Tag Archives: mozilla

Mozilla Firefox and a DNS security dilemma

Mozilla is proposing to make DNS over HTTPS default in Firefox. The feature is called Trusted Recursive Resolver, and currently it is available but off by default:

image

DNS is critical to security but not well understood by the general public. Put simply, it resolves web addresses to IP addresses, so if you type in the web address of your bank, a DNS server tells the browser where to go. DNS hijacking makes phishing attacks easier since users put the right address in their browser (or get it from a search engine) but may arrive at a site controlled by attackers. DNS is also a plain-text protocol, so DNS requests may be intercepted giving attackers a record of which sites you visit. The setting for which DNS server you use is usually automatically acquired from your current internet connection, so on a business network it is set by your network administrator, on broadband by your broadband provider, and on wifi by the wifi provider.

DNS is therefor quite vulnerable. Use wifi in a café, for example, and you are trusting the café wifi not to have allowed the DNS to be compromised. That said, there are further protections, such as SSL certificates (though you might not notice if you were redirected to a secure site that was a slightly misspelled version of your banking site, for example). There is also a standard called DNSSEC which authenticates the response from DNS servers.

Mozilla’s solution is to have the browser handle the DNS. Trusted Recursive Resolver not only uses a secure connection to the DNS server, but also provides a DNS server for you to use, operated by Cloudflare. You can replace this with other DNS servers though they need to support DNS over HTTPS. Google operates a popular DNS service on 8.8.8.8 which does support DNS over HTTPS as well as DNSSEC. 

While using a secure connection to DNS is a good thing, using a DNS server set by your web browser has pros and cons. The advantage is that it is much less likely to be compromised than a random public wifi network. The disadvantage is that you are trusting that third-party with a record of which sites you visit. It is personal data that potentially could be mined for marketing or other reasons.

On a business network, having the browser use a third-party DNS server could well cause problems. Some networks use split DNS, where an address resolves to an internal address when on the internal network, and an external address otherwise. Using a third-party DNS server would break such schemes.

Few will use this Firefox feature unless it is on by default – but that is the plan:

You can enable DNS over HTTPS in Firefox today, and we encourage you to.

We’d like to turn this on as the default for all of our users. We believe that every one of our users deserves this privacy and security, no matter if they understand DNS leaks or not.

But it’s a big change and we need to test it out first. That’s why we’re conducting a study. We’re asking half of our Firefox Nightly users to help us collect data on performance.

We’ll use the default resolver, as we do now, but we’ll also send the request to Cloudflare’s DoH resolver. Then we’ll compare the two to make sure that everything is working as we expect.

For participants in the study, the Cloudflare DNS response won’t be used yet. We’re simply checking that everything works, and then throwing away the Cloudflare response.

Personally I feel this should be opt-in rather than on by default, though it probably is a good thing for most users. The security risk from DNS hijacking is greater than the privacy risk of using Cloudflare or Google for DNS. It is worth noting too that Google DNS is already widely used so you may already be using a big US company for most of your DNS resolving, but probably without the benefit of a secure connection.

The Privacy Panel in Firefox OS

I tweeted about the privacy panel in Firefox OS, which attracted considerable interest, so I’m posting the snap I took of the feature.

image

Holding the phone is Alex Fowler, Mozilla’s Global Privacy and Policy Leader. The Location Blur feature is OS-wide, not specific to any app.

image

I find the feature interesting, because the ability to hide your location (somewhat; operators will still know which mast you are connecting to) is one that users deserve, but which runs counter to location-based marketing or data collection. Mozilla as an open source foundation is more likely to promote such a feature than corporations like Google whose business is based on advertising – having said which, Mozilla’s income comes to a large extent from Google thanks to search revenue, which is paid for ultimately by advertising. It’s complex.

Google Native Client: browser apps unleashed, or misconceived and likely to fail?

Last week Google integrated Native Client into the beta of Chrome 14. Native client lets you compile C/C++ code to run in the browser. It depends on a new plug-in API called Pepper. These are open source projects sponsored by Google and implemented in the Chrome browser, and therefore also likely to turn up in Chrome OS which is an operating system in which all apps run in the browser.

Native Client is cool. For example, NaCLBox lets you run old DOS games in the browser by porting DOSBox to Native Client.

image

Another project is Qt for Google Native Client, a project currently in development. Qt is an excellent and popular GUI and application framework which would speed development of Native Client apps as well as enabling many existing applications to be ported.

It is also worth mentioning that Native Client provides another way to run .NET code in the browser, via Mono with NaCl support.

Why Native Client? Google’s vision, or at least the part of it that focuses on Chrome OS rather than Android, is that everything runs on the Internet and in the browser, making the local operating system unimportant and easily replaced. Native Client removes any performance compromises in managed languages such as JavaScript, ActionScript or Java, as well as easing migration for businesses with existing C/C++ code.

Writing native code for the browser is nothing new. Both Microsoft’s ActiveX and the NPAPI plug-in API used by non-Microsoft browsers let you extend the browser with native code. However Native Client is seamless for the user; you do not have to install any additional plug-in. The main limitation is that Native Client applets do not have access to the local operating system, for security reasons.

It is also worth noting that Native Client apps are not altogether cross-platform. They must be recompiled for different CPU instruction sets, with the current implementation supporting x86 and ARM though you have to compile two binaries. Google says it will support LLVM output to enable cross-platform binaries though this will impact performance.

But is Native Client secure? That is an open question. Google was aware of the security challenge from the beginning of the project. Unlike the plug-in mechanisms which rely mainly on trust in developer competence and signed code to verify the origin of the plug-in or ActiveX control, Native Client inspects the actual code for unsafe instructions before allowing it to run. There is also an “outer sandbox” which intercepts system calls.

However, adding any new way for code to run makes the browser less secure. Google ran a Native Client Security Contest to help identify vulnerabilities, and the contestants did not have any problem finding security flaws. Of course all of these discovered flaws will have been fixed, but there may be others and likely will be.

And is Native Client necessary? The latest JIT-compiled JavaScript engines are fast enough to enable most types of application to run at a satisfactory speed. This is not just about performance though; it is about reusing existing skills, libraries and applications. There is no doubt that Native Client is nice to have; whether its benefits outweigh the risks is harder to judge.

The last question, which may prove the most significant, is political. Google has forged ahead on its own with Native Client, saying as vendors always do that it hopes it will become a web standard. In the early days of the project, it looked like a Native Client plug-in might enable the feature in other browsers, but abandoning NPAPI for Pepper makes this difficult. Will other browser vendors support Native Client?

Here is a comment from Google’s Ian NI-Lewis that I find remarkable:

As you probably know, the rule in Web standards is "implementation wins." So we’re concentrating on getting a good quality implementation out the door. We’re doing that in Chrome. That doesn’t mean that NaCl is intended to be "Chrome only," just that we have to start somewhere.

So Native Client is non-standard, and therefore less interesting than HTML 5 until either Google has a Microsoft-Office-like de facto monopoly of web browsers, or it persuades Mozilla, Microsoft and Apple to support it.

That said, you can think of Chrome as an installable runtime in the same way as the Java Virtual Machine or Adobe Flash, just a potentially more intrusive one. Here is our app, you have to install the free Chrome browser to use it. If this happens to any great extent, I can foresee other browser makers hastening to support it.

Mozilla to take on the cross-platform app challenge

Mozilla is facing an uncertain future. Its problem: basing a business (even a non-profit one) on being the alternative to Microsoft’s Internet Explorer is no longer sensible, given that Apple and Google are now doing this too, and even Microsoft is now investing in HTML 5. I discussed these issues in more detail here.

So what is Mozilla to do? Mozilla Chair Mitchell Baker has posted about a possible new approach, based on being the alternative to Apple for apps. She lists some of the problems with the current “app experience”. Apps are device-specific, require permission at many levels, and a few App Store owners (mainly Apple but also Google) control the business model and customer relationships.

Mozilla is proposing what I presume is a new app platform, which will be cross-platform and cross-device. Instead of discovering apps in a single app store, she envisages multiple providers and the ability to find apps in the same way we find web content.

In other words, if the old Mozilla was about freedom from Microsoft and allowing web technology to progress, the new Mozilla might be about freedom from Apple and allowing app technology to progress.

It is a bold vision and one that in principle would be welcome. That said, Mozilla cannot change the control Apple has over its platform, and its insistence that apps are installed only through its own App Store. Maybe she has in mind a cross-platform toolkit, or browser-based apps, or some combination.

Another snag is that whereas there was widespread dissatisfaction with Microsoft’s Internet Explorer back in 2004 when Firefox was launched, this is not the case with Apple and its app platform today. Apple’s App Store system undoubtedly has a dark side, but the user experience is good and developers are making money, some of them at least. Apple’s control over app installation and the constraints imposed on what apps can do are also good for security.

Nevertheless, having looked at a number of cross-platform mobile toolkits, from PhoneGap to Appcelerator Titanium to Adobe AIR, I can see both the significance of this kind of development and that there is plenty of scope for improvement.

Android only 23% open says report; Linux, Eclipse win praise

Vision Mobile has published a report on what it calls the Open Governance Index. The theory is that if you want to measure the extent to which an open source project is really open, you should look at its governance, rather than focusing on the license under which code is released:

The governance model used by an open source project encapsulates all the hard questions about a project. Who decides on the project roadmap? How transparent are the decision-making processes? Can anyone follow the discussions and meetings taking place in the community? Can anyone create derivatives based on the project? What compliance requirements are there for creating derivative handsets or applications, and how are these requirements enforced? Governance determines who has influence and control over the project or platform – beyond what is legally required in the open source license.

The 45-page report is free to download, and part-funded by the European Union Seventh Framework Program. It is a good read, covering 8 open source projects, including the now-abandoned Symbian Foundation. Here is the result:

Open Governance Index (%open)
Eclipse 84%
Linux 71%
WebKit 68%
Mozilla 65%
MeeGo 61%
Symbian 58%
Qt 58%
Android 23%

The percentages are derived by analysing four aspects of each project.

  • Access covers availability of source code and transparency of decisions.
  • Development refers to the transparency of contributions and acceptance processes.
  • Derivatives covers constraints on use of the project, such as trademarks and distribution channels.
  • Community structure looks at project membership and its hierarchy.

What is wrong with Android? I am not sure how the researchers get to 23%, but it scores badly in all four categories. The report observes that the code to the latest “Honeycomb” version of Android has not been published. It also has this to say about the Open Handset Alliance:

When launched, the Open Handset Alliance served the purpose of a public industry endorsement for
Android. Today, however, the OHA serves little purpose besides a stamp of approval for OHA
members; there is no formal legal entity, no communication processes for members nor frequent
member meetings.

By contrast, Eclipse and Linux are shining lights. MeeGo and Mozilla are also praised, thought the report does mention Mozilla’s “Benevolent dictators”:

In the case of conflicts and disputes, these are judged by one of two Mozilla “benevolent dictators” – Brendan Eich for technical disputes and Mitchell Baker for non-technical disputes.

Qt comes out OK but has a lower score because of Nokia’s control over decision making, though it sounds like this was written before Nokia’s Windows Mobile revolution.

WebKit scores well though the report notes that most developers work for Apple or Google and that there is:

Little transparency regarding how decisions are made, and no public information provided on this

Bearing that in mind, it seems odd to me that WebKit comes above Mozilla, but I doubt the percentages should be taken too seriously.

It is good to see a report that looks carefully at what it really means to be open, and the focus on governance makes sense.

Mozilla CEO fearful of closed mobile platforms. So what next for Mozilla and Firefox?

What next for Mozilla? Tristan Nitot, president of Mozilla Europe, posts about some of the issues facing the open source browser project and Foundation. His list is not meant to be a list of problems for Mozilla exactly, but it does read a bit like that, especially the third point:

Google marketing budgets for Chrome are much larger than Mozilla’s annual revenue.

though he does not mention how much of Mozilla’s income actually comes from Google. The Foundation’s last published figures are from 2009, and show that most of Mozilla’s income is from deals with search providers, and while it is not specified, both common sense and evidence from previous years tells us that most of that is from Google.

Chrome is a mighty competitor on the PC, but here at least Mozilla has a large and established base of users. That is not so on mobile, and this is even more challenging, as Nitot notes:

In the mobile space, not all platforms enable the user to choose what Web browser to use. This trend may also be coming to the PC world with Chrome OS, which only runs Chrome.

He also refers to a recent interview in which CEO Ben Kovacs talks about why there is no Firefox for Apple iOS:

The biggest challenge is to get access to the lowest level of the device, these open platforms are not quite open, which is why we are worried about it, you don’t have the true open web.

He adds:

It frightens me, it frightens me from a user point of view, I am not allowed to choose.

It is hard to see how Safari will not always be the browser for iOS, and while Mozilla has better chances on Android, it is hard to see how Google’s stock browser will not always dominate there.

At a browser engine level, Mozilla has lost out to WebKit, which is used by Apple Safari, Google Chrome, RIM Playbook and HP WebOS. Microsoft’s Windows Phone 7 uses Internet Explorer.

What can Mozilla do? Well, it seems that Mozilla executives have in mind to go beyond the browser into the world of apps. Kovacs hints at this in the interview above. In another post, the Chair of the Foundation Mitchell Baker says:

… the browser is no longer the only way people access the Internet. People also use more focused “apps” to do discrete tasks, and often feel a strong sense of attachment to the apps and the app model. This is an exciting addition. Mozilla should embrace some aspects of the current app model in addition to the browser model.

Therefore we find Firefox Home in Apple’s App Store:

image

That said, it is not clear to me what sort of major contribution Mozilla can make in the app world, and the transition from browser company to app company would be a difficult one to pull off.

I cannot escape the thought that Mozilla’s time is passing. Its success was built not only on an excellent browser, but also on widespread dissatisfaction with Microsoft’s Internet Explorer and the stifling effect it was having on the progress of web standards. Firefox was a better browser, and gained disruptive momentum. In Germany Firefox currently has a 55% market share, according to Statcounter.

However, while Firefox is still a great desktop browser, Google and WebKit between them are now strongly advancing web standards, and even Microsoft is now talking up HTML 5. Mozilla has largely achieved its goal, leaving it now with an uncertain purpose.

It is good for web standards to have a powerful independent non-profit foundation, rather than having commercial giants like Google and Apple dominate, but in the end this has to be paid for either by a business model, or by sponsors. In this latter respect, IBM’s withdrawal of funding for Firebug author John Barton is not a good sign.

In retrospect, Mozilla was too slow to embrace mobile; but most of the developments which are now impacting the Foundation are outside its control. On a day when Apple has announced breathtaking profits, it is worth noting Kovacs remarks about the chilling effects of closed platforms on Mozilla’s work.

Browser wars heat up as Firefox 4 arrives

Just one week after the final release of Microsoft’s Internet Explorer 9, and here comes another major browser, Mozilla Firefox 4.

What’s new in Firefox? Performance, for one thing. There is a new JavaScript engine called JägerMonkey which is more effective than the old TraceMonkey – though TraceMonkey is still there – and there is hardware-accelerated graphics on Windows Vista and Windows 7 using Direct2D, and on Windows and Mac Direct3D or OpenGL are used to speed page composition.

On the appearance side, Mozilla has streamlined the user interface with tabs above the address bar, sorry Awesome Bar, and reduced the number of buttons. By default there are no menus visible, and you are meant to use the Firefox button at top left:

image

I was disconcerted not to find the Tools menu here and one of the first things I did was to show the menu bar, though it does spoil the new UI design.

Firefox is also coming to Android and Maemo devices, and a great feature called Sync will synchronize bookmarks, tabs, passwords and history across all the devices you use.

There is also a new privacy feature called Do not track. This is a way of telling websites that you do not wish to be tracked. Tracking is used by web advertisers to send ads based on your browsing history as seen by that advertiser. Since many websites have scripts served by the same ad agency, this can be considerable. The feature does not block tracking, but only requests not to be tracked. It is off by default and buried in Advanced options, so will probably not be very effective.

image

Firefox is an excellent browser, with many more features than I have mentioned above. A few observations though.

The new features in Firefox 4 echo many of the few features in Internet Explorer 9, which in turn echoes some of the themes in Chrome. However on my system IE9 seems to be a little faster than Firefox 4, the user interface is more polished in my opinion, and the tracking protection in IE9 is more effective since it does actually block tracking.

Then again, there are Firefox add-ons that also block tracking; and in general Firefox seems to have the best range of available add-ons, which could well be the deciding factor for many users.

Firefox 4 still has a separate search box, and in principle I like this. I find it annoying that IE9 and Chrome intermingle searches and URLs in one box. I suspect though that I am in a minority of users. If you switch between browsers, you can find yourself typing searches in the Awesome Bar anyway, though habit, so I am guessing Mozilla will cave in and combine them eventually.

Mozilla is a non-profit organisation with a strong open source and community ethos and that also may be enough reason to use Firefox.

It does face intense competition now though, and it must be a concern that its income comes largely from:

search functionality included in our Firefox product through all major search partners including Google, Yahoo, Yandex, Amazon, Ebay and others.

which in practice is mostly from Google, which has a competing browser.

Personally I think Mozilla will struggle to maintain market share for Firefox; though version 4 is having a good launch complete with a delightful Twitter party

image

and a pretty download stats counter which is currently on 2.75 million and climbing fast.

image

Google Chrome Mac and Linux arrives – may hurt Firefox more than Safari

Today Google announced that Chrome for Mac and Linux is now fully released:

Since last December, we’ve been chipping away at bugs and building in new features to get the Mac and Linux versions caught up with the Windows version, and now we can finally announce that the Mac and Linux versions are ready for prime time.

The two big stories in the browser world right now are the decline of Microsoft Internet Explorer (though it still commands more than half the market  in most stats that I see) and the rise of Google Chrome. Why do users like it? From what I’ve seen, they like the performance and the usability. In fact, Chrome would make a great case study on why these factors count for more than features in user satisfaction. That said, I’ve been using Chrome on the Mac today and while it starts up more quickly than Safari, performance overall seems similar and I doubt there will be a huge rush to switch.

In the stats for ITWriting.com, I’ve seen steadily increasing Chrome usage:

  • July 2009: 4.2%
  • October 2009: 4.6%
  • January 2010: 9.6%
  • May 2010: 13.7%

So far this month, IE is down to 35.3% in the stats here, behind Firefox at 35.9%.

These figures are not representative of the internet as a whole, though I’d argue that it does represent a technical readership which may well be a leading indicator.

Chrome seems to be gradually taking market share from all the major browsers, though IE is doing so badly that any defections from Firefox to Chrome are more then made up by IE defectors to Firefox, if I’m interpreting the stats correctly. This won’t always be the case though, and Mozilla is vulnerable because unlike Microsoft or Apple the browser is the core of its business.

There is also a sense in which Chrome competes with Firefox for the user who has decided not to use the browser that comes with the operating system.

Chrome is strategically important to Google, not just as a browser, but as a platform for applications. It hooks into the Web Store announced at the recent Google I/O conference, and it will soon be easy to create browser applications that run offline. Google has the financial muscle to market Chrome. I’d also suggest that the momentum behind other projects, especially Android but also Google Apps, will indirectly benefit the browser.

On the Mac, it is worth noting that both Safari and Chrome use the same open source WebKit project, sponsored by Apple, which I guess is more interesting now that Google and Apple are competing fiercely in mobile.