An anonymous reader quotes a report from Ars Technica: Google Chrome 76 will close a loophole that websites use to detect when people use the browser's Incognito Mode. Over the past couple of years, you may have noticed some websites preventing you from reading articles while using a browser's private mode. The Boston Globe began doing this in 2017, requiring people to log in to paid subscriber accounts in order to read in private mode. The New York Times, Los Angeles Times, and other newspapers impose identical restrictions. Chrome 76 -- which is in beta now and is scheduled to hit the stable channel on July 30 -- prevents these websites from discovering that you're in private mode. Google explained the change yesterday in a blog post titled, "Protecting private browsing in Chrome." Google wrote: "Today, some sites use an unintended loophole to detect when people are browsing in Incognito Mode. Chrome's FileSystem API is disabled in Incognito Mode to avoid leaving traces of activity on someone's device. Sites can check for the availability of the FileSystem API and, if they receive an error message, determine that a private session is occurring and give the user a different experience. With the release of Chrome 76 scheduled for July 30, the behavior of the FileSystem API will be modified to remedy this method of Incognito Mode detection."

If websites find new loopholes to detect private mode, Google said they will close those, too. "Chrome will likewise work to remedy any other current or future means of Incognito Mode detection," Google's blog post said.

Dan Goodin, reporting for ArsTechnica: When we use browsers to make medical appointments, share tax returns with accountants, or access corporate intranets, we usually trust that the pages we access will remain private. DataSpii, a newly documented privacy issue in which millions of people's browsing histories have been collected and exposed, shows just how much about us is revealed when that assumption is turned on its head. DataSpii begins with browser extensions -- available mostly for Chrome but in more limited cases for Firefox as well -- that, by Google's account, had as many as 4.1 million users. These extensions collected the URLs, webpage titles, and in some cases the embedded hyperlinks of every page that the browser user visited. Most of these collected Web histories were then published by a fee-based service called Nacho Analytics, which markets itself as "God mode for the Internet" and uses the tag line "See Anyone's Analytics Account."

Web histories may not sound especially sensitive, but a subset of the published links led to pages that are not protected by passwords -- but only by a hard-to-guess sequence of characters (called tokens) included in the URL. Thus, the published links could allow viewers to access the content at these pages. (Security practitioners have long discouraged the publishing of sensitive information on pages that aren't password protected, but the practice remains widespread.) Further reading: More on DataSpii: How extensions hide their data grabs -- and how they're discovered.

Netflix Hangouts is a new Chrome extension that tries to make it easier to get away with watching Netflix while you're supposed to be working. Just go to the show you want to catch up on during work hours, and press the extension's icon in your Chrome menu to bring up a fake four-person conference call. Then you can sit back and watch the show in the window's bottom right feed while three fake colleagues get down to business. The Verge reports: The extension was developed by Mschf Internet Studios, which has produced a few internet curiosities like this over the years. There was the Slack channel that offered $1,000 in prize money for the first person to correctly guess each word of the day (it was shut down by Slack after just a week), a man who ate various foods as disgusting ice cream toppings, and who could forget Tabagotchi, the lovable virtual avatar that slowly died as you opened more and more tabs? Netflix Hangouts is the latest in a long line of services designed to let you slack off at work.

From a report: Google's Chrome now reigns as the biggest browser on the block, and the company is facing challenges similar to Microsoft's from competitors, as well as government scrutiny. But Google faces a new wrinkle -- a growing realization among consumers that their every digital move is tracked. "I think Cambridge Analytica acted as a catalyst to get people aware that their data could be used in ways they didn't expect," said Peter Dolanjski, the product lead for Mozilla's Firefox web browser, referring to the scandal in which a political consulting firm obtained data on millions of Facebook users and their friends.

And in something of a poetic role reversal, Microsoft is positioning itself to pick up the slack from people who may be fed up with Google's Chrome browser and its questionable privacy practices. Microsoft is expected to release an overhaul of its latest browser, called Edge, in the coming months. Microsoft is just one of a number of companies and organizations looking to take a piece out of Google -- some using the company's own open-source software. One name that might be familiar to most consumers -- Mozilla's Firefox browser -- is also a veteran of the "browser wars" of two decades ago. The nonprofit Mozilla, which has been biting at the heels of leading browsers for most of its existence, is introducing more aggressive privacy settings to try to stand out and take advantage of the privacy stumbles by Google and other tech giants.

The Google Earth team recently released a beta preview of a WebAssembly port of Google Earth. The new port runs in Chrome and other Chromium-based browsers, including Edge (Canary version) and Opera, as well as Firefox. From a report: The port thus brings cross-browser support to the existing Earth For Web version, which uses the native C++ codebase and Chrome's Native Client (NaCl) technology. Difference in multi-threading support between browsers leads to varying performance. Google Earth was released 14 years ago and allowed users to explore the earth through the comfort of their home. This original version of Google Earth was released as a native C++ based application intended for desktop install because rendering the whole world in real time required advanced technologies that weren't available in the browser. Google Earth was subsequently introduced for Android and iOS smartphones, leveraging the existing C++ codebase through technologies such as NDK and Objective-C++. In 2017, Google Earth was released for the Chrome browser, using Google's Native Client (NaCl) to compile the C++ code and run it in the browser.

Slashdot's gotten over 17,000 votes in its poll about which web browser people use on their desktop. (The current leader? Firefox, with 53% of the vote, followed by Chrome with 30%.)

But Slashdot reader koavf asks an interesting follow-up question: "What's everyone's go-to Plan B browser and why?"

To start the conversation, here's how James Gelinas (a contributor at Kim Komando's tech advice site) recently reviewed the major browsers:

• He calls Chrome "a safe, speedy browser that's compatible with nearly every page on the internet" but also says that Chrome "is notorious as a resource hog, and it can drastically slow your computer down if you have too many tabs open."
  
  "Additionally, the perks of having your Google Account connected to your browser can quickly turn into downsides for the privacy-minded among is. If you're uncomfortable with your browser knowing your searching and spending behaviors, Chrome may not be the best choice for you."

• He calls Firefox "the choice for safety".
  
  "Predating Chrome by 6 years, Firefox was the top choice for savvy Netizens in the early Aughts. Although Chrome has captured a large segment of its user base, that doesn't mean the Fox is bad. In fact, Mozilla is greatly appreciated by fans and analysts for its steadfast dedication to user privacy... Speedwise, Firefox isn't a slouch either. The browser is lighter weight than Chrome and is capable of loading some websites even faster."

• He calls Apple's Safari and Microsoft Edge "the default choice...because both of these browsers come bundled with new computers."
  
  "Neither one has glaring drawbacks, but they tend to lack some of the security features and extensions found in more popular browsers. Speedwise, however, both Edge and Safari are able to gain the upper hand against their competition. When it comes to startup time and functions, the apps are extremely lightweight on your system's resources. This is because they're part of the Mac and Window's operating systems, respectively, and are optimized for performance in that environment."

Finally, he gives the Tor browser an honorable mention. ("It's still one of the best anonymous web browsers available. It's so reliable, in fact, that people living under repressive governments often turn to it for their internet needs -- installing it on covert USB sticks to use on public computers.") And he awards a "dishonorable mention" to Internet Explorer. ("Not only is the browser no longer supported by Microsoft, but it's also vulnerable to a host of malware and adware threats.")

But what do Slashdot's readers think? Putting aside your primary desktop browser -- what's your own go-to "Plan B" web browser, and why? Leave your best answers in the comments.

What's your "backup" browser?

Mozilla is adding a random password generator to Firefox. From a report: The Firefox random password generator is expected to become publicly available for all Firefox users with the release of Firefox 69, scheduled for release in early September, roughly a year after Chrome 69. Currently, the random password generator is only available in Firefox Nightly, a Firefox version for testing new features before they land in the stable branch. When Firefox 69 will be released, the random password generator is expected to be available as a checkbox in the Firefox settings section, under "Privacy & Security," under "Logins and Passwords."

Microsoft is testing features that block companies from tracking you across different websites in its Chromium-based Edge browser. Engadget reports: Insider beta testers with the latest Canary release on Windows can try it by enabling a browser flag (enter - "edge://flags#edge-tracking-prevention" in the address bar) then restarting. Once it's on, there are three different levels of blocking, with intentions to filter out only known malicious trackers, some third-party trackers that are used for ad targeting or all third-party tracking entirely. Microsoft demonstrated the feature at its Build 2019 event earlier this year, so even if you're not in that test group you can get a peek at it right here.

An anonymous reader writes: Mozilla today announced Firefox Preview, a pilot of its new Android browser. Firefox Preview, which is powered by Mozilla's own GeckoView engine, will ultimately replace the current Firefox for Android mobile app "this fall." At the same time, Mozilla has put Firefox Focus for Android development on hold. If you're a developer or just an early adopter, you can download Firefox Preview from Google Play.

On desktop, Firefox is the second most popular browser after Chrome. Firefox holds about 10% desktop market share, according to Net Applications. On mobile, however, Firefox has less than 0.5% share. Despite regular releases alongside the desktop browser over the years, Firefox's mobile share has not improved.

Security through obscurity is out, security through tomfoolery is in. From a report: That's the basic philosophy sold by Track THIS, "a new kind of incognito" browsing project, which opens up 100 tabs crafted to fit a specific character -- a hypebeast, a filthy rich person, a doomsday prepper, or an influencer. The idea is that your browsing history will be depersonalized and poisoned, so advertisers won't know how to target ads to you. It was developed as a collaboration between mschf (pronounced "mischief") internet studios and Mozilla's Firefox as a way of promoting Firefox Quantum, the newest Firefox browser. [...] Just a warning -- if you use Track THIS it may take several minutes for all 100 tabs to load. (I used Chrome as my browser.) But when as it gradually loads, it's like taking a first-person journey through someone else's consciousness.

Sidewalk Labs, Alphabet's smart city subsidiary, released its massive plan Monday to transform a slice of Toronto's waterfront into a high-tech utopia. From a report: Eighteen months in the making and clocking in at 1,524 pages, the plan represents Alphabet's first, high-stakes effort to realize Alphabet CEO Larry Page's long-held dream of a city within a city to experiment with innovations like self-driving cars, public Wi-Fi, new health care delivery solutions, and other city planning advances that modern technology makes possible. Previously, Sidewalk Labs called it "a neighborhood built from the internet up." But on Monday, Sidewalk Labs CEO Dan Doctoroff went a step further to describe it as "the most innovative district in the world."

The plan includes: Ten new buildings of mixed-use development consisting primarily of thousands of new residential units, as well as retail and office spaces, all made from mass timber. A proposal to extend the city's light-rail system to serve the new neighborhood. Redesigning streets to reduce car use and promote biking and walking. Installation of public Wi-Fi, in addition to other sensors to collect "urban data" to better inform housing and traffic decisions, for example. Proposal to reduce greenhouse gases by up to 89 percent. Building the new Canadian headquarters of Google on the western edge of Villiers Island. Further reading: Former Firefox VP on What It's Like To Be Both a Partner of Google and a Competitor via Google Chrome; Sidewalk Labs' 1,500-Page Plan for Toronto Is a Democracy Grenade.

"You open your browser to look at the Web. Do you know who is looking back at you?" warns Washington Post technology columnist Geoffrey A. Fowler: Over a recent week of Web surfing, I peered under the hood of Google Chrome and found it brought along a few thousand friends. Shopping, news and even government sites quietly tagged my browser to let ad and data companies ride shotgun while I clicked around the Web. This was made possible by the Web's biggest snoop of all: Google. Seen from the inside, its Chrome browser looks a lot like surveillance software...

My tests of Chrome vs. Firefox unearthed a personal data caper of absurd proportions. In a week of Web surfing on my desktop, I discovered 11,189 requests for tracker "cookies" that Chrome would have ushered right onto my computer but were automatically blocked by Firefox. These little files are the hooks that data firms, including Google itself, use to follow what websites you visit so they can build profiles of your interests, income and personality... And that's not the half of it. Look in the upper right corner of your Chrome browser. See a picture or a name in the circle? If so, you're logged in to the browser, and Google might be tapping into your Web activity to target ads. Don't recall signing in? I didn't, either. Chrome recently started doing that automatically when you use Gmail.

Chrome is even sneakier on your phone. If you use Android, Chrome sends Google your location every time you conduct a search. (If you turn off location sharing it still sends your coordinates out, just with less accuracy.)
The columnist concludes that "having the world's biggest advertising company make the most popular Web browser was about as smart as letting kids run a candy shop," and argues that through its Doubleclick and other ad businesses, Google "is the No. 1 cookie maker -- the Mrs. Fields of the web."

He also reports that Firefox is now working on ways to block browser "fingerprinting".

Google today launched a new Chrome extension that will simplify the process of reporting a malicious site to the Google Safe Browsing team so that it can be analyzed, reviewed, and blacklisted in Chrome and other browsers that support the Safe Browsing API. From a report: Named the Suspicious Site Reporter, this extension adds an icon to the Google Chrome toolbar that when pressed, opens a popup window from where users can file an automatic report for the current site they're on, and which they suspect might be up to no good. "If the site is added to Safe Browsing's lists, you'll not only protect Chrome users but users of other browsers and across the entire web," said Emily Schechter, Chrome Product Manager. The Safe Browsing API is implemented not only in the mobile and desktop versions of Chrome but also in the mobile and desktop versions of Mozilla Firefox and Apple's Safari.

An anonymous reader shares a report: After being ripped to shreds by angry users, Google engineers have promised this week that the upcoming changes to Chrome's extensions system won't cripple ad blockers, as everyone is fearing. Instead, the company claims that the new extension API changes will actually improve user privacy and bring speed improvements. Furthermore, Google also promised to raise a maximum limit in one of the upcoming APIs that should address and lay to rest the primary criticism brought against the new extensions API by developers of ad blockers during the last six months.

An anonymous reader shares a report: In April, Google announced a groundbreaking technology that could allow Android users to use their smartphones as hardware security keys whenever logging into Google accounts on their laptops or work PCs. Initially, the technology was made available for Chrome OS, macOS, and Windows 10 devices. Today, Google announced it is expanding this technology to iOS as well. Today's news means that iPhone and iPad users can now use their (secondary) Android smartphones as a security key whenever logging into their Google accounts on an iOS device. The technology works basically the same, as Google explained in April, at the Cloud Next 2019 conference.

Despite sharing a common Chromium codebase, browser makers like Brave, Opera, and Vivaldi don't have plans on crippling support for ad blocker extensions in their products -- as Google is currently planning on doing within Chrome. From a report: The three browsers makers have confirmed to ZDNet, or in public comments, of not intending to support a change to the extensions system that Google plans to add to Chromium, the open-source browser project on which Chrome, Brave, Opera, and Vivaldi are all based on.

An anonymous reader writes: Google this week released Chrome 75 for Windows, Mac, Linux, Android, and iOS. The release includes hint for low latency canvas contexts, files supported in the Web Share API, numeric separators, and more developer features. [...] Next, files are now supported by the Web Share API. For years, Google has been working to bring native sharing capabilities to the web. The Web Share API allows web apps to invoke the same share dialog box as a native app. The implementation brings a new method and a new shareData property. Numeric literals now allow underscores (_, U+005F) as separators to make them more readable. Underscores can only appear between digits, and consecutive underscores are not allowed. There is also a reader mode that is not enabled by default. From a report: The big feature included with Chrome 75 is the addition of a hidden Reader Mode, similar to the one included with Firefox. This new Reader Mode is not active by default and must be turned on using one of Google Chrome's experimental flags -- which until recently has only been available in the Chrome Canary distribution. To enable and test Chrome's new Reader Mode, users must visit the chrome://flags/#enable-reader-mode section, and enable the Reader Mode option, as in the screenshot below. Chrome for Android includes these two features: 1. Generate strong and unique passwords with Chrome's built-in password manager. 2. Quickly look up your passwords by tapping any password field and using the new keyboard option.

An anonymous reader quotes a report from Vice News: Google has found itself under fire for plans to limit the effectiveness of popular ad blocking extensions in Chrome. While Google says the changes are necessary to protect the "user experience" and improve extension security, developers and consumer advocates say the company's real motive is money and control. In the wake of ongoing backlash to the proposal, Chrome software security engineer Chris Palmer took to Twitter this week to claim the move was intended to help improve the end-user browsing experience, and paid enterprise users would be exempt from the changes.

Chrome security leader Justin Schuh also said the changes were driven by privacy and security concerns. Adblock developers, however, aren't buying it. uBlock Origin developer Raymond Hill, for example, argued this week that if user experience was the goal, there were other solutions that wouldn't hamstring existing extensions. "Web pages load slow because of bloat, not because of the blocking ability of the webRequest API -- at least for well crafted extensions," Hill said. Hill said that Google's motivation here had little to do with the end user experience, and far more to do with protecting advertising revenues from the rising popularity of adblock extensions. The team behind the EFF's Privacy Badger ad-blocking extension also spoke out against the changes. "Google's claim that these new limitations are needed to improve performance is at odds with the state of the internet," the organization said. "Sites today are bloated with trackers that consume data and slow down the user experience. Tracker blockers have improved the performance and user experience of many sites and the user experience. Why not let independent developers innovate where the Chrome team isn't?"

Google is cracking down again on deceptive Chrome extension installation practices. The browser maker listed new rules yesterday that extension developers must follow, or face the possibility of having their extension removed from the official Chrome Web Store. From a report: These new rules come after last year Google banned the installation of Chrome extensions via third-party sites (called inline installs) and limited the installation process to users visiting the extension's official Chrome Web Store page only. [...] But yesterday, Google announced plans to remove all Chrome extensions that abuse the following tactics to trick users towards pressing the "Add to Chrome" button: 1. Extensions that lack a clear "disclosure" that explains to users what they can expect by installing the Chrome extension. 2. Extensions that use misleading disclosures or explanations for the extension's purpose. 3. Hiding disclosure texts (extension's purpose) in large blocks of text, down the page, or using text and fonts that make the disclosure unreadable. 4. Using misleading interactive elements (such as buttons or forms) that trick the user into believing they're taking an action, but unknown to them, they are actually installing a Chrome extension. [...]

Earlier this year, Google proposed changes to the open-source Chromium browser that would break content-blocking extensions, including various ad blockers. Despite the overwhelming negative feedback to the move, Google appears to be standing firm on the changes, sharing that current ad blocking capabilities will be restricted to enterprise users. 9to5Google reports: Manifest V3 comprises a major change to Chrome's extensions system, including a revamp to the permissions system and a fundamental change to the way ad blockers operate. In particular, modern ad blockers, like uBlock Origin and Ghostery, use Chrome's webRequest API to block ads before they're even downloaded. With the Manifest V3 proposal, Google deprecates the webRequest API's ability to block a particular request before it's loaded. As you would expect, power users and extension developers alike criticized Google's proposal for limiting the user's ability to browse the web as they see fit.

Now, months later, Google has responded to some of the various issues raised by the community, sharing more details on the changes to permissions and more. The most notable aspect of their response, however, is a single sentence buried in the text, clarifying their changes to ad blocking and privacy blocking extensions: "Chrome is deprecating the blocking capabilities of the webRequest API in Manifest V3, not the entire webRequest API (though blocking will still be available to enterprise deployments)." Google is essentially saying that Chrome will still have the capability to block unwanted content, but this will be restricted to only paid, enterprise users of Chrome. This is likely to allow enterprise customers to develop in-house Chrome extensions, not for ad blocking usage.