Mozilla on Tuesday released Firefox 69 with the browser’s anti-tracking technology switched on by default for all users.
The organization’s security engineers also patched 20 vulnerabilities, one tagged “Critical” and 11 marked “High,” the organization’s two top threat ratings. The single critical flaw only affected Windows, Mozilla said in its patching commentary.
Firefox 69 can be downloaded from Mozilla’s site for Windows, macOS and Linux. Because it updates in the background, most users need only relaunch the browser to get the latest version. To manually update, pull up the menu under the three horizontal bars at the upper right, then click the help icon (the question mark within a circle). Choose “About Firefox.” The resulting page shows that the browser is either up to date or explains the refresh process.
Mozilla updates Firefox every six to eight weeks; it last upgraded the browser on July 9.
You get ETP and you get ETP and …
Mozilla first turned on Enhanced Tracking Protection (ETP) in June, but at the time limited the setting to new-to-Firefox users. However, existing customers could flip the ETP switch themselves using the Preferences screen.
With Firefox 69, Mozilla has enabled ETP for all users. By default, “Content Blocking” – the feature’s name in Firefox’s Preferences – is set to “Strict,” the strongest protection available. Users can reset that to “Standard” or “Custom,” or even turn off everything by clearing all choices in the latter.
Mozilla said that prior to Firefox 69’s debut, more than 20% of all Firefox users had ETP engaged, signaling that a significant number of existing users had manually enabled ETP in the past three months. “With today’s release, we expect to provide protection for 100% of our users by default,” wrote Marissa Wood, vice president of product at Mozilla, in a Sept. 3 post to a company blog.
ETP has taken a crooked road to release. Tracing its linage to 2015’s “Tracking Protection,” Mozilla got serious about the concept two years ago, when it broke the technology out of the private-browsing bubble. In October 2018, it named the feature ETP and set Firefox 65, slated to release in January 2019, as the on-by-default target. Problems persisted, however – in several instances Mozilla said the technology was breaking too many sites – and delays were inserted for more testing. Finally, Mozilla used a “soft opening” for ETP in June, limiting the automatic on-by-default to new users as a final quality control check.
Wood spelled out additional information about ETP in her Tuesday post.
Block this, block that
Also in Firefox 69, Mozilla’s developers enhanced the choices for autoplay, the habit by sites to immediately start playing video on the computer screen and blasting audio from its speakers.
Firefox has automatically blocked autoplay of audio since March and version 66. Video with accompanying audio was also stopped from playing. But if a video provider muted the audio, Firefox let the former play. With Firefox 69, users can select “Block Audio and Video” to stop such video from automatically playing.
That setting is at Preferences > Privacy & Security > Permissions > Autoplay > Settings > Default for all websites.
This version of Firefox also took the next step in Mozilla’s kill-Flash process.
The browser lost the “Always Activate” option for Flash, meaning that every request to run the player software must be user approved. From this point forward, the only settings are “Ask to Activate,” the default, and “Never Activate.”
This move was previously announced by Mozilla (check out the “Plugin Roadmap for Firefox” here) and should be the last step before all Flash support is yanked from non-enterprise copies. (The Extended Support Release, or ESR, will continue to support Flash until the end of 2020.)
The next version of the browser, Firefox 70, should release Oct. 22.