Chrome AdBlock Joining Acceptable Ads Program (And Sold To Anonymous Company) 339

basscomm writes: Hot on the heels of the formation of the independent board to oversee "acceptable ads", users of the popular Chrome ad blocking extension, AdBlock, got notice that AdBlock is participating in the program, and that acceptable ads are being turned on by default. At the bottom of the announcement, buried in the fine print is word that AdBlock has been sold, but nobody will say to whom.

Google Shows Off 2 New Nexus Phones, a New Pixel, and More 208

Two of the products officially unveiled at Google's much-anticipated (at least much-hyped) release announcement were widely and correctly predicted: a pair of new Nexus phones. The flagship is the all-metal Huawei 6P, with a 5.7" AMOLED display (2,560x1,440), 3GB of RAM, and a Snapdragon 810 chip. The Huawei overshadows the nonetheless respectable second offering, the LG-made Nexus 5X, which makes concessions in the form of less RAM (2GB instead of the 6P's 3), smaller battery (2700mAh, instead of 3450) and a lesser Snapdragon chip inside (808, rather than 810). Both phones, though, come with USB-C and with a big upgrade for a line of phones not generally praised for its cameras: a large-pixel 12.3-megapixel Sony camera sensor. Much less predicted: Google announced a new bearer for the Pixel name, after its line of high-end Chromebooks; today's entrant is a tablet, not running Chrome, and it's running Android rather than Chrome OS. The Pixel C tablet will debut sometime later this year; google touts it as "the first Android tablet built end-to-end by Google." Also on the agenda today, news that Android 6 will start hitting Nexus devices next week.

Chrome For Android's Incognito Mode Saves Some of the Sites You Visit 69

An anonymous reader writes: A newly found bug in Google Chrome for Android means incognito mode really isn't as locked-down as it's designed to be. Some sites you visit while using the privacy feature are still saved, and can be retrieved simply by opening the browser's settings. Google Chrome for Android has had incognito mode since February 2012. Here is Google's official description of the feature: "If you don't want Google Chrome to save a record of what you visit and download, you can browse the web in incognito mode."

Modern Browsers Are Undefended Against Cookie-based MITM Attacks Over HTTPS 66

An anonymous reader writes: An advisory from CERT warns that all web-browsers, including the latest versions of Chrome, Firefox, Safari and Opera, have 'implementation weaknesses' which facilitate attacks on secure (HTTPS) sites via the use of cookies, and that implementing HSTS will not secure the vulnerability until browsers stop accepting cookies from sub-domains of the target domain. This attack is possible because although cookies can be specified as being HTTPS-specific, there is no mechanism to determine where they were set in the first place. Without this chain of custody, attackers can 'invent' cookies during man-in-the-middle (MITM) attacks in order to gain access to confidential session data.

Skype For Microsoft Edge Will Work From the Browser, No Plug-Ins Required 89

We mentioned a few months back Microsoft's beta of a browser-based intrerface to Skype. Now, reports Engadget, Skype will be able to work without a plug-in (as was required for the beta). However, it will work -- at least at first -- only with Microsoft's Edge browser. The latest Windows 10 Insider Preview build comes with Object RTC API. That's the element that allows real-time audio and video communication without the need for any installation not just for Skype for Web and, but also for other WebRTC-compatible services. To note, Chrome, Firefox and Safari all support WebRTC standards, but it's unclear if and when Skype will enable a plug-in-less experience for those browsers, as well.

Symantec Subsidiary Thawte Issues Rogue Google Certificates 103

New submitter jack_babylon writes: On September 14th, Symantec's subsidiary certificate authority Thawte accidentally released a "small number" of " "inappropriately issued" security certificates, apparently intended for internal testing only. However, the fact that these were logged in the wild by Google (and, apparently, DigiCert) seems to indicate that they escaped the lab, at least far enough for a false cert to raise the appropriate red flags. This sounds similar to the recent acts of poor judgement that got CNNIC's certs removed entirely from Firefox and Chrome, if more limited in scope and more quickly addressed (through, among other things, termination of some Symantec employees). (And like all reports one hopes go away quietly, these were released in the dead of a Friday night — h/t BoingBoing for noting this news.)

Crash Chrome With 16 Characters 205

An anonymous reader writes: Remember when it took just eight characters to crash Skype? Apparently it takes double that to take out Chrome: Typing in a 16-character link and hitting enter, clicking on a 16-character link, or even just putting your cursor over a 16-character link, will crash Google's browser. To try it yourself, fire up Chrome 45 (the latest stable version) or older and put this into your address bar: http: //a/%%30%30 (without the space).

Benchmark Battle, September 2015: Chrome Vs. Firefox Vs. Edge 137

An anonymous reader writes: The next browser battle is upon us. Edge has been out for more than a month, and its two biggest competitors have received significant updates: Chrome 45 and Firefox 40. This article puts all three through their paces, and each manages to win a few tests. Edge convincingly won the JetSteam and SunSpider JavaScript benchmarks, while also eking out a victory in Google's Octane test. Chrome was victorious in Mozilla's Kraken benchmark for JavaScript performance, while also edging out Firefox in HTML5Test and the Oort Online WebGL test. Firefox won the WebXPRT test that combines HTML5 and JavaScript performance, and also the Peacekeeper test for general browser performance. There's no clear dominant browser for performance, and none of the three are obvious laggards, either. Browser competition seems to be in a good place right now.

YouTube Reportedly Bypassing Ad Blockers On Google Chrome 296

An anonymous reader writes: YouTube users have lit up twitter today, angry about an apparent change of policy by Google, which now seems to be showing ads in front of videos on YouTube even when using Adblock. Neowin reports: "Google's workaround seems to be applicable to all similar extensions and isn't exclusive to just AdBlock Plus. The company has not stopped at just skirting the extension, however. Users with AdBlock enabled will now have to see full-length video ads with no option to skip them half-way through, a feature YouTube has offered for a very long time. The only way to get the option back is to disable AdBlock, or to whitelist YouTube."

Browser Makers To End RC4 Support In Early 2016 40

msm1267 writes: Google, Microsoft and Mozilla today announced they've settled on an early 2016 timeframe to permanently deprecate the shaky RC4 encryption algorithm in their respective browsers. Mozilla said Firefox's shut-off date will coincide with the release of Firefox 44 on Jan. 26. Google and Microsoft said that Chrome and Internet Explorer 11 (and Microsoft Edge) respectively will also do so in the January-February timeframe. Attacks against RC4 are growing increasingly practical, rendering the algorithm more untrustworthy by the day.

Chrome 45 Launches, Automatically Pauses Less Important Flash Content, Like Ads 92

An anonymous reader writes: Google today launched Chrome 45 for Windows, Mac, Linux, and Android with some expected changes and new developer tools. First and foremost, Chrome now automatically pauses less important Flash content (rolling out gradually, so be patient). This has been a longtime coming from both Google and Adobe, with the goal to make Flash content more power-efficient in Chrome: In March, a setting was introduced to play less Flash content on the page, but it wasn't turned on by default, and in June, the option was enabled in the browser's beta channel. Now it's being turned on for everyone.

Chrome To Freeze Flash Ads On Sight From September 1 190

An anonymous reader writes: Shaun Nichols from the Register reports that unimportant Flash content will be click-to-play by default in Google Chrome from September 1. He writes, "Google is making good on its promise to strangle Adobe Flash's ability to auto-play in Chrome. The web giant has set September 1, 2015 as the date from which non-important Flash files will be click-to-play in the browser by default – effectively freezing out 'many' Flash ads in the process. Netizens can right-click over the security-challenged plugin and select 'Run this' if they want to unfreeze an ad. Otherwise, the Flash files will remain suspended in a grey box, unable to cause any harm nor any annoyance."

Since-Pulled Cyanogen Update For Oneplus Changes Default Home Page To Bing 87

ourlovecanlastforeve writes: Nestled into GSMArena's report on the Cyanogen OS 12.1 update for Oneplus [ Note: an update that the story reports has since been pulled.] is this tasty bite: "'ll find out that your Chrome homepage has been changed to Bing." Then it's casually dismissed with "Thankfully though, you can easily get rid of Microsoft's search engine by using Chrome settings." as if this were the most normal thing to have to do after an OTA update. Is this the new normal? Has Microsoft set a new precedent that it's okay to expect users to have to go searching through every setting and proactively monitor network traffic to make sure their data isn't being stolen, modified or otherwise manipulated?

Big Changes From Mozilla Mean Firefox Will Get Chrome Extensions 192

Mozilla announced yesterday a few high-level changes to the way Firefox and Firefox extensions will be developed; among them, the introduction of "a new extension API, called WebExtensions—largely compatible with the model used by Chrome and Opera—to make it easier to develop extensions across multiple browsers." (Liliputing has a nice breakdown of the changes.) ZDNet reports that at the same time, "Mozilla will be deprecating XPCOM and XUL, the foundations of its extension system, and many Firefox developers are ticked off at these moves."

Amazon To Stop Accepting Flash Ads 221

An anonymous reader writes: Starting on September 1, Amazon will no longer support Flash across its advertising platform. The online retailer sites changes to browser support and a desire for customers to have a better experience as their reasons for blocking it. Google has been quite active recently in efforts to kill Flash; the Chrome beta channel has begun automatically pausing Flash, Google has converted ads from Flash to HTML5, and YouTube uses HTML5 by default now as well. Safari and Firefox also place limits on Flash content. Is Flash finally on its way out?

Firefox Will Run Chrome Extensions 152

An anonymous reader writes: Today Mozilla announced some big changes to its extension support. Their new addon API, WebExtensions, is mostly compatible with the extension model used by Chrome and Opera. In short, this means we'll soon see cross-platform browser extensions. They say, "For some time we've heard from add-on developers that our APIs could be better documented and easier to use. In addition, we've noticed that many Firefox add-on developers also maintain a Chrome, Safari, or Opera extension with similar functionality. We would like add-on development to be more like Web development: the same code should run in multiple browsers according to behavior set by standards, with comprehensive documentation available from multiple vendors."

Facebook Intern Gets Preemptive Ax For Exposing Security Flaw 103

Engadget reports that Harvard student Aran Khanna, who was about to begin an internship at Facebook, had that internship yanked after he created (and took down, but evidently too slowly for the company's taste) a browser plug-in that exposed a security flaw in Facebook, by allowing users to discover the location of other users when they use the Messenger app. Surely Khanna won't be jobless or internship-less for long. (Don't expect the app to work now; it's still in the Chrome store as a historical artifact, though, and at GitHub.)
Input Devices

Ask Slashdot: Why Is the Caps Lock Key Still So Prominent On Keyboards? 698

Esther Schindler writes: The developers at .io are into tracking things, I guess. In any case, a few weeks back they decided to track team performance in terms of keyboard and mouse activity during the working day. They installed a simple Chrome plugin on every Macbook and collected some statistics. For instance, developers have fewer keypresses than editors and managers—around 4k every day. Managers type more than 23k characters per day. And so on. Some pretty neat statistics.

But the piece that jumped out at me was this: "What's curious—the least popular keys are Capslock and Right Mouse Button. Somewhere around 0.1% of all keypresses together. It's time to make some changes to keyboards." I've been whining about this for years. Why is it that the least-used key on my keyboard is not just in a prominent position, but also bigger than most other keys? I can I invest in a real alternate keyboard with a different layout (my husband's a big fan of the Kinesis keyboards, initially to cope with carpal tunnel). But surely it's time to re-visit the standard key layout? What keys would you eliminate or re-arrange?

Chrome Extension Thwarts User Profiling Based On Typing Behavior 61

An anonymous reader writes: Per Thorsheim, the founder of PasswordsCon, created and trained a biometric profile of his keystroke dynamics using the Tor browser at a demo site. He then switched over to Google Chrome and not using the Tor network, and the demo site correctly identified him when logging in and completing a demo financial transaction. Infosec consultant Paul Moore came up with a working solution to thwart this type of behavioral profiling. The result is a Chrome extension called Keyboard Privacy, which prevents profiling of users by the way they type by randomizing the rate at which characters reach the DOM. A Firefox version of the plugin is in the works.

Gmail Messages Can Now Self-Destruct 204

New submitter Amarjeet Singh writes: Dmail is a Chrome extension developed by the people behind Delicious, the social bookmarking app/extension. This extension allows you to set a self-destruct timer on your emails. You can use Dmail to send emails from Gmail as usual, but you will now have a button which can set an self destruct timer of an hour, a day or a week. Dmail claims it will also unlock a feature that won't allow forwarding, meaning only the person you sent your message to will be able to see it.