Firefox 72: Floating videos, blocking fingerprints, and defeating notification pop-ups

Beefy Firefox release despite new 4-weekly release cycle, but users stick stubbornly to Google Chrome

Updated Mozilla has aired a bunch of new features aimed at making web 2020 a little less unpleasant in its release of Firefox 72.

"Picture in picture" is a way to play videos, introduced in Firefox 71 for Windows only, but now available on macOS and Linux. Start a video playing and a blue button appears. Click it, and the video plays in a floating, chromeless window, small by default but resizable. Mozilla says it is ideal for, um, multitasking, like when you are hard at work but want to keep an eye on the score at a big game. Perhaps it could work for those dull keynote streams when there might be a big announcement.

Picture in Picture in Firefox 72, now available for Winddows, macOS and Linux

Picture in Picture in Firefox 72, now available for Windows, macOS and Linux

Another feature users will notice is the way those "this site wants to send you notifications" pop-ups are handled. The team says that 99 per cent of such notification permission prompts are not accepted. It has long been possible to block them completely, but this can work against you when you hit a messaging site, for example, where notifications can be useful. In Firefox 72, a speech bubble icon appears in the address bar. Nothing happens by default, but you can click the icon to allow or deny notifications.

There are more changes under the covers. A new privacy feature claims to block "fingerprinting", which is where sites try to identify sufficient information about your device, via legitimate browser APIs, to enable user tracking even when tracking cookies are blocked.

"Firefox 72 protects users against fingerprinting by blocking all third-party requests to companies that are known to participate in fingerprinting," said Mozilla on Tuesday.

The feature is powered by a list of companies that do cross-site tracking, maintained by a third-party called Disconnect. Will this be sufficient? It is unlikely, and in fact is described as "our first step in stemming the adoption of fingerprinting technologies." Users serious about not being tracked should still look to VPNs and more specialist privacy-focused browsers.

Crossing the CSS

Developers will find a few new features in Firefox's developers tools. Watchpoints are breakpoints that fire when an object's property is either read or set. A full guide is here. There is also a new timings tab in the Network Monitor that shows queued, start and download times for each resource. In CSS, Shadow Parts are now enabled, described in the spec as a "more convenient and consistent syntax for something authors can already do with custom properties." CSS is sufficiently arcane that more convenience is always welcome.

Another new CSS feature is Motion Path that lets you animate a graphical element along a custom path, much easier to code than using the transform functions that would previously be necessary.

Firefox now has a four-weekly release cycle, and Firefox 72 has arrived right on schedule. Version 73 is due on 11 February. Considering the short release cycle, there is a lot packed into Firefox 72, suggesting that we can look forward to rapid evolution for Mozilla's browser.

With Microsoft revving up Edge 79, based on Chromium, for general availability on January 15, as well as increasing interest in other browsers like Brave and Vivaldi, can we expect Google Chrome's dominance to diminish? According to NetMarketShare, Chrome's piece of the pie went from 63.97 per cent to 63.87 per cent in the course of 2019, while Statcounter says it crept up from 61.72 per cent to 63.62 per cent. Both surveys also show small declines in Firefox usage. Apple is successful at keeping users on Safari on iOS and Mac, thanks to its control of those platforms, but for other browser vendors these figures suggest that persuading users to shift is more than challenging. ®

Updated to add

Mozilla on Wednesday issued version 72.0.1 and ESR 68.4.1 to close a security vulnerability (CVE-2019-17026) that was exploited in the wild. The flaw was discovered and reported by Qihoo 360 ATA.

Similar topics

Other stories you might like

  • Google Pixel 6, 6 Pro Android 12 smartphone launch marred by shopping cart crashes

    Chocolate Factory talks up Tensor mobile SoC, Titan M2 security ... for those who can get them

    Google held a virtual event on Tuesday to introduce its latest Android phones, the Pixel 6 and 6 Pro, which are based on a Google-designed Tensor system-on-a-chip (SoC).

    "We're getting the most out of leading edge hardware and software, and AI," said Rick Osterloh, SVP of devices and services at Google. "The brains of our new Pixel lineup is Google Tensor, a mobile system on a chip that we designed specifically around our ambient computing vision and Google's work in AI."

    This latest Tensor SoC has dual Arm Cortex-X1 CPU cores running at 2.8GHz to handle application threads that need a lot of oomph, two Cortex-A76 cores at 2.25GHz for more modest workloads, and four 1.8GHz workhorse Cortex-A55 cores for lighter, less-energy-intensive tasks.

    Continue reading
  • BlackMatter ransomware gang will target agriculture for its next harvest – Uncle Sam

    What was that about hackable tractors?

    The US CISA cybersecurity agency has warned that the Darkside ransomware gang, aka BlackMatter, has been targeting American food and agriculture businesses – and urges security pros to be on the lookout for indicators of compromise.

    Well known in Western infosec circles for causing the shutdown of the US Colonial Pipeline, Darkside's apparent rebranding as BlackMatter after promising to go away for good in the wake of the pipeline hack hasn't slowed their criminal extortion down at all.

    "Ransomware attacks against critical infrastructure entities could directly affect consumer access to critical infrastructure services; therefore, CISA, the FBI, and NSA urge all organizations, including critical infrastructure organizations, to implement the recommendations listed in the Mitigations section of this joint advisory," said the agencies in an alert published on the CISA website.

    Continue reading
  • It's heeere: Node.js 17 is out – but not for production use, says dev team

    EcmaScript 6 modules will not stop growing use of Node, claims chair of Technical Steering Committee

    Node.js 17 is out, loaded with OpenSSL 3 and other new features, but it is not intended for use in production – and the promotion for Node.js 16 to an LTS release, expected soon, may be more important to most developers.

    The release cycle is based on six-monthly major versions, with only the even numbers becoming LTS (long term support) editions. The rule is that a new even-numbered release becomes LTS six months later. All releases get six months of support. This means that Node.js 17 is primarily for testing and experimentation, but also that Node.js 16 (released in April) is about to become LTS. New features in 16 included version 9.0 of the V8 JavaScript engine and prebuilt Apple silicon binaries.

    "We put together the LTS release process almost five years ago, it works quite well in that we're balancing [the fact] that some people want the latest, others prefer to have things be stable… when we go LTS," Red Hat's Michael Dawson, chair of the Node.js Technical Steering Committee, told The Register.

    Continue reading

Biting the hand that feeds IT © 1998–2021