Chrome

Google's Unfair Performance Advantage in Chrome (ctrl.blog) 37

An anonymous reader shares a post: Google Chrome for Android has a feature that gives Google Search an unfair advantage over its competition. Sure, it's the default search engine and that's a huge hurdle to overcome for any competitor. However, Chrome also reserves a performance-boosting feature for Google Search exclusively. I recently poked around in the Chromium project source code; the open-source foundation for Google's Chrome web browser. The Chromium project is co-developed by Google, and other corporate and individual contributors. The project is managed and controlled by Google, however. I was looking for something else when I stumbled upon a feature called PreconnectToSearch. When enabled, the feature preemptively opens and maintains a connection to the default search engine.

The preconnection feature resolves the domain name, and negotiates and sets up a secure connection to the server. All these things take time and they must happen before the search engine can receive the users' search queries. Preempting these steps can save a dozen seconds on a slow network connection or half a second on a fast connection. This optimization can yield a nice performance boost for Google's customers. Assuming the connection only requires a trivial amount of processing power and network bandwidth, of course. Setting up the connection early can be wasteful or slow down the loading of other pages if the user isn't going to search the web. There's just one small catch: Chromium checks the default search engine setting, and only enables the feature when it's set to Google Search. This preferential treatment means no other search engine can compete with Google Search on the time it takes to load search results. Every competitor must wait until the user has started to type a search query before Chrome will establish a connection.

Cellphones

OnePlus 9 Benchmarks Deleted From Geekbench Over Cheating Allegations (androidauthority.com) 27

Popular benchmark site Geekbench has removed OnePlus 9 benchmarks from its charts due to allegations that the company designed Oxygen OS optimization tools in such a way that they could be viewed as cheating. Android Authority reports: Yesterday, AnandTech posted some information about "weird behavior" it spotted with the OnePlus 9 Pro. According to the team's research, Oxygen OS apparently limits the performance of some popular Android apps -- but none of those apps are benchmark suites. Geekbench, one of the more popular benchmarking sites, took these allegations seriously. After conducting its own investigation, Geekbench recently announced that it has removed all OnePlus 9 benchmarks from its charts. Geekbench, one of the more popular benchmarking sites, took these allegations seriously. After conducting its own investigation, Geekbench recently announced that it has removed all OnePlus 9 benchmarks from its charts. Geekbench called Oxygen OS's behavior a form of "benchmark manipulation." OnePlus has yet to issue a statement on the matter. In some of our own testing, we found that AnandTech's data is on the mark. We found that the OnePlus 9 series limits the performance of Google Chrome while older OnePlus phones do not. OnePlus issued a statement to Android Authority addressing the matter: "Our top priority is always delivering a great user experience with our products, based in part on acting quickly on important user feedback. Following the launch of the OnePlus 9 and 9 Pro in March, some users told us about some areas where we could improve the devices' battery life and heat management. As a result of this feedback, our R&D team has been working over the past few months to optimize the devices' performance when using many of the most popular apps, including Chrome, by matching the app's processor requirements with the most appropriate power. This has helped to provide a smooth experience while reducing power consumption. While this may impact the devices' performance in some benchmarking apps, our focus as always is to do what we can to improve the performance of the device for our users."

This is reminiscent of when the company was caught pushing the OnePlus 5's performance capabilities when the OS detected a benchmark app. This resulted in artificially inflated scores that users would not see during real-world usage.
Chrome

Google Is Working On an HTTPS-Only Mode For Chrome (therecord.media) 65

An anonymous reader writes: Following in the footsteps of browsers like Mozilla Firefox and Microsoft Edge, Google Chrome is also in line to receive an HTTPS-Only Mode that will upgrade all unencrypted HTTP connections to encrypted HTTPS alternatives, where possible.

Currently, the new Chrome HTTPS-Only Mode is still under development in Chrome Canary distributions. Work is being done to add specific settings in the browser's interface, and no actual HTTP-to-HTTPS functionality is currently present. The feature is expected to be ready for Chrome 93, set to be released later this fall.

Google

Inside Neeva, the Ad-Free, Privacy-First Search Engine From ex-Googlers (fastcompany.com) 70

Sridhar Ramaswamy and Vivek Raghunathan helped turn Google into an ad giant. Now they're starting over with a service whose only customers are its users. From a report: A new search engine? One that people have to pay to use? At first blush, it may seem like a textbook example of a startup idea destined never to get anywhere. By definition, any new search engine competes with Google, whose 90 percent-plus market share leaves little oxygen for other players. And we've been accustomed to getting our search for free since well before there was a Google -- which might make paying for it sound like being expected to purchase a phone book. But Neeva is indeed a new search engine, officially launching today, that carries a subscription fee.

Though it's extremely similar to Google in many respects -- with a few twists of its own -- it dumps the web giant's venerable ad-based business model in the interest of avoiding distractions, privacy quandaries, and other compromises. It's free for three months -- long enough for users to grow accustomed to it without obligation -- and $4.95 a month thereafter. Apps for iPhones and iPads, and browser extensions for Chrome, Firefox, Safari, Edge, and Brave, are part of the deal. Neeva may have a certain whiff of improbability about it, but its cofounders, Sridhar Ramaswamy and Vivek Raghunathan, are the furthest thing from naifs. Two long-time Google executives with more than a quarter-century of experience at the web giant between them, they have an insider's understanding of how it operates. Moreover, about 30 percent of the roughly 60-person staff they've assembled at Neeva consists of ex-Googlers, including Hall-of-Famers such as Udi Manber (a former head of Google search) and Darin Fisher (one of the inventors of Chrome). They've also secured $77.5 million in funding, including investments from venture-capital titans Greylock and Sequoia.

Google

Google Delays Blocking Third-Party Cookies in Chrome Until 2023 (theverge.com) 16

Google is announcing today that it is delaying its plans to phase out third-party cookies in the Chrome browser until 2023, a year or so later than originally planned. From a report: Other browsers like Safari and Firefox have already implemented some blocking against third-party tracking cookies, but Chrome is the most-used desktop browser, and so its shift will be more consequential for the ad industry. That's why the term "cookiepocalypse" has taken hold. In the blog post announcing the delay, Google says that decision to phase out cookies over a "three month period" in mid-2023 is "subject to our engagement with the United Kingdom's Competition and Markets Authority (CMA)." In other words, it is pinning part of the delay on its need to work more closely with regulators to come up with new technologies to replace third-party cookies for use in advertising. Few will shed tears for Google, but it has found itself in a very difficult place as the sole company that dominates multiple industries: search, ads, and browsers.
Google

Why Google is Funding Linux Kernel Development in Rust (msn.com) 80

"Google said Thursday it's funding a project to increase Linux security by writing parts of the operating system's core in the Rust programming language, a modernization effort that could bolster the security of the internet and smartphones," reports CNET: If the project succeeds, it'll be possible to add new elements written in Rust into the heart of Linux, called the kernel. Such a change would mark a major technological and cultural shift for an open-source software project that's become foundational to Google's Android and Chrome operating systems as well as vast swaths of the internet. Miguel Ojeda, who's written software used by the Large Hadron Collider particle accelerator and worked on programming language security, is being contracted to write software in Rust for the Linux kernel. Google is paying for the contract, which is being extended through the Internet Security Research Group, a nonprofit that's also made it easier to secure website communications through the Let's Encrypt effort.

Adding Rust modules to the Linux kernel would improve security by closing some avenues for hackers can use to attack phones, computers or servers. Since it was launched in 1991, Linux has been written solely in the powerful but old C programming language. The language was developed in 1972 and is more vulnerable to hacks than contemporary programming languages...

Google credits the Linux community programmers who began the Rust for Linux project. "The community had already done and continues to do great work toward adding Rust support to the Linux kernel build system," Google said in a blog post...

[Rust] has been the most loved programming language for five years running in Stack Overflow's annual developer survey. "Rust represents the best alternative to C and C++ currently available," Microsoft's security team concluded in 2019. The team said Rust would have prevented memory problems at fault in 70% of its significant security issues. And because Rust's checks happen while software is being built, the safety doesn't come at the expense of performance when the software is running.

The goal of the Linux on Rust project isn't to replace all of Linux's C code but rather to improve selective and new parts.

Google

Google Backs Linux Project To Make Android, Chrome OS Harder To Hack (cnet.com) 114

Google said Thursday it's funding a project to increase Linux security by writing parts of the operating system's core in the Rust programming language, a modernization effort that could bolster the security of the internet and smartphones. From a report: If the project succeeds, it'll be possible to add new elements written in Rust into the heart of Linux, called the kernel. Such a change would mark a major technological and cultural shift for an open-source software project that's become foundational to Google's Android and Chrome operating systems as well as vast swaths of the internet.

Miguel Ojeda, who's written software used by the Large Hadron Collider particle accelerator and worked on programming language security, is being contracted to write software in Rust for the Linux kernel. Google is paying for the contract, which is being extended through the Internet Security Research Group, a nonprofit that's also made it easier to secure website communications through the Let's Encrypt effort. Adding Rust modules to the Linux kernel would improve security by closing some avenues for hackers can use to attack phones, computers or servers. Since it was launched in 1991, Linux has been written solely in the powerful but old C programming language. The language was developed in 1972 and is more vulnerable to hacks than contemporary programming languages.

Chrome

Google Announces Bold New Changes To Chrome OS Release Cycle (androidpolice.com) 14

In a blog post this morning, Google announced plans to increase its update cadence for Chromebooks. Like Chrome, its operating system will now also follow a four-week Stable channel before moving to the next major milestone release. Android Police reports: Google will deliver fresh features more rapidly to Chromebooks starting with Chrome OS 96 -- all while keeping it stable, secure, and speedy. To adapt to the rigorous update release schedule, Google will skip Chrome OS 95, which will help it bridge the gap between M94 and Chrome's new four-week rollout strategy. Enterprise and education folks can opt enroll in an Extended Stable option for Chromebooks, which will update every 6 months. In light of the new rollout strategy, Google updated its documentation and pushed an update to its release calendar. The company will share plans about the choices Chrome OS administrators will have for milestone updates "in the coming months."
Google

Google Abandons Experiment To Show Simplified Domain URLs in Chrome (therecord.media) 56

Google's experiment to hide parts of a site's URL in the Chrome address bar (the Omnibox) has failed and has been removed from the browser earlier this week. From a report: The experiment ran from June 2020 to June 2021. It consisted of a series of options that Google added to the chrome://flags options page that, when enabled, only showed the main domain name of a site (therecord.media) instead of the full page URL (therecord.media/category/article/title).
Google

Google Will Let Rivals Appear As Default Search Engine Options On Android For Free (engadget.com) 7

An anonymous reader quotes a report from Engadget: Google will jettison an auction system that forces other providers to bid for the right to be featured as a default search engine option on Android. Following a $5 billion fine and antitrust enforcement action in 2018, people in Europe have been able to choose which core apps and services they use on Android by default, instead of having to use Google products at first. Users in the region see an Android choice screen while setting up a device or after performing a factory reset. They can select their default search engine from a number of options. However, the three providers that are presented alongside Google Search have been determined by a sealed bidding process.

The revamped choice screen will feature up to 12 search engine options. The one you pick is the default for searches on the home screen and Chrome, if you use that as your browser. Your device will also install that provider's search app. Only general search engines are eligible, and they need to have a free search app on the Play store. Vertical search engines (i.e. specialist or subject-specific ones) will be locked out. Providers that syndicate search results and ads from Google won't be featured on the list either. The changes will come into effect for new Android devices sold in the UK and European Economic Area by September 1st.
"Following further feedback from the Commission, we are now making some final changes to the Choice Screen including making participation free for eligible search providers," Oliver Bethell, Google's head of competition for Europe, the Middle East and Africa, wrote in a blog post. "We will also be increasing the number of search providers shown on the screen. These changes will come into effect from September this year on Android devices."
Microsoft

Windows 10 Notifies Users They Should Make Bing Their Browser's Default Search Engine (zdnet.com) 116

Today ZDNet's "Technically Incorrect" columnist Chris Matyszczyk discussed a new pop-up message that's now appearing in Windows 10's notification center.

It's warning Windows users that "Microsoft recommends different browser settings. Want to change them?" The notification adds that you'll get "Search that gives you back time and money." And "fast and secure search results with Bing." Oh, yes. Bing, the MySpace to Google's Facebook, is still being pushed.

I learned that this Bing-pushing is pushing Windows users' buttons. There's a little Reddit thread where you'll see laments such as: "You're not the first to have this Microsoft Annoyance. Apparently, there are thousands in front of you." The most poignant, perhaps, was this: "Miserably I get this despite using Edge AND having Bing set as my default search engine... (the latter of which for Microsoft Rewards). I think the 'problem' is that not ALL of my browsers had Bing as the default search engine? Which is ridiculous because I never use Chrome or Firefox anyway. But after clicking the popup, it ludicrously opened up all my browsers...."

What's most distressing is the lack of any attempt at charm or humor in these notifications. Are they all written by engineers? Or robots, perhaps...? Perhaps Microsoft believes that irritation works. Perhaps it simply has no better ideas to persuade anyone to try Bing.

And really, it's not as if Redmond is alone in pursuing this sort of communication. Why, I've even had Apple notifying me of its angry feelings whenever I open, oh, Microsoft Edge.

Chrome

Google To Warn of Chrome Extensions From New or Untrusted Developers (therecord.media) 13

Google says it will scan the extensions users install in their Chrome browsers and warn users if they are adding an extension from a new or untrusted developer. From a report: The new extension scanning feature will be part of a Google security feature called Enhanced Safe Browsing, which Google added to Chrome in May last year. Google says trusted developers are those who adhere to the Chrome Web Store Developer Program Policies. "For new developers, it will take at least a few months of respecting these conditions to become trusted," the browser maker said in a blog post today. Currently, Google said that almost 75% of all extensions hosted on the Chrome Web Store were developed by "trusted developers." For the rest, the browser will show an alert like the one below if users had enabled Enhanced Safe Browsing in their Chrome settings page.
Privacy

Using Fake Reviews To Find Dangerous Extensions (krebsonsecurity.com) 13

Brian Krebs: Fake, positive reviews have infiltrated nearly every corner of life online these days, confusing consumers while offering an unwelcome advantage to fraudsters and sub-par products everywhere. Happily, identifying and tracking these fake reviewer accounts is often the easiest way to spot scams. Here's the story of how bogus reviews on a counterfeit Microsoft Authenticator browser extension exposed dozens of other extensions that siphoned personal and financial data.

After hearing from a reader about a phony Microsoft Authenticator extension that appeared on the Google Chrome Store, KrebsOnSecurity began looking at the profile of the account that created it. There were a total of five reviews on the extension before it was removed: Three Google users gave it one star, warning people to stay far away from it; but two of the reviewers awarded it between three and four stars. "It's great!," the Google account Theresa Duncan enthused, improbably. "I've only had very occasional issues with it." "Very convenient and handing," assessed Anna Jones, incomprehensibly.

Google

Google Chrome's Top Web App Advocate Resigns (cnet.com) 52

Google is losing one of its strongest champions of the web. Alex Russell, who has led the Fugu project to make web apps as powerful as those running on Google's Android or Apple's iOS software, is leaving the company on Wednesday. From a report: Russell announced his departure on Twitter. He's not quitting in anger or being pushed out. But after 12 years at Google pushing his vision for a more powerful web, "I need some time off," he said in an interview. Russell has been an outspoken advocate for the web, using Chrome's dominant position to help test and introduce new abilities that let programmers build interactive apps on the web, not just relatively static websites. Project Fugu embodies this effort, as does the broader progressive web app, or PWA, movement that lets you install and launch web apps more like those that run natively on smartphones and PCs.
China

Alibaba's Huge Browser Business Is Harvesting The 'Private' Web Activity Of Millions Of Android And iPhone Users (forbes.com) 50

Security researcher Gabi Cirlig's findings, verified for Forbes by two other independent researchers, reveal that on both Android and iOS versions of UC Browser, every website a user visits, regardless of whether they're in incognito mode or not, is sent to servers owned by UCWeb. From a report: Cirlig said IP addresses -- which could be used to get a user's rough location down to the town or neighborhood of the user -- were also being sent to Alibaba-controlled servers. Those servers were registered in China and carried the .cn Chinese domain name extension, but were hosted in the U.S. An ID number is also assigned to each user, meaning their activity across different websites could effectively be monitored by the Chinese company, though it's not currently clear just what Alibaba and its subsidiary are doing with the data.

"This could easily fingerprint users and tie them back to their real personas," Cirlig wrote in a blog post handed to Forbes ahead of publication on Tuesday. Cirlig was able to uncover the problem by reverse engineering some encrypted data he spotted being sent back to Beijing. Once the key had been cracked, he was able to see that every time he visited a website, it was being encrypted and transmitted back to the Alibaba company. On Apple's iOS, he didn't even need to reverse engineer the encryption because there effectively was none on the device (though it was encrypted when in transit). "This kind of tracking is done on purpose without any regard for user privacy," Cirlig told Forbes. When compared to Google's own Chrome browser, for instance, it does not transfer user web browsing habits when in incognito. Cirlig said he'd looked at other major browsers and found none did the same as UC Browser.

Firefox

Firefox 89 Arrives With Controversial Proton Interface (neowin.net) 194

Mozilla's Firefox 89 releases to the general public today complete with the new Proton interface which simplifies the browser's menus and alters the tabs bar beyond anything we've seen from previous Firefox releases or other web browsers. From a report: This update also improves macOS integration and includes further privacy enhancements. The first thing that people will notice in this update is the Proton interface, the browser chrome and toolbar have been simplified so that redundant and less frequently used features have been removed, menus have been altered so that the most used features are prominent and visual noise has been reduced.

Proton also updates prompts so they have a cleaner appearance and unnecessary alerts and messages have been removed. The attached tabs have also been supplanted by floating tabs; Mozilla says the rounded design of the active tab "signals the ability to easily move the tab as needed." While almost everyone will support cleaner menus, the new tabs are drawing the ire of some who are not pleased with the radical departure from the traditional look and feel of tabs.

Google

Quic Gives the Internet's Data Transmission Foundation a Needed Speedup (cnet.com) 80

One of the internet's foundations just got an upgrade. From a report: Quic, a protocol for transmitting data between computers, improves speed and security on the internet and can replace Transmission Control Protocol, or TCP, a standard that dates back to Ye Olde Internet of 1974. Last week, the Internet Engineering Task Force, which sets many standards for the global network, published Quic as a standard. Web browsers and online services have been testing the technology for years, but the IETF's imprimatur is a sign the standard is mature enough to embrace fully.

It's extremely hard to improve the internet at the fundamental level of data transmission. Countless devices, programs and services are built to use the earlier infrastructure, which has lasted decades. Quic has been in public development for nearly eight years since Google first announced Quic in 2013 as an experimental addition to its Chrome browser. But upgrades to the internet's foundations are crucial to keep the world-spanning communication and commerce backbone humming. That's why engineers spend so much effort on titanic transitions like Quic, HTTPS for secure website communications, post-quantum cryptography to protect data from future quantum computers, and IPv6 for accommodating vastly more devices on the internet.

Software

One Startup's Quest to Take on Chrome and Reinvent the Web Browser (protocol.com) 101

"The web browser is a crucial part of modern life, and yet it hasn't really been revised since the '90s," writes Protocol. "That may be about to change." The browser tab is an underrated thing. Most people think of them only when there are too many, when their computer once again buckles under Chrome's weight. Even the developers who build the tabs — the engineers and designers working on Chrome, Firefox, Brave and the rest — haven't done much to them. The internet has evolved in massive, earth-shaking ways over the last two decades, but tabs haven't really changed since they became a browser feature in the mid '90s.

Josh Miller, however, has big plans for browser tabs. Miller is the CEO of a new startup called The Browser Company, and he wants to change the way people think about browsers altogether. He sees browsers as operating systems, and likes to wonder aloud what "iOS for the web" might look like. What if your browser could build you a personalized news feed because it knows the sites you go to? What if every web app felt like a native app, and the browser itself was just the app launcher? What if you could drag a file from one tab to another, and it just worked? What if the web browser was a shareable, synced, multiplayer experience? It would be nothing like the simple, passive windows to the web that browsers are now. Which is exactly the goal.

The Browser Company (which everyone on the team just calls Browser) is one of a number of startups that are rethinking every part of the browser stack. Mighty has built a version of Chrome that runs on powerful server hardware and streams the browser itself over the web. Brave is building support for decentralized protocols like IPFS, and experimenting with using cryptocurrencies as a new business model for publishers. Synth is building a new bookmarks system that acts more like a web-wide inbox. Sidekick offers a vertical app launcher and makes tabs easier to organize. "A change is coming," said Mozilla CEO Mitchell Baker. "The question is just the time frame, and what's actually required to make it happen."

They have lots of different ideas, but they share a belief that the browser can, and should, be more than it is. "We don't need a new web browser," Miller said. "We need a new successor to the web browser."

While he was at the White House, Chief Digital Officer (and Miller's boss) Jason Goldman said something Miller couldn't forget. "Platforms have all the leverage," is how Miller remembers it. "And if you care about the future of the internet, or the way we use our computers, or want to improve any of the things that are broken about technology ... you can't really just build an application. Platforms, whether it's iOS or Windows or Android or Mac OS, that's where all the control is."

Chrome

Google's Chrome Browser is About To Get a Lot Faster (zdnet.com) 78

Google has shipped a new JavaScript compiler for its V8 JavaScript engine in Chrome called Sparkplug that promises a much faster web experience -- and it does it by 'cheating', according to the engineers on the project. From a report: Sparkplug is part of Chrome 91, which Google released on Tuesday with security updates but also some key changes under the hood that improve its powerful JavaScript engine, V8. Microsoft relies on V8 these days too after ditching its Chakra JavaScript engine from legacy Edge and moving to Chromium for the new Edge browser and switching to V8. Google says Chrome 91 has 23% faster performance thanks to Sparkplug's integration into V8's JavaScript pipeline.
Microsoft

Microsoft Says Edge is Now the 'Best Performing' Windows 10 Browser (engadget.com) 62

The next release of Edge will be the "best performing" browser available on Windows 10 when it arrives later this week, Microsoft claimed at its Build 2021 event. It said that version 91 contains new features, specifically "startup boost and sleeping tabs" that will push it ahead of Chrome and all other browsers. From a report: Startup boost was introduced in March and works by "running a core set of Microsoft Edge processes in the background," according to the post. At the same time, it supposedly won't use any additional resources when Microsoft Edge browser windows are open. That feature has boosted startup speeds by up to 41 percent, the company claims. In the upcoming build, Microsoft will introduce a "sleeping tabs" feature that immediately puts ads to sleep when you switch to another tab, allowing for "instance resource savings." That promises to boost browser performance and free up memory for other apps, as ads can be highly memory- and processor-intensive.

Slashdot Top Deals