Mozilla to Start Prio Testing

Prio is a service, designed to protect the personal data of users in the collected statistics
31 October 2018   554

Mozilla representatives spoke about the principles of operation and the first results of testing the Prio service. The tool was developed at the Computer Science Department at Stanford University by Ph.D. Henry Corrigan-Gibbs and Professor Dan Boneh to protect the personal data of users in the collected statistics.

Most browsers and many other applications are equipped with mechanisms for collecting statistics. Thanks to the information received, developers can quickly respond to problems arising in the course of software operation by amending their product. As a rule, the user can decide for himself whether he wants the application to collect statistics on his device. However, for this to happen, he needs to be confident in his safety and anonymity.

Prio works on the principle of information sharing. Software developers do not need individual data of each user, sufficiently collected and processed anonymous statistics. Prio divides the data collected by the application into several parts and sends it to different servers. Separation is carried out in such a way that each individual part does not carry meaningful information. To gain access to the data, attackers will have to hack all the servers in the system.

Mozilla engineers suggest using additional servers owned by a third party. Personal data of the user will be under threat only in case of bad faith or negligence of all participants in the scheme.

The servers in the network process the received information and give anonymous statistics to software developers. As an example, the creators of the system lead the collection of data on the location of users. Prio receives data on the location of each device, but even the owners of servers do not have access to this information. Software developers receive processed information showing the overall distribution of users on the map.

Mozilla has already started testing a new tool. Data collection using Prio is carried out in parallel with the work of Telemetry, the standard system of the Firefox browser. The statistics obtained from both tools is verified. For six weeks of testing, developers have eliminated several problems, and now the data collected by the two systems completely coincide. The creators of Firefox are planning a few more months of testing.

In the current research phase, developers are not ready to state where and how Prio will be applied. This decision will be made based on the results of the final testing.

It is difficult to say how long it will be before the implementation of the security technology created at Stanford in the software. A known vulnerability in the password manager of the Firefox browser has remained untouched for nine years.

Node.js v12.0.0 to be Rolled Out

It has giant list of updates, improvements and changes
24 April 2019   98

The release of Node.js 12.0.0, a platform for executing network applications in JavaScript, is available. Node.js 12.0 refers to branches with a long period of support, but this status will be assigned only in October, after stabilization. Updates for LTS branches are issued for 3 years. Support for the last LTS branch of Node.js 10.0 will last until April 2021, and the year before last LTS-branch 8.0 until January 2020. Support for the intermediate branch Node.js 11.0 will be discontinued in June 2019. The lifetime of the LTS branch 6.0 will end on April 30.

These are some of the large list of updates and new staff:

  • V8 engine was updated to version 7.4 with support for asynchronous stack traces, increasing await performance, parsing JavaScript and calls when the actual and declared number of arguments does not match;
  • TLS 1.3 is now¬†supported in the tls module and TLS 1.0 / 1.1 is shutdown by default;
  • Enhancing protection and checks on the size of allocated memory in the Buffer class;

Get more info at official website.