Mozilla flips the default switch on Firefox tracker cookie blocking – gpgmail


From today Firefox users who update to the latest version of the browser will find a pro-privacy setting flipped for them on desktop and Android smartphones, assuming they didn’t already have the anti-tracking cookie feature enabled.

Mozilla launched the Enhanced Tracking Protection (ETP) feature in June as a default setting for new users — but leaving existing Firefox users’ settings unchanged at that point.

It’s now finishing what it started by flipping the default switch across the board in v69.0 of the browser.

The feature takes clear aim at third party cookies that are used to track Internet users for creepy purposes such as ad profiling. (Firefox relies on the Disconnect list to identify creepy cookies to block.)

The anti-tracking feature also takes aim at cryptomining: A background practice which can drain CPU and battery power, negatively impacting the user experience. Again, Firefox will now block cryptomining by default, not only when user activated.

In a blog post about the latest release Mozilla says it represents a “milestone” that marks “a major step in our multi-year effort to bring stronger, usable privacy protections to everyone using Firefox”.

“Currently over 20% of Firefox users have Enhanced Tracking Protection on. With today’s release, we expect to provide protection for 100% of ours users by default,” it predicts, underlining the defining power of default settings.

Firefox users with ETP enabled will see a shield icon in the URL bar to denote the tracker blocking is working. Clicking on this icon takes users to a menu where they can view a list of all the tracking cookies that are being blocked. Users are also able to switch off tracking cookie blocking on a per site basis, via this Content Blocking menu.

While blocking tracking cookies reduces some tracking of internet users it does not offer complete protection for privacy. Mozilla notes that ETP does not yet block browser fingerprinting scripts from running by default, for example.

Browser fingerprinting is another prevalent privacy-hostile technique that’s used to track and profile web users without knowledge or consent by linking online activity to a computer’s configuration and thereby tying multiple browser sessions back to the same device-user.

It’s an especially pernicious technique because it can erode privacy across browser sessions and even different browsers — which an Internet user might be deliberately deploying to try to prevent profiling.

A ‘Strict Mode’ in the Firefox setting can be enabled by Firefox users in the latest release to block fingerprinting. But it’s not on by default.

Mozilla says a future release of the browser will flip fingerprinting blocking on by default too.

The latest changes in Firefox continue Mozilla’s strategy — announced a year ago — of pro-actively defending its browser users’ privacy by squeezing the operational range of tracking technologies.

In the absence of a robust regulatory framework to rein in the outgrowth of the adtech ‘industrial data complex’ that’s addicted to harvesting Internet users’ data for ad targeting, browser makers have found themselves at the coal face of the fight against privacy-hostile tracking technologies.

And some are now playing an increasingly central — even defining role — as they flip privacy and anti-tracking defaults.

Notably, earlier this month, the open source WebKit browser engine, which underpins Apple’s Safari browser, announced a new tracking prevention policy that puts privacy on the same footing as security, saying it would treat attempts to circumvent this as akin to hacking.

Even Google has responded to growing pressure around privacy — announcing changes to how its Chrome browser handles cookies this May. Though it’s not doing that by default yet.

It has also said it’s working on technology to reduce fingerprinting. And recently announced a long term proposal to involve its Chromium browser engine in developing a new open standard for privacy.

Though cynics might suggest the adtech giant is responding to competitive pressure on privacy by trying to frame and steer the debate in a way that elides its own role in data mining Internet users at scale for (huge) profit.

Thus its tardy privacy pronouncements and long term proposals look rather more like an attempt to kick the issue into the long grass and buy time for Chrome to keep being used to undermine web users’ privacy — instead of Google being forced to act now and close down privacy-hostile practices that benefit its business.


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

Google to pay security researchers who find Android apps and Chrome extensions misusing user data – gpgmail


Google said it will pay security researchers who find “verifiably and unambiguous evidence” of data abuse using its platforms.

It’s part of the company’s efforts to catch those who misuse user data collected through Android apps or Chrome extensions — and to avoid its own version of a scandal like Cambridge Analytica, which saw millions of Facebook profiles scraped and used to identify undecided voters during the U.S. presidential election in 2016.

Google said anyone who identifies “situations where user data is being used or sold unexpectedly, or repurposed in an illegitimate way without user consent” is eligible for its expanded data abuse bug bounty.

“If data abuse is identified related to an app or Chrome extension, that app or extension will accordingly be removed from Google Play or Google Chrome Web Store,” read a blog post. “In the case of an app developer abusing access to Gmail restricted scopes, their API access will be removed.” The company said abuse of its developer APIs would also fall under the scope of the bug bounty.

Google said it isn’t providing a reward table yet but a single report of data misuse could net $50,000 in bounties.

News of the expanded bounty comes in the wake of the DataSpii scandal, which saw browser extensions scrape and share data from millions of users. These Chrome extensions uploaded web addresses and webpage titles of every site a user visited, exposing sensitive data like tax returns, patient data, and travel itineraries.

Google was forced to step in and suspend the offending Chrome extensions.

Instagram recently expanded its own bug bounty to include misused user data following a spate of data incidents,


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

Google, Mozilla team up to block Kazakhstan’s browser spying tactics – gpgmail


Google and Mozilla have taken the rare step of blocking an untrusted certificate issued by the Kazakhstan government, which critics say it forced its citizens to install as part of an effort to monitor their internet traffic.

The two browser makers said in a joint statement Wednesday it deployed “technical solutions” to block the government-issued certificate.

Citizens had been told to install the government-issued certificate on their computers and devices as part of a domestic surveillance program. In doing so it gave the government ‘root’ access to the network traffic on those devices, allowing the government to intercept and snoop on citizens’ internet browsing activities.

Researchers found that only a few sites were being monitored, like Facebook, Twitter, and Google.

Although the Kazakh government is said to have stopped what it called “system testing” and allowed citizens to delete the certificate, both Google and Mozilla said its measures would stop the data-intercepting certificate from working — even if it’s still installed.

“We don’t take actions like this lightly,” said Marshall Erwin, Mozilla’s senior director of trust and security. But Google browser chief Parisa Tabriz said the company would “never tolerate any attempt, by any organization — government or otherwise — to compromise Chrome users’ data.”

The block went into effect invisibly and no action is needed by users.

Kazakhstan has a population of 18 million. Researchers said that the Kazakh government’s efforts to intercept the country’s internet traffic only hit a “fraction” of the connections passing through the country’s largest internet provider.

The Central-Asian country currently ranks as one of the least free countries on the internet freedom score, based off data collected by watchdog Freedom House, trailing just behind Russia and Iran.

A spokesperson for the Kazakhstan consulate in New York did not respond to a request for comment.


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

Microsoft’s new Chromium-based Edge browser is now in beta – gpgmail


Microsoft today launched the first beta builds of its new Chromium-based Edge browser for Windows and Mac. The new beta channel, which will see a new update roughly every six weeks, will join the existing dev and canary channels, which will continue to see daily and weekly updates, respectively.

Over the course of the last few months of preview releases in the existing channels, Microsoft gathered about 140,000 pieces of feedback. With this — and a sufficient amount of telemetry it also received from early adopters — the company now feels that it knows enough about how well Edge works on a wide range of machines and that it is stable enough for enthusiasts, web developers and business users to give it a try before its wider release.

“Beta represents the most stable preview channel, as features are added to Beta only after they have cleared quality testing in first the Canary channel and then the Dev channel,” Microsoft explains in today’s announcement. “Major version updates can be expected roughly every six weeks, alongside periodic minor updates for bug fixes and security.”

At this point, Microsoft has also put all of the infrastructure in place to update the browser and tested it thoroughly through the early preview phase. If need be, that means the team can release an unscheduled beta when it discovers a bug and know that its update systems will work just fine.

Just like Chrome, Firefox and most other browsers, Microsoft will continue to test new features in the canary and developer builds before enabling them in the beta builds. The current canary build, for example, features a very useful global media control button that lets you control YouTube, Spotify and other video and music services without having to switch tabs. Features like this will come to the beta channel in the coming months.

Also available in the beta, but currently behind a flag, are Microsoft’s tracking-prevention features. Soon, the beta build will also get support for collections, Microsoft’s modern take on bookmarks, though as far as I can tell, that feature isn’t currently enabled in the canary and developer releases yet either (Correction: it went live in the canary release with this update). Other new features that’ll soon make their way to the beta are Internet Explorer mode for those companies that still use legacy applications that rely on Microsoft’s old, pre-Edge browser.

With this release, Microsoft is also launching a security bounty program for Edge. Security researchers who find and disclose any high-impact vulnerabilities in the beta and dev channel releases are eligible for rewards of up to $15,000.

As a Microsoft spokesperson stressed in an interview ahead of today’s release, the team is also quite happy about the fact that it has now contributed more than 1,000 commits to the Chromium project. That project is mostly led by Google engineers, but it’s good to see that Microsoft’s plans for ramping up its contributions are paying off. By moving to Chromium, Microsoft gave up developing its own engine. At the time, the company argued that continuing to invest in an engine that only had a few users wasn’t exactly useful in keeping the overall web ecosystem healthy, and that it could have more impact by working on Chromium instead. That work, it seems, is starting to pay off now.

As the team told me, a lot of the work so far has gone into bringing Edge to beta status and making sure that all of the core features are working. That means you won’t see a lot of features in the browser that really set Edge apart from the competition (Collections are a good example here). As those core features become ever more stable, though, we’ll see the team focus more on tools and features that will differentiate Edge from the likes of Chrome.

Personally, I switched to the new Edge shortly after the first developer and canary releases and have been on the daily update channel ever since. Despite its preview status, the browser has been very stable on both Windows 10 and the Mac. Some versions were better than others, but I didn’t experience and major blocking bugs in the process, and Edge has proven to be a fast and stable browser. That bodes well for the beta program.


10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something