Businesses

Ex-Google Exec Acknowledges Aggressively Seeking Exclusive Mobile Deals 10

Posted by msmash from the tussle-continues dept.
The Justice Department sought on Wednesday to show how Google did all it could to get people to use its search engine and build itself into a $1 trillion search and advertising giant on the second day of a once-in-a-generation antitrust trial. From a report: First out of the gate, the government questioned a former Google executive, Chris Barton, about billion-dollar deals with mobile carriers and others that helped make Google the default search engine. Barton, who was at Google from 2004 to 2011, said the number of Google executives working to win default status with mobile carriers grew dramatically when he was with the company, recognizing the potential growth of handheld devices and early versions of smartphones.

Google's clout in search, the government argues, has helped Google build monopolies in some aspects of online search advertising. Since search is free, Google makes money through advertising. The government says the Alphabet unit paid $10 billion annually to wireless companies like AT&T, device makers like Apple and browser makers like Mozilla to fend off rivals and keep its search engine market share near 90%. In revenue-sharing deals with mobile carriers and Android smartphone makers, Google pressed for its search to be the default and exclusive. If Microsoft's search engine Bing was the default on an Android phone, Barton said, then users would have a "difficult time finding or changing to Google."

Barton said on his LinkedIn profile that he was responsible for leading Google's partnerships with mobile carriers like Verizon and AT&T, estimating that the deals "drive hundreds of millions in revenue." Hal Varian, Google's chief economist, told the court that scale, or the number of search queries Google received, was important, but pushed back during questioning on how important. He also acknowledged giving a speech in which he said certain search queries, for instance for a tennis racquet, were important in effectively advertising to the person who made the query and to subsequent ad revenues.
Chrome

Google's Cookie Killing Tech Is Now On Almost Every Chrome Browser (gizmodo.com) 68

Posted by BeauHD from the significant-milestones dept.
An anonymous reader quotes a report from Gizmodo: Google's Privacy Sandbox, a controversial set of tools and settings meant to replace third-party cookies, is now on almost every single Chrome browser, according to a company blog post published Thursday. Google says Privacy Sandbox is now available to around 97% of Chrome users, and that number will reach 100% in the next few months. The news comes on the heels of the browser's 15th anniversary, which Google is celebrating by redesigning Chrome to make it look and feel more closely aligned with the design paradigm of Android and the rest of the Google suite. The final step in this process comes in 2024, when Google will disable third-party cookies in Chrome for good, marking the end of their decades-long reign of privacy-violating terror.

Back in 2019, Google said the cookie era was coming to a close. In place of third-party cookies, Privacy Sandbox will implement a long list of new tools for the ad industry. Google, after all, makes all of its money by spying on you and turning the insights into ads, so it's not about to put itself out of business. In fairness, this new system is really more private, though it's private on Google's terms. The biggest change is "Ad Topics," a.k.a. the Topics API if you're a huge nerd who's been following this stuff for years. With Topics, Chrome will keep track of all the websites you're looking at and sort you into a variety of categories. This tracking happens in your browser and the data stays on your device. Neither Google nor anyone else gets to see your browsing history or learn anything about you as an individual throughout this process. Websites and advertising companies will know there's a person interested in a certain Topic, but they won't be able to tell who you are specifically.

There's also an extremely complicated technique websites can use to tag you with subjects they want you to see ads about, called "Site Suggested Ads." Google is also rolling out a tool called "Ad Measurement," which helps companies keep track of how well their ads are working through metrics such as the time of day you saw an ad and whether you clicked on it. Google gives users some control over how these tools are implemented. With the rollout of Privacy Sandbox comes new settings listed as "Ad privacy controls," which you can adjust in Chrome's preferences. Further reading: Chrome is About To Look a Bit Different
Microsoft

Microsoft To Stop Forcing Windows 11 Users Into Edge in EU Countries (theverge.com) 91

Posted by msmash from the small-victories dept.
Microsoft will finally stop forcing Windows 11 users in Europe into Edge if they click a link from the Windows Widgets panel or from search results. From a report: The software giant has started testing the changes to Windows 11 in recent test builds of the operating system, but the changes are restricted to countries within the European Economic Area (EEA). "In the European Economic Area (EEA), Windows system components use the default browser to open links," reads a change note from a Windows 11 test build released to Dev Channel testers last month. Microsoft has been ignoring default browser choices in its search experience in Windows 10 and the taskbar widget that forces users into Edge if they click a link instead of their default browser. Windows 11 continued this trend, with search still forcing users into Edge and a new dedicated widgets area that also ignores the default browser setting.
Social Networks

Threads is Now Available on the Web (zdnet.com) 68

Posted by EditorDavid from the loosing-Threads dept.
Tuesday Mark Zuckerberg shared a photo on Instagram with "actual footage of me building Threads for web." And now ZDNet reports that Zuckerberg's photo is available on his new Threads page on the web.

"As of Thursday, Meta's new platform is fully accessible to all users from any computer and desktop browser, Instagram head Adam Mosseri confirmed in a new Threads post."

"Use your Instagram account to log in: threads.net," explains the official Threads account. "Scroll to catch up on the conversation, or start a new thread of your own." Posts can include photos and videos, or you can reply and repost to other posts. "This is just the beginning. We're working on bringing everything you know and love from mobile over to web. More soon."

Wired argues the move makes Threads "more broadly usable." Most users will still access it through mobile, if the way people currently access the internet is any indication. But the move to the web is the next step in Meta creating an application just sticky enough to kneecap X and draw attention away from Bluesky, Mastodon, Spoutible, Post, and any other newish social app.

It's also a way to juice its users again. After that spectacular initial sign-up period in July, Threads usage dropped off precipitously. New data from market intelligence firm Sensor Tower suggests that daily active users are down more than 60 percent from its first-week average, though it's now back on the upswing. Threads amassed 44 million daily active users during its launch peak, then saw usage drop to a low of 7 million DAUs in late July. As of mid-August, the app has seen increases of 11 million DAUs, Sensor Tower analysts say. However, time spent on the app per daily active user has also fallen, the firm says.
Caling Threads "a work in progress," Wired notes it ""will supposedly be compatible with ActivityPub, an open social networking protocol, but that hasn't happened yet. The app also doesn't currently support direct messages, a popular feature on X. And Threads is not available in the European Union, due to the regulatory climate there."

Their article also shares an idea from data journalist and engineer Surya Mattu: that both devices and social media apps like Threads should implement a transparency-guaranteeing "inspectability API" to always allow users to inspect their data and activity in real-time.
Chrome

Google Chrome's Useless Reading Mode To Get a Useful Audio Upgrade (androidpolice.com) 13

Posted by BeauHD from the story-time dept.
Google Chrome is adding a read-aloud option to its reading mode, allowing users to have articles read to them like an audiobook. Android Police reports: Google is actively working to bring additional features to its reading mode, and a handy read-aloud option is already on the way for the Chrome browser. As the name suggests, read aloud basically reads out the entire article, as if you're listening to an audiobook, with text-to-speech (TTS) capabilities. Again, a few mainstream browsers and apps like Pocket already have the feature, but Google Chrome is only now rolling it out through the Canary channel.

When you open an article in Chrome Canary's reading mode on the desktop, you will see a new option, as spotted by browser expert Leopeva64. You can use this tiny play button to get the browser to read the article aloud for you. In the video sample shared by the user, you can hear what the narration sounds like -- and it isn't very pleasing. The voice output sounds pretty robotic as it used to be in the early days of TTS conversions, which is especially ironic coming from Google, which has some of the most natural-sounding voice models at its disposal. This clearly indicates that the read-aloud feature is in its early stages of development and will take some time before it becomes ready for prime time.
Firefox

Firefox Users May Import Chrome Extensions Now (ghacks.net) 41

Posted by BeauHD from the long-overdue-features dept.
Mozilla has implemented the WebExtensions system in its browser, allowing Firefox users to import select extensions from other browsers like Chrome. gHacks reports: The feature, which is in testing at the moment, can be enabled by all users of the latest stable version of Firefox.

1. Load about:config in the browser's address bar.
2. Confirm that you will be careful to continue.
3. Search for browser.migrate.chrome.extensions.enabled.
4. Set the feature to True, which enables it.
5. Restart Firefox.

Mozilla has integrated it into the browser's import functionality, which users may use on first run or at any time from the Settings page. To do so, select Menu > Settings > Import Data (button), or load about:preferences#general in the browser's address bar and activate the import data button on the page. Select Chrome from the list, expand the available import options and make sure extensions are checked. Imports are usually limited to some data, such as bookmarks or the browsing history. Firefox is the first major browser, maybe the first browser at all, that adds extensions to the list of supported imports.

The feature is limited at the time to Google Chrome and select extensions. Even though Firefox and Chrome extensions use the same framework, WebExtensions, they are not compatible immediately. Firefox users who attempt to install extensions from Chrome's Web Store may notice that this is not working. Mozilla decided to create a list of extension pairs for extensions that are available on the Chrome Web Store and the Mozilla Add-ons Store. Instead of importing the Chrome extension directly, Firefox is installing the Firefox version of the extension from Mozilla's own extension store.
Chrome

Google Chrome To Warn When Installed Extensions Are Malware (bleepingcomputer.com) 27

Posted by BeauHD from the PSA dept.
Google is testing a new feature in the Chrome browser that will warn users when an installed extension has been removed from the Chrome Web Store, usually indicative of it being malware. BleepingComputer reports: An unending supply of unwanted browser extensions is published on the Chrome Web Store and promoted through popup and redirect ads. These extensions are made by scam companies and threat actors who use them to inject advertisements, track your search history, redirect you to affiliate pages, or in more severe cases, steal your Gmail emails and Facebook accounts. The problem is that these extensions are churned out quickly, with the developers releasing new ones just as Google removes old ones from the Chrome Web Store. Unfortunately, if you installed one of these extensions, they will still be installed in your browser, even after Google detects them as malware and removes them from the store.

Due to this, Google is now bringing its Safety Check feature to browser extensions, warning Chrome users when an extension has been detected as malware or removed from the store and that they should be uninstalled from the browser. This feature will go live in Chrome 117, but you can now test it in Chrome 116 by enabling the browser's experimental 'Extensions Module in Safety Check' feature. [...] Google says that extensions can be removed from the Chrome Web Store because they were unpublished by the developer, violated policies, or were detected as malware.
Advertising

YouTube Ads May Have Led To Online Tracking of Children, Research Says 8

Posted by BeauHD from the problematic-advertising-practices dept.
An anonymous reader quotes a report from the New York Times: This year, BMO, a Canadian bank, was looking for Canadian adults to apply for a credit card. So the bank's advertising agency ran a YouTube campaign using an ad-targeting system from Google that employs artificial intelligence to pinpoint ideal customers. But Google, which owns YouTube, also showed the ad to a viewer in the United States on a Barbie-themed children's video on the "Kids Diana Show," a YouTube channel for preschoolers whose videos have been watched more than 94 billion times. When that viewer clicked on the ad, it led to BMO's website, which tagged the user's browser with tracking software from Google, Meta, Microsoft and other companies, according to new research from Adalytics, which analyzes ad campaigns for brands. As a result, leading tech companies could have tracked children across the internet, raising concerns about whether they were undercutting a federal privacy law, the report said. The Children's Online Privacy Protection Act, or COPPA, requires children's online services to obtain parental consent before collecting personal data from users under age 13 for purposes like ad targeting.

Adalytics identified more than 300 brands' ads for adult products, like cars, on nearly 100 YouTube videos designated as "made for kids" that were shown to a user who was not signed in, and that linked to advertisers' websites. It also found several YouTube ads with violent content, including explosions, sniper rifles and car accidents, on children's channels. An analysis by The Times this month found that when a viewer who was not signed into YouTube clicked the ads on some of the children's channels on the site, they were taken to brand websites that placed trackers -- bits of code used for purposes like security, ad tracking or user profiling -- from Amazon, Meta's Facebook, Google, Microsoft and others -- on users' browsers. As with children's television, it is legal, and commonplace, to run ads, including for adult consumer products like cars or credit cards, on children's videos. There is no evidence that Google and YouTube violated their 2019 agreement with the F.T.C.

The report's findings raise new concerns about YouTube's advertising on children's content. In 2019, YouTube and Google agreed topay a record $170 million fineto settle accusations from the Federal Trade Commission and the State of New York that the company had illegally collected personal information from children watching kids' channels. Regulators said the company had profited from using children's data to target them with ads. YouTube then said it would limit the collection of viewers' data and stop serving personalized ads on children's videos. On Thursday, two United States senators sent a letter to the F.T.C., urging it to investigate whether Google and YouTube had violated COPPA, citing Adalytics and reporting by The New York Times. Senator Edward J. Markey, Democrat of Massachusetts, and Senator Marsha Blackburn, Republican of Tennessee, said they were concerned that the company may have tracked children and served them targeted ads without parental consent, facilitating "the vast collection and distribution" of children's data. "This behavior by YouTube and Google is estimated to have impacted hundreds of thousands, to potentially millions, of children across the United States," the senators wrote. Google spokesman Michael Aciman called the report's findings "deeply flawed and misleading."

Google has stated that running ads for adults on children's videos is useful because parents watching could become customers. However, they acknowledge that violent ads on children's videos violate their policies and have taken steps to prevent such ads from running in the future. Google claims they do not use personalized ads on children's videos, ensuring compliance with COPPA.

Google notes that it does not inform advertisers if a viewer has watched a children's video, only that they clicked on the ad. Google also says it cannot control data collection on a brand's website after a YouTube viewer clicks an ad -- a process that could occur on any website.
Desktops (Apple)

An Apple Malware-Flagging Tool Is 'Trivially' Easy To Bypass (wired.com) 9

Posted by msmash from the security-woes dept.
One of the Mac's built-in malware detection tools may not be working quite as well as you think. From a report: At the Defcon hacker conference in Las Vegas, longtime Mac security researcher Patrick Wardle presented findings today about vulnerabilities in Apple's macOS Background Task Management mechanism, which could be exploited to bypass and, therefore, defeat the company's recently added monitoring tool. There's no foolproof method for catching malware on computers with perfect accuracy because, at their core, malicious programs are just software, like your web browser or chat app. It can be difficult to tell the legitimate programs from the transgressors. So operating system makers like Microsoft and Apple, as well as third-party security companies, are always working to develop new detection mechanisms and tools that can spot potentially malicious software behavior in new ways.

Apple's Background Task Management tool focuses on watching for software "persistence." Malware can be designed to be ephemeral and operate only briefly on a device or until the computer restarts. But it can also be built to establish itself more deeply and "persist" on a target even when the computer is shut down and rebooted. Lots of legitimate software needs persistence so all of your apps and data and preferences will show up as you left them every time you turn on your device. But if software establishes persistence unexpectedly or out of the blue, it could be a sign of something malicious. With this in mind, Apple added Background Task Manager in macOS Ventura, which launched in October 2022, to send notifications both directly to users and to any third-party security tools running on a system if a "persistence event" occurs. This way, if you know you just downloaded and installed a new application, you can disregard the message. But if you didn't, you can investigate the possibility that you've been compromised.
Firefox

Does Desktop Linux Have a Firefox Problem? (osnews.com) 164

Posted by EditorDavid from the tangle-web dept.
OS News' managing editor calls Firefox "the single most important desktop Linux application," shipping in most distros (with some users later opting for a post-installation download of Chrome).

But "I'm genuinely worried about the state of browsers on Linux, and the future of Firefox on Linux in particular..." While both GNOME and KDE nominally invest in their own two browsers, GNOME Web and Falkon, their uptake is limited and releases few and far between. For instance, none of the major Linux distributions ship GNOME Web as their default browser, and it lacks many of the features users come to expect from a browser. Falkon, meanwhile, is updated only sporadically, often going years between releases. Worse yet, Falkon uses Chromium through QtWebEngine, and GNOME Web uses WebKit (which are updated separately from the browser, so browser releases are not always a solid metric!), so both are dependent on the goodwill of two of the most ruthless corporations in the world, Google and Apple respectively.

Even Firefox itself, even though it's clearly the browser of choice of distributions and Linux users alike, does not consider Linux a first-tier platform. Firefox is first and foremost a Windows browser, followed by macOS second, and Linux third. The love the Linux world has for Firefox is not reciprocated by Mozilla in the same way, and this shows in various places where issues fixed and addressed on the Windows side are ignored on the Linux side for years or longer. The best and most visible example of that is hardware video acceleration. This feature has been a default part of the Windows version since forever, but it wasn't enabled by default for Linux until Firefox 115, released only in early July 2023. Even then, the feature is only enabled by default for users of Intel graphics — AMD and Nvidia users need not apply. This lack of video acceleration was — and for AMD and Nvidia users, still is — a major contributing factor to Linux battery life on laptops taking a serious hit compared to their Windows counterparts... It's not just hardware accelerated video decoding. Gesture support has taken much longer to arrive on the Linux version than it did on the Windows version — things like using swipes to go back and forward, or pinch to zoom on images...

I don't see anyone talking about this problem, or planning for the eventual possible demise of Firefox, what that would mean for the Linux desktop, and how it can be avoided or mitigated. In an ideal world, the major stakeholders of the Linux desktop — KDE, GNOME, the various major distributions — would get together and seriously consider a plan of action. The best possible solution, in my view, would be to fork one of the major browser engines (or pick one and significantly invest in it), and modify this engine and tailor it specifically for the Linux desktop. Stop living off the scraps and leftovers thrown across the fence from Windows and macOS browser makers, and focus entirely on making a browser engine that is optimised fully for Linux, its graphics stack, and its desktops. Have the major stakeholders work together on a Linux-first — or even Linux-only — browser engine, leaving the graphical front-end to the various toolkits and desktop environments....

I think it's highly irresponsible of the various prominent players in the desktop Linux community, from GNOME to KDE, from Ubuntu to Fedora, to seemingly have absolutely zero contingency plans for when Firefox enshittifies or dies...
Android

Mozilla To Bring Firefox Desktop Extension To Android Browser (mozilla.org) 30

Posted by msmash from the moving-forward dept.
Scott DeVaney, writing at Mozilla blog: In the coming months Mozilla will launch support for an open ecosystem of extensions on Firefox for Android on addons.mozilla.org (AMO). We'll announce a definite launch date in early September, but it's safe to expect a roll-out before the year's end. Here's everything developers need to know to get their Firefox desktop extensions ready for Android usage and discoverability on AMO.

For the past few years Firefox for Android officially supported a small subset of extensions while we focused our efforts on strengthening core Firefox for Android functionality and understanding the unique needs of mobile browser users. Today, Mozilla has built the infrastructure necessary to support an open extension ecosystem on Firefox for Android. We anticipate considerable user demand for more extensions on Firefox for Android, so why not start optimizing your desktop extension for mobile-use right away?
Chrome

Google Chrome Switching To Weekly Security Patch Updates (9to5google.com) 28

Posted by BeauHD from the addressing-the-security-patch-gap dept.
Google announced today that Chrome is now adopting weekly Stable channel updates in an effort to block major exploits quicker. 9to5Google reports: Google's browser gets major "milestone" updates every four (previously six) weeks, like going from version 100 to 101. In the past, Chrome would get a "Stable Refresh" update to "address security and other high impact bugs" in-between milestones every two weeks. This is now changing to occur weekly between milestones, starting with Google Chrome 116 on desktop and mobile, so that security updates get to end users much faster. Since Chromium is an open source project, "anyone can view the source code, submit changes for review, and see the changes made by anyone else, even security bug fixes." [...]

The current patch gap is around 15 days. It was previously 35 days before switching to patch updates every two weeks in 2020. Google expects weekly patch updates to result in security fixes shipping "3.5 days sooner on average, greatly reducing the already small window for n-day attackers to develop and use an exploit against potential victims and making their lives much more difficult." This new schedule will also result in fewer unplanned updates that occur when there are known in-the-wild exploits: "By now shipping stable updates weekly, we expect the number of unplanned updates to decrease since we'll be shipping updates more frequently."
Google

Google Fails To End $5 Billion Consumer Privacy Lawsuit (reuters.com) 29

Posted by msmash from the tussle-continues dept.
A U.S. judge rejected Google's bid to dismiss a lawsuit claiming it invaded the privacy of millions of people by secretly tracking their internet use. From a report: U.S. District Judge Yvonne Gonzalez Rogers on Monday said she could not find that users consented to letting Google collect information about what they viewed online because the Alphabet unit never explicitly told them it would. David Boies, a lawyer for the plaintiffs in the proposed $5 billion class action, called the decision "an important step in protecting the privacy interests of millions of Americans."

The plaintiffs alleged that Google's analytics, cookies and apps let the Mountain View, California-based company track their activity even when they set Google's Chrome browser to "Incognito" mode and other browsers to "private" browsing mode. They said this let Google learn enough about their friends, hobbies, favorite foods, shopping habits, and "potentially embarrassing things" they seek out online, becoming "an unaccountable trove of information so detailed and expansive that George Orwell could never have dreamed it."
Piracy

Z-Library Rolls Out Browser Extensions In Anticipation of Domain Name Troubles (torrentfreak.com) 15

Posted by BeauHD from the no-signs-of-slowing-down dept.
Pirate eBook repository Z-Library has launched browser extensions that should make it easier for users to find the site if its current domains are seized in the future. While the site doesn't explicitly mention the U.S. Government crackdown, it likely plays a key role in the decision to make these extensions available. TorrentFreak reports: Since the shadow library is now well aware that its domain names could be taken away at any moment, numerous precautions are being taken to mitigate the risks. A few weeks ago, Z-Library released a dedicated desktop application that should make it easier to access the site. The software has the ability to redirect users to working domains and whenever necessary, connect over the Tor network, which also helps to evade blocking efforts. In an announcement this week, the operators of the shadow library unveiled new precautionary tools to redirect users to working domains, including any new ones, should they be needed.

The new browser extensions are available for both Chrome and Firefox and promise 'seamless access' to alternative domains in the event that existing ones run into trouble. "Say goodbye to searching for available domains, as this handy extension takes care of everything for you. Simplify your online library experience and enjoy seamless access to a world of knowledge, right at your fingertips. "After launching the extension, the process of searching for an available domain will begin. Within some seconds when the domain is found, you will be redirected to the library homepage," Z-Library explains.

While installing browser extensions should always happen with caution, in just a few hours thousands of Z-Library users have already installed the new software. According to the Chrome store, the Z-Library Finder currently has over 7,000 users. These extensions may indeed help to point users to new domain names, but the solution isn't bulletproof. The authorities may attempt to remove the listings from the Chrome and Firefox extension libraries, for example. Even if Z-Library decides to self-host these tools, they still rely on technical infrastructure that could be targeted in the future. That being said, the releases are still notable; it's rare to a service going full steam ahead in the face of an active criminal case.
Privacy

Brave Cuts Ties With Bing To Offer Its Own Image and Video Search Results (theregister.com) 14

Posted by BeauHD from the all-in-the-name-of-privacy dept.
Brave Software, maker of the Brave web browser, has tuned its search engine to run on a homegrown index of images and videos in an effort to end its dependency on "Big Tech" rivals. The Register reports: On Thursday, the company said that image and video results from Brave Search -- available on the web at search.brave.com and via its browser -- will be served from Brave's own index. Search indexes are made by visiting online resources -- typically web pages, images, videos, or other files -- with a crawler bot and recording the locations of these resources in a database. And when an internet user submits a query to a search engine, the search engine checks its index (and possible other sources) to find the addresses of resources that correspond to the query keywords. There's actually a lot more to it but that's the basic idea.

Brave now aims to ride the wave of discontent with "Big Tech" by highlighting its commitment to privacy and independence â" small tech. "Brave Search is 100 percent private and anonymous, which sets a high bar for image/video search to meet," the company said in a blog post provided to The Register. "Whether it's a matter of personal safety or personal preference, users should be able to discover content without their search engine reporting and profiling those results to a Big Tech company." [...] Brave argues that having its own index frees the company from content decisions made by others. "Brave is on a mission to build a user-first Web," the company said in its blog post. "That mission starts with the Brave browser and Brave Search. With the release of image and video search, we're continuing to innovate within the search industry, providing viable and preferable products for users who want choice and transparency in their search for information online."
The Internet

The Arc Browser is Now Available for All iOS and Mac Users (theverge.com) 29

Posted by msmash from the 350th-is-the-charm dept.
Following two years of testing, The Browser Company's Arc is graduating from its waitlist phase, launching its version 1.0. Arc, the Mac and iOS browser, aims to redefine online interaction by incorporating tools for note-taking, collaboration, webpage personalisation, among others. The Verge adds: We've covered Arc a lot in recent months, both because it's a good browser and because it's a big new idea about how you use the internet. The Browser Company's ultimate plan is to build "the operating system for the internet." Arc isn't just a place to see webpages; it has tools for taking notes, making visual and collaborative easels with others, redesigning webpages to your liking, and more. (Personally, I love Arc's picture-in-picture mode above everything else, especially now that it works with Google Meet calls.) Arc 1.0 doesn't seem to come with any splashy new features. Rather, The Browser Company seems to just feel like it's ready to launch more widely. Arc has been pretty stable for me in recent months, though it does run into some of the same performance issues you'll find with any browser based on the Chromium engine -- you can always open a couple dozen tabs and watch your computer grind to a halt.
DRM

Google's Nightmare 'Web Integrity API' Wants a DRM Gatekeeper For the Web 163

Posted by msmash from the closer-look dept.
Google's newest proposed web standard is... DRM? Over the weekend the Internet got wind of this proposal for a "Web Environment Integrity API. " From a report: The explainer is authored by four Googlers, including at least one person on Chrome's "Privacy Sandbox" team, which is responding to the death of tracking cookies by building a user-tracking ad platform right into the browser. The intro to the Web Integrity API starts out: "Users often depend on websites trusting the client environment they run in. This trust may assume that the client environment is honest about certain aspects of itself, keeps user data and intellectual property secure, and is transparent about whether or not a human is using it."

The goal of the project is to learn more about the person on the other side of the web browser, ensuring they aren't a robot and that the browser hasn't been modified or tampered with in any unapproved ways. The intro says this data would be useful to advertisers to better count ad impressions, stop social network bots, enforce intellectual property rights, stop cheating in web games, and help financial transactions be more secure. Perhaps the most telling line of the explainer is that it "takes inspiration from existing native attestation signals such as [Apple's] App Attest and the [Android] Play Integrity API." Play Integrity (formerly called "SafetyNet") is an Android API that lets apps find out if your device has been rooted.

Root access allows you full control over the device that you purchased, and a lot of app developers don't like that. So if you root an Android phone and get flagged by the Android Integrity API, several types of apps will just refuse to run. You'll generally be locked out of banking apps, Google Wallet, online games, Snapchat, and some media apps like Netflix. [...] Google wants the same thing for the web. Google's plan is that, during a webpage transaction, the web server could require you to pass an "environment attestation" test before you get any data. At this point your browser would contact a "third-party" attestation server, and you would need to pass some kind of test. If you passed, you would get a signed "IntegrityToken" that verifies your environment is unmodified and points to the content you wanted unlocked. You bring this back to the web server, and if the server trusts the attestation company, you get the content unlocked and finally get a response with the data you wanted.
Google

Google Starts the GA Rollout of Its Privacy Sandbox APIs To All Chrome Users (techcrunch.com) 11

Posted by msmash from the PSA dept.
Google continues the rollout of its Privacy Sandbox APIs -- its replacement for tracking cookies for the online advertising industry. From a report: Today, right on schedule and in time for the launch of Chrome 115 into the stable release channel, Google announced that it will now start enabling the relevance and measurement APIs in its browser. This will be a gradual rollout, with Google aiming for a 99% availability by mid-August. At this point, Google doesn't expect to make any major changes to the APIs. This includes virtually all of the core Privacy Sandbox features, including Topics, Protected Audience, Attribution Reporting, Private Aggregation, Shared Storage and Fenced Frames. It's worth noting that for the time being, Privacy Sandbox will run in parallel with third-party cookies in the browser. It won't be until early 2024 that Google will deprecate third-party cookies for 1% of Chrome users. After that, the process will speed up though and Google will deprecate these cookies for all users by the second half of 2024.
Encryption

macOS Sonoma Brings Apple Password Manager To Third-Party Browsers (macrumors.com) 19

Posted by BeauHD from the what-to-expect dept.
An anonymous reader quotes a report from MacRumors: The macOS Sonoma update that is in testing allows Mac owners who opt to use Google Chrome, Microsoft Edge, or another browser to use Apple's Password Manager for filling passwords. Developers and public beta testers running macOS Sonoma can use their iCloud Keychain passwords with non-Safari browsers at this time, autofilling passwords and one-time codes. Third-party browsers can also save new passwords.

Apple has made an iCloud Passwords Chrome extension available for macOS Sonoma users, and it can be downloaded and installed to access Apple passwords on the Chrome browser or any Chromium-based browser. Apple plans to release a similar extension for the Microsoft Edge browser in the near future. Google and other browser developers are also working on implementing support for Passkeys, the password alternative that Apple introduced last year.
Firefox

Firefox 115 Released (mozilla.org) 61

Posted by msmash from the moving-forward dept.
williamyf writes: Today, Mozilla released Firefox 115. Changes most visible to users include:

* Hardware video decoding is now enabled for Intel GPUs on Linux..

* Migrating from another browser? Now you can bring over payment methods you've saved in Chrome-based browsers to Firefox.

* The Tab Manager dropdown now features close buttons, so you can close tabs more quickly.

* The Firefox for Android address bar's new search button allows you to easily switch between search engines and search your bookmarks and browsing history.

* We've refreshed and streamlined the user interface for importing data in from other browsers.

* Users without platform support for H264 video decoding can now fallback to Cisco's OpenH264 plugin for playback.

But the most important feature is that this release is the new ESR. Why this is important? y'all ask, well:

* Many a "downstream" project depends on Firefox ESR, for example the famous email client Thunderbird, or KaiOS (a mobile OS very popular in India, SE Asia, Africa and LatAm), so, for better or worse, whatever made it to (or is lacking from) this version of the browser, those projects have to use for the next year.

* Firefox ESR is the default browser of many distros, like Debian and Kali Linux, so, whatever made it to this version will be there for next year, ditto to whatever is lacking.

* If you are on old -- unsupported OSs, like Windows 7, 8-8.1 or MacOS 10.14 (Mojave, the last MacOS with support for 32 Bit Apps), 10.13 or 10.12 you will automatically be migrated to Firefox ESR, so this will be your browser until Sept. 2024.

Slashdot Top Deals