Automattic, Mozilla, Twitter and Vimeo urge EU to beef up user controls to help tackle ‘legal-but-harmful’ content

Automattic, Mozilla, Twitter and Vimeo have penned an open letter to EU lawmakers urging them to ensure that a major reboot of the bloc’s digital regulations doesn’t end up bludgeoning freedom of expression online.

The draft Digital Services Act and Digital Markets Act are due to be unveiled by the Commission next week, though the EU lawmaking process means it’ll likely be years before either becomes law.

The Commission has said the legislative proposals will set clear responsibilities for how platforms must handle illegal and harmful content, as well as applying a set of additional responsibilities on the most powerful players which are intended to foster competition in digital markets.

It also plans to legislate around political ads transparency — under a Democracy Action Plan — but not til Q3 next year.

In their joint letter, entitled ‘Crossroads for the open Internet’, the four tech firms argue that: “The Digital Services Act and the Democracy Action Plan will either renew the promise of the Open Internet or compound a problematic status quo – by limiting our online environment to a few dominant gatekeepers, while failing to meaningfully address the challenges preventing the Internet from realising its potential.”

On the challenge of regulating digital content without damaging vibrant online expression they advocate for a more nuanced approach to “legal-but-harmful” content — pressing a ‘freedom of speech is not freedom of reach’ position by urging EU lawmakers not to limit their policy options to binary takedowns (which they suggest would benefit the most powerful platforms).

Instead they suggest tackling problem (but legal) speech by focusing on content visibility as key and ensuring consumers have genuine choice in what they see — implying support for regulation to require that users have meaningful controls over algorithmic feeds (such as the ability to switch off AI curation entirely).

“Unfortunately, the present conversation is too often framed through the prism of content removal alone, where success is judged solely in terms of ever-more content removal in ever-shorter periods of time. Without question, illegal content — including terrorist content and child sexual abuse material — must be removed expeditiously. Indeed, many creative self-regulatory initiatives proposed by the European Commission have demonstrated the effectiveness of an EU-wide approach,” they write.

“Yet by limiting policy options to a solely stay up-come down binary, we forgo promising alternatives that could better address the spread and impact of problematic content while safeguarding rights and the potential for smaller companies to compete. Indeed, removing content cannot be the sole paradigm of Internet policy, particularly when concerned with the phenomenon of ‘legal-but-harmful’ content. Such an approach would benefit only the very largest companies in our industry.

“We therefore encourage a content moderation discussion that emphasises the difference between illegal and harmful content and highlights the potential of interventions that address how content is surfaced and discovered. Included in this is how consumers are offered real choice in the curation of their online environment.”

Twitter does already let users switch between a chronological content view or ‘top tweets’ (aka, its algorithmically curated feed) — so arguably it already offers users “real choice” on that front. That said, its platform can also inject some (non-advertising) content into a user’s feed regardless of whether a person has elected to see it — if its algorithms believe it’ll be of interest. So not quite 100% real choice then.

Another example is Facebook — which does offer a switch to turn off algorithmic curation of its News Feed. But it’s so buried in settings most normal users are unlikely to discover it. (Underlying the importance of default settings in this context; algorithmic defaults with buried user choice do already exist on mainstream platforms — and don’t sum to meaningful user control over what they’re exposed to.)

In the letter, the companies go on to write that they support “measures towards algorithmic transparency and control, setting limits to the discoverability of harmful content, further exploring community moderation, and providing meaningful user choice”.

“We believe that it’s both more sustainable and more holistically effective to focus on limiting the number of people who encounter harmful content. This can be achieved by placing a technological emphasis on visibility over prevalence,” they suggest, adding: “The tactics will vary from service to service but the underlying approach will be familiar.”

The Commission has signalled that algorithmic transparency will be a key plank of the policy package — saying in October that the proposals will include requirements for the biggest platforms to provide information on the way their algorithms work when regulators ask for it.

Commissioner Margrethe Vestager said then that the aim is to “give more power to users — so algorithms don’t have the last word about what we get to see, and what we don’t get to see” — suggesting requirements to offer a certain level of user control could be coming down the pipe for the tech industry’s dark patterns.

In their letter, the four companies also express support for harmonizing notice-and-action rules for responding to illegal content, to clarify obligations and provide legal certainty, as well as calling for such mechanisms to “include measures proportionate to the nature and impact of the illegal content in question”.

The four are also keen for EU lawmakers to avoid a one-size-fits-all approach for regulating digital players and markets. Although given the DSA/DMA split that looks unlikely; there will at least be two sizes involved in Europe’s rebooted rules, and most likely a lot more nuance.

“We recommend a tech-neutral and human rights-based approach to ensure legislation transcends individual companies and technological cycles,” they go on, adding a little dig over the controversial EU Copyright directive — which they describe as a reminder there are “major drawbacks in prescribing generalised compliance solutions”.

“Our rules must be sufficiently flexible to accommodate and allow for the harnessing of sectoral shifts, such as the rise of decentralised hosting of content and data,” they go on, arguing a “far-sighted approach” can be ensured by developing regulatory proposals that “optimise for effective collaboration and meaningful transparency between three core groups: companies, regulators and civil society”.

Here the call is for “co-regulatory oversight grounded in regional and global norms”, as they put it, to ensure Europe’s rebooted digital rules are “effective, durable, and protective of individuals’ rights”.  

The joint push for collaboration that includes civic society contrasts with Google’s public response to the Commission’s DSA/DMA consultation — which mostly focused on trying to lobby against ex ante rules for gatekeepers (like Google will surely be designated).

Though on liability for illegal content front the tech giant also lobbied for clear delineating lines between how illegal material must be handled and what’s “lawful-but-harmful.”

The full official detail of the DSA and DMA proposals are expected next week.

A Commission spokesperson declined to comment on the specific positions set out by Twitter et al today, adding that the regulatory proposals will be unveiled “soon”. (December 15 is the slated date.)

Last week — setting out the bloc’s strategy towards handling politically charged information and disinformation online — values and transparency commissioner, Vera Jourova, confirmed the forthcoming DSA will not set specific rules for the removal of “disputed content”.

Instead, she said there will be a beefed up code of practice for tackling disinformation — extending the current voluntary arrangement with additional requirements. She said these will include algorithmic accountability and better standards for platforms to cooperate with third-party fact-checkers. Tackling bots and fake accounts and clear rules for researchers to access data are also on the (non-legally-binding) cards.

“We do not want to create a ministry of truth. Freedom of speech is essential and I will not support any solution that undermines it,” said Jourova. “But we also cannot have our societies manipulated if there are organized structures aimed at sewing mistrust, undermining democratic stability and so we would be naive to let this happen. And we need to respond with resolve.”

Gifting a gadget? Check its creep factor on Mozilla’s ‘Privacy not included’ list of shame

Buying someone a gadget is a time-honored tradition, but these days it can be particularly fraught, considering you may buy them a fitness tracker that also monitors emotions, or a doorbell that snitches to the cops. Mozilla has put together a helpful list of popular gadgets with ratings on just how creepy they are.

“Privacy not included” has become an annual tradition for the internet rights advocate, and this year has an especially solid crop of creepy devices, given the uptick in smart speakers, smart security cameras and smart litterboxes.

On the “creepy” end of the spectrum is… pretty much everything by Amazon except the Kindle. The devices in question send tons of data to Amazon by design, of course, but Mozilla feels the company hasn’t yet earned the trust to make that sort of thing acceptable. Facebook’s Portal earns a creepy spot for a similar reason.

Image Credits: Mozilla

Some random gadgets like a smart coffee maker and Moleskine smart notebook get creepy ratings because they don’t give the kinds of assurances about data and security that any company collecting that information should give. That sort of thing is common in smart gadgets — they may not be fundamentally creepy, but the company that makes them reserves the right to make it creepy at any time.

On the other end of the spectrum, Withings earns points for its smart devices with reasonable privacy policies and security. Non-Ring smart doorbells get good marks, and Garmin’s smart watches too.

These are informal rankings based on the potential for abuse or exposure of your data, and it doesn’t mean that they’re perfectly safe or private. If you’re buying one of these things, it’s best to immediately go through the settings and preferences and disable anything that smells invasive or creepy. You can always enable features again, but once you’ve put your data out there, it’s hard to get it back.

Check out the rest of the list here.

Mozilla shutters Firefox Send and Notes

Mozilla today announced that it will shutter two products: Firefox Send, the free file transfer service it already put on hiatus in July, and Firefox Notes, its note-taking extension and mobile app.

Firefox Send launched in March 2019. At the time, Mozilla described it as a file-sharing tool with a focus on privacy. That privacy is also what is now doing it in. When it paused the service earlier this year, the company said it was investigating reports of abuse, especially from malware groups. At the time, Mozilla said it was looking into how it could improve its abuse reporting capabilities and that it would add a requirement that users have a Firefox Account.

But instead of relaunching it, the organization decided to shutter the service instead.

“Firefox Send was a promising tool for encrypted file sharing,” the organization writes in today’s update. “Send garnered good reach, a loyal audience and real signs of value throughout its life. Unfortunately, some abusive users were beginning to use Send to distribute malware and as part of spear phishing attacks. This summer we took Firefox Send offline to address this challenge. In the intervening period, as we weighed the cost of our overall portfolio and strategic focus, we made the decision not to relaunch the service.”

Mozilla says that Firefox Notes was initially meant to be an experiment for testing new ways to sync encrypted data. “Having served that purpose, we kept the product as a little utility tool for Firefox and Android users,” Mozilla says, but it is now decommissioning it and shutting it down completely in early November.

It’s hard not to look at today’s announcement in the context of the overall challenges that Mozilla is going through. If the organization were in a better financial position — and hadn’t laid off around 25% of its staff this year —  it may have kept Notes alive and maybe tried to rework Send. Now, however, it has fewer options to experiment, especially with free services, as it tries to refocus on Firefox and a few other core projects.

Mozilla lays off 250

Mozilla today announced a major restructuring of its commercial arm, the Mozilla Corporation that will see about 250 employees lose their jobs and the shuttering of the organization’s operations in Taipei, Taiwan. This move comes after the organization already laid off about 70 employees earlier this year.  The most recent numbers from 2018 put Mozilla at about 1,000 employees worldwide.

Citing falling revenues because of the global pandemic, Mozilla’s executive chairwoman and CEO Mitchell Baker said in an internal message that the company’s pre-COVID plans were no longer feasible.

“Pre-COVID, our plan for 2020 was a year of change: building a better internet by accelerating product value in Firefox, increasing innovation, and adjusting our finances to ensure financial stability over the long term,” Baker writes. “We started with immediate cost-saving measures such as pausing our hiring, reducing our wellness stipend and cancelling our All-Hands. But COVID-19 has accelerated the need and magnified the depth for these changes. Our pre-COVID plan is no longer workable. We have talked about the need for change — including the likelihood of layoffs — since the spring. Today these changes become real.”

Layed off employees will receive severance that is at least equivalent to their full base pay through December 31 and will still receive their individual performance bonuses for the first half of the year, as well as part of their company bonus and the standard COBRA health insurance benefits.

Mozilla promises that its smaller organization will be able to act more “quickly and nimbly” and that it will work more closely with partners that share its goal of an open web ecosystem. At the same time, Baker wants Mozilla to remain a “technical powerhouse of the internet activist movement,” yet she also acknowledges that the organization as a whole must also focus on economics and work on creating sustainable business models that still stay true to its mission.

‘We are also restructuring to put a crisper focus on new product development and go to market activities,” writes Baker. “In the long run, I am confident that the new organizational structure will serve our product and market impact goals well, but we will talk in detail about this in a bit.”

On the product side, Mozilla will continue to focus on Firefox, as well as Pocket, its Hubs virtual reality project, its new VPN service, Web Assembly and other privacy and security products. But it is also launching a new Design and UX team, as well as a new applied machine learning team to help bring machine learning to its products.

Investors are browsing for Chromium startups

A few months ago, we declared that “browsers are interesting again,” thanks to increased competition among the major players. Now, as more startups are getting onboard, things are getting downright exciting.

A small but growing number of projects are building web browsers with a more specific type of user in mind. Whether that perceived user is prioritizing improved speed, organization or toolsets aligned with their workflow, entrepreneurs are building these projects with the assumption that Google’s one-size-fits-all approach with Chrome leaves plenty of users with a suboptimal experience.

Building a modern web browser from scratch isn’t the most feasible challenge for a small startup. Luckily open-source projects have enabled developers to build their evolved web browsers on the bones of the apps they aim to compete with. For browsers that are not Safari, Firefox, Chrome or a handful of others, Google’s Chromium open-source project has proven to be an invaluable asset.

Since Google first released Chrome in late 2008, the company has also been updating Chromium. The source code powers the Microsoft Edge and Opera web browsers, but also allows smaller developer teams to harness the power of Chrome when building their own apps.

These upstart browsers have generally sought to compete with the dominant powers on the privacy front, but as Chrome and Safari have begun shipping more features to help users manage how they are tracked online, entrepreneurs are widening their product ambitions to tackle usability upgrades.

Aiding these heightened ambitions is increased attention on custom browsers from investors. Mozilla co-founder Brendan Eich’s Brave has continued to scale, announcing last month they had 5 million daily active users of their privacy-centric browser.

Today, Thrive Capital’s Josh Miller spoke with TechCrunch about his project The Browser Company which has raised $5 million from some notable Silicon Valley operators. Other hot upstart efforts include Mighty, a subscription-based, remote-streamed Chrome startup from Mixpanel founder Suhail Doshi, and Blue Link Labs, a recent entrant that’s building a decentralized peer-to-peer browser called Beaker browser.

Mighty

As front-end developers have gotten more ambitious and web applications have gotten more complex, Chrome has earned the reputation of being quite the RAM hog.

Ameelio wants to take on for-profit prison calling rackets after starting with free letters to inmates

Among the many problems with the prison system are enormous fees for things like video calls, which a handful of companies provide at grossly inflated rates. Ameelio hopes to step in and provide free communication options to inmates; Its first product, sending paper letters, is being welcomed with open arms by those with incarcerated loved ones.

Born from the minds of Yale Law students, Ameelio is their attempt to make a difference in the short term while pushing for reform in the long term, said co-founder and CEO Uzoma Orchingwa.

“I was studying mass incarceration, and the policy solutions I was writing about were going to take a long time to happen,” Orchingwa said. “It’s going to be a long battle before we can make even little inroads. So I was thinking, what can I do in the interim while I work on the longer term project of prison reform?”

He saw reports that inmates with regular communication with loved ones have better outcomes when released, but also that in many prisons, that communication was increasingly expensive and restricted. Some prisons have banned in-person meetings altogether — not surprising during a pandemic — leaving video calling at extortionate rates the only option for speaking face to face with a loved one.

Sometimes costing a dollar a minute, these fees add up quickly and, naturally, this impacts already vulnerable populations the most. Former FCC Commissioner Mignon Clyburn, for whom this was an issue of particular interest during her term, called the prison communication system “the clearest, most glaring type of market failure I’ve ever seen as a regulator.”

It’s worth noting that these private, expensive calling services weren’t always the norm, but were born fairly recently as the private prison industry has expanded and multiplied the ways it makes money off inmates. Some states ban the practice, but others have established relationships with the companies that provide these services — and a healthy kickback to the state and prison, of course.

This billion-dollar industry is dominated by two companies: Securus and Global Tel Link. The service they provide is fairly rudimentary compared with those we on the outside take for granted. Video and audio calls are scheduled, recorded, skimmed for keywords, and kept available to authorities for a few months in case they’re needed.

At a time when video calls are being provided for free to billions around the world who have also been temporarily restricted from meeting in person, charging at all for it seems wrong — and charging a dollar a minute seems monstrous.

Ameelio’s crew of do-gooder law students and developers doesn’t think they can budge the private prison system overnight, so they’re starting with a different product, but one that also presents difficulties to families trying to communicate with inmates: letters.

Written mail is a common way to keep in contact with someone in prison, but there are a few obstacles that may prevent the less savvy from doing so. Ameelio facilitates this by providing an up-to-date list of correct addresses and conventions for writing to any of the thousands of criminal justice facilities around the country, as well as the correct way to look up and identify the inmate you’re trying to contact — rarely as simple as just putting their name at the top.

“The way prison addresses work, the inmate address is different from the physical address. So we scraped addresses and built a database for that, and built a way to find the different idiosyncrasies, like how many lines are necessary, what to put on each line, etc,” said co-founder Gabe Saruhashi.

Once that’s sorted, you write your letter, attach a photo if you want, and it’s printed out and sent (via direct-mail-as-a-service startup Lob). It’s easy to see how removing the friction and cost of printing, addressing and so on would lead to more frequent communication.

Since starting a couple months ago and spreading word of the service on Facebook groups and other informal means, they’ve already sent more than 4,000 letters. But while it’s nice for people to be able to send letters, Ameelio plans to cater to larger organizations that use mail at larger scales.

“The communications challenges that families have are the same challenges that criminal justice organizations and lawyers have when communicating with their clients,” explained Orchingwa. They have to manage the addresses, letter-writing and sending, and a network of people to check on recipients and other follow-up actions. “We’re talking to them, and a lot were very interested in the service we’re offering, so we’re going to roll out a version for organizations. We’re creating a business model in which these organizations, and some of them are well funded, can pay us back but also pay it forward and help keep it free for others.”

How an organization might use and track letter-writing campaigns.

Sending letters is just the opening play for Ameelio, though, but it’s also a way to make the contacts they need and research the market. Outcry against the private calling systems has been constant but the heterogeneous nature of prisons run under state policies means “we don’t have one system, we have 51 separate systems,” as Orchingwa put it. That and the fact that it makes a fair amount of money.

“There’s a lot of movement around getting Securus and Global Tel out,” he said, “But it would shift from families to the state paying, so they need to make back the money they were making from kickbacks.”

Some states have banned paid calls or never allowed them, but others are only changing their policies now in response to external pressure. It’s with these that Ameelio hopes to succeed first.

“We can start in states where there’s no strong relationship to these companies,” said Orchingwa. “You’re going to have state and county officials being asked by their constituents, ‘why are we using them when there’s a free alternative?’ ”

You may wonder whether it’s possible for a fresh young startup to build a video calling platform ready for deployment in such a short time. The team was quick to explain that the actual video call part of the product is something that, like sending letters, can be accomplished through a third party.

“The barrier right now is not at all the video infrastructure – enterprise and APIs will provide that. We already have an MVP of how that will look,” said Saruhashi. Even the hardware is pretty standard — just regular Android tablets stuck to the wall.

“The hard part is the dashboard for the [Department of Corrections],” Saruhashi continued. “They need a way to manage connections that are coming in, schedule conversations, get logs and review them when they’re done.”

But they’re also well into the development of that part, which ultimately is also only a medium-grade engineering challenge, already solved in many other contexts.

Currently the team is evaluating participation in a number of accelerators, and is already part of Mozilla’s Spring MVP Lab, the precursor to a larger incubator effort announced earlier today. “We love them,” said Mozilla’s Bart Decrem.

Right now the company is definitely early stage, with more plans than accomplishments, and they’re well aware that this is just the start — just as establishing better communications options is just the start for more comprehensive reform of the prison and justice system.

Mozilla names long-time chairwoman Mitchell Baker as CEO

Mozilla Corporation announced today that it has chosen long-time chairwoman Mitchell Baker to be CEO, replacing Chris Beard who announced he would be stepping down at the end of the year last August.

Baker represents a logical choice to lead the company. At a time of great turmoil in the world at large, she brings the stability of someone who has been with Mozilla Corporation since 2003. Writing in a company blog post, she certainly recognized the challenges ahead, navigating through the current economic uncertainty and the competitive challenges the company faces with its flagship Firefox browser..

“It’s a time of challenge on many levels, there’s no question about that. Mozilla’s flagship product remains excellent, but the competition is stiff. The increasing vertical integration of internet experience remains a deep challenge. It’s also a time of need, and of opportunity. Increasingly, numbers of people recognize that the internet needs attention,” Baker wrote.

Baker has been acting as interim CEO since December when Beard officially left the company. In a blog post from the board announcing Baker’s official new title, they certainly recognized that it would take someone with her unique combination of skills and experience to guide the company through this next phase.

“Mitchell’s deep understanding of Mozilla’s existing businesses gives her the ability to provide direction and support to drive this important work forward,” they wrote. Adding, “And her leadership style grounded in openness and honesty is helping the organization navigate through the uncertainty that COVID-19 has created for Mozillians at work and at home.”

Mozilla Corporation was founded in 1998 and is best known for its flagship, open source Firefox browser. The company faces stiff competition in the browser market from Google, Apple and Microsoft.

Daily Crunch: Mozilla lays off 70

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here.

1. Mozilla lays off 70 as it waits for new products to generate revenue

In an internal memo, Mozilla chairwoman and interim CEO Mitchell Baker specifically mentions the slow rollout of the organization’s new revenue-generating products as the reason for the cuts. The overall number may end up being higher than 70, as Mozilla is still looking into how this decision will affect workers in the U.K. and France.

“Mozilla has a strong line of sight to future revenue generation, but we are taking a more conservative approach to our finances,” Baker wrote. “This will enable us to pivot as needed to respond to market threats to internet health, and champion user privacy and agency.”

2. Apple buys edge-based AI startup Xnor.ai for a reported $200M

Xnor.ai began as a process for making machine learning algorithms highly efficient — so efficient that they could run on even the lowest tier of hardware out there, things like embedded electronics in security cameras. This acquisition makes sense, as Apple clearly intends for its devices to operate independent of the cloud when it comes to tasks like facial recognition, natural language processing and augmented reality.

3. The US government should stop demanding tech companies compromise on encryption

In a tweet late Tuesday, President Trump criticized Apple for refusing “to unlock phones used by killers, drug dealers and other violent criminal elements” — referring to a locked iPhone that belonged to a Saudi airman who killed three U.S sailors in December. Zack Whittaker explains why the government’s argument is a red herring. (Extra Crunch membership required.)

4. Mojo Vision’s AR contact lenses are very cool, but many questions remain

The company’s latest demos involve holding a lens or device close to the eye in order to get a feel for what an eventual AR contact lens would look like.

5. Google Cloud gets a premium support plan with 15-minute response times

The premium plan, which Google will charge for based on your monthly Google Cloud Platform spend (with a minimum cost of around $12,500 per month), promises a 15-minute response time in situations when an application or infrastructure is unusable in production.

6. Amazon’s fresh $1B investment in India is not a big favor, says India trade minister

A day after Amazon chief executive Jeff Bezos announced that his company is pumping in an additional $1 billion into its India operations, the nation’s trade minister Piyush Goyal said he wasn’t impressed.

7. Companies take baby steps toward home robots at CES

CES is slowly, but steadily, starting to take robotics more seriously. (Extra Crunch membership required.)

Mozilla lays off 70 as it waits for new products to generate revenue

Mozilla laid off about 70 employees today, TechCrunch has learned.

In an internal memo, Mozilla chairwoman and interim CEO Mitchell Baker specifically mentions the slow rollout of the organization’s new revenue-generating products as the reason for why it needed to take this action. The overall number may still be higher, though, as Mozilla is still looking into how this decision will affect workers in the U.K. and France. In 2018, Mozilla Corporation (as opposed to the much smaller Mozilla Foundation) said it had about 1,000 employees worldwide.

“You may recall that we expected to be earning revenue in 2019 and 2020 from new subscription products as well as higher revenue from sources outside of search. This did not happen,” Baker writes in her memo. “Our 2019 plan underestimated how long it would take to build and ship new, revenue-generating products. Given that, and all we learned in 2019 about the pace of innovation, we decided to take a more conservative approach to projecting our revenue for 2020. We also agreed to a principle of living within our means, of not spending more than we earn for the foreseeable future.”

Baker says laid-off employees will receive “generous exit packages” and outplacement support. She also notes that the leadership team looked into shutting down the Mozilla innovation fund but decided that it needed it in order to continue developing new products. In total, Mozilla is dedicating $43 million to building new products.

“As we look to the future, we know we must take bold steps to evolve and ensure the strength and longevity of our mission,” Baker writes. “Mozilla has a strong line of sight to future revenue generation, but we are taking a more conservative approach to our finances. This will enable us to pivot as needed to respond to market threats to internet health, and champion user privacy and agency.”

The organization last reported major layoffs in 2017.

Over the course of the last few months, Mozilla started testing a number of new products, most of which will be subscription-based once they launch. The marquee feature here is including its Firefox Private Network and a device-level VPN service that is yet to launch, but will cost around $4.99 per month.

All of this is part of the organization’s plans to become less reliant on income from search partnerships and to create more revenue channels. In 2018, the latest year for which Mozilla has published its financial records, about 91% of its royalty revenues came from search contracts.

We have reached out to Mozilla for comment and will update this post once we hear more.

Update (1pm PT): In a statement posted to the Mozilla blog, Mitchell Baker reiterates that Mozilla had to make these cuts in order to fund innovation. “Mozilla has a strong line of sight on future revenue generation from our core business,” she writes. “In some ways, this makes this action harder, and we are deeply distressed about the effect on our colleagues. However, to responsibly make additional investments in innovation to improve the internet, we can and must work within the limits of our core finances”


Here is the full memo:

Office of the CEO <[email protected]>
to all-moco-mofo

Hi all,

I have some difficult news to share. With the support of the entire Steering Committee and our Board, we have made an extremely tough decision: over the course of today, we plan to eliminate about 70 roles from across MoCo. This number may be slightly larger as we are still in a consultation process in the UK and France, as the law requires, on the exact roles that may be eliminated there. We are doing this with the utmost respect for each and every person who is impacted and will go to great lengths to take care of them by providing generous exit packages and outplacement support. Most will not join us in Berlin. I will send another note when we have been able to talk to the affected people wherever possible, so that you will know when the notifications/outreach are complete.

This news likely comes as a shock and I am sorry that we could not have been more transparent with you along the way. This is never my desire. Reducing our headcount was something the Steering Committee considered as part of our 2020 planning and budgeting exercise only after all other avenues were explored. The final decision was made just before the holiday break with the work to finalize the exact set of roles affected continuing into early January (there are exceptions in the UK and France where we are consulting on decisions.) I made the decision not to communicate about this until we had a near-final list of roles and individuals affected.

Even though I expect it will be difficult to digest right now, I would like to share more about what led to this decision. Perhaps you can come back to it later, if that’s easier.

You may recall that we expected to be earning revenue in 2019 and 2020 from new subscription products as well as higher revenue from sources outside of search. This did not happen. Our 2019 plan underestimated how long it would take to build and ship new, revenue-generating products. Given that, and all we learned in 2019 about the pace of innovation, we decided to take a more conservative approach to projecting our revenue for 2020. We also agreed to a principle of living within our means, of not spending more than we earn for the foreseeable future.

This approach is prudent certainly, but challenging practically. In our case, it required difficult decisions with painful results. Regular annual pay increases, bonuses and other costs which increase from year-to-year as well as a continuing need to maintain a separate, substantial innovation fund, meant that we had to look for considerable savings across Mozilla as part of our 2020 planning and budgeting process. This process ultimately led us to the decision to reduce our workforce.

At this point, you might ask if we considered foregoing the separate innovation fund, continuing as we did in 2019. The answer is yes but we ultimately decided we could not, in good faith, adopt this. Mozilla’s future depends on us excelling at our current work and developing new offerings to expand our impact. And creating the new products we need to change the future requires us to do things differently, including allocating funds, $43M to be specific, for this purpose. We will discuss our plans for making innovation robust and successful in increasing detail as we head into, and then again at, the All Hands, rather than trying to do so here.

As we look to the future, we know we must take bold steps to evolve and ensure the strength and longevity of our mission. Mozilla has a strong line of sight to future revenue generation, but we are taking a more conservative approach to our finances. This will enable us to pivot as needed to respond to market threats to internet health, and champion user privacy and agency.

I ask that we all do what we can to support each other through this difficult period.

Mitchell

Mozilla says a new Firefox security bug is under active attack

Mozilla has warned Firefox users to update their browser to the latest version after security researchers found a vulnerability that hackers were actively exploiting in “targeted attacks” against users.

The vulnerability, found by Chinese security company Qihoo 360, was found in Firefox’s just-in-time compiler. The compiler is tasked with speeding up performance of JavaScript to make websites load faster. But researchers found that the bug could allow malicious JavaScript to run outside of the browser on the host computer.

In practical terms, that means an attacker can quietly break into a victim’s computer by tricking the victim into accessing a website running malicious JavaScript code.

But Qihoo did not say precisely how the bug was exploited, who the attackers were, or who was targeted.

Browser vulnerabilities are a hot commodity in security circles as they can be used to infect vulnerable computers — often silently and without the user noticing — and be used to deliver malware or ransomware. Browsers are also a target for nation states and governments and their use of surveillance tools, known as network investigative techniques — or NITs. These vulnerability-exploiting tools have been used by federal agents to spy on and catch criminals. But these tools have drawn ire from the security community because the feds’ failure to disclose the bugs to the software makers could result in bad actors exploiting the same vulnerabilities for malicious purposes.

Mozilla issued the security advisory for Firefox 72, which had only been out for two days before the vulnerability was found.

Homeland Security’s cyber advisory unit, the Cybersecurity and Infrastructure Security Agency, also issued a security warning, advising users to update to Firefox 72.0.1, which fixes the vulnerability. Little information was given about the bug, only that it could be used to “take control of an affected system.”

Firefox users can update their browser from the settings.