Our Role in Protecting the Internet — With Your Help

Protecting the security of the Internet requires everyone. We talked about this theme in a recent post, and in this post we'll expand on the role Mozilla plays, and how our work supports and relies on the work of the other participants in the Web.

Building a secure browser

Firefox is a critical part of the Internet, and it's Mozilla's job to protect it.  Hundreds of millions of people use Firefox to connect to the web. That's a huge audience for the user-facing security features and protections we build into Firefox, but at the same time, a single security vulnerability can put all of our users at risk of having their computers or phones taken over by bad actors. So we put a lot of effort into finding and fixing vulnerabilities in Firefox as quickly as possible. In addition to our own team of expert bug-hunters, Mozilla runs one of the longest-standing bug bounty programs on the web in order to encourage security researchers to report security vulnerabilities. So far this year, independent researchers reported more than 130 serious vulnerabilities that we hadn't found yet. Without our community of security researchers, every Firefox user would be more at risk.

Mozilla is also investing in fundamental technologies to prevent these security vulnerabilities from arising in the first place. The Rust programming language is specially designed to ensure that several major types of security vulnerability simply can't happen, including the one that lead to the famous Heartbleed vulnerability. It is literally impossible to write a program in Rust that has one of these security vulnerabilities. Even though Rust started out at Mozilla, however, it wouldn't have been possible for it to mature so quickly into a production-ready language without more than 1,500 contributors helping get it there. We've started using Rust in Firefox for a few things, but other members of the community have already used Rust to create a Doom renderer, a replacement for core Unix utilities, and even a whole operating system — all inherently safe from large classes of security vulnerabilities.

Another way we're pushing the envelope on browser security is through our close collaboration with the Tor Project. The Tor Browser is a variant of Firefox that provides users with enhanced privacy features and the ability to browse the web anonymously. For example, the SecureDrop system uses Tor to let anonymous sources deliver documents to reporters without fear of being identified. We're tremendously grateful for all the new ideas and good code that the Tor community is contributing to the web, and we're working closely with the Tor Browser team to integrate their innovations into Firefox to give all users more privacy options.

Building a secure web

The web is not just Firefox, though — it's a whole network of computers, people, and companies working together. Mozilla security engineers are constantly working with other players in the web ecosystem to upgrade the security of the fundamental technologies that make the web work.

Part of the way we do this is through standards organizations, like the Internet Engineering Task Force and the World Wide Web Consortium. Those organizations serve as a meeting point for web browser makers, web server operators, and other people who want to help make the web better. Mozilla staff are leading efforts to do things like upgrading the basic encryption systems for the web and enhancing security for web logins. But these efforts only succeed when we do them in collaboration with lots of other organizations. For example, we recently got together with Google, Facebook, Cloudflare, INRIA, and others to test out the latest encryption protocols, and demonstrated several different systems from different vendors all working together.

Another role we play is as the maintainer of the Mozilla Root Certificate Program, which is used by Firefox and many other open-source projects to determine what digital certificates they should accept to identify websites. Maintaining trust in the digital certificate system is central to maintaining trust in the web, and Mozilla is the only browser with a fully open, community based process for making decision about which certificates are trusted.

Finally, sometimes we have to create a part of the ecosystem when we find one that's missing. A few years ago, we noticed that the complexity and expense of getting a certificate was holding back security in the web. So we teamed up with EFF, Cisco, Akamai, and others to create Let's Encrypt, a certificate authority that provides websites with certificate automatically and free of charge. In less than a year, Let's Encrypt has helped secure more than 14 million websites — most of which had never had security before. It wouldn't have been possible without the whole team of industry partners and community contributors.

Building a community around security

Of course, securing the Internet is not just a technical challenge. It requires a whole community of informed people to help guide companies and governments to make good decisions that make the Internet more secure. That's why earlier this year, we started a campaign to educate more people about encryption, and we continue to provide tools to educate people about how to stay safe on the Web.

We're also helping our peers in the open source community make their security better.  The Mozilla Open Source Support program has provided more than $800,000 in funding to open source projects this year, much of it focused on improving security. MOSS grants are supporting Tor, the TAILS privacy-enhanced operating system, the Caddy HTTP server (which provides automatic security), a bunch of security audits, and several other security projects across the open source ecosystem.

It takes a village

As you can see, our security work at Mozilla is deeply tied with work that the rest of the community is doing — independent researchers, government agencies, industry partners, interested users, and more. Every part of this intricate machine is critical; remove any part, and everyone gets less safe. If you'd like to follow along with what the Mozilla security team is up to, please keep an eye on our Security blog.

Read More

Mozilla Hosts Seventh Annual MozFest in London this weekend

Join us at MozFest 2016 this weekend: Fri 28 – Sun 30th October 2016

Now in its seventh year, MozFest is the world's go-to event for the free and open Internet movement. Part meeting place for like-minded individuals keen to share ideas; part playground for Web enthusiasts, hobbyist netizens and seasoned open source technonauts alike, part hack-a-thon; part living breathing creative brainstorm; part speaker-series; MozFest is a buzzy hive of activity. It  attracts thousands of visitors each year (1,800 in 2015) from as many as 50 countries around the world, making it the biggest unconference of its kind.

At its heart, MozFest is diverse and inclusive. Visitors can take part in over 400 peer to peer interactive and international 30-90 minute sessions over the weekend. Many sessions will be delivered in English, but for the first time ever certain sessions will also be available in Spanish, French, German, Arabic, Lithuanian or Japanese. MozFest sessions are incubators for great new ideas. This is the place where you can literally write an idea on the back of a napkin and see it brought to life by teaming up with awesome technologists. In fact, many Mozilla-owned projects were born at MozFest, including Lightbeam, a Firefox add-on that enables you to see the first and third party sites you interact with on the Web, and Mozilla's suite of free and open source learning tools that teach Web users how to read, write, and participate on the Web.

Five themes, ten spaces

This year, MozFest focuses on five key themes that are crucial to the free and open Web:

• Online Privacy & Security looks at how we can understand and control how our data is used and collected. How can we take stronger ownership of our digital identities?
• Open Innovation is about ensuring that the open ethos remains at the heart of the internet. Open source and open standards mean that anyone can create and innovate for the internet without permission.
• Decentralisation means that the devices and platforms we use can work with each other because they are based on the same standards. This allows information and content to flow smoothly and gives us all a better internet experience.
• Web Literacy refers to the skills people need to take part in the digital world. These skills empower people to create, shape and defend the Web.
• Digital Inclusion is all about making sure that anyone can take part in the digital world. Too many people remain excluded from the free and open internet. We want to fix that.

These themes are supported by ten spaces, each of which plays host to workshops, demos, discussions, interactive installations and collaborative sessions. Topics include Digital Arts and Culture, Journalism, Open Science, Open Badges, Fuel The Movement (EU Copyright reform), Localisation, Youth Zone, Demystify the Web, Dilemmas in Connected Spaces and MozEx, a digital art exhibition.

Seven things not to miss at MozFest

With 400+ sessions to chose from and an awesome speaker series, everywhere you go at Mozfest, you're bound to come across energising innovation, inspiring conversation and creative collaboration. Here are seven top picks you can't miss:

• Accessibility: at Mozilla, we believe the Web should be available to anyone, anywhere, wherever there is an Internet connection. A11y is a widely recognized Web numeronym that refers to human-computer interaction, specifically to Web accessibility among people with impairments. Our friends at #A11yHacks, Carousel, Drake Music & Shapearts are exploring accessibility issues at MozFest.
• Interactive Installations: among others, creative design agency TODO, the geniuses behind Codemoji are showcasing interactive, educational installations about Mozilla's five key issues, offering different perspectives on the Web.
• Virtual Reality: prefer virtual reality to the everyday reality of life? No problem. Mozilla's, A-Frame and A-Painter tools will be on site so you can navigate virtual worlds and create virtual reality experiences.
• Inaugural Speaker Series: recognizable names will take the stage in the "Dialogues + Debates" section of the festival to discuss the biggest issues facing the web, and society, today. Hear from academics researching surveillance and discrimination, technologists dedicated to upholding free speech and reporters covering the Syrian Civil War with open-source journalism. Meet the speakers here.
• Future of the Web: the internet is no longer defined by screens and keyboards — increasingly, it's all around us. It's imperative that the free and open ethos of the desktop era persists into new innovations, whether they be VR, wearables, or smart devices. That's why we're exploring the ethics of the Internet of Things in the new Dilemmas in Connected Spaces space
• MozEx: a digital art exhibition that explores links between art, society, and the digital world. Created by individual practitioners and curated by the Tate and the Victoria & Albert museums in London, the exhibit highlights the value of art to society through Web literacy, digital inclusion and accessibility, privacy, policy, and hacking.
• EU Copyright reform: reform copyright laws to enhance creativity and innovation.  Take part in interactive art installations, hands-on workshops, and lightning talks to learn what you can do about it.

The hottest ticket in town this weekend

At MozFest, there is no entry requirement, dress code or expectation – anyone, of any age, background or level of expertise, is invited to come as they are. Registration is quick and easy. Tickets cost from £3 for young people and £45 for adults. Tickets can be bought online in advance.

MozFest 2016 is held at Ravensbourne, a specialist university sector college whose mission is to creatively apply digital technology to design and communication.

More information

• Find out more about the speakers at MozFest here
• MozFest schedule – https://app.mozillafestival.org/#_spaces
• Getting there – https://mozillafestival.org/location
• Photos from MozFest 2016 will be uploaded here throughout the weekend

* note: the clocks go back / we gain one hour at 02.00am on Sunday 30th October – don't forget to change your clocks!

Read More

Bringing the Power of the Internet to the Next Billion and Beyond

Announcing Mozilla's Equal Rating Innovation Challenge, a $250,000 contest including expert mentorship to spark new ways to connect everyone to the Internet.

At Mozilla, we believe the Internet is most powerful when anyone – regardless of gender, income, or geography – can participate equally. However the digital divide remains a clear and persistent reality. Today more than 4 billion people are still not online, according to the World Economic Forum. That is greater than 55% of the global population. Some, who live in poor or rural areas, lack the infrastructure. Fast wired and wireless connectivity only reaches 30% of rural areas. Other people don't connect because they don't believe there is enough relevant digital content in their language. Women are also less likely to access and use the Internet; only 37% access the Internet versus 59% of men, according to surveys by the World Wide Web Foundation.

Access alone, however, is not sufficient. Pre-selected content and walled gardens powered by specific providers subvert the participatory and democratic nature of the Internet that makes it such a powerful platform. Mitchell Baker coined the term equal rating in a 2015 blog post. Mozilla successfully took part in shaping pro-net neutrality legislation in the US, Europe and India. Today, Mozilla's Open Innovation Team wants to inject practical, action-oriented, new thinking into these efforts.

This is why we are very excited to launch our global Equal Rating Innovation Challenge. This challenge is designed to spur innovations for bringing the members of the Next Billion online. The Equal Rating Innovation Challenge is focused on identifying creative new solutions to connect the unconnected. These solutions may range from consumer products and novel mobile services to new business models and infrastructure proposals. Mozilla will award US$250,000 in funding and provide expert mentorship to bring these solutions to the market.

We seek to engage entrepreneurs, designers, researchers, and innovators all over the world to propose creative, engaging and scalable ideas that cultivate digital literacy and provide affordable access to the full diversity of the open Internet. In particular, we welcome proposals that build on local knowledge and expertise. Our aim is to entertain applications from all over the globe.

The US$250,000 in prize monies will be split in three categories:

• Best Overall (key metric: scalability)
• Best Overall Runner-up
• Most Novel Solution (key metric: experimental with potential high reward)

This level of funding may be everything a team needs to go to market with a consumer product, or it may provide enough support to unlock further funding for an infrastructure project.

The official submission period will run from 1 November to 6 January. All submissions will be judged by a group of external experts by mid January. The selected semifinalists will receive mentorship for their projects before they demo their ideas in early March. The winners will be announced at the end of March 2017.

We have also launched www.equalrating.com, a website offering educational content and background information to support the challenge. On the site, you will find the 3 key frameworks that may be useful for building understanding of the different aspects of this topic. You can read important statistics that humanize this issue, and see how connectivity influences gender dynamics, education, economics, and a myriad of other social issues. The reports section provides further depth to the different positions of the current debate. In the coming weeks, we will also stream a series of webinars to further inform potential applicants about the challenge details. We hope these webinars also provide opportunities for dialogue and questions.

Connecting the unconnected is one of the greatest challenges of our time. No one organization or effort can tackle it alone. Spread the word. Submit your ideas to build innovative and scalable ways to bring Internet access to the Next Billion – and the other billions, as well. Please join us in addressing this grand challenge.

Further information: www.equalrating.com
Contact: equalrating@mozilla.com

Read More

Maker Party 2016: Stand Up for a Better Internet

Mozilla's annual celebration of making online is challenging outdated copyright law in the EU. Here's how you can participate

It's that time of year: Maker Party.

Each year, Mozilla hosts a global celebration to inspire learning and making online. Individuals from around the world are invited. It's an opportunity for artists to connect with educators; for activists to trade ideas with coders; and for entrepreneurs to chat with makers.

This year, we're coming together with that same spirit, and also with a mission: To challenge outdated copyright laws in the European Union. EU copyright laws are at odds with learning and making online. Their restrictive nature undermines creativity, imagination, and free expression across the continent. Mozilla's Denelle Dixon-Thayer wrote about the details in her recent blog post.

By educating and inspiring more people to take action, we can update EU copyright law for the 21st century.

Over the past few months, everyday internet users have signed our petition and watched our videos to push for copyright reform. Now, we're sharing copyright reform activities for your very own Maker Party.

Want to join in? Maker Party officially kicks-off today. Here are activities for your own Maker Party:

Be a #cczero Hero

In addition to all the amazing live events you can host or attend, we created a way for our global digital community to participate.

We're planning a global contribute-a-thon to unite Mozillians around the world and grow the number of images in the public domain. We want to showcase what the open internet movement is capable of. And we're making a statement when we do it: Public domain content helps the open internet thrive.

Check out our #cczero hero event page and instructions on contributing. You should be the owner of the copyright in the work. It can be fun, serious, artistic — whatever you'd like. Get started.

For more information on how to submit your work to the public domain or to Creative Commons, click here.

Post Crimes

Mozilla has created an app to highlight the outdated nature of some of the EU's copyright laws, like the absurdity that photos of public landmarks can be unlawful. Try the Post Crimes web app: Take a selfie in front of the Eiffel Tower's night-time light display, or the Little Mermaid in Denmark.

Then, send your selfie as a postcard to your Member of the European Parliament (MEP). Show European policymakers how outdated copyright laws are, and encourage them to forge reform. Get started.

Meme School

It's absurd, but it's true: Making memes may be technically illegal in some parts of the EU. Why? Exceptions for parody or quotation are not uniformly required by the present Copyright Directive.

Help Mozilla stand up for creativity, wit, and whimsy through memes! In this Maker Party activity, you and your friends will learn and discuss how complicated copyright law can be. Get started.

We can't wait to see what you create this Maker Party. When you participate, you're standing up for copyright reform. You're also standing up for innovation, creativity, and opportunity online.

Read More

Promoting Cybersecurity Awareness

We are happy to support National Cyber Security Awareness Month (NCSAM), a global effort between government and industry to ensure everyone has the resources they need to be safer, more secure and better able to protect their personal information online.

We've talked about how cybersecurity is a shared responsibility, and that is the theme for National Cybersecurity Awareness Month – the Internet is a shared resource and securing it is our shared responsibility. This means technology companies, governments, and even users have to work together to protect and improve the security of the Internet. We all have to do our part to make the Internet safer and more secure for everyone. This is a time for all Internet users to Stop. Think. Connect. This month, and all year long, we want to help you be more "CyberAware."

Our responsibility as a technology company is to create secure platforms, build features that improve security, and empower people with education and resources to better protect their security. At Mozilla, we have security features like phishing and malware protection built into Firefox, Firefox Add-ons focused on cybersecurity, and a checkup site to make sure Firefox and all your add-ons and plugins up to date, just to name a few.

But, the increasing incidents we've seen in the news show that as cybersecurity efforts and technology protections advance, so do the threats against Internet security. Now, more than ever, each Internet user has a responsibility to protect themselves and help protect those around them.

What can you do?

There are lots of tips, tools, and resources available to you to help protect your privacy and security online. Try to take advantage of the resources available to increase your cybersecurity awareness and digital literacy skills. We believe that creating awareness and giving people access to the right tools to learn basic Web literacy skills — like reading, writing, and participating online — opens new opportunities to better utilize the Web for your needs.

We'll list a few basic cybersecurity tips here, and you should also know how each of your devices, services, and accounts handles your private information.

These steps don't just protect people who care about their own security, they help create a more secure Internet for the billions of people online.

The basic steps to protect your cybersecurity include: (here's a fun infographic with these tips)

• Lock down your login: Use strong passwords and the strongest authentication tools available to protect your online accounts and personal information.
• Keep a clean machine: Make sure all your Internet connected devices, Web services, and apps are with up to date with the latest software and enable auto updates when you can.
• Remember- Personal information is like money: Value it and protect it- everything from your location to purchase history. Be aware and in control of what information is shared about you online.
• When in doubt, throw it out: Cybercriminals are sneaky and often use links in email, social media, and ads to steal your personal information. Even if you know the source, if something looks suspicious, don't click on it- delete it.
• Share with Care: Think before your post. Consider who will see the post and how it might be perceived, now or in the future. And, don't post something about someone else that you wouldn't want posted about yourself.
• Own Your Online Presence: Consider limiting how and with whom you share information online. Make sure to set your individual app and website privacy and security settings to meet your needs.

If you're interested in more ways you can protect your digital privacy, you should check out the Consumer Reports 10 minute digital privacy tuneup that Mozilla contributed to, or for even more tips, you can read the full article with 66 ways to protect your privacy.

To get more information and resources to promote a safer, more secure, and more trusted Internet all month long, visit: Stop.Think.Connect, Stay Safe Online, and the European Cyber Security Month website.

You can join Mozilla, National Cyber Security Alliance (NCSA) and others in a Stop. Think. Connect Twitter chat today at 12 pm PT for more about the basics of online safety. #CyberAware #ChatSTC. You can follow and use the official NCSAM hashtag #CyberAware on Twitter throughout the month.

We'll also continue to share more about important cybersecurity topics throughout the month.

 

Read More