An anonymous reader quotes a report from VentureBeat: Google today launched Chrome 80 for Windows, Mac, Linux, Android, and iOS. The release includes autoupgrading mixed content to HTTPS, SameSite cookie changes, quieter permission UI for notifications, and more developer features. This release thus beefs up security for the world's most popular browser and begins cracking down on cross-site cookies. You can update to the latest version now using Chrome's built-in updater or download it directly from google.com/chrome. With over 1 billion users, Chrome is both a browser and a major platform that web developers must consider. In fact, with Chrome's regular additions and changes, developers often have to stay on top of everything available -- as well as what has been deprecated or removed. Among other things, Chrome 80 has started deprecating FTP support by disabling it by default for non-enterprise clients.

Google security engineers said last week they have successfully cut down the "patch gap" in Google Chrome from 33 days to only 15 days. From a report: The term "patch gap" refers to the time it takes from when a security bug is fixed in an open source library to when the same fix lands in software that uses that particular library. In today's software landscape where many apps rely on open source components, the "patch gap" is considered a major security risk. The reason is because when a security bug is fixed in an open source library, details about that bug become public, primarily due to the public nature and openness of most open source projects. Hackers can then use details about these security flaws to craft exploits and launch attacks against software that relies on the vulnerable component, before the software maker has a chance to release a patch. If the software maker is on a fixed release schedule, with updates coming out every few weeks or months, the patch gap can provide hackers with an attack window that most software projects can't deal with.

"Google has started testing a feature that will display the search query in the Chrome address bar rather than the actual page's URL when performing searches on Google," reports Bleeping Computer: This experimental feature is called "Query in Omnibox" and has been available as a flag in Google Chrome since Chrome 71, but is disabled by default. In a test being conducted by Google, this feature is being enabled for some users and will cause the search keyword to be displayed in the browser's address bar, or Omnibox, instead of the URL that you normally see...

When this feature is not enabled, Google will display the URL of the search in the Omnibox as you would expect. This allows you to not only properly identify the site you are on, but also to easily share the search with another user.
It's been 18 months since Wired reported that Google "wants to kill the URL.

This week now finds Bleeping Computer arguing that instead of removing URLs in one fell swoop, Google "is gradually eroding the various elements of a URL until there is nothing left."

An anonymous reader writes: The Google security team has indefinitely suspended the publishing or updating of any commercial Chrome extensions on the official Chrome Web Store following a spike in the number of paid extensions engaging in fraudulent transactions. Google said the wave of fraudulent transactions began earlier this month. Google engineers described the fraudulent transactions as happening "at scale."

"This is a temporary measure meant to stem this influx as we look for long-term solutions to address the broader pattern of abuse," said Simeon Vincent, Developer Advocate for Chrome Extensions at Google. The ban on publishing or updating impacts all paid extensions. This includes Chrome extensions that require paying a fee before installing, extensions that work based on monthly subscriptions, or Chrome extensions that use one-time in-app purchases to get access to various features. Existing commercial extensions are still available for download via the official Chrome Web Store, however, extension developers can't push new updates.

An anonymous reader quotes a report from Fast Company: Intuit's Mint personal-finance service wants me to know it's sorry. Again. "We're sorry!" its investments page bleats when I try to view my mutual funds' performance. "Our graphs require the latest version of Adobe Flash player." That site has spent years apologizing to me for needing Adobe's vulnerability-riddled plug-in: since I long ago booted Flash from my browser, since Adobe said in 2017 that it would drop Flash by the end of 2020, since Intuit told me in 2018 that Mint would wean itself from Flash "in the coming months."

But that's in keeping with this fossilized financial tool. Mint still provides a valuable service for free in aggregating transaction data from multiple financial institutions to clarify where your money comes and goes -- and in the bargain suggests hopefully-better financial products from advertisers -- but this app exhibits severe symptoms of neglect. It's as if Mint, with 13 million-plus registered users, were a resource-constrained startup instead of a property of Intuit, the Microsoft of personal finance. But more than a decade after the firm behind TurboTax and QuickBooks (and, until 2016, Quicken) bought Mint for $170 million, neatly taking a competitor off the map, this once-groundbreaking app might as well be streaked with cobwebs. The report goes on to note the "updates" category of Mint's blog "reveals no new features since April 2019's revised financial-advice interfaces in the mobile apps it introduced soon after the acquisition."

"It could be doing much more," says Aaron Patzer, founder of Mint. He points in particular to the lack of integration between Mint and TurboTax, saying, "I had a dream that TurboTax would take you about five minutes."

Another explanation for why the personal-finance service has gone neglected is the success of TurboTax, which generates roughly 10 to 20 times the revenue of Mint. Fast Company also notes that Mint "benefits from a lack of serious competition," as Quicken requires an annual subscription and remains desktop-bound, and the free Personal Capital web app is more geared toward investment management.

Microsoft has announced that it will install a new Google Chrome extension for some Office 365 ProPlus customers that will force the browser to use Bing as the default search engine "to access relevant workplace information directly from the browser address bar." From a report: The Microsoft Search in Bing extension will be added to all new Office 365 ProPlus installations and when updating to newer releases. The only customers that won't have this Chrome extension installed automatically are those that already have set Bing as their default Chrome search engine. "Microsoft Search is part of Microsoft 365 and is turned on by default for all Microsoft apps that support it," Microsoft says. "Even after Bing is made the default search engine, your users can still change to a different default search engine in Google Chrome on their own."

The Verge argues that the browser wars "are back, but it's different this time."
The mobile web is broken and unfettered tracking and data sharing have made visiting websites feel toxic, but since the ecosystem of websites and ad companies can't fix it through collective action, it falls on browser makers to use technological innovations to limit that surveillance, however each company that makes a browser is taking a different approach to creating those innovations, and everybody distrusts everybody else to act in the best interest of the web instead of the best interest of their employers' profits... I've been avoiding getting into the precise details of the proposals out there to fix the tracking problem because things are changing so quickly across so many different tracks... Until then, know that there are two important things to know.

First: there are new browser technologies and limits coming that could radically change how ads work and could make it easier for you to protect your privacy no matter what browser you use. Since this is the web, it'll take time, but everybody seems committed. Second: the way many of us think about a Browser War is in terms of marketshare -- and that is the wrong metric this time. There is a browser war, but it won't be won or lost based on who can convince the most people to switch to their browser. Because most people can't or won't switch on the platform that matters: mobile.

In 2020, the desktop is a minor skirmish compared to browsers on phones. On phones, many people aren't really free to choose their browser. That's literally true on the iPhone, which Apple locks down so apps can only use its web rendering technology. And it's for-intents-and-purposes true on Android, where the vast majority of browsers just use Chromium. Yes, there is an Android browser ballot happening in Europe, but it's much too early to know what its effects will be....

The new Browser Wars aren't about who makes the fastest or best browser, they're about whose services you want and whose data policies you trust.

"It's no secret that Opera isn't doing so well in the era of Chrome dominance," reports Android Police. "According to a report published by Hindenburg Research, the company's losses in browser revenue have apparently led it to create multiple loan apps with short payment windows and interest rates of ~365-876%, which are in violation of new Play Store rules Google enacted last year."

The apps are aimed at India, Kenya and Nigeria, reports Engadget:
The apps would claim to offer maximum annual percentage rate (APR) of 33 percent or less, but the actual rates were much higher, climbing to 438 percent in the case of OPesa. And while they publicly offered reasonable loan terms of 91 to 365 days, the real length was no more than 29 days (for OKash) and more often 15 days -- well under Google's 60-day minimum. The conditions only got worse for borrowers who missed their payments. Falling short by just a day could raise the APR as high as 876 percent.

Also, the apps reportedly scraped phone contacts to harass family, friends and others with calls and texts in hopes this would pressure customers into paying up. These same notices often threatened legal action.
Android Police points out that Opera became a public company in mid-2017, shortly after it was purchased by a China-based investor group.

But since then, "Opera's market share has continued to fall, due to the increasing dominance of Chrome."

Kim Lyons, writing for The Verge: Google added tiny favicon icons to its search results this week for some reason, creating more clutter in what used to be a clean interface, and seemingly without actually improving the results or the user experience. The company says it's part of a plan to make clearer where information is coming from, but how? In my Chrome desktop browser, it feels like an aggravating, unnecessary change that doesn't actually help the user determine how good, bad, or reputable an actual search result might be. Yes, ads are still clearly marked with the word "ad," which is a good thing. But do I need to see Best Buy's logo or AT&T's blue circle when I search for "Samsung Fold" to know they're trying to sell me something? Google says the favicon icons are "helping searchers better understand where information is coming from, more easily scan results & decide what to explore."

If you don't care for the new look, Google has instructions on how to change or add a favicon to search results. Lifehacker also has instructions on how to apply filters to undo the favicon nonsense.

Google said this week that it will begin to phase out traditional Chrome apps starting in June, and winding down slowly over two years' time. Chrome extensions, though, will live on. From a report: Google said Tuesday in a blog post that it would stop accepting new Chrome apps in March. Existing apps could continue to be developed through June, 2022. The important dates start in June of this year, when Google will end support for Chrome Apps on the Windows, Mac, and Linux platforms. Education and Enterprise customers on these platforms will get a little more time to get their affairs in order, until December, 2020. Google had actually said four years ago that it would phase out Chrome apps on Windows, Mac, and Linux in 2018. The company appears to have waited longer than announced before beginning this process. The other platform that's affected by this, of course, is Google's own Chrome OS and Chromebooks, for which the apps were originally developed.

An anonymous reader writes: It's been some 18 months since VentureBeat's last browser benchmark battle. What better time to get the latest results than the start of a new year? Over the past year and a half, Google Chrome has continued to dominate market share, Mozilla Firefox has doubled down on privacy, Microsoft Edge has embraced Chromium, and Brave launched out of beta.

You can click on the individual test to see the results:
SunSpider: Edge wins!
Octane: Chrome wins!
Kraken: Firefox wins!
JetStream: Edge wins!
MotionMark: Edge wins!
Speedometer: Edge wins!
Basemark: Brave wins!
WebXPRT: Firefox wins!

The Chromium version of Edge did a lot better given that the stable release only arrived this week. We were expecting improvements, but not so many outright wins. That said, browser performance was solid across all four contestants -- each browser won at least one test. Performance of course shouldn't be your only consideration when picking your preferred app for consuming internet content. As long as you're using a browser that receives regular updates (and all four of these meet that criteria), you can expect performance to be solid. There is certainly room for improvement, but Chrome, Firefox, and now Edge, as well as Brave, are all quite capable.

Most modern iPhones running iOS 13 can now be used as a built-in phone security key for Google apps. 9to5Google reports: A built-in phone security key differs from the Google Prompt, though both essentially share the same UI. The latter push-based approach is found in the Google Search app and Gmail, while today's announcement is more akin to a physical USB-C/Lightning key in terms of being resistant to phishing attempts and verifying who you are. Your phone security key needs to be physically near (within Bluetooth range) the device that wants to log-in. The login prompt is not just being sent over an internet connection.

With an update to the Google Smart Lock app on iOS this week, "you can now set up your phone's built-in security key." According to one Googler today, the company is leveraging the Secure Enclave found on Apple's A-Series chips. Storing Touch ID, Face ID, and other cryptographic data, it was first introduced on the iPhone 5s, though that particular device no longer supports iOS 13. Anytime users enter a Google Account username and password, they'll be prompted to open Smart Lock on their nearby iPhone to confirm a sign-in. There's also the option to cancel with "No, it's not me." This only works when signing-in to Google with Chrome, while Bluetooth on both the desktop computer and phone needs to be enabled as the devices are locally communicating the confirmation request and verification.

Microsoft today launched its new Edge browser based on Google's Chromium open source project. You can download Chromium Edge now for Windows 7, Windows 8, Windows 10, and macOS directly from microsoft.com/edge in more than 90 languages. From a report: Business features aside, there's also support for Chrome-based extensions, 4K streaming, Dolby audio, inking in PDF, and privacy tools. For the last one, it's worth noting that tracking prevention is on by default and offers three levels of control, like Firefox's tracking protection. Chrome extension support is probably the most important feature for most users. By default, extensions that have been ported over to Edge can be downloaded from the Microsoft Store. Chromium Edge also has an option to "Allow extensions from other stores" to get Chrome extensions from the Chrome Web Store. There are still a few features missing from Chromium Edge, most notably history sync and extension sync. Microsoft is working on these and some other inking functionality that it still wants to port from legacy Edge, as Microsoft is calling it. Microsoft also claims that Chromium Edge is "twice as fast as legacy Edge." Curiously, the team isn't making any claims against other browsers -- at least not yet.

Google has announced plans to limit the ability of other companies to track people across the internet and collect information about them, a significant change that has widespread ramifications for online privacy as well as the digital economy. From a report: The company said Tuesday that it plans to phase out the use of digital tools known as tracking cookies, which other companies use to identify people online and learn more about them. The move is meant to offer users greater control over their digital footprints and enhance user privacy, according to Google. But the move could also provide Google with even greater control over the online advertising market, which the company already dominates. Google said the change will come to its Chrome web browser and be rolled out over two years. Google did not announce any changes to its own data collection methods.

Google also said that a previously announced change to make third-party cookies more secure and precise in their abilities will be rolled out in February. Justin Schuh, director of engineering for trust and safety for Google's Chrome, said the search giant needs time to enact changes because it is working with advertisers and publishers to address the need for cookies to remember sign-ins, embed third-party services such as weather widgets and deliver targeted advertising. But he did not downplay the significance of Google's announcement. "We want to change the way the web works," he said in an interview.

Google has announced plans today to phase out the usage of user-agent strings in its web browser Chrome. From a report: UA strings have been developed part of the Netscape browser in the 90s, and have been in use ever since. For decades, websites have used UA strings to fine-tune features based on a visitor's technical specifications. But now, Google says that this once-useful mechanism has become a constant source of problems, on different fronts. For starters, UA strings have been used by online advertisers as a way to track and fingerprint website visitors. "On top of those privacy issues, User-Agent sniffing is an abundant source of compatibility issues, in particular for minority browsers, resulting in browsers lying about themselves (generally or to specific sites) , and sites (including Google properties) being broken in some browsers for no good reason," said Yoav Weiss, a Google engineer working on the Chrome browser.

To address these issues, Google said it plans to phase out the importance of UA strings in Chrome by freezing the standard as a whole. Google's plan is to stop updating Chrome's UA component with new strings (the UA string text that Chrome shares with websites). The long-term plan is to unify all Chrome UA strings into generic values that don't reveal too much information about a user. This means that new Chrome browser releases on new platforms such as new smartphone models or new OS releases will use a generic UA string, rather than one that's customised for that specific platform.

Google announced last week the alternative search engines it will show to new Android users in the EU, with DuckDuckGo the most frequently offered choice and Bing tied for last place. From a report: EU citizens setting up Android devices from March 1 will given a choice of four search engines to use as their default, including Google. Whichever provider they chose will become the default for searches made in Chrome and through Android's home screen search box. A dedicated app for that provider will also be installed on their device.

Microsoft is replacing its Edge browser with the updated, Chromium-based version on January 15. Windows 10 users will be automatically transitioned over. From a report: We already knew this was coming because Microsoft announced the new Edge's launch date last month, but it wasn't clear that users would be pushed to the new version. Thankfully it will look mostly the same as the existing Edge browser, with all the same proprietary Microsoft features, except for a slightly more Chrome-esque look. Since the new Chromium Edge will be based off the same browser as Google Chrome, Edge will now support all the same extensions. Last month developers were invited to port their Chrome extensions over to the Microsoft Store, with the company saying that most extensions could be transferred over without any additional work. Edge is the default browser for all 900 million Windows 10 users, so there's obviously an incentive there to port extensions.

In 2018 an associate technology editor at Fast Company's Co.Design wrote an article titled "Why I'm switching from Chrome to Firefox and you should too."

Today shanen shared a similar article from Digital Trends. Their writer announces that after years of experimenting with both browsers, they've also finally switched from Chrome to Mozilla Firefox -- "and you should too." The biggest draw for me was, of course, the fact that Mozilla Firefox can finally go toe-to-toe with Google Chrome on the performance front, and often manages to edge it out as well... Today, in addition to being fast, Firefox is resource-efficient, unlike most of its peers. I don't have to think twice before firing up yet another tab. It's rare that I'm forced to close an existing tab to make room for a new one. On Firefox, my 2015 MacBook Pro's fans don't blast past my noise-canceling headphones, which happened fairly regularly on Chrome as it pushed my laptop's fans to their helicopter-like limits to keep things running. This rare balance of efficiency and performance is the result of the countless under-the-hood upgrades Firefox has rolled out in the last couple of years...

Its Enhanced Tracking Protection framework keeps your identity safe by blocking trackers and cookies that otherwise follow you around the internet and collect sensitive information you probably didn't even know you were giving up. On top of that, Firefox can warn if a website is covertly mining cryptocurrency in the background. Most of these protections kick in by default and you have an exhaustive set of options to customize them the way you want. Firefox also lets you look into just how invasive a website is. It actively updates your personal privacy report so you can check how many trackers it has shut overall and for a specific website...

What really clinched the switch to Mozilla Firefox was the fact that it's the only cross-platform browser that's not running Google's open-source Chromium platform. Microsoft's Edge, Brave, Opera, Vivaldi -- each of these browsers run on Chromium, accelerating Google's dominance over the web even when you're not directly using a Chrome user. Firefox, on the other hand, is powered by Mozilla's in-house Gecko engine that's not dependent on Chromium in any way. It may not seem like as vital of a trait as I make it sound, but it truly is, even though Chromium is open-source. Google oversees a huge chunk of the web, including ads, browser, and search, and this supremacy has allowed the company to pretty much run a monopoly and set its own rules for the open internet...

Mozilla as a company has, despite a rocky journey, often taken bold stances in complex situations. In the Cambridge Analytica aftermath, Mozilla announced it would no longer run Facebook advertisements, cutting off direct marketing to over 2 billion users. In a world of tech companies taking frail, facile shots at protecting user privacy and barely delivering on their commitments, Mozilla is a breath of fresh air and you no longer have to live with any compromises to support it.

The social media team for a Minnesota football team playing against San Francisco's 49ers just incorporated "big tech" into its online trash talk, reports the San Francisco Chronicle's SFGate site. They call the resulting video "incredibly weird." The video in question depicts a time-lapse of [San Francisco's] Levi's stadium with two cartoon characters in the foreground that are basically team helmets with arms and legs. The 49ers character says "Welcome... to Silicon Valley" and we're then suddenly in the Matrix (?). The 49ers character pulls out a space gun that says "Big Tech" on it and starts shooting tech company logos at the Vikings character.

After slow-motion dodging Twitter, Facebook, Apple, Google Chrome, Instagram, What's App, and Uber logos a la Neo, the Viking character jump kicks the 49ers character.

The whole thing is as odd as it sounds, and even users on Reddit struggled to understand it.
The Reddit post attracted over 2,100 upvotes and 253 comments (including "Unsportsmanlike conduct, kicking opponent in the head. 15 yards penalty.")

The video has now been viewed 117,162 times over the last 18 hours -- and attracted 27,827 likes.

A Microsoft program to transcribe and vet audio from Skype and Cortana, its voice assistant, ran for years with "no security measures," according to a former contractor who says he reviewed thousands of potentially sensitive recordings on his personal laptop from his home in Beijing over the two years he worked for the company. From a report: The recordings, both deliberate and accidentally invoked activations of the voice assistant, as well as some Skype phone calls, were simply accessed by Microsoft workers through a web app running in Google's Chrome browser, on their personal laptops, over the Chinese internet, according to the contractor. Workers had no cybersecurity help to protect the data from criminal or state interference, and were even instructed to do the work using new Microsoft accounts all with the same password, for ease of management, the former contractor said. Employee vetting was practically nonexistent, he added.

"There were no security measures, I don't even remember them doing proper KYC [know your customer] on me. I think they just took my Chinese bank account details," he told the Guardian. While the grader began by working in an office, he said the contractor that employed him "after a while allowed me to do it from home in Beijing. I judged British English (because I'm British), so I listened to people who had their Microsoft device set to British English, and I had access to all of this from my home laptop with a simple username and password login." Both username and password were emailed to new contractors in plaintext, he said, with the former following a simple schema and the latter being the same for every employee who joined in any given year.