Language Selection

English French German Italian Portuguese Spanish

Mozilla: DoH, Triaging Firefox Bugs and Protections Against Fingerprinting/Cryptocurrency Mining Available in Firefox Nightly and Beta

Filed under
Moz/FF
  • Mozilla Security Blog: DNS-over-HTTPS Policy Requirements for Resolvers

    Over the past few months, we’ve been experimenting with DNS-over-HTTPS (DoH), a protocol which uses encryption to protect DNS requests and responses, with the goal of deploying DoH by default for our users. Our plan is to select a set of Trusted Recursive Resolvers (TRRs) that we will use for DoH resolution in Firefox. Those resolvers will be required to conform to a specific set of policies that put privacy first.

  • Hacks.Mozilla.Org: Teaching machines to triage Firefox bugs

    Mozilla receives hundreds of bug reports and feature requests from Firefox users every day. Getting bugs to the right eyes as soon as possible is essential in order to fix them quickly. This is where bug triage comes in: until a developer knows a bug exists, they won’t be able to fix it.

    Given the large number of bugs filed, it is unworkable to make each developer look at every bug (at the time of writing, we’d reached bug number 1536796!). This is why, on Bugzilla, we group bugs by product (e.g. Firefox, Firefox for Android, Thunderbird, etc.) and component (a subset of a product, e.g. Firefox::PDF Viewer).

    Historically, the product/component assignment has been mostly done manually by volunteers and some developers. Unfortunately, this process fails to scale, and it is effort that would be better spent elsewhere.

  • Mozilla Future Releases Blog: Protections Against Fingerprinting and Cryptocurrency Mining Available in Firefox Nightly and Beta

    At Mozilla, we have been working hard to protect you from threats and annoyances on the web, so you can live your online life with less to worry about. Last year, we told you about adapting our approach to anti-tracking given the added importance of keeping people’s information on the web private in today’s climate. We talked about blocking tracking while also offering a clear set of controls to give our users more choice over what information they share with sites. One of the three key initiatives we listed was mitigating harmful practices like fingerprinting and cryptomining. We have added a feature to block fingerprinting and cryptomining in Firefox Nightly as an option for users to turn on.

More on cryptocurrency etc.

  • Firefox will block sneaky cryptocurrency and tracking software

    Firefox is getting the ability to cut off two ugly parts of the web: software that uses your computer to mine cryptocurrency -- not for your benefit -- and that tracks you even when you don't agree to be tracked.

    Firefox Nightly and Beta -- two test versions of the open-source browser -- have an option to block the crypto mining and the tracking technology, called fingerprinting. They're switched off unless you change the setting in preferences for now, but Mozilla plans to turn it on by default, the nonprofit said.

    Mozilla, which is trying to reclaim influence lost to Google's dominant Chrome and rid the web of some of its bad habits, announced the changes in a blog post Tuesday.

  • Mozilla Preparing To Test WebRender With "Qualified" Linux Use
  • 10 unicorn themes for Firefox to make Unicorn Day extra magical.

    Unicorn Day is a new holiday created to “celebrate these majestic creatures and help adults remember how much more fun life can be when we let a little magic in.”

    This makes sense when you consider that unicorns have been loved for thousands of years. They’ve trotted into Ancient Greek and Mesopotamian mythology. They’ve pranced into fairy tales, movies and books.

    If you own a pair of unicorn slippers, you know a little ‘corn can add a lot of wonder. So, if you’re thinking that a Unicorn Day theme is in order, you’re in luck.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Today in Techrights

Security Leftovers

  • Chinese hackers backdoor chat app with new Linux, macOS malware [Ed: Nowadays the Microsofters in the media are calling "backdoors" things that are simply malware and one has to actually install; of course they like to blame "Linux" (because the user can add malware on top of it). Saying Linux isn't secure because it doesn't prevent you installing malware is like saying bridges are dangerous because you may commit suicide by jumping off them.]

    Versions of a cross-platform instant messenger application focused on the Chinese market known as 'MiMi' have been trojanized to deliver a new backdoor (dubbed rshell) that can be used to steal data from Linux and macOS systems.

  • Linux Threats: A Black Hat 2022 Hot Topic? (Video) [Ed: Aside from patent trolling, Blackberry reinvented itself as anti-Linux FUD source in recent years. They intentionally overlook back doors (e.g. Windows) and blame everything on "Linux".]

    There are usually a few cyberthreat trends that seem to emerge as important themes at each year’s Black Hat conference. And this year, the increase in Linux threats may be one of them.

  • #StopRansomware: Zeppelin Ransomware [Ed: Ransomware is predominantly a Microsoft Windows problem]

    CISA and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory (CSA), #StopRansomware: Zeppelin Ransomware, to provide information on Zeppelin Ransomware. Actors use Zeppelin Ransomware, a ransomware-as-a-service (RaaS), against a wide range of businesses and critical infrastructure organizations to encrypt victims’ files for financial gain.

  • CISA Adds Two Known Exploited Vulnerabilities to Catalog

    CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates. 

  • Cisco Releases Security Update for Multiple Products

    This vulnerability could allow a remote attacker to obtain sensitive information. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

today's leftovers

  • Portable Computer Pre-History: Portable Before Laptops

    Portability is relative. When former Texas Instruments employees Rod Canion, Jim Harris and Bill Murto created a portable version of the IBM PC in 1982, it was a hulking device that weight 28 pounds and was roughly the size of a sewing machine. If you sold a desktop computer that weighed 28 pounds in 2018, you’d be laughed off the block. But the device, called the Compaq Portable, was revolutionary for its time and thrust the company that made it into the mainstream. It wasn’t too long before then that a portable computer was so embarrassingly large that you would probably break your legs if you used it as a laptop. Tonight’s Tedium ponders a time when portable computing meant something just a little bit bigger.

  • Fedora Sway OSTree Spin name

    The Fedora Sway SIG is working to create an immutable version of the Sway Spin (also work in progress) using OSTree. Those immutable spins of Fedora are becoming more common following Silverblue and Kinoite’s success. As it often happens, one of the most challenging things to do in creating something is to come up with clever names. This task is made even more complex by the relatively small amount of people active in this conversation. For this reason, during the last SIG meeting, it was decided to socialize this decision so that more people could suggest their ideas.

  • Output requirements.txt packages pinned to latest version
  • How to install OpenSCAD on a Chromebook

    Today we are looking at how to install OpenSCAD on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

  • Stupid SMP Tricks: A Review of Locking Engineering Principles and Hierarchy: paulmck — LiveJournal

    Daniel Vetter put together a pair of intriguing blog posts entitled Locking Engineering Principles and Locking Engineering Hierarchy. These appear to be an attempt to establish a set of GPU-wide or perhaps even driver-tree-wide concurrency coding conventions. Which would normally be none of my business. After all, to establish such conventions, Daniel needs to negotiate with the driver subsystem's developers and maintainers, and I am neither. Except that he did call me out on Twitter on this topic. So here I am, as promised, offering color commentary and the occasional suggestion for improvement, both of Daniel's proposal and of the kernel itself. The following sections review his two posts, and then summarize and amplify suggestions for improvement.

  • Ubuntu Unity 22.04 Quick overview #linux #UbuntuUnity - Invidious
  • FOSS Force Open Source News Quiz (8/12/22) - FOSS Force

    How closely did you follow the news about Linux and free and open source software this week? You can get an idea about how well informed you are (and have some fun in the process) by taking our Open Source News Quiz. Once you’re done, scroll down to the comments section and let us know how you did!

elementary Blog: Updates for July, 2022

Firstly, thank you so much for your patience this month! I’ve been out sick with COVID for about 3 weeks, so I haven’t been able to contribute much or organize releases this month. I want to give a special thanks to our volunteer community who has continued to make improvements and move forward on projects in my absence. I’m excited to catch up and get back to work to make the most of the rest of this month. Having said that, this is going to be a very brief updates post. [...] A ton of energy in the community has gone into Gtk 4 porting for OS 7 and beyond. The team is making steady progress on porting System Settings and we landed the Gtk 4 port for Sideload. We’ve also uncovered some style issues and gaps in style constants, so if you’re working on porting your app to our Flatpak Platform 7, know that we’ll be releasing some fixes soon. I want to give some special acknowledgment to Owen Malicsi who has taken a lot of ownership over Gtk4 porting. Owen started contributing to elementary to improve his development skillset in preparation for college, and he’s done an amazing job both in successfully porting components to Gtk 4 as well as identifying blockers and creating discussions around refactoring for Gtk 4 paradigms. I’m super proud of his growth and contribution and we wish him well in his studies! Thanks Owen! Read on