J. Fergus, writing for Input: Someone finally did it. We can now follow who we want on our own terms and get that information chronologically. Fraidycat is an app and browser extension that allows just that. Though it launched in November 2019, Fraidycat recently got a massive update, widening its compatibility and adding a dark mode. The open-source tool, brought to you by Kicks Condor, is available for Linux, Mac, and Windows in addition to Mozilla Firefox and Chrome as an extension. Fraidycat definitely pulls from RSS feeds more easily, but it also works on Twitter, Instagram, and SoundCloud. You drop the link to the account you'd like to follow -- from Medium bloggers to Twitch streamers to vision board Pinterest-ers -- and set how frequently you'd like to see their posts. Label it, hit save, and posts will appear as often as you'd like. The recent update notably folds Kickstarter into the mix and collapses Twitter threads for readability.

According to a report from The Information, Apple plans to introduce a trackpad-equipped keyboard attachment for the iPad Pro alongside its new iPad Pro models sometime this year. Ars Technica reports: This would make Apple's iPad Pro compete more directly with Microsoft's Surface lineup, with 2-in-1 convertible laptops, and with various Chrome OS devices. Apple's iPad has sold well in the marketplace, but power users often complain that its interface is not always suitable for heavy duty work. According to The Information's source, the new keyboards would be made by Foxconn, a major manufacturing partner to Apple that operates primarily in China. The report did not provide much insight on how the spread of the coronavirus might affect this product's launch, though there have been other reports of supply-line problems with Foxconn and other Apple partners in China that may impact the launches of Apple products planned for 2020.

Numerous rumors previously suggested that the iPad Pro refresh was due in the next couple of months, but the coronavirus-related supply struggles have led to uncertainty about Apple's plans. The refreshed tablet is surely still coming, but the timeline is unclear. But if this report is true, it looks like this update could be about more than just nicer cameras and faster processors.

Several pundits criticized Google for warning Edge users to switch to Chrome if they wanted to use Chrome extensions "securely". "In Chrome, a plugin can be remotely disabled by the Chrome team if it's considered unsafe for whatever reason," notes PC World. "Google lacks the ability to remotely disable the same plugin within Edge, prompting Google to recommend switching to Chrome, a source close to Google said."

Though PC World notes that Google isn't giving the same warning to Opera users...

Yet now when you try to add Chrome Extensions to Edge, Microsoft also gives you a warning of its own -- that extensions installed from sources other than the Microsoft Store "are unverified [by Microsoft], and may affect browser performance." And while Google.com is still displaying an ad for Chrome to web surfers using Edge, now if you search for "Chrome web store" on Bing, the first result is an ad ("promoted by Microsoft") for Microsoft's own Edge browser.

ZDNet's Chris Matyszczyk asked both Google and Microsoft for a comment: [N]othing from Google. But suddenly, a confirmation from Microsoft that it wouldn't offer official comment. My sniffings around Google suggest the company may have been taken aback by the positive public reaction to Edge... My nasal probings around Redmond offer the reasoning that, well, Microsoft hasn't tested or verified extensions that arrive from places other than they Microsoft Edge add-ons website. Why, they're far too busy to do that. And, well, it's the Chrome web store. Who knows what you'll find over there? Oh, and Edge gives you more control over your data, so there.

Could it be, then, that Google is being vacuously childish and trying to scare people into resisting the lures of Microsoft's browser handiwork? Could it also be that Microsoft is doing something rather similar in either retaliation or merely homage to the brutally competitive instincts of social activist Bill Gates?

Could it be that both of these companies should pause to examine their consciences, go sit in a corner and embrace their customers' needs and choices a touch more fully?

In Microsoft's Chromium-based Edge browser, Chrome's extensions "work as good as they work on Chrome browsers," argues the MS Power User blog.

But guess what happens when you use Edge to visit Chrome's "Web Store" for downloading extensions? According to Google, internet users should use Google Chrome instead of Microsoft Edge if they want to use browser extensions securely. On visiting the Chrome web store on Microsoft Edge, you'll be displayed a banner with a yellow background color saying "Google recommends switching to Chrome to use extensions securely" at the top of the page.
A later article points out that Opera visitors don't receive that same warning -- and that's just the beginning: While Google doesn't show anything on Opera or Chrome, when you access Google.com, Drive and Docs on Edge, the websites show a pop-up asking you to switch to Chrome... Google went as far as saying Chrome helps you hide ads and protect from malware...

[W]e can't really blame them for doing it. Google and Microsoft have a history of fighting over their own software. Microsoft has pushed users towards Edge on Windows 10 in the past and in a way Google seems to be returning the favour

Google has implemented a browser capability in Chrome called ScrollToTextFragment that enables deep links to web documents, but it has done so despite unresolved privacy concerns and lack of support from other browser makers. From a report: Via Twitter on Tuesday, Peter Snyder, privacy researcher at privacy-focused browser maker Brave Software, observed that ScrollToTextFragment shipped earlier this month in Chrome 80 unflagged, meaning it's active, despite privacy issues that have been raised. "Imposing privacy and security leaks to existing sites (many of which will never be updated) REALLY should be a 'don't break the web,' never-cross redline," he wrote. "This spec does that." The debate over the feature percolated last year on mailing lists and in GitHub issues posts and picked up in October when the team working on Chrome's Blink engine declared their intent to implement the specification. The feature rollout serves to illustrate that the consensus-based web standards process doesn't do much to constrain the technology Google deploys.

Apple is considering giving rival apps more prominence on iPhones and iPads and opening its HomePod speaker to third-party music services after criticism the company provides an unfair advantage to its in-house products. From a report: The technology giant is discussing whether to let users choose third-party web browser and mail applications as their default options on Apple's mobile devices, replacing the company's Safari browser and Mail app, according to people familiar with the matter. Since launching the App Store in 2008, Apple hasn't allowed users to replace pre-installed apps such as these with third-party services. That has made it difficult for some developers to compete, and has raised concerns from lawmakers probing potential antitrust violations in the technology industry.

The web browser and mail are two of the most-used apps on the iPhone and iPad. To date, rival browsers like Google Chrome and Firefox and mail apps like Gmail and Microsoft Outlook have lacked the status of Apple's products. For instance, if a user clicks a web link sent to them on an iPhone, it will automatically open in Safari. Similarly, if a user taps an email address -- say, from a text message or a website -- they'll be sent to the Apple Mail app with no option to switch to another email program. The Cupertino, California-based company also is considering loosening restrictions on third-party music apps, including its top streaming rival Spotify, on HomePods, said the people, who asked not to be named discussing internal company deliberations.

Waterfox is an open-source web browser for x64, ARM64, and PPC64LE systems, "intended to be speedy and ethical, and maintain support for legacy extensions dropped by Firefox, from which it is forked," according to Wikipedia. (Its tabs also still have angled sides with rounded corners.)

Friday Waterfox's original creator, 24-year-old Alexandros Kontos, announced that the browser "now has funding and a development team, so Waterfox can finally start to grow!" after its acquisition by a company called System1. I started Waterfox when I was 16. It was a way for me to understand how large software projects worked and the Mozilla documentation was a great introduction... I've touted Waterfox as an ethical and privacy friendly browser... I never wanted Waterfox to be a part of the hyper-privacy community. It would just feel like standards that would be impossible to uphold, especially for something such as a web browser on the internet. Throughout the years people have always asked about Waterfox and privacy, and if they've ever wanted more than it can afford, I've always pushed them to use Tor. Waterfox was here for customisations and speed, with a good level of privacy...

I wasn't doing anything with Waterfox except developing it and making some money via search. Why I kept going throughout the years, I'll never know... System1 has been to Waterfox a search syndication partner. Essentially a way to have a search engine partnership (such as Bing) is through them, because companies such as Microsoft are too big and too busy to talk to small players such as Waterfox... It's probably the one easy way a browser can make money without doing anything dodgy, and it's a way I've been happy to do it without having to compromise Waterfox (and will be the same way System1 makes money from Waterfox -- nothing else). People also don't seem to understand what System1 does...
"Now I can finally focus on making Waterfox into a viable alternative to the big browsers," Kontos concludes.

Long-time Slashdot reader Freshly Exhumed contextualized the news with this brief history of the alternate browser ecosystem: As the usage share of web browsers continues to show a lopsideded dominance by Google Chrome, many previously-independent browsers have fallen by the wayside or have been reinvented as Chrome variants (i.e. Opera, Edge, Brave). Apple forges on with its Safari browser while other, smaller projects tend to be quite limited for multi-platform users, such as Dolphin and Bromite.

Mozilla continues independently with Firefox for almost every platform, while variants such as Pale Moon and Sea Monkey have attempted to provide products that avoid drastic and/or controversial changes made by Mozilla but sometimes do not match the multi-platform support of Firefox. Let us not forget Tor, the Firefox-based anonymity-focused browser.

Alex Kontos is a developer who attempted to provide continuity with dropped Firefox capabilities in his multi-platform Waterfox browser, proudly declaring that Firefox's user data sharing and telemetry collection was not included. For that privacy focus a certain popularity of Waterfox occurred. Now Kontos has revealed that his Waterfox project has been sold to System1, a company describing itself as "a consumer internet and applications company with the most powerful audience expansion platform in the industry."

"Google has revealed plans to initially warn Chrome users about 'insecure' downloads and eventually block them outright," reports The Verge. The warnings will begin in April: "Today we're announcing that Chrome will gradually ensure that secure (HTTPS) pages only download secure files," Joe DeBlasio of the Chrome security team wrote in a blog post. "Insecurely-downloaded files are a risk to users' security and privacy. For instance, insecurely-downloaded programs can be swapped out for malware by attackers, and eavesdroppers can read users' insecurely-downloaded bank statements."

Beginning with Chrome 82, due for release in April, Chrome will warn users if they're about to download mixed content executables from a secure website. Then, when version 83 is released, those executable downloads will be blocked and the warning will be applied to archive files. PDFs and .doc files will get the warning in Chrome 84, with audio, images, text, and video files displaying it by version 85. Finally, all mixed content downloads — a non-secure file coming from a secure site — will be blocked as of the release of Chrome 86. Right now, Google is estimating an October release for that build of the popular web browsing.

"Lazy Loading" would augment HTML's <img> tag (and <iframe> tag) with two new attributes -- "eager" (to load immediately) and "lazy" (to load only when it becomes relevant in the viewport).

Felix Arntz, a developer programs engineer at Google (and a WordPress core committer) notes the updates in the HTML specification for the lazy loading attributes, adding that it's "already supported by several browsers, including Chrome and Edge" and also the Android browser and Opera.

And lazy loading can now also be toggled on for Firefox 75 Nightly users, reports Neowin, though it's disabled by default: It's not clear if it will be enabled by the time Firefox 75 reaches the stable branch but according to comments on the Bugzilla thread, it's in high demand. Previously, websites could employ lazy loading by using JavaScript but now lazy loading syntax is supported directly in the web browser.

The implementation in Firefox comes after Google added the feature to its browser.
Google's Arntz has also written a post describing a proposal to begin lazy-loading images by default in Wordpress. The proposed solution is available as a feature plugin WP Lazy Loading in the plugin repository. The plugin is being developed on GitHub. Your testing and feedback will be much appreciated.

More than 500 browser extensions downloaded millions of times from Google's Chrome Web Store surreptitiously uploaded private browsing data to attacker-controlled servers, researchers said on Thursday. Ars Technica reports: The extensions were part of a long-running malvertising and ad-fraud scheme that was discovered by independent researcher Jamila Kaya. She and researchers from Cisco-owned Duo Security eventually identified 71 Chrome Web Store extensions that had more than 1.7 million installations. After the researchers privately reported their findings to Google, the company identified more than 430 additional extensions. Google has since removed all known extensions. "In the case reported here, the Chrome extension creators had specifically made extensions that obfuscated the underlying advertising functionality from users," Kaya and Duo Security Jacob Rickerd wrote in a report. "This was done in order to connect the browser clients to a command and control architecture, exfiltrate private browsing data without the users' knowledge, expose the user to risk of exploit through advertising streams, and attempt to evade the Chrome Web Store's fraud detection mechanisms."

The extensions were mostly presented as tools that provided various promotion- and advertising-as-a service utilities. In fact, they engaged in ad fraud and malvertising by shuffling infected browsers through a maze of sketchy domains. Each plugin first connected to a domain that used the same name as the plugin (e.g.: Mapstrek[.]com or ArcadeYum[.]com) to check for instructions on whether to uninstall themselves. The plugins then redirected browsers to one of a handful of hard-coded control servers to receive additional instructions, locations to upload data, advertisement feed lists, and domains for future redirects. Infected browsers then uploaded user data, updated plugin configurations, and flowed through a stream of site redirections. The researchers say the campaign dates back to at least January 2019, but it's possible that the operators were active "as early as 2017."

Microsoft will no longer forcibly make Bing the default search engine in Chrome for Office 365 ProPlus customers. A tech community post from Microsoft announced the change. From a report: Microsoft states that people will have the choice to opt-in to have the Microsoft Search in Bing browser extension installed. Microsoft was going to install the Microsoft Search Bing extension onto any system with Office 365 ProPlus that didn't already have Bing set as the default search engine. This would have effectively forced Bing onto Office 365 ProPlus customers. The move set off waves of backlash around the web, which caused Microsoft to change its plans.

The "Suggested" section on the Windows 10 Start Menu used to just promote its own apps, reports MSPowerUser. But for some users (who haven't disable Microsoft's "Suggestions"), that menu is now showing a new kind of ad listing: The listing displays "Still using Firefox? Microsoft Edge is here", to all users of the former -- even with the latter already installed.

The ad provides a link to download the chromium-based browser.

Undoubtedly, the suggestions won't end here. Microsoft is reportedly planning to sprawl similar ads out to Wordpad, to encourage users to download official Office apps.
The Windows Latest blog points out that Microsoft's "Suggestions" can be "permanently disabled with a few tweaks unlike the Chrome ads in Google search results."

An anonymous reader writes: Google today announced that Chrome's ad blocker is expanding to video on August 5, 2020. As with previous ad blocker rollouts, the date is likely not tied to a specific Chrome version -- Google will be expanding the scope of its browser's ad blocker server-side. YouTube and other websites with video content will have to review their ads to make sure they are compliant. The Coalition for Better Ads today announced a new set of standards for ads that show during video content, based on research from 45,000 consumers worldwide. There are many different types of ads that can run before, during, or after a video, but the Coalition is banning just three for videos less than 8 minutes long: mid-roll ads, pre-roll ads, and large display ads.

An anonymous reader quotes a report from VentureBeat: Google today launched Chrome 80 for Windows, Mac, Linux, Android, and iOS. The release includes autoupgrading mixed content to HTTPS, SameSite cookie changes, quieter permission UI for notifications, and more developer features. This release thus beefs up security for the world's most popular browser and begins cracking down on cross-site cookies. You can update to the latest version now using Chrome's built-in updater or download it directly from google.com/chrome. With over 1 billion users, Chrome is both a browser and a major platform that web developers must consider. In fact, with Chrome's regular additions and changes, developers often have to stay on top of everything available -- as well as what has been deprecated or removed. Among other things, Chrome 80 has started deprecating FTP support by disabling it by default for non-enterprise clients.

Google security engineers said last week they have successfully cut down the "patch gap" in Google Chrome from 33 days to only 15 days. From a report: The term "patch gap" refers to the time it takes from when a security bug is fixed in an open source library to when the same fix lands in software that uses that particular library. In today's software landscape where many apps rely on open source components, the "patch gap" is considered a major security risk. The reason is because when a security bug is fixed in an open source library, details about that bug become public, primarily due to the public nature and openness of most open source projects. Hackers can then use details about these security flaws to craft exploits and launch attacks against software that relies on the vulnerable component, before the software maker has a chance to release a patch. If the software maker is on a fixed release schedule, with updates coming out every few weeks or months, the patch gap can provide hackers with an attack window that most software projects can't deal with.

"Google has started testing a feature that will display the search query in the Chrome address bar rather than the actual page's URL when performing searches on Google," reports Bleeping Computer: This experimental feature is called "Query in Omnibox" and has been available as a flag in Google Chrome since Chrome 71, but is disabled by default. In a test being conducted by Google, this feature is being enabled for some users and will cause the search keyword to be displayed in the browser's address bar, or Omnibox, instead of the URL that you normally see...

When this feature is not enabled, Google will display the URL of the search in the Omnibox as you would expect. This allows you to not only properly identify the site you are on, but also to easily share the search with another user.
It's been 18 months since Wired reported that Google "wants to kill the URL.

This week now finds Bleeping Computer arguing that instead of removing URLs in one fell swoop, Google "is gradually eroding the various elements of a URL until there is nothing left."

An anonymous reader writes: The Google security team has indefinitely suspended the publishing or updating of any commercial Chrome extensions on the official Chrome Web Store following a spike in the number of paid extensions engaging in fraudulent transactions. Google said the wave of fraudulent transactions began earlier this month. Google engineers described the fraudulent transactions as happening "at scale."

"This is a temporary measure meant to stem this influx as we look for long-term solutions to address the broader pattern of abuse," said Simeon Vincent, Developer Advocate for Chrome Extensions at Google. The ban on publishing or updating impacts all paid extensions. This includes Chrome extensions that require paying a fee before installing, extensions that work based on monthly subscriptions, or Chrome extensions that use one-time in-app purchases to get access to various features. Existing commercial extensions are still available for download via the official Chrome Web Store, however, extension developers can't push new updates.

An anonymous reader quotes a report from Fast Company: Intuit's Mint personal-finance service wants me to know it's sorry. Again. "We're sorry!" its investments page bleats when I try to view my mutual funds' performance. "Our graphs require the latest version of Adobe Flash player." That site has spent years apologizing to me for needing Adobe's vulnerability-riddled plug-in: since I long ago booted Flash from my browser, since Adobe said in 2017 that it would drop Flash by the end of 2020, since Intuit told me in 2018 that Mint would wean itself from Flash "in the coming months."

But that's in keeping with this fossilized financial tool. Mint still provides a valuable service for free in aggregating transaction data from multiple financial institutions to clarify where your money comes and goes -- and in the bargain suggests hopefully-better financial products from advertisers -- but this app exhibits severe symptoms of neglect. It's as if Mint, with 13 million-plus registered users, were a resource-constrained startup instead of a property of Intuit, the Microsoft of personal finance. But more than a decade after the firm behind TurboTax and QuickBooks (and, until 2016, Quicken) bought Mint for $170 million, neatly taking a competitor off the map, this once-groundbreaking app might as well be streaked with cobwebs. The report goes on to note the "updates" category of Mint's blog "reveals no new features since April 2019's revised financial-advice interfaces in the mobile apps it introduced soon after the acquisition."

"It could be doing much more," says Aaron Patzer, founder of Mint. He points in particular to the lack of integration between Mint and TurboTax, saying, "I had a dream that TurboTax would take you about five minutes."

Another explanation for why the personal-finance service has gone neglected is the success of TurboTax, which generates roughly 10 to 20 times the revenue of Mint. Fast Company also notes that Mint "benefits from a lack of serious competition," as Quicken requires an annual subscription and remains desktop-bound, and the free Personal Capital web app is more geared toward investment management.

Microsoft has announced that it will install a new Google Chrome extension for some Office 365 ProPlus customers that will force the browser to use Bing as the default search engine "to access relevant workplace information directly from the browser address bar." From a report: The Microsoft Search in Bing extension will be added to all new Office 365 ProPlus installations and when updating to newer releases. The only customers that won't have this Chrome extension installed automatically are those that already have set Bing as their default Chrome search engine. "Microsoft Search is part of Microsoft 365 and is turned on by default for all Microsoft apps that support it," Microsoft says. "Even after Bing is made the default search engine, your users can still change to a different default search engine in Google Chrome on their own."

The Verge argues that the browser wars "are back, but it's different this time."
The mobile web is broken and unfettered tracking and data sharing have made visiting websites feel toxic, but since the ecosystem of websites and ad companies can't fix it through collective action, it falls on browser makers to use technological innovations to limit that surveillance, however each company that makes a browser is taking a different approach to creating those innovations, and everybody distrusts everybody else to act in the best interest of the web instead of the best interest of their employers' profits... I've been avoiding getting into the precise details of the proposals out there to fix the tracking problem because things are changing so quickly across so many different tracks... Until then, know that there are two important things to know.

First: there are new browser technologies and limits coming that could radically change how ads work and could make it easier for you to protect your privacy no matter what browser you use. Since this is the web, it'll take time, but everybody seems committed. Second: the way many of us think about a Browser War is in terms of marketshare -- and that is the wrong metric this time. There is a browser war, but it won't be won or lost based on who can convince the most people to switch to their browser. Because most people can't or won't switch on the platform that matters: mobile.

In 2020, the desktop is a minor skirmish compared to browsers on phones. On phones, many people aren't really free to choose their browser. That's literally true on the iPhone, which Apple locks down so apps can only use its web rendering technology. And it's for-intents-and-purposes true on Android, where the vast majority of browsers just use Chromium. Yes, there is an Android browser ballot happening in Europe, but it's much too early to know what its effects will be....

The new Browser Wars aren't about who makes the fastest or best browser, they're about whose services you want and whose data policies you trust.