In order to clearly highlight risk to the user, starting this month in Firefox 51 web pages which collect passwords but don’t use HTTPS will display a grey lock icon with a red strike-through in the address bar.

• Chromium-based browsers do not support user styles
• Chromium-based browsers can’t block data URI-based requests through the webRequest API.
• Chromium-based browsers are being “infested” by Instart Logic tech which works around blockers and worst, around browser privacy settings (they may start “infecting” Firefox eventually, but that is not happening now).
• I am not aware of any anti-fingerprinting initiative taken up with Chromium, unlike with Firefox.
• Etc.

There is much more I could list here. It baffles me that some people thinks Firefox is becoming a “Chrome clone”, it’s just not the case, it’s just plain silly to make such statement.

To help users browse the web safely, Chrome indicates connection security with an icon in the address bar. Historically, Chrome has not explicitly labelled HTTP connections as non-secure. Beginning in January 2017 (Chrome 56), we’ll mark HTTP pages that collect passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.

The purpose of Instart Logic technology is to disguise 3rd-party requests as 1st-party requests, thus bypassing content blockers, and even the ability of browsers to block 3rd-party cookies (because they are stored as 1st-party cookies)

Note: The extension is useful only for Chromium-based browsers. There is no need for such an extension so far on Firefox, and thus there is no version for Firefox.

Facebook uses an internal database to track rivals, including young startups performing unusually well, people familiar with the system say. The database stems from Facebook’s 2013 acquisition of a Tel Aviv-based startup, Onavo, which had built an app that secures users’ privacy by routing their traffic through private servers. The app gives Facebook an unusually detailed look at what users collectively do on their phones, these people say.

The tool shaped Facebook’s decision to buy WhatsApp and informed its live-video strategy, they say. Facebook used Onavo to build its early-bird tool that tips it off to promising services and that helped Facebook home in on Houseparty.

In January, we began our quest to improve how Chrome communicates the connection security of HTTP pages. Chrome now marks HTTP pages as “Not secure” if they have password or credit card fields. Beginning in October 2017, Chrome will show the “Not secure” warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.

As part of the Tor uplift project, we are going to implement anti-fingerprinting protection [1] in Firefox.

This bug is used as the meta bug of all anti-fingerprinting features.

Reference:
[1] Cross-Origin Fingerprinting Unlinkability
https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability

This demo showcases a reverse image search algorithm which performs 2D affine transformation-invariant partial image-matching in sublinear time. The algorithm compares an input image to its database of preprocessed images and determines if the input matches any image in the database. The database need not contain the original image as inputs can be matched to any 2D affine transformation of the original. This means that images which have been scaled (uniformly or non-uniformly), skewed, translated, cropped or rotated (or have undergone any combination of these transformations) can be identified as coming from the same source image (Figure 1).

The algorithm runs in sublinear time with respect to the number of images in the database regardless of the number of transformations applied. Note that if image-matching could not be done in sublinear time it would not function at the scale that the likes of Google or Microsoft require.