Lawmakers in the EU have proposed a new legal framework that will make it easier for police in one country to get access to user data in another country (so-called ‘e-evidence’) when investigating crimes. While the law seeks to address some important issues, there is a risk that it will inadvertently undermine due process and the rule of law in Europe. Over the coming months, we’ll be working with lawmakers in Europe to find a policy solution that effectively addresses the legitimate interests of law enforcement, without compromising the rights of our users or the security of our communications infrastructure.

Cloud computing is now ubiquitous. Where once law enforcement could get the data it needed with a warrant served against a local company, that data may now be stored halfway around the world, and consequently, those traditional warrants may no longer apply. To illustrate this problem in practice, think of a case in which a criminal gang operating in France and comprised of Dutch nationals commits a crime in Germany, and those who are most affected are Italian. Besides the obvious challenge of trying to establish which national law enforcement authority has jurisdiction to investigate the crime, there is an additional practical challenge of how to manage that investigation process in an efficient manner. Traditionally, for such cross-border investigations law enforcement and judicial authorities are required to cooperate within formal mechanisms and adhere to certain standards of due process and oversight. Yet herein lies the problem – EU lawmakers and law enforcement authorities claim these processes are too slow and burdensome for the modern cloud economy.

Against that backdrop, policymakers in Europe are seeking to create a new law that would make traditional warrants for so-called ‘e-evidence’ issued by an EU Member State enforceable on any company offering services in the EU. The EU’s move follows similar efforts by lawmakers in the US of late, where the recently-adopted US CLOUD Act creates a framework for more easily securing data stored overseas by internet companies.

The EU’s legislative proposal as drafted contains a number of serious weaknesses. For instance:

• It sweeps aside the due process safeguards that are essential to protect our users’ rights and meet their legitimate expectations of privacy;
• It offers preciously little detail on the procedural mechanisms that are a necessary underpinning of these kind of regimes e.g. how can a company like Mozilla be sure that a foreign warrant served on us actually comes from who it says it’s from; and,
• It does not confront the higher-order question of how a country can establish jurisdiction to investigate a crime in the first place, particularly in instances where several Member States have an interest.

In light of this, over the next few months we’ll be engaging closely with lawmakers in Brussels (the EU headquarters) and the Member State capitals to address the existing shortcomings. Our position is that this law will not strike an appropriate balance unless the following safeguards are incorporated:

• Data requests shall be necessary and proportionate, and subject to effective due process;
• There shall be no “gag orders” or other mechanisms that undermine transparency;
• There will be recognition that metadata (e.g. call logs, location data) is sensitive data; and,
• There will be clarity that no company or service should be compelled to undermine or hack the security features of its products and services.

When thinking about due process safeguards, it is crucial to note that the EU’s proposal is a major departure from global norms in this space. The arising interference with users’ expectation of privacy – and the risk that the new regime may engender rights abuses – means that the bar for ‘effective due process’ must necessarily be high. For instance, companies like Mozilla must always have the possibility to seek judicial review of data requests that risk violating our users’ rights and lawmakers must create clearing-houses and national single-points-of-contact to ensure that we can identify malicious attempts that exploit the new rules to misappropriate our users’ personal data.

Linked to this, it must be stressed that the proposed regime in Europe is the product of the unique political and legal culture that binds the EU’s 28 Member States. The level of convergence and integration of the EU Member States means that such a regime is, in principle at least, feasible. It is important that this proposed EU regime is not seen as a model for cross-border jurisdiction challenges per se. Indeed, we would strongly advise against similar mechanisms to regulate the lawful access relation between, say, the EU and the US.

The two institutions that oversee the EU legislative process – the European Parliament and the EU Council – are now independently scrutinising and amending the Commission’s legislative proposal, and aim at finalising the new law in early 2019.

Over the coming months, we will continue to develop our perspectives on this issue, and we will meet with policymakers in both the Parliament and the Council as well as other stakeholders in Brussels, as we try to realise a new framework that protects our users’ rights and the security of our products.

We’ll share updates as the proposal evolves.

Read more about our recent work on lawful access:

• Mozilla publishes recommendations on government vulnerability disclosure in Europe
• Bringing the fourth amendment into the digital age
• Fighting crime shouldn’t kill the internet
• UK Investigatory Powers bill is a threat to privacy, security, and trust online
• Mozilla’s transparency report
• Mozilla amicus brief before the Supreme Court of the United States in United States versus Microsoft Corporation

The post Getting cross border lawful access in Europe right appeared first on Open Policy & Advocacy.

https://blog.mozilla.org/netpolicy/2018/08/22/europe_lawful_access/

Mozilla’s Internet Health Report 2018 explored concentration of power and centralization online through a spotlight article, “Too big tech?”  Five U.S. technology companies often hold the five largest market capitalizations of any industry and any country in the world. Their software and services are entangled with virtually every part of our lives. These companies reached their market positions in part through massive innovation and investment, and they created extremely popular (and lucrative) user experiences. As a consequence of their success, though, the product and business decisions made by these companies move socioeconomic mountains.

And, like everyone, tech companies make mistakes, as well as some unpopular decisions. For many years, the negative consequences of their actions seemed dwarfed by the benefits. A little loss of privacy seemed easy to accept (for an American audience in particular) in exchange for a new crop of emojis. But from late 2016 through 2017, things changed. The levels of disinformation, abuse, tracking, and control crossed a threshold, sowing distrust in the public and catalyzing governments around the world to start asking difficult questions.

Since our “Too big tech?” piece was published, this trajectory of government concern has continued. The Facebook / Cambridge Analytica scandal generated testimony from Facebook CEO Mark Zuckerberg on both sides of the Atlantic. The European Commission levied a $5 billion fine on Google for practices associated with the Android mobile operating system. Meanwhile Republican Treasury Secretary Steve Mnuchin called for a serious look at the power of tech companies, and Democratic Senator Mark Warner outlined a 20 point regulatory proposal for social media and technology firms.

Against this backdrop, the Federal Trade Commission has announced a public comment period and a series of hearings to evaluate its mandate in current market environments. The impact of the internet, and the harms we have seen in recent months and years, will be front and center in many ways throughout this proceeding.

We submitted to the FTC written comments to identify a few key pieces that we believe are worthy of discussion over the course of this proceeding, and that speak to the dynamic we are experiencing with the internet today, as well as key pieces of the path forward to improve the health of the internet. Here’s the top-level summary of our filing:

1. Centralization online is heading in the wrong direction.
2. Existing metrics and tools are insufficient to promote competition.
3. Interoperability is a powerful, ready-to-use key to unlock competition in the tech sector.
4. Agency processes can be faster and more targeted than litigation.
5. Changes to law, policy, and practice regarding internet competition should be grounded in technology and built to benefit all internet users and businesses.

To support competition in the tech sector, we need the FTC to move fast and break bad habits – specifically, outdated theories, measurements, and tools that don’t suffice for the internet era. The U.S. is the home of Silicon Valley, the birthplace of the internet, and the historical heart of tech innovation. And yet, we are headed down a path of excessive centralization and control, where someday the freedom to code and compete will be realized in full only for those who work for a few large corporations.

One particular lever for counterpressure that deserves more attention at the FTC and elsewhere is interoperability – so we made it a focal point for this filing. If the future of the internet stays grounded in standards and built out through an ecosystem of transparent third-party accessible APIs, we can preserve the digital platform economy as a springboard for our collective social and economic welfare, rather than watching it evolve into an oligarchy of gatekeepers over our data.

The post Mozilla files FTC comments calling for interoperability to promote competition appeared first on Open Policy & Advocacy.

https://blog.mozilla.org/netpolicy/2018/08/21/mozilla-files-ftc-comments-calling-for-interoperability-to-promote-competition/

This end-of-support is obviously to correlate with the end-of-life of Firefox 52ESR, the last version to support legacy add-ons. That's logical, but it sucks, particularly for people who are stuck on 52ESR (Windows XP and Vista come to mind). Naturally, this also sucks for alternative branches such as Waterfox which split off before WebExtensions became mandatory, and the poor beleaguered remnants of SeaMonkey.

For TenFourFox users, there is an archive available from SourceForge of the last Firefox 45-compatible versions of popular addons, both classic and current. Naturally this archive is not comprehensive and won't ever be, though I'll consider adding other addons I believe are notable. Download and drop the XPI on any open browser window. Other users are welcome to grab stuff from our archives, but I consider 52-compatible versions out of scope, so please don't ask.

For OverbiteFF users, I will probably move it back over to Floodgap's gopher clients page and maintain it there, since if you have an interest in Gopher I can pretty accurately predict you probably don't use a vanilla stock web browser either. However, because OverbiteWX and OverbiteNX are fully compatible with WebExtensions, they will not be affected by this change.

http://tenfourfox.blogspot.com/2018/08/tenfourfox-and-legacy-addons-and-their.html

Mozilla will stop supporting Firefox Extended Support Release (ESR) 52, the final release that is compatible with legacy add-ons, on September 5, 2018.

As no supported versions of Firefox will be compatible with legacy add-ons after this date, we will start the process of disabling legacy add-on versions on addons.mozilla.org (AMO) in September. On September 6, 2018, submissions for new legacy add-on versions will be disabled.  All legacy add-on versions will be disabled in early October, 2018. Once this happens, users will no longer be able to find your extension on AMO.

After legacy add-ons are disabled, developers will still be able to port their extensions to the WebExtensions APIs. Once a new version is submitted to AMO, users who have installed the legacy version will automatically receive the update and the add-on’s listing will appear in the gallery.

For more information about porting legacy extensions to the WebExtensions API is available on MDN.  We encourage legacy add-on developers to visit our wiki for more information about upcoming development work and ways to get in touch with our team for help.

The post Timeline for disabling legacy add-ons on addons.mozilla.org appeared first on Mozilla Add-ons Blog.

https://blog.mozilla.org/addons/2018/08/21/timeline-for-disabling-legacy-firefox-add-ons/

These technologists, activists, and scientists will spend the next 10 to 12 months creating a more secure, inclusive, and decentralized internet

A neuroscientist building open-source hardware. A competition expert studying net neutrality enforcement in Nigeria. A technologist studying tools that combat disinformation.

These are just three of Mozilla’s latest Fellows — 26 technologists, activists, and scientists from more than 10 countries. Today, we’re announcing our 2018-2019 cohort of Fellows, who begin work on September 1, 2018.

Over the next 10 to 12 months, these Fellows will conduct research, create products, and build communities. In past cohorts, Mozilla Fellows have built secure platforms for LGBTQ individuals in the Middle East; leveraged open-source data and tools to bolster biomedical research across the African continent; and raised awareness about invasive online tracking.

More than ever, we need a movement to ensure the internet remains a force for good. Mozilla Fellows work on the front lines of that movement. Fellows develop new thinking on how to address emerging threats and challenges facing a healthy internet.

Learn more about Mozilla Fellowships, then meet our 2018-2019 Mozilla Fellows below (those fellows who are embedded at host organizations are funded through a joint Mozilla-Ford Foundation investment):

Andr'e Maia Chagas | UK | As a Mozilla Fellow, Andre will be working on Open Hardware for science, in order to try and map which laboratory equipments are most used and which are lacking across working groups, institutions, and non-academic spaces. Once the mapping is complete, he wants to select one piece of equipment and build it open and collaboratively. He also wants to create tutorials about the basic components of the designs, so that they can be used as starting points for other projects. With this approach, he is hoping to increase access to scientific equipment, allowing institutions and communities to follow their own scientific interests. Before joining Mozilla, Andre worked at the Baden Lab in the University of Sussex, collaborating with Trend in Africa by organizing and executing workshops around Open Source Hardware. He was also maintaining Open Neuroscience, a repository for OS projects related to neuroscience.

Ayden F'erdeline | Germany | At Mozilla, Ayden F'erdeline will be researching the ongoing development and harmonization of global privacy standards. He will work to develop an ambitious new toolkit for effectively operationalizing privacy protections online, identifying appropriate regulatory interventions that could incentivize data controllers to adopt higher privacy protections. He is currently a Councilor on the Council of the Generic Names Supporting Organization, the body which sets policy for generic top-level domain names like .com, where he represents the interests of non-commercial users and uses of the Domain Name System. Before joining Mozilla, Ayden F'erdeline supported the Internet Society’s global public policy team and was a researcher for the data and analytics group YouGov. He has previously facilitated workshops at the United Nations Internet Governance Forum, United Nations World Summit on the Information Society, the European Dialogue on Internet Governance, and the Internet Freedom Festival. He is a graduate of the London School of Economics.

Kadija Ferryman | U.S. | As a Mozilla Fellow, Kadija Ferryman will be working on an ethnography and history of electronic health records in order to examine the potential and limits of the growing open health data movement. In addition to the Mozilla Fellowship, Kadija Ferryman is a Postdoctoral Scholar at Data & Society Research Institute in New York, and was a public policy researcher at the Urban Institute for six years. She earned degrees in anthropology from Yale (BA) and the New School for Social Research (PhD).

Camille Francois | U.S. | As a Mozilla Fellow, Camille will be working on online targeted threats and disinformation campaigns, exposing their impact on civil society and vulnerable users globally, and also trying to yield better detection and mitigation techniques. Camille will be researching the effects of dis/misinformation spread on specific platforms in countries that have elections in 2018-2019 aside from the U.S. She’ll be working with Mozilla communities worldwide to conduct her research, and will share her findings widely with the communities as well as with relevant stakeholders. Before joining Mozilla, Camille was the Principal Researcher at Google’s Jigsaw think tank. Camille is also an Affiliate at the Harvard-Klein Berkman Center for Technology & Society, and the Research & Analysis Director at Graphika.

David Gehring | U.S. | As a Mozilla Fellow, David Gehring is focused on the economics of quality original news media publishing on the open web.  He will be working on a plan to establish an open source user data standard and global data exchange. The goal is to empower users with an environment that provides user agency while at the same time improving the economic position for quality publishers on the open web. Prior to joining Mozilla, Gehring was an entrepreneur and the CEO of Relay Media, which he sold to Google in 2017. Before starting Relay Media, Gehring held various roles at Guardian Media Group, Google and YouTube.

Maggie Haughey | Canada | Maggie is an activist and gamer concerned with issues of inclusion and safety online. Her work centers LGBTQ+ representation and intersectional feminism, and seeks to answer questions about how to create and maintain safer online spaces. In the past, Maggie has worked as a Game Master for her favorite MMO, created and moderated online LGBTQIA+ gaming communities, and organized nonhierarchical skillshares and cryptoparties in Montreal. As a Ford-Mozilla Fellow, Maggie will be working with the Tor Project to improve Tor’s accessibility, grow the Tor community, and advocate for the active inclusion of marginalized groups at all levels of the web.

Gabriela Ivens | Germany | Gabi is an open-source investigator, working on new methods of locating, identifying, and securely preserving publicly available information for use in human rights investigations. As a Ford-Mozilla Fellow, Gabi will be working with the Tech+Advocacy team at WITNESS, where she will be working on issues around the safe, ethical, and effective use of video in documenting human rights violations. During the Fellowship, Gabi will be focusing on a number of areas including emerging technologies for human rights documentation and the effects of policy and engineering decisions by technology companies – such as content takedowns of information – that is, or could be, societally important. Gabi’s work will provide a greater level of understanding of the impact tech companies have on civil society and human rights defenders. Before becoming a Fellow, Gabi worked at Syrian Archive, a group working on preserving visual documentation of the Syrian conflict, and has been working on open source investigations since 2015. Gabi holds a master's degree from University College London in Human Rights.

Chukwuyere Izuogu | Nigeria | As a Mozilla Fellow, Chukwuyere’s research work focuses firstly on the competition implication of non-enforcing net neutrality obligations, in order to emphasize the importance of net neutrality to competitive internet service markets in Nigeria. Secondly, his work focuses on the adequacy of the data protection regime in Nigeria, specifically in the context of the cross-border transfer of personal data acquired by online platforms from the EU to Nigeria. He will also recommend policy options and safeguards to mitigate existing data protection risks in Nigeria. Prior to joining Mozilla, Chukwuyere was a Research Fellow at the African Academy Network of Internet Policy and a Senior Counsel with the law firm of Streamsowers & K'ohn. Chukwuyere is the author of Regulating Anti-competitive Practices in Nigeria’s Communications Sector, (Wolf Legal Publishers, Netherlands, January 2017).

Darius Kazemi | U.S. | Darius Kazemi is delighted to join Ford-Mozilla to help Code for Science & Society figure out how to make the decentralized web more exciting and interesting. He’s hoping to make weird projects that can only really live on the decentralized web, and to build tools and tutorials to help other people make even better, weirder things. Darius is the co-founder of Feel Train, a worker-owned creative technology studio, and an artist making bots and web toys under the moniker Tiny Subversions.

Stefania Koskova | Portugal | As a Mozilla Fellow, Stefania will be exploring strategies and tools to enhance collaboration between governments, civil society, and the private sector, leading to a better understanding and management of security risks associated with harmful online content, such as hate speech, terrorist propaganda, and disinformation, particularly in post-conflict societies. In her previous roles, Stefania assisted policymakers and communities in the Western Balkans with the design and implementation of strategic responses to hate, extremist radicalization, and violence. In 2017, Stefania helped launch the Resonant Voices Initiative, networking journalists, activists, and community leaders who challenge dangerous messages online, providing training and mentoring to counternarrative campaigns, and mapping online radicalization trends in the Western Balkans.

Tarun Krishnakumar | India | Tarun Krishnakumar is a dual-qualified lawyer (India and California) working on emerging issues at the intersection of regulation, public policy, and technology. As a Mozilla Fellow, he will be working to improve stakeholder trust in the digital ecosystem through comparative research, capacity building, and engagement on substantive and procedural issues relating to law enforcement access to data, digital evidence, privacy, and cybersecurity. Prior to the Fellowship, he worked with a leading Indian law firm advising several of the world’s largest technology companies on issues including data protection, cybersecurity, intermediary liability, and cloud computing.

Julia Lowndes | U.S. | As a Mozilla Fellow, Julia Lowndes will be working to increase the value and practice of open data science within ecology and environmental science by empowering researchers with existing tools and communities. Julia has been working in this space for over five years through the Ocean Health Index at the National Center for Ecological Analysis and Synthesis (NCEAS). As science program lead, Julia helped the Ocean Health Index become a visible leader of open, reproducible, and collaborative practices for science and management through building a community of practice and communicating the team’s path to better science in less time. She earned her PhD in Biology at Stanford University and is a co-founder of Eco-Data-Science and R-Ladies Santa Barbara.

Ciera Martinez | U.S. | As a Mozilla Fellow, Ciera Martinez will be focusing on the practice of reproducibility when using genomics and natural history data. Her and her collaborators will be surveying databases to identify tools and strategies that will help increase the visibility, usability, and reproducibility of this data.  She is also currently a Postdoctoral researcher in Michael Eisen’s lab at Berkeley and a Fellow at the Berkeley Institute of Data Science.

Alexander Morley | UK | For his Mozilla Fellowship, Alex will be working on developing resources around the idea of “Continuous Research.” While more and more data accumulates, and more ways to analyze it are developed, it is time to turn to automated solutions for comparing and integrating research. Alex sees this not only as an opportunity to innovate, and combat reproducibility concerns, but also that it should be a way to take down some of the barriers to participation in research. He will be working on all this from his lab at the MRC Brain Network Dynamics Unit in the University of Oxford, where he is currently a PhD candidate.

Sam Muirhead | New Zealand | As a Ford-Mozilla Fellow, Sam Muirhead will be working on an open source approach to the production and adaptation of illustration, comics, and animation. The aim is to support international activist networks running digital campaigns in diverse cultural contexts — enabling local chapters to speak with their own creative voice, while building solidarity and sharing resources across the network. In 2012, Sam lived an experimental Year of Open Source, then helped kickstart a global network around the idea of an Open Source Circular Economy. Since 2016 he has been developing a methodology for co-creating and customizing open source animation, and running ‘Cut, Copy & Paste‘ workshops that give non-coders an experience of open source collaboration, without using digital tools.

Selina Musuta | U.S. | Selina is a web developer and infosec practitioner that is inspired daily by speculative fiction, music, and her people’s ability to survive and thrive. She has dedicated 15 years to community development work in Washington, DC through media justice organizing and community-led research, as well as radio and event production. Selina has collaborated with a number of social justice and capacity-building organizations like Wellstone Action and the Center for Media Justice. As a Ford-Mozilla Fellow, she will support the ongoing privacy and security work of Consumer Reports.

Valentina Pavel | UK | Valentina is a digital rights advocate working on privacy, freedom of speech, and open culture. As a Ford-Mozilla Fellow, Valentina will investigate the implications of digital feudalism and will explore different visions for shared data ownership. Shouldn’t we all be able to own and use the data that we’re collectively feeding into the online empires that run our digital lives? Shouldn’t this pooled data be placed back into the commons so it can empower new key infrastructure services? Valentina’s challenge will be to understand how the dominant tech companies are shaping the current socio-economical environment and seek new ways in which we can change the status quo for our shared benefit.

Kathy Pham | U.S. | Kathy Pham is a computer scientist, product leader, and serial founder who has held roles in product management, software engineering, data science, people operations, and leadership in the private, non-profit, and public sector. Her work has spanned Google, IBM, Harris Healthcare Solutions, and the federal government at the United States Digital Service at the White House, where she was a founding product and engineering member. She is the founder of the Women in Product Boston, the Cancer Sidekick Foundation, Team Curious, and Unite for Sight southeast. Kathy serves on the advisory boards of the Anita Borg Institute and the “Make the Breast Pump Not Suck” initiative. She also advises startups, conferences, and non-profits on hiring, building teams, and community inclusion.

Phi Requiem | Mexico | As a Ford-Mozilla Fellow, Phi will be working with journalists, collectives, and activists in Latin America and the Caribbean who are at heightened risk of being attacked in terms of digital security. He is finding and developing more mechanisms and tools to improve freedom of speech and human rights defense. Before joining Mozilla, Phi was a digital security consultant, developer, and data specialist working side-by-side with several NGOs in Mexico and Central America.

Maya Richman | Germany | Maya is a security trainer and practitioner for social change organizations and activists. As a Ford-Mozilla fellow, she will work alongside the Astraea Lesbian Foundation for Justice to explore and support the security needs of LGBTQI groups around the world. During her Fellowship, Maya will document the unique approaches and tactics that LGBTQI employ to survive and thrive in growing oppressive contexts. Prior to joining Mozilla, Maya worked at The Engine Room facilitating spaces for organizations, groups, and individuals around the world to share their experiences and improve their collective security and emotional well-being. She previously studied computer science, hacker politics, and open source culture at McGill University.

Daniela Saderi | U.S. | Daniela is a neuroscience PhD candidate and community organizer passionate about bringing open practices into the world of academia as a means to improve reproducibility and collaboration. Her PhD research combines in vivo electrophysiology, behavior, and computational modeling to understand how sound is processed in the dynamic brain. She is planning to defend her PhD thesis in the Fall of 2018. As a Mozilla Fellow, Daniela will be working on a project she co-founded less than a year ago called PREreview, an open platform and community to facilitate the collaborative writing of preprint reviews and the training of early-career researchers in scientific peer review. Through this work, she hopes to foster a broader and much needed cultural change in the way science is evaluated and disseminated.

Sukhbir Singh | Canada | Sukhbir has a background in the design, development, and advocacy of privacy-enhancing technologies. As a Ford-Mozilla Fellow, he will work with the Wikimedia Foundation to further its mission of free and open access to knowledge for everyone. Before joining Mozilla, he was a developer with the Tor Project on the applications and community team.

Clara Tsao | U.S. | This fall as a Mozilla Fellow, Clara Tsao will be working on evaluating the effectiveness of online tools that have been developed to counter terrorist propaganda/disinformation, with the goal of evaluating the impact of tools mapped to terms of service and content enforcement policy. As Chief Technology Officer of the US Government’s Countering Violent Extremism Task Force, Clara has focused on products, partnerships, and policy focused on homegrown radicalization online and terrorist exploitation of the internet. She has also previously started companies and non-profits, worked at Microsoft, AT&T, and also at Google as a Technology Policy Fellow.

Danae Valentina | The Netherlands | Danae Valentina is a feminist working-class writer born in Chile and currently living in Rotterdam. She is a postgraduate research student at Utrecht University where she investigates the intersection between technologies and altered states of the mind using a posthumanist approach. As a Ford-Mozilla Fellow, Danae will be exploring the topic of transculturality and its digital implications through direct work with migrant communities in Latin America and in Europe. Before joining Mozilla, Danae worked as a project manager for digital rights organizations in Chile and in Brazil. She is a proud member of the Riseup Collective.

Richard Whitt | U.S. | As a Mozilla Fellow, Richard will be spending the next twelve months developing his “openness by design” project.  Through research, authorship, and convenings, Richard seeks to deepen and broaden our understanding of the key role played by the concept of openness across the different tech modalities. He also will be developing and implementing various ways to advocate for more tech sector openness. Before joining Mozilla, Richard spent over 11 years at Google, where he most recently worked with Vint Cerf on a variety of tech and corporate policy projects for emerging platforms.

Bruna Zanolli | Brazil | As a Ford-Mozilla Fellow, Bruna Zanolli will be working on implementing, managing, and documenting community networks experiences lead by Artigo 19 Brazil. She aims to solve the problem of lack of access, and to optimize ways of communicating and exchanging experiences/ideas/struggles within a community. Bruna has been an activist in the area of autonomous communications and human rights with experience in the implementation and maintenance of autonomous networks. She acts as an infrastructure and content creation technique using free software on free radios in Brazil and in network with other countries in Latin America. She holds a Masters degree in Communication from MediaLab at UFRJ where she explored intersectional feminist experiences on the radio spectrum.

These new 26 Fellows will be joining our current Fellows:

• Peter Bihr, who is researching what a trustmark for ethical and responsible IoT could look like;
• Julia Kloiber, who is investigating emerging technologies and their influence on society;
• Meghan McDermott, who is prototyping the creation of an Internet Health Report at the municipal level in partnership with New York City;
• Thomas Lohninger, who is investigating net neutrality enforcement in the EU;
• Ren'ee DiResta, who is exploring how we can address disinformation and misinformation online;
• Steve Song, who is identifying regulatory and policy barriers associated with connecting the unconnected to the full diversity of the open internet;
• and Jon Rogers, who is exploring the human intersection of digital technologies and the design of physical things

The post Mozilla Announces 26 New Fellows in Openness, Science, and Tech Policy appeared first on The Mozilla Blog.

https://blog.mozilla.org/blog/2018/08/21/mozilla-announces-25-new-fellows-in-openness-science-and-tech-policy/

This article appeared originally on Mozilla Marketing Engineering & Operations blog

The Snippets Service allows Mozilla to communicate with Firefox users directly by placing a snippet of text and an image on their new tab page. Snippets share exciting news from the Mozilla World, useful tips and tricks based on user activity and sometimes jokes.

To achieve personalized, activity based messaging in a privacy respecting and efficient manner, the service creates a Bundle of Snippets per locale. Bundles are HTML documents that contain all Snippets targeted to a group of users, including their Style-Sheets, images, metadata and the JS decision engine …

https://giorgos.sealabs.net/using-brotli-compression-to-reduce-cdn-costs.html

Author’s Note: This post imagines a dystopian future for web video, if we continue to rely on patented codecs to transmit media files. What if one company had a perpetual monopoly on those patents? How could it limit our access to media and culture? The premise of this cautionary tale is grounded in fact. However, the future scenario is fiction, and the entities and events portrayed are not intended to represent real people, companies, or events.

Illustration by James Dybvig

This post was originally published on Mozilla's Hacks blog.

The year is 2029. It’s been two years since the start of the Video Wars, and there’s no end in sight. It’s hard to believe how deranged things have become on earth. People are going crazy because they can’t afford web video fees – and there’s not much else to do. The world’s media giants have irrevocably twisted laws and governments to protect their incredibly lucrative franchise: the right to own their intellectual property for all time.

It all started decades ago, with an arcane compression technology and a cartoon mouse. As if we needed any more proof that truth is stranger than fiction.

Adulteration of the U.S. Legal System

In 1998, the U.S. Congress passed the Sonny Bono Copyright Term Extension Act. This new law extended copyrights on corporate works to the author’s lifetime plus 95 years. The effort was driven by the Walt Disney Company, to protect its lucrative retail franchise around the animated character Mickey Mouse. Without this extension, Mickey would have entered the public domain, meaning anyone could create new cartoons and merchandise without fear of being sued by Disney. When the extension passed, it gave Disney another 20 years to profit from Mickey. The news sparked outrage from lawyers and academics at the time, but it was a dull and complex topic that most people didn’t understand or care about.

In 2020, Disney again lobbied to extend the law, so its copyright would last for 10,000 years. Its monopoly on our culture was complete. No art, music, video, or story would pass into the public domain for millennia. All copyrighted ideas would remain the private property of corporations. The quiet strangulation of our collective creativity had begun.

A small but powerful corporate collective called MalCorp took note of Disney’s success. Backed by deep-pocketed investors, MalCorp had quietly started buying the technology patents that made video streaming work over the internet. It revealed itself in 2021 as a protector of innovation. But its true goal was to create a monopoly on video streaming technology that would last forever, to shunt profits to its already wealthy investors. It was purely an instrument of greed.

Better Compression for Free

Now, there were some good guys in this story. As early as 2007, prescient tech companies wanted the web platform to remain free and open to all – especially for video. Companies like Cisco, Mozilla, Google, and others worked on new video codecs that could replace the patented, ubiquitous H.264 codec. They even combined their efforts in 2015 to create a royalty-free codec called AV1 that anyone could use free of charge.

AV1 was notable in that it offered better compression, and therefore better video quality, than any other codec of its time. But just as the free contender was getting off the ground, the video streaming industry was thrown into turmoil. Browser companies backed different codecs, and the market fragmented. Adoption stalled, and for years the streaming industry continued paying licensing fees for subpar codecs, even though better options were available.

The End of Shared Innovation

Meanwhile MalCorp found a way to tweak the law so its patents would never expire. It proposed a special amendment, just for patent pools, that said: Any time any part of any patent changes, the entire pool is treated as a new invention under U.S. law. With its deep pockets, MalCorp was able to buy the votes needed to get its law passed.

MalCorp’s patents would not expire. Not in 20 years. Not ever. And because patent law is about as interesting as copyright law, few protested the change.

Things went downhill quickly for advocates of the open web. MalCorp’s patents became broader, vaguer, ever-changing. With billions in its war chest, MalCorp was able to sue royalty-free codecs like AV1 out of existence. MalCorp had won. It had a monopoly on web streaming technology. It began, slowly at first, to raise licensing fees.

Gorgeous Video, Crushing Fees

For those who could afford it, web video got much better. MalCorp’s newest high-efficiency video codecs brought pixel-perfect 32K-Strato-Def images and 3D sound into people’s homes. Video and audio were clear and rich – better than real life. Downloads were fast. Images were crisp and spectacular. Fees were high.

Without access to any competing technologies, streaming companies had to pay billions instead of millions a year to MalCorp. Streaming services had to 100x their prices to cover their costs. Monthly fees rose to $4,500. Even students had to pay $50 a minute to watch a lecture on YouTube. Gradually, the world began to wake up to what MalCorp had done.

Life Indoors

By the mid-twenties, the Robotic Age had put most people out of work. The lucky ones lived on fixed incomes, paid by their governments. Humans were only needed for specialized service jobs, like nursery school teachers and style consultants. Even doctors were automated, using up-to-the-minute, crowd-sourced data to diagnose disease and track trends and outbreaks.

People were idle. Discontent was rising. Where once a retired workforce might have traveled or pursued hobbies, growing environmental problems rendered the outside world mostly uninhabitable. People hiked at home with their headsets on, enjoying stereoscopic birdsong and the idea of a fresh breeze. We lived indoors, in front of screens.

Locked In, Locked Out

It didn’t take long for MalCorp to become the most powerful corporation in the world. When video and mixed reality files made up 90 percent of all internet traffic, MalCorp was collecting on every transmission. Still, its greed kept growing.

Fed up with workarounds like piracy sites and peer-to-peer networks, MalCorp dismantled all legacy codecs. The slow, furry, lousy videos that were vaguely affordable ceased to function on modern networks and devices. People noticed when the signal went dark. Sure, there was still television and solid state media, but it wasn’t the same. Soon enough, all hell broke loose.

The Wars Begin

During Super Bowl LXII, football fans firebombed police stations in 70 cities, because listening to the game on radio just didn’t cut it. Thousands died in the riots and, later, in the crackdowns. Protesters picketed Disneyland, because the people had finally figured out what had happened to their democracy, and how it got started.

For the first time in years, people began to organize. They joined chat rooms and formed political parties like VidPeace and YouStream, vying for a majority. They had one demand: Give us back free video on the open web. They put banners on their vid-free Facebook feeds, advocating for the liberation of web video from greedy patent holders. They rallied around an inalienable right, once taken for granted, to be able to make and watch and share their own family movies, without paying MalCorp’s fees.

But it was too late. The opportunity to influence the chain of events had ended years before. Some say the tipping point was in 2019. Others blame the apathy and naivet'e of early web users, who assumed tech companies and governments would always make decisions that served the common good. That capitalism would deliver the best services, in spite of powerful profit motives. And that the internet would always be free.

The post AV1 and the Video Wars of 2027 appeared first on The Mozilla Blog.

https://blog.mozilla.org/blog/2018/08/20/av1-and-the-video-wars-of-2027/

Thousands of volunteers around the world contribute to Mozilla projects in a variety of capacities, and extension review is one of them. Reviewers check extensions submitted to addons.mozilla.org (AMO) for their safety, security, and adherence to Mozilla’s Add-on Policies.

Last year, we paused onboarding new volunteer extension reviewers while we updated the add-on policies and review processes to address changes introduced by the transition to the WebExtensions API and the new post-review process.

Now that the policies, processes and guidelines have been refreshed, we are re-opening applications for our volunteer reviewer program. If you are a skilled JavaScript developer, have experience developing browser extensions, and are interested in helping to keep the extension ecosystem safe and healthy, please consider contributing as a volunteer reviewer. You can learn more about the add-on reviewer program here.

If you are interested, please check out our wiki to learn how to apply. We will follow up with applicants shortly.

The post Volunteer Add-on Reviewer Applications Open appeared first on Mozilla Add-ons Blog.

https://blog.mozilla.org/addons/2018/08/20/volunteer-add-on-reviewer-applications-open/

Today, Mozilla is filing our brief in Mozilla v. FCC – alongside other companies, trade groups, states, and organizations – to defend net neutrality rules against the FCC’s rollback that went into effect early this year. For the first time in the history of the public internet, the FCC has disavowed interest and authority to protect users from ISPs, who have both the incentives and means to interfere with how we access online content.

We are proud to be a leader in the fight for net neutrality both through our legal challenge in Mozilla v. FCC and through our deep work in education and advocacy for an open, equal, accessible internet. Users need to know that their access to the internet is not being blocked, throttled, or discriminated against. That means that the FCC needs to accept statutory responsibility in protecting those user rights — a responsibility that every previous FCC has supported until now. That’s why we’re suing to stop them from abdicating their regulatory role in protecting the qualities that have made the internet the most important communications platform in history.

This case is about your rights to access content and services online without your ISP blocking, throttling, or discriminating against your favorite services. Unfortunately, the FCC made this a political issue and followed party-lines rather than protecting your right to an open internet in the US. Our brief highlights how this decision is just completely flawed:

– The FCC order fundamentally mischaracterizes how internet access works. Whether based on semantic contortions or simply an inherent lack of understanding, the FCC asserts that ISPs simply don’t need to deliver websites you request without interference.
– The FCC completely renounces its enforcement ability and tries to delegate that authority to other agencies but only Congress can grant that authority, the FCC can’t decide it’s just not its job to regulate telecommunications services and promote competition.
– The FCC ignored the requirement to engage in a “reasoned decision making” process, ignoring much of the public record as well as their own data showing that consumers lack competitive choices for internet access, which gives ISPs the means to harm access to content and services online.

Additional Mozilla v. FCC briefs will be filed by various parties who are intervening or friends of the court through November. After that process is complete, oral arguments will take place and the court will rule.

Mozilla has been defending users’ access to the internet without interference from gatekeepers for almost a decade, both in the US and globally. Net neutrality is a core characteristic of the internet as we know it, and crucial for the economy and everyday lives. It is imperative that all internet traffic be treated equally, without discrimination against content or type of traffic — that’s how the internet was built and what has made it one of the greatest inventions of all time.

Brief below:

(As filed) Initial NG Petitioners Brief – Mozilla v FCC 20Aug2018

The post Mozilla files arguments against the FCC – latest step in fight to save net neutrality appeared first on The Mozilla Blog.

https://blog.mozilla.org/blog/2018/08/20/mozilla-files-arguments-against-the-fcc-latest-step-in-fight-to-save-net-neutrality/

http://www.ncameron.org/blog/rls-1-0-release-candidate/

Over time, we've slowly been adjusting the curl project and its documentation so that we might at some point actually qualify to the CII open source Best Practices at silver level.

We qualified at the base level a while ago as one of the first projects which did that.

Recently, one of those issues we fixed was documenting the governance of the curl project. How exactly the curl project is run, what the key roles are and how decisions are made. That document is now in our git repo.

curl

The curl project is what I would call a fairly typical smallish open source project with a quite active and present project leader (me). We have a small set of maintainers who independently are allowed to and will merge commits to git (via pull-requests).

Any decision or any code change that was done or is about to be done can be brought up for questioning or discussion on the mailing list. Nothing is ever really seriously written in stone (except our backwards compatible API). If we did the wrong decision in the past, we should reconsider now.

Oh right, we also don't have any legal entity. There's no company or organization behind this or holding any particular rights. We're not part of any umbrella organization. We're all just individuals distributed over the globe.

Contributors

No active contributor or maintainer (that I know of) gets paid to work on curl regularly. No company has any particular say or weight to decide where the project goes next.

Contributors fix bugs and add features as part of our daily jobs or in their spare time. We get code submissions for well over a hundred unique authors every year.

Dictator

As a founder of the project and author of more than half of all commits, I am what others call, a Benevolent Dictator. I can veto things and I can merge things in spite of objections, although I avoid that as far as possible.

I feel that I generally have people's trust and that the community expects me to be able to take decisions and drive this project in an appropriate direction, in a fashion that has worked out fine for the past twenty years.

I post all my patches (except occasional minuscule changes) as pull-requests on github before merge, to allow comments, discussions, reviews and to make sure they don't break any tests.

I announce and ask for feedback for changes or larger things that I want to do, on the mailing list for wider attention. To bring up discussions and fish for additional ideas or for people to point out obvious mistakes. May times, my calls for opinions or objections are met with silence and I will then take that as "no objections" and more forward in a way I deem sensible.

Every now and then I blog about specific curl features or changes we work on, to highlight them and help out the user community "out there" to discover and learn what curl can do, or might be able to do soon.

I'm doing this primarily on my spare time. My employer also lets me spend some work hours on curl.

Long-term

One of the prime factors that has made curl and libcurl successful and end up one of the world's most widely used software components, I'm convinced, is that we don't break stuff.

By this I mean that once we've introduced functionality, we struggle hard to maintain that functionality from that point on and into the future. When we accept code and features into the project, we do this knowing that the code will likely remain in our code for decades to come. Once we've accepted the code, it becomes our responsibility and now we'll care for it dearly for a long time forward.

Since we're so few developers and maintainers in the project, I can also add that I'm very much aware that in many cases adopting code and merging patches mean that I will have to fix the remaining bugs and generally care for the code the coming years.

Changing governance?

I'm dictator of the curl project for practical reasons, not because I consider it an ideal way to run projects. If there were more people involved who cared enough about what and how we're doing things we could also change how we run the project.

But until I sense such an interest, I don't think the current model is bad - and our conquering the world over the recent years could also be seen as a proof that the project at least sometimes also goes in a direction that users approve of. And we are after all best practices certified.

I realize I come off sounding like a real-world dictator when I say things like this, but I genuinely believe that our governance is based on necessity and what works, not because we have to do it this way.

I've run the project since its inception 1998. One day I'll get bored or get run over by a bus. Then at the very least will the project need another way to run...

Silver level?

We're only two requirements away from Best Practices Silver level compliance and we've been discussing a bit lately (or perhaps: I've asked the question) whether the last criteria are actually worth the trouble for us or not.

1. We need to enforce "Signed-off-by" lines in commits to maintain Developers Certificate of origin. This is easy in itself and I've only held this off this long because we've had zero interest or requirements for this from contributors and users. Added administration for little gain.
2. We're asked to provide an assurance case: "a description of the threat model, clear identification of trust boundaries, an argument that secure design principles have been applied, and an argument that common implementation security weaknesses have been countered." - This is work we haven't done and a document we don't have. And again: nobody has actually ever asked for this outside of this certificate form.

Do you think we should put in the extra effort and check off the final two requirements as well? Do you think they actually make the project better?

https://daniel.haxx.se/blog/2018/08/18/project-curl-governance/

Bitslicing, in cryptography, is the technique of converting arbitrary functions into logic circuits, thereby enabling fast, constant-time implementations of cryptographic algorithms immune to cache and timing-related side channel attacks.

My last post Bitslicing, An Introduction showed how to convert an S-box function into truth tables, then into a tree of multiplexers, and finally how to find the lowest possible gate count through manual optimization.

Today’s post will focus on a simpler and faster method. Karnaugh maps help simplifying Boolean algebra expressions by taking advantage of humans’ pattern-recognition capability. In short, we’ll bitslice an S-box using K-maps.

A tiny S-box

Here again is the 3-to-2-bit S-box function from the previous post.

uint8_t SBOX[] = { 1, 0, 3, 1, 2, 2, 3, 0 };

An AES-inspired S-box that interprets three input bits as a polynomial in GF(2³) and computes its inverse mod P(x) = x³ + x² + 1, with 0^-1 := 0. The result plus (x² + 1) is converted back into bits and the MSB is dropped.

This S-box can be represented as a function of three Boolean variables, where f(0,0,0) = 0b01, f(0,0,1) = 0b00, f(0,1,0) = 0b11, etc. Each output bit can be represented by its own Boolean function where f_L(0,0,0) = 0 and f_R(0,0,0) = 1, f_L(0,0,1) = 0 and f_R(0,0,1) = 0, …

A truth table per output bit

Each output bit has its own Boolean function, and therefore also its own thruth table. Here are the truth tables for the Boolean functions f_L(a,b,c) and f_R(a,b,c):

 abc | SBOX            abc | f_L()         abc | f_R()
-----|------          -----|-------       -----|-------
 000 | 01              000 | 0             000 | 1
 001 | 00              001 | 0             001 | 0
 010 | 11              010 | 1             010 | 1
 011 | 01     --->     011 | 0      +      011 | 1
 100 | 10              100 | 1             100 | 0
 101 | 10              101 | 1             101 | 0
 110 | 11              110 | 1             110 | 1
 111 | 00              111 | 0             111 | 0

Whereas previously at this point we built a tree of multiplexers out of each truth table, we’ll now build a Karnaugh map (K-map) per output bit.

Karnaugh Maps

The values of f_L(a,b,c) and f_R(a,b,c) are transferred onto a two-dimensional grid with the cells ordered in Gray code. Each cell position represents one possible combination of input bits, while each cell value represents the value of the output bit.

The row and column indices (a) and (b || c) are ordered in Gray code rather than binary numerical order to ensure only a single variable changes between each pair of adjacent cells. Otherwise, products of predicates (a & b, a & c, …) would scatter.

These products are what you want to find to get a minimum length representation of the truth function. If the output bit is the same at two adjacent cells, then it’s independent of one of the two input variables, because (a & ~b) | (a & b) = a.

Spotting patterns

The heart of simplifying Boolean expressions via K-maps is finding groups of adjacent cells with value 1. The rules are as follows:

• Groups are rectangles of 2ⁿ cells with value 1.
• Groups may not include cells with value 0.
• Each cell with value 1 must be in at least one group.
• Groups may be horizontal or vertical, not diagonal.
• Each group should be as large as possible.
• There should be as few groups as possible.
• Groups may overlap.

First, we mark all cells with value 1. We then form a red group for the two horizontal groups of size 2¹. The two vertical groups are marked with green, also of size 2¹.

On f_R’s K-map on the right, the red and green group overlap. As per the rules above, that’s perfectly fine. The cell at abc=110 can’t be without a group and we’re instructed to form the largest groups possible, so they overlap.

But wait, you say, what’s going on with the blue rectangle on the right?

Wrapping around

A somewhat unexpected property of K-maps is that they’re not really grids, but actually toruses. In plain English: they wrap around the top, bottom, and the sides.

Look at this neat animation on Wikipedia that demonstrates how a rectangle can turn into a donuttorus. Adjacent thus has a special definition here: cells on the very right touch those on the far left, as do those at the very top and bottom.

Another way to understand this property is to imagine that the columns don’t start at 00 but rather at 01, and so we rotate the whole K-map by one to the left. Then the rectangles wouldn’t need to wrap around and they would all fit on the grid nicely.

Now that all cells with a 1 have been assigned to as few groups as possible, let’s get our hands dirty and write some code.

A bitsliced SBOX() function

K-maps are read groupwise: we look at each cell’s position and focus on the input values that do not change throughout the group. Values that do change are ignored.

One function for f_L(a,b,c) ...

The red group covers the cells at position 100 and 101. The values a=1 and b=0 are constant, they will be included into the group’s term. The value of c changes and is therefore irrelevant. The term is (a & ~b).

The green group covers the cells at 010 and 110. We ignore a, and include b=1 and c=0. The term is (b & ~c).

SBOXL() is the disjunction of the group terms we collected from the K-map. It lists all possible combinations of input values that lead to output value 1.

uint8_t SBOXL(uint8_t a, uint8_t b, uint8_t c) {
  return (a & ~b) | (b & ~c);
}

... and another one for f_R(a,b,c)

The red group covers the cells at 011 and 010. The term is (~a & b).

The green group covers the cells at 010 and 110. The term is (b & ~c).

The blue group covers the cells at 000 and 010. The term is (~a & ~c).

uint8_t SBOXR(uint8_t a, uint8_t b, uint8_t c) {
  return (~a & b) | (b & ~c) | (~a & ~c);
}

Great, that’s all we need! Now we can merge those two functions and compare that to the result of the previous post.

Putting it all together

The first three variables ensure that we negate inputs only once. t0 replaces the common subexpression b & nc. Any optimizing compiler would do the same.

void SBOX(uint8_t a, uint8_t b, uint8_t c, uint8_t* l, uint8_t* r) {
  uint8_t na = ~a;
  uint8_t nb = ~b;
  uint8_t nc = ~c;

  uint8_t t0 = b & nc;

  *l = (a & nb) | t0;
  *r = (na & b) | (na & nc) | t0;
}

Ten gates. That’s one more than the manually optimized version from the last post. What’s missing? Turns out that K-maps sometimes don’t yield the minimal form and we have to simplify further by taking out common factors.

The conjunctions in the term (na & b) | (na & nc) have the common factor na and, due to the Distributivity Law, can be rewritten as na & (b | nc). That removes one of the AND gates and leaves two.

void SBOX(uint8_t a, uint8_t b, uint8_t c, uint8_t* l, uint8_t* r) {
  uint8_t na = ~a;
  uint8_t nb = ~b;
  uint8_t nc = ~c;

  uint8_t t0 = b & nc;
  uint8_t t1 = b | nc;

  *l = (a & nb) | t0;
  *r = (na & t1) | t0;
}

Nine gates. That’s exactly what we achieved by tedious artisanal optimization.

Summing up

K-maps are neat and trivial to use once you’ve worked through an example yourself. They yield minimal circuits fast, compared to manual optimization where the effort grows exponentially with the number of terms.

There is one downside though, and it’s that the original variant of a K-map can’t be used with more than four input variables. There are variants that do work with more than four variables but they actually make it harder to spot groups visually.

The Quine–McCluskey algorithm is functionally identical to K-maps but can handle an arbitrary number of input variables in its original variant – although the running time grows exponentially with the number of variables. Not too problematic for us, S-boxes usually don’t have too many inputs anyway…

https://timtaubert.de/blog/2018/08/bitslicing-with-karnaugh-maps/

It's mostly more bug fixes this week, and starting on some cool new features, but first we want to tell you about an exciting competition that launched this week.

On Monday Andrzej Mazur launched the 2018 edition of the JS13KGames competition. As the name suggests, you have to create a game using only thirteen kilobytes of Javascript (zipped) or less. Check out some of last year's winners to see what is possible in 13k.

This year Mozilla is sponsoring the new WebXR category, which lets you use A-Frame or Babylon.js without counting towards the 13k. See the full rules for details. Prizes this year includes the Oculus Go for the top three champions.

Browsers

We demoed Firefox Reality at the Mozilla Gigabit event in Mountain View on 8/15. The Mozilla Gigabit Community Fund provides grant funding in select U.S. communities to support pilot tests of gigabit technologies such as virtual reality, 4K video, artificial intelligence, and their related curricula.

The GeckoView team added APIs for overriding screen size and display DPI, which will enable more UI customization in the future. We also did more work to improve model load times, plus general performance fixes.

Did you know you can see everything that goes into Firefox Reality in the Github? Every bug and commit is available for you to see.

Social

Tons of bug fixes for stability, performance, and fixes of the drawing tool.

See you next week!

https://blog.mozvr.com/this-week-in-mixed-reality-issue-16/

https://blog.mozilla.org/sfink/2018/08/17/type-examination-in-gdb/

WeTransfer offers a simple, extensions-based file transferring solution.

When we want to share digital files, most people think of popular file hosting services like Box or Dropbox, or other common methods such as email and messaging apps. But did you know there are easier—and more privacy-focused—ways to do it with extensions? WeTransfer and Fire File Sender are two intriguing extension options.

WeTransfer allows you to send files up to 2GB in size with a link that expires seven days from upload. It’s really simple to use—just click the toolbar icon and a small pop-up appears inviting you to upload files and copy links for sharing. WeTransfer uses the highest security standards and is compliant with EU privacy laws. Better still, recipients downloading files sent through WeTransfer won’t get bombarded with advertisements; rather, they’ll see beautiful wallpapers picked by the WeTransfer editorial team. If you’re interested in additional eye-pleasing backgrounds, check out WeTransfer Moment.

Fire File Sender allows you to send files up to 4GB each. Once the file is successfully uploaded, a link and a six-digit code is generated for you to share. The link and code will expire 10 minutes after upload or after one download—whichever occurs first. Also, within the 10-minute time frame, you have the ability to stop sharing the file. Fire File Sender uses the browser sidebar for the uploading and downloading of files through Send Anywhere APIs.

Best of all, neither WeTransfer, nor Fire File Sender require an account to use their service. The enhanced anonymity of the file exchange, plus the automatic deletion of files (Dropbox and Google require manual deletion), make these extensions strong choices for privacy-minded folks.

I should also mention Firefox Send, though it’s a web service and not an extension. Firefox Send is Mozilla’s home-grown solution to file sharing. Created by the Mozilla Test Pilot team, Firefox Send allows you to securely share files up to 1GB in size directly from your browser. Any links generated will either expire after one download or 24 hours, whichever comes first. Taking privacy matters even further, files distributed through Firefox Send are encrypted directly in the browser and then uploaded to Mozilla. Mozilla does not have the ability to access the content of the encrypted file.  (The Test Pilot team constantly strives to improve on their project; its development progress can be viewed on GitHub.)

The post Share files easily with extensions appeared first on Mozilla Add-ons Blog.

https://blog.mozilla.org/addons/2018/08/17/share-files-easily-with-extensions/

AddressSanitizer has worked in rr for a while. I just found that LeakSanitizer wasn't working and landed a fix for that. This means you can record an ASAN build and if there's an ASAN error, or LSAN finds a leak, you can replay it in rr knowing the exact addresses of the data that leaked — along with the usual rr goodness of reverse execution, watchpoints, etc. Well, hopefully. Report an issue if you find more problems.

Interestingly, LSAN doesn't work under gdb, but it does work under rr! LSAN uses the ptrace() API to examine threads when it looks for leaks, and it can't ptrace a thread that gdb is already ptracing (the ptrace design deeply relies on there being only one ptracer per thread). rr uses ptrace too, but when one rr tracee thread tries to ptrace another rr tracee thread, rr emulates the ptrace calls so that they work as if rr wasn't present.

http://robert.ocallahan.org/2018/08/asan-and-lsan-work-in-rr.html

Step 0: Have a current working build environment for building Firefox for Android for a recent checkout of mozilla-central.

Step 1: Figure out when the revision you are interested in was checked in. hg log -r will give you a date of the checkin.

Step 2: Check the revision history of the Simple Firefox for Android build guide you want to find a revision slightly before the date from step 1. At the bottom of the page “Required Android SDK and NDK versions” use this section as a reference for the next several steps.

Step 3. Install the version of the Android SDK Platform listed on the DevMo page. Via Android Studio’s SDK manager. Tools -> SDK Manager -> SDK Platforms ->  mark the API version you need -> click apply

Step 4. Install the SDK build tools using Android Studio’s SDK manager. Tools -> SDK Manager -> SDK Tools -> mark the SDK build tools version you need -> click apply

Step 5. Get the correct NDK from Google’s archives. Then extract it to where you store your NDKs. $HOME/.mozbuild is the default.

Step 6. Get the Android SDK tools. This can be a real pain as Google does not have links to download this. You will need to craft your own version of the URL. The URL format is https://dl.google.com/android/repository/tools_r-.zip Where version matches the “Android SDK Tools” line from DevMo and operating system is macosx or linux. Example https://dl.google.com/android/repository/tools_r23.0.1-linux.zip

Step 7. Create a copy of the SDK, delete the tools directory and place the folder from the Android SDK Tools download step 6 above in that folder. Example $HOME/.mozbuild/android-sdk-linux-23.0.1/

Step 8. Update your .mozconfig to point to the older NDK and SDK versions
# Build Firefox for Android:
ac_add_options --enable-application=mobile/android
ac_add_options --target=arm-linux-androideabi
# With the following Android SDK and NDK:
ac_add_options --with-android-sdk="/absolute/path/to/android-sdk-linux-23.0.1"
ac_add_options --with-android-ndk="/absolute/path/to/android-ndk-r11c"

Step 9. ./mach build
./mach package
./mach install
./mach run

https://www.kevinbrosnan.net/2018/08/general-steps-for-building-older-versions-of-firefox-for-android/

Brazil’s newly passed data protection law is a huge step forward in the protection of user privacy. It’s great to see Brazil, long a champion of digital rights, join the ranks of countries with data protection laws on the books. We are concerned, however, about President Temer’s veto of several provisions, including the Data Protection Authority. We urge the President and Brazilian policymakers to swiftly advance new legislation or policies to ensure effective enforcement of the law.

The post Brazilian data protection is strong step forward, action needed on enforcement appeared first on Open Policy & Advocacy.

https://blog.mozilla.org/netpolicy/2018/08/15/brazilian-data-protection-is-strong-step-forward-action-needed-on-enforcement/

I riffed on this a bit over at twitter some time ago; this has been sitting in the drafts folder for too long, and it’s incomplete, but I might as well get it out the door. Feel free to suggest additions or corrections if you’re so inclined.

You may have seen this list of latency numbers every programmer should know, and I trust we’ve all seen Grace Hopper’s classic description of a nanosecond at the top of this page, but I thought it might be a bit more accessible to talk about CPU-scale events in human-scale transactional terms. So: if a single CPU cycle on a modern computer was stretched out as long as one of our absurdly tedious human seconds, how long do other computing transactions take?

If a CPU cycle is 1 second long, then:

• Getting data out of L1 cache is about the same as getting your data out of your wallet; about 3 seconds.
• At 9 to 10 seconds, getting data from L2 cache is roughly like asking your friend across the table for it.
• Fetching data from the L3 cache takes a bit longer – it’s roughly as fast as having an Olympic sprinter bring you your data from 400 meters away.
• If your data is in RAM you can get it in about the time it takes to brew a pot of coffee; this is how long it would take a world-class athlete to run a mile to bring you your data, if they were running backwards.
• If your data is on an SSD, though, you can have it six to eight days, equivalent to having it delivered from the far side of the continental U.S. by bicycle, about as fast as that has ever been done.
• In comparison, platter disks are delivering your data by horse-drawn wagon, over the full length of the Oregon Trail. Something like six to twelve months, give or take.
• Network transactions are interesting – platter disk performance is so poor that fetching data from your ISP’s local cache is often faster than getting it from your platter disks; at two to three months, your data is being delivered to New York from Beijing, via container ship and then truck.
• In contrast, a packet requested from a server on the far side of an ocean might as well have been requested from the surface of the moon, at the dawn of the space program – about eight years, from the beginning of the Apollo program to Armstrong, Aldrin and Collin’s successful return to earth.
• If your data is in a VM, things start to get difficult – a virtualized OS reboot takes about the same amount of time as has passed between the Renaissance and now, so you would need to ask Leonardo Da Vinci to secretly encode your information in one of his notebooks, and have Dan Brown somehow decode it for you in the present? I don’t know how reliable that guy is, so I hope you’re using ECC.
• That’s all if things go well, of course: a network timeout is roughly comparable to the elapsed time between the dawn of the Sumerian Empire and the present day.
• In the worst case, if a CPU cycle is 1 second, cold booting a racked server takes approximately all of recorded human history, from the earliest Indonesian cave paintings to now.

http://exple.tive.org/blarg/2018/08/15/time-dilation/

Highlights

• New Onboarding experience in Firefox 62 currently only as an experiment.

  • 

    Totally adorable onboarding critters (Scientific name: Totes Adorbs Familiaris)

• The new about:policies helps administrators verify if they have configured policies correctly, learn more about the different policies, and resolve errors.
  

  • 

    about:policies, coming soon!

• About:performance UI is currently being updated, currently behind a pref more details in the bug 1477677

  • 

    The new about:performance will show you what pages are draining your system resources

• Doug Thayer pushed the ClientStorage work through the finish line! This should improve responsiveness and (maybe) power usage on macOS. This should also allow tab warming to ride to release on macOS!

Project Updates

Add-ons / Web Extensions

• Kris fixed an issue with starting extensions while a content process is hung and a crash from webRequest stream filters.
• Luca did further work on migrating the storage API to IndexedDB.
• Oriol fixed several issues with extension icons.
• Tim fixed themes on Android.

Browser Architecture

• XUL/XBL Replacement Newsletter #6 posted.
• Browser console is now loaded as a html document.
• getElementsByAttribute[NS] now works on (chrome) HTML documents.
• Added document.createXULElement. No namespace funkiness!
• Working on a plan to either remove broadcaster/observers or support them in HTML.
• Investigating feasibility of landing rkv as NPOTB so potential consumers can investigate it for suitability to their use cases (bug 1445451).

Lint

• We are switching most ChromeUtils.import calls to be treated as explicit variable declarations by ESLint. This has the advantage of triggering no-unused-vars more often (especially in jsm files), to find unused imports.
  • This doesn’t work where modules.json lists a file as exporting two symbols (only one of them might be used, so we haven’t weeded them out yet).
  • The better form declarations of const {Foo} = ChromeUtils.import(“resource://foo.jsm”, {}); are already handled according to the variables.

Performance

• Florian landed some new about:performance UI pref’ed off, you can try it by flipping dom.performance.enable_scheduler_timing in about:config and then restart the browser before opening about:performance (warning: the browser will crash if you forget to restart). He also started investigating performance issues when reordering tabs.
• Felipe reworked RemotePageManager to load it lazily and got a nice 3+% cpstartup win, he’s working on making us stop touching ‘content’ early in the content process for more cp startup wins.
• Gijs is avoiding useless initial about:blank loads, removed the startup impact of registerContentHandler by removing the implementation, and fixed a sync layout flush we had when opening the awesomebar panel.
• Jay’s internship ended and we are grateful for all the good work he did!

Policy Engine

• About:policies page (Bug 1472528) – Kanika Saini
  • Active Policies
    • Policies vary a lot
      • Some are just boolean values, for e.g DisableAppUpdate
      • Some are arrays of objects with keys and values, for e.g. Bookmarks
      • Some are objects which have keys and their values have arrays in a deeper level, for e.g Permissions
  • Documentation
    
    • 

      The documentation is built-in! Alright!

      

      Showing off the schema for some policies

    • Machine-only icon warns the administrator about such policies
    • Each policy row is a collapsible which on click expands to display more information about the policy, for e.g schema for the policy
  • Errors

    • 

      When things go wrong with policy management, error messages go here.

• • • Error tab is only visible when there is an error
    • Gives a brief of the error relating to the Policy Engine only

Search and Navigation

Address Bar & Search

• the WebExtensions search API got POST requests support
• browser.search.region and browser.search.countryCode prefs have been merged into the former
• Organic search telemetry is moving from a system add-on to core to reduce perf impact and manage the code more easily (plus bootstrapped addons going away)
• Fixed a regression where autofill could suggest a nonsecure origin even if the user typed https
• Fixed a regression where autofill prevented to start a search by a capital letter
• Fixed a possible shutdown crash on autofill migration
• Fixed a regression where the urlbar fading mask could appear even when the url was not overflowing

Places

• Annotations feature removal:
• • PlacesUtils.history.fetch can now read page annotations asynchronously
  • nsIDownloadHistory has been completely removed and replaced with async calls to PlacesUtils.history.update()
  • Removed annotations expiration code
  • Various unnecessary methods and page annotation observers have been removed
• The following Tagging APIs have been moved to the async bookmarking API:
  • MAX_TAGS_LENGTH is now PlacesUtils.bookmarks.MAX_TAGS_LENGTH
  • allTags is now PlacesUtils.bookmarks.fetchTags()
  • hasTags has been removed
  • getURIsForTag is now PlacesUtils.bookmarks.fetch({…}, {includeTags: true})
• The redesigned bookmarking API got a few bug fixes

Test Pilot

• Side View is a hit!
  • MAU graph:
    

    Side View seems to be pretty popular with our Test Pilot users.

  • Next for Side View: added to Shield queue
• Screenshots
  • New annotations features shipped! Undo/Redo (Barry) & Text tool (Punam)
    • Check out the blog post
  • Current sprint is mostly server-focused:
    • Finishing the last few bugs on new features, minor release later this week
    • Starting work on a redesign with tighter FxA integration & better accessibility
      • Soon: work with Kimberly from accessibility team to add accessibility testing to our Selenium tests
  • Client updates:
    • Bootstrap removal work continues
      • Telemetry API for internal WebExtensions got R+, will be landing soon
    • Adding Barry and Punam as peers on the Firefox Screenshots module

Web Payments

• Working through final bugs before WebPayments goes through user testing.
• Prathiksha finished her internship last week. We are very grateful for her contributions!

https://blog.nightly.mozilla.org/2018/08/15/these-weeks-in-firefox-issue-42/