Mozilla is developing a feature in Firefox that would require some user interaction in order for Flash ads, Java scripts and other content that uses plugins to play. In addition to easing system slowdowns, the opt-in for Web plugins is expected to reduce threats posed by exploiting security vulnerabilities in plugins, including zero-day attacks. “Whether you hate them or love them, content accessed through plugins is still a sizable chunk of the web. So much so, that over 99% of internet users have Flash installed on their browser,” writes Mozilla’s Jared Wein, the lead software engineer on the project, in a blog post.

Nicholas Merrill is planning to revolutionize online privacy with a concept as simple as it is ingenious: a telecommunications provider designed from its inception to shield its customers from surveillance. Merrill, 39, who previously ran a New York-based Internet provider, told CNET that he’s raising funds to launch a national “non-profit telecommunications provider dedicated to privacy, using ubiquitous encryption” that will sell mobile phone service and, for as little as $20 a month, Internet connectivity. The ISP would not merely employ every technological means at its disposal, including encryption and limited logging, to protect its customers. It would also — and in practice this is likely more important — challenge government surveillance demands of dubious legality or constitutionality.

John Kiriakou, a former CIA officer from 1999 to 2004, was indicted on Thursday for allegedly disclosing classified information to journalists. The restricted disclosure included the name of a covert officer and information related to the role a CIA employee played in classified operations. His indictment comes following an investigation that was triggered by what the Department of Justice is calling a “classified defense filing” back in January 2009.

When the Internet was created, decades ago, one thing was inevitable: the war today over how (or whether) to control it, and who should have that power. Battle lines have been drawn between repressive regimes and Western democracies, corporations and customers, hackers and law enforcement. Looking toward a year-end negotiation in Dubai, where 193 nations will gather to revise a U.N. treaty concerning the Internet, Michael Joseph Gross lays out the stakes in a conflict that could split the virtual world as we know it.

Today, in conjunction with Hacker School, Etsy is announcing a new scholarship and sponsorship program for women in technology: we’ll be hosting the summer 2012 session of Hacker School in the Etsy headquarters, and we’re providing ten Etsy Hacker Grants of $5,000 each — a total of $50,000 — to women who want to join but need financial support to do so. Our goal is to bring 20 women to New York to participate, and we hope this will be the first of many steps to encourage more women into engineering at Etsy and across the industry.

Researchers at NQ Mobile have uncovered what they say may be the first Google Android bootkit. Dubbed DKFBootKit, the malware was spotted on third-party app stores. It originated in China, something it has in common with 31 percent of mobile malware, notes Xuxian Jiang, NQ Mobile’s chief scientist. In the past two weeks, DKFBootKit has infected more than 1,657 Android devices, he says.

Google announced a new plan this week to help news publishers make money: Readers will be presented with a short marketing survey they have to complete before reading an article. Google consumer surveys is a clever enough way for a publisher to get more revenue without putting up more ads — or a dreaded paywall — and Google says replies will be anonymous. As the poet Rumi once wrote, “I heard that lie.”

Standing in line at security at San Francisco International Airport not long ago, family in tow, I dutifully pulled the laptop out of my bag and placed it in a separate bin for its solo trip through the X-ray machine. I also had an iPad in my backpack, so I caught the eye of a security agent. “Excuse me, does the iPad come out too?” I asked. “Not here,” she said. “Other airports might be different.”

Ryan Cleary, the 19-year-old who was arrested last year for offences under the U.K.’s Criminal Law Act and Computer Misuse Act, has been returned to prison for violating the conditions of his bail. The Associated Press broke the news last week. Cleary, known for his association with LulzSec, was returned to prison after using the Internet to contact another LulzSec member, Hector Xavier Monsegur, last Christmas. As a condition of bail, Cleary was banned from using the Internet and from contacting anyone associated with Anonymous or LulzSec.

Ars recently attempted to delve into the inner workings of the security built into Apple’s iCloud service. Though we came away reasonably certain that iCloud uses industry best practices that Apple claims it uses to protect data and privacy, we warned that your information isn’t entirely protected from prying eyes. At the heart of the issue is the fact that Apple can, at any time, review the data synced with iCloud, and under certain circumstances might share that information with legal authorities. We consulted several sources to understand the implications of iCloud’s security and encryption model, and to understand what types of best practices could maximize the security and privacy of user data stored in increasingly popular cloud services like iCloud. In short, Apple is taking measures to prevent access to user data from unauthorized third parties or hackers. However, iCloud isn’t recommended for the more stringent security requirements of enterprise users, or those paranoid about their data being accessed by authorities.

A few weeks ago I saw a video that really stuck with me. It’s from a site called Skillshare, which focuses on a new form of education made available by advances in technology: the ability to “learn anything from anyone, anywhere.” Through online forums, Skillshare members create a worldwide community that connects anyone who wants to teach a skill with anyone who wants to learn it.