In the fight to protect your PC and privacy, Firefox is on the front line

mozilla's project things

(in)Secure is a weekly column that dives into the rapidly escalating topic of cybersecurity.

Of all browsers, Firefox arguably has the longest history of keeping security at the front of its mind, both technically and philosophically. The browser’s parent company, Mozilla, is an active participant in many cyber-security initiatives; it filed suit against the FCC over net neutrality, eagerly adopted Do Not Track when it debuted, and has partnered with The Washington Post to improve online comments.

how firefox protects you from intel cpu flaws facebook leaks more dave camp mozilla headshot
Dave Camp, Vice President of Engineering at Mozilla. Mozilla

Recent events of the last year have put a new, intense spotlight on security and privacy, as nearly everyone has been impacted by security issue recently – be it a processor security flaw or the breach of a major company, like Equifax.

This week’s column is an interview with Dave Camp, Vice President of Engineering, Mozilla at Firefox. We visited Mozilla’s Portland, Oregon office to discuss looming security threats, such as the Meltdown and Spectre flaws that impact Intel processors, and Facebook’s privacy debacle.

Digital Trends: Recent problems like Meltdown and Ryzenfall have made it seem there’s a hoard of security issues lurking in every device. As a browser developer, how do you respond to a problem like that, one that impacts hardware at a very low level?

Dave Camp: The first thing we do is when we hear these things, we figure out what we can do to quickly mitigate the problem. So, when we first found out about Meltdown and Specter, for example, the quickest thing we were able to do is just change the resolution of our timers so that it was harder for attackers to take advantage of that.

Browsers are in a unique position. We have to be the first line of defense.

Then we work with other browser vendors, we find fixes, we do our best to work around it, and we encourage users to upgrade – though with Spectre, that’s not always possible. We do our best to work with security researchers and other browser vendors to find fixes and roll them out quickly.

Browsers are in a unique position because it is our job to take untrusted code and run it on your machine. And so, a lot of times we have to be the first line of defense. Even if it’s the hardware vendor’s responsibility, we have a responsibility to our users to do what we can to mitigate these attacks.

Today, Mozilla’s Firefox launched a new Facebook Container add-on to prevent social media tracking, which I thought was an interesting development. From an engineering perspective, how does an add-on like that function?

Firefox’s had a feature in our engine for a while called Firefox containers. What the containers do is they isolate things like cookies and sessions to a specific tab on a specific site. So, when you install a Facebook container it makes sure that any time you visit Facebook.com, it’s setting up new sessions and setting up new cookies.

It’s not sharing those cookies with other tabs. So, let’s say you navigate away from Facebook over to Food.com. If Food.com loads a Facebook plus one button, typically Facebook sees that cookie, can tie it to your login on Facebook, and can track you that way. Because this container scopes that down to just Facebook.com, when you go to Food.com and see a plus one button on Facebook, it doesn’t see that you’re logged in. It tries to keep separate applications separate so that they can’t see each other and prevent Facebook from getting information from that site.  

Is the container feature core to Firefox, or something only enabled by this add-on?

The browser has this functionality that’s not exposed to users. We’ve been trying different ways to expose it. Another add-on that’s just called Firefox containers lets you configure all this and figure out how you want to set up your containers.

Facebook is a particular point of interest right now

Facebook is a particular point of interest right now, so we built this add-on out and customized it to Facebook so users know how to interact with it.

The core containers add-on that we’ve already published is pretty advanced and takes an understanding of what you want to do, so we just released this one that’s easy for Facebook.

Editor’s note: Firefox pointed us to a blog post that explains the feature in-depth.

How does Quantum fit into your efforts? On a performance level, it’s built for better use of multiple cores – but what does it do for security and privacy?

Firefox Quantum really represented this rethinking of how we build the browser and how we pay attention to performance. We don’t typically use the Quantum project as a release of security features, but we do have a security roadmap that runs alongside the Quantum project.

malware and the internet firefox quantum welcome

The major piece we have there is content process sandboxing. We kind of work with the operating system to say “this is not trusted,” so the OS can try and prevent the browser from compromising the system. It’s an extra layer of security around the security we’re trying to do within the browser.

As we work through our security program with the next year, we’re working to tighten up our sandbox to find more ways to get the operating system to help us be secure.

What do you think is the next major security issue that browser developers should, as a community, take on?

I think all browsers are going to have to spend significant time understanding the Spectre vulnerabilities. That is going to take a lot of work, and we spend a lot of time understanding how it works, and all the implications of it.

This interview has been edited and condensed for clarity.

Product Review

With its gem-cut design, HP’s near-perfect Spectre x360 2-in-1 is a shining jewel

HP’s updated Spectre x360 13 is dubbed “gem-cut” for a reason. It looks like a gem cutter went to work on the chassis, and the result is glorious. It’s also fast, well-built, and lasts long on a charge. What else could you need?
Emerging Tech

It’s not time travel, but scientists can turn back clock on a quantum computer

Physicists have demonstrated that they can wind back the clock on a quantum computer a fraction of a second. Don't get too excited about the prospect of human time travel any time soon, though.
Computing

The Edge browser is dying. Here's what we know about its replacement

There's a new Microsoft Chromium browser coming, and it looks like it will be replacing Edge for most people. Here's everything you need to know about this new browser, how you can use it, and when it's expected to come out.
Computing

Share encrypted files via Mozilla’s Firefox Send, a free file-sharing service

Software developer Mozilla has announced the release of its new, free file-sharing service, Firefox Send. It is expected to offer users a number of security features aimed at sending even large files for free.
Computing

Is 14 inches the perfect size for a laptop? These 4 laptops might convince you

If you're looking for the best 14-inch laptops, there are a number of factors to consider. You want good battery life, an attractive screen, solid performance, and a good build. Our favorites that do all that and more.
Gaming

Get Corsair’s best mechanical keyboard at a decent discount

From March 17 to 23, you can get one of the best mechanical keyboards around at a great price. The Corsair K95 RGB Platinum is normally $200, but this week you can pick one up from Amazon for $160.
Emerging Tech

Awesome Tech You Can’t Buy Yet: Write music with your voice, make homemade cheese

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it sure is fun to gawk!
Computing

Need more from your conference white board? The Surface Hub 2 should have it

The Surface Hub 2 could be the most expensive whiteboard ever made, but it should be a powerful and capable one. With the ability to connect several of the 50-inch displays together, the picture at least, should be gorgeous.
Computing

Teens using Google Docs as the modern version of passing notes in class

Google Docs is reportedly being used by teens as a secret communications app. Instead of passing notes, students are now using the software's live chat function or comment boxes to talk with their friends while in the middle of classes.
Emerging Tech

A.I.-generated text is supercharging fake news. This is how we fight back

A new A.I. tool is reportedly able to spot passages of text written by algorithm. Here's why similar systems might prove essential in a world of fake news created by smart machines.
Computing

Windows updates shouldn't cause problems, but if they do, here's how to fix them

Windows update not working? It's a more common problem than you might think. Fortunately, there are a few steps you can take to troubleshoot it and in this guide we'll break them down for you step by step.
Computing

Here’s how you can watch today’s Nvidia GTC 2019 keynote live

Nvidia's rumored 7nm Ampere graphics could debut soon. The company will be kicking off its GPU Technology conference at 2 p.m. PT today, Monday, March 18, and you can watch the opening keynote here.
Computing

After fourth attack, hacker puts personal records of 26M people up for sale

A serial hacker going by the name of Gnosticplayers is selling the personal data of 26 million people who have been using the services of six different companies from across the world.
Computing

HP’s Omen Mindframe headset keeps your ears chill, but might leave you lukewarm

The Omen Mindframe headset uses HP's FrostCap technology to keep ears cool during long gaming sections. While it delivers on keeping ears cool, it forgets some of the essentials of a quality gaming headset.