22 Aug 2025

feedPlanet Mozilla

The Servo Blog: This month in Servo: new image formats, canvas backends, automation, and more!

Servo has smashed its record again in July, with 367 pull requests landing in our nightly builds! This includes several new web platform features:

Notable changes for Servo library consumers:

servoshell nightly showing the same things, but animated
<figcaption>texImage3D() example reproduced from texture_2d_array in the WebGL 2.0 Samples by Trung Le, Shuai Shao (Shrek), et al (license).</figcaption>

Engine changes

Like many browsers, Servo has two kinds of zoom: page zoom affects the size of the viewport, while pinch zoom does not (@shubhamg13, #38194). Page zoom now correctly triggers reflow (@mrobinson, #38166), and pinch zoom is now reset to the viewport meta config when navigating (@shubhamg13, #37315).

'image-rendering' property now affects 'border-image' (@lumiscosity, @Loirooriol, #38346), 'text-decoration[-line]' is now drawn under whitespace (@leo030303, @Loirooriol, #38007), and we've also fixed several layout bugs around grid item contents (@Loirooriol, #37981), table cell contents (@Loirooriol, #38290), quirks mode (@Loirooriol, #37814, #37831, #37820, #37837), clientWidth and clientHeight queries of grid layouts (@Loirooriol, #37917), and 'min-height' and 'max-height' of replaced elements (@Loirooriol, #37758).

As part of our incremental layout project, we now cache the layout results of replaced boxes (@Loirooriol, #37971, #37897, #37962, #37943, #37985, #38349), avoid unnecessary reflows after animations (@coding-joedow, #37954), invalidate layouts more precisely (@coding-joedow, #38199, #38057, #38198, #38059), and we've added incremental box tree construction (@mrobinson, @Loirooriol, @coding-joedow, #37751, #37957) for flex and grid items (@coding-joedow, #37854), table columns, cells, and captions (@Loirooriol, @mrobinson, #37851, #37850, #37849), and a variety of inline elements (@coding-joedow, #38084, #37866, #37868, #37892).

Work on IndexedDB continues, notably including support for key ranges (@arihant2math, @jdm, #38268, #37684, #38278).

sessionStorage is now isolated between webviews, and copied to new webviews with the same opener (@janvarga, #37803).

Browser changes

servoshell now has a .desktop file and window name, so you can now pin it to your taskbar on Linux (@MichaelMcDonnell, #38038). We've made it more ergonomic too, fixing both the sluggish mouse wheel and pixel-perfect trackpad scrolling and the too fast arrow key scrolling (@yezhizhen, #37982).

You can now focus the location bar with Alt+D in addition to Ctrl+L on non-macOS platforms (@MichaelMcDonnell, #37794), and clicking the location bar now selects the contents (@MichaelMcDonnell, #37839).

When debugging Servo with the Firefox devtools, you can now view requests in the Network tab both after navigating (@uthmaniv, #37778) and when responses are served from cache (@uthmaniv, #37906). We're also implementing the Debugger tab (@delan, @atbrakhi, #36027), including several changes to our script system (@delan, @atbrakhi, #38236, #38232, #38265) and fixing a whole class of bugs where devtools ends up broken (@atbrakhi, @delan, @simonwuelker, @the6p4c, #37686).

WebDriver changes

WebDriver automation support now goes through servoshell, rather than through libservo internally, ensuring that WebDriver commands are consistently executed in the correct order (@longvatrong111, @PotatoCP, @mrobinson, @yezhizhen, #37669, #37908, #37663, #37911, #38212, #38314). We've also fixed race conditions in the Back, Forward (@longvatrong111, @jdm, #37950), Element Click (@longvatrong111, #37935), Switch To Window (@yezhizhen, #38160), and other commands (@PotatoCP, @longvatrong111, #38079, #38234).

We've added support for the Dismiss Alert, Accept Alert, Get Alert Text (@longvatrong111, #37913), and Send Alert Text commands for simple dialogs (@longvatrong111, #38140, #38035, #38142), as well as the Maximize Window (@yezhizhen, #38271) and Element Clear commands (@PotatoCP, @yezhizhen, @jdm, #38208). Find Element family of commands can now use the "xpath" location strategy (@yezhizhen, #37783). Get Element Shadow Root commands can now interact with closed shadow roots (@PotatoCP, #37826).

You can now run the WebDriver test suite in CI with mach try wd or mach try webdriver (@PotatoCP, @sagudev, @yezhizhen, #37498, #37873, #37712).

2D graphics

<canvas> is key to programmable graphics on the web, with Servo supporting WebGPU, WebGL, and 2D canvas contexts. But the general-purpose 2D graphics routines that power Servo's 2D canvases are potentially useful for a lot more than <canvas>: font rendering is bread and butter for Servo, but SVG rendering is only minimally supported right now, and PDF output is not yet implemented at all.

Those features have one thing in common: they require things that WebRender can't yet do. WebRender does one thing and does it well: rasterise the layouts of the web, really fast, by using the GPU as much as possible. Font rendering and SVG rendering both involve rasterising arbitrary paths, which currently has to be done outside WebRender, and PDF output is out of scope entirely.

The more code we can share between these tasks, the better we can make that code, and the smaller we can make Servo's binary sizes (#38022). We've started by moving 2D-<canvas>-specific state out of the canvas crate (@sagudev, #38098, #38114, #38164, #38214), which has in turn allowed us to modernise it with new backends based on Vello (@EnnuiL, @sagudev, #30636, #38345):

What is a pixel?

Many recent Servo bugs have been related to our handling of viewport, window, and screen coordinate spaces (#36817, #37804, #37824, #37878, #37978, #38089, #38090, #38093, #38255). Symptoms of these bugs include bad hit testing (e.g. links that can't be clicked), inability to scroll to the end of the page, or graphical glitches like disappearing browser UI or black bars.

Windows rarely take up the whole screen, viewports rarely take up the whole window due to window decorations, and when different units come into play, like CSS px vs device pixels, a more systematic approach is needed. We built euclid to solve these problems in a strongly typed way within Servo, but beyond the viewport, we need to convert between euclid types and the geometry types provided by the embedder, the toolkit, the platform, or WebDriver, which creates opportunities for errors.

Embedders are now the single source of truth for window rects and screen sizes (@yezhizhen, @mrobinson, #37960, #38020), and we've fixed incorrect coordinate handling in Get Window Rect, Set Window Rect (@yezhizhen, #37812, #37893, #38209, #38258, #38249), resizeTo() (@yezhizhen, #37848), screenX, screenY, screenLeft, screenTop (@yezhizhen, #37934), and in servoshell (@yezhizhen, #37961, #38174, #38307, #38082). We've also improved the Web Platform Tests (@yezhizhen, #37856) and clarified our docs (@yezhizhen, @mrobinson, #37879, #38110) in these areas.

Donations

Thanks again for your generous support! We are now receiving 4691 USD/month (+5.0% over June) in recurring donations. This helps cover the cost of our self-hosted CI runners and one of our latest Outreachy interns!

Keep an eye out for further improvements to our CI system in the coming months, including ten-minute WPT builds and our new proposal for dedicated benchmarking runners, all thanks to your support.

Servo is also on thanks.dev, and already 22 GitHub users (−3 from June) that depend on Servo are sponsoring us there. If you use Servo libraries like url, html5ever, selectors, or cssparser, signing up for thanks.dev could be a good way for you (or your employer) to give back to the community.

4691 USD/month
10000

As always, use of these funds will be decided transparently in the Technical Steering Committee. For more details, head to our Sponsorship page.

22 Aug 2025 12:00am GMT

21 Aug 2025

feedPlanet Mozilla

The Mozilla Blog: What I learned when I stopped posting my life online, from a former influencer

Woman with orange hair in peach coat and floral bag standing by blooming tree.<figcaption class="wp-element-caption">During my influencer and blogging era, 2016. </figcaption>

This essay was originally published on The Sidebar, Mozilla's Substack.

I was an influencer years before it became mainstream in 2016. I shared my outfits on my fashion blog almost daily, along with recipes, travel itineraries, lifestyle photos, you name it. My blog upheld a twee aesthetic that I stuck to religiously. I made content (it wasn't called that yet), curated an aesthetic (it also wasn't called that yet) and blurred the lines between what was real and what was for the curated version of me. I was good at it and made money from sponsored content and paid ads. But I learned how overcurating can affect every part of your life.

I was always thinking about the shot I needed to get, if a restaurant was going to match my aesthetic, or if I needed to go thrifting to purchase new clothes because I had gone through most of my clothes in my previous blog posts. In the early 2010s, blogs that did well were a one-stop-shop for all lifestyle content. It was a lot of work, but that's what I strived for.

I was an influencer when the term was just "blogger" and things were slower, but I never felt that. I struggled to keep up even with caffeine pills, being in my early 20s with a lot of energy and finding out that I liked being online and enjoyed it there. But by the time the term "influencer" entered common conversations among coworkers and family, I was burnt out. I was over it, exhausted from overcurating my life. So I decided to stop posting.

Lesson 1: The best photos aren't staged

I kept my website up for a while, then shut it down completely. Going "offline," I found that the best photos are the ones that are not staged, and you will find yourself with the most beautiful pictures of yourself. Of course we all know this, we all want those curated photo dumps for Instagram and candid shots of us just looking carefree… but what I'm saying is stop asking for photos altogether. Let people take pictures of you unasked. The best photos of myself were during the years I was offline because I didn't think about any photos in the same way. These were pictures I didn't ask for, therefore I wouldn't have that many to choose from. It felt almost like film pictures I developed, I had to pick from one or two.

Lesson 2: Hobbies hit different

I also found that you have a lot more free time when you don't have to be online. I still scrolled sometimes, I still read blogs, I still downloaded TikTok in 2020, but I didn't feel the need to scroll in the same way. When I was offline, I was only scrolling for pleasure like finding videos of a Furbie cult or Calico Critters collector drama.

Going 'offline,' I found that the best photos are the ones that are not staged, and you will find the most beautiful pictures of yourself.

But when I was blogging, and when I got back online for Tiktok and my Substack, I was scrolling for strategy. I needed to know what current trends I should talk about or follow, and I felt if I missed something online it could hurt my credibility. When I stopped blogging, I almost didn't know what to do with my extra time - I'm a girl with hobbies and friends and I was in my 20s, so this says a lot! I spent so long curating my online presence, picking out outfits, planning photoshoots, and replying to emails (not even to mention actual blogging!) that I had SO much free time. I could actually focus on my hobbies… for me. I didn't need to take photos of everything nor look at the menu of the restaurant before I went. Over time I got used to it and loved it. I no longer had to collect stamps or postcards, which was just something I did for my blog. I even took up new hobbies, ones that couldn't be translated into my blog or online, like watching anime and learning how to work a grill. Camping was not aesthetic enough for my blog, though I still went when I was blogging. After quitting I felt like I could go more often, because there was no post being counted on that weekend. I could do whatever I wanted without the fear of "what will I post?"

Smiling woman in bright yellow dress with sunglasses standing in sunny green field.<figcaption class="wp-element-caption">In 2020, after I had been offline for a few years and before joining TikTok. </figcaption>

Lesson 3: Your personal style will change

It's been said that people can tell how much screentime you spend by how you dress, and I agree. If you are wearing everything trending, experimenting with the cutting edge micro trends and aesthetics, you are definitely online and probably online a lot. There is nothing wrong with that (besides overconsumption, but that is for a different topic), but when you exit an online space you exit those types of information. While blogging I was wearing tons of layers, everything pre-1980s vintage, and uncomfortable hats and fabrics. I bought my first pair of athletic leggings with pockets after I quit blogging and I wondered why I deprived myself of this type of comfort for so long. You will be dressing for you and those only physically around you, not other people online and not trying to go viral. It will be different and you should embrace that. It's a luxury not everyone has.

Lesson 4: You learn the things you actually enjoy, and those you don't

It took time to adjust to being offline, but those times might have been my happiest. Nothing felt calculated anymore. Once you stop posting, you're not in the public eye in the same way. I didn't worry if someone in my city recognized me at the grocery store in my pjs and hungover. I started being sillier. I decided to use some extra time I had to write more poetry and do readings at local venues. It took a while for me to realize this, but after I took down my blog there was no real trace of me. I could be anyone. I was just Lindsey. Not Lindsey the fashion blogger, just Lindsey.

I started being sillier. I decided to use some extra time I had to write more poetry and do readings at local venues. It took a while for me to realize this, but after I took down my blog there was no real trace of me. I could be anyone. I was just Lindsey. Not Lindsey the fashion blogger, just Lindsey.

Now you have permission to cut out what you don't really like. I hated selling vintage clothing, which was part of how I made money with my blog. I would buy so many clothes so I could wear new items in my posts. It was very time consuming. Vintage reselling can be exploitative and I didn't like that. I also really did not like the way I dressed anymore. My readers responded the best to very "true vintage" looks (all items at least 20 years old) and I had been over that for years. I liked vintage band tees, leopard print, and chain link necklaces at this point. When I wore different looks, my views went down. My collabs, how I made money, were usually with vintage-inspired fashion companies, so I couldn't change my look or I would lose money. I didn't feel like rebranding myself either. But I changed my style anyway.

When I quit blogging and influencing, I realized how unhappy I was. I was chasing cheap dopamine and working 24/7 to barely make ends meet, and while it was fun for a while, it was only for a while.

Around December 2023, I went back "online" and started posting regularly on TikTok. I told myself it would always be about the things I say, what I want to wear, and what I want to write - never chasing paid sponsorship or selling clothes to my followers. Although, you cannot escape thinking about the algorithm if you are online and making money and funding a career. But I know the boundaries and what life is like when I'm not creating content. I specifically choose not to do "influencing" when coming online again because when I'm not trying to sell myself to brands, I can truly be myself. For me, creating content is a job, not a lifestyle. Ultimately, I'm building a life I just want to be in - online or not.

Take control of your internet

Download Firefox

The post What I learned when I stopped posting my life online, from a former influencer appeared first on The Mozilla Blog.

21 Aug 2025 5:39pm GMT

Don Marti: building wealth the privacy way?

Previously: advertising personalization: good for you?

Looks like the Dubé et al. paper, a review of claimed benefits for personalized advertising, is making the rounds again. The Intended and Unintended Consequences of Privacy Regulation for Consumer Marketing by Jean-Pierre Dubé, John G. Lynch, Dirk Bergemann, Mert Demirer, Avi Goldfarb, Garrett Johnson, Anja Lambrecht, Tesary Lin, Anna Tuchman, Catherine E. Tucker. One argument that the paper makes against restricting personalized ads is that

Current regulations tend to favor high-income consumers with stronger privacy preferences.

We know that people have different preferences about personalized advertising and, of course, that some people have more money than others, but more research needs to be done to understand the connection between how much money someone has and how much value they put on privacy and personalized advertising.

The idea that more privilege of some kind leads to less tolerance for personalized ads seems implausible. Having more money makes your experience of personalized ads better. Personally, I'm well enough off that in an ad-supported context where I'm identifiable, I get pretty high-quality personalized ads on average. SaaS subscriptions, fancy conferences, sharp outfits-and far fewer of the deceptive offers that older and/or poorer people get, or that I get when less accurately targeted. If it were just about preferences being formed by users based on their current income or net worth, then the richer people should like the personalized ads more.

Other news and academic literature suggests a much more plausible cause and effect relationship. It's not that wealthier people choose privacy over personalization, but that people who choose privacy build more wealth. Although a typical personalized ad is likely to be somewhat better than a typical non-personalized ad-because an ad campaign with a creative budget is likely to also have a data budget-the benefits of personalization, of usually getting an ad that's better matched to you, are swamped by the risks of being more accurately targeted for a win-lose deal.

In a recent announcement, Google called turning off personalized ads a protection. If it's a protection, what are the users who don't get the personalized ads being protected from? One answer is that they're being protected from the kinds of targeted win-lose offers-for predatory finance, gambling, and deceptively sold products-that interfere with building wealth.

From a policy point of view it will be important to address the question: are people with more money choosing privacy, or are people who prefer privacy accumulating more money? If it's the first, then a lot of the Dubé et al. arguments would apply. But it it's the second, it would be counterproductive for a state to interfere with wealth-building by its residents by pursuing policies that make advertising personalization harder to avoid. More easily available privacy protections would tend to increase prosperity in that state in the future.

Large platform companies already have some data that would help understand this issue, because they have data or inferences about a user's age, net worth and privacy preferences. I suggest a research project.

This is another one of those questions that personalized ad advocates have the data to answer but somehow haven't.

More: A related study would be an easy experiment to support behavioral advertising (or not) which would look at individual consumer outcomes like purchase satisfaction instead of net worth changes over time.

Bonus links

Finish This Quickly. by George Tannenbaum. When I was a kid, Listerine used to spend millions advertising. I probably haven't seen an ad for Listerine for 25 years. If I go to one of the two remaining drug stores in America, CVS or Walgreens, they have a store brand that looks identical in every way to Listerine, yet it costs probably 40% less. All those millions Listerine used to spend justified spending more for Listerine. Now, I have no reason to. So I buy whatever's cheapest. Lack of advertising, short-term thinking, took Listerine (and hundreds of other brands) from a leader to a too-expensive parity.

Minnesota attorney general sues TikTok over harm to teens by Clay Masters, Nina Moini and Aleesa Kuznetsov. The lawsuit says TikTok has violated the law by designing features that can cause children to compulsively and excessively use the app such that they are mentally, physically and financially injured.

US (finally) issues warning about crypto ATMs by Bob Sullivan. As I mentioned, there really isn't a use case for these fast-proliferating devices. Well, there's one. When a criminal has a victim confused and manipulated, the fastest way to steal their money is to persuade them to drive to the nearest crypto ATM and feed the machines with $100 bills. I've talked to countless victims who've told me harrowing, tragic tales of crouching in the dark corner of a gas station, shoving money into one of these machines, terrified they are being watched. In fact, they aren't. Employees are told not to get involved. So victims drive away, their money stolen in the fastest way possible. The transfer is nearly instant, faster than a wire transfer, and irrevocable.

Meta receives 48 hour warning over illicit gambling ads in Brazil by Graeme Hanna. The parent company of Facebook, Instagram, and WhatsApp has been instructed to remove the content, following a search of Meta's ad library, which contained hundreds of active advertisements from profiles lacking the authority to promote gambling. (related: some ways that Facebook ads are optimized for deceptive advertising)

British father issues scam warning after common Google search almost costs him £30k by Arthur Parashar and Poppy Atkinson Gibson. Answered fairly quickly which I supposed should have been a red flag. Normally you end up on hold for a while.

Cannes Special: How Google's Ad Spam Secrecy Alienated A Generation Of Creators by Jonathan Bellack. Choosing secrecy over trust poisoned AdSense's publisher relationships. Google effectively treated every AdSense web site, even ones in good standing, as if they might actually be a covertly metastasizing spam monster straight out of John Carpenter's The Thing. If the spam algorithm caught your site in its dragnet, you were presumed guilty unless you could prove your innocence. This made Google look like the bad guy in four common situations….

21 Aug 2025 12:00am GMT

20 Aug 2025

feedPlanet Mozilla

This Week In Rust: This Week in Rust 613

Hello and welcome to another issue of This Week in Rust! Rust is a programming language empowering everyone to build reliable and efficient software. This is a weekly summary of its progress and community. Want something mentioned? Tag us at @thisweekinrust.bsky.social on Bluesky or @ThisWeekinRust on mastodon.social, or send us a pull request. Want to get involved? We love contributions.

This Week in Rust is openly developed on GitHub and archives can be viewed at this-week-in-rust.org. If you find any errors in this week's issue, please submit a PR.

Want TWIR in your inbox? Subscribe here.

Updates from Rust Community

Official
Newsletters
Project/Tooling Updates
Observations/Thoughts
Rust Walkthroughs
Miscellaneous

Crate of the Week

This week's crate is tur, a turing machine emulator with text-mode user interface.

Despite a lack of suggestions, llogiq is very pleased with his choice.

Please submit your suggestions and votes for next week!

Calls for Testing

An important step for RFC implementation is for people to experiment with the implementation and give feedback, especially before stabilization.

If you are a feature implementer and would like your RFC to appear in this list, add a call-for-testing label to your RFC along with a comment providing testing instructions and/or guidance on which aspect(s) of the feature need testing.

Let us know if you would like your feature to be tracked as a part of this list.

RFCs
Rust
Rustup

If you are a feature implementer and would like your RFC to appear on the above list, add the new call-for-testing label to your RFC along with a comment providing testing instructions and/or guidance on which aspect(s) of the feature need testing.

Call for Participation; projects and speakers

CFP - Projects

Always wanted to contribute to open-source projects but did not know where to start? Every week we highlight some tasks from the Rust community for you to pick and get started!

Some of these tasks may also have mentors available, visit the task page for more information.

No calls for participation this week

If you are a Rust project owner and are looking for contributors, please submit tasks here or through a PR to TWiR or by reaching out on X (formerly Twitter) or Mastodon!

CFP - Events

Are you a new or experienced speaker looking for a place to share something cool? This section highlights events that are being planned and are accepting submissions to join their event as a speaker.

No Calls for papers or presentations were submitted this week.

If you are an event organizer hoping to expand the reach of your event, please submit a link to the website through a PR to TWiR or by reaching out on X (formerly Twitter) or Mastodon!

Updates from the Rust Project

390 pull requests were merged in the last week

Compiler
Library
Cargo
Rustdoc
Clippy
Rust-Analyzer
Rust Compiler Performance Triage

Lots of noise/bimodality this week. Overall though no major performance impacting changes landed.

Triage done by @simulacrum. Revision range: 6355cd39..239e8b1b

1 Regressions, 3 Improvements, 7 Mixed; 4 of them in rollups 27 artifact comparisons made in total

Full report here

Approved RFCs

Changes to Rust follow the Rust RFC (request for comments) process. These are the RFCs that were approved for implementation this week:

Final Comment Period

Every week, the team announces the 'final comment period' for RFCs and key PRs which are reaching a decision. Express your opinions now.

Tracking Issues & PRs

Rust

No Items entered Final Comment Period this week for Rust RFCs, Cargo, Language Team, Language Reference or Unsafe Code Guidelines.

Let us know if you would like your PRs, Tracking Issues or RFCs to be tracked as a part of this list.

New and Updated RFCs

Upcoming Events

Rusty Events between 2025-08-20 - 2025-09-17 🦀

Virtual
Asia
Europe
North America
Oceania
South America

If you are running a Rust event please add it to the calendar to get it mentioned here. Please remember to add a link to the event too. Email the Rust Community Team for access.

Jobs

Please see the latest Who's Hiring thread on r/rust

Quote of the Week

It's amazing how far const eval has come in #Rust. It wasn't too long ago that even a simple if/else wasn't permitted. Now we're not that far off from having const trait impls and const closures, which will make damn near everything const capable.

- Jacob Pratt on Mastodon

llogiq has looked at all zero suggestions and came up empty, so he just chose this quote instead.

Please submit quotes and vote for next week!

This Week in Rust is edited by: nellshamrell, llogiq, cdmistman, ericseppanen, extrawurst, U007D, joelmarcey, mariannegoldin, bennyvasquez, bdillo

Email list hosting is sponsored by The Rust Foundation

Discuss on r/rust

20 Aug 2025 4:00am GMT

19 Aug 2025

feedPlanet Mozilla

Mozilla Thunderbird: Thunderbird Pro August 2025 Update

In April of this year we announced Thunderbird Pro, additional subscription services from Thunderbird meant to help you get more done with the app you already use and love. These services include a first ever email service from Thunderbird, called Thundermail. They also include Appointment, for scheduling meetings and appointments and Send, an end-to-end encrypted filesharing tool. Each of these services are open source, repositories are linked down below.

Thunderbird Pro services are being built as part of the broader Thunderbird product ecosystem. These services are enhancements to the current Thunderbird application experience. They are optional, designed to enhance productivity for users who need features like scheduling, file sharing and email hosting, without relying on the alternate platforms. For users who opt in, the goal is for these services to be smoothly integrated into the Thunderbird app, providing a natural extension of the familiar experience they already enjoy, enhanced with additional capabilities they may be looking for. For updates on Thunderbird Pro development and beta access availability, sign up for the mailing list at thundermail.com.

Progress So Far

Thundermail

Development has been moving steadily forward and community interest in Thundermail has been strong. The upcoming email hosting service from Thunderbird will support IMAP, SMTP and JMAP out of the box, making it compatible with the Thunderbird app and many other email clients. If you have your own domain, you'll be able to bring it in and host it with us. Alternatively, grab an email address provided by Thunderbird with your choice of @thundermail.com or @tb.pro as the domains. The servers hosting Thundermail will initially be located in Germany with more countries to follow in the future. Thunderbird's investment in offering an email service reflects our broader goal of strengthening support for open standards and giving users the option to keep their entire email experience within Thunderbird.

Thunderbird Appointment (Repo)

We originally developed the scheduling tool as a standalone web app. On the current roadmap, however, we're tightly integrating Appointment into the Thunderbird app through the compose window, allowing users to insert scheduling links without leaving the email workflow. It will be easy for organizations and individuals to self-host, fork and adapt the tool to their own needs. The future is for Appointment to support multiple meeting types, like Zoom calls, phone meetings, or in-person coffee chats. Each of these will have its own settings and scheduling rules.

One of the most requested future features is group scheduling, which would allow multiple team members to offer shared availability via a single link. The current calendar protocols don't fully support this flow, however Thunderbird is participating in discussions around open standards like VPOLL to help move things forward. Usability studies are helping refine the MVP and community feedback is shaping the roadmap.

Thunderbird Send (Repo)

A secure, end-to-end encrypted file sharing tool, built on Thunderbird app's existing Filelink feature. It supports large file transfers directly from the email client. This allows users to bypass platforms like Google Drive or OneDrive. Pro users will receive 500 GB of storage to start, with no individual file size limit, only constrained by their total quota. We're planning support for chunked uploads and encryption to ensure reliability and data protection. We'll deliver Send as a system add-on which lets the team push updates faster. This also avoids locking new capabilities behind major Thunderbird release cycles.

All Thunderbird Pro tools are open source and self-hostable. For users who prefer to run their own infrastructure or work in regulated environments, both Send and Appointment can be deployed independently. Thunderbird will continue to support these users with documentation and open APIs.

A Look Ahead

Thunderbird is exploring additional Pro features beyond the current lineup. While we've made no commitments yet, there is strong interest in adding markdown based Notes functionality, especially as lightweight personal knowledge management becomes more popular. Heavier lifts like collaborative docs or spreadsheets may follow, depending on adoption and sustainability.

Another worthy mention: a fourth, previously announced service called Assist, which will eventually enable users to take advantage of AI features in their day-to-day email tasks, is still in the research and development phase. It will not be part of the initial lineup of services. This initiative is a bigger undertaking as we ensure we get it right for user privacy and make sure the features included are actually things our users want. More to come on this as the project progresses.

To improve transparency and invite community collaboration, Thunderbird is also preparing a public roadmap covering desktop, mobile and Pro services. We're developing the roadmap in collaboration with the Thunderbird Council. Our goal is to encourage participation from contributors and users alike.

Free vs Paid

Adding these additional subscription services will never compromise the features, stability or functionality our users are accustomed to in the free Thunderbird desktop and mobile applications. These services come with real costs, especially storage and bandwidth. Charging for them helps ensure that users who benefit from these tools help cover their cost, instead of donors footing the bill.

Thunderbird Pro is a completely optional suite of (open source) services designed to provide additional productivity capabilities to the Thunderbird app and never to replace them. The current Thunderbird desktop and mobile applications are, and always will be, free. They will still heavily rely on ongoing donations for both development and independence.

If you haven't already, join our waiting list to be one of the early beta testers for Thunderbird Pro. While we don't have a specific timeline just yet, we will be sharing ongoing updates as development progresses.

-

Ryan Sipes
Managing Director, Product
Mozilla Thunderbird

The post Thunderbird Pro August 2025 Update appeared first on The Thunderbird Blog.

19 Aug 2025 6:54pm GMT

The Mozilla Blog: Fast, private and secure (pick three): Introducing CRLite in Firefox

We are pleased to announce that Firefox 142 will begin production usage of our brand new certificate revocation system known as CRLite. CRLite makes your browsing faster, more private, and more secure, and is a significant advancement to the state of the art for encryption on the internet.

Every day, billions of people rely on HTTPS to securely encrypt their communication with websites. This core protocol ensures both that you are communicating with the right website and that other parties can't spy on what you're doing. To make this work, websites obtain certificates from trusted organizations to prove to browsers like Firefox that they are who they say they are. However, mistakes happen: a certificate can be mis-issued to the wrong party, or compromised by a malicious actor. When this happens, the certificate must be revoked so that browsers know it is no longer trustworthy. Communicating this information to browsers is a surprisingly hard problem - all previous methods have had to make tradeoffs between privacy, security, and performance.

Mozilla stands for a web where users shouldn't have to make these tradeoffs - encryption, privacy and performance are cornerstones of our vision for the web, and it's our mission to build technology that gives users all three without compromise.

CRLite represents a multiyear effort to deliver this vision with a comprehensive system that operates entirely on-device. This eliminates the need for online revocation checks, which both slow down page loads and leak the sites you're visiting to third parties on the network. Other browsers have deployed similar approaches, but these systems have only been able to store a small fraction of all revoked certificates, necessitating imperfect guesswork as to which ones are most important. CRLite is efficient enough to store all certificate revocations locally, requiring only 300KB per day of continuous updates to stay current.

CRLite uses a number of clever algorithms and techniques to achieve its performance, and we are grateful to all the individuals inside and outside Mozilla who contributed insight and code to make it all work. You can find more technical details in the accompanying Hacks post by lead engineer John Schanck, as well as in our recently published paper.

CRLite sets a new standard for revocation security that you'll only find in Firefox today. We're proud of that, but we actually hope it doesn't stay that way. Our mission is to make the internet safer for everyone, and that means we want to see this level of security deployed everywhere, not just in Firefox. We've designed CRLite to be easy for other browsers and internet clients to adopt or adapt, and look forward to comprehensive revocation checking becoming the norm everywhere.

Take control of your internet

Download Firefox

The post Fast, private and secure (pick three): Introducing CRLite in Firefox appeared first on The Mozilla Blog.

19 Aug 2025 4:04pm GMT

Hacks.Mozilla.Org: CRLite: Fast, private, and comprehensive certificate revocation checking in Firefox

Firefox is now the first and the only browser to deploy fast and comprehensive certificate revocation checking that does not reveal your browsing activity to anyone (not even to Mozilla).

Tens of millions of TLS server certificates are issued each day to secure communications between browsers and websites. These certificates are the cornerstones of ubiquitous encryption and a key part of our vision for the web. While a certificate can be valid for up to 398 days, it can also be revoked at any point in its lifetime. A revoked certificate poses a serious security risk and should not be trusted to authenticate a server.

Identifying a revoked certificate is difficult because information needs to flow from the certificate's issuer out to each browser. There are basically two ways to handle this. The browser either needs to ask an authority in real time about each certificate that it encounters, or it needs to maintain a frequently-updated list of revoked certificates. Firefox's new mechanism, CRLite, has made the latter strategy feasible for the first time.

With CRLite, Firefox periodically downloads a compact encoding of the set of all revoked certificates that appear in Certificate Transparency logs. Firefox stores this encoding locally, updates it every 12 hours, and queries it privately every time a new TLS connection is created.

You may have heard that revocation is broken or that revocation doesn't work. For a long time, the web was stuck with bad tradeoffs between security, privacy, and reliability in this space. That's no longer the case. We enabled CRLite for all Firefox desktop (Windows, Linux, MacOS) users starting in Firefox 137, and we have seen that it makes revocation checking functional, reliable, and performant. We are hopeful that we can replicate our success in other, more constrained, environments as well.

Better privacy and performance

Prior to version 137, Firefox used the Online Certificate Status Protocol (OCSP) to ask authorities about revocation statuses in real time. Certificate authorities are no longer required to support OCSP, and some major certificate authorities have already announced their intention to wind down their OCSP services. There are several reasons for this, but the foremost is that OCSP is a privacy leak. When a user asks an OCSP server about a certificate, they reveal to the server that they intend to visit a certain domain. Since OCSP requests are typically made over unencrypted HTTP, this information is also leaked to all on-path observers.

Having gained confidence in the robustness, accuracy and performance of our CRLite implementation, we will be disabling OCSP for domain validated certificates in Firefox 142. Sealing the OCSP privacy leak complements our ongoing efforts to encrypt everything on the internet by rolling out HTTPS-First, DNS over HTTPS, and Encrypted Client Hello.

Disabling OCSP also has performance benefits: we have found that OCSP requests block the TLS handshake for 100 ms at the median. As we rolled out CRLite, we saw notable improvements in TLS handshake times.

A graph showing "Median TLS Handshake Time (ms)" and "Revocation mechanism usage" over time. As the percentage of revocation checks performed with CRLite increases from 0% to 80%, the median TLS handshake time decreases from 56.4 ms to 39.9 ms.

Bandwidth requirements of CRLite

Users with CRLite download an average of 300 kB of revocation data per day: a 4 MB snapshot every 45 days and a sequence of "delta updates" in-between. (The exact sizes of snapshots and delta updates fluctuate day by day. You can explore the real data on our dashboard.)

To get a sense for how compact CRLite artifacts are, let's compare them with Certificate Revocation Lists (CRLs). A CRL is a list of serial numbers that each identify a revoked certificate from a single issuer. Certificate authorities in Mozilla's root store have disclosed approximately three thousand active CRLs to the Common CA Database. In total, these three thousand CRLs are 300 MB in size, and the only way to keep a copy of them up-to-date is to redownload them regularly. CRLite encodes the same dynamic set of revoked certificates in 300 kB per day. In other words, CRLite is one thousand times more bandwidth-efficient than daily CRL downloads.

Of course, no browser is performing daily downloads of all CRLs. For a more meaningful comparison, we can consider Chrome's CRLSets. These are hand-picked sets of revocations that are delivered to Chrome users daily. Recent CRLSets weigh in at 600 kB and include about 1% of all revocations (thirty-five thousand of the four million total). Firefox's CRLite implementation uses half the bandwidth, updates twice as frequently, and includes all revocations.

Including all revocations is essential for security as there is no reliable way today to distinguish security-critical revocations from administrative revocations. Roughly half of all revocations are made without a specified reason code, and some of these revocations are likely due to security concerns that the certificate's owner did not wish to highlight. When reason codes are used, they are often used in an ambiguous way that does not clearly map to security risk. In this environment, the only secure approach is to check all revocations, which is now possible with CRLite.

State-of-the-art blocklist technology

You may recall a series of blog posts on our experiments with CRLite back in 2020. We followed these experiments with successful deployments to Nightly, Beta, and 1% of Release users. But the bandwidth requirements for this early CRLite design turned out to be prohibitive.

We solved our bandwidth issue by developing a novel data structure-the "Clubcard" set membership test. Where the original CRLite design used a "multi-level cascades of Bloom filters", Clubcard-based CRLite uses a "partitioned two-level cascade of Ribbon filters". The "two-level cascade" idea was presented by Mike Hamburg at RWC 2022, and "partitioning" is an innovation of our own that we presented in a paper at IEEE S&P 2025 and a talk at RWC 2025.

Future improvements

We are working on making CRLite even more bandwidth efficient. We are developing new Clubcard partitioning strategies that will compress mass revocation events more efficiently. We are also integrating support for the HTTP compression dictionary transport, which will further compress delta updates. And we have successfully advocated for shorter certificate validity periods, which will reduce the number of CRLite artifacts that need to encode any given revocation. With these enhancements, we expect the bandwidth requirements of CRLite to trend down over the coming years, even as the TLS ecosystem itself continues to grow.

Our Clubcard blocklist library, our instantiation of Clubcards for CRLite, and our CRLite backend are freely available for anyone to use. We hope that our success in building fast, private, and comprehensive revocation checking for Firefox will encourage other software vendors to adopt this technology.

The post CRLite: Fast, private, and comprehensive certificate revocation checking in Firefox appeared first on Mozilla Hacks - the Web developer blog.

19 Aug 2025 4:03pm GMT

Firefox Developer Experience: Firefox WebDriver Newsletter 142

WebDriver is a remote control interface that enables introspection and control of user agents. As such it can help developers to verify that their websites are working and performing well with all major browsers. The protocol is standardized by the W3C and consists of two separate specifications: WebDriver classic (HTTP) and the new WebDriver BiDi (Bi-Directional).This newsletter gives an overview of the work we've done as part of the Firefox 142 release cycle.

Contributions

Firefox is an open source project, and we are always happy to receive external code contributions to our WebDriver implementation. We want to give special thanks to everyone who filed issues, bugs and submitted patches.

In Firefox 142, Sabina (sabina.zaripova) renamed Proxy capability class to ProxyConfiguration to avoid confusion with JavaScript Proxy.

Also, biyul.dev reverted a workaround for asyncOpenTime=0 in WebDriver BiDi and removed support for localize_entity from the localization module.

WebDriver code is written in JavaScript, Python, and Rust so any web developer can contribute! Read how to setup the work environment and check the list of mentored issues for Marionette, or the list of mentored JavaScript bugs for WebDriver BiDi. Join our chatroom if you need any help to get started!

General

Removed: FTP proxy support from WebDriver capabilities

Support for setting FTP proxy with WebDriver capabilities was completely removed.

Updated: the expiry value of the cookies set via WebDriver BiDi and WebDriver classic (Marionette)

The expiry value of all the cookies set via WebDriver BiDi and WebDriver classic (Marionette) is limited now to 400 days.

WebDriver BiDi

New: emulation.setLocaleOverride command

Implemented the new emulation.setLocaleOverride command which allows clients to override a locale in JavaScript APIs. As all the other emulation commands, the locale override can be applied to the list of browsing contexts or user contexts IDs.

Updated: the session.end command to resume the blocked requests

The session.end command was updated to resume all requests which were blocked by network interceptions.

Improved: support for setting proxy with browser.createUserContext command

Added support for host patterns like .mozilla.org in noProxy property and fixed a bug when setting a HTTP proxy wouldn't allow navigating to HTTPS URLs.

Bug fixes

Marionette

Updated: the WebDriver:AddCookie command to throw an error for sameSite=none and secure=false attributes

From now on, the WebDriver:AddCookie command will throw an error when a target cookie has sameSite=none and secure=false attributes.

Removed: the dialog text value from the unexpected alert open error message

The unexpected alert open error message will not contain anymore the dialog text value, since it is available via the data field.

19 Aug 2025 2:58pm GMT

The Rust Programming Language Blog: Demoting x86_64-apple-darwin to Tier 2 with host tools

In Rust 1.90.0, the target x86_64-apple-darwin will be demoted to Tier 2 with host tools. The standard library and the compiler will continue to be built and distributed, but automated tests of these components are no longer guaranteed to be run.

Background

Rust has supported macOS for a long time, with some amount of support dating back to Rust 0.1 and likely before that. During that time period, Apple has changed CPU architectures from x86 to x86_64 and now to Apple silicon, ultimately announcing the end of support for the x86_64 architecture.

Similarly, GitHub has announced that they will no longer provide free macOS x86_64 runners for public repositories. The Rust Project uses these runners to execute automated tests for the x86_64-apple-darwin target. Since the target tier policy requires that Tier 1 platforms must run tests in CI, the x86_64-apple-darwin target must be demoted to Tier 2.

What changes?

Starting with Rust 1.90.0, x86_64-apple-darwin will be Tier 2 with host tools. For users, nothing will change immediately; builds of both the standard library and the compiler will still be distributed by the Rust Project for use via rustup or alternative installation methods.

Over time, this target will likely accumulate bugs faster due to reduced testing.

Future

If the x86_64-apple-darwin target causes concrete problems, it may be demoted further. No plans for further demotion have been made yet.

For more details on the motivation of the demotion, see RFC 3841.

19 Aug 2025 12:00am GMT

Don Marti: habit power, technical power, political power

Three ways to increase privacy: habits, technology, politics. The options available have changed, but in general it's more effective to put some time into all three than to max out on one.

habit power: spend less time doing activities that can be surveilled. See you at the public library. This overlaps with the next one because one of the habits you can form is the habit of using a better-protected device like a properly set up laptop instead of a high-surveillance device like a mobile phone or smart TV. This one can only scale with the time put into it, and gets a multiplier effect when better technology and political options are available.

technical power: Choose tools and options to limit surveillance. Although the specific tools have changed, the general goal of breaking the surveillance loop is still the same. Sustained protection depends not just on stopping a particular act of surveillance, but on reducing the effectiveness of surveillance for driving conversions or other likely adverse outcomes. A lot of the effective privacy tips are about this one. Privacy tech is worth using, but used on its own is only going to get you into a protection vs. countermeasure game with the surveillance industry. We still need the other two.

political power: This one is getting a lot more interesting. Now that we have had one generation of state privacy laws, we know a lot more about what doesn't work. California built the privacy equivalent of a Strowger switch so that states that are late to privacy legislation can build the FTTH of privacy. We're also seeing juries do some of what legislatures can't, so developing a better understanding of how laws and the civil litigation process can best support each other to protect people. (RtK FTW IMHO) Memo to self: find better ways to let legislators in other states know about how well CCPA/CPRA are working for us here.

Combinations

Habit+technical: ScrollGuard is a new Android app that blocks short, infinite-scrolling videos on Instagram, Facebook, Reddit, and YouTube. (These are an ad inventory gold mine but a time suck.) You can still use the app to check a specific thing, but ScrollGuard should help you use it only for what you came to do. This doesn't directly provide any extra protection, but helps limit the amount of surveillance data collected by helping build better habits.

Bonus links

Investing in Ukraine's Defense Edge: A Conversation with Perry Boyle The biggest advantage you have as a Ukrainian startup is that you can have direct and constant product feedback loops from multiple combat units. Nothing like that exists anywhere else in the world. And your production costs tend to be 40 percent or less than what they would be in the European Union or the United States. You are both the low-cost producer and the innovator at the same time-that's really rare.

you do not have to use generative ai "art" in your blogs because there are websites where you can get real, nice images for free by Jenn Schiffer.

We will survive Google Zero by Manton Reece. Google Zero is slightly misunderstood. The problem is not that Google is nefarious in no longer sending traffic to your website. (They probably don't care very much one way or the other.) The real problem is you've depended on Google for your business. You've been obsessed with SEO and search ads for years, all built around a single search company.

Ghost makes it easier to publish to the social web by Neel Dhanesha. Ghost now uses the ActivityPub protocol, and publications can be natively distributed across social platforms like Bluesky, Threads, Mastodon, WordPress, Flipboard, and so on. Publishers will also get access to a built-in social feed - which looks a little bit like Substack's notes, except it shows posts across multiple platforms - through which they can both read other publications and follow what users are saying across the internet.

Curate your own newspaper with RSS by Molly White. Instead of letting platforms like Twitter or TikTok control what you see based on engagement metrics meant to prolong your time on the platform and subject you to endless ads, you can subscribe only to the sources and writers you want to read.

19 Aug 2025 12:00am GMT

18 Aug 2025

feedPlanet Mozilla

The Mozilla Blog: Firefox just got better for Chinese, Japanese and Korean speakers on Android

When Firefox users ask for better translation support, we make it happen.

Thanks to your feedback on Mozilla Connect, Firefox now supports Chinese, Japanese, and Korean (often referred to as CJK) translation, both on desktop and Android. That means millions more people can browse and translate the web in their language, without sending their content to the cloud.

"We saw so many requests on Mozilla Connect for CJK support," said Marco Castelluccio, engineering manager. "It was clear. This is what users wanted us to prioritize."

Translation without tracking

Unlike other browsers that send your content to the cloud for translation, Firefox handles everything locally on your device. That means more privacy, more control, and it even works offline once the language model is downloaded.

"Firefox automatically downloads the model once," explained Erik Nordin, software engineer. "After that, translations happen on your phone. The content never leaves your device, and Firefox does not track what you translate."

On-device translation requires efficiency. Mobile devices have limited memory and processing power, so the team developed smarter translation algorithms that prioritize the content you're actually reading.

"If you're only reading the top of a long page, Firefox won't waste time and energy translating the whole thing," Erik said.

This approach is part of Mozilla's broader mission to build technologies that respect your privacy by design. No compromises.

We took our time to get it right

Chinese, Japanese and Korean use characters, grammar and sentence structures that vary significantly from Latin-based languages.

"Our earlier translation algorithms were not able to handle writing scripts that do not insert a space character between sentences," Erik said. "CJK languages required us to rethink both the architecture and how we algorithmically segment text."

And there's simply less open-source data available to train CJK translation models compared to European languages.

"Our models are trained completely on publicly available data," said Marco. "That's important for transparency, but it also means it's harder to find enough good-quality examples for CJK languages."

To make things even trickier, Firefox translation works locally. That means the models had to be smart enough to handle these complex languages and lightweight enough to run on mobile phones.

"We had to rework our algorithms to make translation feel faster and more responsive," Erik said. "Now, Firefox prioritizes the part of the page you're looking at instead of translating everything at once."

To overcome these challenges, the team upgraded their machine learning models, overhauled the sentence segmentation pipeline, and optimized performance to ensure a smooth experience - especially on older and low-end Android devices.

What stuffed mushrooms taught us about machine learning

Mozilla engineers don't speak every language we support. That's why we leaned on the community and our collegues to help test CJK translation before launch. Volunteers tried out early versions in Firefox Nightly and flagged issues.

"That feedback was gold," Erik said. "It helped us tweak the models and make sure the translations made sense in real-world use."

And it was essential. Neither Marco nor Erik speaks any of the CJK languages. (Marco speaks Italian and English, and Erik is fluent in English with conversational Spanish.) To validate accuracy, they relied on community testers, Mozillians fluent in Chinese, Japanese or Korean, and members of MozAPI, Mozilla's resource group for Asian and Pacific Islander employees.

"One tester pointed out a restaurant menu item translating 'stuffed mushrooms' as a plush toy," Erik laughed. "It was a great reminder of how nuanced language can be."

"We can measure accuracy with automated tools," Erik added, "but there's no substitute for a native speaker saying, 'Yeah, that sounds right,' or 'Actually, this reads a little strange.'"

Try Chinese, Japanese and Korean translation now built into Firefox

CJK translation is already making a difference. Since launching support on desktop, Firefox has more than doubled active translation users in Asia. With Android support now rolling out in Firefox, even more people can experience the web in their language, safely and privately.

Update to the latest version of Firefox for Android or desktop to start using CJK translation. Then, tap the translate icon when you visit a page in Chinese, Japanese or Korean. Firefox will do the rest, right on your device. For a list of all the translations available on Firefox, visit here.

Take control of your internet

Download Firefox

The post Firefox just got better for Chinese, Japanese and Korean speakers on Android appeared first on The Mozilla Blog.

18 Aug 2025 8:54pm GMT

15 Aug 2025

feedPlanet Mozilla

Mozilla Addons Blog: Introducing the Firefox Extension Developer Awards Program

At Firefox, we deeply value the incredible contributions of our add-ons developer community. Your creativity and innovation are instrumental in making Firefox a more personalized and powerful browsing experience for millions of users worldwide.

Today, we're thrilled to announce a new program designed to recognize and celebrate the developers who have made an outstanding impact on our ecosystem: the Firefox Extension Developer Awards Program!

Extensions play a vital role in enhancing the Firefox user experience. Almost 40% of Firefox users have installed at least one add-on, making it clear that our thriving ecosystem, supported by 10,000 active developers, is an essential component of the Firefox experience. While all developers contribute to the diversity and depth of the ecosystem, there are a number of popular extensions responsible for significant positive impact. This program aims to acknowledge and reward these developers for their significant contributions.

The Awards: A Token of Our Appreciation

Inspired by programs like YouTube's creator awards, we've partnered with Aparat Design, to create a unique Mozilla inspired trophy for eligible award recipients.Firefox add-on developer award trophyThe award will be engraved with the name of the extension and finished with a different color based on the milestone it has achieved. This is a unique and exclusive opportunity available only to Firefox extension developers.

Milestone Tier Average Daily Active Users
Platinum Over 10 million
Gold Over 5 million
Silver Over 1 million
Bronze Over 500,000

How the program works

All Firefox extensions listed on AMO (addons.mozilla.org) are eligible for an award, so long as requisite user thresholds are reached and the content is compliant with Add-on Policies.

Each quarter, our team will identify new extensions that meet the award criteria and maintain a good standing with Firefox.

We're incredibly excited about the Firefox Extension Developer Awards Program and look forward to celebrating your achievements! Stay tuned to this very blog for the announcement of our inaugural round of award recipients.

The post Introducing the Firefox Extension Developer Awards Program appeared first on Mozilla Add-ons Community Blog.

15 Aug 2025 10:51am GMT

14 Aug 2025

feedPlanet Mozilla

Mozilla Privacy Blog: Is Germany on the Brink of Banning Ad Blockers? User Freedom, Privacy, and Security Is At Risk.

Across the internet, users rely on browsers and extensions to shape how they experience the web: to protect their privacy, improve accessibility, block harmful or intrusive content, and take control over what they see. But a recent ruling from Germany's Federal Supreme Court risks turning one of these essential tools, the ad blocker, into a copyright liability - and in doing so, threatens the broader principle of user choice online.

Imagine you are watching television and you go to the kitchen for a snack during an ad break. Or you press the fast-forward button to skip some ads while listening to a podcast. Or perhaps you get a newspaper delivered to your house, and you see that it includes a special section made up of hallucinated AI content, so you drop the inset into the trash before taking the rest of the paper inside. Were these acts of copyright infringement? Of course not. But if you do something like this with a browser extension, a recent decision from the German Federal Supreme Court suggests that maybe you did infringe copyright. This misguided logic risks user freedom, privacy, and security.

There are many reasons, in addition to ad blocking, that users might want their browser or a browser extension to alter a webpage. These include changes to improve accessibility, to evaluate accessibility, or to protect privacy. Indeed, the risks of browsing range from phishing, to malicious code execution, to invasive tracking, to fingerprinting, to more mundane harms like inefficient website elements that waste processing resources. Users should be equipped with browsers and browser extensions that give them both protection and choice in the face of these risks. A browser that inflexibly ran any code served to the user would be an extraordinarily dangerous piece of software. Ad blockers are just one piece of this puzzle, but they are an important way that users can customize their experience and lower risks to their security and privacy.

The recent court ruling is the latest development in a legal battle between publisher Axel Springer and Eyeo (the maker of Adblock Plus) that has been winding its way around the German legal system for more than a decade. The litigation has included both competition and copyright claims. Until now Eyeo has largely prevailed and the legality of ad blockers has been upheld. Most significantly, in 2022, the Hamburg appeal court ruled that Adblock Plus did not infringe the copyright of websites but rather was merely facilitating a choice by users about how they wished their browser to render the page.

Unfortunately, on July 31, the German Federal Supreme Court partially overturned the decision of the Hamburg court and remanded the case for further proceedings. The BGH (as the Federal Supreme Court is known) called for a new hearing so that the Hamburg court can provide more detail regarding which part of the website (such as bytecode or object code) is altered by ad blockers, whether this code is protected by copyright, and under what conditions the interference might be justified.

The full impact of this latest development is still unclear. The BGH will issue a more detailed written ruling explaining its decision. Meanwhile, the case has now returned to the lower court for additional fact-finding. It could be a couple more years until we have a clear answer. We hope that the courts ultimately reach the same sensible conclusion and allow users to install ad blockers.

We sincerely hope that Germany does not become the second jurisdiction (after China) to ban ad blockers. This will significantly limit users' ability to control their online environment and potentially open the door to similar restrictions elsewhere. Such a precedent could embolden legal challenges against other extensions that protect privacy, enhance accessibility, or improve security. Over time, this could deter innovation in these areas, pressure browser vendors to limit extension functionality, and shift the internet away from its open, user-driven nature toward one with reduced flexibility, innovation, and control for users.

The post Is Germany on the Brink of Banning Ad Blockers? User Freedom, Privacy, and Security Is At Risk. appeared first on Open Policy & Advocacy.

14 Aug 2025 5:56pm GMT

Mozilla Thunderbird: Thunderbird Monthly Development Digest – July 2025

Hello again from the Thunderbird development team! As the northern hemisphere rolls into late summer and the last of the vacation photos trickle into our chat channels, the team is balancing maintenance sprints with ongoing feature-related projects. Whether you're basking in the sun or bundled up for a southern winter, we've got plenty to share about what's been happening behind the scenes, and what's coming next.

Exchange support

It's been a whirlwind of progress since our last update and with the expanded team collaborating regularly. It has felt like we've hit our stride and the finish line is in sight. Driven by a dramatic increase in automated test coverage, the team has been able to detect gaps and edge cases to help improve many areas of the existing code, and close out a good number of bugs.

As we ready the feature set for wider release, we've taken the opportunity to revisit the backlog and feel confident enough with our pace to prioritize a few features and address them sooner than originally planned.

The July roadmap worked out very well, with our planned features landing and a number of bonus items also complete:

Items we've prioritized for the next few weeks are:

Keep track of feature delivery here.

Account Hub

A few users have reported issues following end user adoption of this feature, so we're addressing these while finalizing Account Hub for Address Book items, such as LDAP configuration. The team is also planning the implementation of telemetry which will help us determine areas for improvement in this important part of the application.

Global Message Database [Panorama]

The team has been focused on Exchange implementation and larger scale refactoring which isn't directly tied to this project, so no updates to note here. The next time I write will be during a work week that has been dedicated to "Conversation View", which is one of the key drivers for our database overhaul. Stay tuned for updates and decisions coming out of that collaboration.

To follow their progress, take a look at the meta bug dependency tree. The team also maintains documentation in Sourcedocs which are visible here.

Maintenance, Recent Features and Fixes

August is set aside as a focus for maintenance, with half our team dedicated to inglorious yet important items from our roadmap. In addition to these items, we've had help from the development community to deliver a variety of improvements over the past month:

If you would like to see new features as they land, and help us squash some early bugs, you can try running daily and check the pushlog to see what has recently landed. This assistance is immensely helpful for catching problems early.

-

Toby Pilling

Senior Manager, Desktop Engineering

The post Thunderbird Monthly Development Digest - July 2025 appeared first on The Thunderbird Blog.

14 Aug 2025 2:40pm GMT

13 Aug 2025

feedPlanet Mozilla

The Mozilla Blog: Driving towards a double bottom line, through participation and choice

The Mozilla logo in green on a black background

As global political landscapes shift, mission-driven organizations face a critical challenge: creating resilient models that deliver meaningful social impact and financial stability.

For over 25 years, Mozilla has worked to strike this balance across diverse political and economic climates. While Mozilla's structure is unique - a non-profit Foundation as the sole shareholder of multiple commercial subsidiaries - our approach to social impact doesn't only rely on our unique governance model. It also requires a portfolio-wide commitment to using technology development, industry influence and consumer power as a way to build meaningful alternatives.

From 2016 to 2024, we ran several advocacy programs focused on the consumer power piece of this equation. This post reflects back on this work with the hope that leaders of other social impact organizations can learn from the path that Mozilla has traveled. We focus on three concrete ways to create change by focusing on mobilizing consumer demand - for technology they love and trust, and for social impact.

Mozilla's advocacy history

Mozilla's advocacy philosophy centers on creating change by building technology with public support and participation. Mozilla Co-founder Mitchell Baker identified Mozilla's core strength as "advocacy through building technology, using an architecture of participation."

In the early 2000s, Mozilla channeled public frustration over Microsoft's growing monopolization of computing and the web, sparking both a consumer backlash and a cadre of open source projects aimed at creating alternatives.

These projects - and the responsible tech companies that many of them spawned - showed that you could push technology in a better direction by creating alternatives. Starting in 2016, we decided that Mozilla should not only continue to build alternatives but also that we should expand our efforts to include advocacy programs that invited the public to participate in this future, both in helping to define what alternatives should be built and to push on tech companies to do better.

This included three key strategies to increase and meet consumer demand for "trustworthy AI" and privacy-centric products.

Empowering consumers

Consumer power grows when and where we cultivate it. Where are consumer sentiment and commercial offerings out of sync? These intersections present a rich opportunity for mission-based organizations and companies to stand out and make a difference.

Beginning in 2017, our Mozilla team noted a large gap between consumer attitudes about privacy and market share for privacy-preserving products in the U.S. and elsewhere. When we asked our global community for insight, the same questions surfaced again and again: "Do products that respect consumer privacy exist?" and, "How can I tell if a product I own (or want to buy) respects my privacy?" Indeed, to our surprise, we couldn't find a comprehensive, accessible consumer guide on privacy-preserving tech!

We set out to address this gap by launching Mozilla's Privacy Not Included initiative. From 2017 to 2024, the Privacy Not Included team researched and evaluated the privacy and security practices of over 2,000 consumer technology products, platforms and apps. Their product reviews balanced accessibility and reliability, which translated into detailed reviews with a strong dose of snark and humor. We performed the research everyone knows they should do before using a product, but never does.

From a public engagement and empowerment perspective, Privacy Not Included was an instant success. It quickly reached millions of consumers globally through Mozilla platforms, social and traditional media as well as organic sharing. The guide's unique content drew more than a million unique visitors to Mozilla's website each year, while the project garnered more than 7,000 local, national and global media stories to date. Privacy Not Included also sparked ongoing, year-round engagement with our community as thousands of readers nominated products for review and thousands more rated products using our custom "creep-o-meter" rating system.

As the reach and visibility of Privacy Not Included grew, the project further empowered consumers by providing a platform to pressure companies to improve the privacy and security of products already in use. It was a natural evolution and connected easily with our other advocacy capabilities but, honestly, it wasn't something we planned ahead of time. Connecting our research and campaigns functions, the Mozilla Foundation regularly issued action alerts calling on companies with the lowest rated products to improve their products and policies right away. In response to our Privacy Not Included campaigns, companies reach out to us to complain, inquire, ask questions, and ultimately make significant improvements.

As proof of the impact: several large tech companies changed their product release schedule to ensure our team would review their updated products in the next issue of Privacy Not Included.

Privacy Not Included's research and public campaigns to date have sparked more than 150 improvements to consumer technology products used by billions. Among the most far-reaching changes resulted from our 2023 investigation into the data collection and data sharing by car manufacturers. Our researchers uncovered data collection and sharing by all 25 major car manufacturers, with many collecting vast amounts of personal information, including sensitive data like genetic information and sexual activity, and sharing it with third parties.

The report sparked widespread public outrage and media attention (over 900 press stories), and prompted further investigation by Senator Markey and the Federal Trade Commission (FTC). In response, the car manufacturer's association (The Alliance for Automotive Innovation) announced their support for federal data privacy legislation for the first time. Additionally, Toyota, Lexus and GM pledge to stop selling driver data to data brokers and to expand driver's ability to delete data. (There's now a court case pending in Nebraska based on this research)

Both by design and by accident, Privacy Not Included expanded its impact well beyond providing consumers with reliable, accessible information about the privacy (or not) in consumer technology products. Its research prompted meaningful, voluntary actions by companies unaccustomed to being investigated and called out for invasive features and practices. Today, "responsible technology" is increasingly the default expectation by consumers and a bar companies seek to meet.

Shaping products

Responsible products aren't always "born." More commonly, they evolve through incremental improvements including changes driven by consumer demand and relevant regulations. Trusted organizations can effectively surface, translate and mobilize public opinion to spark actionable changes by companies and policymakers.

Mozilla tackled each of these functions when we created a platform for consumers to share their experiences with YouTube's recommendation algorithm and participate in research to demonstrate what changes were needed to improve YouTube's safety.

Several years after the focus on social media's role in the spread of misinformation during the 2016 US election, questions started to emerge about the impact of YouTube's recommendation algorithm in viral misinformation. At the time, no significant independent research had been conducted to show whether - or how - misinformation was spreading on the platform. To learn more, we asked Mozilla supporters to tell us about their experience with video recommendations on YouTube and we received over 2,000 stories that highlighted specific instances in which people were recommended violent content or misinformation that did not relate to their previous viewing history or search.

These powerful stories compelled us to further examine YouTube's recommendation algorithm using research methods that would validate our concerns to spark action by Google and policymakers. In 2020, we launched "YouTube Regrets," a global crowdsourced research study analyzing data from more than 37,000 across 190 countries. Based on our extensive analysis of the data submitted from user sessions, we validated the platform's practice of recommending extreme content users had not requested. Our findings also highlighted striking differences between the volume and type of content recommended to users in the U.S. and other countries.

The YouTube Regrets research and crowdsourced methodology brought to life people's real-life experiences and gained widespread media attention, followed by extensive interest among global policymakers. Mozilla held extensive briefings with policymakers, including the EU Commission as it was crafting the EU Digital Services Act legislation introducing new and sweeping requirements for technology platforms. Our body of work on YouTube's recommendation algorithm - both the findings themselves and the gap in independent research to uncover platform issues - highlighted the need for transparency of technology platforms and independent researcher access to platform data.

In response to press inquiries and mounting consumer pressure, YouTube product leaders questioned the validity of our research findings and recommendations. However, the increased public scrutiny and our ongoing, direct conversations with YouTube leadership appeared to spark significant changes within YouTube. In 2021 and 2022, the company announced a series of voluntary changes to better surface "helpful" content and reduce recommendations based on engagement metrics alone.

The greatest changes came as a result of the passage of the EU Digital Services Act, which requires platforms like YouTube to grant independent researchers access to platform data to identify and advocate for improvements. Starting in 2023, YouTube opened its doors to independent researchers and research is underway. The "YouTube Regrets" research was cited in the Digital Services Act language, validating the need and impact of platform research of this kind. Mozilla's community-backed campaign not only succeeded in changing one powerful platform but also creating a groundswell of support for transparency across technology platforms.

Building alternatives

Sometimes, responsible alternatives simply don't exist and must be created from scratch. This option can be daunting but doable by mission-based organizations, particularly those with engaged communities. Building tech alternatives through the power of community is the "architecture of participation" in action

Mozilla undertook this approach when launching an initiative to address bias in voice recognition systems caused by limited training data. Beginning in 2017, Mozilla set out to build an open dataset of diverse voices through crowdsourcing and consensual data collection. The goal was to build a dataset of underserved languages, accents and ages in order to power equitable speech recognition technology. Today, Common Voice is the world's largest crowdsourced open speech dataset, and enables community and commercial projects to offer voice-enabled services in underrepresented languages.

Common Voice's dataset was created (and continues to grow) from thousands of hours of speech contributions from the Mozilla community and beyond. To engage Mozilla's existing and new supporters, we shared our vision of advancing equitable speech recognition technology and created a highly accessible platform to solicit contributions. Importantly, speech contributions and other volunteer activities do not require technical or AI expertise, making it highly accessible to a wide range of supporters. To date, we've collected over 33,000 hours of voice data in 300 languages contributed by more than 750,000 people.

With voice clips donated by volunteers on every continent Common Voice reflects real-world speech and centers underrepresented voices. It's more than just infrastructure - it's a movement for data dignity and linguistic justice, and proves that open data can be powerful, participatory, and global. The project is now being used to train machine learning models, so that AI all over the world is more inclusive.

Conclusion

Mozilla's three-pronged experiment in innovative advocacy strategies - empowering consumers, shaping products, and building alternatives - offers a potential model for mission-driven organizations that seek to create lasting social impact while maintaining financial growth. This strategy has shaken up the big tech landscape, and driven massive impact.

As the internet has transformed in the age of AI, so has Mozilla. Mozilla Foundation's advocacy work continues, with urgent campaigns on issues like surveillance tech. Mozilla Corporation and MZLA are transforming Firefox and Thunderbird for a new era through adoption of emerging technologies. Mozilla Ventures, an impact fund, is investing in dozens of founders and start-ups, seeding a new generation of companies committed to the Mozilla Manifesto. And Mozilla.ai, an AI incubator, aims to empower developers with trustworthy AI.

Mozilla's mission remains a double bottom line: advancing our manifesto and succeeding in the market, so we can do even more to build a better internet, and better AI, with people, for people.

Ashley Boyd was Mozilla Foundation's Senior Vice President, Global Advocacy from 2017-2024. Mark Surman is President of Mozilla Foundation.

The post Driving towards a double bottom line, through participation and choice appeared first on The Mozilla Blog.

13 Aug 2025 8:04pm GMT

Firefox Add-on Reviews: YouTube your way — browser extensions put you in charge of your video experience

YouTube wants you to experience YouTube in very prescribed ways. But with the right browser extension, you're free to alter YouTube to taste. Change the way the site looks, behaves, and delivers your favorite videos.

Return YouTube Dislike

Do you like the Dislike? YouTube removed the display that revealed the number of thumbs-down Dislikes a video has, but with Return YouTube Dislike you can bring back the brutal truth.

"Does exactly what the name suggests. Can't see myself without this extension. Seriously, bad move on YouTube for removing such a vital tool."

Firefox user OFG

"i have never smashed 5 stars faster."

Firefox user 12918016

YouTube High Definition

Though its primary function is to automatically play all YouTube videos in their highest possible resolution, YouTube High Definition has a few other fine features to offer.

In addition to automatic HD, YouTube High Definition can…

YouTube NonStop

So simple. So awesome. YouTube NonStop remedies the headache of interrupting your music with that awful "Video paused. Continue watching?" message.

Works on YouTube and YouTube Music. You're now free to navigate away from your YouTube tab for as long as you like and not fret that the rock will stop rolling.

Unhook: Remove YouTube Recommended Videos & Comments

Instant serenity for YouTube! Unhook lets you strip away unwanted distractions like the promotional sidebar, endscreen suggestions, trending tab, and much more.

More than two dozen customization options make this an essential extension for anyone seeking escape from YouTube rabbit holes. You can even hide notifications and live chat boxes.

"This is the best extension to control YouTube usage, and not let YouTube control you."

Firefox user Shubham Mandiya

PocketTube

If you subscribe to a lot of YouTube channels PocketTube is a fantastic way to organize all your subscriptions by themed collections.

Group your channel collections by subject, like "Sports," "Cooking," "Cat videos" or whatever. Other key features include…

<figcaption class="wp-element-caption">PocketTube keeps your channel collections neatly tucked away to the side. </figcaption>

AdBlocker for YouTube

It's not just you who's noticed a lot more ads lately. Regain control with AdBlocker for YouTube.

The extension very simply and effectively removes both video and display ads from YouTube. Period. Enjoy a faster, more focused YouTube.

SponsorBlock

It's a terrible experience when you're enjoying a video or music on YouTube and you're suddenly interrupted by a blaring ad. SponsorBlock solves this problem in a highly effective and original way.

Leveraging the power of crowd sourced information to locate where-precisely- interruptive sponsored segments appear in videos, SponsorBlock learns where to automatically skip sponsored segments with its ever growing database of videos. You can also participate in the project by reporting sponsored segments whenever you encounter them (it's easy to report right there on the video page with the extension).

SponsorBlock can also learn to skip non-music portions of music videos and intros/outros, as well. If you'd like a deeper dive of SponsorBlock we profiled its developer and open source project on Mozilla Distilled.

We hope one of these extensions enhances the way you enjoy YouTube. Feel free to explore more great media extensions on addons.mozilla.org.

13 Aug 2025 6:04pm GMT