The Fusion project on the merge of Tor Browser and Firefox

has been launched. <{full}>
The Fusion project on the merge of Tor Browser and Firefox Activists Tor
about the beginning of the project
(translated as "merging", but also represents the abbreviation Firefox USIng Onions). This is a project to integrate Tor Browser functions directly into Firefox.
As you know, Tor Browser is built on the basis of Firefox ESR with a bunch of patches specific to Tor. Developers of an anonymous browser is not very comfortable to spend time relocating these patches from one repository to another. Therefore, several years ago, together with Mozilla, the Uplift project was organized, which included the automatic inclusion of ...
+ 0 -

DoH in pictures

Threats to privacy and security on the Internet are becoming more serious. We in Mozilla closely monitor them. We consider it our responsibility to do everything possible to protect Firefox users and their data.
We are concerned about companies and organizations that secretly collect and sell user data. So we added protection against tracking and created Facebook container extension . In the coming months, there will be even more protective measures.
DoH in pictures  
Now we add two more technologies to the ...
+ 0 -

From Chrome, the "Protected" icon will disappear for HTTPS sites, and this is correct

From Chrome, the "Protected" icon will disappear for HTTPS sites, and this is correct  
A few months ago, the developers of Chrome announced , which in July 2018 will begin to be marked as unsafe all HTTP pages. The "Not secure" icon appears in the address bar next to the URL.
This is an important innovation, because people are taught to avoid sites that have not installed a TLS certificate to encrypt traffic. After all, these sites really endanger users. For example, providers and other intruders can inject advertisements, cryptomayers and other malicious content into unencrypted traffic. In a survey on Habré ...
+ 0 -

Polymer 3.0 on Google I /O 2108


At the moment, as many people know, is the annual Google I /O conference, in which a new version of the library for working with web application interfaces was presented. Polymer ???r3r363. (video in English):

is that this library is built on the basis of the modern group of standards Web-components . This means that its compositional capabilities (in much the same way as React or Vue) are implemented not with the meta-platform and js-abstractions on top of the usual DOM, but at the browser level, which opens a number of truly remarkable features ...[/h]
+ 0 -

Save JS and CSS resources in the Local store of the browser

The question is whether to store jаvascript and css web page resources in the LocalStorage browser or let it run caching itself, does not have an unambiguous answer. There are pros and cons. From my point of view, the main plus - download speed - outweighs everything else. This is very well felt by users of EDGE and 3G.
For the fans of the standard browser cache proudly showing the word "Cached" in Developer Tools, I advise you to open Fiddler and see that for each cached resource for the 304 HTTP response there is still a request. Then I advise you to go to something like and see ...
+ 0 -

Can I trust my Chrome Sync and Firefox passwords?

Recently I wrote about insufficient protection of locally saved passwords in Firefox . As some readers have correctly pointed out, an attacker with physical access to your device is not the main threat. So let's take a look at how browser developers protect your passwords when they are transferred to the cloud. Both Chrome and Firefox provide a synchronization service that can download not only the saved passwords, but also cookies, and the history of page views. How safe is this service?
TL; DR: currently the answer is "no". Both services have weaknesses in defense. However...
+ 0 -

Protection against the creative abuse of HSTS

HTTP Strict Transport Security (HSTS) is a security standard that allows a website to declare itself available to only by safe connections, and browsers are given the information for the redirect. Web browsers with HSTS support still do not allow users to ignore certificate errors on servers.
Apple uses HSTS, for example, on , so every time you try to go to an unprotected address From the address bar of the browser or by reference there is an automatic redirect to . This ...
+ 0 -

Let's Encrypt began issuing wildcard certificates

Let's Encrypt began issuing wildcard certificatesLet's Encrypt stepped over an important milestone - since March 14 everyone can get a free SSL /TLS certificate of the type
. An example of an installed certificate:
announced about the launch of ACMEv2 (Automated Certificate Management Environment), which is finally allows you to get a wildcard certificate. Initially, it was planned to start issuing them in ...
+ 0 -

Hidden JS-mining in the browser

Hidden JS-mining in the browser
On the threshold of NeoQUEST we like to share different stories that indirectly can help the participants when completing assignments. This time we tell a completely real story about the hidden JS-mining in the user's browser, desperately hinting that in NeoQUEST-2018 will that pomainit!
Theme before was already climbing Habré , but the fantasy of virus writers is inexhaustible! We recently discovered a more extensive use of JS mining on the user's browser. Be vigilant, hrabrayzer, and welcome under the cut: tell all about it in more detail!
+ 0 -