• Changes to SameSite Cookie Behavior – A Call to Action for Web Developers

  We are changing the default value of the SameSite attribute for cookies from None to Lax, per new IETF guidelines. This will greatly improve security for users. However, some web sites may depend (even unknowingly) on the old default, potentially resulting in breakage for those sites. At Mozilla, we are slowly introducing this change. And we are strongly encouraging all web developers to test their sites with the new default.

  [...]

  Testing in the Firefox Nightly and Beta channels has shown that website breakage does occur. While we have reached out to those sites we’ve encountered and encouraged them to set the SameSite attribute on their web properties, the web is clearly too big to do this on a case-by-case basis.

  It is important that all web developers test their sites against this new default. This will prepare you for when both Firefox and Chrome browsers make the switch in their respective release channels.

        

• New platform milestone completed: Python upgrade

  In 2020 a lot of the SUMO platform’s team work is focused on modernizing our support platform (Kitsune) and performing some foundational work that will allow us to grow and expand the platform. We have started this in H1 with the new Responsive and AAQ redesign. Last week we completed a new milestone: the Python/Django upgrade.

  Why was this necessary

  Support.mozilla.org was running on Python 2.7, meaning our core technology stack was running on a no longer supported version. We needed to upgrade to at least 3.7 and, at the same time, upgrade to the latest Django Long Term Support (LTS) version 2.2.

       

• Firefox 79 includes protections against redirect tracking

  A little over a year ago we enabled Enhanced Tracking Protection (ETP) by default in Firefox. We did so because we recognize that tracking poses a threat to society, user safety, and the autonomy of individuals and we’re committed to protecting users against these threats by default. ETP was our first step in fulfilling that commitment, but the web provides many covert avenues trackers can use to continue their data collection.

  Today’s Firefox release introduces the next step in providing a safer and more private experience for our users with Enhanced Tracking Protection 2.0, where we will block a new advanced tracking technique called redirect tracking, also known as bounce tracking. ETP 2.0 clears cookies and site data from tracking sites every 24 hours, except for those you regularly interact with. We’ll be rolling ETP 2.0 out to all Firefox users over the course of the next few weeks.

       

• Fast Company Recognizes Katharina Borchert as one of the Most Creative Business People

  We are proud to share that Katharina Borchert, Mozilla’s Chief Open Innovation Officer, has been named one of the  Most Creative People by Fast Company. The award recognizes her leadership on Common Voice and helping to diversify AI speech through machine learning. Katharina was recognized not just for a groundbreaking idea, but because her work is having a measurable impact in the world.

  [...]

  The full list also includes vintner, Krista Scruggs, dancer and choreographer Twyla Tharp, and Ryan Reynolds: “for delivering an honest message, even when it’s difficult”.

  “‘This is a real honor,” said Katharina, “which also reflects the contributions of an incredible alliance of people at Mozilla and beyond. We have a way to go before the full promise of Common Voice is realized. But I’m incredibly inspired by the different communities globally building it together with Mozilla, because language is so important for our identities and for keeping cultural diversity alive in the digital age. Extending the reach of voice recognition to more languages can only open the doors to more innovation and make tech more inclusive.”

       

• Latest Firefox rolls out Enhanced Tracking Protection 2.0; blocking redirect trackers by default

  Today, Firefox is introducing Enhanced Tracking Protection (ETP) 2.0, our next step in continuing to provide a safe and private experience for our users. ETP 2.0 protects you from an advanced tracking technique called redirect tracking, also known as bounce tracking. We will be rolling out ETP 2.0 over the next couple of weeks.

  Last year we enabled ETP by default in Firefox because we believe that understanding the complexities and sophistication of the ad tracking industry should not be required to be safe online. ETP 1.0 was our first major step in fulfilling that commitment to users. Since we enabled ETP by default, we’ve blocked 3.4 trillion tracking cookies. With ETP 2.0, Firefox brings an additional level of privacy protection to the browser.

  Since the introduction of ETP, ad industry technology has found other ways to track users: creating workarounds and new ways to collect your data in order to identify you as you browse the web. Redirect tracking goes around Firefox’s built-in third-party cookie-blocking policy by passing you through the tracker’s site before landing on your desired website. This enables them to see where you came from and where you are going.

       

• Moth wants you to design a Firefox Theme for San Francisco Shock

  This summer we partnered with Overwatch League’s San Francisco Shock to help the fans at home cheer on their 2019 Grand Finals Champions. This included Firefox Protection Plays and giving viewers a behind-the-scenes look at a day in the life of the SF Shock players.

  Before the summer season ends, we wanted to do one last thing for the SF Shock team and their fans. One of the players, Moth, shared that Firefox is the only browser he uses. He learned about Firefox while studying software engineering in college. Firefox and Mozilla’s mission along with the open source ethos is what keeps him a loyal user. To celebrate that, we’re inviting SF Shock fans — and anyone else who might be interested — to design an original Firefox theme.

Mozilla Thunderbird 78.1 is now rolling out today to all supported platforms as the first point release to the latest major Mozilla Thunderbird 78 release with a bunch of exciting new features.

As you know, Mozilla Thunderbird 78 arrived two weeks ago with many exciting changes, including OpenPGP support, new minimum runtime requirements for Linux systems, DM support for Matrix, a new, centralized Account Hub, Lightning integration, and support for the Red Hat Enterprise Linux 7 operating system series.

Probably the most exciting new feature in Mozilla Thunderbird 78 is support for the OpenPGP open standard of PGP encryption, which lets users send encrypted emails without relying on a third-party add-on. However, OpenPGP support wasn’t feature complete in the Thunderbird 78 release and it was disable by default.

With the Thunderbird 78.1 point release, Mozilla says that OpenPGP support is now feature complete, including the new Key Wizard, the ability to search online for OpenPGP keys, and many other goodies. But it’s still disable by default to allow more time for testing, so you need to enable it manually to take full advantage of the new Thunderbird release.

• Karl Dubost: Formatted console.log lines. Stacktraces export wish.

  When we select the console.log lines in Firefox devtools, and cut and paste in an editor, there are newline characters added to the output.

  [...]

  Silly idea of the day. This is not available right now in devtools, but I wish it was.

  Put two breakpoints in devtools.
  Run the code as record stacktrace in between these two targets
  export the stack trace as a json in a standard format in between these two breakpoints (do the same thing in another browser)
  Have a diff tool giving the possibility to explore the differences in between the two stack traces.

• Rust-Written Redox OS Now Supports GDB Debugging

  For helping to debug more issues within the Rust-written Redox operating system, the GNU Debugger (GDB) is beginning to work well on the platform.

  Thanks to work being achieved during the Redox Summer of Code, the GDB debugger is beginning to work well enough on the platform that bugs are being evaluated with the popular GNU Debugger. In recent weeks it's been serving well for debugging the operating system's dynamic linker and issues with shared libraries.

• This Week In Servo 134

  In the past week, we merged 69 PRs in the Servo organization’s repositories.

  The latest nightly builds for common platforms are available at download.servo.org.

  Servo has been successfully integrated into 3d Unity scenes as a 2d browser plugin.

• Australian watchdog recommends major changes to exceptional access law TOLA

  Australia’s Independent National Security Legislation Monitor (INSLM) earlier this month released a 316-page report calling for significant, and much needed, reforms to the nation’s 2018 Telecommunications and Other Legislation Amendment (TOLA) law. The Parliamentary Joint Committee on Intelligence and Security (PJCIS) will meet later this month to consider the INSLM’s recommendations. While we still believe this dangerous law should be repealed, if enacted, these recommendations would go a long way in reducing the risk of this flawed piece of legislation.

  This legislation – which Mozilla has continually opposed – allows Australian authorities to force nearly all actors in the digital ecosystem (Designated Communications Providers or DCPs) to do “acts or things” with an explicit goal of weakening security safeguards. For example, under this law, using a Technical Assistance Notice (TAN), Australian authorities could force a company to turn over sensitive security information, or using a Technical Capability Notice (TCN), they could force a company to redesign its software.

  [...]

  Mozilla has been involved throughout the legislative process and the development of the INSLM’s report. We filed comments to the PJCIS in late 2018 and early 2019 warning of TOLA’s dangerous effects. Martin Thomson, Mozilla Distinguished Engineer, testified at a hearing held by the INSLM – which ultimately proceeded to quote a portion of Martin’s testimony in his final report. Moreover, our team has provided comments to the Australian Ministry of Communications, Cyber Safety & the Arts relating specifically to the significant security risks posed by TCNs. Our December 2019 cover letter to the INSLM contributing input to his report can be found here. A detailed list of Mozilla’s recommendations alongside related INSLM recommendations can be found here.

  The PJCIS will hold a hearing later this month to discuss the recommendations and likely begin the process of discussing amendments to TOLA. This presents the PJCIS with a unique opportunity to demonstrate leadership in defending individuals’ online privacy and security while enabling effective access to justice. The implementation of TOLA continues to pose serious privacy, security, and due process issues for both users and developers, and Mozilla will continue to oppose this law. In the event that the bill is not repealed, we strongly urge the involved MPs and Senators to adopt the INSLM’s recommendations which may help soften the blow of some of the law’s most damaging provisions.

• The Open Technology Fund’s vital role for democracy worldwide should not be undermined

  The Open Technology Fund plays a vital role for democracy worldwide. That’s why Mozilla on Friday joined a friend of the court brief in support of the Open Technology Fund’s independence from government control as OTF’s case moves forward to the D.C. Circuit Court of Appeals.

  The Open Technology Fund is a U.S. government funded, independent nonprofit corporation with a mission to support development of open-source technologies that “increase free expression, circumvent censorship, and obstruct repressive surveillance as a way to promote human rights and open societies.” One such OTF-supported project is Tor Browser, which is built on the Firefox codebase and enables encrypted access to the web for anonymous browsing. Another is Let’s Encrypt, a free certificate authority enabling more secure web connections that began as a project of Mozilla, EFF, and the University of Michigan. These are invaluable tools not only to citizens of authoritarian regimes, but more broadly to internet users everywhere who rely on them to protect the privacy of their personal associations, communications, and interests.

• New alpha release: Tor 0.4.4.3-alpha

  There's a new alpha release available for download. If you build Tor from source, you can download the source code for 0.4.4.3-alpha from the download page on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release by mid-August.

  Remember, this is an alpha release: you should only run this if you'd like to find and report more bugs than usual.

• Firefox Beta via Flatpak

  What I've tried.

  Firefox beta as a snap. (Definitely easy to install. But not as quick and harder to use for managing files - makes it's own Downloads directory, etc)

  Firefox (stock) with custom AppArmor confinement. (Fun to do once, but the future is clearly using portals for file access, etc)

  Firefox beta as a Flatpak.

• Extensions in Firefox 79

  To optimize resource usage, render information on inactive tabs is discarded. When Firefox anticipates that a tab will be activated, the tab is “warmed up”. Switching to it then feels much more instantaneous. With the new tabs.warmup function, tab manager extensions will be able to benefit from the same perceived performance improvements. Note this API does not work on discarded tabs and does not need to be called immediately prior to switching tabs. It is merely a performance improvement when the tab switch can be anticipated, such as when hovering over a button that when clicked would switch to the tab.

• Mozilla VR Blog: A browser plugin for Unity

  Unity's development tools and engine are far and away the most common way to build applications for VR and AR today. Previously, we've made it possible to export web-based experiences from Unity. Today, we're excited to show some early work addressing the other way that Unity developers want to use the web: as a component in their Unity-based virtual environments.

  Building on our work porting a browser engine to many platforms and embedding scenarios, including as Firefox Reality AR for HoloLens 2, we have built a new Unity component based on Servo, a modern web engine written in the Rust language.

  The Unity engine has a very adaptable multi-platform plugin system with a healthy ecosystem of third-party plugins, both open-source and proprietary. The plugin system allows us to run OS-native modules and connect them directly to components executing in the Unity scripting environment.