
Fakespot Chat, Mozilla's First LLM, Lets Online Shoppers Research Products Via an AI Chatbot (techcrunch.com) 12

An anonymous reader quotes a report from TechCrunch: Earlier this year, Mozilla acquired Fakespot, a startup that leverages AI and machine learning to identify fake and deceptive product reviews. Now, Mozilla is launching its first LLM (large language model) with the arrival of Fakespot Chat, an AI agent that will help consumers as they shop online by answering questions about the product or even suggesting questions that could be useful in your product research. [...] Fakespot has been using AI, including generative AI technologies, to make the online shopping process more trustworthy, not less. For instance, it launched a generative AI feature called Pros and Cons last year, that could replace the need for reading reviews by writing up its own summaries of a product's positives and negatives. The feature was trained on billions of data points, with the model itself using five different models under its hood, the company said.

This week, Fakespot Chat launched into testing, allowing shoppers to ask an AI chatbot about a product they're considering, similar to how you could ask a salesperson for help if you were shopping in a physical store in the real world. The technology uses AI and machine learning to sort through the product reviews, sorting real from fake, to answer the user's questions. The information from your chat session is saved to improve the experience for others, Mozilla notes, but users don't have to create an account or divulge personal information for the experience to work. The feature is available via the Fakespot Analyzer or it can be used on an Amazon.com product from Fakespot's browser extension. For the former, you'd copy and paste the URL of the product into the analyzer to ask your questions, but if using the browser add-on, the analysis starts automatically. When the analysis is complete, Fakespot Chat appears on the right-hand side of the analysis page alongside other features, like Pros and Cons, as well as Fakespot's Review Grades and Highlights. You can then interrogate the AI agent about the product as you weigh your purchase decisions.


Mozilla Introduces Firefox Nightly .deb Packages for Debian-based Linux Distros (9to5linux.com) 23

Mozilla has some news for users of Debian-based Linux distributions (such as Debian, Ubuntu, Linux Mint, and others): installing, updating, and testing the latest Firefox Nightly builds just got a lot easier. We've set up a new APT repository for you to install Firefox Nightly as a .deb package... These packages are compatible with the same Debian and Ubuntu versions as our traditional binaries. If you've previously used our traditional binaries (distributed as .tar.bz2 archives), switching to Mozilla's APT repository allows Firefox to be installed and updated like any other application... You will not have to restart Firefox after updating the package with APT...

For those of you who would like to use Firefox Nightly in a different language than American English, we have also created .deb packages containing the Firefox language packs.

Some context from 9to5Linux: Back in April, I reported that Mozilla was offering a DEB package of the Firefox 113 release during the beta testing phase. Unfortunately, that was the only time a DEB package was available for download and, of course, it didn't make it into the final release of Firefox 113, nor future releases. It would appear that Mozilla needed more time to work on the DEB package for Debian and Ubuntu-based distributions, and it looks like it will finally become a thing starting with an upcoming Firefox release, like Firefox 121 or later...

Using the DEB package over Snap or the official binary package offers some benefits like better performance due to advanced compiler-based optimizations, hardened binaries with all security flags enabled, access to the latest Firefox releases as fast as possible [because the .deb is integrated into Firefox's release process], and you won't have to create your own .desktop file anymore.


Mozilla's 'Failed' Bet on Yahoo Takes Spotlight in Google Trial (bloomberg.com) 15

Mozilla Foundation's decision to switch the search engine built into its Firefox browser to Yahoo from Google was a "failed" bet that degraded the user experience, the company's chief executive said. From a report: Chief Executive Officer Mitchell Baker said Mozilla decided to switch to Yahoo's technology in 2014 after CEO Marissa Mayer took over and promised "to make a big bet on us."

"That bet failed," Baker said in a videotaped interview from 2022 played Wednesday in Google's defense during the Justice Department's antitrust trial. "The search experience that Yahoo was providing to Firefox users deteriorated." The Mozilla example -- the only situation in which a browser has switched the default search engine provider -- has been cited by both Google and the Justice Department to support their arguments in the case. [...] Yahoo agreed to pay Mozilla a minimum of $375 million -- more than the $276 million a year that Google was offering, Baker said. It also agreed to reduce the number of ads and offer less user tracking than Google, but over time Yahoo reneged on that and began showing more advertising, she added.


The AV1 Video Codec Gains Broader Hardware Support 44

AV1 -- a next-generation, royalty-free video codec developed by the Alliance for Open Media, a consortium including tech giants like Google, Mozilla, Cisco, Microsoft, Netflix, Amazon, Intel, and Apple -- is finally making inroads. From a report: We are finally seeing more hardware support for this codec. The new M3 chips from Apple support AV1 decode. The iPhone 15 Pro and iPhone 15 Pro Max also feature an AV1 hardware decoder. The official Android 14 Compatibility Definition makes support for AV1 mandatory. The Snapdragon 8 Gen 2 chipset, widely used by Android phones released in 2023, supports AV1. With the exception of Microsoft Edge, all browsers support AV1.

Mozilla Launches Annual Digital Privacy 'Creep-o-Meter'. This Year's Status: 'Very Creepy' (mozilla.org) 60

"In 2023, the state of our digital privacy is: Very Creepy." That's the verdict from Mozilla's first-ever "Annual Consumer Creep-o-Meter," which attempts to set benchmarks for digital privacy and identify trends: Since 2017, Mozilla has published 15 editions of *Privacy Not Included, our consumer tech buyers guide. We've reviewed over 500 gadgets, apps, cars, and more, assessing their security features, what data they collect, and who they share that data with. In 2023, we compared our most recent findings with those of the past five years. It quickly became clear that products and companies are collecting more personal data than ever before — and then using that information in shady ways...

Products are getting more secure, but also a lot less private. More companies are meeting Mozilla's Minimum Security Standards like using encryption and providing automatic software updates. That's good news. But at the same time, companies are collecting and sharing users' personal data like never before. And that's bad news. Many companies now view their hardware or software as a means to an end: collecting that coveted personal data for targeted advertising and training AI. For example: The mental health app BetterHelp shares your data with advertisers, social media platforms, and sister companies. The Japanese car manufacturer Nissan collects a wide range of information, including sexual activity, health diagnosis data, and genetic information — but doesn't specify how.

An increasing number of products can't be used offline. In the past, the privacy conscious could always buy a connected device but turn off connectivity, making it "dumb." That's no longer an option in many cases. The number of connected devices that require apps and can't be used offline are increasing. This trend, coupled with the first, means it's harder and harder to keep your data private.

Privacy policies also need improvement. "Legalese, ambiguity, and policies that sprawl across multiple documents and URLs are the status quo. And it's getting worse, not better. Companies use these policies as a shield, not an actual resource for consumers." They note that Toyota has more than 10 privacy policy documents, and that it would actually take five hours to read all the privacy documents the Meta Quest Pro VR headset.

In the end they advise opting out of data collection when possible, enabling security features, and "If you're not comfortable with a product's privacy, don't buy it. And, speak up. Over the years, we've seen companies respond to consumer demand for privacy, like when Apple reformed app tracking and Zoom made end-to-end encryption a free feature."

You can also take a quiz that calculates your own privacy footprint (based on whether you're using consumer tech products like the Apple Watch, Nintendo Switch, Nook, or Telegram). Mozilla's privacy advocates award the highest marks to privacy-protecting products like Signal, Sonos' SL Speakers, and the Pocketbook eReader (an alternative to Amazon's Kindle. (Although 100% of the cars reviewed by Mozilla "failed to meet our privacy and security standards.")

The graphics on the site help make its point. As you move your mouse across the page, the cartoon eyes follow its movement...
Open Source

Unless Open Source Evolves, HashiCorp CEO Predicts OSS-Free Silicon Valley (www.thestack.technology) 84

Slashdot reader Striek remembers Silicon Valley's long history of open source develoipment — and how HashiCorp "made the controversial decision to change licenses from the Mozilla Public License to MariaDB's Business Source Licesne. The key difference between these two licenses is that the BSL limits its grant to "non-production use".

HashiCorp's CEO is now predicting there would be âoeno more open source companies in Silicon Valleyâ unless the community rethinks how it protects innovation, reports The Stack: While open source advocates had slammed [HashiCorp's] license switch, CEO Dave McJannet described the reaction from its largest customers as "Great. Because you're a critical partner to us and we need you to be a big, big company." Indeed, he claimed that "A lot of the feedback was, 'we wished you had done that sooner'" — adding that the move had been discussed with the major cloud vendors ahead of the announcement. "Every vendor over the last three or four years that has reached any modicum of scale has come to the same conclusion," said McJannet. "It's just the realisation that the open source model has to evolve, given the incentives that are now in the market."

He claimed the historic model of foundations was broken, as they were dominated by legacy vendors. Citing the case of Hadoop, he said: "They're a way for big companies to protect themselves from innovation, by making sure that if Hadoop becomes popular, IBM can take it and sell it for less because they are part of that foundation." The evolution to putting open source products on GitHub had worked "really, really well" but once a project became popular, there was an incentive for "clone vendors to start taking that stuff." He claimed that "My phone started ringing materially after we made our announcement from every open source startup in Silicon Valley going 'I think this is the right model'."

He said the Linux Foundation's adoption of Open Tofu raised serious questions. "What does it say for the future of open source, if foundations will just take it and give it a home. That is tragic for open source innovation. I will tell you, if that were to happen, there'll be no more open source companies in Silicon Valley."

Hashicorp also announced a beta using generative AI to produce new module tests, and HCP Vault Radar, which scans code for secrets, personally identifiable information, dependency vulnerabilities, and non-inclusive language.

New in Firefox 118: Private Local, Browser-Based Website Translating (liliputing.com) 13

An anonymous reader shared this report from Liliputing.com: Web browsers have had tools that let you translate websites for years. But they typically rely on cloud-based translation services like Google Translate or Microsoft's Bing Translator. The latest version of Mozilla's Firefox web browser does things differently. Firefox 118 brings support for Fullpage Translation, which can translate websites entirely in your browser. In other words, everything happens locally on your computer without any data sent to Microsoft, Google, or other companies.

Here's how it works. Firefox will notice when you visit a website in a supported language that's different from your default language, and a translate icon will show up in the address bar. Tap that icon and you'll see a pop-up window that asks what languages you'd like to translate from and to. If the browser doesn't automatically detect the language of the website you're visiting, you can set these manually... You can also tap the settings icon in the translation menu and choose to "always translate" or "never translate" a specific language so that you won't have to manually invoke the translation every time you visit sites in that language.

Firefox is support nine languages so far.

GPUs From All Major Suppliers Are Vulnerable To New Pixel-Stealing Attack (arstechnica.com) 26

An anonymous reader quotes a report from Ars Technica: GPUs from all six of the major suppliers are vulnerable to a newly discovered attack that allows malicious websites to read the usernames, passwords, and other sensitive visual data displayed by other websites, researchers have demonstrated in a paper (PDF) published Tuesday. The cross-origin attack allows a malicious website from one domain -- say, example.com -- to effectively read the pixels displayed by a website from example.org, or another different domain. Attackers can then reconstruct them in a way that allows them to view the words or images displayed by the latter site. This leakage violates a critical security principle that forms one of the most fundamental security boundaries safeguarding the Internet. Known as the same origin policy, it mandates that content hosted on one website domain be isolated from all other website domains. [...]

GPU.zip works only when the malicious attacker website is loaded into Chrome or Edge. The reason: For the attack to work, the browser must:

1. allow cross-origin iframes to be loaded with cookies
2. allow rendering SVG filters on iframes and
3. delegate rendering tasks to the GPU

For now, GPU.zip is more of a curiosity than a real threat, but that assumes that Web developers properly restrict sensitive pages from being embedded by cross-origin websites. End users who want to check if a page has such restrictions in place should look for the X-Frame-Options or Content-Security-Policy headers in the source.
"This is impactful research on how hardware works," a Google representative said in a statement. "Widely adopted headers can prevent sites from being embedded, which prevents this attack, and sites using the default SameSite=Lax cookie behavior receive significant mitigation against personalized data being leaked. These protections, along with the difficulty and time required to exploit this behavior, significantly mitigate the threat to everyday users. We are in communication and are actively engaging with the reporting researchers. We are always looking to further improve protections for Chrome users."

An Intel representative, meanwhile, said that the chipmaker has "assessed the researcher findings that were provided and determined the root cause is not in our GPUs but in third-party software." A Qualcomm representative said "the issue isn't in our threat model as it more directly affects the browser and can be resolved by the browser application if warranted, so no changes are currently planned." Apple, Nvidia, AMD, and ARM didn't comment on the findings.

An informational write-up of the findings can be found here.

Behind the Scenes at 'Have I Been Pwned' (abc.net.au) 22

The founder of the data-breach notification site Have I Been Pwned manages "the largest known repository of stolen data on the planet," reports Australia's public broadcaster ABC, including over 6 billion email address. Yet with no employees, Troy Hunt manages all of the technical and operational aspects single-handedly, and "has ended up playing an oddly central role in global cybersecurity." Troy is very careful with how he handles what he finds. He only collects (and encrypts) the mobile numbers, emails and passwords that he finds in the breaches, discarding the victims' names, physical addresses, bank details and other sensitive information. The idea is to let users find out where their data has been leaked from, but without exposing them to further risk. Once he identifies where a data breach has occurred, Troy also contacts the organisation responsible to allow it to inform its users before he does. This, he says, is often the hardest step of the process because he has to convince them it's legitimate and not some kind of scam itself.

He's not required to give organisations this opportunity, much less persist when they ignore his messages or accuse him of trying to shake them down for money. But there's evidence that this approach is working. Despite the legal grey area he has operated in for a decade now, he's avoided being sued by any of the organisations responsible for the 705 breaches that are now searchable on Have I Been Pwned. These days, major tech companies like Mozilla and 1Password use Have I Been Pwned, and Troy likes to point out that dozens of national governments and law enforcement agencies also partner with his service...

"He's not a company that's audited. He's just a dude on the web," says Jane Andrew, an expert on data breaches at the University of Sydney. "I think it's so shocking that this is where we find out information about ourselves. She says governments and law enforcement have, in general, left it to individuals to deal with the fallout from data breaches... Without an effective global regulator, Professor Andrew says, a crucial part of the world's cybersecurity infrastructure is left to rely on the goodwill of this one man on the Gold Coast.

Thanks to long-time Slashdot reader slincolne for sharing the article.
Open Source

Terraform Fork Gets Renamed OpenTofu, Joins Linux Foundation (techcrunch.com) 30

An anonymous reader quotes a report from TechCrunch: When HashiCorp announced it was changing its Terraform license in August, it set off a firestorm in the open source community, and actually represented an existential threat to startups that were built on top of the popular open source project. The community went into action and within weeks they had written a manifesto, and soon after that launched an official fork called OpenTF. Today, that group went a step further when the Linux Foundation announced OpenTofu, the official name for the Terraform fork, which will live forever under the auspices of the foundation as an open source project. At the same time, the project announced it would be applying for entry into the Cloud Native Computing Foundation (CNCF).

"OpenTofu is an open and community-driven response to Terraform's recently announced license change from a Mozilla Public License v2.0 (MPLv2) to a Business Source License v1.1 providing everyone with a reliable, open source alternative under a neutral governance model," the foundation said in a statement. The name is deliberately playful says Yevgeniy (Jim) Brikman from the OpenTofu founding team, who is also co-founder of Gruntwork. "I'm glad your reaction was to laugh. That's a good thing. We're trying to keep things a little more humorous," Brikman told TechCrunch, but the group is dead serious when it comes to building an open fork. [...]

"The first thing was to get an alpha release out there. So you can go to the OpenTofu website and download OpenTofu and start using it and trying it out," he said. "Then the next thing is a stable release. That's coming in the very near future, but there's work to do. Once you have a stable release, people can start using it. Then we can start growing adoption, and once we start growing adoption, some of the big players will start stepping in when some of the big players start stepping in other big players will start stepping in as well."


US Alleges Google Got Rich Because People Stick With Search Defaults (reuters.com) 72

The Justice Department will press its argument Thursday that Google sought to strike agreements with mobile carriers to win powerful default positions on smartphones to dominate search in an antitrust trial that could change the future of the internet. From a report: The government will wrap up questioning Thursday of Antonio Rangel, who teaches behavioral biology at the California Institute of Technology. Other witnesses will be James Kolotouros, for Google, and Brian Higgins, from Verizon Communications. The government says the Alphabet unit paid $10 billion annually to wireless companies like AT&T, device makers like Apple and browser makers like Mozilla to fend off rivals and keep its search engine market share near 90%. The government has also alleged that Google illegally took steps to protect communications about the payments.

The government called witnesses on Tuesday and Wednesday to show that Google, as far back as the mid-2000s, sought to attract a large number of search queries by winning default status on mobile devices. Another witness, Rangel, discussed how powerful default status was, although data he used to show this was largely redacted. Google's clout in search, the government alleges, has helped Google build monopolies in some aspects of online search advertising. Search is free so Google makes money through advertising.


Ex-Google Exec Acknowledges Aggressively Seeking Exclusive Mobile Deals 10

The Justice Department sought on Wednesday to show how Google did all it could to get people to use its search engine and build itself into a $1 trillion search and advertising giant on the second day of a once-in-a-generation antitrust trial. From a report: First out of the gate, the government questioned a former Google executive, Chris Barton, about billion-dollar deals with mobile carriers and others that helped make Google the default search engine. Barton, who was at Google from 2004 to 2011, said the number of Google executives working to win default status with mobile carriers grew dramatically when he was with the company, recognizing the potential growth of handheld devices and early versions of smartphones.

Google's clout in search, the government argues, has helped Google build monopolies in some aspects of online search advertising. Since search is free, Google makes money through advertising. The government says the Alphabet unit paid $10 billion annually to wireless companies like AT&T, device makers like Apple and browser makers like Mozilla to fend off rivals and keep its search engine market share near 90%. In revenue-sharing deals with mobile carriers and Android smartphone makers, Google pressed for its search to be the default and exclusive. If Microsoft's search engine Bing was the default on an Android phone, Barton said, then users would have a "difficult time finding or changing to Google."

Barton said on his LinkedIn profile that he was responsible for leading Google's partnerships with mobile carriers like Verizon and AT&T, estimating that the deals "drive hundreds of millions in revenue." Hal Varian, Google's chief economist, told the court that scale, or the number of search queries Google received, was important, but pushed back during questioning on how important. He also acknowledged giving a speech in which he said certain search queries, for instance for a tennis racquet, were important in effectively advertising to the person who made the query and to subsequent ad revenues.

Mozilla Patches Firefox, Thunderbird Against Zero-Day Exploited in Attacks (bleepingcomputer.com) 15

Mozilla has released emergency security updates to fix a critical zero-day vulnerability exploited in the wild, impacting its Firefox web browser and Thunderbird email client. From a report: Tracked as CVE-2023-4863, the security flaw is caused by a heap buffer overflow in the WebP code library (libwebp), whose impact spans from crashes to arbitrary code execution. "Opening a malicious WebP image could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild," Mozilla said in an advisory published on Tuesday. Mozilla addressed the exploited zero-day in Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2. Even though specific details regarding the WebP flaw's exploitation in attacks remain undisclosed, this critical vulnerability is being abused in real-world scenarios.

Google Says It's No. 1 Search Tool Because Users Prefer It to Rivals (bloomberg.com) 170

Companies choose Alphabet's Google as the default search engine for their browsers and smartphones because it is the best one, and not because of a lack of competition, a Google lawyer said Tuesday at the start of a high-stakes antitrust trial in Washington. From a report: Consumers use Google "because it delivers value to them, not because they have to," John Schmidtlein, a partner at Williams & Connolly LLP who is representing the company, said during his opening statements on the first day of the trial. "Users today have more search options and ways to access information online than ever before."

Schmidtlein pushed back on claims by US Justice Department antitrust enforcers that Google has used its market power -- and billions of dollars in exclusive deals with web browsers -- to illegally block rivals. Users have choices, and it's easy to switch, he said. For example, Microsoft pre-selects its own search engine, Bing, on Windows PCs, yet most PC users switch to Google because it's a better product, he said. Web browsers offered by Apple and Mozilla, which makes Firefox, have long chosen a default search engine in exchange for a revenue-share that helps pay for innovations, Schmidtlein said.


Internet-Connected Cars Fail Privacy and Security Tests Conducted By Mozilla (gizmodo.com) 26

According to Mozilla's *Privacy Not Included project, every major car brand fails to adhere to the most basic privacy and security standards in new internet-connected models, and all 25 of the brands Mozilla examined flunked the organization's test. Gizmodo reports: Mozilla found brands including BMW, Ford, Toyota, Tesla, and Subaru collect data about drivers including race, facial expressions, weight, health information, and where you drive. Some of the cars tested collected data you wouldn't expect your car to know about, including details about sexual activity, race, and immigration status, according to Mozilla. [...] The worst offender was Nissan, Mozilla said. The carmaker's privacy policy suggests the manufacturer collects information including sexual activity, health diagnosis data, and genetic data, though there's no details about how exactly that data is gathered. Nissan reserves the right to share and sell "preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes" to data brokers, law enforcement, and other third parties.

Other brands didn't fare much better. Volkswagen, for example, collects your driving behaviors such as your seatbelt and braking habits and pairs that with details such as age and gender for targeted advertising. Kia's privacy policy reserves the right to monitor your "sex life," and Mercedes-Benz ships cars with TikTok pre-installed on the infotainment system, an app that has its own thicket of privacy problems. The privacy and security problems extend beyond the nature of the data car companies siphon off about you. Mozilla said it was unable to determine whether the brands encrypt any of the data they collect, and only Mercedes-Benz responded to the organization's questions.

Mozilla also found that many car brands engage in "privacy washing," or presenting consumers with information that suggests they don't have to worry about privacy issues when the exact opposite is true. Many leading manufacturers are signatories to the Alliance for Automotive Innovation's "Consumer Privacy Protection Principles (PDF)." According to Mozilla, these are a non-binding set of vague promises organized by the car manufacturers themselves. Questions around consent are essentially a joke as well. Subaru, for example, says that by being a passenger in the car, you are considered a "user" who has given the company consent to harvest information about you. Mozilla said a number of car brands say it's the drivers responsibility to let passengers know about their car's privacy policies -- as if the privacy policies are comprehensible to drivers in the first place. Toyota, for example, has a constellation of 12 different privacy policies for your reading pleasure.


With Version 117, Firefox Finally Speaks Chrome's Translation Language (theregister.com) 18

The latest version of the flagship FOSS browser is out, and it's picked up one of the main features for which we keep Chrome around. From a report: The Firefox version 117 feature list might not look all that impressive, but it does have a big-ticket feature that may tempt people back: automatic translation. The snag is it's disabled by default in the release version, and you'll have to manually enable it. Although it was enabled in the betas, Mozilla has decided to go for a staged rollout and not enable it for everyone until Firefox 118 in six weeks or so.

The new feature is integrated, privacy-respecting machine translation between multiple languages. This was already possible in older versions, but it needed an extension, and that had two side effects. One is that the extension hooked deep into the core of the browser in ways that Mozilla wasn't comfortable about, and the other is that once your text had been sent out to a third-party website, it could be snooped upon -- but the victims of any snooping would blame the browser, even if it wasn't the browser's fault. To enable it, go to the configuration page (enter about:config in the address bar), and search for a setting called browser.translations.enable.

Open Source

Terraform By Hashicorp Forked To OpenTF (theregister.com) 24

"Terraform, arguably the most popular Infrastructure as Code products, has been forked after the parent company HashiCorp changed its license from the Mozilla Public License (MPL) to the Business Source License v1.1 (BSL)," writes long-time Slashdot reader ochinko. "Our view is that we're actually not the fork because we're just changing the name but it's the same project under the same license," Sebastian Stadil, co-founder and CEO of DevOps automation biz Scalr told The Register. "Our position is that the fork is actually HashiCorp that has forked its own projects under a different license." From the report: HashiCorp's decision to issue new licensing terms for its software follows a path trodden by numerous other organizations formed around open source projects to limit what competitors can do with project code. As the biz acknowledged in its statement about the transition, firms like Cockroach Labs, Confluent Sentry, Couchbase, Elastic, MariaDB, MongoDB, and Redis Labs have similarly adopted less-permissive software licenses to create a barrier for competitors. You can see the OpenTF manifesto here.

Firefox Users May Import Chrome Extensions Now (ghacks.net) 41

Mozilla has implemented the WebExtensions system in its browser, allowing Firefox users to import select extensions from other browsers like Chrome. gHacks reports: The feature, which is in testing at the moment, can be enabled by all users of the latest stable version of Firefox.

1. Load about:config in the browser's address bar.
2. Confirm that you will be careful to continue.
3. Search for browser.migrate.chrome.extensions.enabled.
4. Set the feature to True, which enables it.
5. Restart Firefox.

Mozilla has integrated it into the browser's import functionality, which users may use on first run or at any time from the Settings page. To do so, select Menu > Settings > Import Data (button), or load about:preferences#general in the browser's address bar and activate the import data button on the page. Select Chrome from the list, expand the available import options and make sure extensions are checked. Imports are usually limited to some data, such as bookmarks or the browsing history. Firefox is the first major browser, maybe the first browser at all, that adds extensions to the list of supported imports.

The feature is limited at the time to Google Chrome and select extensions. Even though Firefox and Chrome extensions use the same framework, WebExtensions, they are not compatible immediately. Firefox users who attempt to install extensions from Chrome's Web Store may notice that this is not working. Mozilla decided to create a list of extension pairs for extensions that are available on the Chrome Web Store and the Mozilla Add-ons Store. Instead of importing the Chrome extension directly, Firefox is installing the Firefox version of the extension from Mozilla's own extension store.


Mozilla Foundation Warns France's Proposed Web Blocking Law 'Could Threaten the Free Internet' (mozilla.org) 66

The Mozilla Foundation has started a petition to stop the French government from forcing browsers like Mozilla's Firefox to censor websites. "It would set a dangerous precedent, providing a playbook for other governments to also turn browsers like Firefox into censorship tools," says the organization. "The government introduced the bill to parliament shortly before the summer break and is hoping to pass this as quickly and smoothly as possible; the bill has even been put on an accelerated procedure, with a vote to take place this fall." You can add your name to their petition here.

The bill in question is France's SREN Bill, which sets a precarious standard for digital freedoms by empowering the government to compile a list of websites to be blocked at the browser level. The Mozilla Foundation warns that this approach "is uncharted territory" and could give oppressive regimes an operational model that could undermine the effectiveness of censorship circumvention tools.

"Rather than mandate browser based blocking, we think the legislation should focus on improving the existing mechanisms already utilized by browsers -- services such as Safe Browsing and Smart Screen," says Mozilla. "The law should instead focus on establishing clear yet reasonable timelines under which major phishing protection systems should handle legitimate website inclusion requests from authorized government agencies. All such requests for inclusion should be based on a robust set of public criteria limited to phishing/scam websites, subject to independent review from experts, and contain judicial appellate mechanisms in case an inclusion request is rejected by a provider."

Firefox Finally Outperforming Google Chrome In SunSpider (phoronix.com) 40

Michael Larabel writes via Phoronix: Mozilla developers are celebrating that they are now faster than Google Chrome with the SunSpider JavaScript benchmark, although that test has been superseded by the JetStream benchmark. Last week a new Firefox Nightly News was published that outlines that "We're now apparently beating Chrome on the SunSpider JavaScript benchmark!" The provided numbers now show Firefox easily beating Chrome in this decade-old JavaScript benchmark. The benchmarks come from AreWeFastYet.com. Meanwhile for the newer and more demanding JetStream 2.0 benchmark, Google Chrome continues to win easily over Firefox. You can learn more about the latest Firefox Nightly build advancements via Firefox Nightly News.

Slashdot Top Deals