De Nederlandse
Mozilla-gemeenschap

Ready? Joke time. Here’s an old one.

What’s the difference between a donut and a turd?

I don’t know.

Remind me never to send you out for donuts.

What reminded me of that joke is all the surveillance advertising companies going on about how surveillance advertising is so good for small businesses. But if they have so much trouble telling small businesses and fraud apart, how can they know? Maybe surveillance ads are just better for fraud. The interesting comparison to make is not between a legit business at times they have surveillance advertising on or off, because the scammers competing to reach the same customers are leaving the surveillance ads on. IMHO you have to look from the customer side. If surveillance advertising helps legit companies reach people who can benefit from their products, then people who use ad blockers or privacy tools should be less happy with the stuff they buy.

Instead, people who installed ad blockers for a study turned out to be less likely to regret their recent purchases, and that’s surprising enough to be worth digging into. Maybe it’s not fraud, just drop-shippers. Lots of drop-shippers/social media advertisers are finding existing cheap products, marking them up, and selling using surveillance ads. It’s not illegal, but the people who click the ads end up paying more money for the same stuff. Maybe the reason that the ad blocker users are happier as shoppers is that they search out and buy, say, a $20 product for $20 instead of paying a drop-shipper $99? Or maybe ad blocker users are just making fewer but better thought out purchases?

Just some reading material, more later. I did mess with the CSS on this blog a little, so pages with code on them should look a little better on small screens even if you have to scroll horizontally to see the code.

The Eclipse of the Russian Arms Market China is entering the market for traditional Russian products.

‘Devastating’ potential impact of Google AI Overviews on publisher visibility revealed (This is strange. Right at the time Google needs all the support they can get for their unpopular privacy and antitrust positions, they’re taking action against everyone else on the web. Not sure what the plan is here.)

Which top sites block AI crawlers? All in all, most sites I looked at don’t care to have their content used to train AI. (IMHO this will be a big issue with the Fediverse—currently the only way to pass a noai signal is to defederate. I made a FEP (fep-5e53) so will see what happens.)

Why First Party Data May Not Save Digital Advertising (This is why it’s going to be better to get real consent, later, from fewer people than bogus consent based on zero information about the brand or publisher.)

AI won’t kill ad agencies. Here’s why. Why? Because an agency can amortize the cost of expertise across multiple different paying clients.

United Airlines wants to show you personalized seatback ads: Here’s how to opt out (Meanwhile, other airlines are getting rid of heavy seatback entertainment systems to save fuel, since passengers are bringing devices with better screens anyway.)

“Your personal information is very important to us.” (XScreenSaver for Android has a privacy policy now.)

Economic Termites Are Everywhere [E]conomic termites…are instances of monopolization big enough to make investors a huge amount of money, but not noticeable enough for most of us. An individual termite isn’t big enough to matter, but the existence of a termite is extremely bad news, because it means there are others. Add enough of them up, and you get our modern economic experience.

Tesla may be in trouble, but other EVs are selling just fine (How much of this is the brand personality and how much is the problem that Teslas are expensive to insure? I think every car I have ever owned ended up costing a lot more in car insurance than its price.)

Facebook’s Taylor Swift Fan Pages Taken Over by Animal Abuse, Porn, and Scams (Moderation is the hard part of running any online forum, and AI moderators are the new self-driving cars.)

You Can Still Die From World War I Dangers in France’s Red Zones (This is why Europe has an AI Act. They have more important problems than building robots to take people’s art. Putting limits on luxury and counterproductive uses of AI will free up money and developer time for the stuff they really need. Before people in the USA get mad about this, remember we did it too. There’s no such thing as a 1943 Cadillac Coupe de Ville.)

We need to rewild the internet For California residents, GPC automates the request to “accept” or “reject” sales of your data, such as cookie-based tracking, on its websites. However, it isn’t yet supported by major default browsers like Chrome and Safari. Broad adoption will take time, but it’s a small step in changing real-world outcomes by driving antimonopoly practices deep into the standards stack — and it’s already being adopted elsewhere.

Welcome! If you're reading this, you might have noticed that my blog and this post is on my new domain name frederikbraun.de.

And here is the story. The story of a young nerd in the 1990s. The story of my aunt, who went to the Miniatur Wunderland, left the …

In web security, you may have heard of "mixed content". Maybe you saw a DevTools message like this one.

Mixed Content: Upgrading insecure display request ‘http://...’ to use ‘https’.

This blog post is going to explain what "mixed content" means, its implications for your website and how to handle mixed …

Reflecting on two years of working on the browser that first showed me the internet

Firefox illustration by UX designer Gabrielle Lussier

Last week marked two years of working on Firefox. For me, this was a return to the browser I fervently used in my early internet days (circa 2004–2011). I don’t recall exactly when I left, and whether it was abrupt or gradual, but at some point Firefox was out and Chrome was the browser on my screen. Looking back, I’m pretty sure it was notifications telling me Gmail would work better on Chrome that led me there. Oof.

I certainly wasn’t alone. The storied history of browsers (including not one, but two browser wars) is marked by intense competition and shifting landscapes. Starting around 2010–2011, as Chrome’s market share went up, Firefox’s went down.

A doorway to the internet

When I started working on Firefox, a colleague likened a browser to a doorway — you walk through several a day, but don’t think much about them. It’s a window to the internet, but it’s not the internet. It helps you search the web, but it’s not a search engine. It’s a universal product, but many struggle to describe it.

So what is it, then, and why am I so happy I get to spend my days thinking about it?

A browser is an enabler, facilitating online exploration, learning, work, communication, entertainment, shopping, and more. More technically, it renders web pages, uses code to display content, and provides navigation and organization tools that allow people to explore, interact with, and retrieve information on the web.

With use cases galore, there are challenges. It’s a product that needs to be good at many things.

To help our design, product and engineering stakeholders meet these challenges, the Firefox User Research team tackles topics including managing information in the browser (what’s your relationship to tabs?), privacy in the browser, when and how people choose browsers (if they choose at all), and why they stay or leave. Fascinating research topics feel endless in the browser world.

My introduction to browser users

For my first project at Mozilla, I conducted 17, hour-long, in-depth interviews with browser users. A formative introduction to how people think about and use browsers. When I look back on that study, I recall how much I learned about a product that I previously hadn’t given much thought to. Here I summarize some of those initial learnings.

Browser adoption on desktop vs mobile: Firefox is a browser that people opt-in to. Unlike other mainstream browsers, it doesn’t come pre-installed on devices. This means that users must actively choose Firefox, bypassing the default. While many people do this — close to 200 million monthly on Firefox — using the default is common, and even more so on mobile. When talking to users of various browsers, the sentiment that “I just use what came on the device” is particularly prevalent for mobile.

Why is this so? For one, people have different needs on their desktop and mobile browsers (e.g. conducting complex work vs quick searches), leading to different behaviors. The presence of stand-alone apps on mobile that help people accomplish some of the tasks they might have otherwise done in their browser (e.g. email, shopping) also differentiate the experience.

That’s not the whole story, though. Gatekeeping practices by large tech companies, such as self-preferencing and interoperability, play a role. These practices, which Europe’s Digital Markets Act and related remedies like browser choice screens aim to address, limit consumer choice and are especially potent on mobile. In my in-depth interviews, for example, I spoke with a devoted Firefox desktop user. When explaining to me why she used the default browser on her mobile phone, she held up her phone, pointing to the dock at the bottom of her home screen. She wanted quick access to her browser through this dock, and didn’t realize she could replace the default browser that came there with one of her choosing.

Online privacy dilemmas: Having worked on privacy and the protection of personal information in the past, I was keen to learn about users’ attitudes and behaviors towards online privacy. What were their stances? How did they protect themselves? My in-depth interviews revealed that attitudes and feelings range vastly: protective, indifferent, disempowered, resigned. And often, attitudes and values towards privacy don’t align with behaviors. In today’s online world, acting on your values can be hard.

The intention-action gap speaks to the many cases when our attitudes, values or goals are at odds with our behavior. While the draw of convenience and other tradeoffs are certainly at play in the online privacy gap, so too are deceptive digital designs that make it all too difficult to use the internet on your own terms. These include buried privacy settings, complex opt-out processes, and deceptive cookie banners.

Navigating online privacy risks can feel daunting and confusing — and for good reason. One participant in the interviews described it as something that she didn’t have the time or esoteric knowledge for, even though she cared about it:

“It’s so big and complicated for a user like me, you really have to put in the time to figure it out, to understand it. And I don’t have the time for that, I honestly don’t. But that doesn’t stop me from doing things online, because, how, if being online is such an important part of my day?”

On the browser side, the technical aspects of online privacy present a perennial challenge for communicating our protective measures to users. How do we communicate the safeguards we offer users in ways that are accessible and effective?

Browser recommendations: For a product that isn’t top of mind for most people, many are steered to their browsers by word of mouth and other types of recommendations. In fact, we consistently find that around one-third of our users report having recommended Firefox in the past month. That’s more people talking about browsers than I would have imagined.

The people I interviewed spoke about recommendations from family members (“Mom, you need to step up your browser game!” one participant recalled her son saying as he guided her to a new browser), tech-oriented friends, IT departments at work, computer repair shops, and online forums and other communities.

One factor behind personal recommendations is likely that most people are satisfied with their browser. Our quantitative user research team finds high levels of browser satisfaction among not only Firefox users, but the users of other popular browsers examined in their work.

Wrapping up

Coming back to Firefox involved a process of piecing together what had happened to the browser with the little fox. In doing so, I’ve learned a lot about what brings people to browsers, and away from them, and the constrained digital landscape in which these dynamics occur. The web has changed a great deal since Firefox 1.0 was released in 2004, but Mozilla’s goal of fostering an open and accessible internet remains constant.

Thank you for reviewing a draft of this post, Laura Lopez and Rosanne Scholl.

You might be scrolling through your morning news, checking email, or any other routine online moment when suddenly you notice a small winged beast slowly glide across your screen. It’s a challenge. A chance to earn more crystals. A fight to the finish, should you choose to accept the duel. Since you’re not super busy and battles only take a few seconds — and you sure could use more crystals to upgrade gear — you click the angry creature and next thing you know your Network Guardian (avatar) and opponent appear on floating battle stations exchanging blows. It’s a close contest, but soon your nemesis succumbs to his injuries. The thrill of victory is fleeting, though. Gotta get back to those emails.

 

Customize the skills, gear (and fashion!) of your own Network Guardian.

Dedalium is a novel game concept. There are a lot of browser games out there, but nothing quite like Dedalium, which turns the entire internet into a role-playing game, or RPG. You start by customizing the look and skills of your Network Guardian and then you’re ready to wait for battle invites to emerge; or you can go on the offensive and seek out challengers. Beyond battles, you’ll occasionally find crystals or loot boxes on the edges of your screen.

There’s also a solo Adventure mode featuring 100+ levels that lead to a final battle against the big boss Spamicus Wildpost, who has never been defeated since Dedalium’s beta launch last year.

“We’ve created something new and innovative,” says Dedalium co-creator Joel Corominas. “We call this concept ‘augmented web’ akin to augmented reality but within the web environment. While it may take time for players and browser users to fully appreciate, we strongly believe it will become a significant trend in the future. We are proud to have pioneered this concept and believe it adds a fun, interactive layer to web browsing.”

Dedalium is the debut title from Loycom Games, which Corominas co-founded in 2021 with his game development partner Adrián Quevedo. Loycom’s mission is to “gamify internet browsing.”

Still in beta, Dedalium is growing quickly. About 4,000 players currently engage with the game daily across various browsers. If you’re looking for an entirely unique browser gaming experience, Dedalium is definitely that. At first I was worried random game prompts would get annoying as I went about my business on the web, but to my delight I usually found myself eager to engage in a quick Dedalium detour. The game does a great job of never feeling intrusive. But even so, you can pause the game anytime and set specific websites as no-play zones.

If turning the entire web into an RPG sounds like a good time, give Dedalium a shot and good luck gathering those crystals!

Do you have an intriguing extension development story? Do tell! Maybe your story should appear on this blog. Contact us at amo-featured [at] mozilla [dot] org and let us know a bit about your extension development journey.

The post Developer Spotlight: Dedalium — turn the entire web into an RPG game appeared first on Mozilla Add-ons Community Blog.

Welcome add-on developers! Below is the next installation in our series of community updates designed to provide clarity and transparency as we continue to deliver Manifest V3 related improvements with each new Firefox release.

The engineering team continues to build upon previous MV3 Chrome compatibility related work available in Firefox 126 with several additional items that landed in Firefox 127, which was released on June 11. Beginning in the 127 release, the following improvements have launched:

• Customized keyboard shortcuts associated with the _execute_browser_action command for MV2 extensions will be automatically associated with the _execute_action command when migrating the same extension to MV3. This allows the custom keyboard shortcuts to keep functioning as expected from an end user perspective.
• declarativeNetRequest getDynamicRules and getSessonRules API methods now accept the additional ruleIds filter as a parameter and the rule limits have been increased to match the limits enforced by other browsers.

The team will land more Chrome compatibility enhancements in Firefox 128 in addition to delivering other Manifest V3 improvements, at which time MV3 will be supported on Firefox for Android.

And to reiterate a couple important points we’ve communicated in our previous updates published in March and May:

• The webRequest API is not on a deprecation path in Firefox
• Mozilla has no plans to deprecate MV2

For more information on adopting MV3, please refer to our migration guide. If you have questions or feedback on our MV3 plans we would love to hear from you in the comments section below or if you prefer, drop us an email. Thanks for reading and happy coding!

The post Manifest V3 updates landed in Firefox 127 appeared first on Mozilla Add-ons Community Blog.

The Rust team is happy to announce a new version of Rust, 1.79.0. Rust is a programming language empowering everyone to build reliable and efficient software.

If you have a previous version of Rust installed via rustup, you can get 1.79.0 with:

$ rustup update stable

If you don't have it already, you can get rustup from the appropriate page on our website, and check out the detailed release notes for 1.79.0.

If you'd like to help us out by testing future releases, you might consider updating locally to use the beta channel (rustup default beta) or the nightly channel (rustup default nightly). Please report any bugs you might come across!

What's in 1.79.0 stable Inline const expressions

const { ... } blocks are now stable in expression position, permitting explicitly entering a const context without requiring extra declarations (e.g., defining const items or associated constants on a trait).

Unlike const items (const ITEM: ... = ...), inline consts are able to make use of in-scope generics, and have their type inferred rather than written explicitly, making them particularly useful for inline code snippets. For example, a pattern like:

const EMPTY: Option<Vec<u8>> = None; let foo = [EMPTY; 100];

can now be written like this:

let foo = [const { None }; 100];

Notably, this is also true of generic contexts, where previously a verbose trait declaration with an associated constant would be required:

fn create_none_array<T, const N: usize>() -> [Option<T>; N] { [const { None::<T> }; N] }

This makes this code much more succinct and easier to read.

See the reference documentation for details.

Bounds in associated type position

Rust 1.79 stabilizes the associated item bounds syntax, which allows us to put bounds in associated type position within other bounds, i.e. T: Trait<Assoc: Bounds...>. This avoids the need to provide an extra, explicit generic type just to constrain the associated type.

This feature allows specifying bounds in a few places that previously either were not possible or imposed extra, unnecessary constraints on usage:

• where clauses - in this position, this is equivalent to breaking up the bound into two (or more) where clauses. For example, where T: Trait<Assoc: Bound> is equivalent to where T: Trait, <T as Trait>::Assoc: Bound.
• Supertraits - a bound specified via the new syntax is implied when the trait is used, unlike where clauses. Sample syntax: trait CopyIterator: Iterator<Item: Copy> {}.
• Associated type item bounds - This allows constraining the nested rigid projections that are associated with a trait's associated types. e.g. trait Trait { type Assoc: Trait2<Assoc2: Copy>; }.
• opaque type bounds (RPIT, TAIT) - This allows constraining associated types that are associated with the opaque type without having to name the opaque type. For example, impl Iterator<Item: Copy> defines an iterator whose item is Copy without having to actually name that item bound.

See the stabilization report for more details.

Extending automatic temporary lifetime extension

Temporaries which are immediately referenced in construction are now automatically lifetime extended in match and if constructs. This has the same behavior as lifetime extension for temporaries in block constructs.

For example:

let a = if true { ..; &temp() // used to error, but now gets lifetime extended } else { ..; &temp() // used to error, but now gets lifetime extended };

and

let a = match () { _ => { ..; &temp() // used to error, but now gets lifetime extended } };

are now consistent with prior behavior:

let a = { ..; &temp() // lifetime is extended };

This behavior is backwards compatible since these programs used to fail compilation.

Frame pointers enabled in standard library builds

The standard library distributed by the Rust project is now compiled with -Cforce-frame-pointers=yes, enabling downstream users to more easily profile their programs. Note that the standard library also continues to come up with line-level debug info (e.g., DWARF), though that is stripped by default in Cargo's release profiles.

Stabilized APIs

• {integer}::unchecked_add
• {integer}::unchecked_mul
• {integer}::unchecked_sub
• <[T]>::split_at_unchecked
• <[T]>::split_at_mut_unchecked
• <[u8]>::utf8_chunks
• str::Utf8Chunks
• str::Utf8Chunk
• <*const T>::is_aligned
• <*mut T>::is_aligned
• NonNull::is_aligned
• <*const [T]>::len
• <*mut [T]>::len
• <*const [T]>::is_empty
• <*mut [T]>::is_empty
• NonNull::<[T]>::is_empty
• CStr::count_bytes
• io::Error::downcast
• num::NonZero<T>
• path::absolute
• proc_macro::Literal::byte_character
• proc_macro::Literal::c_string

These APIs are now stable in const contexts:

• Atomic*::into_inner
• io::Cursor::new
• io::Cursor::get_ref
• io::Cursor::position
• io::empty
• io::repeat
• io::sink
• panic::Location::caller
• panic::Location::file
• panic::Location::line
• panic::Location::column

Other changes

Check out everything that changed in Rust, Cargo, and Clippy.

Contributors to 1.79.0

Many people came together to create Rust 1.79.0. We couldn't have done it without all of you. Thanks!

It’s easy to mock generative AI for weird stuff like telling people to put glue on pizza, inspiring a reporter to write a story about making glue pizza, then summarizing the story. But there is a serious side to the AI issue. Protecting the content of a web site from AI training is not just about trying to avoid market competition with copied and scrambled versions of your own content. it’s not fair use, seriously, just read the actual four factors of fair use or ask a librarian. It’s just not a thing. When you put parts of your personal life on your web site, the blurry compressed version of it that AI spews out has other, more personal, risks too. Nonconsensual Nude Apps are just the beginning. AI companies, operating at large scale with little human moderation, process people’s personal info in irresponsible or illegal ways. MSN boosted an AI-generated article stating that an Irish DJ and talk-show host was on trial over alleged sexual misconduct.

AI-specific laws are still in progress, and copyright cases are still making their way through the court system. I still don’t know if all the stuff I did to block AI training on a web site is going to be enforceable—it depends on how well web site Terms of Service hold up in court as contracts. But in the meantime we do have a tool that is already in place and tested. An Opt-Out Preference Signal like Global Privacy Control is a way to signal, in a legally enforceable way, that you opt out of the sale or sharing of your personal information.

GPC already protects residents of California, Colorado, Connecticut, and other states in the USA, and enforcement is coming on line in other jurisdications as well. Sounds like a useful tool, right? But there’s one missing piece. The GPC standard covers a signal sent from the client to the server. When you visit a site as a user, this is just fine. But when you need protection for a blog, a portfolio, or a profile page, your personal info is on a server, but the company looking to exploit it is running a client—a crawler or scraper. That’s where we need to borrow some basics from the methods for blocking AI training on a web site and add a meta tag and HTTP header that work like GPC, from server to client.

The header is pretty easy. I just did it. Have a look at this site’s HTTP headers in developer tools or do a

curl -I -q https://blog.zgp.org/ | grep X-Robots-Tag

and there it is.

X-Robots-Tag: noai, noimageai, SPC

And here’s the meta tag.

<meta name=”robots” content=”noai, noimageai, SPC”> TODO items

• Colorado has a process for registering OOPSs, so I will need to write this up and submit it so it’s valid there. In other jurisdictions the OOPS is valid as long as it expresses the deliberate opt-out of the user, which mine does.

• Just to make it extra clear, I need to put something in my Web Site User Agreement, the way a lot of sites do for noai

• continue to GPC all the things!

Remember that laws are downstream of norms here. People generally believe in moral rights and some kind of copyrights for people who do creative work, and people generally believe in some kind of privacy right to control use of your personal information. And you shouldn’t be at a disadvantage when you choose to share personally relevant content on your own site compared to people who share on a big service. The details will get worked out. Big AI will probably be able to make bogus legal arguments, delay, and lobby for a while, but in the long run the law will reflect norms more than it reflects billable hours spent trying to push a disliked business model uphill. Comments and suggestions welcome.

Related

GPC all the things!

Block AI training on a web site

Bonus link

AI chatbots are intruding into online communities where people are trying to connect with other humans (not with personal stories based on mine they’d better not)

WebDriver is a remote control interface that enables introspection and control of user agents. As such it can help developers to verify that their websites are working and performing well with all major browsers. The protocol is standardized by the W3C and consists of two separate specifications: WebDriver classic (HTTP) and the new WebDriver BiDi (Bi-Directional).

This newsletter gives an overview of the work we’ve done as part of the Firefox 127 release cycle.

Contributions

Firefox – including our WebDriver implementation – is developed as an open source project, and everyone is welcome to contribute. We are always grateful to receive external contributions, here are the ones which made it in 127:

• Victoria simplified our implementation of the “Is Element Enabled” command for WebDriver classic in order to use regular DOM APIs instead of an external helper imported from Selenium. This cleanup will also make this command easier to maintain in the future.
• Gravyant added a new isInstance assertion helper which can be used in the WebDriver codebase to check that a given object is an instance of a specific class.

WebDriver code is written in JavaScript, Python, and Rust so any web developer can contribute! Read how to setup the work environment and check the list of mentored issues for Marionette.

General Bug fixes

• Fixed a bug with the "wheel" action, which can be used both in WebDriver BiDi and WebDriver classic. We now correctly handle modifier keys such as Shift, Control, etc. With this, you can simulate a user action scrolling the wheel while holding a modifier.

WebDriver BiDi New: Support for the “permissions.setPermission” command

The permissions module is an extension to the WebDriver BiDi specification, defined in the Permissions specification. It is the first extension for WebDriver BiDi to be implemented in Firefox, with the permissions.setPermission command. This command allows you to grant, deny or prompt for a given permission, such as “geolocation”. The permission will be set for a provided origin, and optionally for a specific user context.

The descriptor argument should be a Permission Descriptor, which is basically an object with a name string property set to the name of the permission to update. The state argument should be one of "granted", "denied" or "prompt". The origin argument should be the origin for which the permission setting will be set. And finally the optional argument userContext should be the user context id where the permission should be applied ("default" if omitted).

Below is an example of setting the "geolocation" permission to "prompt" for the "https://www.google.com" origin:

-> { "method": "permissions.setPermission", "params": { "descriptor": { "name": "geolocation", }, "state": "prompt", "origin": "https://www.google.com" }, "id": 2 } <- { "type": "success", "id": 2, "result": {} }

Afterwards, trying to use a geolocation feature on a website with the “https://www.google.com” origin such as Google Maps will trigger the permission prompt as shown below:

<figcaption class="wp-element-caption">Google Maps shows the "geolocation" permission prompt</figcaption> New: Support for accessibility locator in the “browsingContext.locateNodes” command

The accessibility locator allows you to find elements matching a specific computed role or accessible name. This locator has the type "accessibility", and for the value it expects an object with a "name" property (for accessible name) and/or a "role" property (for computed role). You may provide one or both properties at the same time. Note that the start nodes (startNodes argument) can contain elements, documents and document fragments.

For instance, considering the following markup, which attributes the checkbox role to a span, labelled by another span element:

<!DOCTYPE html> <html> <body> <span role="checkbox" aria-checked="false" tabindex="0" aria-labelledby="tac" ></span> <span id="tac">Checkbox name</span> </body> </html>

You can find the checkbox element either by using the “role” accessibility locator:

{ "method": "browsingContext.locateNodes", "params": { "locator": { "type": "accessibility", "value": { "role": "checkbox" } }, "context": "2a22b1c6-6fa8-4e62-b4af-32ed2ff1ced7" }, "id": 19 }

Or by using the accessible name, which is the value of the aria-labelledby element:

{ "method": "browsingContext.locateNodes", "params": { "locator": { "type": "accessibility", "value": { "name": "Checkbox name" } }, "context": "2a22b1c6-6fa8-4e62-b4af-32ed2ff1ced7" }, "id": 20 }

Both commands will return the span with role="checkbox":

{ "type": "success", "id": 20, "result": { "nodes": [ { "type": "node", "sharedId": "16d8d8ab-7404-4d4b-83e9-203fd9801f0a", "value": { "nodeType": 1, "localName": "span", "namespaceURI": "http://www.w3.org/1999/xhtml", "childNodeCount": 0, "attributes": { "role": "checkbox", "aria-checked": "false", "tabindex": "0", "aria-labelledby": "tac" }, "shadowRoot": null } } ] } } New: Support for “devicePixelRatio” parameter in the “browsingContext.setViewport” command

We now support the devicePixelRatio parameter in the browsingContext.setViewport command, which allows to emulate the behavior of screens with different device pixel ratio (such as high density displays). The devicePixelRatio is expected to be a positive number.

Bug fixes

• We fixed a race condition in browsingContext.navigate which could lead to unnecessary waiting when creating new tabs.

Marionette (WebDriver classic) Bug fixes

• WebDriver:ElementClear now works as expected with elements nested in a disabled fieldset.
• We fixed a bug with WebDriver:GetElementText which failed to correctly capitalize text containing an underscore (_).
• WebDriver:SwitchToFrame will no longer fail when called in the middle of an ongoing navigation.

Do you like your computers to be big, fire-prone and inflexible? Then you'll love macOS Sequoia, another missed naming opportunity from the company that should have brought you macOS Mettler, macOS Bolinas (now with no support for mail), or macOS Weed. Plus, now you'll have to deal with pervasive ChatGPT integration, meaning you won't have to watch the next Mission: Impossible to find out what the Entity AI will do to you.

Now that I've had my cup of snark, though, Intel Mac users beware: this one almost uniformly requires a T2 chip, the Apple A10 derivative used as a security controller in the last generation of Intel Macs, and even at least one Mac that does have one isn't supported (the 2018 MacBook Air, presumably because of its lower-powered CPU-GPU, which is likely why the more powerful 2019 iMac without one is supported, albeit incompletely). It would not be a stretch to conclude that this is the final macOS for Intel Macs, though Rosetta 2's integration to support x86_64 in VMs means Intel Mac software will likely stay supported on Apple silicon for awhile. But that shouldn't be particularly surprising. What I did find a little more ominous is that only the 2020 MacBook Air and up is supported in their price segment, and since those Macs are about four years old now, it's possible some M1 Macs might not make the jump to macOS 16 either — whatever Apple ends up calling it.

Our Community Office Hours session for May 2024 has concluded, and it was quite informative (especially for non-developers like me)! Wayne and Daniel shed light on Thunderbird’s build and release process, ran through a detailed presentation, answered questions, and treated us to live demos showing how a new Thunderbird build gets pushed and promoted to release.

Below you’ll find a lightly edited recording of the session, and the presentation slides in PDF format.

We’ll be announcing the topic of our June Office Hours session soon, so keep an eye on the Thunderbird blog.

PDF Presentation | Build & Release: How It’s DoneDownload Links and Further Reading

• Download Channels: ESR, Beta, Daily, default release
• Thunderbird’s release and events calendar (closely follows the Firefox release schedule)
• Thunderbird Release Notes
• Thunderbird CI Docs
• Treeherder
• Thunderbird statistics
• Thunderbird crash statistics

ORIGINAL ANNOUNCEMENT

Have you ever wondered what the release process of Thunderbird is like? Wanted to know if a particular bug would be fixed in the next release? Or how long release support lasts? Or just how many point releases are there?

In the May Office Hours, we’ll demystify the current Thunderbird release process as we get closer to the next Extended Security Release on July 10, 2024. 

May Office Hours: The Thunderbird Release Process

One of our guests you may know already: Wayne Mery, our release and community manager. Daniel Darnell, a key release engineer, will also join us. They’ll answer questions about what roles they play, how we stage releases, and when they know if releases are ready. Additionally, they’ll tell us about the future of Thunderbird releases, including working with add-on developers and exploring a monthly release cadence.

Join us as our guests answer these questions and more in the next edition of our Community Office Hours! You can also submit your own questions about this topic beforehand and we’ll be sure to answer them: officehours@thunderbird.net

Catch Up On Last Month’s Thunderbird Community Office Hours

While you’re thinking of questions to ask, watch last month’s office hours where we chatted with three key developers bringing Rust and native Microsoft Exchange support into Thunderbird. You can find the video on our TILvids page.

Join The Video Chat

We’ll be back in our Big Blue Button room, provided by KDE and the Linux Application Summit. We’re grateful for their support and to have an open source web conferencing solution for our community office hours.

Date and Time: Friday, May 31 at 17:30 UTC

Direct URL to Join: https://meet.thunderbird.net/b/hea-uex-usn-rb1

Access Code: 964573

The post Thunderbird: The Build and Release Process Explained appeared first on The Thunderbird Blog.

(Update 14 Jun 2024: Add darkvisitors.com API and GPC.)

I’m going to start with a warning. You can’t completely block “AI” training from a web site. Underground AI will always get through, and it might turn out that the future of AI-based infringement is bot accounts so that the sites that profit from it can just be shocked at what one of their users was doing—kind of like how big companies monetize copyright infringement.

But there are some ways to tell the halfway crooks of the AI business to go away. Will update if I find others.

robots.txt

Dark Visitors - A List of Known AI Agents on the Internet is a good source of an up-to-date set of lines to add to your robots.txt file.

This site uses the API to catch up on the latest. So if I fall behind on reading the technology news, the Makefile has me covered.

# update AI crawlers blocking list from darkvisitors.com tmp/robots.txt : curl -X POST "https://api.darkvisitors.com/robots-txts" \ -H "Authorization: Bearer $(shell pass darkvisitors-token)" \ -H "Content-Type: application/json" \ -d '{"agent_types": ["AI Data Scraper", "AI Assistant", "Undocumented AI Agent", "AI Search Crawler"], "disallow": "/"}' \ > $@ # The real robots.txt is built from the local lines # in the conf directory, with the # darkvisitors.com lines added public/robots.txt : conf/robots.txt tmp/robots.txt cat conf/robots.txt tmp/robots.txt > $@

One of my cleanup scripts gets rid of the tmp/robots.txt fetched from Dark Visitors if it gets stale, and I use Pass to store the token.

X-Robots-Tag HTTP header

DeviantArt covers how to set the X-Robots-Tag header (which also has other uses to help control how search engines crawl your site) to express an opt-out.

On Apache httpd (I know, I’m old school) it’s something like this:

Header Set X-Robots-Tag "noai"

You can check it under “network” in browser developer tools. It should show up in response headers.

noai meta tag

Raptive Support covers the noai meta tag. Pretty easy, just put this in the HTML head with any other meta and link elements.

<meta name="robots" content="noai, noimageai">

That support FAQ includes a good point that applies to all of these—the opt out is stronger if it’s backed up with the site Terms of Service or User Agreement. Big companies have invested hella lawyer hours in making these things more enforceable, and if they wanted to override ToS they would be acting against their other interests in keeping their sites in company town mode.

new: privacy opt out for servers

This is the first site to include the new SPC meta tag and X-Robots-Tag header for a privacy opt-out that works like Global Privacy Control but for servers. Basically you have legally enforceable rights in your personal information, blogs have personal information, but regular GPC only works from your browser (client) to company on the server. This goes the other way, and sends a legally enforceable* *yes, I know, this has not yet been tested in court, but give it a minute, we’re just getting started here privacy signal from a personal blog on the server to an AI scraper on the client side.

So the new header on here is

X-Robots-Tag: noai, noimageai, SPC

So we’re up to four, somebody send me number five?

Related

Google Chrome ad features checklist covers the client side of this— how to protect your personal info, and other people’s, from being fed to AI (among other abuses)

remove AI from Google Search on Firefox: how to remove the “AI”-generated material from Google search results

How to Stop Your Data From Being Used to Train AI | WIRED covers much other software including Adobe, Slack, and others. The list below only includes companies currently with an opt-out process. For example, Microsoft’s Copilot does not offer users with personal accounts the option to have their prompts not used to improve the software.

Bonus links

The Internet is a Series of Webs The future of the internet seems up in the air. Consumed by rotting behemoths. What we have now is failing, but it is also part of our every-day life, our politics, our society, our communities and our friendships. All of those are at risk, in part because the ways we communicate are under attack. (So if Google search ads are scammy enough to get an FBI warning, Meta is a shitshow, and Amazon is full of fake and stolen stuff, what do you do? Make a list of legit companies on your blog and hope others do the same?)

For tech CEOs, the dystopia is the point The CEOs obviously don’t much care what some flyby cultural critics think of their branding aspirations, but beyond even that, we have to bear in mind that these dystopias are actively useful to them.

Apple Removes Nonconsensual AI Nude Apps Following 404 Media Investigation (think of how bad the Internet would be without independent sites covering the big companies…then go subscribe to 404 Media.)

Amazon is filled with garbage ebooks. Here’s how they get made. The biographer in question was just one in a vast, hidden ecosystem centered on the production and distribution of very cheap, low-quality ebooks about increasingly esoteric subjects. Many of them gleefully share misinformation or repackage basic facts from WikiHow behind a title that’s been search-engine-optimized to hell and back again. Some of them even steal the names of well-established existing authors and masquerade as new releases from those writers. (I’m going to the real bookstore.)

“Pink slime” local news outlets erupt all over US as election nears Kathleen Carley, a computer science professor at Carnegie Mellon University, said her research suggests that following the 2022 midterms “a lot more money” is being poured into pink slime sites, including advertising on Meta.

Since there’s a search quality crisis on, a lot of the companies you might find on social media are scams, and a lot of the stuff sold on big retail sites is fake, here are some real businesses I can recommend in several categories. Will fill in some more.

I personally know about all of these and would be happy to answer questions.

art, crafts, gifts

Modern Mouse (A place for local artists and artisans to sell their work.)

audio gear

Sweetwater is a good source of pro/semi-pro/office/podcasting equipment. Good support for checking compatibility and other questions.

books

Books Inc (Several Bay Area locations including SFO. If they don’t have it they can order it.)

burritos

Island Taqueria 1313 Park St., Alameda. (Bay Area’s best burritos. El Gran Taco in San Francisco would have been a contender but they’re gone now.)

car repair

Fred’s Wrenchouse has kept a 22-year-old car going for me. (They also provide good recommendations for shops that do the work they don’t.)

delicatessen

Zingerman’s Deli (mail order available)

earbuds

JVC Gumy HAFX7 These really sound good and come with a set of silicone ear pieces in different sizes, so in real-world listening situations they sound better than more expensive options that don’t fit as well. (In my experience most drama and waste from electronic devices are caused by apps, firmware, Terms of Service, radios, and batteries. These have none of those.)

electrician

sotelectric dot com memo to self: check and fix link

hardware

Encinal True Value Hardware

Paganos Hardware

irrigation

The Urban Farmer Store

Internet service

monkeybrains.net

pharmacy

Versailles Pharmacy 2801 Encinal Ave., Alameda.

plants

Annie’s Annuals and Perennials

plumbing

Gladiator Plumber 1752 Timothy Drive, San Leandro.

roofing

Planchon Roofing & Siding Co

sidewall shingling

Nica Sidewall Shingling

stereo repair

Champlifier

Bonus links

Microsoft is reworking Recall after researchers point out its security problems (Maybe this is downstream of extreme economic inequality? When so many decisions are made by an out-of-touch management class that shares few of the problems of regular people, new product news turns into an endless stream of weird shit that makes regular people’s problems worse.)

New York to ban ‘addictive’ suggested posts on social media feeds for kids In practice, the bill would stop platforms from showing suggested posts to people under the age of 18, content the legislation describes as addictive. Instead, children would get posts only from accounts they follow. A minor could still get the suggested posts if he or she has what the bill defines as verifiable parental consent.

We’re unprepared for the threat GenAI on Instagram, Facebook, and Whatsapp poses to kids Waves of Child Sexual Abuse Material (CSAM) are inundating social media platforms as bad actors target these sites for their accessibility and reach. (The other issue is labor organizing among social site moderators. The people who run social platforms seem to really think they can AI their way out of dealing with the moderators’ union.)

I turned in my manuscript! (Looks like Evan’s ActivityPub book is coming soon. I put in a purchase request at the library already.)

Thunderbird wouldn’t be here today without its incredible and dedicated contributors. The people developing Thunderbird and all of its add-ons, testing new releases, and supporting fellow users, for example, are the wind beneath our wings. It’s time to give them the spotlight in our new Contributor Highlight series.

We kick things off with Arthur, who contributes to Thunderbird by triaging and filing bug reports at Bugzilla, as well as assisting others.

Arthur, Chicago USA

Why do you like using Thunderbird?

Thunderbird helps me organize my life and I could not function in this world without its Calendar feature. It syncs well with things I do on my Android device and I can even run a portable version of it on my USB drive when I don’t have physical access to my home or office PC. Try doing that with that “other” email client.

What do you do in the Thunderbird community and why do you enjoy it? What motivates you to contribute?

Being a user myself, I can help other users because I know where they’re coming from. Also, having a forum like Bugzilla allows regular users to bring bugs to the attention of the Devs and for me to interface with those users to see if I can reproduce bugs or help them resolve issues. Having a direct line to Mozilla is an amazing resource. If you don’t have skin in the game, you can’t complain about the direction in which a product goes.

How do you relate your professional background and volunteerism to your involvement in Thunderbird?

As an IT veteran of 33+ years, I am very comfortable in user facing support and working with app vendors to resolve app problems but volunteering takes on many forms and is good for personal growth. Some choose to volunteer at their local Food Panty or Homeless shelter. I’ve found my comfort zone in leveraging my decades of IT experience to make something I know millions of users use and help make it better.

Share Your Contributor Highlight (or Get Involved!)

A big thanks to Arthur and all our Thunderbird contributors who have kept us alive and are helping us thrive! We’ll be back soon with more contributor highlights to spotlight more of our community.

If you’re a contributor who would like to share your story, get in touch with us at community@thunderbird.net. If you’re reading this and want to know more about getting involved with Thunderbird, check out our new and improved guide to learn about all the ways to contribute your skills to Thunderbird.

The post Our First Thunderbird Contributor Highlight! appeared first on The Thunderbird Blog.

Most of the web already supports HTTPS: In fact, 93% of requests made by Firefox are already HTTPS. As a reminder, HTTP over TLS (HTTPS) fixes the security shortcoming of HTTP by creating a secure and encrypted connection. Oftentimes, when web applications enable encryption with HTTPS on their servers, legacy content may still contain references using HTTP, even though that content would also be available over a secure and encrypted connection. When such a document gets loaded over HTTPS but subresources like images, audio and video are loaded using HTTP, it is referred to as “mixed content”.

Starting with version 127, Firefox is going to automatically upgrade audio, video, and image subresources from HTTP to HTTPS.

Background

When introducing the notion of “mixed content” a long while ago, browsers used to make a fairly sharp distinction between active and passive mixed content: Loading scripts or iframes over HTTP can be really detrimental to the whole document’s security and has long since been blocked as “active mixed content”. Images and other resources were otherwise called “passive” or “display” mixed content. If a network attacker could modify them, they would not gain full control over the document. So, in hope of supporting most existing content, passive content had been allowed to load insecurely, albeit with a warning in the address bar.

Previous behavior, without upgrading: Degraded lock icon, with a warning sign in the lower right corner.

With the web platform supporting many new and exciting forms of content (e.g., responsive images), that notion became a bit blurry: Responsive images are not active in a sense that a malicious responsive image can take over the whole web page. However, with an impetus toward a more secure web, since 2018, we require that new features are only available when using HTTPS.

Upgradable and blockable mixed content

Given these blurry lines between active and passive mixed content, the latest revision of the Mixed content standard distinguishes between blockable and upgradable content, where scripts, iframes, responsive images and really all other features are considered blockable. The formerly-called passive content types (<img>, <audio> and <video> elements) are now being upgraded by the browser to use HTTPS and are not loaded if they are unavailable via HTTPS.

This also introduces a behavior change in our security indicators: Firefox will no longer make use of the tiny warning sign in the lower right corner of the lock icon:

After our change. A fully secure lock icon. The image load was successfully upgraded or failed (e.g., Connection Reset).

With Firefox 127, all mixed content will either be blocked or upgraded. Making sure that documents transferred with HTTPS remain fully secure and encrypted.

Enterprise Users

Enterprise users that do not want Firefox to perform an upgrade have the following options by changing the existing preferences:

• Set security.mixed_content.upgrade_display_content to false, such that Firefox will continue displaying mixed content insecurely (including the degraded lock icon from the first picture).
• Set security.mixed_content.block_display_content to true, such that Firefox will block all mixed content (including upgradable).

Reasons for changing these preferences might include legacy infrastructure that does not support a secure HTTPS experience. We want to note that neither of these options are recommended because with those, Firefox would deviate from an interoperable web platform. Furthermore, these preferences do not receive the amount of support, scrutiny and quality assurance as those available in our built-in settings page.

Outlook

We will continue our mission where privacy and security is not optional, to bring yet more HTTPS to the web: Next up, we are going to default all addresses from the URL bar to prefer HTTPS, with a fallback to HTTP if the site does not load securely. This feature is already available in Firefox Nightly.

We are also working on another iteration that upgrades more page loads with a fallback called “HTTPS-First” that should be in Firefox Nightly soon. Lastly, security-conscious users with a higher desire to not expose any of their traffic to the network over HTTP can already make use of our strict HTTPS-Only Mode, which is available through Firefox settings. It requires all resource loads to happen over HTTPS or else be blocked.

The post Firefox will upgrade more Mixed Content in Version 127 appeared first on Mozilla Security Blog.

Welcome reader! This is the place where we, the Thunderbird for Android team, inform you about what we worked on in May 2024.

We’ve been publishing monthly progress reports for quite a while now. If you haven’t subscribed to the RSS feed yet, now would be a good time to start. You can even use your favorite desktop app to do so – see Thunderbird + RSS: How To Bring Your Favorite Content To The Inbox.

And if you need a reminder on where we left off last month, head over to April’s progress report.

Material 3

The most noticeable development effort going on right now is the conversion of the user interface to the design system Material 3. You can follow our progress by becoming a beta tester and installing the K-9 Mail 6.9xx beta versions.

The first step consisted of changing the theme to Material 3. That changes things like the style of buttons and dialogs. 

Next, we replaced the many icons used throughout the app. But when using the beta version we — and some of you — noticed that not all of the new icons are a good fit. So we’ll update those icons in the next design iteration.

One of the main reasons for switching to Material 3 is the ability to support dynamic colors. It will allow the app to (optionally) use the system color scheme e.g. derived from the wallpaper. But in order for this to work properly, we need to update many places in the app that currently use fixed theme colors. This is an ongoing effort.

Targeting Android 14

As mentioned in April’s progress report, we’ve included the changes necessary to target Android 14 in the latest beta versions. So far we haven’t seen any crashes or bug reports related to these changes. So we plan to include them in the next maintenance release – K-9 Mail 6.804.

F-Droid metadata (part 3)

Unfortunately, this topic was part of the last two progress reports. So we’re very happy to report that the app description is now finally available again on our F-Droid app listing.

Other things we’ve worked on Developer documentation

We’ve done some work on making our developer documentation more accessible. There’s now a table of contents and we have the capability to render it to HTML using mdbook. However, we haven’t set up automatic publishing yet. Until that happens, the documentation can be browsed on GitHub: K-9 Mail developer documentation.

Small IMAP improvements

We took some time to have a closer look at the communication between the app and the server when using the IMAP protocol and noticed a few places where the app could be more efficient. We’ve started addressing some of these inefficiencies. The result is that K-9 Mail can now perform some action with fewer network packets going back and forth between the app and the server.

Support for predictive back

Google is working on improving the user experience of the back gesture in Android. This effort is called predictive back. The idea is to reveal (part of) the screen to which a successful back gesture will navigate while the swipe gesture is still in progress.

In order for this to work properly, apps that currently intercept the back button/gesture will have to make some changes. We’ve started making the necessary modifications. But it’s still a work in progress.

Community Contributions

GitHub user Silas217209 added support for mailto: URIs on NFC tags (#7804). This was a feature a user requested in April.

Thank you for the contribution!

Releases

In May 2024 we published the following stable release:

• K-9 Mail v6.803 (2024-05-10)

… and the following beta versions:

• K-9 Mail v6.900 (beta) (2024-05-15)
• K-9 Mail v6.901 (beta) (2024-05-15)

Thanks for reading, testing, and participating. We’ll see you next month!

The post Thunderbird for Android / K-9 Mail: May 2024 Progress Report appeared first on The Thunderbird Blog.

So you’ve decided to do something about all those annoying ads you’re barraged with online. What pushed you over the edge? Auto-play video ads? Blaring banners? Tired of your music interrupted by a sudden sponsorship? Was it the realization they intentionally make the ‘Close’ buttons [x] on ads super tiny so you accidentally click the very thing you’re trying to avoid? 

There are a number of approaches you can take to blocking ads with a browser extension—it just depends on what you’re trying to achieve. Here are some of the best ad blockers based on different goals…

I just want an awesome, all-purpose ad blocker.

Keep in mind a benefit of any decent ad blocker is that you should experience a faster web, since fewer ads means there’s less content for your browser to load. It’s a win-win: ditch awful ads while speeding up your experience. 

Also know, however, that ad blockers can occasionally break web pages when innocent content gets caught in the ad blocking crossfire. Some websites will even detect ad blockers and restrict access until you disable the blocker.

uBlock Origin

By any measure uBlock Origin is one of the gold standards in ad blocking. Not only an elite ad blocker that stops nearly every type of ad by default—including video and pop-ups—uBlock Origin is lightweight, so it doesn’t consume much CPU and memory. 

Not much setup required. Works brilliantly out of the box with a matrix of built-in filters (though you can import your own), including a few that block more than just ads but hidden malware sources, as well. Clicking its toolbar icon activates the extension’s minimalist pop-up menu where at a glance you can see blocked tracking sources and how much of the overall page was nearly impacted by advertising. 

Unlike some ad blockers that allow what they consider “non-intrusive” ads through their filters, uBlock Origin has no advertising whitelist by default and tries to block all ads, unless you tell it otherwise.

AdBlock for Firefox

Refined extension design and strong content filters make AdBlock for Firefox a solid choice for people who don’t necessarily despise all ads (just the super annoying, invasive kind) and perhaps recognize that advertising, however imperfect it may be, provides essential compensation for your favorite content creators and platforms. 

AdBlock blocks all types of ads by default, but lets users opt in to Acceptable Ads by choice. Acceptable Ads is an independent vetting program where advertisers can participate to have their ads pass through content filters if they meet certain criteria, like only allowing display ads that fit within strict size parameters, or text ads that adhere to tight aesthetic restrictions. 

AdBlock also makes it easy for you to elect to accept certain niche types of advertising, like ads that don’t use third party tracking, or ads on your favorite YouTube and Twitch channels. 

<figcaption class="wp-element-caption">AdBlock makes it easy to allow ads on your favorite YouTube and Twitch channels.</figcaption>

AdBlock’s free tier works great, but indeed some of our favorite features—like device syncing and the ability to replace ads with custom pics of adorable animals!—sit behind a paid service.

I want ad blocking with a privacy boost.  

Arguably all ad blockers enhance your privacy and security, simply by virtue of the fact they block ads that have tracking tools embedded into them. Or even scarier than secretive corporate tracking is malvertising—ads maliciously infected with malware unbeknownst to even the advertising companies themselves, until it’s too late. 

So while all good ad blockers are privacy protective by nature, here are some that take additional steps…

AdGuard AdBlocker

Highly effective ad blocker and anti-tracker that even works well on Facebook and YouTube. AdGuard also smartly allows certain types of ads by default—like search ads (since you might be looking for a specific product or service) and “self promotion” ads (e.g. special deals on site-specific shopping platforms like “50% off today only!” sales, etc.)

AdGuard goes to great lengths to not only block the ads you don’t want, but the trackers trying to profile you. It automatically knows to block more than two million malicious websites and has one of the largest tracking filters in the game. 

Sick of social media ‘Like’ and ‘Share’ buttons crowding your page? Enable AdGuard’s social media filter and all social widgets are scrubbed away.

Ghostery

Block ads and hidden browser trackers by default. Ad blocking is but a part of Ghostery’s utility. 

Ghostery is quite powerful as a “privacy ad blocker,” but it also scores big points for being user-friendly and easy to operate. It’s simple to set Ghostery’s various core features, like enabling/disabling Enhanced Ad Blocking and Anti-Tracking. 

YouTube ads are out of control. AdBlocker for YouTube

If you don’t want to bother with any ad blocking other than YouTube, AdBlocker for YouTube is the choice. 

It very simply and effectively removes both video and display ads from YouTube. Period. Enjoy a faster and more focused YouTube experience. 

I want pop-up ads to go away forever.  Popup Blocker (strict)

This lightweight extension simply stops pop-ups from deploying. Popup Blocker (strict) conveniently holds them for you in the background—giving you the choice to interact with them if you want. 

You’ll see a notification alert when pop-ups are blocked. Just click the notification for options. 

My webmail is bloated with ads. Webmail Ad Blocker

Tired of ads thrown in your face when all you want to do is check email? 

Remove ads and get more breathing room in and around your inbox. Webmail Ad Blocker not only blocks all the box ads crowding the edges of your webmail, it also obliterates those sneaky ads that appear as unread messages. Ugh, gross. 

These are some of our favorite ad blockers. Feel free to explore more privacy & security extensions on addons.mozilla.org.

Firefox user loses 7470 opened tabs saved over two years after they can't restore browsing session  Tom's Hardware

PSA: You Have Less Than a Month to Download Your Mozilla Hubs Data  PCMag