These 6 browser extensions will protect your privacy online

The internet is not a private place. Ads try to learn as much about you to sell your information to the highest bidder. Emails know when you open them and which links you click. And some of the biggest internet snoops, like Facebook and Amazon, follow you from site to site as you browse the web.

But it doesn’t have to be like that. We’ve tried and tested six browser extensions that will immediately improve your privacy online by blocking most of the invisible ads and trackers.

These extensions won’t block every kind of snooping, but they will vastly reduce your exposure to most of the efforts to track your internet activity. You might not care that advertisers collect your data to learn your tastes and interests to serve you targeted ads. But you might care that these ad giants can see which medical conditions you’re looking up and what private purchases you’re making.

By blocking these hidden trackers from loading, websites can’t collect as much information about you. Plus by dropping the unnecessary bulk, some websites will load faster. The tradeoff is that some websites might not load properly or refuse to let you in if you don’t let them track you. You can toggle the extensions on and off as needed, or you could ask yourself if the website was that good to begin with and could you not just find what you were looking for somewhere else?

HTTPS Everywhere

We’re pretty much hardwired to look for that little green lock in our browser to tell us a website was loaded over an HTTPS-encrypted connection. That means the websites you open haven’t been hijacked or modified by an attacker before it loaded and that anything you submit to that website can’t be seen by anyone other than the website. HTTPS Everywhere is a browser extension made by the non-profit internet group the Electronic Frontier Foundation that automatically loads websites over HTTPS where it’s offered, and allows you to block the minority of websites that don’t support HTTPS. The extension is supported by most browsers, including Chrome, Firefox, Edge, and Opera.

Privacy Badger

Another extension developed by the EFF, Privacy Badger is one of the best all-in-one extensions for blocking invisible third-party trackers on websites. This extension looks at all the components of a web page and learns which ones track you from website to website, and then blocks them from loading in the browser. Privacy Badger also learns as you travel the web, so it gets better over time. And it requires no effort or configuration to work, just install it and leave it to it. The extension is available on most major browsers.

uBlock Origin

Ads are what keeps the internet free, but often at the expense of your personal information. Ads try to learn as much about you — usually by watching your browsing activity and following you across the web — so that they can target you with ads you’re more likely to click on. Ad blockers stop them in their tracks by blocking ads from loading, but also the tracking code that comes with it.

uBlock Origin is a lightweight, simple but effective, and widely trusted ad blocker used by millions of people, but it also has a ton of granularity and customizability for the more advanced user. (Be careful with impersonators: there are plenty of ad blockers that aren’t as trusted that use a similar name.) And if you feel bad about the sites that rely on ads for revenue (including us!), consider a subscription to the site instead. After all, a free web that relies on ad tracking to make money is what got us into this privacy nightmare to begin with.

uBlock Origin works in Chrome, Firefox, and Edge and the extension is open source so anyone can look at how it works.

PixelBlock & ClearURLs

If you thought hidden trackers in websites were bad, wait until you learn about what’s lurking in your emails. Most emails from brand names come with tiny, often invisible pixels that alerts the sender when you’ve opened them. PixelBlock is a simple extension for Chrome browsers that simply blocks these hidden email open trackers from loading and working. Every time it detects a tracker, it displays a small red eye in your inbox so you know.

Most of these same emails also come with tracking links that alerts the sender which links you click. ClearURLs, available for Chrome, Firefox and Edge, sits in your browser and silently removes the tracking junk from every link in your browser and your inbox. That means ClearURLs needs more access to your browser’s data than most of these extensions, but its makers explain why in the documentation.

Firefox Multi-Account Containers

And an honorary mention for Firefox users, who can take advantage of Multi-Account Containers, built by the browser maker itself to help you isolate your browsing activity. That means you can have one container full of your work tabs in your browser, and another container with all of your personal tabs, saving you from having to use multiple browsers. Containers also keep your private personal browsing separate from your work browsing activity. It also means you can put sites like Facebook or Google in a container, making it far more difficult for them to see which websites you visit and understand your tastes and interests. Containers are easy to use and customizable.

Mozilla shutters Firefox Send and Notes

Mozilla today announced that it will shutter two products: Firefox Send, the free file transfer service it already put on hiatus in July, and Firefox Notes, its note-taking extension and mobile app.

Firefox Send launched in March 2019. At the time, Mozilla described it as a file-sharing tool with a focus on privacy. That privacy is also what is now doing it in. When it paused the service earlier this year, the company said it was investigating reports of abuse, especially from malware groups. At the time, Mozilla said it was looking into how it could improve its abuse reporting capabilities and that it would add a requirement that users have a Firefox Account.

But instead of relaunching it, the organization decided to shutter the service instead.

“Firefox Send was a promising tool for encrypted file sharing,” the organization writes in today’s update. “Send garnered good reach, a loyal audience and real signs of value throughout its life. Unfortunately, some abusive users were beginning to use Send to distribute malware and as part of spear phishing attacks. This summer we took Firefox Send offline to address this challenge. In the intervening period, as we weighed the cost of our overall portfolio and strategic focus, we made the decision not to relaunch the service.”

Mozilla says that Firefox Notes was initially meant to be an experiment for testing new ways to sync encrypted data. “Having served that purpose, we kept the product as a little utility tool for Firefox and Android users,” Mozilla says, but it is now decommissioning it and shutting it down completely in early November.

It’s hard not to look at today’s announcement in the context of the overall challenges that Mozilla is going through. If the organization were in a better financial position — and hadn’t laid off around 25% of its staff this year —  it may have kept Notes alive and maybe tried to rework Send. Now, however, it has fewer options to experiment, especially with free services, as it tries to refocus on Firefox and a few other core projects.

Mozilla lays off 250

Mozilla today announced a major restructuring of its commercial arm, the Mozilla Corporation that will see about 250 employees lose their jobs and the shuttering of the organization’s operations in Taipei, Taiwan. This move comes after the organization already laid off about 70 employees earlier this year.  The most recent numbers from 2018 put Mozilla at about 1,000 employees worldwide.

Citing falling revenues because of the global pandemic, Mozilla’s executive chairwoman and CEO Mitchell Baker said in an internal message that the company’s pre-COVID plans were no longer feasible.

“Pre-COVID, our plan for 2020 was a year of change: building a better internet by accelerating product value in Firefox, increasing innovation, and adjusting our finances to ensure financial stability over the long term,” Baker writes. “We started with immediate cost-saving measures such as pausing our hiring, reducing our wellness stipend and cancelling our All-Hands. But COVID-19 has accelerated the need and magnified the depth for these changes. Our pre-COVID plan is no longer workable. We have talked about the need for change — including the likelihood of layoffs — since the spring. Today these changes become real.”

Layed off employees will receive severance that is at least equivalent to their full base pay through December 31 and will still receive their individual performance bonuses for the first half of the year, as well as part of their company bonus and the standard COBRA health insurance benefits.

Mozilla promises that its smaller organization will be able to act more “quickly and nimbly” and that it will work more closely with partners that share its goal of an open web ecosystem. At the same time, Baker wants Mozilla to remain a “technical powerhouse of the internet activist movement,” yet she also acknowledges that the organization as a whole must also focus on economics and work on creating sustainable business models that still stay true to its mission.

‘We are also restructuring to put a crisper focus on new product development and go to market activities,” writes Baker. “In the long run, I am confident that the new organizational structure will serve our product and market impact goals well, but we will talk in detail about this in a bit.”

On the product side, Mozilla will continue to focus on Firefox, as well as Pocket, its Hubs virtual reality project, its new VPN service, Web Assembly and other privacy and security products. But it is also launching a new Design and UX team, as well as a new applied machine learning team to help bring machine learning to its products.

Vivaldi browser gets built-in tracking blocker, goes GA on Android

Vivaldi, the browser launched by former Opera CEO Jon von Tetzchner, has long positioned itself as a highly customizable alternative to Chrome and Firefox for power users. Today, the team is launching version 3.0 of its desktop browser, with built-in tracker and ad blockers, and it’s bringing its Android browser out of beta.

I’ve long been a fan of Vivaldi, but the company was relatively late to the tracking protection game. Now, it’s doubling down on this, by integrating a blocklist powered by DuckDuckGo’s Tracker Radar.

Like competing browsers, Vivaldi offers three blocking levels that users can easily toggle on and off for individual websites. Those blocking levels are relatively blunt, though, with the options to either block trackers, block trackers and ads or disable blocking. Competitors like Edge offer slightly more nuanced options for blocking trackers, though I would expect Vivaldi to adopt a similar scheme over time.

For the most part, the Vivaldi team always said that it would delegate ad blocking to extensions, though it added the option to block highly intrusive ads in the middle of last year. And while the company still notes that blocking trackers provides enough privacy protection, with today’s update, it now also gives users the option to block virtually all ads without the need to download any extensions (as a Chromium-based browser, Vivaldi supports all Chrome extensions).

Also new in the desktop version is a clock. Yes. A clock. That may sound like a weird feature, given that your desktop of choice surely features a clock, but like all things Vivaldi, you can a) remove it and b) there is actually some usefulness here as you can, for example, set up timers if you’re into Pomodoro or similar productivity techniques. And because it is Vivaldi, you can set all kinds of custom alarms and countdown timers, too.

[gallery ids="1978141,1978140,1978119"]

As for the mobile version, which is now generally available for Android 5 and higher, the most important fact is probably that it exists, given how most users expect to be able to easily sync their bookmarks, passwords and browsing history between mobile and desktop. As with other browsers, you can choose what you want to sync.

Like the desktop version, Vivaldi for Android now also features a tracking and ad blocker. There’s also a built-in screenshot tool and support for Vivaldi notes, which also sync between devices.

The mobile browser isn’t quite as flexible as the desktop version, with its plethora of options, but that’s probably not what you’re looking for in a mobile browser anyway. But having a stable mobile browser that can accompany the desktop version is a big deal for Vivaldi and may give users who were on the sidelines a reason to take another look at it.

Out of the box, there’s no other browser that will give you the kind of flexibility Vivaldi does.

Mozilla names long-time chairwoman Mitchell Baker as CEO

Mozilla Corporation announced today that it has chosen long-time chairwoman Mitchell Baker to be CEO, replacing Chris Beard who announced he would be stepping down at the end of the year last August.

Baker represents a logical choice to lead the company. At a time of great turmoil in the world at large, she brings the stability of someone who has been with Mozilla Corporation since 2003. Writing in a company blog post, she certainly recognized the challenges ahead, navigating through the current economic uncertainty and the competitive challenges the company faces with its flagship Firefox browser..

“It’s a time of challenge on many levels, there’s no question about that. Mozilla’s flagship product remains excellent, but the competition is stiff. The increasing vertical integration of internet experience remains a deep challenge. It’s also a time of need, and of opportunity. Increasingly, numbers of people recognize that the internet needs attention,” Baker wrote.

Baker has been acting as interim CEO since December when Beard officially left the company. In a blog post from the board announcing Baker’s official new title, they certainly recognized that it would take someone with her unique combination of skills and experience to guide the company through this next phase.

“Mitchell’s deep understanding of Mozilla’s existing businesses gives her the ability to provide direction and support to drive this important work forward,” they wrote. Adding, “And her leadership style grounded in openness and honesty is helping the organization navigate through the uncertainty that COVID-19 has created for Mozillians at work and at home.”

Mozilla Corporation was founded in 1998 and is best known for its flagship, open source Firefox browser. The company faces stiff competition in the browser market from Google, Apple and Microsoft.

Daily Crunch: Amazon opens its first cashier-less grocery store

Amazon expands its Just Walk Out technology beyond convenience stores, Intuit acquires Credit Karma in its biggest acquisition ever and Grab raises hundreds of millions of dollars. Here’s your Daily Crunch for February 25, 2020.

1. Amazon opens its first cashierless grocery store

Amazon is opening its first grocery store to pilot the use of the retailer’s cashier-less “Just Walk Out” technology, which previously powered 25 Amazon Go convenience stores in a handful of major U.S. metros. The store is 10,400 square feet overall, making it the largest use of Amazon’s Just Walk Out technology to date.

Based in the company’s hometown of Seattle, the new Amazon Go Grocery store allows customers to shop for everyday grocery items like fresh produce, meat, seafood, bakery items, household essentials, dairy, easy-to-make dinner options, beer, wine and spirits and more.

2. Intuit confirms that it is buying Credit Karma for $7.1B in cash and stock

Intuit announced that it plans to acquire Credit Karma — the fintech startup with more than 100 million registered users, 37 million of them active monthly users, which lets people check their credit scores, shop for credit cards and loans, file taxes and more. The financial software giant says it will pay $7.1 billion for the acquisition, making this Intuit’s biggest-ever acquisition to date, and one of the biggest in the category of privately held fintech companies.

3. Grab raises up to $856M to boost payments business as rumors swirl of a merger with rival Gojek

Southeast Asian on-demand transport startup Gojek denies that it is involved in talks to merge with Grab, but today Grab announced a piece of news that could either divert attention from that story — or more likely stoke the fires of speculation that it is indeed gearing up for a deal.

4. New Netflix feature reveals the top 10 most popular programs on its service

The new top 10 list doesn’t offer any hard metrics, but it can at least help point to popular programming and highlight breakout successes Netflix might have in the future. The feature is rolling out now to users worldwide, so you may not see your list quite yet.

5. Instead of IPOs and acquisitions, exiting to community is one alternative

Greg Brodsky, who helps cooperative startups through the Start.coop accelerator, pointed to the “exit to community” idea as an option for startups looking to transition out of the more traditional Silicon Valley model. In this framework, some portion of the company is sold back to the workers or end users. (Extra Crunch membership required.)

6. Revolut raises $500M at a $5.5B valuation

Revolut is building a financial service to replace traditional bank accounts. You can open an account from an app in just a few minutes. You can then receive, send and spend money from the app or use a debit card.

7. Firefox to enable DNS-over-HTTPS by default to US users

Mozilla will bring its new DNS-over-HTTPS security feature to all Firefox users in the U.S. by default in the coming weeks, the browser maker has confirmed. It follows a year-long effort to test the new security feature, which is designed to make browsing the web more secure and private.

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here.

Mozilla says a new Firefox security bug is under active attack

Mozilla has warned Firefox users to update their browser to the latest version after security researchers found a vulnerability that hackers were actively exploiting in “targeted attacks” against users.

The vulnerability, found by Chinese security company Qihoo 360, was found in Firefox’s just-in-time compiler. The compiler is tasked with speeding up performance of JavaScript to make websites load faster. But researchers found that the bug could allow malicious JavaScript to run outside of the browser on the host computer.

In practical terms, that means an attacker can quietly break into a victim’s computer by tricking the victim into accessing a website running malicious JavaScript code.

But Qihoo did not say precisely how the bug was exploited, who the attackers were, or who was targeted.

Browser vulnerabilities are a hot commodity in security circles as they can be used to infect vulnerable computers — often silently and without the user noticing — and be used to deliver malware or ransomware. Browsers are also a target for nation states and governments and their use of surveillance tools, known as network investigative techniques — or NITs. These vulnerability-exploiting tools have been used by federal agents to spy on and catch criminals. But these tools have drawn ire from the security community because the feds’ failure to disclose the bugs to the software makers could result in bad actors exploiting the same vulnerabilities for malicious purposes.

Mozilla issued the security advisory for Firefox 72, which had only been out for two days before the vulnerability was found.

Homeland Security’s cyber advisory unit, the Cybersecurity and Infrastructure Security Agency, also issued a security warning, advising users to update to Firefox 72.0.1, which fixes the vulnerability. Little information was given about the bug, only that it could be used to “take control of an affected system.”

Firefox users can update their browser from the settings.

Browsers are interesting again

A few years ago, covering browsers got boring.

Chrome had clearly won the desktop, the great JavaScript speed wars were over and Mozilla seemed more interested in building a mobile operating system than its browser. Microsoft tried its best to rescue Internet Explorer/Edge from being the punchline of nerdy jokes, but its efforts essentially failed.

Meanwhile, Opera had shuttered the development of its own rendering engine and redesigned its browser with less functionality, alienating many of its biggest fans. On mobile, plenty of niche players tried to break the Chrome/Safari duopoly, but while they did have some innovative ideas, nothing ever stuck.

But over the course of the last year or so, things changed. The main catalyst for this, I would argue, is that the major browser vendors — and we can argue about Google’s role here — realized that their products were at the forefront of a new online privacy movement. It’s the browser, after all, that allows marketers to set cookies and fingerprint your machine to track you across the web.

Add to that Microsoft’s move to the Chromium engine, which is finally giving Microsoft a seat at the browser table again, plus the success of upstarts like Brave and Vivaldi, and you’ve got the right mix of competitive pressure and customer interest for innovation to come back into what was a stagnant field only a few years ago.

Let’s talk about privacy first. With browsers being the first line of defense, it’s maybe surprising that we didn’t see Mozilla and others push for more built-in tracking protections before.

In 2019, the Chrome team introduced handling cookies in the browser and a few months ago, it launched a broader initiative to completely rethink cookies and online privacy for its users — and by extension, Google’s advertising ecosystem. This move centers around differential privacy and a ‘privacy budget’ that would allow advertisers to get enough information about you to group you into a larger cohort without providing so much information that you would love your anonymity.

At the time, Google said this was a multi-year effort that was meant to help publishers retain their advertising revenue (vs their users completely blocking cookies).

Firefox gets personalized privacy reports

Mozilla today announced that its Enhanced Tracking Protection feature for Firefox, which launched in July (and became the default in September), has now blocked a total of over 450 billion third-party tracking requests from the thousands of companies that try to track you as you browse the web. That’s a big number, but with today’s launch of Firefox 70, Mozilla is also giving you a personalized dashboard that tells you how often Firefox blocked third-party cookies, social media trackers, fingerprinting tools and cryptominers.

Privacy protection is on by default, in the ‘standard’ setting, so you don’t have to do anything special to protect yourself. If you want to tinker with the settings, though, and don’t mind it if the occasional site breaks, you can also opt for a stricter default and custom settings.

protection report tp

The report isn’t exactly front and center in the user experience (though Mozilla tells me it points new users to it in its onboarding workflow). To find it, you have to click on the shield icon in the URL bar. That’s where you find all of the info about the current site you’re on, as well as a link to your privacy report.

The report itself is pretty basic and only covers a single week. The data doesn’t sync between machines and you can’t dig any deeper into which companies are trying to track you, for example. Still, it’s a nice reminder of how many companies are trying to track you.

image003 1

The report page also features links to Mozilla’s Firefox Monitor, which can alert you when one of your email accounts appears in a breach, and Lockwise, its password management and syncing service. With today’s update, Lockwise is also getting a password generator and an integration with Firefox Monitor.

Mozilla clearly knows that privacy, at least for the time being, is what differentiates its browser from the competition, especially Chrome. While Google’s Chrome team has to figure out ways to protect its users while working inside a company that makes most of its revenue from online advertising, Mozilla doesn’t need to worry about this at all. So while the Chrome team is trying to figure out how to make major changes to the underlying tracking infrastructure while preserving Google’s revenue stream, Firefox and its brethren can opt for pretty strict default settings. It still remains to be seen whether the majority of users actually cares about tracking, but for now, this gives Firefox a clear advantage in this area.

Mozilla flips the default switch on Firefox tracker cookie blocking

From today Firefox users who update to the latest version of the browser will find a pro-privacy setting flipped for them on desktop and Android smartphones, assuming they didn’t already have the anti-tracking cookie feature enabled.

Mozilla launched the Enhanced Tracking Protection (ETP) feature in June as a default setting for new users — but leaving existing Firefox users’ settings unchanged at that point.

It’s now finishing what it started by flipping the default switch across the board in v69.0 of the browser.

The feature takes clear aim at third party cookies that are used to track Internet users for creepy purposes such as ad profiling. (Firefox relies on the Disconnect list to identify creepy cookies to block.)

The anti-tracking feature also takes aim at cryptomining: A background practice which can drain CPU and battery power, negatively impacting the user experience. Again, Firefox will now block cryptomining by default, not only when user activated.

In a blog post about the latest release Mozilla says it represents a “milestone” that marks “a major step in our multi-year effort to bring stronger, usable privacy protections to everyone using Firefox”.

“Currently over 20% of Firefox users have Enhanced Tracking Protection on. With today’s release, we expect to provide protection for 100% of ours users by default,” it predicts, underlining the defining power of default settings.

Firefox users with ETP enabled will see a shield icon in the URL bar to denote the tracker blocking is working. Clicking on this icon takes users to a menu where they can view a list of all the tracking cookies that are being blocked. Users are also able to switch off tracking cookie blocking on a per site basis, via this Content Blocking menu.

While blocking tracking cookies reduces some tracking of internet users it does not offer complete protection for privacy. Mozilla notes that ETP does not yet block browser fingerprinting scripts from running by default, for example.

Browser fingerprinting is another prevalent privacy-hostile technique that’s used to track and profile web users without knowledge or consent by linking online activity to a computer’s configuration and thereby tying multiple browser sessions back to the same device-user.

It’s an especially pernicious technique because it can erode privacy across browser sessions and even different browsers — which an Internet user might be deliberately deploying to try to prevent profiling.

A ‘Strict Mode’ in the Firefox setting can be enabled by Firefox users in the latest release to block fingerprinting. But it’s not on by default.

Mozilla says a future release of the browser will flip fingerprinting blocking on by default too.

The latest changes in Firefox continue Mozilla’s strategy — announced a year ago — of pro-actively defending its browser users’ privacy by squeezing the operational range of tracking technologies.

In the absence of a robust regulatory framework to rein in the outgrowth of the adtech ‘industrial data complex’ that’s addicted to harvesting Internet users’ data for ad targeting, browser makers have found themselves at the coal face of the fight against privacy-hostile tracking technologies.

And some are now playing an increasingly central — even defining role — as they flip privacy and anti-tracking defaults.

Notably, earlier this month, the open source WebKit browser engine, which underpins Apple’s Safari browser, announced a new tracking prevention policy that puts privacy on the same footing as security, saying it would treat attempts to circumvent this as akin to hacking.

Even Google has responded to growing pressure around privacy — announcing changes to how its Chrome browser handles cookies this May. Though it’s not doing that by default yet.

It has also said it’s working on technology to reduce fingerprinting. And recently announced a long term proposal to involve its Chromium browser engine in developing a new open standard for privacy.

Though cynics might suggest the adtech giant is responding to competitive pressure on privacy by trying to frame and steer the debate in a way that elides its own role in data mining Internet users at scale for (huge) profit.

Thus its tardy privacy pronouncements and long term proposals look rather more like an attempt to kick the issue into the long grass and buy time for Chrome to keep being used to undermine web users’ privacy — instead of Google being forced to act now and close down privacy-hostile practices that benefit its business.