An anonymous reader writes: Google and The Pirate Bay have had an interesting relationship over the years, to say the least. This week, users pointed out that The Pirate Bay can appear significantly lower down in search results (and definitely not on the first page), depending on which country you are searching in. We reached out to Google, and it denied the allegations that it was demoting the site. TorrentFreak first spotted the odd behavior. The publication used Chrome in incognito mode to search for "The Pirate Bay" in Google with different IP addresses to see where the site's thepiratebay.org domain showed up. An IP address in the U.K., for example, would result in The Pirate Bay showing up on the fifth or sixth page, while an IP address in the U.S. would bring back The Pirate Bay as the top result.

An anonymous reader writes: Late yesterday afternoon, Google announced plans to deprecate and eventually remove PKP support from the Chromium open-source browser, which indirectly means from Chrome... According to Google engineer Chris Palmer, low adoption and technical difficulties are among the reasons why Google plans to remove the feature from Chrome.

"We would like to do this in Chrome 67, which is estimated to be released to Stable on 29 May 2018," Palmer says. The proposal is up in the air, and users can submit opinions against Google's intent to deprecate, but seeing how little PKP was adopted, it's most likely already out the door. A Neustar survey from March 2016 had PKP deployment at only 0.09% of all HTTPS sites. By August 2017, that needle had barely moved to 0.4% of all sites in the Alexa Top 1 Million.

"Could it turn out users actually prefer to trade a little CPU time to website owners in favor of them not showing ads?" writes phonewebcam, a long-time Slashdot reader. Slashdot covered the downside [of in-browser cryptocurrency mining] recently, with even [Portuguese professional sportsballer] Cristiano Ronaldo's official site falling victim, but that may not be the full story. This could be an ideal win-win situation, except for one huge downside -- the current gang of online advertisers.
By "current gang of online advertisers," he means Google, according to a longer essay at LinkedIn: Naturally, the world's largest ad broker, which runs the world most popular browser (desktop and mobile) is keen to see how this plays out, and is also uniquely placed to be able to heavily influence it, too... As it happens, Chrome users can already do something about it via extensions, for example AntiMiner... If cryptocurrencies have a future - and that's a big if (look at China's Bitcoin ban) - it could well turn out that their role just took an unexpected turn.

An anonymous reader quotes PCMag: In a Wednesday blog post, Redmond examined Google's browser security and took the opportunity to throw some shade at Chrome's security philosophy, while also touting the benefits of its own Edge browser. The post, written by Microsoft security team member Jordan Rabet, noted that Google's Chrome browser uses "sandboxing" and isolation techniques designed to contain any malicious code. Nevertheless, Microsoft still managed to find a security hole in Chrome that could be used to execute malicious code on the browser.

The bug involved a Javascript engine in Chrome. Microsoft notified Google about the problem, which was patched last month. The company even received a $7,500 reward for finding the flaw. However, Microsoft made sure to point out that its own Edge browser was protected from the same kind of security threat. It also criticized Google for the way it handled the patching process. Prior to the patch's official rollout, the source code for the fix was made public on GitHub, a software collaboration site that hosts computer code. That meant attentive hackers could have learned about the vulnerability before the patch was pushed out to customers, Microsoft claimed. "In this specific case, the stable channel of Chrome remained vulnerable for nearly a month," the blog post said. "That is more than enough time for an attacker to exploit it."
In the past Google has also disclosed vulnerabilities found in Microsoft products -- including Edge.

An anonymous reader quotes a report from TechCrunch: Google's push to make the web more secure by flagging sites using insecure HTTP connections appears to be working. The company announced today that 64 percent of Chrome traffic on Android is now protected, up 42 percent from a year ago. In addition, over 75 percent of Chrome traffic on both ChromeOS and Mac is now protected, up from 60 percent on Mac and 67 percent on ChromeOS a year ago. Windows traffic is up to 66 percent from 51 percent. Google also notes that 71 of the top 100 websites now use HTTPS by default, up from 37 percent a year ago. In the U.S., HTTPS usage in Chrome is up from 59 percent to 73 percent. Combined, these metrics paint a picture of fairly rapid progress in the switchover to HTTPS. This is something that Google has been heavily pushing by flagging and pressuring sites that hadn't yet adopted HTTPS.

An anonymous reader writes: Google Chrome engineers are considering adding a special browser permission that will thwart the rising trend of in-browser cryptocurrency miners. Discussions on the topic of in-browser miners have been going on the Chromium project's bug tracker since mid-September when Coinhive, the first such service, launched. "Here's my current thinking," Ojan Vafai, a Chrome engineering working on the Chromium project, wrote in one of the recent bug reports. "If a site is using more than XX% CPU for more than YY seconds, then we put the page into 'battery saver mode' where we aggressively throttle tasks and show a toast [notification popup] allowing the user to opt-out of battery saver mode. When a battery saver mode tab is backgrounded, we stop running tasks entirely. I think we'll want measurement to figure out what values to use for XX and YY, but we can start with really egregious things like 100% and 60 seconds. I'm effectively suggesting we add a permission here, but it would have unusual triggering conditions [...]. It only triggers when the page is doing a likely bad thing."

An earlier suggestion had Google create a blacklist and block the mining code at the browser level. That suggestion was shut down as being too impractical and something better left to extensions.

Mozilla has announced deeper partnerships with Microsoft, Google, Samsung, and web standards body W3C to create cross-browser documentation on MDN Web Docs, a web development documentation portal created by Mozilla. From a report: MDN Web Docs first came to fruition in 2005, and it has since been known under various names, including the Mozilla Developer Network and Mozilla Developer Center. Today, MDN Web Docs serves as a community and library of sorts covering all things related to web technologies and standards, including JavaScript, HTML, CSS, open web app development, Firefox add-on development, and more. The web constitutes multiple players from across the technology spectrum and, of course, multiple browsers, including Microsoft's Edge, Google's Chrome, Mozilla's Firefox, and the Samsung Internet Browser. To avoid fragmentation and ensure end-users have a (fairly) consistent browsing experience, it helps if all the players involved adhere to a similar set of standards.

An anonymous reader writes: Earlier today, Google released version 62 of its Chrome browser that comes with quite a few new features but also fixes for 35 security issues. The most interesting new features are support for OpenType variable fonts, the Network Quality Estimator API, the ability to capture and stream DOM elements, and HTTP warnings for the browser's Normal and Incognito mode. The most interesting of the new features is variable fonts. Until now, web developers had to load multiple font families whenever they wanted variations on a font family. For example, if a developer was using the Open Sans font family on a site, if he wanted a font variation such as Regular, Bold, Black, Normal, Condensed, Expanded, Highlight, Slab, Heavy, Dashed, or another, he'd have to load a different font file for each. OpenType variable fonts allow font makers to merge all these font family variations in one file that developers can use on their site and control via CSS. This results in fewer files loaded on a website, saving bandwidth and improving page load times. Two other features that will interest mostly developers are the Network Quality Estimator and the Media Capture from DOM Elements APIs. As the name hints, the first grants developers access to network speed and performance metrics, information that some websites may use to adapt video streams, audio quality, or deliver low-fi versions of their sites. Developers can use the second API -- the Media Capture from DOM Elements -- to record videos of how page sections behave during interaction and stream the content over WebRTC. This latter API could be useful for developers debugging a page, but also support teams that want to see what's happening on the user's side.

Google is rolling out a trio of important changes to Chrome for Windows users. From a report: At the heart of these changes is Chrome Cleanup. This feature detects unwanted software that might be bundled with downloads, and provides help with removing it. Google's Philippe Rivard explains that Chrome now has built-in hijack detection which should be able to detect when user settings are changes without consent. This is a setting that has already rolled out to users, and Google says that millions of users have already been protected against unwanted setting changes such as having their search engine altered. But it's the Chrome Cleanup tool that Google is particularly keen to highlight. A redesigned interface makes it easier to use and to see what unwanted software has been detected and singled out for removal.

An anonymous reader quotes Computerworld:Microsoft's Edge easily beat rival browsers from Google and Mozilla in third-party tests of the behind-the-scenes services which power anti-malware warnings and malicious website-blocking... NSS Labs says Windows 10's default browser is better at blocking phishing and socially-engineered malware attacks than Google Chrome or Mozilla Firefox... According to NSS Labs of Austin, Texas, Edge automatically blocked 92% of all in-browser credential phishing attempts and stymied 100% of all socially-engineered malware (SEM) attacks. The latter encompassed a wide range of attacks, but their common characteristic was that they tried to trick users into downloading malicious code. The tactics that SEM attackers deploy include links from social media, such as Facebook and Twitter, and bogus in-browser notifications of computer infections or other problems.

Edge bested Chrome and Firefox by decisive margins. For instance, Chrome blocked 74% of all phishing attacks, and 88% of SEM attacks. Meanwhile, Firefox came in third in both tests, stopping just 61% of the phishing attacks and 70% of all SEM attempts... Both Chrome and Mozilla's Firefox rely on the Safe Browsing API (application programing interface), but historically, Mozilla's implementation has performed poorly compared to Google's. No shock: Google created the API. Edge also took top prize in blocking attacks from the get-go. In NSS's SEM attack testing, for example, the Microsoft browser stopped nearly every attempt from the first moments a new attack was detected. Chrome and Firefox, on the other hand, halted 75% and 54% of the brand-new attacks, respectively. Over a week's time, Chrome and Firefox improved their blocking scores, although neither reached Edge's impressive 99.8%.
The researchers spent three weeks continuously monitoring the browsers on Windows 10 computers. But in the real world, Edge runs on just 5% of all personal computers, while Firefox runs on 13% and Chrome on 60%.

An anonymous reader shares a report from Computerworld, where JR Raphael makes the case for why it's time to call the Chromebook the new Android tablet: What does a traditional Android tablet do that a convertible Chromebook doesn't? No matter how long you mull, it's tough to come up with much. Nowadays, a Chromebook runs the same apps from the same Google Play Store. It has an increasingly similar user interface, with a new touch-friendly and Android-reminiscent app launcher rolling out as we speak. It's likely to have an Android-like way of getting around the system before long, too, not to mention native integration of the Google Assistant (which is launching with the newly announced Pixelbook and then presumably spreading to other devices from there). But on top of all of that, a Chromebook offers meaningful advantages a traditional Android tablet simply can't match. It operates within the fast-booting, inherently secure, and free from manufacturer- or carrier-meddling Chrome OS environment. The operating system is updated every two to three weeks, directly by Google, for a minimum of five years. That's a sharp contrast to the software realities we see on Android -- and if you think the updates on Android phones are bad, let me tell you: The situation with Android tablets is worse.

In addition to the regular selection of Android apps, a Chromebook also gives you a desktop-caliber browser experience along with a laptop-level keyboard and capable trackpad. (And, as a side perk, that means you've got a built-in multi-mode stand for your tablet, too.) It's the best of both worlds, as I've put it before -- a whole new kind of platform-defying, all-purpose productivity and entertainment machine. And while it won't immediately lead to the outright extinction of traditional Android tablets, it certainly makes them seem like a watered-down and obsolete version of the same basic experience.

A reader shares a Bloomberg report: There's a $19 billion black box inside Google. That's the yearly amount Google pays to companies that help generate its advertising sales, from the websites lined with Google-served ads to Apple and others that plant Google's search box or apps in prominent spots. Investors are obsessed with this money, called traffic acquisition costs, and they're particularly worried about the growing slice of those payments going to Apple and Google's Android allies. That chunk of fees now amounts to 11 percent of revenue for Google's internet properties. The figure was 7 percent in 2012. These Google traffic fees are the result of contractual arrangements parent company Alphabet makes to ensure its dominance. The company pays Apple to make Google the built-in option for web searches on Apple's Safari browsers for Mac computers, iPhones and other places. Google also pays companies that make Android smartphones and the phone companies that sell those phones to make sure its search box is front and center and to ensure its apps such as YouTube and Chrome are included in smartphones. In the last year, Google has paid these partners $7.2 billion, more than three times the comparable cost in 2012.

An anonymous reader quotes a report from Bleeping Computer: A new W3C standard is slowly creeping into current browser implementations, a standard that will simplify the way people make payments online. Called the Payment Request API, this new standard relies on users entering and storing payment card details inside browsers, just like they currently do with passwords. The API is also a godsend for the security and e-commerce industry since it spares store owners from having to store payment card data on their servers. This means less regulation and no more fears that an online store might expose card data when getting hacked. By moving the storage of payment card details in the browser, the responsibility of keeping these details safe is moved to the browser and the user. Browsers that support the Payment Request API include Google Chrome, who first added support for it in Chrome for Android 53 in August 2016, and added desktop support last month with the release of Chrome 61. Microsoft Edge also supports the Payment Request API since September 2016, but the feature requires that users register a Microsoft Wallet account before using it. Firefox and Safari are still working on supporting the API, and so are browser implementations from Facebook and Samsung, both eager to provide a simpler payment mechanism than the one in use today.

Mark Wilson writes: Bitcoin has been in the news for some time now as its value climbs and drops, but most recently interest turned to mining code embedded in websites. The Pirate Bay was one of the first sites to be seen using Coinhive code to secretly mine using visitors' CPU time, and then we saw similar activity from the SafeBrowse extension for Chrome. The discovery of the code was a little distressing for visitors to the affected sites, and internet security and content delivery network (CDN) firm Cloudflare is taking action to clamp down on what it is describing as malware. Torrent proxy site ProxyBunker.online has contacted TorrentFreak to say that Cloudflare has dropped it as a customer. The reason given for ProxyBunker's suspension is that the site has been using Coinhive code on several of the domains it owns.

Google is once again trying to make a big splash with laptop computers, this time with its new Pixelbook. From a report: Google debuted its Pixelbook, a new laptop-tablet hybrid during its Pixel 2 event in San Francisco on Wednesday, a high-end version of its barebones Chromebook laptops that rely on Google's Chrome operating system (OS). Google hopes its new Pixelbook, which sells for $999 to $1,649, will give it a viable challenger to Apple's MacBooks and other premium laptops. With Google's low-end Chromebooks, the company supplies the OS while third-party companies like HP Inc. and Dell build the devices. But Chromebooks are bulky, short on processing power, have limited storage, and are incompatible with Google's new Pixelbook stylus pen for drawing digital images on touchscreens. Matt Vokoun, Google's director for Chromebooks, emphasized that his company is serious about the Pixelbook. Although Google previously sold both high-end laptops and tablets, they were mostly "demonstration-oriented," he said, meaning Google didn't produce many of them and that they were instead for showing to potential manufacturers to get them on board with the idea.

An anonymous reader writes: Google is working on blocking tab-under behavior in Chrome, according to a document seen by Bleeping Computer. For users unfamiliar with the jargon, Google considers tab-under behavior when an unsuspecting user is scrolling or clicking on a page, but the site duplicates the current page in another tab and shows an ad or a new website in the page the user was initially reading. Countless of website owners and advertisers have abused tab-unders to show ads and redirect users to unwanted sites, all for the sake of ad impressions and redirection fees. This demo site created by Google engineers that shows how tab-unders work. Earlier today, Google published a document detailing three ways it's currently looking at for dealing with tab-unders in Chrome. The current approved proposal is for the browser maker to block websites before opening a new tab, similar to the pop-up blocking mechanism. According to Chrome engineer Charles Harrison, the tab-under blocking feature will be supported on five of the six Blink platforms -- Windows, Mac, Linux, Chrome OS, and Android, but not Android WebView. Once the feature is ready, it will ship with Chrome Canary under its own option on the chrome://flags settings page.

Google will tomorrow launch the next generation of its smartphone with the Pixel 2 and the Pixel 2 XL. At the same time, the company will reportedly introduce a new Chrome OS-based laptop called the Pixelbook, a small smart speaker called the Google Home Mini, and new hardware for the Daydream VR platform. David Pierce, writing for Wired tries to make sense of it: You'd think having dominated search and email, created Chrome and YouTube, plus a self-driving car project, a handful of save-the-world enterprises, and the greatest advertising business in the history of the universe would be enough to keep Google busy. You certainly wouldn't think the folks in Mountain View would suddenly feel the urge to get into the smartphone game, a remarkably mature market where nobody but Samsung and Apple makes any money, and where Google's already ubiquitous thanks to Android. [...] As they say, hardware is hard. It's a ruthless and low-margin business, but it's also an important one. Building gadgets in-house gives Google an opportunity to assert itself beyond what any of its partners can offer. More importantly, it gives Google a chance to control its destiny in an increasingly uncertain time. Depending on Samsung is a dangerous game. Galaxy products are the most popular Android phones by far, and the prime iPhone competition. But every year, you can feel Samsung leaning a little further away from Google. It built the Bixby assistant, which competes directly with Google Assistant, and gave Bixby prime placement on its phones. Samsung builds its own browser, email client, and messaging app, which seem utterly redundant unless Samsung's trying to wean its reliance on Google products. Samsung mostly eschews Daydream in favor of Gear VR, and has a home-grown smart-home platform competing directly with Nest, Android Things, and all the other Google connected-home products.

An anonymous reader writes: Canonical engineer Dimitri John Ledkov announced on Wednesday that Ubuntu does not plan to offer 32-bit ISO installation images for its new OS version starting with the next release — Ubuntu 17.10 (Artful Aardvark) scheduled for release on October 19. The decision comes after month-long discussions on the dwindling market share of 32-bit architectures. Ledkov made it clear that Canonical does not plan to stop support for 32-bit architectures. The Ubuntu team plans to continue to offer security updates and bug fixes, but they won't be offering new ISO images. Lubuntu and Xubuntu, which are Ubuntu offshoots created to run on older computers, will most likely continue to provide 32-bit ISO images, as this is their bread and butter. Manjaro, Tails, and Arch Linux announced similar decisions. Even Google dropped support for Chrome on 32-bit Linux platforms, way back in 2015, predicting the overall trend.

The next version of Firefox, aptly named Firefox Quantum, is getting a big speed boost. "The idea, of course, is that the upcoming version 57 is a quantum leap over predecessors -- or, in the words of Mozilla CEO Chris Beard, a 'big bang,'" reports CNET. While Mozilla stopped short of declaring victory over Chrome, Nick Nguyen, vice president of Firefox product, said Firefox Quantum's page-load speed "is often perceivably faster" while using 30 percent less memory. From the report: The new Firefox revamp includes lots of under-the-covers improvements, like Quantum Flow, which stamps out dozens of performance bugs, and Quantum CSS, aka Stylo, which speeds up website formatting. More obvious from the outside is a new interface called Photon that wipes out Firefox's rounded tabs and adds a "page action" menu into the address bar. It also builds in the Pocket bookmarking service Mozilla acquired and uses it to recommend sites you might be interested in. A screenshot tool generates a website link so you can easily share what you see by email or Twitter. Mozilla even simplified the Firefox logo, a fox wrapping itself around the globe. More improvements are in the pipeline for later Firefox versions, too, including Quantum Render, which should speed up Firefox's ability to paint web pages onto your screen.

An anonymous reader writes: Two Showtime domains are currently loading and running Coinhive, a JavaScript library that mines Monero using the CPU resources of users visiting Showtime's websites. The two domains are showtime.com and showtimeanytime.com, the latter being the official URL for the company's online video streaming service. It is unclear if someone hacked Showtime and included the mining script without the company's knowledge. Showtime did not respond to a request for comment, but it could be an experiment as the setThrottle value is 0.97, meaning the mining script will remain dormant for 97% of the time. Despite this, Coinhive has been recently adopted by a large number of malware operations, such as malvertisers, adware developers, rogue Chrome extensions, and website hackers, who secretly load the code in a page's background and make money off unsuspecting users. At least two ad blockers have added support for blocking Coinhive's JS library -- AdBlock Plus and AdGuard -- and developers have also put together Chrome extensions that terminate anything that looks like Coinhive's mining script -- AntiMiner, No Coin, and minerBlock.

The Pirate Bay recently ran tests using Coinhive. A recent report has calculated that a site like The Pirate Bay could make around $12,000 per month by mining Monero in the background.