Mozilla retires Firefox’s sponsored tiles, hunts for new revenue streams

By | Ars Technica

Way back in 2014, Firefox rolled out an unpopular feature to its nightly builds: sponsored tiles on its “new tab” page. The feature, which was opt-in by default, showed ads that were based on your browsing history. Eventually, after a very long beta testing period, the sponsored tiles were loosed upon all 500 million-or-so Firefox users in May this year.

Now, just a few months later, the feature is being retired. Sponsored tiles will continue to appear for the next few months while Mozilla “fulfils its commitments” (i.e. clears out ad inventory), but then they’ll be gone entirely. Writing on the official Mozilla blog, vice president Darren Herman explains that, “advertising in Firefox could be a great business, but it isn’t the right business for us at this time because we want to focus on core experiences for our users.”

Later in the blog post, which was probably published on Friday afternoon in an attempt to dodge the news cycle, Herman repeats the refrain that we’ve heard many times over the last few years: “We believe that the advertising ecosystem needs to do better … Mozilla will continue to explore ways to bring a better balance to the advertising ecosystem for everyone’s benefit, and to build successful products that respect user privacy and deliver experiences based upon transparency, choice and control.”

In the meantime, Herman says that Mozilla wants to “reimagine content experiences and content discovery in our products.” As for what these reimaginations might look like though, we have no idea. Firefox did recently launch on iOS, however, so that’s something. Instead of sponsored tiles, maybe the new tab page will somehow suggest new sites for you to visit, based on your browsing history and category selections? Kind of like a mini in-browser Reddit?.

Firefox’s targeted sponsored tiles always seemed a little out of place for a browser that is essentially predicated on free, libertarian ideals. You can’t exactly blame Mozilla for trying, though. Since its inception, Mozilla has been entirely reliant on revenues from search engines. For years, Google paid Mozilla hundreds of millions of dollars to be Firefox’s default search engine. In recent years, Mozilla has diversified its search engine defaults—Yahoo is now the default in the US, Yandex in Russia, and Baidu in China—but according to its 2014 financial report, 98 percent of its revenue still came from these search engine deals. If something dramatic causes those deals to fall through, Mozilla does ideally need another way of making money.

Speaking of which, just like Wikipedia, Mozilla’s annual donation drive is currently live: when you open up Firefox, you’ll be greeted with a screen that asks you for a donation. If you want to donate money, but the plea doesn’t appear in your browser, you can donate directly on the Mozilla website.

New Firefox features will eventually be limited to secure websites only

Mozilla is planning to gradually favor HTTPS (HTTP Secure) connections over non-secure HTTP connections by making some new features on its Firefox browser available only to secured sites.

The browser developer decided after a discussion on its community mailing list that it will set a date after which all new features will be available only to secure websites, wrote Firefox security lead Richard Barnes in a blog post. Mozilla also plans to gradually phase out access to browser features for non-secure websites, particularly features that could present risks to users’ security and privacy, he added.

The community has to still agree on what new features will be blocked for non-secure sites. Firefox users could, for instance, still be able to view non-secure websites. But those websites would not get access to new features such as access to new hardware capabilities, Barnes said.

“Removing features from the non-secure web will likely cause some sites to break. So we will have to monitor the degree of breakage and balance it with the security benefit,” he said, adding that Mozilla is already considering less severe restrictions for non-secure websites to find the right balance. At the moment, Firefox already blocks, for example, persistent permissions from non-secure sites for access to cameras and phone.

Mozilla’s move follows the introduction of “opportunistic encryption” to Firefox last month, which provides encryption for legacy content that would otherwise have been unencrypted. While that does not protect from man-in-the-middle attacks like HTTPS does, it helps against passive eavesdropping and was welcomed by security experts.


via New Firefox features will eventually be limited to secure websites only | PCWorld.

Firefox 37 supports easier encryption option than HTTPS

The latest version of Firefox has a new security feature that aims to put a band-aid over unencrypted website connections. Firefox 37 rolled out earlier this week with support for opportunistic encryption, or OE. You can consider OE sort of halfway point between no encryption (known as clear text) and full HTTPS encryption that’s simpler to implement.

For users, this means you get at least a modicum of protection from passive surveillance (such as NSA-style data slurping) when sites support OE. It will not, however, protect you against an active man-in-the-middle attack as HTTPS does, according to Mozilla developer Patrick McManus, who explained Firefox’s OE rollout on his personal blog.

Unlike HTTPS, OE uses an unauthenticated encrypted connection. In other words, the site doesn’t need a signed security certificate from a trusted issuer as you do with HTTPS. Signed security certificates are a key component of the security scheme with HTTPS and are what browsers use to trust that they are connecting to the right website.

The impact on you: Firefox support is only half of the equation for opportunistic encryption. Websites will still have to enable support on their end for the feature to work. Site owners can get up and running with OE in just two steps, according to McManus. But that will still require enabling an HTTP/2 or SPDY server, which, as Ars Technica points out, may not be so simple. So while OE support in Firefox is a good step for users it will only start to matter when site owners begin to support it.

More than OE

Beyond support for OE, the latest build of Firefox also adds an improved way to protect against bad security certificates. The new feature called OneCRL lets Mozilla push lists of revoked certificates to the browser instead of depending on an online database.

The new Firefox also adds HTTPS to Bing when you use Microsoft’s search engine from the browser’s built-in search window.


via Firefox 37 supports easier encryption option than HTTPS | PCWorld.

Firefox is headed to iOS, browser restrictions be damned

After years of vowing not to bring Firefox to the iPhone and iPad, Mozilla is changing its tune—and is presumably willing to work with Apple’s rules.

“We need to be where our users are so we’re going to get Firefox on iOS,” Mozilla Release Manager Lukas Blakk wrote on Twitter. TechCrunch believes he was paraphrasing Jonathan Nightingale, Mozilla’s Vice President for Firefox, who revealed the plans during an internal company event.

Mozilla isn’t a complete stranger to iOS. Four years ago, the organization released Firefox Home, which synced bookmarks and tabs from other devices but was not a full-fledged browser. Mozilla shut down the app in 2012. While Mozilla now lets users sync their tabs and bookmarks with an online login, iOS users have been left out, potentially making Mozilla less attractive as a whole.

In the past, Mozilla has said that it wouldn’t offer Firefox on iOS because Apple doesn’t allow third-parties to use their own browsing engines. Chrome, for instance, is based off the same WebKit rendering engine as Safari, despite having its own engine called Blink for other platforms. Mozilla has bemoaned this dominance of WebKit as promoting a “monoculture,” in which mobile webmasters only target WebKit to the exclusion of other browsers and open standards.

Unless Mozilla has a trick up its sleeve, it seems the organization will freeze its anti-Webkit crusade as it tries to win back lost users.

The story behind the story: While celebrating Firefox’s 10-year anniversary last month, Mozilla stressed its newfound emphasis on privacy, with new features like a “Forget” button and support for the DuckDuckGo search engine, which doesn’t track users. For Mozilla, bringing similar features to iPhone and iPad users may be worth adopting Webkit, even if it is a loveless embrace.

via Firefox is headed to iOS, browser restrictions be damned | PCWorld.

Mozilla blasts at Android and iOS for lack of openness

Mozilla has accused Google and Apple of not being transparent with their mobile technologies and misusing their dominant positions.

Google’s Android and Apple’s iOS make up for the majority marketshare in smartphone OSes globally and Mozilla has shown concern over the irresponsible behavior of the companies by not being transparent about the utilization of user data.

In a report from the Guardian, Mozilla’s chief technology officer, Andreas Gal, has revealed that the current mobile situation is not favorable for users’ privacy and believes Firefox OS can change the scenario.

According to Gal, neither Android nor iOS is transparent and users are kept in the dark about what happens with their data. Although, Android is based on open source software, Google has kept large portions of its integrated services proprietary and iOS has been closed since the very beginning. Gal feels that, “right now the user has a choice between one phone where you can’t tell what goes on inside it and another phone where you can’t tell what goes on inside it.”

Both Apple and Google have in the past banned or removed privacy-centric applications from their respective app stores, which can be termed as misuse of their dominant positions and Mozilla hopes that people realize this and choose open platforms in the future.

via Mozilla blasts at Android and iOS for lack of openness – Neowin.

Mozilla Foundation celebrates a decade of Firefox with new release

Mozilla’s Firefox web browser turned 10 years old on November 9 and to celebrate the occasion, the foundation is rolling out a handful of new products and programs.

Mozilla has released a new version of Firefox that’s said to be faster than ever. It includes the option to use DuckDuckGo as your search engine on desktop and mobile and a new Forget feature that gives you an easy way to clear out some of your recent activity.

The foundation has also launched a privacy initiative called Polaris in partnership with the Center for Democracy and Technology (CDT) and the Tor Project. The idea here is to bring people together to explore new approaches to enhance privacy controls online.

Last but not least, Mozilla has also published a developer edition of Firefox.

A decade is an absolute eternity in the fast-paced world of technology but Mozilla’s accomplishment is even more impressive when you consider what was going on back in 2004.

When Firefox first hit the scene, Microsoft enjoyed an overwhelming 90 percent plus market share. While Microsoft still has a majority share of the browser market at a little over 56 percent, Internet Explorer has ceded more than seven percent of the market to Firefox and 13.05 percent to Google’s Chrome according to data from NetMarketShare.

Firefox is now available in more than 90 languages and while it may not be loved by all, it is the only major browser developed to serve its users instead of giant corporations like Apple, Google and Microsoft and is also truly open source.

via Mozilla Foundation celebrates a decade of Firefox with new release – TechSpot.

Mozilla warns of leaky developer network database

Mozilla’s website for developers leaked email addresses and encrypted passwords of registered users for about a month due to a database error, the organization said Friday.

Email addresses for 76,000 Mozilla Development Network (MDN) users were exposed, along with around 4,000 encrypted passwords, wrote Stormy Peters, director of development relations, and Joe Stevensen, operations security manager in a blog post. Mozilla is notifying those affected.

No malicious activity on the affected server was detected, but that does not mean the data wasn’t accessed, they wrote.

A Web developer discovered around 10 days ago that a data sanitization process on the database running the MDN wasn’t working. The leak started around June 23 and continued for a month.

“As soon as we learned of it, the database dump file was removed from the server immediately, and the process that generates the dump was disabled to prevent further disclosure,” they wrote.

The exposed passwords were encrypted and “salted,” a security measure that makes it difficult to revert them to their original form. Even if the passwords were decrypted, “they by themselves cannot be used to authenticate with the MDN website today,” according to the post.

Since some people may used the same MDN password on other websites, it’s recommended the password be changed.

Mozilla said it was “deeply sorry” for the error.

“In addition to notifying users and recommending short term fixes, we’re also taking a look at the processes and principles that are in place that may be made better to reduce the likelihood of something like this happening again,” according to the post.

via Mozilla warns of leaky developer network database | PCWorld.

Firefox 29 gives Mozilla’s browser a major makeover

Mozilla has unveiled the latest version of its Firefox internet browser, with an emphasis on customisation and cross-device syncing.

Jonathan Nightingale, VP of Firefox at Mozilla, said Firefox 29 – which is available to download now – is the “biggest update in a while” for the nearly decade old browser, featuring its new Australis user interface.

The design is closer to Chrome than previously; redesign of the browser tabs makes means that tabs not in use fade into the background so they are less of a distraction (the downside is it also makes them harder to see). And a new Firefox menu in the right-hand corner puts all the most used functionality – such as new window, print, history and find, all in one place. The menu includes a “customise” tool that allows users to add or move any feature or browser add-on, while bookmarks can be created with a single click. Firefox retains its seperate search box however.

The Firefox Sync service, which is powered by Firefox accounts, allows user to keep the same browser set up on different devices, sharing browsing history, saved passwords, bookmarks, open tabs and form data across PCs and mobile Android devices.

via Firefox 29 gives Mozilla’s browser a major makeover | ZDNet.

Mozilla kills Firefox browser for Windows 8 Metro

Shipping a final version of the Mozilla Firefox browser for the Windows 8 “Metro” environment “would be a mistake,” according to a Mozilla vice president, because of the relatively minuscule number of users on the platform.

In fact, Mozilla has never seen more than 1,000 users pre-testing the beta version of Mozilla, said Johnathan Nightingale, the vice president of Firefox, in a blog post on Friday. But on any given day, millions of of people test pre-release versions of Firefox on other platforms, he added.

“Mozilla builds software to make the world better, but we have to pick our battles,” Nightingale wrote. “We’re not as tiny as we were when we shipped Firefox 1.0, but we still need to focus on the projects with the most impact for our mission; the massive scale of our competitors and of the work to be done requires us to marshal our forces appropriately.”

Mozilla launched its Metro effort in 2012, Nightingale said, and the team “broke through” Microsoft’s controls and began developing Firefox for x86-based versions of the platform. Mozilla never developed a version of Firefox for Windows RT using ARM chips, after the company complained in 2012 that Microsoft was locking Windows users to its own browser.

It’s unclear how many users opt for the Metro version of Microsoft’s own Internet Explorer versus the version designed for its desktop mode; Microsoft has never broken the two numbers out. When Net Applications said Internet Explorer commanded 48.37 percent of the desktop browser market for February, for example, the company did not differentiate between the two versions. But, combined, Windows 8 and Windows 8.1 commanded just 10.68 percent or so of the entire PC market.

A Microsoft representative was not immediately available for comment.

If Mozilla did ship a Metro version of Firefox, it would be without the requisite amount of bug testing and subsequent fixes, leaving users to find and report bugs on a “finished” product. “To ship it without doing that follow up work is not an option,” Nightingale wrote.

“This opens up the risk that Metro might take off tomorrow and we’d have to scramble to catch back up, but that’s a better risk for us to take than the real costs of investment in a platform our users have shown little sign of adopting,” Nightingale concluded.

via Mozilla kills Firefox browser for Windows 8 Metro | PCWorld.

Firefox for Desktop/Modern UI to share a single profile

As development of Mozilla’s Windows 8.1 Modern/Metro UI version of Firefox continues in its beta stage, one of the programmers on the project has revealed an interesting new feature that should please heavy users of both the Modern UI and desktop versions of the web browser.

In a post on his personal blog, Mozilla’s Brian Bondy revealed today that until recently, the plan was to offer separate profiles for the desktop and Modern ports of Firefox, and use a sync method to bring data from those two profiles together. Now he states, “We’ve had feedback around this, and we’ve found that a better experience would be obtained by sharing a single profile.”

Having the same profile for both Firefox versions means that users can keep their bookmarks, logins, cookies, and other browser data without having to deal with syncing issues. There will be two exceptions. One is that any plug-ins for the desktop Firefox browser won’t work in the Modern version since that port doesn’t support those kinds of programs. Bondy adds, “To avoid unexpected problems with changed preferences exposed in one environment but not in the other, we’re planning to keep most preferences separate.”

Another minor downside because of this change is that users won’t be able to run the Modern and desktop versions at the same time. Bondy says, “For users who really want to run both at the same time, they can force the use of a different profile using the -ProfileManager command line argument from Desktop Firefox.”

Bondy says this change in the Firefox Modern version won’t affect its final non-beta release date, which is currently scheduled for late January 2014.

via Firefox for Desktop/Modern UI to share a single profile – Neowin.