"Many people over the past few days have been lashing out at Mozilla," writes the blog Its FOSS, "for enabling Privacy-Preserving Attribution by default on Firefox 128, and the lack of publicity surrounding its introduction."

Mozilla responded that the feature will only run "on a few sites in the U.S. under strict supervision" — adding that users can disable it at any time ("because this is a test"), and that it's only even enabled if telemetry is also enabled.

And they also emphasize that it's "not tracking." The way it works is there's an "aggregation service" that can periodically send advertisers a summary of ad-related actions — again, aggregated data, from a mass of many other users. (And Mozilla says that aggregated summary even includes "noise that provides differential privacy.") This Privacy-Preserving Attribution concept "does not involve sending information about your browsing activities to anyone... Advertisers only receive aggregate information that answers basic questions about the effectiveness of their advertising."

More from It's FOSS: Even though Mozilla mentioned that PPA would be enabled by default on Firefox 128 in a few of its past blog posts, they failed to communicate this decision clearly, to a wider audience... In response to the public outcry, Firefox CTO, Bobby Holley, had to step in to clarify what was going on.

He started with how the internet has become a massive cesspool of surveillance, and doing something about it was the primary reason many people are part of Mozilla. He then expanded on their approach with Firefox, which, historically speaking, has been to ship a browser with anti-tracking features baked in to tackle the most common surveillance techniques. But, there were two limitations with this approach. One was that advertisers would try to bypass these countermeasures. The second, most users just accept the default options that they are shown...

Bas Schouten, Principal Software Engineer at Mozilla, made it clear at the end of a heated Mastodon thread that "[opt-in features are] making privacy a privilege for the people that work to inform and educate themselves on the topic. People shouldn't need to do that, everyone deserves a more private browser. Privacy features, in Firefox, are not meant to be opt-in. They need to be the default.

"If you are 'completely anti-ads' (i.e. even if their implementation is private), you probably use an ad blocker. So are unaffected by this."
This has already provoked a discussion among Slashdot readers. "It doesn't seem that evil to me," argues Slashdot reader geekprime. "Seems like the elimination of cross site cookies is a privacy enhancing idea." (They cite Mozilla's statement that their goal is "to inform an emerging Web standard designed to help sites understand how their ads perform without collecting data about individual people. By offering sites a non-invasive alternative to cross-site tracking, we hope to achieve a significant reduction in this harmful practice across the web.")

But Slashdot reader TheNameOfNick disagrees. "How realistic is the part where advertisers stop tracking you because they get less information from the browser maker...?"

Mozilla has provided simple instructions for disabling the feature:

• Click the menu button and select Settings.
• In the Privacy & Security panel, find the Website Advertising Preferences section.
• Uncheck the box labeled Allow websites to perform privacy-preserving ad measurement.

Longtime Slashdot reader Artem S. Tashkinov shares a report from The Hacker News: A group of security researchers from the Graz University of Technology have demonstrated a new side-channel attack known as SnailLoad that could be used to remotely infer a user's web activity. "SnailLoad exploits a bottleneck present on all Internet connections," the researchers said in a study released this week. "This bottleneck influences the latency of network packets, allowing an attacker to infer the current network activity on someone else's Internet connection. An attacker can use this information to infer websites a user visits or videos a user watches." A defining characteristic of the approach is that it obviates the need for carrying out an adversary-in-the-middle (AitM) attack or being in physical proximity to the Wi-Fi connection to sniff network traffic. Specifically, it entails tricking a target into loading a harmless asset (e.g., a file, an image, or an ad) from a threat actor-controlled server, which then exploits the victim's network latency as a side channel to determine online activities on the victim system.

To perform such a fingerprinting attack and glean what video or a website a user might be watching or visiting, the attacker conducts a series of latency measurements of the victim's network connection as the content is being downloaded from the server while they are browsing or viewing. It then involves a post-processing phase that employs a convolutional neural network (CNN) trained with traces from an identical network setup to make the inference with an accuracy of up to 98% for videos and 63% for websites. In other words, due to the network bottleneck on the victim's side, the adversary can deduce the transmitted amount of data by measuring the packet round trip time (RTT). The RTT traces are unique per video and can be used to classify the video watched by the victim. The attack is so named because the attacking server transmits the file at a snail's pace in order to monitor the connection latency over an extended period of time.

An anonymous reader quotes a report from Wired: When Microsoft CEO Satya Nadella revealed the new Windows AI tool that can answer questions about your web browsing and laptop use, he said one of the"magical" things about it was that the data doesn't leave your laptop; theWindows Recall system takes screenshots of your activity every five seconds and saves them on the device. But security experts say that data may not stay there for long. Two weeks ahead ofRecall's launch on new Copilot+ PCs on June 18, security researchers have demonstrated how preview versions of the tool store the screenshots in an unencrypted database. The researchers say the data could easily be hoovered up by an attacker. And now, in a warning about how Recall could be abused by criminal hackers, Alex Hagenah, a cybersecurity strategist and ethical hacker, has released a demo tool that can automatically extract and display everything Recall records on a laptop.

Dubbed TotalRecall -- yes, after the 1990 sci-fi film -- the tool can pull all the information that Recall saves into its main database on a Windows laptop. "The database is unencrypted. It's all plain text," Hagenah says. Since Microsoft revealed Recall in mid-May, security researchers have repeatedly compared it to spyware or stalkerware that can track everything you do on your device. "It's a Trojan 2.0 really, built in," Hagenah says, adding that he built TotalRecall -- which he's releasing on GitHub -- in order to show what is possible and to encourage Microsoft to make changes before Recall fully launches. [...] TotalRecall, Hagenah says, can automatically work out where the Recall database is on a laptop and then make a copy of the file, parsing all the data as it does so. While Microsoft's new Copilot+ PCs aren't out yet, it's possible to use Recall by emulating a version of the devices. "It does everything automatically," he says. The system can set a date range for extracting the data -- for instance, pulling information from only one specific week or day. Pulling one day of screenshots from Recall, which stores its information in an SQLite database, took two seconds at most, Hagenah says.

Included in what the database captures are screenshots of whatever is on your desktop -- a potential gold mine for criminal hackers or domestic abusers who may physically access their victim's device. Images include captures of messages sent on encrypted messaging apps Signal and WhatsApp, and remain in the captures regardless of whether disappearing messages are turned on in the apps. There are records of websites visited and every bit of text displayed on the PC. Once TotalRecall has been deployed, it will generate a summary about the data; it is also possible to search for specific terms in the database. Hagenah says an attacker could get a huge amount of information about their target, including insights into their emails, personal conversations, and any sensitive information that's captured by Recall. Hagenah's work builds on findings from cybersecurity researcher Kevin Beaumont, who has detailed how much information Recall captures and how easy it can be to extract it.

Microsoft's Windows Recall feature is attracting controversy before even venturing out of preview. From a report: The principle is simple. Windows takes a snapshot of a user's active screen every few seconds and dumps it to disk. The user can then scroll through the snapshots and, when something is selected, the user is given options to interact with the content.

Mozilla's Chief Product Officer, Steve Teixeira, told The Register: "Mozilla is concerned about Windows Recall. From a browser perspective, some data should be saved, and some shouldn't. Recall stores not just browser history, but also data that users type into the browser with only very coarse control over what gets stored. While the data is stored in encrypted format, this stored data represents a new vector of attack for cybercriminals and a new privacy worry for shared computers.

"Microsoft is also once again playing gatekeeper and picking which browsers get to win and lose on Windows -- favoring, of course, Microsoft Edge. Microsoft's Edge allows users to block specific websites and private browsing activity from being seen by Recall. Other Chromium-based browsers can filter out private browsing activity but lose the ability to block sensitive websites (such as financial sites) from Recall. "Right now, there's no documentation on how a non-Chromium based, third-party browser, such as Firefox, can protect user privacy from Recall. Microsoft did not engage our cooperation on Recall, but we would have loved for that to be the case, which would have enabled us to partner on giving users true agency over their privacy, regardless of the browser they choose."

Google plans to destroy a trove of data that reflects millions of users' web-browsing histories, part of a settlement of a lawsuit that alleged the company tracked millions of users without their knowledge. WSJ: The class action, filed in 2020, accused Google of misleading users about how Chrome tracked the activity of anyone who used the private "Incognito" browsing option. The lawsuit alleged that Google's marketing and privacy disclosures didn't properly inform users of the kinds of data being collected, including details about which websites they viewed. The settlement details, filed Monday in San Francisco federal court, set out the actions the company will take to change its practices around private browsing. According to the court filing, Google has agreed to destroy billions of data points that the lawsuit alleges it improperly collected, to update disclosures about what it collects in private browsing and give users the option to disable third-party cookies in that setting.

The agreement doesn't include damages for individual users. But the settlement will allow individuals to file claims. Already the plaintiff attorneys have filed 50 in California state court. Attorney David Boies, who represents the consumers in the lawsuit, said the settlement requires Google to delete and remediate "in unprecedented scope and scale" the data it improperly collected. "This settlement is an historic step in requiring honesty and accountability from dominant technology companies," Boies said.

The Supreme Court of Canada ruled today that police must now have a warrant or court order to obtain a person or organization's IP address. CBC News reports: The top court was asked to consider whether an IP address alone, without any of the personal information attached to it, was protected by an expectation of privacy under the Charter. In a five-four split decision, the court said a reasonable expectation of privacy is attached to the numbers making up a person's IP address, and just getting those numbers alone constitutes a search. Writing for the majority, Justice Andromache Karakatsanis wrote that an IP address is "the crucial link between an internet user and their online activity." "Thus, the subject matter of this search was the information these IP addresses could reveal about specific internet users including, ultimately, their identity." Writing for the four dissenting judges, Justice Suzanne Cote disagreed with that central point, saying there should be no expectation of privacy around an IP address alone. [...]

In the Supreme Court majority decision, Karakatsanis said that only considering the information associated with an IP address to be protected by the Charter and not the IP address itself "reflects piecemeal reasoning" that ignores the broad purpose of the Charter. The ruling said the privacy interests cannot be limited to what the IP address can reveal on its own "without consideration of what it can reveal in combination with other available information, particularly from third-party websites." It went on to say that because an IP address unlocks a user's identity, it comes with a reasonable expectation of privacy and is therefore protected by the Charter. "If [the Charter] is to meaningfully protect the online privacy of Canadians in today's overwhelmingly digital world, it must protect their IP addresses," the ruling said.

Justice Cote, writing on behalf of justices Richard Wagner, Malcolm Rowe and Michelle O'Bonsawin, acknowledged that IP addresses "are not sought for their own sake" but are "sought for the information they reveal." "However, the evidentiary record in this case establishes that an IP address, on its own, reveals only limited information," she wrote. Cote said the biographical personal information the law was designed to protect are not revealed through having access to an IP address. Police must use that IP address to access personal information that is held by an ISP or a website that tracks customers' IP addresses to determine their habits. "On its own, an IP address does not even reveal browsing habits," Cote wrote. "What it reveals is a user's ISP -- hardly a more private piece of information than electricity usage or heat emissions." Cote said placing a reasonable expectation of privacy on an IP address alone upsets the careful balance the Supreme Court has struck between Canadians' privacy interests and the needs of law enforcement. "It would be inconsistent with a functional approach to defining the subject matter of the search to effectively hold that any step taken in an investigation engages a reasonable expectation of privacy," the dissenting opinion said.

"The ambient light sensors present in most mobile devices can be accessed by software without any special permissions, unlike permissions required for accessing the microphone or the cameras," writes longtime Slashdot reader BishopBerkeley. "When properly interrogated, the data from the light sensor can reveal much about the user." IEEE Spectrum reports: While that may not seem to provide much detailed information, researchers have already shown these sensors can detect light intensity changes that can be used to infer what kind of TV programs someone is watching, what websites they are browsing or even keypad entries on a touchscreen. Now, [Yang Liu, a PhD student at MIT] and colleagues have shown in a paper in Science Advances that by cross-referencing data from the ambient light sensor on a tablet with specially tailored videos displayed on the tablet's screen, it's possible to generate images of a user's hands as they interact with the tablet. While the images are low-resolution and currently take impractically long to capture, he says this kind of approach could allow a determined attacker to infer how someone is using the touchscreen on their device. [...]

"The acquisition time in minutes is too cumbersome to launch simple and general privacy attacks on a mass scale," says Lukasz Olejnik, an independent security researcher and consultant who has previously highlighted the security risks posed by ambient light sensors. "However, I would not rule out the significance of targeted collections for tailored operations against chosen targets." But he also points out that, following his earlier research, the World Wide Web Consortium issued a new standard that limited access to the light sensor API, which has already been adopted by browser vendors.

Liu notes, however, that there are still no blanket restrictions for Android apps. In addition, the researchers discovered that some devices directly log data from the light sensor in a system file that is easily accessible, bypassing the need to go through an API. The team also found that lowering the resolution of the images could bring the acquisition times within practical limits while still maintaining enough detail for basic recognition tasks. Nonetheless, Liu agrees that the approach is too complicated for widespread attacks. And one saving grace is that it is unlikely to ever work on a smartphone as the displays are simply too small. But Liu says their results demonstrate how seemingly harmless combinations of components in mobile devices can lead to surprising security risks.

An anonymous reader quotes a report from Ars Technica: Google is updating the warning on Chrome's Incognito mode to make it clear that Google and websites run by other companies can still collect your data in the web browser's semi-private mode. The change is being made as Google prepares to settle a class-action lawsuit that accuses the firm of privacy violations related to Chrome's Incognito mode. The expanded warning was recently added to Chrome Canary, a nightly build for developers. The warning appears to directly address one of the lawsuit's complaints, that the Incognito mode's warning doesn't make it clear that Google collects data from users of the private mode.

Many tech-savvy people already know that while private modes in web browsers prevent some data from being stored on your device, they don't prevent tracking by websites or Internet service providers. But many other people may not understand exactly what Incognito mode does, so the more specific warning could help educate users. The new warning seen in Chrome Canary when you open an incognito window says: "You've gone Incognito. Others who use this device won't see your activity, so you can browse more privately. This won't change how data is collected by websites you visit and the services they use, including Google." The wording could be interpreted to refer to Google websites and third-party websites, including third-party websites that rely on Google ad services. The new warning was not yet in the developer, beta, and stable branches of Chrome as of today. It also wasn't in Chromium. The change to Canary was previously reported by MSPowerUser.

Incognito mode in the stable version of Chrome still says: "You've gone Incognito. Now you can browse privately, and other people who use this device won't see your activity." Among other changes, the Canary warning replaces "browse privately" with "browse more privately." The stable and Canary warnings both say that your browsing activity might still be visible to "websites you visit," "your employer or school," or "your Internet service provider." But only the Canary warning currently includes the caveat that Incognito mode "won't change how data is collected by websites you visit and the services they use, including Google." The old and new warnings both say that Incognito mode prevents Chrome from saving your browsing history, cookies and site data, and information entered in forms, but that "downloads, bookmarks and reading list items will be saved." Both warnings link to this page, which provides more detail on Incognito mode.

An anonymous reader quotes a report from Gizmodo: Facebook recently rolled out a new "Link History" setting that creates a special repository of all the links you click on in the Facebook mobile app. Users can opt-out, but Link History is turned on by default, and the data is used for targeted ads. The company pitches Link History as a useful tool for consumers "with your browsing activity saved in one place," rather than another way to keep tabs on your behavior. With the new setting you'll "never lose a link again," Facebook says in a pop-up encouraging users to consent to the new tracking method. The company goes on to mention that "When you allow link history, we may use your information to improve your ads across Meta technologies."

Facebook promises to delete the Link History it's created for you within 90 days if you turn the setting off. According to a Facebook help page, Link History isn't available everywhere. The company says it's rolling out globally "over time." This is a privacy improvement in some ways, but the setting raises more questions than it answers. Meta has always kept track of the links you click on, and this is the first time users have had any visibility or control over this corner of the company's internet spying apparatus. In other words, Meta is just asking users for permission for a category of tracking that it's been using for over a decade. Beyond that, there are a number of ways this setting might give users an illusion of privacy that Meta isn't offering. "The Link History doesn't mention anything about the invasive ways Facebook monitors what you're doing once you visit a webpage," notes Gizmodo's Thomas Germain. "It seems the setting only affects Meta's record of the fact that you clicked a link in the first place. Furthermore, Meta links everything you do on Facebook, Instagram, WhatsApp, and its other products. Unlike several of Facebook's other privacy settings, Link History doesn't say that it affects any of Meta's other apps, leaving you with the data harvesting status quo on other parts of Mark Zuckerberg's empire."

"Link History also creates a confusing new regime that establishes privacy settings that don't apply if you access Facebook outside of the Facebook app. If you log in to Facebook on a computer or a mobile browser instead, Link History doesn't protect you. In fact, you can't see the Link History page at all if you're looking at Facebook on your laptop."

Google has indicated that it is ready to settle a class-action lawsuit filed in 2020 over its Chrome browser's Incognito mode. From a report: Arising in the Northern District of California, the lawsuit accused Google of continuing to "track, collect, and identify [users'] browsing data in real time" even when they had opened a new Incognito window. The lawsuit, filed by Florida resident William Byatt and California residents Chasom Brown and Maria Nguyen, accused Google of violating wiretap laws.

It also alleged that sites using Google Analytics or Ad Manager collected information from browsers in Incognito mode, including web page content, device data, and IP address. The plaintiffs also accused Google of taking Chrome users' private browsing activity and then associating it with their already-existing user profiles. Google initially attempted to have the lawsuit dismissed by pointing to the message displayed when users turned on Chrome's incognito mode. That warning tells users that their activity "might still be visible to websites you visit."

Google is about to launch its grand plan to block third-party cookies in Chrome that many websites use to track your activity across the web for profit. From a report: Starting on January 4th, Google will start testing its new Tracking Protection feature that will eventually restrict website access to third-party cookies by default. It will come to a very small subset of Chrome users at the start, specifically to one percent of users globally. Afterward, Google plans to phase out the use of third-party cookies for all users in the second half of 2024.

If you're randomly selected to try Tracking Protection, Google will notify you when opening Chrome on desktop or Android. If there are issues detected by Chrome while you're browsing, a prompt will appear asking if you'd like to temporarily re-enable third-party cookies for the site.

Apple held talks with DuckDuckGo to replace Alphabet's Google as the default search engine for the private mode on Apple's Safari browser, but ultimately rejected the idea. From a report: The details of those talks -- and Apple's discussions about buying Microsoft's Bing search engine in 2018 and 2020 -- were revealed late Wednesday in transcripts unsealed by the judge overseeing the US government's antitrust trial against Google. US District Judge Amit Mehta ruled Wednesday that he would unseal the testimony of DuckDuckGo Chief Executive Officer Gabriel Weinberg and Apple executive John Giannandrea, both of whom testified in the Washington trial in closed sessions. Weinberg testified that DuckDuckGo had about 20 meetings and phone calls with Apple executives, including the head of Safari, in 2018 and 2019 about becoming the default search engine for private browsing mode. In private mode, Safari doesn't track websites that a user visits or keep a history of what a person has accessed.

"We were talking about it, I thought they would launch it," Weinberg said, noting that Apple had integrated several of DuckDuckGo's other privacy technologies into Safari. "Multiple times we've gotten integrations all the way through the finish line. Really, almost everything we've pitched except for search." But Giannandrea, who joined Apple as the head of search in 2018, said that to his knowledge Apple hadn't considered switching to DuckDuckGo. In a February 2019 email to other Apple executives, Giannandrea said it was "probably a bad idea" to switch to DuckDuckGo for private browsing in Safari. "The motivating factor for setting DuckDuckGo as the default for private browsing was an assumption" that it would be more private, Giannandrea testified. Because DuckDuckGo relies on Bing for its search information, it also likely provides Microsoft some user information, he said, which led him to believe that DuckDuckGo's "marketing about privacy is somewhat incongruent with the details."

An anonymous reader quotes a report from Gizmodo: Google's Privacy Sandbox, a controversial set of tools and settings meant to replace third-party cookies, is now on almost every single Chrome browser, according to a company blog post published Thursday. Google says Privacy Sandbox is now available to around 97% of Chrome users, and that number will reach 100% in the next few months. The news comes on the heels of the browser's 15th anniversary, which Google is celebrating by redesigning Chrome to make it look and feel more closely aligned with the design paradigm of Android and the rest of the Google suite. The final step in this process comes in 2024, when Google will disable third-party cookies in Chrome for good, marking the end of their decades-long reign of privacy-violating terror.

Back in 2019, Google said the cookie era was coming to a close. In place of third-party cookies, Privacy Sandbox will implement a long list of new tools for the ad industry. Google, after all, makes all of its money by spying on you and turning the insights into ads, so it's not about to put itself out of business. In fairness, this new system is really more private, though it's private on Google's terms. The biggest change is "Ad Topics," a.k.a. the Topics API if you're a huge nerd who's been following this stuff for years. With Topics, Chrome will keep track of all the websites you're looking at and sort you into a variety of categories. This tracking happens in your browser and the data stays on your device. Neither Google nor anyone else gets to see your browsing history or learn anything about you as an individual throughout this process. Websites and advertising companies will know there's a person interested in a certain Topic, but they won't be able to tell who you are specifically.

There's also an extremely complicated technique websites can use to tag you with subjects they want you to see ads about, called "Site Suggested Ads." Google is also rolling out a tool called "Ad Measurement," which helps companies keep track of how well their ads are working through metrics such as the time of day you saw an ad and whether you clicked on it. Google gives users some control over how these tools are implemented. With the rollout of Privacy Sandbox comes new settings listed as "Ad privacy controls," which you can adjust in Chrome's preferences. Further reading: Chrome is About To Look a Bit Different

The Mozilla Foundation has started a petition to stop the French government from forcing browsers like Mozilla's Firefox to censor websites. "It would set a dangerous precedent, providing a playbook for other governments to also turn browsers like Firefox into censorship tools," says the organization. "The government introduced the bill to parliament shortly before the summer break and is hoping to pass this as quickly and smoothly as possible; the bill has even been put on an accelerated procedure, with a vote to take place this fall." You can add your name to their petition here.

The bill in question is France's SREN Bill, which sets a precarious standard for digital freedoms by empowering the government to compile a list of websites to be blocked at the browser level. The Mozilla Foundation warns that this approach "is uncharted territory" and could give oppressive regimes an operational model that could undermine the effectiveness of censorship circumvention tools.

"Rather than mandate browser based blocking, we think the legislation should focus on improving the existing mechanisms already utilized by browsers -- services such as Safe Browsing and Smart Screen," says Mozilla. "The law should instead focus on establishing clear yet reasonable timelines under which major phishing protection systems should handle legitimate website inclusion requests from authorized government agencies. All such requests for inclusion should be based on a robust set of public criteria limited to phishing/scam websites, subject to independent review from experts, and contain judicial appellate mechanisms in case an inclusion request is rejected by a provider."

Katie Malone writes via Engadget: "Tor" evokes an image of the dark web; a place to hire hitmen or buy drugs that, at this point, is overrun by feds trying to catch you in the act. The reality, however, is a lot more boring than that -- but it's also more secure. The Onion Router, now called Tor, is a privacy-focused web browser run by a nonprofit group. You can download it for free and use it to shop online or browse social media, just like you would on Chrome or Firefox or Safari, but with additional access to unlisted websites ending in .onion. This is what people think of as the "dark web," because the sites aren't indexed by search engines. But those sites aren't an inherently criminal endeavor.

"This is not a hacker tool," said Pavel Zoneff, director of strategic communications at The Tor Project. "It is a browser just as easy to use as any other browser that people are used to." That's right, despite common misconceptions, Tor can be used for any internet browsing you usually do. The key difference with Tor is that the network hides your IP address and other system information for full anonymity. This may sound familiar, because it's how a lot of people approach VPNs, but the difference is in the details. VPNs are just encrypted tunnels hiding your traffic from one hop to another. The company behind a VPN can still access your information, sell it or pass it along to law enforcement. With Tor, there's no link between you and your traffic, according to Jed Crandall, an associate professor at Arizona State University. Tor is built in the "higher layers" of the network and routes your traffic through separate tunnels, instead of a single encrypted tunnel. While the first tunnel may know some personal information and the last one may know the sites you visited, there is virtually nothing connecting those data points because your IP address and other identifying information are bounced from server to server into obscurity.

Accessing unindexed websites adds extra perks, like secure communication. While a platform like WhatsApp offers encrypted conversations, there could be traces that the conversation happened left on the device if it's ever investigated, according to Crandall. Tor's communication tunnels are secure and much harder to trace that the conversation ever happened. Other use cases may include keeping the identities of sensitive populations like undocumented immigrants anonymous, trying to unionize a workplace without the company shutting it down, victims of domestic violence looking for resources without their abuser finding out or, as Crandall said, wanting to make embarrassing Google searches without related targeted ads following you around forever.

The Washington Post's "Tech Friend" newsletter has the latest on Google's "Enhanced Safe Browsing" for Chrome and Gmail, which "monitors the web addresses of sites that you visit and compares them to constantly updated Google databases of suspected scam sites." You'll see a red warning screen if Google believes you're on a website that is, for example, impersonating your bank. You can also check when you're downloading a file to see if Google believes it might be a scam document. In the normal mode without Enhanced Safe Browsing, Google still does many of those same security checks. But the company might miss some of the rapid-fire activity of crooks who can create a fresh bogus website minutes after another one is blocked as a scam.

This enhanced security feature has been around for three years, but Google recently started putting a message in Gmail inboxes suggesting that people turn on Enhanced Safe Browsing.

Security experts told me that it's a good idea to turn on this safety feature but that it comes with trade-offs. The company already knows plenty about you, particularly when you're logged into Gmail, YouTube, Chrome or other Google services. If you turn on Enhanced Safe Browsing, Google may know even more about what sites you're visiting even if you're not signed into a Google account. It also collects bits of visual images from sites you're visiting to scan for hallmarks of scam sites.

Google said it will only use this information to stop bad guys and train its computers to improve security for you and everyone else. You should make the call whether you are willing to give up some of your privacy for extra security protections from common crimes.
Gmail users can toggle the feature on or off at this URL. Google tells users that enabling the feature will provide "faster and more proactive protection against dangerous websites, downloads, and extensions."

The Post's reporter also asked Google why it doesn't just enable the extra security automatically, and "The company told me that because Google is collecting more data in Enhanced Safe Browsing mode, it wants to ask your permission."

The Post adds as an aside that "It's also not your fault that phishing scams are everywhere. Our whole online security system is unsafe and stupid... Our goal should be to slowly replace the broken online security system with newer technologies that ditch our crime-prone password system for different methods of verifying we are who we say we are."

iOS 17 and macOS Sonoma include even more privacy-preserving features while browsing the web. From a report: Link Tracking Protection is a new feature automatically activated in Mail, Messages, and Safari in Private Browsing mode. It detects user-identifiable tracking parameters in link URLs, and automatically removes them.

Adding tracking parameters to links is one way advertisers and analytics firms try to track user activity across websites. Rather than storing third-party cookies, a tracking identifier is simply added to the end of the page URL. This would circumvent Safari's standard intelligent tracking prevention features that block cross-site cookies and other methods of session storage. Navigating to that URL allows an analytics or advertising service at the destination to read the URL, extract those same unique parameters, and associate it with their backend user profile to serve personalized ads.

OpenAI is adding support for plug-ins to ChatGPT -- an upgrade that massively expands the chatbot's capabilities and gives it access for the first time to live data from the web. From a report: Up until now, ChatGPT has been limited by the fact it can only pull information from its training data, which ends in 2021. OpenAI says plug-ins will not only allow the bot to browse the web but also interact with specific websites, potentially turning the system into a wide-ranging interface for all sorts of services and sites. In an announcement post, the company says it's almost like letting other services be ChatGPT's "eyes and ears." In one demo video, someone uses ChatGPT to find a recipe and then order the necessary ingredients from Instacart. ChatGPT automatically loads the ingredient list into the shopping service and redirects the user to the site to complete the order. OpenAI says it's rolling out plug-in access to "a small set of users." Initially, there are 11 plug-ins for external sites, including Expedia, OpenTable, Kayak, Klarna Shopping, and Zapier. OpenAI is also providing some plug-ins of its own, one for interpreting code and one called "Browsing," which lets ChatGPT get information from the internet.

Google has released optimization features designed to improve battery life and memory usage on machines running the latest version of its Chrome desktop web browser. From a report: Chrome's new Energy Saver and Memory Saver modes were first announced in December last year alongside the release of Chrome 108, and now as noted by Android Police, the two optimization utilities are starting to roll out globally onto Chrome 110 desktops for Mac, Windows, and Chromebooks.

Memory Saver mode essentially snoozes Chrome tabs that aren't currently in use to free up RAM for more intensive tasks and create a smoother browsing experience. Don't worry if you're a tab hoarder though, as these inactive tabs are still visible and can be reloaded at any time to pick up where you left off. Your most used websites can also be marked as exempt from Memory Saver to ensure they're always running at the maximum possible performance.

An anonymous reader quotes a report from The Verge: Darin Fisher has built a lot of web browsers. A lot of web browsers. He was a software engineer at Netscape early in his career, working on Navigator and then helping turn that app into Firefox with Mozilla. Then, he went to Google and spent 16 years building Chrome and ChromeOS into massively successful products. Last year, he left Google for Neeva, where he worked on ways to build a browser around the startup's search engine. And now, he's leaving Neeva to join The Browser Company and work on Arc, one of the hottest new browsers on the market. Arc, which has been in an invite-only beta for more than a year, is trying to rethink the whole browser UI. It has a sidebar instead of a row of tabs, offers a lot of personalization options, and is meant for people who live their computing life in a browser (which is increasingly most people). CEO Josh Miller often talks about building "the internet computer," too, and using the browser as a way to make the internet more useful.

Fisher has been an advisor to The Browser Company for a while, but Monday is his first official day at the company as a software engineer. Ahead of his new gig, Fisher and I got on a call to talk about why he thinks browsers are due for a reinvention -- and why he thinks a startup is the best place to do it. The answer starts with the browser's defining feature: tabs. Fisher doesn't hate tabs -- in fact, he helped popularize them. But he hates that using a modern browser involves opening a million of them, not being able to find them again, and eventually just giving up and starting all over again. "I remember when tabbed browsing was novel," Fisher says, "and helped people feel less cluttered because you don't have as many windows." But now, "even when I use Chrome," Fisher says, "I get a bunch of clutter. At some point, I just say, 'Forget it, I'm not even going to bother trying to sort through all these tabs. If it's important, I'll open it again.'" Browsers need better systems for helping you manage tabs, not just open more of them.

The best way to improve the browser, Fisher ultimately decided, is to just start from scratch. Arc is full of new ideas about how web browsers can work: it combines bookmarks and tabs into one app switcher-like concept; it makes it easy to search among your open tabs; it has built-in tools for taking notes and making shareable mini websites. The experience can be jarring because it's so different, but Fisher says that's part of what he's excited about. "This is not stuff people haven't talked about before," he says, "but actually putting it together and focusing on it and thinking about the small steps that go a long way, I think that's where there's so much opportunity." Fisher likes to compare a browser to an operating system, which matches with The Browser Company's idea that Arc isn't just a browser but rather an iOS-like system for the open web. "It has task management UI, it has UI for creating and starting a journey, but there's so much more in between," he says. What the iPhone did for native apps, Arc hopes to do for web apps. Fisher says he's interested in improving the way files move around the internet, for instance, finding a better way than the constant downloading and uploading we all do all day. He likes that Arc has a picture-in-picture mode that works by default, pulling your YouTube video out when you switch tabs. All these make the web feel more connected and cohesive rather than just a bunch of tabs in a horizontal line. The Browser Company also plans to reinvent the internet browser for mobile, too. On mobile, in particular, he says, "there are so many opportunities because the starting point is so archaic."

"He's vague on the details of his plans -- and The Browser Company hasn't really started working on a mobile browser yet anyway -- but says that's a big focus for him going forward," adds The Verge.