Protect your tabs in Firefox with Don't Touch My Tabs! (rel=noopener)

The Firefox add-on Don’t Touch My Tabs! (rel=noopener) adds the link attribute rel=noopener to all links encountered in the web browser with the exception of same-domain links.

The extension addresses a long-standing issue that affects all modern web browser: when a linked resource is opened in  anew tab, it gets control over the page that it was loaded from.

That’s a problem, as it opens the door for manipulation, tracking or malicious attacks. Visit the About rel=noopener website and activate the first link that says “click me..”. It opens a new page in a new tab and while that in itself is not that exciting, going back to the originating page is because it has been manipulated by that site.

Websites may add the rel=noopener attribute to links to avoid this. Most should, considering that control is handed over to the linked resources. These could do all kinds of things, from changing form field destinations to loading tracking pixels or displaying advertisement.

Sites may implement rel=noopener to protect users and their own data from such attacks or manipulations. The problem is that this needs to be implemented by each site individually as browser makers have been reluctant to make the change. Mozilla did test rel=noopener for target=”_blank” links in 2018 but did not activate the change for users of the browser. Check out the linked article for instructions on enabling noopener for blank targets.

Note: The preference appears to have the same effect as the Firefox add-on. It may require further testing to be really sure about that but a quick check of a couple of sites suggests that it works equally well.

When you check external links here on Ghacks, you will notice that noopener is used for all of them.

noopener browser
Ghacks external links

The Firefox add-on Don’t touch my tabs! (rel=noopener) steps in by enabling noopener sitewide for any link you encounter after installation of the extension. The only exception to the rule applies to links that point to the same domain (as the site in question already has full control over its own pages).

The extension does the following, basically:

  1. Searches for hyperlinks on active pages and checks if they have the “target=”_blank” attribute. For any found
    1. It adds the rel=noopener attribute if no rel attribute is used already.
    2. It adds noopener to the attribute if rel is already used leaving any other attributes untouched.

Breakage should be minimal and the extension works automatically in the background once it is installed. The extension is open source; you can check out its GitHub webpage to check out its source. Chrome users can check out No Opener instead which does the same.

Now You: How do you handle this in your browser?

Thank you for being a Ghacks reader. The post Protect your tabs in Firefox with Don’t Touch My Tabs! (rel=noopener) appeared first on gHacks Technology News.

Custom UserAgent String is a Firefox extension that lets you set a user-agent on a per-site basis

So, Mozilla removed the site specific user-agent override setting from Firefox 71. There is a workaround for this, which as mentioned in the previous article is to use a global user-agent. The main issue with the workaround is that the set user-agent is then used on every site that you visit in the Firefox web browser.

And while I did warn you there maybe some side effects, initially I didn’t notice many except for YouTube reverting to an older design.  A few days later, when I visited a banking website, I found that it displayed a message which read something like “Upgrade your browser to access the website”. Occasionally, one or two websites simply didn’t load at all. I ignored those because I thought it was a server issue, but my friends told me they could access the sites from their browser (also Firefox).

Custom UserAgent String is a Firefox extension that lets you set a user-agent on a per-site basis

That’s when it hit me, of course the user-agent setting is what’s messing with other websites. Sure enough, disabling the setting ensured that these websites worked as they normally do. Ironic, isn’t it? You set the option to access some websites, but it ends up breaking others.  I was looking for a fix and there is literally only one option, to use a user-agent switcher extension.

After some research and testing (and looking for alternatives to existing add-ons), I came across one which let me use user-agents on a per-site basis. The extension is called Custom UserAgent String.  It is written by the author of the User-Agent Switcher revived add-on (not to be confused with the one made by Alexander Schlarb). It’s amazing how many add-ons have the same name.

Functionally, both add-ons from Liner are quite similar, but the User-Agent Switcher extension only allows you to set a global user agent, which is what we wanted to fix here. Custom UserAgent String however lets you set a user-agent on a per-site basis. Perfect and it’s quite simple to use too.

How to use Custom UserAgent String

Install the extension, click on its icon and then on the Options button. This should take you to a settings screen.

Ignore section I and skip to section II, which is captioned “Predefined UserAgent Strings”. It has two drop-down menus, one for selecting the browser and Operating system, and the other for selecting the browser’s user-agent.

Step 1

custom user agent string - section ii

Click on the box listed under “Enter a desired URL”. You will see that it has an asterisk symbol * in it. Delete it and type the address of the website that you want to set the user-agent for in the box.  Here’s the weird part: Typing a partial address in the URL box like ghacks.net or www.ghacks.net doesn’t add the site correctly, i.e., it reverts to the asterisk (which makes it use the user-agent globally).

To avoid this, you must use the full address. For e.g https://www.ghacks.net/ will work.

custom user agent string - section ii how to use

Step 2

Use the box below the setting that reads “Enter a custom UserAgent string or select one from the above list”. This is where you can enter the custom user agents for specific websites. You can get the user agent from the drop-down menu mentioned above. Or, you can use your custom one (for older browser versions that maybe missing). Click on the + button on the right side to finish adding the site-specific user-agent; it should appear in the table at the end of the page.

Note: The custom string option is good for long term use, since even if the add-on hasn’t been updated, you can still get the latest user agent from elsewhere and use it.

Let’s look at another example:

Say you want to access Skype on the Web. The URL should be written like this https://web.skype.com/

The user-agent should be Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36

There are 2 other things that the Custom UserAgent String table is useful for. The checkbox next to each site listed, toggles the user-agent to be used for the entire website (top-level domain) or only for the given address. Clicking the blank gray button at the right end of the table acts as a switch for enabling/disabling the user-agent.

You can disable the Custom UserAgent String add-on completely by clicking on the icon and hitting the power button.

This method works perfectly fine in Firefox 71. Which extension are you using for setting site-specific user-agents?

Thank you for being a Ghacks reader. The post Custom UserAgent String is a Firefox extension that lets you set a user-agent on a per-site basis appeared first on gHacks Technology News.

PocketTube offers better YouTube Subscriptions Management

YouTube’s subscription feature is a prime example of a feature that has been cut down to its very core to make it as simple as possible and at the same time almost entirely useless.

The Google-owned property removed the option to manage subscriptions in collections in 2015 and with it came the removal of nearly any subscription-related option such as sorting. It is nearly impossible to keep an eye on subscriptions if the count reaches two or even three digits using native functionality especially since subscriptions are barely highlighted anymore on YouTube’s homepage.

Extensions provide the only recourse to the dumbing down; we reviewed YouTube Subscription Manager for Chrome back in 2015 which restored management functionality.

PocketTube offers similar but more advanced functionality. The subscription manager is available for Chrome and Firefox, Apple iOS and Android, and as a web service.

Among the many features that it offers is native integration on YouTube, options to create groups and add subscriptions to groups, sort subscriptions or show last YouTube videos by group.

I looked at the browser extensions for this review.

youtube subscriptions manager groups

The extension adds a new entry to YouTube’s sidebar that is called Subscription Groups. The widget lists all available groups and may display the channels added to these groups. One of your first tasks is to create at least one group as you will notice otherwise that the “add to group” dialog displays nothing. The develop should consider adding info to the dialog if no group has been created to assist first-time users.

Once you have created your first group you may add channels to it. Just open any channel page on YouTube and click on the new “plus” icon next to the subscribe(d) and notifications options.

youtube groups

PocketTube displays all available groups and the selection of any adds the channel to that group. Groups can be sorted by date published, A-Z, subscriber count or custom sort order; the latter supports dragging and dropping channels to new positions.

The settings that PocketTube provides list an option to hide channels that you have added to groups from the general subscriptions listing. It is disabled by default though.

One of the best features of PocketTube is the ability to display all recent videos of a group on a new page on YouTube.  Instead of having to go through all subscriptions on YouTube, as the site offers no grouping option anymore, you can open videos from a specific group only; very useful. Videos are listed in order of publication starting with the most recent additions. A play all button is provided on the page to play all videos one after the other.

There is more on offer here though. You can add custom icons to collections to make them stand out more if you use multiple groups. Settings may be exported and imported for manual syncing but there is also an option to sync automatically using Google Drive.

Closing Words

PocketTube restores a much needed feature on YouTube and improves it significantly. It is ideal for users of the site who have a medium to large number of subscriptions and want better manageability of these channels. While it takes a moment to set everything up, it is relatively easy to do.

Now You: do you use Youtube’s subscription service?

Thank you for being a Ghacks reader. The post PocketTube offers better YouTube Subscriptions Management appeared first on gHacks Technology News.

5 Best Mozilla Firefox Privacy-focused Add-ons

If you’re a privacy enthusiast, you might be using one of the best open-source web browsers: Mozilla Firefox. Even if you don’t care about online privacy, it’s best to opt for Mozilla Firefox, thanks to its set of pro-privacy features.

That’s not all; you can do a lot more to protect your online privacy. Among the options, an easy and quick one is to install privacy-focused add-ons in Mozilla Firefox. Since Firefox is one of the oldest browsers on the planet, it offers a plethora of add-ons — for every purpose!

That said, let’s check out the best privacy-centric add-ons you can install in Mozilla Firefox. Let’s dive in.

Ghostery

Ghostery is one of the best privacy-focused extensions with an intuitive user interface. What’s most interesting is, it uses an artificial intelligence engine to smartly block trackers and advertisements to help avoid issues on websites.

Enhanced anti-tracking of Ghostery

Ghostery offers Smart Blocking — a feature to optimize the performance of the webpages. Moreover, it maintains the page quality by intelligently blocking and unblocking non-secure or slow trackers, anonymizing your web history.

Ghostery shows just the required content and blocks everything else including online ads, thus decluttering the web pages. Also, it prevents trackers from gathering your information like your location, computer type, window size, browser, and your browsing habits, helping you browse the web safely!

Ghostery shows detailed information too

Blur

Blur — previously known as DoNotTrackMe — is a perfect browser extension for securing your data and online privacy. It limits the information you share with third-parties such as advertising companies and trackers, like Ghostery.

Blurs helps to mask your email address

Blur can mask email addresses to protect your online identities. What’s most interesting is, you can also mask credit cards and phone numbers (a premium feature, sadly), protecting you from online fraud and identity thefts.

Unlike Ghostery, Blur is also one of the best password managers, helping you to manage passwords. It can encrypt, save, and organize all your passwords to help you log in quickly and securely on the web as well as on iPhone and iPad.

Blur can mask debit or credit cards

Private Bookmarks

Private Bookmarks adds a missing feature to Mozilla Firefox. It enables a special password-protected bookmark folder that’s encrypted with your password. The private bookmark folder can be backed up, imported, and exported too.

You can hide web pages in this private folder from prying eyes. It encrypts the folder and hides it on your machine, making it invisible. One can only access it with your password.

Settings of Private Bookmarks in Firefox

Interestingly, Private Bookmarks can auto-lock your private bookmarks when you’re idle or not using a private browsing session. Also, it can auto-lock the private folder if you close the browser while the folder was left unlocked.

Multi-Account Containers

If you’d like to organize your online life and maintain privacy, Multi-Account Containers is a great solution. It helps create containers — an isolated group of your online identities and services.

In short, it allows running two identities side-by-side, say your official and personal accounts at the same time.

Create new container in Multi-Account Containers

Hence, you can stay logged into multiple accounts without using multiple browsers or constantly signing in and out of your accounts. What’s more interesting is, it helps isolate your accounts. So, if you search for “developer jobs” using your personal account, your work account services can’t track it.

Using Multi-Account Containers in Mozilla Firefox

Cookie Manager

Cookie Manager helps you to manage the cookies on any web page. It works in private mode and runs on Firefox Mobile as well. You can view all cookies, search cookies using a domain, path, or content.

Moreover, you can do a sort of actions on the cookies — add, edit, remove, whitelist, and import or export the cookies.

Cookie Manager for Mozilla Firefox

Cookies are text files that keep track of your online activities as well as your identities. So, Cookie Manager helps you to manage or remove cookies, allowing you to control web tracking.

It also recognizes cookies from default or private browsing sessions and container tabs and groups them into relevant jars.

That’s all about the privacy-focused add-ons for Mozilla Firefox. I suggest you get Ghostery — it blocks tracking-related technologies, hardening your online privacy. I also suggest installing Multi-Account Containers — an awesome add-on for ensuring isolation between multiple accounts of service (say Gmail).

The post 5 Best Mozilla Firefox Privacy-focused Add-ons appeared first on Hongkiat.

NextDNS is new Firefox DNS-over HTTPS partner

Mozilla has selected the DNS provider NextDNS as a new partner for its Trusted Recursive Resolvers Program. NextDNS is the second DNS provider (after Cloudflare) that has been accepted into the program.

Work on DNS-over-HTTPS in Firefox began in 2017. The feature is designed to protect DNS requests by using encryption in order to thwart of attacks and improve privacy. Additionally, it may also allow users to bypass DNS-based filtering attempts.

When Mozilla announced the integration of DNS-over-HTTPS in the organization’s Firefox web browser, it selected Cloudflare as its sole partner. Cloudflare was accepted into the Trusted Recursive Resolvers program with strict operational requirements.

The decision was met with criticism. Two main arguments brought forward were that focusing on a single partner did not give users choice and that Cloudflare was not without criticism either.

Firefox users may configure any DNS provider that supports DNS-over-HTTPS in the browser. Mozilla decision to focus on select partners has advantages but also disadvantages. Advantages, because partners need to meet certain privacy and operational criteria to be selected, and disadvantages, because it limits choice for the most part.

Microsoft and Google selected a different route. The companies made the decision to enable DNS-over-HTTPS automatically if the selected DNS provider supports the technology. In other words: users may benefit from the new technology without needing to make any changes to their systems or them, in some cases, even knowing about it.

nextdns firefox

Mozilla announced yesterday that NextDNS has been added to the list of official partners for Firefox’s DNS-over-HTTPS feature. NextDNS is a new DNS provider that launched in March 2019 that is “a fully customizable, modern, and secure DNS provider” according to Mozilla.

The service is listed as beta currently on the NextDNS website and is completely free during the beta period. NextDNS offers options to enable filtering lists to block known malicious sites, trackers, and other unwanted requests.

The company plans to introduce a paid option after the beta period ends for $1.99 per month for unlimited DNS queries. Free customers are limited to 300,000 DNS queries per month. It is unclear what is going to happen when the limit is reached.

Mozilla plans to bring more partners into its program in the future.

Now You: Do you plan to use DNS-over-HTTPS when it becomes available?

Thank you for being a Ghacks reader. The post NextDNS is new Firefox DNS-over HTTPS partner appeared first on gHacks Technology News.

Mozilla will enforce two-factor authentication for Extension Developers

Firefox extension developers need to set up their accounts to support two-factor authentication (2FA) in early 2020 as this is a new requirement that Mozilla has just announced.

Mozilla’s reasoning behind the decision is simple: prevent that attackers manage to obtain username and password of extension developers to manipulate the extensions that are offered on Mozilla AMO.

firefox account two-step authentication

The organization dropped its “Review first – Publish later” model in 2017 in order to deliver updates and new add-on releases faster. While extensions may get reviewed manually after the fact (after publication), there is a time gap between making it available to users and the review; this could allow malicious actors to push unwanted or malicious content to users in form of add-ons if the automated systems that are in place can be bypassed.

Starting in early 2020, extension developers will be required to have 2FA enabled on AMO. This is intended to help prevent malicious actors from taking control of legitimate add-ons and their users.

The extra layer of security that Mozilla requires from extension developers won’t be required for accounts that use the upload API of AMO.

Regular users who maintain accounts on AMO are not required to enable 2FA for their accounts as well. While Mozilla does recommend setting up 2FA for all Firefox accounts, it is not a requirement at this point.

Tip: check out our guide on enabling two-factor authentication in Firefox here.

Once the requirement goes live, developers are asked to enable 2FA for their accounts when they are making changes to their add-ons.

Before this requirement goes into effect, we’ll be working closely with the Firefox Accounts team to make sure the 2FA setup and login experience on AMO is as smooth as possible. Once this requirement goes into effect, developers will be prompted to enable 2FA when making changes to their add-ons.

Closing Words

The new Two-Factor Authentication requirement won’t impact extensions that are already available. These remain available, it appears while developers need to set up 2FA for accounts if they plan to make changes to their add-ons. It is unclear if this will also be required for new add-ons that get released on AMO.

The extra layer should protect against the majority of supply chain attacks. As is the case with all two-factor authentication options, it is important to keep recovery codes at hand. If an extension developer loses access to the 2FA device and recovery codes, it is possible that this can lead to a permanent loss of access.

Now You: What is your take on the new requirement?

Thank you for being a Ghacks reader. The post Mozilla will enforce two-factor authentication for Extension Developers appeared first on gHacks Technology News.

Mozilla removes site specific user-agent override option from Firefox 71

A few months we told you how to disable the Twitter redesign and get the old interface back. Yesterday I ran into the new UI in Firefox even though I kept the proposed modifications in the browser since the guide was published.

Mozilla removes site specific user-agent override option from Firefox 71

I was a bit puzzled, and thought that the social network is now forcing users to use the mobile-centric interface. In order to help other users, I tweeted a message about the GoodTwitter extension along with a link to the previous article.

Sometime later, a Firefox user reached out to me on Twitter, and said he couldn’t install add-ons at work. What’s interesting here was that he mentioned that the User Agent setting no longer worked for him.

Then I remembered that I had been using the very setting he was talking about, and not the add-on (which I had disabled). After a bit of Google-fu, I discovered what caused the problem. It turns out that it wasn’t Twitter that was playing foul, but none other than our beloved browser, Firefox.

About a week ago, Mozilla released Firefox 71 to the stable channel. It brought with it an important change, a new about:config interface. What some users (including myself) weren’t aware, was that the new version removed the site specific user-agent override option from about:config. And quite surprisingly, this isn’t a bug, but actually appears to be done by design.

Valentin Goșu, who works at Mozilla has confirmed this on the Bugzilla forums, in a reply to a complaint from a user, nearly 2 months ago. Digging further revealed that this change had been planned by Mozilla last year.

So, what is the issue?

You can no longer set site specific overrides using the UserAgent string. You will need to set the User Agent override globally (affects the rendering of all websites). Since this is a global override, it could make some websites look odd, for e.g. YouTube uses an older design in this user agent, and if you use a non-Firefox user agent you won’t be able to download extensions from the add-ons repository.

There are two workarounds for this:

Non-extension method

Open a new tab to enter the about:config page, and paste the following text in the search box that appears.

general.useragent.override

A new setting should be displayed in the tab, select the “String” option, click on the plus button on the right side.

Mozilla Firefox user-agent override option

Now, copy the following value and paste it in the setting’s field, and click on the checkmark button to finish the process.

Mozilla/5.0 (Windows NT 9.0; WOW64; Trident/7.0; rv:11.0) like Gecko

This should bring the old Twitter interface back. You can find other user agents from this website.

If you want to access Skype for Web, use the Chrome User Agent instead.

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36

Firefox user agent for skype

Add-on method

The only other way is to use an add-on like User-Agent Switcher and Manager (White-list mode) and set the user-agent for each site manually.

This may not be a big deal for many users, but priceless to many. Personally, I had been using it on 2 websites, Twitter and Skype Web (which requires Chrome or Edge). When my bank’s internet banking website stopped working in Firefox (had to use Chrome), other users and I voiced our concerns and they re-added support for Firefox.

Thank you for being a Ghacks reader. The post Mozilla removes site specific user-agent override option from Firefox 71 appeared first on gHacks Technology News.

Use these extensions to delete your Firefox browsing history automatically and to clear the cache with a single button

While we browse the internet every day, there’s one thing many of us tend to forget: to clear the browsing history and the cache regularly.

Clearing the cache and the browsing history can be beneficial for a number of reasons. The most important ones are that it frees up disk space and improves suggestions that Firefox displays when you type in the browser’s address bar.

History Cleaner by Rayquaza01 is an extension for Firefox that can automate the task of deleting the browser history.

History Cleaner

Install the add-on and you’ll find that there is no button to click on the toolbar, and there are no options to toggle from the context-menu. How do you interact with the extension?

Open the about:addons page in Firefox and select History Cleaner. You will see three tabs here: Details, Options and Permissions. The only setting of the extension can be accessed from the Options page; it lets you set the number of days to keep the browsing history. Don’t set it to zero though, because that disables the add-on. You could set it to any number of days that you want. Once the set time is over, History Cleaner will delete the browsing history on its own. Just enter the number in the field and you’re good to go. It’s an install-and-forget add-on.

Remember, this extension only clears the history and not the browser cookies. So, your logins on websites should remain unaffected. If you need to clear the cookies, you should take a look at the Cookie AutoDelete extension. History Cleaner is an open source WebExtension, and a port of the Expire history by days add-on.

Clear Cache

Now what about your browser cache? It is not deleted by History Cleaner; this is what tends to fill up your storage, visit a few pages and it’ll gobble up a few Megabytes. Firefox’s cache is limited by design so that it won’t use all of a system’s hard drive for cached files. Deleting cached files may increase the time it takes to reload a resource as well.

Clear Cache extension by TenSoja can be used to clear the browser’s cache automatically. It allows you to clear the browser’s cache from the drive and the RAM with the press of a button. Once you have installed the extension, you just have to hit the F9 key and poof, your browser cache is deleted. macOS users should use the fn + F9 keyboard combo for clearing the cache. Or you could use the button that the extension adds to the toolbar to perform the same action.

Clear Cache has just two options that accessed from the extension’s listing on the about:addons page. The options are Reload active tab and Show Notification. Both of these work after the add-on has been used, i.e., the web page you were on will be reloaded, and a small pop-up notification appears to tell you that the cache has been cleared.

This add-on isn’t automated, so you should remember to clear the cache manually from time to time. Clear Cache is also an open source extension.

Closing Words

History Cleaner is fully automated, Clear Cache requires that you activate it. The latter may be useful for developers who want to make sure that files are loaded from a server and not from the cache.

Now You: do you use browser extensions that automate the clearing of data in your browser?

Thank you for being a Ghacks reader. The post Use these extensions to delete your Firefox browsing history automatically and to clear the cache with a single button appeared first on gHacks Technology News.

Mozilla launches Firefox Private Network VPN for $4.99 per month

Mozilla continues to expand its products and services beyond the Firefox web browser. Firefox Private Network was launched as the first product of the revamped Test Pilot program that Mozilla put on ice earlier this year.

Mozilla launched it for Firefox users in the United States at the time and as a browser proxy only. The system works similarly to third-party VPN solutions for Firefox in that it protects user data and privacy by routing traffic through Private Network servers.

Firefox users needed to install the Firefox Private Network extension to make use of the provided browser-level protection.

firefox private account

Today, Mozilla Mozilla unveiled the next step in the process. Still only available for users from the United States, the organization launched a full Firefox-branded VPN service.

The VPN service is only available for Windows 10 at the time of writing and the $4.99 per month is an introductory offer. Mozilla promises to release versions for Android and iOS, Chromebook, Mac and Linux in the future.

Firefox Private Network customers who pay for the full protection get access to about 30 regions and may use the service on up to five devices.

The VPN service is provided by Mullvad behind the scenes and uses WireGuard, a new VPN protocol.

The underlying policy of Mullvad is that we never store any activity logs of any kind. We strongly believe in having a minimal data retention policy because we want you to remain anonymous.

Mullvad has a strict no logging policy and accounts use a number system that keeps track of the remaining hours of service only. The service supports several payment methods including traditional methods that may reveal information and systems that don’t reveal those information, e.g. cash transactions or Bitcoin.

The full-device VPN protects the entire device whereas the browser extension only Firefox activity. A free option is provided and even though Mozilla changed some of its options, is not very practicable to use.

The core reason is that one-hour passes are assigned to the free user and that those are limited to 12 currently (opposed to 4 three-hour passes previously). Means: even if you connect to the service for just a minute, you will waste one of the available hour passes.

The price of $4.99 is an introductory price that is available during the beta. Mozilla has not revealed the price that it will charger after the beta ends but it is very likely that it will charge more than $4.99 for a monthly subscription. Mullvad charges about $5.50 (€5 Euro) per month for one month of access to the service.

Most VPN services, e.g. NordVPN, offer discounts when customers subscribe for longer periods. Whether that is the case for Firefox Private Network accounts remains to be seen.

The $4.99 put Mozilla’s offering somewhere in the middle when it comes to price. There are cheaper VPN providers out there but also several that charge more than $5 per month.

Closing Words

Mozilla plans to run the beta in the United States “into early 2020” to expand the service to other regions “soon thereafter”.  Interested users may join a waitlist to be notified when the service becomes available in their region.

Mozilla has an advantage over other VPN providers; the organization may integrate the service in one form or another in the Firefox web browser to advertise the paid version to users directly. Mozilla did not reveal whether it plans to do that but it could help the organization get away with slightly higher prices than competing offers.

Now You: What is your take on this development? Have you ever dealt with Mullvad?

Thank you for being a Ghacks reader. The post Mozilla launches Firefox Private Network VPN for $4.99 per month appeared first on gHacks Technology News.

Mozilla removes all Avast Firefox extensions

If you search for Avast or AVG on the official Mozilla Add-ons website, you may notice that no results by these companies are returned. Neither Avast Online Security or SafePrice, nor AVG Online Security or SafePrice, are returned by the Store currently even though these extensions exist.

It appears that Mozilla removed these extensions from its Store. When you try to open one of the Store URLs of Avast or AVG extensions you get a “Oops! We can’t find that page” error message.

avast avg firefox add-ons removed

The extensions are not blacklisted by Mozilla. Blacklisted extensions are put on a blocklist — which is publicly available here — and removed from user browsers as a consequence.

Avast and AVG extensions have been removed but are not blocked which means that the extensions remain installed in Firefox browsers for the time being.

Mozilla added several dozen extensions for Firefox to the blocklist on December 2, 2019 which collected user data without disclosure or consent, but Avast’s extensions are not on the list.

What happened?

Wladimir Palant, creator of AdBlock Plus, published an analysis of Avast extensions in late October 2018 on his personal site. He discovered that Avast’s extension transmitted data to Avast that provided Avast with browsing history information.  The data that the extension submits exceeded what is necessary to function according to Palant.

The extensions include the full address of the page, the page title, referer, and other data in the request. Data is submitted when pages are opened but also when tabs are switched. On search pages, every single link on the page is submitted as well.

The data collected here goes far beyond merely exposing the sites that you visit and your search history. Tracking tab and window identifiers as well as your actions allows Avast to create a nearly precise reconstruction of your browsing behavior: how many tabs do you have open, what websites do you visit and when, how much time do you spend reading/watching the contents, what do you click there and when do you switch to another tab. All that is connected to a number of attributes allowing Avast to recognize you reliably, even a unique user identifier.

Palant concluded that the collecting of data was not an oversight. The company states in its privacy policy that it uses anonymized Clickstream Data for “cross-product direct marketing, cross-product development, and third-party trend analytics.

Mozilla is in talks with Avast currently according to Wladimir Palant. Possible scenarios are that Mozilla will add the extensions to the blocklist that it maintains or will request that Avast makes changes to the extensions before they are reinstated.

The extensions are still available for Google Chrome at the time of writing.

Thank you for being a Ghacks reader. The post Mozilla removes all Avast Firefox extensions appeared first on gHacks Technology News.