An anonymous reader quotes a report from XDA Developers: Google will start highlighting reputable developers and publishers with a special badge. Google wrote in an email to Chrome Web Store developers on Friday, "we're happy to announce two new extension badges to help us deliver on that goal: the Featured badge and the Established publisher badge. Both of these badges will appear in the store in the next few weeks. Developers who earn these badges may receive higher rankings in search and filtering, and may also see their extensions appear in special promotions both on and off Chrome Web Store." "Developers who earn these badges may receive higher rankings in search and filtering"

The first is a Featured badge, which "will be granted to extensions that follow our technical best practices and meet a high standard of user experience and design." This badge is given to extensions manually by the Chrome Web Store team, so there isn't a full (public) list of guidelines, but the email mentioned a clear store listing page and following best practices as some of the criteria. The Established publisher badge will be granted automatically to developers and publisher accounts that have been verified and "established a consistent positive track record with Google services and compliance with the Developer Program Policy." In other words, most developers that haven't broke Chrome Web Store rules will probably get the badge at some point.

Google says publishers will not be able to pay money for either badge, but the company is working on ways for developers to request consideration. Starting on April 20, developers will be able to nominate their own extensions for a Featured badge.

slack_justyb writes: After the failure of the Chrome user-tracking system that was called FLoC, Google's latest try at topic tracking to replace the 3rd party cookie (that Chrome is the only browser to still support) is FLEDGE and the most recent drop of Canary has this on full display for users and privacy advocates to dive deeper into. This recent release shows Google's hand that it views user tracking as a mandatory part of internet usage, especially given this system's eye-rolling name of "Privacy Sandbox" and the tightness in the coupling of this new API to the browser directly.

The new API will allow the browser itself to build what it believes to be things that you are interested in, based on broad topics that Google creates. New topics and methods for how you are placed into those topics will be added to the browser's database and indexing software via updates from Google. The main point to take away here though is that the topic database is built using your CPU's time. At this time, opting out of the browser building this interest database is possible thus saving you a few cycles from being used for that purpose. In the future there may not be a way to stop the browser from using cycles to build the database; the only means may be to just constantly remove all interest from your personal database. At this time there doesn't seem to be any way to completely turn off the underlying API. A website that expects this API will always succeed in "some sort of response" so long as you are using Chrome. The response may be that you are interested in nothing, but a response none-the-less. Of course, sending a response of "interested in nothing" would more than likely require someone constantly, and timely, clearing out the interest database, especially if at some later time the option to turn off the building of the database is removed.

With 82% of Google's empire based on ad revenue, this latest development in Chrome shows that Google is not keen on any moves to threaten their main money maker. Google continues to argue that it is mandatory that it builds a user tracking and advertising system into Chrome, and the company says it won't block third-party cookies until it accomplishes that -- no matter what the final solution may ultimately be. The upshot, if it can be called that, of the FLEDGE API over FLoC, is that abuse of FLEDGE looks to yield less valuable results. And attempting to use the API alone to pick out an individual user via fingerprinting or other methods employed elsewhere seems to be rather difficult to do. But only time will tell if that remains true or just Google idealizing this new API. As for the current timeline, here's what the company had to say in the latest Chromium Blog post: "Starting today, developers can begin testing globally the Topics, FLEDGE, and Attribution Reporting APIs in the Canary version of Chrome. We'll progress to a limited number of Chrome Beta users as soon as possible. Once things are working smoothly in Beta, we'll make API testing available in the stable version of Chrome to expand testing to more Chrome users."

The Chrome team: The Chrome team is delighted to announce the promotion of Chrome 100 to the stable channel for Windows, Mac and Linux. Chrome 100 is also promoted to our new extended stable channel for Windows and Mac. This will roll out over the coming days/weeks. Chrome 100.0.4896.60 contains a number of fixes and improvements -- a list of changes is available in the log.

Microsoft is finally making it easier to change your default browser in Windows 11. A new update (KB5011563) has started rolling out this week that allows Windows 11 users to change the default browser with a single click. After testing the changes in December, this new one-click method is rolling out to all Windows 11 users. From a report: Originally, Windows 11 shipped without a simple button to switch default browsers that was always available in Windows 10. Instead, Microsoft forced Windows 11 users to change individual file extensions or protocol handlers for HTTP, HTTPS, .HTML, and .HTM, or you had to tick a checkbox that only appeared when you clicked a link from outside a browser. Microsoft defended its decision to make switching defaults harder, but rival browser makers like Mozilla, Brave, and even Google's head of Chrome criticized Microsoft's approach.

To date, Google has released three Assistant Smart Displays. 9to5Google can now report that the company is working on a new Nest Hub for 2022 with a dockable tablet form factor where the screen detaches from a base/speaker. From the report: According to a source that has proven familiar with Google's plans, the next Nest Smart Display will have a removable screen that can be used as a tablet. It attaches to the base/speaker for a more conventional-looking smart home device. This new form factor comes as Google has spent the last few months adding more interface elements to the 2nd-gen Nest Hub and Nest Hub Max. Swiping up from the bottom of the screen reveals a row of "apps" above the settings bar. You can open a fullscreen grid of icons from there. Applications and games on the Nest Hub are essentially web views, so this is technically a launcher for shortcuts.

Speaking of the web, Google also spent the end of last year adding a more feature-rich browser that even features a Gboard-esque keyboard. You can also send sites directly to your phone and enable text-to-speech. Both of these additions can be seen as laying the groundwork for a tablet-like experience, with web browsing obviously being a popular task on big screens. Many questions about the implementation remain unknown, including what OS/experience the undocked tablet will run. Chrome OS is likely too power-hungry (and as such costly) considering the affordability of Nest devices, while Android would open the door to existing apps and the Play Store.

GitHub has introduced a new feed into the dashboard of users and it doesn't appear to have gone down well with the code shack's regulars. The Register reports: As soon as the new feed arrived, replete with all kinds of exciting suggestions for developers to look at, the complaints began rolling in as users worried the recommendations were turning GitHub into something distressingly like a social media platform. "I do not need to see recommendations, nor activity of people I don't follow," said one user. "Don't fix what's not broken." Others were blunter, stating: "I don't want algorithmic feed" and requesting a feed on stuff that actually mattered â" issues, releases, PRs and so on. GitHub pushed out a new beta version of its Home Feed earlier this week, with the avowed intention of developers reaching a wider audience and building communities. The plan is to make discovery easier and help users "find new repositories or users to follow based on your interests."

As if to demonstrate the levels of discontent around GitHub's new feature, a Chrome extension quickly showed up to disable the social feed by removing the "For You" section on the GitHub dashboard. Not all users were upset by the appearance of the new feed, and GitHub staff popped up to promise that there would be an option to make one's profile private and opt out of pretty much everything via a single setting. It will, however, take until late April before this option is likely to appear, they said. Which prompted the obvious question: "Why is this opt-out instead of opt-in?"

Google's Threat Analysis Group announced on Thursday that it had discovered a pair of North Korean hacking cadres going by the monikers Operation Dream Job and Operation AppleJeus in February that were leveraging a remote code execution exploit in the Chrome web browser. From a report: The blackhatters reportedly targeted the US news media, IT, crypto and fintech industries, with evidence of their attacks going back as far as January 4th, 2022, though the Threat Analysis Group notes that organizations outside the US could have been targets as well.

"We suspect that these groups work for the same entity with a shared supply chain, hence the use of the same exploit kit, but each operate with a different mission set and deploy different techniques," the Google team wrote on Thursday. "It is possible that other North Korean government-backed attackers have access to the same exploit kit." Operation Dream Job targeted 250 people across 10 companies with fraudulent job offers from the likes of Disney and Oracle sent from accounts spoofed to look like they came from Indeed or ZipRecruiter. Clicking on the link would launch a hidden iframe that would trigger the exploit.

Firefox is finally gaining proper AV1 support. Neowin reports: According to an update made to a post on Bugzilla, the Mozilla Foundation is finally ready to add hardware acceleration for the AV1 video format. Developers plan to implement improved AV1 support in the upcoming release of Firefox 100, scheduled to arrive on May 3, 2022. Hardware acceleration for AV1 video brings several noticeable benefits to customers. The standard developed by Alliance for Open Media and initially released in March 2018 offers better video compression than H.264 (about 50%) and VP9 (about 20%). Shifting AV1 video processing from software to hardware improves efficiency and reduces energy consumption, resulting in better battery life on tablets and laptops. Google and Microsoft announced hardware-accelerated AV1 video in Chrome and Edge in late 2020. Mozilla, on the other hand, did not rush to introduce improved AV1 support in Firefox. While it is easy to dunk on Firefox, there is a reason why developers took their time. Hardware-accelerated AV1 video is not something you can add to any computer with Windows 10, and it requires a PC with the most recent and powerful hardware.

An anonymous reader shares a report: This may feel like deja vu because Google itself mistakenly leaked this announcement a few days ago, but the company today officially announced the launch of Steam OS on Chrome OS. Before you run off to install it, there are a few caveats: This is still an alpha release and only available on the more experimental and unstable Chrome OS Dev channel. The number of supported devices is also still limited since it'll need at least 8GB of memory, an 11th-generation Intel Core i5 or i7 processor and Intel Iris Xe Graphics. That's a relatively high-end configuration for what are generally meant to be highly affordable devices and somewhat ironically means that you can now play games on Chrome OS devices that are mostly meant for business users. The list of supported games is also still limited but includes the likes of Portal 2, Skyrim, The Witcher 3: Wild Hunt, Half-Life 2, Stardew Valley, Factorio, Stellaris, Civilization V, Fallout 4, Dico Elysium and Untitled Goose Game.

At the 2022 Google for Games Developer Summit where its Stadia B2B cloud gaming platform was unveiled, Google announced the long-awaited availability of Steam on Chromebooks. 9to5Google reports: Google specifically said that the "Steam Alpha just launched, making this longtime PC game store available on select Chromebooks for users to try." That said, no other details appear to be live this morning, but we did reveal the device list last month. As we noted at the time: "At a minimum, your Chromebook needs to have an (11th gen) Intel Core i5 or i7 processor and a minimum of 7 GB of RAM. This eliminates almost all Chromebooks but those in the upper-mid range and high end."

Google today said "you can check that out on the Chromebook community forum." The post in question is now live, but without any actual availability timeline beyond "coming soon." However, we did learn that the "early, alpha-quality version of Steam" will first come to the Chrome OS Dev channel for a "small set" of devices.

Meanwhile, Google also said Chrome OS is getting a new "games overlay" on "select" Android titles to make them "playable with user-driven keyboard and mouse configurations on Chromebooks without developer changes." It will launch later this year in a public beta. Further reading: The part of the keynote where this announcement was made can be viewed here.

Google's Domain Name Registrar is Out of Beta After Seven Years

Russia has created its own trusted TLS certificate authority (CA) to solve website access problems that have been piling up after sanctions prevent certificate renewals. From a report: The sanctions imposed by western companies and governments are preventing Russian sites from renewing existing TLS certificates, causing browsers to block access to sites with expired certificates. [...] The Russian state has envisioned a solution in a domestic certificate authority for the independent issuing and renewal of TLS certificates. "It will replace the foreign security certificate if it is revoked or expires. The Ministry of Digital Development will provide a free domestic analogue.

The service is provided to legal entities -- site owners upon request within 5 working days," explains the Russian public services portal, Gosuslugi (translated). However, for new Certificate Authorities (CA) to be trusted by web browsers, they first needed to be vetted by various companies, which can take a long time. Currently, the only web browsers that recognize Russia's new CA as trustworthy are the Russia-based Yandex browser and Atom products, so Russian users are told to use these instead of Chrome, Firefox, Edge, etc.

As Google announced today, version 99 of Chrome on macOS manages to score 300 points on the Speedometer benchmark, which was originally developed by Apple's WebKit team. This, Google points out, is the fastest performance of any browser yet. TechCrunch: Speedometer 2.0 tests for responsiveness, which makes it a good proxy for user experience. It's been a while since competition in the browser market focused on speed, especially now that most vendors bet on the same Chromium codebase to build their browsers (with the exception of Mozilla's Firefox and Apple's WebKit-based Safari). But that doesn't mean that the various development teams stopped thinking about how to speed up the user experience. As with a lot of mature technologies, we're just not seeing major breakthroughs these days. That doesn't mean the rivalry between the different vendors has stopped, even as they are now getting together as part of Interop 2022 to better align their browsers with web standards.

The Register reported this week on a group of software developers launching a group called Open Web Advocacy "to help online apps compete with native apps and to encourage or compel Apple to relax its iOS browser restrictions." The group (OWA), organized by UK-based developers Stuart Langridge, Bruce Lawson, and others, aims to promote a more open web by explaining subtle technical details to lawmakers and to help them understand anti-competitive aspects of web technology. Over the past few months, group members have been communicating with the UK Competitions and Markets Authority (CMA) to convince the agency that Apple's iOS browser policy harms competition.

In conjunction with the debut of the group's website, the OWA plans to release a technical paper titled "Bringing Competition to Walled Gardens," that summarizes the group's position and aims to help regulators in the UK and elsewhere understand the consequences of web technology restrictions.

The group is looking for like-minded developers to take up its cause.... The primary concern raised by Langridge and Lawson is that Apple's iOS App Store Guidelines require every browser running on iPhones and iPads to be based on WebKit, the open source project overseen by Apple that serves as the rendering engine for the company's Safari browser.
"The OWA is now urging Apple users to contact regulators and legislators in other jurisdictions to galvanize support and force Apple to end its restrictions around WebKit," reports MacRumors, "although such a move could make sideloading apps from the web a real possibility, and that is something Apple appears equally reluctant to allow.

Reuters reported today that Apple has now written to U.S. lawmakers "to dispute assertions that its concerns about the dangers of sideloading apps into phones were overblown...." Reuters points out that the U.S. Congress "is currently considering a bill aimed at reining in app stores run by Apple and Alphabet's Google, which would require companies to allow sideloading. Apple has argued that such a practice would be a security risk as it keeps tight control of the apps in the store in order to keep users safe."

But OWA organizer Bruce Lawson tells the Register that as things stand now, "at the moment, every browser on iOS, whether it be badged Chrome, Firefox or Edge is actually just a branded skin of Safari, which lags behind [other browsers] because it has no competition on iOS."

And something funny happened when the Register contacted Apple for a comment about why they're against App Store rule changes: To our astonishment, after having queries ignored for months, an Apple spokesperson responded, asking whether the company could correspond off-the-record. We replied that we would be happy to communicate off-the-record and then never heard back.

Or if we did, we couldn't say.

A year and a half later, Amazon's Luna cloud gaming service has formally launched in the U.S. for Android, iOS, Chrome OS, macOS and Windows. Engadget reports: The core Luna+ service with over 100 games will normally cost $10 per month, with the kid-friendly Family Channel and Ubisoft+ Channels available for a respective $6 and $18 per month. Amazon hopes to reel in newcomers by dropping the monthly fees of Luna+ and the Family channel to $6 and $3 for anyone who signs up during March. Existing users just have to maintain their subscriptions to lock in that pricing.

The official debut comes alongside some new channels. A Prime Gaming channel, as the name implies, gives Amazon Prime members a free, rotating mix of games. The March selection will include titles like Devil May Cry 5 and Flashback. Pay $5 per month for the Retro Channel and you'll get Capcom and SNK classics like Street Fighter II Hyper Fighting and Metal Slug 3, while a similar outlay for the Jackbox Games Channel provides access to all eight Jackbox Party Pack titles. Luna's latest update also makes it simpler to stream gameplay from a Fire TV device, Mac or Windows PC on Twitch.

In a Google support forum post, Chrome's Support Manager Craig announced that mobile Chrome 100 will do away with the browser's data-saving feature -- the release is due to make its way to the stable channel on March 29, 2022. From a report: The mode will also stop working on previous versions of the browser from that day. Besides several improvements to Chrome over the years to reduce data usage and improve page load times, Google has also seen mobile data costs decrease in many countries. Thus, it believes the data saving mode is no longer relevant in today's world.

HP, Lenovo, Acer, and Asus are expected to be among the first companies to release gaming Chromebooks. From a report: A code change in the Chromium Gerrit suggests the vendors are working on Chrome OS devices that will support Steam. In January 2020, Google said it would bring Steam to Chromebooks, and the plan may be starting to take shape. 9to5Google spotted a code change on Saturday showing a list of what appears to be Chromebook models that will support Steam:

Acer Chromebook 514 (CB514-1H)
Acer Chromebook 515
Acer Chromebook Spin 713 (CP713-3W)
Asus Chromebook Flip CX5 (CX5500)
Asus Chromebook CX9 (CX9400)
HP Pro c640 G2 Chromebook
Unknown Chromebook from Lenovo.

Industry analysts and former Mozilla employees are concerned about Firefox's future, reports Ars Technica, warning that the ultimate fate of Firefox "has larger implications for the web as a whole." Since its release in 2008, [Google's] Chrome has become synonymous with the web: it's used by around 65 percent of everyone online and has a huge influence on how people experience the Internet. When Google launched its AMP publishing standard, websites jumped to implement it. Similar plans to replace third-party cookies in Chrome — a move that will impact millions of marketers and publishers — are shaped in Google's image.

"Chrome has won the desktop browser war," says one former Firefox staff member, who worked on browser development at Mozilla but does not want to be named, as they still work in the industry. Their hopes for a Firefox revival are not high. "It's not super reasonable for Firefox to expect to win back even any browser share at this point." Another former Mozilla employee, who also asked not to be named for fear of career repercussions, says: "They're just going to have to accept the reality that Firefox is not going to come back from the ashes...."

Mozilla's financial declarations from 2020 said that despite the layoffs it is in a healthy place, and it expects its financial results for 2021 to show revenue growth. However, Mozilla and Firefox acknowledge that for its long-term future it needs to diversify the ways it makes money. These efforts have ramped up since 2019. The company owns read-it-later service Pocket, which includes a paid premium subscription service. It has also launched two similar VPN-style products that people can subscribe to. And the company is pushing more into advertising as well, placing ads on new tabs that are opened in the Firefox browser.... Selena Deckelmann, senior vice president of Firefox, says Firefox is likely to continue looking for ways to keep personalizing people's online browsing. "I'm not sure that what's going to come out of that is going to be what people traditionally expect from a browser, but the intention will always be to put people first," she says. Just this week, Firefox announced a partnership with Disney — linked to a new Pixar film — that involves changing the color of the browser and ads to win subscriptions to Disney+. The deal speaks both to Firefox's personalization push and the strange roads its search for revenue streams can lead down.

Deckelmann adds that Firefox doesn't need to be as big as Chrome or Apple's Safari, the second largest browser, to succeed. "All we really want is to be a viable choice," Deckelmann says. "Because we think that this makes a better Internet for everybody to have these different options."
Interesting stats from the article:

• "Mozilla's own statistics show a drop of around 30 million monthly active users from the start of 2019 to the start of 2022."

• Mozilla's figures now also show around 215 million Firefox Desktop clients active in the past 28 days — a number which has stayed stable.

• Yet In 2008, a full 20% of the 1.5 billion people online were using Firefox to surf the web — including more than half the web surfers in Indonesia, Macedonia, and Slovenia.

• "Across all devices, the browser has slid to less than 4 percent of the market," writes Ars Technica. "On mobile it's a measly half a percent..."

• Next year, Firefox's "lucrative search deal with Google — responsible for the vast majority of its revenue" — is set to expire.

Linux programmers fixed bugs faster than anyone — in an average of just 25 days (improving from 32 days in 2019 to just 15 in 2021). That's the conclusion of Google's "Project Zero" security research team, which studied the speed of bug-fixing from January 2019 to December 2021.

ZDNet reports that Linux's competition "didn't do nearly as well." For instance, Apple, 69 days; Google, 44 days; and Mozilla, 46 days. Coming in at the bottom was Microsoft, 83 days, and Oracle, albeit with only a handful of security problems, with 109 days.

By Project Zero's count, others, which included primarily open-source organizations and companies such as Apache, Canonical, Github, and Kubernetes, came in with a respectable 44 days.

Generally, everyone's getting faster at fixing security bugs. In 2021, vendors took an average of 52 days to fix reported security vulnerabilities. Only three years ago the average was 80 days. In particular, the Project Zero crew noted that Microsoft, Apple, and Linux all significantly reduced their time to fix over the last two years.

As for mobile operating systems, Apple iOS with an average of 70 days is a nose better than Android with its 72 days. On the other hand, iOS had far more bugs, 72, than Android with its 10 problems.

Browsers problems are also being fixed at a faster pace. Chrome fixed its 40 problems with an average of just under 30 days. Mozilla Firefox, with a mere 8 security holes, patched them in an average of 37.8 days. Webkit, Apple's web browser engine, which is primarily used by Safari, has a much poorer track record. Webkit's programmers take an average of over 72 days to fix bugs.

Microsoft last month received a US patent covering modifications to a data-encoding technique called rANS, one of several variants in the Asymmetric Numeral System (ANS) family that support data compression schemes used by leading technology companies and open source projects. The Register reports: The creator of ANS, Jaroslaw Duda, assistant professor at Institute of Computer Science at Jagiellonian University in Poland, has been trying for years to keep ANS patent-free and available for public use. Back in 2018, Duda's lobbying helped convince Google to abandon its ANS-related patent claim in the US and Europe. And he raised the alarm last year when he learned Microsoft had applied for an rANS (range asymmetric number system) patent.

Now that Microsoft's patent application has been granted, he fears the utility of ANS will be diminished, as software developers try to steer clear of a potential infringement claim. "I don't know what to do with it -- [Microsoft's patent] looks like just the description of the standard algorithm," he told The Register in an email. The algorithm is used in JPEG XL and CRAM, as well as open source projects run by Facebook (Meta), Nvidia, and others. "This rANS variant is [for example] used in JPEG XL, which is practically finished (frozen bitstream) and [is] gaining support," Duda told The Register last year. "It provides ~3x better compression than JPEG at similar computational cost, compatibility with JPEG, progressive decoding, missing features like HDR, alpha, lossless, animations. "There is a large team, mostly from Google, behind it. After nearly 30 years, it should finally replace the 1992 JPEG for photos and images, starting with Chrome, Android."

As both the Chrome and Firefox browsers approach their 100th versions, what should be a reason for the developers to celebrate could turn into a bit of a mess. From a report: It turns out that much like the Y2K bug, the triple-digit release numbers coded in the browsers' User-Agents (UAs) could cause issues with a small number of sites, Bleeping Computer reported. Mozilla launched an experiment last year to see if version number 100 would affect sites, and it just released a blogpost with the results. It did affect a small number of sites (some very big ones, though) that couldn't parse a user-agent string containing a three-digit number. Notable ones still affected included HBO Go, Bethesda and Yahoo, according to a tracking site. The bugs include "browser not supported" messages, site rendering issues, parsing failures, 403 errors and so on.