Mozilla shutters Firefox Send and Notes

Mozilla today announced that it will shutter two products: Firefox Send, the free file transfer service it already put on hiatus in July, and Firefox Notes, its note-taking extension and mobile app.

Firefox Send launched in March 2019. At the time, Mozilla described it as a file-sharing tool with a focus on privacy. That privacy is also what is now doing it in. When it paused the service earlier this year, the company said it was investigating reports of abuse, especially from malware groups. At the time, Mozilla said it was looking into how it could improve its abuse reporting capabilities and that it would add a requirement that users have a Firefox Account.

But instead of relaunching it, the organization decided to shutter the service instead.

“Firefox Send was a promising tool for encrypted file sharing,” the organization writes in today’s update. “Send garnered good reach, a loyal audience and real signs of value throughout its life. Unfortunately, some abusive users were beginning to use Send to distribute malware and as part of spear phishing attacks. This summer we took Firefox Send offline to address this challenge. In the intervening period, as we weighed the cost of our overall portfolio and strategic focus, we made the decision not to relaunch the service.”

Mozilla says that Firefox Notes was initially meant to be an experiment for testing new ways to sync encrypted data. “Having served that purpose, we kept the product as a little utility tool for Firefox and Android users,” Mozilla says, but it is now decommissioning it and shutting it down completely in early November.

It’s hard not to look at today’s announcement in the context of the overall challenges that Mozilla is going through. If the organization were in a better financial position — and hadn’t laid off around 25% of its staff this year —  it may have kept Notes alive and maybe tried to rework Send. Now, however, it has fewer options to experiment, especially with free services, as it tries to refocus on Firefox and a few other core projects.

Mozilla lays off 250

Mozilla today announced a major restructuring of its commercial arm, the Mozilla Corporation that will see about 250 employees lose their jobs and the shuttering of the organization’s operations in Taipei, Taiwan. This move comes after the organization already laid off about 70 employees earlier this year.  The most recent numbers from 2018 put Mozilla at about 1,000 employees worldwide.

Citing falling revenues because of the global pandemic, Mozilla’s executive chairwoman and CEO Mitchell Baker said in an internal message that the company’s pre-COVID plans were no longer feasible.

“Pre-COVID, our plan for 2020 was a year of change: building a better internet by accelerating product value in Firefox, increasing innovation, and adjusting our finances to ensure financial stability over the long term,” Baker writes. “We started with immediate cost-saving measures such as pausing our hiring, reducing our wellness stipend and cancelling our All-Hands. But COVID-19 has accelerated the need and magnified the depth for these changes. Our pre-COVID plan is no longer workable. We have talked about the need for change — including the likelihood of layoffs — since the spring. Today these changes become real.”

Layed off employees will receive severance that is at least equivalent to their full base pay through December 31 and will still receive their individual performance bonuses for the first half of the year, as well as part of their company bonus and the standard COBRA health insurance benefits.

Mozilla promises that its smaller organization will be able to act more “quickly and nimbly” and that it will work more closely with partners that share its goal of an open web ecosystem. At the same time, Baker wants Mozilla to remain a “technical powerhouse of the internet activist movement,” yet she also acknowledges that the organization as a whole must also focus on economics and work on creating sustainable business models that still stay true to its mission.

‘We are also restructuring to put a crisper focus on new product development and go to market activities,” writes Baker. “In the long run, I am confident that the new organizational structure will serve our product and market impact goals well, but we will talk in detail about this in a bit.”

On the product side, Mozilla will continue to focus on Firefox, as well as Pocket, its Hubs virtual reality project, its new VPN service, Web Assembly and other privacy and security products. But it is also launching a new Design and UX team, as well as a new applied machine learning team to help bring machine learning to its products.

Vivaldi browser gets built-in tracking blocker, goes GA on Android

Vivaldi, the browser launched by former Opera CEO Jon von Tetzchner, has long positioned itself as a highly customizable alternative to Chrome and Firefox for power users. Today, the team is launching version 3.0 of its desktop browser, with built-in tracker and ad blockers, and it’s bringing its Android browser out of beta.

I’ve long been a fan of Vivaldi, but the company was relatively late to the tracking protection game. Now, it’s doubling down on this, by integrating a blocklist powered by DuckDuckGo’s Tracker Radar.

Like competing browsers, Vivaldi offers three blocking levels that users can easily toggle on and off for individual websites. Those blocking levels are relatively blunt, though, with the options to either block trackers, block trackers and ads or disable blocking. Competitors like Edge offer slightly more nuanced options for blocking trackers, though I would expect Vivaldi to adopt a similar scheme over time.

For the most part, the Vivaldi team always said that it would delegate ad blocking to extensions, though it added the option to block highly intrusive ads in the middle of last year. And while the company still notes that blocking trackers provides enough privacy protection, with today’s update, it now also gives users the option to block virtually all ads without the need to download any extensions (as a Chromium-based browser, Vivaldi supports all Chrome extensions).

Also new in the desktop version is a clock. Yes. A clock. That may sound like a weird feature, given that your desktop of choice surely features a clock, but like all things Vivaldi, you can a) remove it and b) there is actually some usefulness here as you can, for example, set up timers if you’re into Pomodoro or similar productivity techniques. And because it is Vivaldi, you can set all kinds of custom alarms and countdown timers, too.

[gallery ids="1978141,1978140,1978119"]

As for the mobile version, which is now generally available for Android 5 and higher, the most important fact is probably that it exists, given how most users expect to be able to easily sync their bookmarks, passwords and browsing history between mobile and desktop. As with other browsers, you can choose what you want to sync.

Like the desktop version, Vivaldi for Android now also features a tracking and ad blocker. There’s also a built-in screenshot tool and support for Vivaldi notes, which also sync between devices.

The mobile browser isn’t quite as flexible as the desktop version, with its plethora of options, but that’s probably not what you’re looking for in a mobile browser anyway. But having a stable mobile browser that can accompany the desktop version is a big deal for Vivaldi and may give users who were on the sidelines a reason to take another look at it.

Out of the box, there’s no other browser that will give you the kind of flexibility Vivaldi does.

Mozilla names long-time chairwoman Mitchell Baker as CEO

Mozilla Corporation announced today that it has chosen long-time chairwoman Mitchell Baker to be CEO, replacing Chris Beard who announced he would be stepping down at the end of the year last August.

Baker represents a logical choice to lead the company. At a time of great turmoil in the world at large, she brings the stability of someone who has been with Mozilla Corporation since 2003. Writing in a company blog post, she certainly recognized the challenges ahead, navigating through the current economic uncertainty and the competitive challenges the company faces with its flagship Firefox browser..

“It’s a time of challenge on many levels, there’s no question about that. Mozilla’s flagship product remains excellent, but the competition is stiff. The increasing vertical integration of internet experience remains a deep challenge. It’s also a time of need, and of opportunity. Increasingly, numbers of people recognize that the internet needs attention,” Baker wrote.

Baker has been acting as interim CEO since December when Beard officially left the company. In a blog post from the board announcing Baker’s official new title, they certainly recognized that it would take someone with her unique combination of skills and experience to guide the company through this next phase.

“Mitchell’s deep understanding of Mozilla’s existing businesses gives her the ability to provide direction and support to drive this important work forward,” they wrote. Adding, “And her leadership style grounded in openness and honesty is helping the organization navigate through the uncertainty that COVID-19 has created for Mozillians at work and at home.”

Mozilla Corporation was founded in 1998 and is best known for its flagship, open source Firefox browser. The company faces stiff competition in the browser market from Google, Apple and Microsoft.

Daily Crunch: Amazon opens its first cashier-less grocery store

Amazon expands its Just Walk Out technology beyond convenience stores, Intuit acquires Credit Karma in its biggest acquisition ever and Grab raises hundreds of millions of dollars. Here’s your Daily Crunch for February 25, 2020.

1. Amazon opens its first cashierless grocery store

Amazon is opening its first grocery store to pilot the use of the retailer’s cashier-less “Just Walk Out” technology, which previously powered 25 Amazon Go convenience stores in a handful of major U.S. metros. The store is 10,400 square feet overall, making it the largest use of Amazon’s Just Walk Out technology to date.

Based in the company’s hometown of Seattle, the new Amazon Go Grocery store allows customers to shop for everyday grocery items like fresh produce, meat, seafood, bakery items, household essentials, dairy, easy-to-make dinner options, beer, wine and spirits and more.

2. Intuit confirms that it is buying Credit Karma for $7.1B in cash and stock

Intuit announced that it plans to acquire Credit Karma — the fintech startup with more than 100 million registered users, 37 million of them active monthly users, which lets people check their credit scores, shop for credit cards and loans, file taxes and more. The financial software giant says it will pay $7.1 billion for the acquisition, making this Intuit’s biggest-ever acquisition to date, and one of the biggest in the category of privately held fintech companies.

3. Grab raises up to $856M to boost payments business as rumors swirl of a merger with rival Gojek

Southeast Asian on-demand transport startup Gojek denies that it is involved in talks to merge with Grab, but today Grab announced a piece of news that could either divert attention from that story — or more likely stoke the fires of speculation that it is indeed gearing up for a deal.

4. New Netflix feature reveals the top 10 most popular programs on its service

The new top 10 list doesn’t offer any hard metrics, but it can at least help point to popular programming and highlight breakout successes Netflix might have in the future. The feature is rolling out now to users worldwide, so you may not see your list quite yet.

5. Instead of IPOs and acquisitions, exiting to community is one alternative

Greg Brodsky, who helps cooperative startups through the Start.coop accelerator, pointed to the “exit to community” idea as an option for startups looking to transition out of the more traditional Silicon Valley model. In this framework, some portion of the company is sold back to the workers or end users. (Extra Crunch membership required.)

6. Revolut raises $500M at a $5.5B valuation

Revolut is building a financial service to replace traditional bank accounts. You can open an account from an app in just a few minutes. You can then receive, send and spend money from the app or use a debit card.

7. Firefox to enable DNS-over-HTTPS by default to US users

Mozilla will bring its new DNS-over-HTTPS security feature to all Firefox users in the U.S. by default in the coming weeks, the browser maker has confirmed. It follows a year-long effort to test the new security feature, which is designed to make browsing the web more secure and private.

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here.

Mozilla says a new Firefox security bug is under active attack

Mozilla has warned Firefox users to update their browser to the latest version after security researchers found a vulnerability that hackers were actively exploiting in “targeted attacks” against users.

The vulnerability, found by Chinese security company Qihoo 360, was found in Firefox’s just-in-time compiler. The compiler is tasked with speeding up performance of JavaScript to make websites load faster. But researchers found that the bug could allow malicious JavaScript to run outside of the browser on the host computer.

In practical terms, that means an attacker can quietly break into a victim’s computer by tricking the victim into accessing a website running malicious JavaScript code.

But Qihoo did not say precisely how the bug was exploited, who the attackers were, or who was targeted.

Browser vulnerabilities are a hot commodity in security circles as they can be used to infect vulnerable computers — often silently and without the user noticing — and be used to deliver malware or ransomware. Browsers are also a target for nation states and governments and their use of surveillance tools, known as network investigative techniques — or NITs. These vulnerability-exploiting tools have been used by federal agents to spy on and catch criminals. But these tools have drawn ire from the security community because the feds’ failure to disclose the bugs to the software makers could result in bad actors exploiting the same vulnerabilities for malicious purposes.

Mozilla issued the security advisory for Firefox 72, which had only been out for two days before the vulnerability was found.

Homeland Security’s cyber advisory unit, the Cybersecurity and Infrastructure Security Agency, also issued a security warning, advising users to update to Firefox 72.0.1, which fixes the vulnerability. Little information was given about the bug, only that it could be used to “take control of an affected system.”

Firefox users can update their browser from the settings.

Browsers are interesting again

A few years ago, covering browsers got boring.

Chrome had clearly won the desktop, the great JavaScript speed wars were over and Mozilla seemed more interested in building a mobile operating system than its browser. Microsoft tried its best to rescue Internet Explorer/Edge from being the punchline of nerdy jokes, but its efforts essentially failed.

Meanwhile, Opera had shuttered the development of its own rendering engine and redesigned its browser with less functionality, alienating many of its biggest fans. On mobile, plenty of niche players tried to break the Chrome/Safari duopoly, but while they did have some innovative ideas, nothing ever stuck.

But over the course of the last year or so, things changed. The main catalyst for this, I would argue, is that the major browser vendors — and we can argue about Google’s role here — realized that their products were at the forefront of a new online privacy movement. It’s the browser, after all, that allows marketers to set cookies and fingerprint your machine to track you across the web.

Add to that Microsoft’s move to the Chromium engine, which is finally giving Microsoft a seat at the browser table again, plus the success of upstarts like Brave and Vivaldi, and you’ve got the right mix of competitive pressure and customer interest for innovation to come back into what was a stagnant field only a few years ago.

Let’s talk about privacy first. With browsers being the first line of defense, it’s maybe surprising that we didn’t see Mozilla and others push for more built-in tracking protections before.

In 2019, the Chrome team introduced handling cookies in the browser and a few months ago, it launched a broader initiative to completely rethink cookies and online privacy for its users — and by extension, Google’s advertising ecosystem. This move centers around differential privacy and a ‘privacy budget’ that would allow advertisers to get enough information about you to group you into a larger cohort without providing so much information that you would love your anonymity.

At the time, Google said this was a multi-year effort that was meant to help publishers retain their advertising revenue (vs their users completely blocking cookies).

Firefox gets personalized privacy reports

Mozilla today announced that its Enhanced Tracking Protection feature for Firefox, which launched in July (and became the default in September), has now blocked a total of over 450 billion third-party tracking requests from the thousands of companies that try to track you as you browse the web. That’s a big number, but with today’s launch of Firefox 70, Mozilla is also giving you a personalized dashboard that tells you how often Firefox blocked third-party cookies, social media trackers, fingerprinting tools and cryptominers.

Privacy protection is on by default, in the ‘standard’ setting, so you don’t have to do anything special to protect yourself. If you want to tinker with the settings, though, and don’t mind it if the occasional site breaks, you can also opt for a stricter default and custom settings.

protection report tp

The report isn’t exactly front and center in the user experience (though Mozilla tells me it points new users to it in its onboarding workflow). To find it, you have to click on the shield icon in the URL bar. That’s where you find all of the info about the current site you’re on, as well as a link to your privacy report.

The report itself is pretty basic and only covers a single week. The data doesn’t sync between machines and you can’t dig any deeper into which companies are trying to track you, for example. Still, it’s a nice reminder of how many companies are trying to track you.

image003 1

The report page also features links to Mozilla’s Firefox Monitor, which can alert you when one of your email accounts appears in a breach, and Lockwise, its password management and syncing service. With today’s update, Lockwise is also getting a password generator and an integration with Firefox Monitor.

Mozilla clearly knows that privacy, at least for the time being, is what differentiates its browser from the competition, especially Chrome. While Google’s Chrome team has to figure out ways to protect its users while working inside a company that makes most of its revenue from online advertising, Mozilla doesn’t need to worry about this at all. So while the Chrome team is trying to figure out how to make major changes to the underlying tracking infrastructure while preserving Google’s revenue stream, Firefox and its brethren can opt for pretty strict default settings. It still remains to be seen whether the majority of users actually cares about tracking, but for now, this gives Firefox a clear advantage in this area.

Mozilla flips the default switch on Firefox tracker cookie blocking

From today Firefox users who update to the latest version of the browser will find a pro-privacy setting flipped for them on desktop and Android smartphones, assuming they didn’t already have the anti-tracking cookie feature enabled.

Mozilla launched the Enhanced Tracking Protection (ETP) feature in June as a default setting for new users — but leaving existing Firefox users’ settings unchanged at that point.

It’s now finishing what it started by flipping the default switch across the board in v69.0 of the browser.

The feature takes clear aim at third party cookies that are used to track Internet users for creepy purposes such as ad profiling. (Firefox relies on the Disconnect list to identify creepy cookies to block.)

The anti-tracking feature also takes aim at cryptomining: A background practice which can drain CPU and battery power, negatively impacting the user experience. Again, Firefox will now block cryptomining by default, not only when user activated.

In a blog post about the latest release Mozilla says it represents a “milestone” that marks “a major step in our multi-year effort to bring stronger, usable privacy protections to everyone using Firefox”.

“Currently over 20% of Firefox users have Enhanced Tracking Protection on. With today’s release, we expect to provide protection for 100% of ours users by default,” it predicts, underlining the defining power of default settings.

Firefox users with ETP enabled will see a shield icon in the URL bar to denote the tracker blocking is working. Clicking on this icon takes users to a menu where they can view a list of all the tracking cookies that are being blocked. Users are also able to switch off tracking cookie blocking on a per site basis, via this Content Blocking menu.

While blocking tracking cookies reduces some tracking of internet users it does not offer complete protection for privacy. Mozilla notes that ETP does not yet block browser fingerprinting scripts from running by default, for example.

Browser fingerprinting is another prevalent privacy-hostile technique that’s used to track and profile web users without knowledge or consent by linking online activity to a computer’s configuration and thereby tying multiple browser sessions back to the same device-user.

It’s an especially pernicious technique because it can erode privacy across browser sessions and even different browsers — which an Internet user might be deliberately deploying to try to prevent profiling.

A ‘Strict Mode’ in the Firefox setting can be enabled by Firefox users in the latest release to block fingerprinting. But it’s not on by default.

Mozilla says a future release of the browser will flip fingerprinting blocking on by default too.

The latest changes in Firefox continue Mozilla’s strategy — announced a year ago — of pro-actively defending its browser users’ privacy by squeezing the operational range of tracking technologies.

In the absence of a robust regulatory framework to rein in the outgrowth of the adtech ‘industrial data complex’ that’s addicted to harvesting Internet users’ data for ad targeting, browser makers have found themselves at the coal face of the fight against privacy-hostile tracking technologies.

And some are now playing an increasingly central — even defining role — as they flip privacy and anti-tracking defaults.

Notably, earlier this month, the open source WebKit browser engine, which underpins Apple’s Safari browser, announced a new tracking prevention policy that puts privacy on the same footing as security, saying it would treat attempts to circumvent this as akin to hacking.

Even Google has responded to growing pressure around privacy — announcing changes to how its Chrome browser handles cookies this May. Though it’s not doing that by default yet.

It has also said it’s working on technology to reduce fingerprinting. And recently announced a long term proposal to involve its Chromium browser engine in developing a new open standard for privacy.

Though cynics might suggest the adtech giant is responding to competitive pressure on privacy by trying to frame and steer the debate in a way that elides its own role in data mining Internet users at scale for (huge) profit.

Thus its tardy privacy pronouncements and long term proposals look rather more like an attempt to kick the issue into the long grass and buy time for Chrome to keep being used to undermine web users’ privacy — instead of Google being forced to act now and close down privacy-hostile practices that benefit its business.

Mozilla CEO Chris Beard will step down at the end of the year

Chris Beard announced via blog post today his plans to step down as Mozilla Corporation CEO at the end of 2019. Beard joined the web software company in 2004, remaining an employee since then, with the exception of 2013, when he left to become Greylock’s “executive-in-residence,” while remaining on as an advisor.

Beard was appointed interim CEO for Mozilla in April 2014, coming on as full time chief executive in July of that same year. The company has seen a bit of a resurgence in recent years, after having ceded much of its browser marketshare to the likes of Google and Apple. Firefox has undergone something of a renaissance over the past year, as have the company’s security tools.

“Today our products, technology and policy efforts are stronger and more resonant in the market than ever, and we have built significant new organizational capabilities and financial strength to fuel our work,” Beard said in the blog post. “From our new privacy-forward product strategy to initiatives like the State of the Internet we’re ready to seize the tremendous opportunity and challenges ahead to ensure we’re doing even more to put people in control of their connected lives and shape the future of the internet for the public good.”

Mozilla is currently seeking a replacement for Beard, though he’s agreed to stay on through year’s end. Executive chairwoman Mitchell Baker announced in her own post that she’s agreed to step into an interim role if needed.

“One of the accomplishments of Chris’ tenure is the strength and depth of Mozilla Corporation today. The team is strong. Our organization is strong, and our future full of opportunities,” Baker said. “It is precisely the challenges of today’s world, and Mozilla’s opportunities to improve online life, that bring so many of us to Mozilla. I personally remain deeply focused on Mozilla. I’ll be here during Chris’ tenure, and I’ll be here after his tenure ends. I’m committed to Mozilla, and to making serious contributions to improving online life and developing new technical capabilities that are good for people.”