An anonymous reader quotes a report from Ars Technica: The Brave browser will take action against websites that snoop on visitors by scanning their open Internet ports or accessing other network resources that can expose personal information. Starting in version 1.54, Brave will automatically block website port scanning, a practice that a surprisingly large number of sites were found engaging in a few years ago. According to this list compiled in 2021 by a researcher who goes by the handle G666g1e, 744 websites scanned visitors' ports, most or all without providing notice or seeking permission in advance. eBay, Chick-fil-A, Best Buy, Kroger, and Macy's were among the offending websites.

Some sites use similar tactics in an attempt to fingerprint visitors so they can be re-identified each time they return, even if they delete browser cookies. By running scripts that access local resources on the visiting devices, the sites can detect unique patterns in a visiting browser. Sometimes there are benign reasons a site will access local resources, such as detecting insecurities or allowing developers to test their websites. Often, however, there are more abusive or malicious motives involved.

The new version of Brave will curb the practice. By default, no website will be able to access local resources. More advanced users who want a particular site to have such access can add it to an allow list. The interface will look something like the screenshot displayed [here]. Brave will continue to use filter list rules to block scripts and sites known to abuse localhost resources. Additionally, the browser will include an allow list that gives the green light to sites known to access localhost resources for user-benefiting reasons. "Brave has chosen to implement the localhost permission in this multistep way for several reasons," developers of the browser wrote. "Most importantly, we expect that abuse of localhost resources is far more common than user-benefiting cases, and we want to avoid presenting users with permission dialogs for requests we expect will only cause harm."

"As far as we can tell, Brave is the only browser that will block requests to localhost resources from both secure and insecure public sites, while still maintaining a compatibility path for sites that users trust (in the form of the discussed localhost permission)" the Brave post said.

An anonymous reader shares a report: Not so long ago, Microsoft Edge ended up in hot waters after users discovered a bug leaking your browser history to Bing. Now you may want to toggle off another feature to ensure Edge is not sending every picture you view online to Microsoft. Edge has a built-in image enhancement tool that, according to Microsoft, can use "super-resolution to improve clarity, sharpness, lighting, and contrast in images on the web." Although the feature sounds exciting, recent Microsoft Edge Canary updates have provided more information on how image enhancement works. The browser now warns that it sends image links to Microsoft instead of performing on-device enhancements.

Google has reversed the suspension of an Android TV app that was hit with a copyright complaint simply because it is able to load a pirate website that can also be loaded in any standard web browser. From a report: The Downloader app, which combines a web browser with a file manager, is back in the Google Play Store after an absence of nearly three weeks. As we previously reported, Google suspended the app based on a Digital Millennium Copyright Act (DMCA) complaint from several Israeli TV companies that said the app "allows users to view the infamous copyright infringing website known as SDAROT." But that same website could be viewed on any standard browser, including Google's own Chrome app.

"The app was removed on May 19th due to the DMCA takedown request," developer Elias Saba wrote in a blog post today. "Instead of recognizing the absurdity of the claim that a web browser is somehow liable for all the unauthorized use of copyrighted content on the Internet, Google took a backseat and denied my appeal to have the app reinstated." The free app has been downloaded over 5 million times on Google Play and is available on the Amazon app store for devices such as Fire TVs. In addition to the rejected appeal, Saba filed a DMCA counter notification with Google. That "started a 10-business-day countdown for the [TV companies'] law firm to file legal actions against me," Saba wrote today. "Due to the app being removed on a Friday and the Memorial Day holiday, 10 business days had elapsed with no word from the law firm on June 6th and I contacted Google to have the app reinstated."

Google's aiming to make it easier to use and secure passwords -- at least, for users of the Password Manager tool built into its Chrome browser. From a report: Today, the tech giant announced that Password Manager, which generates unique passwords and autofills them across platforms, will soon gain biometric authentication on PC. (Android and iOS have had biometric authentication for some time.) When enabled, it'll require an additional layer of security, like fingerprint recognition or facial recognition, before Chrome autofills passwords.

Exactly which types of biometrics are available in Password Manager on desktop will depend on the hardware attached to the PC, of course (e.g. a fingerprint reader), as well as whether the PC's operating system supports it. Beyond "soon," Google didn't say when to expect the feature to arrive.

Shadow has decided to cut the price of its cloud storage service Shadow Drive. Users can now get 2TB of storage for $5.3 per month instead of $9.6 per month. From a report: As for the free tier, things aren't changing. Users who sign up get 20GB of online storage for free. Shadow is also the company behind Shadow PC, a cloud computing service that lets you rent a virtual instance of a Windows PC in a data center near you. It works particularly well to play demanding PC games on any device, such as a cheap laptop, a connected TV or a smartphone. Coming back to Shadow Drive, as the name suggests, Shadow Drive works a lot like Google Drive, OneDrive, iCloud Drive or Dropbox. Users can upload and download files from a web browser. They are stored in a data center based in France so that you can access them later.

Speaking of Brave, the browser-maker is introducing vertical tabs. From a blog post: With today's 1.52 desktop release, the vertical tabs setting is available to Brave users on Windows, macOS, and Linux. Enabling the vertical tabs setting relocates your open tabs from the top of your browser window (i.e. above the address bar) to the left side of the window, where they'll appear stacked vertically rather than horizontally. To do so, right-click an existing horizontal tab and select "use vertical tabs" from the menu. With open tabs arranged vertically, you'll be able to scroll through them as needed. To open a new tab, simply click the button to create a new tab at the bottom of the vertical tabs sidebar.

Brave has launched its Brave Search API, allowing third parties to integrate its privacy-preserving and ad-free search results into their applications through a simple API call. Thurrott reports: Brave notes that its Search API is inexpensive and that it's a great fit for Artificial Intelligence (AI) and Large Language Models developers in particular because it provides access to a collection of high-quality, Web-scale data including recent events. Brave claims that its standalone Brave Search offering now delivers over 8 billion annualized queries, which makes it the fastest-growing search engine since Microsoft Bing. And in sharp contrast to the market leaders, Brave Search is private and transparent. Plus, it's fueled by opt-in users of the Brave browser's Web Discovery Project, which adds millions of new web pages to the index every single day and keeps it current and fresh. The Brave web browser has over 60 million active users now, the company adds.

A free version of the Brave Search API provides one search query per second and up to 2,000 queries per month. Paid tiers start at $3 CPM (cost per one thousand) for 20 queries per second and up to 20 million queries per month, with access to web search, Goggles, news cluster, and videos cluster, plus added cost access to autosuggest and spellcheck at $5 per 10,000 requests. Higher-price tiers add more queries per second and per month, plus additional capabilities like schema-enriched web results, infobox, FAQ, discussions, locations, and more.

In 2021, YouTube made the controversial decision to hide dislike counts on its platform, citing the aim of protecting creators from harassment. While this removed a valuable metric for viewers, alternatives have emerged, such as the browser extension Return YouTube Dislike and the new site Favoree. The latter is being hailed as "the Rotten Tomatoes of YouTube," where users can rate and review YouTube channels. BGR reports: Earlier this week, one user disappointed with the removal of YouTube's dislike counts took to Reddit to promote their new site Favoree. Rather than simply giving a channel a thumbs up or thumbs down, you can give it a rating out of five stars and even write a review. That way, you can actually see why people like or dislike a given channel.

This is a new site, so only a small handful of YouTube channels are currently represented (much less have many ratings or reviews) [...]. For example, Summoning Salt is a stellar channel a friend turned me on to a few years ago, which features long-form documentary-style videos about the history of speedrunning video games. The channel page on Favoree features a short description, a list of relevant keywords, embedded videos, and several written reviews.

Obviously, this is only going to work if Favoree really picks up steam and thousands of users start writing reviews and submitting new channels. That said, it's an interesting project, and the creator is accepting feedback on Reddit and acting on many of those suggestions rather quickly. It will be interesting to track Favoree to see how it develops.

Firefox users have been complaining about very intrusive full-screen advertisements promoting Mozilla VPN displayed in the web browser when navigating an unrelated page. From a report: The ads popping in Firefox disable the web browser's functionality, denying users access to the interface and graying out everything in the background until they close them. Some users reported on Reddit that the annoying full-screen ads even cause Firefox to become unresponsive for up to 30 seconds, forcing them to terminate the browser's process. [...] BleepingComputer has contacted Mozilla about the matter and received the following statement following the barrage of complaints from Firefox users: "We're continuously working to understand the best ways to communicate with people who use Firefox. Ultimately, we accomplished the exact opposite of what we intended in this experiment and quickly rolled the experience back. We apologize for any confusion or concern."

Google Colab hosts free cloud-based "executable documents" that, among other things, let you write and run code in your browser (in dozens of languages, including Python).

Over 7 million people, including students, already use Colab, according to a recent post on Google's blog, "and now it's getting even better with advances in AI [with] features like code completions, natural language to code generation and even a code-assisting chatbot."

Google says it will "dramatically increase programming speed, quality, and comprehension." Our first features will focus on code generation. Natural language to code generation helps you generate larger blocks of code, writing whole functions from comments or prompts. [For example: "import data.csv as a dataframe."] The goal here is to reduce the need for writing repetitive code, so you can focus on the more interesting parts of programming and data science. Eligible users in Colab will see a new "Generate" button in their notebooks, allowing them to enter any text prompt to generate code.

For eligible paid users, as you type, you'll see autocomplete suggestions.

We're also bringing the helpfulness of a chatbot directly into Colab. Soon, you'll be able to ask questions directly in Colab like, "How do I import data from Google Sheets?" or "How do I filter a Pandas DataFrame?"

Anyone with an internet connection can access Colab, and use it free of charge... Access to these features will roll out gradually in the coming months, starting with our paid subscribers in the U.S. and then expanding into the free-of-charge tier.
It's powered by Google's "next generation" machine-learning language model PaLM 2 (announced earlier this month), which "excels at popular programming languages like Python and JavaScript, but can also generate specialized code in languages like Prolog, Fortran and Verilog." Colab will use Codey, a family of code models built on PaLM 2... fine-tuned on a large dataset of high quality, permissively licensed code from external sources to improve performance on coding tasks. Plus, the versions of Codey being used to power Colab have been customized especially for Python and for Colab-specific uses.

Two years ago Slashdot covered "the ad-free, privacy-first search engine from ex-Googlers" — with a $4.95 monthly subscription fee.

Today long-time Slashdot reader imcdona brings the news that "Neeva" is now shutting down. From Neeva's announcement: We started Neeva with the mission to take search back to its users. Having worked on search and search ads for over a decade, we sincerely believed that there was space for a model of search that put user and not advertiser interests first — a private, ads-free experience.

Building search engines is hard. It is even harder to do with a tiny team of 50 people who are up against entrenched organizations with endless resources. We overcame these obstacles and built a search stack from the ground up, running a crawl that fetched petabytes of information from the web and used that to power an independent search stack.

In early 2022, the upcoming impact of generative AI and LLMs became clear to us. We embarked on an ambitious effort to seamlessly blend LLMs into our search stack. We rallied the Neeva team around the vision to create an answer engine. We are proud of being the first search engine to provide cited, real-time AI answers to a majority of queries early this year.

But throughout this journey, we've discovered that it is one thing to build a search engine, and an entirely different thing to convince regular users of the need to switch to a better choice. From the unnecessary friction required to change default search settings, to the challenges in helping people understand the difference between a search engine and a browser, acquiring users has been really hard. Contrary to popular belief, convincing users to pay for a better experience was actually a less difficult problem compared to getting them to try a new search engine in the first place.

These headwinds, combined with the different economic environment, have made it clear that there is no longer a path towards creating a sustainable business in consumer search.

As a result, over the next few weeks, we will be shutting down neeva.com and our consumer search product, and shifting to a new area of focus.
"As part of the shutdown, we are deleting all user data..." the announcement emphasizes. "We are truly grateful to our community, and we are truly sorry that we aren't able to continue to provide the search engine that you want and deserve."

So what happens next? Many of the techniques we have pioneered with small models, size reduction, latency reduction, and inexpensive deployment are the elements that enterprises really want, and need, today. We are actively exploring how we can apply our search and LLM expertise in these settings, and we will provide updates on the future of our work and our team in the next few weeks.

According to The Information, Microsoft wants to bid to make Bing Firefox's default search engine. Android Police reports: The browser's contract with Google is set to expire this year, at which point Mozilla could either renew it or switch to a different search engine. Microsoft would very much like to take Google's place in Firefox. It's not a guarantee that it will actually help boost Bing's usage -- after all, Firefox users who don't want to use Bing could just switch to a different search engine, as Yahoo found out a few years ago -- but Microsoft sees potential in such a deal.

The report also notes that there's also a potentially more juicy opportunity coming up for Microsoft if it really wants to get serious about pushing Bing. Apple's Safari browser, which is the main web browser on Apple devices, will have its Google contract expire next year. Despite throwing shade constantly, Google really benefits from the deal it currently has with Apple, and Microsoft could sweep in and try to get Bing to become the main browser on iPhones.

Google is adding a smorgasbord of new features to its AI chatbot Bard, including support for new languages (Japanese and Korean), easier ways to export text to Google Docs and Gmail, visual search, and a dark mode. Most significantly, the company is removing the waitlist for Bard and making the system available in English in 180 countries and territories. From a report: It's also promising future features like AI image generation powered by Adobe and integration with third-party web services like Instacart and OpenTable. Collectively, the news is a shot in the arm for Bard, which was released two months ago for select users in the US and UK. The chatbot -- which Google still stresses is an experiment and not a replacement to its search engine -- has compared poorly to rivals like OpenAI's ChatGPT and Microsoft's new Bing chatbot. Notably, Bard made a factual error in its first-ever public demo (though this problem is common to all such bots). Now, Google is adding a lot of new features as well as upgrading Bard to use its new PaLM 2 language model. This should improve its general answers and usability.

Google says the upgraded Bard is particularly good at tackling coding queries, including debugging and explaining chunks of code in more than 20 languages, so some of today's upgrades are focused on this use case. These include the new dark mode, improved citations for code (which will not only offer sources but also explain the snippets), and a new export button. This can already be used to send code to Google's Colab platform but will now also work with another browser-based IDE, Replit (starting with Python queries).

A vulnerability in the "Advanced Custom Fields" plugin for WordPress is putting more than two million users at risk of cyberattacks, warns Patchstack researcher Rafie Muhammad. The Register reports: A warning from Patchstack about the flaw claimed there are more than two million active installs of the Advanced Custom Fields and Advanced Custom Fields Pro versions of the plugins, which are used to give site operators greater control of their content and data, such as edit screens and custom field data. Patchstack researcher Rafie Muhammad uncovered the vulnerability on February 5, and reported it to Advanced Custom Fields' vendor Delicious Brains, which took over the software last year from developer Elliot Condon. On May 5, a month after a patched version of the plugins was released by Delicious Brains, Patchstack published details of the flaw. It's recommended users update their plugin to at least version 6.1.6.

The flaw, tracked as CVE-2023-30777 and with a CVSS score of 6.1 out of 10 in severity, leaves sites vulnerable to reflected XSS attacks, which involve miscreants injecting malicious code into webpages. The code is then "reflected" back and executed within the browser of a visitor. Essentially, it allows someone to run JavaScript within another person's view of a page, allowing the attacker to do things like steal information from the page, perform actions as the user, and so on. That's a big problem if the visitor is a logged-in administrative user, as their account could be hijacked to take over the website.

"This vulnerability allows any unauthenticated user [to steal] sensitive information to, in this case, privilege escalation on the WordPress site by tricking the privileged user to visit the crafted URL path," Patchstack wrote in its report. The outfit added that "this vulnerability could be triggered on a default installation or configuration of Advanced Custom Fields plugin. The XSS also could only be triggered from logged-in users that have access to the Advanced Custom Fields plugin."

An anonymous reader shared this report from BGR: Last year, Microsoft Edge surpassed Safari as the second most popular desktop browser. Now, new data from Statcounter shows that Apple's browser has finally regained second place.

The full ranking shows that Google Chrome remains the most used browser... It's also interesting to note that after Firefox almost surpassed Safari in February of 2022, the browser is still losing its base to Microsoft Edge and Safari... Even the all-mighty Google Chrome has lost a bit of userbase, as it had 66.64% of users last April and now has 66.13%.
The final rankings (with data from April 2023):

• Google Chrome: 66.13%
• Safari: 11.87%
• Microsoft Edge: 11%
• Firefox: 5.65%
• Opera 3.09%
• Internet Explorer: 0.55%

An anonymous reader shares a report: Microsoft has now started notifying IT admins that it will force Outlook and Teams to ignore the default web browser on Windows and open links in Microsoft Edge instead. Reddit users have posted messages from the Microsoft 365 admin center that reveal how Microsoft is going to roll out this change. "Web links from Azure Active Directory (AAD) accounts and Microsoft (MSA) accounts in the Outlook for Windows app will open in Microsoft Edge in a single view showing the opened link side-by-side with the email it came from," reads a message to IT admins from Microsoft. While this won't affect the default browser setting in Windows, it's yet another part of Microsoft 365 and Windows that totally ignores your default browser choice for links. Microsoft already does this with the Widgets system in Windows 11 and even the search experience, where you'll be forced into Edge if you click a link even if you have another browser set as default. Further reading: Microsoft Broke a Chrome Feature To Promote Its Edge Browser.

Facebook owner Meta said on Wednesday it had uncovered malware purveyors leveraging public interest in ChatGPT to lure users into downloading malicious apps and browser extensions, likening the phenomenon to cryptocurrency scams. From a report: Since March, the social media giant has found around 10 malware families and more than 1,000 malicious links that were promoted as tools featuring the popular artificial intelligence-powered chatbot, it said in a report. In some cases, the malware delivered working ChatGPT functionality alongside abusive files, the company said. Speaking at a press briefing on the report, Meta Chief Information Security Officer Guy Rosen said that for bad actors, "ChatGPT is the new crypto."

An anonymous reader quotes a report from Gizmodo: Microsoft issued a Windows update that broke a Chrome feature, making it harder to change your default browser and annoying Chrome users with popups, Gizmodo has learned. An April Windows update borked a new button in Chrome -- the most popular browser in the world -- that let you change your default browser with a single click, but the worst was reserved for users on the enterprise version of Windows. For weeks, every time an enterprise user opened Chrome, the Windows default settings page would pop up. There was no way to make it stop unless you uninstalled the operating system update. It forced Google to disable the setting, which had made Chrome more convenient.

This petty chapter of the browser wars started in July 2022 when Google quietly rolled out a new button in Chrome for Windows. It would show up near the top of the screen and let you change your default browser in one click without pulling up your system settings. For eight months, it worked great. Then, in April, Microsoft issued Windows update KB5025221, and things got interesting. "Every time I open Chrome the default app settings of Windows will open. I've tried many ways to resolve this without luck," one IT administrator said on a Microsoft forum. A Reddit user noticed that the settings page also popped up any and every time you clicked on a link, but only if Chrome was your default browser. "It doesn't happen if we change the default browser to Edge," the user said. Others made similar complaints on Google support forums, some saying that entire organizations were having the issue. Users quickly realized the culprit was the operating system update.

For people on the regular consumer version of Windows, things weren't quite as bad; the one-click "Make Default" button just stopped working. Gizmodo was able to replicate the problem. In fact, we were able to circumvent the issue just by changing the name of the Chrome app on a Windows desktop. It seems that Microsoft threw up the roadblock specifically for Chrome, the main competitor to its Edge browser. [...] In response, Google had to disable its one-click default button; the issue stopped after it did. In other words, Microsoft seems to have gone out of its way to break a Chrome feature that made life easier for users. Google confirmed the details of this story, but declined to comment further.

Mozilla announced today that it has acquired Fakespot, a startup that offers a website and browser extension that helps users identify fake or unreliable reviews. From a report: The financial terms of the deal were not disclosed. Fakespot's offerings can be used to spot fake reviews listed on various online marketplaces including Amazon, Yelp, TripAdvisor and more. Founded in 2016, New York-based Fakespot uses an AI and machine learning system to detect patterns and similarities between reviews in order to flag those that are most likely to be deceptive. Fakespot provides a rating or grade for the product's reviews in order to help consumers make more informed decisions when making a purchase. The goal behind the company's website and browser extension is to give users the ability to quickly see where deceptive reviews may be artificially inflating a product's ranking in search engines.

Microsoft's Edge browser appears to be sending URLs you visit to its Bing API website. Reddit users first spotted the privacy issues with Edge last week, noticing that the latest version of Microsoft Edge sends a request to bingapis.com with the full URL of nearly every page you navigate to. Microsoft tells The Verge it's investigating the reports. From a report: "Searching for references to this URL give very few results, no documentation on this feature at all," said hackermchackface, the Reddit user who first discovered the issue. While Reddit users weren't able to uncover why Microsoft Edge is sending the URLs you visit to its Bing API site, we asked Rafael Rivera, a software engineer and one of the developers behind EarTrumpet, to investigate, and he discovered it's part of a poorly implemented new feature in Edge. "Microsoft Edge now has a creator follow feature that is enabled by default," says Rivera in a conversation with The Verge. "It appears the intent was to notify Bing when you're on certain pages, such as YouTube, The Verge, and Reddit. But it doesn't appear to be working correctly, instead sending nearly every domain you visit to Bing."