from the ashes...."

Mozilla's financial declarations from 2020 said that despite the layoffs it is in a healthy place, and it expects its financial results for 2021 to show revenue growth. However, Mozilla and Firefox acknowledge that for its long-term future it needs to diversify the ways it makes money. These efforts have ramped up since 2019. The company owns read-it-later service Pocket, which includes a paid premium subscription service. It has also launched two similar VPN-style products that people can subscribe to. And the company is pushing more into advertising as well, placing ads on new tabs that are opened in the Firefox browser.... Selena Deckelmann, senior vice president of Firefox, says Firefox is likely to continue looking for ways to keep personalizing people's online browsing. "I'm not sure that what's going to come out of that is going to be what people traditionally expect from a browser, but the intention will always be to put people first," she says. Just this week, Firefox announced a partnership with Disney — linked to a new Pixar film — that involves changing the color of the browser and ads to win subscriptions to Disney+. The deal speaks both to Firefox's personalization push and the strange roads its search for revenue streams can lead down.

Deckelmann adds that Firefox doesn't need to be as big as Chrome or Apple's Safari, the second largest browser, to succeed. "All we really want is to be a viable choice," Deckelmann says. "Because we think that this makes a better Internet for everybody to have these different options."
Interesting stats from the article:

• "Mozilla's own statistics show a drop of around 30 million monthly active users from the start of 2019 to the start of 2022."

• Mozilla's figures now also show around 215 million Firefox Desktop clients active in the past 28 days — a number which has stayed stable.

• Yet In 2008, a full 20% of the 1.5 billion people online were using Firefox to surf the web — including more than half the web surfers in Indonesia, Macedonia, and Slovenia.

• "Across all devices, the browser has slid to less than 4 percent of the market," writes Ars Technica. "On mobile it's a measly half a percent..."

• Next year, Firefox's "lucrative search deal with Google — responsible for the vast majority of its revenue" — is set to expire.

Linux programmers fixed bugs faster than anyone — in an average of just 25 days (improving from 32 days in 2019 to just 15 in 2021). That's the conclusion of Google's "Project Zero" security research team, which studied the speed of bug-fixing from January 2019 to December 2021.

ZDNet reports that Linux's competition "didn't do nearly as well." For instance, Apple, 69 days; Google, 44 days; and Mozilla, 46 days. Coming in at the bottom was Microsoft, 83 days, and Oracle, albeit with only a handful of security problems, with 109 days.

By Project Zero's count, others, which included primarily open-source organizations and companies such as Apache, Canonical, Github, and Kubernetes, came in with a respectable 44 days.

Generally, everyone's getting faster at fixing security bugs. In 2021, vendors took an average of 52 days to fix reported security vulnerabilities. Only three years ago the average was 80 days. In particular, the Project Zero crew noted that Microsoft, Apple, and Linux all significantly reduced their time to fix over the last two years.

As for mobile operating systems, Apple iOS with an average of 70 days is a nose better than Android with its 72 days. On the other hand, iOS had far more bugs, 72, than Android with its 10 problems.

Browsers problems are also being fixed at a faster pace. Chrome fixed its 40 problems with an average of just under 30 days. Mozilla Firefox, with a mere 8 security holes, patched them in an average of 37.8 days. Webkit, Apple's web browser engine, which is primarily used by Safari, has a much poorer track record. Webkit's programmers take an average of over 72 days to fix bugs.

The Washington Post reports: Google announced it will begin the process of getting rid of long-standing ad trackers on its Android operating system, upending how advertising and data-collection work on phones and tablets used by more than 2.5 billion people around the world.

Right now, Google assigns special IDs to each Android device, allowing advertisers to build profiles of what people do on their phones and serve them highly targeted ads. Google will begin testing alternatives to those IDs this year and eventually remove them completely, the company said in a Wednesday blog post. Google said the changes will improve privacy for Android users, limiting the massive amounts of data that app developers collect from people using the platform.

But the move also could give Google even more power over digital advertising, and is likely to deepen concerns regulators have already expressed about the company's competitive practices... It made $61 billion in advertising revenue in the fourth quarter of 2021 alone....

The announcement comes over a year after Apple began blocking trackers on its own operating system, which runs on its iPhones, giving customers more tools to limit the data they share with app developers.... Google contrasted its plan with Apple's, saying it would make the changes over the next two years, working closely with app developers and the advertising industry to craft new ways of targeting ads and measuring their effectiveness before making any drastic changes.

"We realize that other platforms have taken a different approach to ads privacy, bluntly restricting existing technologies used by developers and advertisers," said Anthony Chavez, vice president of product management for Android security and privacy, in the blog post. "We believe that without first providing a privacy-preserving alternative path such approaches can be ineffective and lead to worse outcomes for user privacy and developer businesses."
The Post also includes this quote from the chief security office of Mozilla (which began restricting ad tracking in Firefox several years ago). "Google's two year plan is too long. People deserve better privacy now."

As both the Chrome and Firefox browsers approach their 100th versions, what should be a reason for the developers to celebrate could turn into a bit of a mess. From a report: It turns out that much like the Y2K bug, the triple-digit release numbers coded in the browsers' User-Agents (UAs) could cause issues with a small number of sites, Bleeping Computer reported. Mozilla launched an experiment last year to see if version number 100 would affect sites, and it just released a blogpost with the results. It did affect a small number of sites (some very big ones, though) that couldn't parse a user-agent string containing a three-digit number. Notable ones still affected included HBO Go, Bethesda and Yahoo, according to a tracking site. The bugs include "browser not supported" messages, site rendering issues, parsing failures, 403 errors and so on.

"The OS/2 community is getting close to obtaining a modern browser on their platform," writes Slashdot reader martiniturbide. In an announcement article on Monday, president of the OS/2 Voice community, Roderick Klein, revealed that a public beta of the new Chromium-based Otter Browser will arrive "in the last week of February or the first week of March." XDA Developers reports: OS/2 was the operating system developed jointly by IBM and Microsoft in the late 1980s and early 1990s, with the intended goal of replacing all DOS and Windows-based systems. However, Microsoft decided to focus on Windows after the immense popularity of Windows 3.0 and 3.1, leaving IBM to continue development on its own. IBM eventually stopped working on OS/2 in 2001, but two other companies licensed the operating system to continue where IBM left off -- first eComStation, and more recently, ArcaOS.

BitWise Works GmbH and the Dutch OS/2 Voice foundation started work on Otter Browser in 2017, as it was becoming increasingly difficult to keep an updated version of Firefox available on OS/2 and ArcaOS. Firefox 49 ESR from 2016 is the latest version available, because that's around the time Mozilla started rewriting significant parts of Firefox with Rust code, and there's no Rust compiler for OS/2. Since then, the main focus has been porting Qt 5.0 to OS/2, which includes the QtWebEngine (based on Chromium). This effort also has the side effect of making more cross-platform ports possible in the future.

Slashdot reader sombragris writes: Slackware, the oldest actively maintained Linux distribution, released version 15.0 yesterday after a long release cycle that goes all the way back to 2016 where the last version (14.2) was released. According to the release notes, the whole spirit of this release is: "Keep it familiar, but make it modern."

Among the news, this release offers kernel 5.15.19, PAM, PipeWire and PulseAudio, Wayland and X11 graphical systems, and Rust and Python 3. As graphical environments, both Xfce 4.16 and the latest Plasma 5 (Plasma 5.23.5, Frameworks 5.90, KDE apps 21.12 running under Qt 5.15.3) are available, with Cinnamon and Mate also available from third parties. The main compilers are gcc-11.2 and llvm 13.0. The default browser is Firefox 91.5esr, with Chromium available as a third-party repository. And... no systemd at all.

Slackware can be downloaded from a variety of mirrors. BitTorrent downloads are going to be available too. I've used Slackware for 20 years and it's always impressed me with its stability and speed. I encourage everyone interested to try it. Slashdot readers arfonrg and saxa also shared the news.

A top VR web browser is closing down. Today, Mozilla announced it's shutting down its Firefox Reality browser -- the four-year-old browser built for use in virtual reality environments. The technology had allowed users to access the web from within their VR headset, doing things like visiting URLs, performing searches, and browsing both the 2D and 3D internet using your VR hand controllers, instead of a mouse. From a report: Firefox Reality first launched in fall 2018 and has been available on Viveport, Oculus, Pico, and Hololens platforms through their various app stores. While capable of surfing the 2D web, the expectation was that users would largely use the new technology to browse and interact with the web's 3D content, like 360-degree panoramic images and videos, 3D models, and WebVR games, for example. But in an announcement published today, Mozilla says the browser will be removed from the stores where it's been available for download in the "coming weeks." Mozilla is instead directing users who still want to utilize a web browser in VR to Igalia's upcoming open-source browser, Wolvic, which is based on Firefox Reality's source code. This browser will be available for download starting next week, so users won't have to go without -- they'll just have to make the switch.

Mozilla is rolling out new updates to its mobile and desktop VPN offerings, the company announced on Tuesday. From a report: With the launch of Mozilla VPN 2.7, the company is bringing one of Firefox's popular add-ons, Multi-Account Containers, to the desktop platform and also introducing a multi-hop feature to the Android and iOS version of the VPN service. Firefox's Multi-Account Containers allow users to separate different parts of their online activities, such as work, shopping and banking. Instead of having to open a new window or different browser to check your work email, you can isolate that activity in a container tab, which prevents other sites from tracking your activity across the web. The company says combining the add-on with Mozilla's VPN adds an extra layer of protection to users' compartmentalized browsing activity and also adds extra protection to their locational information.

An anonymous reader quotes a report from Gizmodo: Researchers at Mozilla announced this week the launch of its "Facebook Pixel Hunt" study, which seeks to track the company's immense web-wide tracking network and investigate the intel it's collecting on users. As the name suggests, this study is focused on a piece of tracking tech known as the "Facebook pixel." Chances are, you've visited a site that uses it; these tiny pieces of tech are buried in literally millions of sites across the web, from online stores to news outlets to... well, you name it. In exchange for onboarding a free pixel on their site, these sites can then track their own visitors and microtarget ads with the same sort of precision you'd expect from a data-hungry company like Facebook.

In exchange for giving these sites the power to track every pageview, purchase, search query, and much, much more, Facebook (naturally) requires that this data be shared with it, too. In cases where the website visitor has an account on some Facebook platform, this offsite data just gets glombed onto whatever Facebook already knows about that person. If they don't have a Facebook account, then the company collects that data anyway, and uses it to create a "shadow profile" of that particular person. These are the sorts of shadowy practices that Mozilla's team wants to research with this study -- and you can help them do it if you're a Firefox user. Mozilla teamed up with reporters from the Markup to gather details about Facebook tracking using a free-to-download browser extension, Mozilla Rally, that will hoover up data sent out by Facebook's pixels as you browse across the web. Aside from that data, the extension also keeps track of the time spent on different web pages, the URLs that the browser visits, and more. Mozilla was quick to note in its announcement that the only data being exported from the extension will be de-identified, and not shared with any third parties besides the Markup's reporters.

Firefox 96.0 is officially shipping today as the first update of 2022 for this open-source web browser. From a report: Firefox 96.0 has "significantly" reduced the amount of load placed on the browser's main thread and there is also "significant" improvements in noise suppression and auto-gain-control and improvements in echo cancellation. In addition to that performance work, there are also WebRTC improvements, an improved cookie policy to reduce the likelihood of Cross-Site Request Forgery (CSRF) attacks, video quality degradation fixes, and other fixes. Over on developer.mozilla.org are some of the web developer changes with Firefox 96 including CSS color value function hwb() support for specifying the hue/whiteness/blackness, support for the CSS color-scheme property, the Web Locks API is enabled by default, image encoder support for WebP for exporting HTML5 canvas elements, and other additions.

Brian Fagioli, reporting for BetaNews: The developers of the Ubuntu-based operating system have agreed to accept an undisclosed amount of money from Mozilla in exchange for making significant changes to Linux Mint. This includes removal of modifications to Firefox and a big change for search. The devs share the upcoming changes to Firefox in Linux Mint 19 and higher.
The default start page no longer points to https://www.linuxmint.com/start/
The default search engines no longer include Linux Mint search partners (Yahoo, DuckDuckGo...) but Mozilla search partners (Google, Amazon, Bing, DuckDuckGo, Ebay...)
The default configuration switches from Mint defaults to Mozilla defaults.
Firefox no longer includes code changes or patches from Linux Mint, Debian or Ubuntu.

Mike Melanson's "This Week in Programming" column looks at what happened after Mozilla founder Jamie "jwz" Zawinski slammed the group for accepting donations in cryptocurrency (which Zawinski called partnering "with planet-incinerating Ponzi grifters.") Peter Linss, one of the creators of the Gecko browser engine on which Mozilla Firefox is based, also stepped in to back up Zawinski, saying that he was 100% with him and that Mozilla was "meant to be better than this."

When Mozilla first announced it would accept Bitcoin donations in 2014, it cited Khan Academy, Electronic Frontier Foundation, United Way, Greenpeace, and Wikimedia Foundation among its moral and upstanding cryptocurrency-accepting compatriots. Of that list, just Greenpeace has since stopped accepting cryptocurrency donations, telling the Financial Times earlier this year that "as the amount of energy needed to run bitcoin became clearer, this policy [of accepting cryptocurrency donations] became no longer tenable."
Thursday the Mozilla Foundation announced it was pausing cryptocurrency donations to review whether the idea "fits with our climate goals" — a fact the column also addresses: Mike Shaver, another Mozilla project founder, also tweeted his support, writing that he was "glad to see this reflection happening."

In a follow-up blog post to the ordeal, Zawinski doubled down on his condemnation of Mozilla's cryptocurrency acceptance, writing that "cryptocurrencies are not only an apocalyptic ecological disaster, and a greater-fool pyramid scheme, but are also incredibly toxic to the open web, another ideal that Mozilla used to support" — an idea also espoused in many of the comments on the initial Twitter thread.

Meanwhile, although Mozilla says that it is pausing the ability to donate cryptocurrencies during its review, the donations page still lists BitPay among its payment methods.

The Mozilla Foundation is pausing accepting donations in cryptocurrency following a backlash from scores of people including a founder of the Mozilla Project. From a report: The foundation, which oversees the development of Firefox browser, on Thursday acknowledged conversations around the environment impact that cryptocurrency potentially pose and said it is reviewing whether its current policy on crypto donations "fits with our climate goals."

The foundation started to face backlash following a tweet late last year that invited people to donate via using a variety of crypto tokens including Bitcoin. In response to it, Jamie Zawinski expressed dismay at the foundation's move. "Everyone involved in the project should be witheringly ashamed of this decision to partner with planet-incinerating Ponzi grifters," he said, adding an expletive.

A user writes: Jamie "jwz" Zawinski, famous for being one of the original Netscape developers, being a founder of the Mozilla project, and for this axiom, has laid into Mozilla after the Firefox developers announced they was accepting Dogecoin, Bitcoin, and Ethereum cryptocurrency payments, via Bitpay, for Mozilla's services and donations. Quote jwz: "I'm here to say fuck you and fuck this. Everyone involved in the project should be witheringly ashamed of this decision to partner with planet-incinerating Ponzi grifters."
UPDATE (1/6/2021): Days later the Mozilla Foundation announced they were instead pausing cryptocurrency donations to review whether the idea "fits with our climate goals."

NBC News writes: VPNs, or virtual private networks, continue to be used by millions of people as a way of masking their internet activity by encrypting their location and web traffic. But on the modern internet, most people can safely ditch them, thanks to the widespread use of encryption that has made public internet connections far less of a security threat, cybersecurity experts say. "Most commercial VPNs are snake oil from a security standpoint," said Nicholas Weaver, a cybersecurity lecturer at the University of California, Berkeley. "They don't improve your security at all...."

Most browsers have quietly implemented an added layer of security in recent years that automatically encrypts internet traffic at most sites with a technology called HTTPS. Indicated by a tiny padlock by the URL, the presence of HTTPS means that worrisome scenario, in which a scammer or a hacker squats on a public Wi-Fi connection in order to watch people's internet habits, isn't feasible. It's not clear that the threat of a hacker at your coffee shop was ever that real to begin with, but it is certainly not a major danger now, Weaver said. "Remember, someone attacking you at the coffee shop needs to be basically at the coffee shop," he said. "I don't know of them ever being used outside of pranks. And those are all irrelevant now with most sites using HTTPS," he said in a text message.

There are still valid uses for VPNs. They're an invaluable tool for getting around certain types of censorship, though other options also exist, such as the Tor Browser, a free web browser that automatically reroutes users' traffic and is widely praised by cybersecurity experts. VPNs are also vital for businesses that need their employees to log in remotely to their internal network. And they're a popular and effective way to watch television shows and movies that are restricted to particular countries on streaming services. But like with antivirus software, the paid VPN industry is a booming global market despite its core mission no longer being necessary for many people.

Most VPNs market their products as a security tool. A Consumer Reports investigation published earlier this month found that 12 of the 16 biggest VPNs make hyperbolic claims or mislead customers about their security benefits. And many can make things worse, either by selling customers' browsing history to data brokers, or by having poor cybersecurity.
The article credits the Electronic Frontier Foundation for popularizing encryption through browser extensions and web site certificates starting in 2010. "In 2015, Google started prioritizing websites that enabled HTTPS in its search results. More and more websites started offering HTTPS connections, and now practically all sites that Google links to do so.

"Since late 2020, major browsers such as Brave, Chrome, Firefox, Safari and Edge all built HTTPS into their programs, making Electronic Frontier Foundation's browser extension no longer necessary for most people."