Mozilla announced that it will close two of its services: Firefox Send and Firefox Notes after discovering a large number of hackers who used these services to launch organized campaigns to target their victims and their devices with malicious files and spear phishing attacks to steal sensitive data without the users’ knowledge.
Firefox Send is a free file transfer service for sending encrypted files, which is very similar to the Wetransfer service. Mozilla described it as a file sharing tool with a focus on privacy, but it seems that they forgot the security part. The idea of encrypting sent files may protect the privacy of data, but it also encrypts malicious files, making it difficult for us to be detected and alerted to their presence.
The company said it was investigating reports of abuse, particularly malware kits. It began looking into how to improve abuse reporting capabilities, and said it would add a requirement that users have a Firefox account. But instead of improving it, it decided to close the service permanently because its budget did not allow it.
Firefox Notes, Mozilla says, was supposed to be an experiment to test new ways to sync encrypted data. Having served that purpose, it kept the product as a small utility for Firefox and Android users, but is now shutting it down and shutting it down completely in early November.
It is difficult not to look at Mozilla’s announcement of stopping its services in the context of the general challenges it is experiencing. If it had been in better financial shape, and not laid off about 25% of its employees this year, it might have kept Notes alive and perhaps tried to re-optimize Send.
But now, it has fewer options to experiment with, especially with free services, as it tries to refocus on Firefox and a few other core projects.
