Google is expanding its Advanced Protection Program to its Chrome browser. From a report: If you're an Advanced Protection Program user and you have sync turned on in Chrome, you will now automatically receive stronger protections against risky downloads. Google didn't go into much detail regarding the protections, likely not to publicly give away how they work. But the company did say that when users attempt to download "certain risky files," Chrome will now show additional warnings, or in some cases even block the downloads outright. The warnings are, however, only available in Chrome for Windows, Mac, and Linux. Google is not rolling out the Advanced Protection Program to Chrome for Android and iOS.

There are 188,620 extensions available on the Chrome Web Store, and while you might think this provides a wide variety of choices for Chrome users, in reality, most of these extensions are dead or dwindling, with very few having active installations. From a report: All in all, about 50% of all Chrome extensions have fewer than 16 installs, meaning that half of the Chrome extension ecosystem is actually more of a ghost town, according to a recent scan of the entire Chrome Web Store conducted by Extension Monitor. Further, 19,379 extensions (just over 10%) have zero installs, and 25,540 extensions (13% of the total) have just one user. The scan found that there are very few Chrome extensions that managed to establish a dedicated userbase. According to Extension Monitor, around 87% of all extensions have fewer than 1,000 installs.

Is Google making the wrong response to the DataSpii report on a "catastrophic data leak"? The EFF writes: In response to questions about DataSpii from Ars Technica, Google officials pointed out that they have "announced technical changes to how extensions work that will mitigate or prevent this behavior." Here, Google is referring to its controversial set of proposed changes to curtail extension capabilities, known as Manifest V3.

As both security experts and the developers of extensions that will be greatly harmed by Manifest V3, we're here to tell you: Google's statement just isn't true. Manifest V3 is a blunt instrument that will do little to improve security while severely limiting future innovation... The only part of Manifest V3 that goes directly to the heart of stopping DataSpii-like abuses is banning remotely hosted code. You can't ensure extensions are what they appear to be if you give them the ability to download new instructions after they're installed.

But you don't need the rest of Google's proposed API changes to stop this narrow form of bad extension behavior. What Manifest V3 does do is stifle innovation...
The EFF makes the following arguments Google's proposal:

• Manifest V3 will still allow extensions to observe the same data as before, including what URLs users visit and the contents of pages users visit
• Manifest V3 won't change anything about how "content scripts" work...another way to extract user browsing data.
• Chrome will still allow users to give extensions permission to run on all sites.

In response Google argued to Forbes that the EFF "fails to account for the proposed changes to how permissions work. It is the combination of these two changes, along with others included in the proposal, that would have prevented or significantly mitigated incidents such as this one."

But the EFF's technology projects director also gave Forbes their response. "We agree that Google isn't killing ad-blockers. But they are killing a wide range of security and privacy enhancing extensions, and so far they haven't justified why that's necessary."

And in the same article, security researcher Sean Wright added that Google's proposed change "appears to do little to prevent rogue extensions from obtaining information from loaded sites, which is certainly a privacy issue and it looks as if the V3 changes don't help."

The EFF suggests Google just do a better job of reviewing extensions.

"Google has finally chopped the 'www' from Chrome's address bar after delaying the controversial move due to a backlash," reports TechRepublic: The move to remove 'www' was initially planned for last year, when Google announced it would cut "trivial subdomains" from the address bar in Chrome 69. Now Google has begun truncating the visible URL in Chrome for desktop and Android, rolling out the change in version 76 of the browser, released this week. By default sites in Chrome now no longer display the "https" scheme or the "www" subdomain, with the visible address starting after this point. To view the full URL, users now have to click the address bar twice on desktop and once on mobile. Google has argued the move is driven by a desire for greater simplicity and usability of Chrome...

However the announcement provoked a fresh wave of criticism, from those who say the move will confuse users and even potentially make it easier for them to inadvertently connect to fake sites... There are also some who claim Google's motivation in changing how the URL is displayed may be to make it harder for users to tell whether they are on a page hosted on Google's Accelerated Mobile Pages subdomain...

Google says it has also built a Chrome extension that doesn't obfuscate the URL to "help power users recognize suspicious sites and report them to Safe Browsing". Despite the backlash from some online, Chrome isn't the first browser to truncate the URL in this way, with Apple's Safari similarly hiding the full address.

An anonymous reader shares a report from VentureBeat: Google today launched Chrome 76 for Windows, Mac, Linux, Android, and iOS. The release includes Adobe Flash blocked by default, Incognito mode detection disabled, multiple PWA improvements, and more developer features. You can update to the latest version now using Chrome's built-in updater or download it directly from google.com/chrome. Google has been taking baby steps to kill off Flash for years. In 2015, Chrome started automatically pausing less important Flash content. In 2016, Chrome started blocking "behind the scenes" Flash content and using HTML5 by default. In July 2017, however, Adobe said it would kill Flash by 2020. With Chrome 76, Flash is now blocked by default. Users can still turn it on in settings, but next year, Flash will be removed from Chrome entirely.

To buy his favorite oatmeal, Gregory Kelly drives to a city 40 miles away rather than sharing his data with an online retailer, or purchasing it from the company's web site, "which he says is riddled with tracking software from Google," according to the Washington Post: "I'm just not sure why Google needs to know what breakfast cereal I eat," the 51-year-old said. Kelly is one of a hearty few who are taking the ultimate step to keep their files and online life safe from prying eyes: turning off Google entirely. That means eschewing some of the most popular services on the Web, including Gmail, Google search, Google Maps, the Chrome browser, Android mobile operating software and even YouTube. Such never-Googlers are pushing friends and family to give up the search and advertising titan, while others are taking to social media to get the word out. Online guides have sprouted up to help consumers untangle themselves from Google.

These intrepid Web users say they'd rather deal with daily inconveniences than give up more of their data. That means setting up permanent vacation responders on Gmail and telling friends to resend files or video links that don't require Google software. More than that, it takes a lot of discipline.
While there's no data on how many people are avoiding Google, the article points out that DuckDuckGo is now averaging 42.4 million searches every day -- up from 23.5 million a year ago.

But at least one Berkeley tech consultant acknowledged that "the improvement is mostly in the category of self-righteousness." Seeking an office software with better privacy protections, he's now paying $100 a year for a subscription to Microsoft Office 365.

"Google is giving Chrome extension makers until October 15 to minimize the amount of data they collect during browser sessions or face expulsion from the Chrome Web Store," reports PC Magazine: The change addresses how the extensions generally need to request certain permissions from your browser in order to function. However, some of these permissions can be pretty powerful; they can include the ability to take desktop screenshots, capture audio from a microphone, and collect data from the local file system, among other things, which can open the door to potential abuse.

The risks prompted Google to work toward securing the 180,000+ Chrome extensions on the company's official web store. "We're requiring extensions to only request access to the least amount of data," the company said in a Tuesday blog post. "While this has previously been encouraged of developers, now we're making this a requirement for all extensions."

An anonymous reader quotes a report from Ars Technica: Google Chrome 76 will close a loophole that websites use to detect when people use the browser's Incognito Mode. Over the past couple of years, you may have noticed some websites preventing you from reading articles while using a browser's private mode. The Boston Globe began doing this in 2017, requiring people to log in to paid subscriber accounts in order to read in private mode. The New York Times, Los Angeles Times, and other newspapers impose identical restrictions. Chrome 76 -- which is in beta now and is scheduled to hit the stable channel on July 30 -- prevents these websites from discovering that you're in private mode. Google explained the change yesterday in a blog post titled, "Protecting private browsing in Chrome." Google wrote: "Today, some sites use an unintended loophole to detect when people are browsing in Incognito Mode. Chrome's FileSystem API is disabled in Incognito Mode to avoid leaving traces of activity on someone's device. Sites can check for the availability of the FileSystem API and, if they receive an error message, determine that a private session is occurring and give the user a different experience. With the release of Chrome 76 scheduled for July 30, the behavior of the FileSystem API will be modified to remedy this method of Incognito Mode detection."

If websites find new loopholes to detect private mode, Google said they will close those, too. "Chrome will likewise work to remedy any other current or future means of Incognito Mode detection," Google's blog post said.

Dan Goodin, reporting for ArsTechnica: When we use browsers to make medical appointments, share tax returns with accountants, or access corporate intranets, we usually trust that the pages we access will remain private. DataSpii, a newly documented privacy issue in which millions of people's browsing histories have been collected and exposed, shows just how much about us is revealed when that assumption is turned on its head. DataSpii begins with browser extensions -- available mostly for Chrome but in more limited cases for Firefox as well -- that, by Google's account, had as many as 4.1 million users. These extensions collected the URLs, webpage titles, and in some cases the embedded hyperlinks of every page that the browser user visited. Most of these collected Web histories were then published by a fee-based service called Nacho Analytics, which markets itself as "God mode for the Internet" and uses the tag line "See Anyone's Analytics Account."

Web histories may not sound especially sensitive, but a subset of the published links led to pages that are not protected by passwords -- but only by a hard-to-guess sequence of characters (called tokens) included in the URL. Thus, the published links could allow viewers to access the content at these pages. (Security practitioners have long discouraged the publishing of sensitive information on pages that aren't password protected, but the practice remains widespread.) Further reading: More on DataSpii: How extensions hide their data grabs -- and how they're discovered.

Netflix Hangouts is a new Chrome extension that tries to make it easier to get away with watching Netflix while you're supposed to be working. Just go to the show you want to catch up on during work hours, and press the extension's icon in your Chrome menu to bring up a fake four-person conference call. Then you can sit back and watch the show in the window's bottom right feed while three fake colleagues get down to business. The Verge reports: The extension was developed by Mschf Internet Studios, which has produced a few internet curiosities like this over the years. There was the Slack channel that offered $1,000 in prize money for the first person to correctly guess each word of the day (it was shut down by Slack after just a week), a man who ate various foods as disgusting ice cream toppings, and who could forget Tabagotchi, the lovable virtual avatar that slowly died as you opened more and more tabs? Netflix Hangouts is the latest in a long line of services designed to let you slack off at work.

From a report: Google's Chrome now reigns as the biggest browser on the block, and the company is facing challenges similar to Microsoft's from competitors, as well as government scrutiny. But Google faces a new wrinkle -- a growing realization among consumers that their every digital move is tracked. "I think Cambridge Analytica acted as a catalyst to get people aware that their data could be used in ways they didn't expect," said Peter Dolanjski, the product lead for Mozilla's Firefox web browser, referring to the scandal in which a political consulting firm obtained data on millions of Facebook users and their friends.

And in something of a poetic role reversal, Microsoft is positioning itself to pick up the slack from people who may be fed up with Google's Chrome browser and its questionable privacy practices. Microsoft is expected to release an overhaul of its latest browser, called Edge, in the coming months. Microsoft is just one of a number of companies and organizations looking to take a piece out of Google -- some using the company's own open-source software. One name that might be familiar to most consumers -- Mozilla's Firefox browser -- is also a veteran of the "browser wars" of two decades ago. The nonprofit Mozilla, which has been biting at the heels of leading browsers for most of its existence, is introducing more aggressive privacy settings to try to stand out and take advantage of the privacy stumbles by Google and other tech giants.

The Google Earth team recently released a beta preview of a WebAssembly port of Google Earth. The new port runs in Chrome and other Chromium-based browsers, including Edge (Canary version) and Opera, as well as Firefox. From a report: The port thus brings cross-browser support to the existing Earth For Web version, which uses the native C++ codebase and Chrome's Native Client (NaCl) technology. Difference in multi-threading support between browsers leads to varying performance. Google Earth was released 14 years ago and allowed users to explore the earth through the comfort of their home. This original version of Google Earth was released as a native C++ based application intended for desktop install because rendering the whole world in real time required advanced technologies that weren't available in the browser. Google Earth was subsequently introduced for Android and iOS smartphones, leveraging the existing C++ codebase through technologies such as NDK and Objective-C++. In 2017, Google Earth was released for the Chrome browser, using Google's Native Client (NaCl) to compile the C++ code and run it in the browser.

Slashdot's gotten over 17,000 votes in its poll about which web browser people use on their desktop. (The current leader? Firefox, with 53% of the vote, followed by Chrome with 30%.)

But Slashdot reader koavf asks an interesting follow-up question: "What's everyone's go-to Plan B browser and why?"

To start the conversation, here's how James Gelinas (a contributor at Kim Komando's tech advice site) recently reviewed the major browsers:

• He calls Chrome "a safe, speedy browser that's compatible with nearly every page on the internet" but also says that Chrome "is notorious as a resource hog, and it can drastically slow your computer down if you have too many tabs open."
  
  "Additionally, the perks of having your Google Account connected to your browser can quickly turn into downsides for the privacy-minded among is. If you're uncomfortable with your browser knowing your searching and spending behaviors, Chrome may not be the best choice for you."

• He calls Firefox "the choice for safety".
  
  "Predating Chrome by 6 years, Firefox was the top choice for savvy Netizens in the early Aughts. Although Chrome has captured a large segment of its user base, that doesn't mean the Fox is bad. In fact, Mozilla is greatly appreciated by fans and analysts for its steadfast dedication to user privacy... Speedwise, Firefox isn't a slouch either. The browser is lighter weight than Chrome and is capable of loading some websites even faster."

• He calls Apple's Safari and Microsoft Edge "the default choice...because both of these browsers come bundled with new computers."
  
  "Neither one has glaring drawbacks, but they tend to lack some of the security features and extensions found in more popular browsers. Speedwise, however, both Edge and Safari are able to gain the upper hand against their competition. When it comes to startup time and functions, the apps are extremely lightweight on your system's resources. This is because they're part of the Mac and Window's operating systems, respectively, and are optimized for performance in that environment."

Finally, he gives the Tor browser an honorable mention. ("It's still one of the best anonymous web browsers available. It's so reliable, in fact, that people living under repressive governments often turn to it for their internet needs -- installing it on covert USB sticks to use on public computers.") And he awards a "dishonorable mention" to Internet Explorer. ("Not only is the browser no longer supported by Microsoft, but it's also vulnerable to a host of malware and adware threats.")

But what do Slashdot's readers think? Putting aside your primary desktop browser -- what's your own go-to "Plan B" web browser, and why? Leave your best answers in the comments.

What's your "backup" browser?

Mozilla is adding a random password generator to Firefox. From a report: The Firefox random password generator is expected to become publicly available for all Firefox users with the release of Firefox 69, scheduled for release in early September, roughly a year after Chrome 69. Currently, the random password generator is only available in Firefox Nightly, a Firefox version for testing new features before they land in the stable branch. When Firefox 69 will be released, the random password generator is expected to be available as a checkbox in the Firefox settings section, under "Privacy & Security," under "Logins and Passwords."

Microsoft is testing features that block companies from tracking you across different websites in its Chromium-based Edge browser. Engadget reports: Insider beta testers with the latest Canary release on Windows can try it by enabling a browser flag (enter - "edge://flags#edge-tracking-prevention" in the address bar) then restarting. Once it's on, there are three different levels of blocking, with intentions to filter out only known malicious trackers, some third-party trackers that are used for ad targeting or all third-party tracking entirely. Microsoft demonstrated the feature at its Build 2019 event earlier this year, so even if you're not in that test group you can get a peek at it right here.

An anonymous reader writes: Mozilla today announced Firefox Preview, a pilot of its new Android browser. Firefox Preview, which is powered by Mozilla's own GeckoView engine, will ultimately replace the current Firefox for Android mobile app "this fall." At the same time, Mozilla has put Firefox Focus for Android development on hold. If you're a developer or just an early adopter, you can download Firefox Preview from Google Play.

On desktop, Firefox is the second most popular browser after Chrome. Firefox holds about 10% desktop market share, according to Net Applications. On mobile, however, Firefox has less than 0.5% share. Despite regular releases alongside the desktop browser over the years, Firefox's mobile share has not improved.

Security through obscurity is out, security through tomfoolery is in. From a report: That's the basic philosophy sold by Track THIS, "a new kind of incognito" browsing project, which opens up 100 tabs crafted to fit a specific character -- a hypebeast, a filthy rich person, a doomsday prepper, or an influencer. The idea is that your browsing history will be depersonalized and poisoned, so advertisers won't know how to target ads to you. It was developed as a collaboration between mschf (pronounced "mischief") internet studios and Mozilla's Firefox as a way of promoting Firefox Quantum, the newest Firefox browser. [...] Just a warning -- if you use Track THIS it may take several minutes for all 100 tabs to load. (I used Chrome as my browser.) But when as it gradually loads, it's like taking a first-person journey through someone else's consciousness.

Sidewalk Labs, Alphabet's smart city subsidiary, released its massive plan Monday to transform a slice of Toronto's waterfront into a high-tech utopia. From a report: Eighteen months in the making and clocking in at 1,524 pages, the plan represents Alphabet's first, high-stakes effort to realize Alphabet CEO Larry Page's long-held dream of a city within a city to experiment with innovations like self-driving cars, public Wi-Fi, new health care delivery solutions, and other city planning advances that modern technology makes possible. Previously, Sidewalk Labs called it "a neighborhood built from the internet up." But on Monday, Sidewalk Labs CEO Dan Doctoroff went a step further to describe it as "the most innovative district in the world."

The plan includes: Ten new buildings of mixed-use development consisting primarily of thousands of new residential units, as well as retail and office spaces, all made from mass timber. A proposal to extend the city's light-rail system to serve the new neighborhood. Redesigning streets to reduce car use and promote biking and walking. Installation of public Wi-Fi, in addition to other sensors to collect "urban data" to better inform housing and traffic decisions, for example. Proposal to reduce greenhouse gases by up to 89 percent. Building the new Canadian headquarters of Google on the western edge of Villiers Island. Further reading: Former Firefox VP on What It's Like To Be Both a Partner of Google and a Competitor via Google Chrome; Sidewalk Labs' 1,500-Page Plan for Toronto Is a Democracy Grenade.

"You open your browser to look at the Web. Do you know who is looking back at you?" warns Washington Post technology columnist Geoffrey A. Fowler: Over a recent week of Web surfing, I peered under the hood of Google Chrome and found it brought along a few thousand friends. Shopping, news and even government sites quietly tagged my browser to let ad and data companies ride shotgun while I clicked around the Web. This was made possible by the Web's biggest snoop of all: Google. Seen from the inside, its Chrome browser looks a lot like surveillance software...

My tests of Chrome vs. Firefox unearthed a personal data caper of absurd proportions. In a week of Web surfing on my desktop, I discovered 11,189 requests for tracker "cookies" that Chrome would have ushered right onto my computer but were automatically blocked by Firefox. These little files are the hooks that data firms, including Google itself, use to follow what websites you visit so they can build profiles of your interests, income and personality... And that's not the half of it. Look in the upper right corner of your Chrome browser. See a picture or a name in the circle? If so, you're logged in to the browser, and Google might be tapping into your Web activity to target ads. Don't recall signing in? I didn't, either. Chrome recently started doing that automatically when you use Gmail.

Chrome is even sneakier on your phone. If you use Android, Chrome sends Google your location every time you conduct a search. (If you turn off location sharing it still sends your coordinates out, just with less accuracy.)
The columnist concludes that "having the world's biggest advertising company make the most popular Web browser was about as smart as letting kids run a candy shop," and argues that through its Doubleclick and other ad businesses, Google "is the No. 1 cookie maker -- the Mrs. Fields of the web."

He also reports that Firefox is now working on ways to block browser "fingerprinting".

Google today launched a new Chrome extension that will simplify the process of reporting a malicious site to the Google Safe Browsing team so that it can be analyzed, reviewed, and blacklisted in Chrome and other browsers that support the Safe Browsing API. From a report: Named the Suspicious Site Reporter, this extension adds an icon to the Google Chrome toolbar that when pressed, opens a popup window from where users can file an automatic report for the current site they're on, and which they suspect might be up to no good. "If the site is added to Safe Browsing's lists, you'll not only protect Chrome users but users of other browsers and across the entire web," said Emily Schechter, Chrome Product Manager. The Safe Browsing API is implemented not only in the mobile and desktop versions of Chrome but also in the mobile and desktop versions of Mozilla Firefox and Apple's Safari.