An anonymous reader quotes a report from Reuters: Independent browser companies in the European Union are seeing a spike in users in the first month after EU legislation forced Alphabet's Google, Microsoft and Apple to make it easier for users to switch to rivals, according to data provided to Reuters by six companies. The early results come after the EU's sweeping Digital Markets Act, which aims to remove unfair competition, took effect on March 7, forcing big tech companies to offer mobile users the ability to select from a list of available web browsers from a "choice screen." [...]

Cyprus-based Aloha Browser said users in the EU jumped 250% in March -- one of the first companies to give monthly growth numbers since the new regulations came in. Founded in 2016, Aloha, which markets itself as a privacy focused alternative to browsers owned by big tech, has 10 million monthly average users and earns money through paid subscriptions, rather than selling ads by tracking users. "Before, EU was our number four market, right now it's number two," Aloha CEO Andrew Frost Moroz said in an interview. Norway's Vivaldi, Germany's Ecosia and U.S.-based Brave have also seen user numbers rise following the new regulation. U.S.-based DuckDuckGo, which has about 100 million users, and its bigger rival, Norway-based Opera (OPRA.O), opens new tab are also seeing growth in users, but said the choice screen rollout is still not complete. "We are experiencing record user numbers in the EU right now," said Jan Standal, vice president at Opera, which counts over 324 million global users.

Under the new EU rules, mobile software makers are required to show a choice screen where users can select a browser, search engine and virtual assistant as they set up their phones. Previously, tech companies such as Apple and Google loaded phones with default settings that included their preferred services, such as the voice assistant Siri for iPhones. Changing these settings required a more complicated process. Apple is now showing up to 11 browsers in addition to Safari in the choice screens curated for each of the 27 countries in the EU, and will update those screens once every year for each country. While DuckDuckGo and Opera are offered in Apple's list, opens new tab in all 27 countries, Aloha is in 26 countries, Ecosia is in 13 and Vivaldi in 8. Google is currently showing browser choices on devices made by the company and said new devices made by other companies running Android operating system will also display choice screen in the coming months. A Google spokesperson said they do not have data on choice screens to share yet.

Matthew Connatser reports via The Register: A study has concluded that Apple's privacy practices aren't particularly effective, because default apps on the iPhone and Mac have limited privacy settings and confusing configuration options. The research was conducted by Amel Bourdoucen and Janne Lindqvist of Aalto University in Finland. The pair noted that while many studies had examined privacy issues with third-party apps for Apple devices, very little literature investigates the issue in first-party apps -- like Safari and Siri. The aims of the study [PDF] were to investigate how much data Apple's own apps collect and where it's sent, and to see if users could figure out how to navigate the landscape of Apple's privacy settings.

The lengths to which Apple goes to secure its ecosystem -- as described in its Platform Security Guide [PDF] -- has earned it kudos from the information security world. Cupertino uses its hard-earned reputation as a selling point and as a bludgeon against Google. Bourdoucen and Janne Lindqvist don't dispute Apple's technical prowess, but argue that it is undermined by confusing user interfaces. "Our work shows that users may disable default apps, only to discover later that the settings do not match their initial preference," the paper states. "Our results demonstrate users are not correctly able to configure the desired privacy settings of default apps. In addition, we discovered that some default app configurations can even reduce trust in family relationships."

The researchers criticize data collection by Apple apps like Safari and Siri, where that data is sent, how users can (and can't) disable that data tracking, and how Apple presents privacy options to users. The paper illustrates these issues in a discussion of Apple's Siri voice assistant. While users can ostensibly choose not to enable Siri in the initial setup on macOS-powered devices, it still collects data from other apps to provide suggestions. To fully disable Siri, Apple users must find privacy-related options across five different submenus in the Settings app. Apple's own documentation for how its privacy settings work isn't good either. It doesn't mention every privacy option, explain what is done with user data, or highlight whether settings are enabled or disabled. Also, it's written in legalese, which almost guarantees no normal user will ever read it. "We discovered that the features are not clearly documented," the paper concludes. "Specifically, we discovered that steps required to disable features of default apps are largely undocumented and the data handling practices are not completely disclosed."

Apple is preparing to allow EU-based iPhone users to uninstall its first-party Safari browser by the end of 2024 and is working on a more "user-friendly" way of transferring data "from an iPhone to a non-Apple phone" by fall 2025. From a report: That's according to a new compliance document published by the company, which outlines all the ways it's complying with the European Union's new Digital Markets Act that comes into force this week.

Other user-facing initiatives detailed in Apple's document include a "browser switching solution" to transfer data between browsers on the same device, which it plans to make available by late 2024 or early 2025. It'll also be possible to change the default navigation app on iOS by March 2025 in the EU. The document doesn't explicitly state whether any of these features will be available globally or whether they'll be exclusive to users in the EU. But many of the company's previously announced plans to comply with the DMA -- including the ability to run browser engines other than WebKit and install third-party app stores -- are only available in the bloc.

Jess Weatherbed reports via The Verge: Apple's iOS 17.4 update is now available, introducing new emoji and a cryptographic security protocol for iMessage, alongside some major changes to the App Store and contactless payments for the iPhone platform in Europe. Apple is making several of these changes to comply with the EU's Digital Markets Act (DMA), a law that aims to make the digital economy fairer by removing unfair advantages that tech giants hold over businesses and end users. iOS 17.4 will allow third-party developers to offer alternative app marketplaces and app downloads to EU users from outside the iOS App Store. Developers wanting to take advantage of this will be required to go through Apple's approval process and pay Apple a "Core Technology Fee" that charges 50 euro cents per install once an app reaches 1 million downloads annually. iPhone owners in the EU will see different update notes that specifically mention new options available for app stores, web browsers, and payment options.

The approval process may take some time, but we know that at least one enterprise-focused app marketplace from Mobivention will be available on March 7th. Epic is also working on releasing the Epic Game Store on iOS in 2024, and software company MacPaw is planning to officially launch its Setapp store in April. iOS 17.4 allows people in the EU to download alternative browser engines that aren't based on Apple's WebKit, such as Chrome and Firefox, with a new choice screen in iOS Safari that will prompt users to select a default browser when opened for the first time. While no browser alternatives have been officially announced, both Google and Mozilla are currently experimenting with new iOS browsers that could eventually be released to the public.

Apple is also introducing new APIs that allow third-party developers to utilize the iPhone's NFC payment chip for contactless payment services besides Apple Pay and Apple Wallet in the European Economic Area. No alternative contactless providers have been confirmed yet, but users will find a list of apps that have requested the feature under Settings > Privacy & Security > Contactless & NFC. While Apple previously revealed it was planning to drop support for progressive web apps (PWAs) in the EU to avoid building "an entirely new integration architecture" around DMA compliance, the company now says it will "continue to offer the existing Home Screen web apps capability" for EU users. However, these homescreen apps will still run using WebKit technology, with no option to be powered by third-party browser engines.

Microsoft offered to sell its Bing search engine to Apple in 2018, Google said in a court filing earlier this month. The document, from Google's antitrust case against the U.S. Justice Department, was unsealed on Friday. From a report: In the filing earlier this month, Google argued that Microsoft pitched Apple in 2009, 2013, 2015, 2016, 2018 and 2020 about making Bing the default in Apple's Safari web browser, but each time, Apple said no, citing quality issues with Bing. "In each instance, Apple took a hard look at the relative quality of Bing versus Google and concluded that Google was the superior default choice for its Safari users. That is competition," Google wrote in the filing.

The Justice Department said in its own newly unsealed filing that Microsoft has spent almost $100 billion on Bing over 20 years. The Windows and Office software maker launched Bing in 2009, following search efforts under the MSN and Windows Live brands. Today Bing has 3% global market share, according to StatCounter. In the fourth quarter, Microsoft generated $3.2 billion from search and news advertising, while Google search and other revenue totaled $48 billion. Google said in its filing that when Microsoft reached out to Apple in 2018, emphasizing gains in Bing's quality, Microsoft offered to either sell Bing to Apple or establish a Bing-related joint venture with the company.

A software error on the part of Firefly Aerospace doomed Lockheed Martin's Electronic Steerable Antenna (ESA) demonstrator to a shorter-than-expected orbital life following a botched Alpha launch. From a report: According to Firefly's mission update, the error was in the Guidance, Navigation, and Control (GNC) software algorithm, preventing the system from sending the necessary pulse commands to the Reaction Control System (RCS) thrusters before the relight of the second stage. The result was that Lockheed's payload was left in the wrong orbit, and Firefly's engineers were left scratching their heads.

The launch on December 22, 2023 -- dubbed "Fly the Lightning" -- seemed to go well at first. It was the fourth for the Alpha, and after Firefly finally registered a successful launch a few months earlier in September, initial indications looked good. However, a burn of the second stage to circularize the orbit did not go to plan, and Lockheed's satellite was left in the wrong orbit, with little more than weeks remaining until it re-entered the atmosphere.

As it turned out, the Lockheed team completed their primary mission objectives. The payload was, after all, designed to demonstrate faster on-orbit sensor calibration. Just perhaps not quite that fast. Software issues aboard spacecraft are becoming depressingly commonplace. A recent example was the near disastrous first launch of Boeing's CST-100 Starliner, where iffy code could have led, in NASA parlance, to "spacecraft loss." In a recent interview with The Register, former Voyager scientist Garry Hunt questioned if the commercial spaceflight sector of today would take the same approach to quality as the boffins of the past.

Apple is officially cutting support for progressive web apps for iPhone users in the European Union. While web apps have been broken for EU users in every iOS 17.4 beta so far, Apple has confirmed that this is a feature, not a bug. Commenting on Apple's move, Epic CEO Tim Sweeney tweeted: I suspect Apple's real reason for killing PWAs is the realization that competing web browsers could do a vastly better job of supporting PWAs -- unlike Safari's intentionally crippled web functionality -- and turn PWAs into legit, untaxed competitors to native apps.

Apple has now offered an explanation for why iOS 17.4 removes support for Home Screen web apps in the European Union. Spoiler: it's because of the Digital Markets Act that went into effect last August. 9to5Mac reports: Last week, iPhone users in the European Union noticed that they were no longer able to install and run web apps on their iPhone's Home Screen in iOS 17.4. Apple has added a number of features over the years to improve support for progressive web apps on iPhone. For example, iOS 16.4 allowed PWAs to deliver push notifications with icon badges. One change in iOS 17.4 is that the iPhone now supports alternative browser engines in the EU. This allows companies to build browsers that don't use Apple's WebKit engine for the first time. Apple says that this change, required by the Digital Markets Act, is why it has been forced to remove Home Screen web apps support in the European Union.

Apple explains that it would have to build an "entirely new integration architecture that does not currently exist in iOS" to address the "complex security and privacy concerns associated with web apps using alternative browser engines." This work "was not practical to undertake given the other demands of the DMA and the very low user adoption of Home Screen web apps," Apple explains. "And so, to comply with the DMA's requirements, we had to remove the Home Screen web apps feature in the EU." "EU users will be able to continue accessing websites directly from their Home Screen through a bookmark with minimal impact to their functionality," Apple continues.

It's understandable that Apple wouldn't offer support for Home Screen web apps for third-party browsers. But why did it also remove support for Home Screen web apps for Safari? Unfortunately, that's another side effect of the Digital Markets Act. The DMA requires that all browsers have equality, meaning that Apple can't favor Safari and WebKit over third-party browser engines. Therefore, because it can't offer Home Screen web apps support for third-party browsers, it also can't offer support via Safari. [...] iOS 17.4 is currently available to developers and public beta testers, and is slated for a release in early March. The full explanation was published on Apple's developer website today.

Less than a week after naming Laura Chambers as interim CEO, Firefox's maker Mozilla said it is cutting about 60 jobs, or 5% of its workforce. The cuts are primarily in the product development organization. Bloomberg reports: "We're scaling back investment in some product areas in order to focus on areas that we feel have the greatest chance of success," Mozilla said in a statement. "We intend to re-prioritize resources against products like Firefox Mobile, where there's a significant opportunity to grow and establish a better model for the industry."

Mozilla last cut a significant number of jobs four years ago at the height of the Covid-19 pandemic. The not-for-profit company, which competes with Alphabet Inc.'s Google Chrome, Apple Inc.'s Safari and Microsoft Corp.'s Edge, has been grappling with sliding market share of its Firefox web browser in recent years. So far in 2024, the tech sector has cut 32,000 jobs.

An anonymous reader shares a report: Apple has argued for years that developers who don't want to abide by its rules for native iOS apps can always write web apps. It has done so in its platform guidelines, in congressional testimony, and in court. Web developers, for their part, maintain that Safari and its underlying WebKit engine still lack the technical capabilities to allow web apps to compete with native apps on iOS hardware. To this day, it's argued, the fruit cart's laggardly implementation of Push Notifications remains subpar.

The enforcement of Europe's Digital Markets Act was expected to change that -- to promote competition held back by gatekeepers. But Apple, in a policy change critics have called "malicious compliance," appears to be putting web apps at an even greater disadvantage under the guise of compliance with European law. In the second beta release of iOS 17.4, which incorporates code to accommodate Europe's Digital Markets Act, Progressive Web Apps (PWAs) have been demoted from standalone apps that use the whole screen to shortcuts that open within the default browser. This appears to solely affect users in the European Union, though your mileage may vary. Concerns about this demotion of PWAs surfaced earlier this month, with the release of the initial iOS 17.4 beta. As noted by Open Web Advocacy -- a group that has lobbied to make the web platform more capable -- "sites installed to the home screen failed to launch in their own top-level activities, opening in Safari instead."

An anonymous reader quotes a report from Ars Technica: While the world awaits closing arguments later this year in the US government's antitrust case over Google's search dominance, a California judge has dismissed a lawsuit from 26 Google users who claimed that Google's default search agreement with Apple violates antitrust law and has ruined everyone's search results. Users had argued (PDF) that Google struck a deal making its search engine the default on Apple's Safari web browser specifically to keep Apple from competing in the general search market. These payments to Apple, users alleged, have "stunted innovation" and "deprived" users of "quality, service, and privacy that they otherwise would have enjoyed but for Google's anticompetitive conduct." They also allege that it created a world where users have fewer choices, enabling Google to prefer its own advertisers, which users said caused an "annoying and damaging distortion" of search results.

In an order (PDF) granting the tech companies' motion to dismiss, US District Judge Rita Lin said that users did not present enough evidence to support claims for relief. Lin dismissed some claims with prejudice but gave leave to amend others, allowing users another chance to keep their case -- now twice-dismissed -- at least partially alive. Under Lin's order, users will not be able to amend claims that Google and Apple executives allegedly sealed the default search deal on the condition that Apple would not create its own general search engine through "private, secret, and clandestine personal meetings." Because plaintiffs showed no evidence pinpointing exactly when Apple allegedly agreed to stay out of the general search market, these meetings, Lin reasoned, could just as easily indicate "rational, legal business behavior," rather than an "illegal conspiracy."

Users attempted to argue that Google and Apple intentionally hid these facts from the public, but Lin wrote that their "conclusory and vague allegations that defendants 'secretly conducted meetings' and 'engaged in conduct to obfuscate internal communications' are plainly insufficient." Sharing bystander photos documenting Google's Sundar Pichai and Apple's Tim Cook meeting at a restaurant with a manila folder tucked under Pichai's elbow did not help users' case. Lin was also not moved by users demonstrating that Google has a history of destroying evidence, because "they put forth no specific factual allegations that defendants did so in this case." However, users will have 30 days to amend currently "inadequately" alleged claims that "Google's exclusive default agreement, under which Apple set Google as the default search engine for its Safari web browser, foreclosed competition in the general search services market in the United States," Lin wrote. If users miss that deadline, the case will be tossed with no opportunities to further amend claims.

Apple is making changes to iOS in Europe to comply with the EU's Digital Markets Act cracking down on Big Tech gatekeepers. The act demands interoperability, fairness and privacy measures including allowing competing browser engines on iOS. Despite better browser choice, Google and Mozilla are unhappy with Apple's proposed changes. Mozilla says restricting browser engine integration to EU apps burdens rivals to build separate implementations. Mozilla's comment: "We are still reviewing the technical details but are extremely disappointed with Apple's proposed plan to restrict the newly-announced BrowserEngineKit to EU-specific apps. The effect of this would be to force an independent browser like Firefox to build and maintain two separate browser implementations -- a burden Apple themselves will not have to bear. Apple's proposals fail to give consumers viable choices by making it as painful as possible for others to provide competitive alternatives to Safari. This is another example of Apple creating barriers to prevent true browser competition on iOS." Google's VP of engineering for Chrome, Parisa Tabriz, commented on DeMonte's statement, saying, "Strong agree with Mozilla. Apple isn't serious about supporting web browser or engine choice on iOS. Their strategy is overly restrictive, and won't meaningfully lead to real choice for browser developers."

After declining to allow their iPad app to run on the Vision Pro before launch, YouTube now says it has an app on its roadmap. "We're excited to see Vision Pro launch and we're supporting it by ensuring YouTube users have a great experience in Safari," said YouTube spokesperson Jessica Gibby. "We do not have any specific plans to share at this time, but can confirm that a Vision Pro app is on our roadmap." The Verge reports: Gibby didn't give a date for this roadmap, so we'll have to wait and see what YouTube does here -- it could just tweak the iPad app, or it could do a lot more. One thing YouTube and Apple have not done yet is figure out support for the large library of 360 and VR video on YouTube right now -- YouTube has had 3D support since 2011 and 360 support since 2016, but none of it works on the Vision Pro. (Here I am interviewing Michelle Obama at the White House in 360 in 2016!)

I asked Apple if YouTube's 360 and 3D videos will ever work on the Vision Pro during our review, and Apple spokesperson Jackie Roy basically told me they aren't good enough, saying that "much of this content was created for devices that do not deliver a high-quality spatial experience. In some cases, this content could also cause motion discomfort. We've focused our efforts on delivering the best spatial media experience possible including spatial photos and videos, Apple Immersive Video, and 3D movies available on Apple TV." Tough! I asked YouTube if this new app will support VR and 360 video on the Vision Pro and have not heard back yet.

Apple's new rules in the European Union mean browsers like Firefox can finally use their own engines on iOS. Although this may seem like a welcome change, Mozilla spokesperson Damiano DeMonte tells The Verge it's "extremely disappointed" with the way things turned out. From a report: "We are still reviewing the technical details but are extremely disappointed with Apple's proposed plan to restrict the newly-announced BrowserEngineKit to EU-specific apps," DeMonte says. "The effect of this would be to force an independent browser like Firefox to build and maintain two separate browser implementations -- a burden Apple themselves will not have to bear." In iOS 17.4, Apple will no longer force browsers in the EU to use WebKit, the underlying engine that powers Safari. The change opens the door for other popular engines, such as Blink, which is used by Google Chrome and Microsoft Edge, as well as Gecko, the engine used by Firefox. It also means third-party browsers could become fully functional on iOS without any of the limitations that come along with WebKit.

Netflix is on everything. It's on your phone, computer, and game console, going all the way back to the Nintendo Wii. Hell, you can get your Netflix fix on a Peloton. One place where Netflix won't be is Apple's upcoming Vision Pro VR headset. Why isn't Netflix planning an app for what is Apple's big $3,500 gamble on the future of augmented reality? According to co-CEO Greg Peters, it's because the company doesn't know if anybody's actually going to use it. Gizmodo: More specifically, he called the device "subscale," adding that he didn't know if it would be "relevant to most of our members." That was in an interview with business analyst Ben Thompson, where Peters implied his company is being far more selective, at least when it comes to Apple's $3,500 "spatial computer."

"We have to be careful about making sure that we're not investing in places that are not really yielding a return, and I would say we'll see where things go with Vision Pro," the Netflix co-CEO said. The interview dropped barely a day after Peters got done extolling how the company gained more than 13 million new subscribers in the last three months of 2023 while also mentioning potentially increasing subscription prices. Other common apps like Spotify and YouTube also don't plan to have a Vision Pro-specific app at launch, instead directing people to log on through their Safari browser. Peters added that they still want to work with Apple, and "sometimes we find a great space of overlap. We can move very, very quickly. Sometimes it takes a little bit longer." The investment Netflix is talking about is not unchecking a box to enable the iPad app on the Vision Pro.

According to the Wall Street Journal, Apple is including new Stolen Device Protection in iOS 17.3 that requires authentication through Face ID or Touch ID to perform certain actions. The Verge reports: The new feature appears to come in response to the concerns raised in previous reports by The Wall Street Journal describing how thieves watch their victims type in their iPhone passcodes and then steal their devices. This gives thieves access to a trove of personal and financial information stored on the device, allowing them to lock victims out of their iCloud accounts and spend thousands of dollars using saved payment information.

If you opt in to the feature, you would have to verify your identity with face or fingerprint biometrics when doing things like viewing your saved passwords in iCloud Keychain, applying for a new Apple Card, factory resetting your device, using saved payment methods in Safari, and turning off Lost Mode. This way, thieves wouldn't be able to steal your information even if they have your phone and the passcode.

For even more sensitive actions, like changing your Apple ID password, changing your iPhone passcode, or turning off Find My, the new Stolen Device Protection feature adds an additional hurdle if the device is somewhere other than locations you often frequent, like at home or in the office. It requires you to not only verify your identity with Face ID or Touch ID but also wait one hour and then repeat the authentication process again.

Google pays Apple 36% of the revenue it earns from search advertising made through the Safari browser, the main economics expert for the Alphabet unit said Monday. From a report: Kevin Murphy, a University of Chicago professor, disclosed the number during his testimony in Google's defense at the Justice Department's antitrust trial in Washington. John Schmidtlein, Google's main litigator, visibly cringed when Murphy said the number, which was supposed to remain confidential.

Both Google and Apple had objected to revealing details publicly about their agreement. In a court filing last week, Google argued that revealing additional information about the deal "would unreasonably undermine Google's competitive standing in relation to both competitors and other counterparties."

Google Chief Executive Sundar Pichai took the stand Monday in the tech giant's antitrust trial, a pivotal moment in a case that could result in major changes to the company's search engine. From a report: Pichai described Google's search dominance as the result of its innovation and early investment in its Chrome browser. "We realized early on that browsers are critical to how people are able to navigate and use the web," Pichai said during questioning by Google lawyer John Schmidtlein.

"It became very clear early on that if you make the user's experience better, they would use the web more, they would enjoy using the web more, and they would search more in Google as well," Pichai said. [...] The nonjury trial is being heard by U.S. District Judge Amit Mehta, who could ultimately order a breakup or other changes to Google's business practices. Schmidtlein, Google's lead counsel, questioned Pichai about the deal at the heart of the case: the search giant's contract with Apple that makes it the default search engine on Apple's Safari web browser. The Apple deal "makes it very, very seamless and easy for users to use our services," Pichai said. "We know that making it the default will lead to increased usage of our products and services, particularly Google search in this case. So there is clear value in that and that's what we were looking for."

Google has worried for years that Apple would one day expand its internet search technology, and has been working on ways to prevent that from happening. From a report: For years, Google watched with increasing concern as Apple improved its search technology, not knowing whether its longtime partner and sometimes competitor would eventually build its own search engine. Those fears ratcheted up in 2021, when Google paid Apple around $18 billion to keep Google's search engine the default selection on iPhones, according to two people with knowledge of the partnership, who were not authorized to discuss it publicly. The same year, Apple's iPhone search tool, Spotlight, began showing users richer web results like those they could have found on Google.

Google quietly planned to put a lid on Apple's search ambitions. The company looked for ways to undercut Spotlight by producing its own version for iPhones and to persuade more iPhone users to use Google's Chrome web browser instead of Apple's Safari browser, according to internal Google documents reviewed by The New York Times. At the same time, Google studied how to pry open Apple's control of the iPhone by leveraging a new European law intended to help small companies compete with Big Tech. Google's anti-Apple plan illustrated the importance that its executives placed on maintaining dominance in the search business. It also provides insight into the company's complex relationship with Apple, a competitor in consumer gadgets and software that has been an instrumental partner in Google's mobile ads business for more than a decade.

Researchers have devised an attack that forces Apple's Safari browser to divulge passwords, Gmail message content, and other secrets by exploiting a side channel vulnerability in the A- and M-series CPUs running modern iOS and macOS devices. From a report: iLeakage, as the academic researchers have named the attack, is practical and requires minimal resources to carry out. It does, however, require extensive reverse-engineering of Apple hardware and significant expertise in exploiting a class of vulnerability known as a side channel, which leaks secrets based on clues left in electromagnetic emanations, data caches, or other manifestations of a targeted system. The side channel in this case is speculative execution, a performance enhancement feature found in modern CPUs that has formed the basis of a wide corpus of attacks in recent years. The nearly endless stream of exploit variants has left chip makers -- primarily Intel and, to a lesser extent, AMD -- scrambling to devise mitigations.

The researchers implement iLeakage as a website. When visited by a vulnerable macOS or iOS device, the website uses JavaScript to surreptitiously open a separate website of the attacker's choice and recover site content rendered in a pop-up window. The researchers have successfully leveraged iLeakage to recover YouTube viewing history, the content of a Gmail inbox -- when a target is logged in -- and a password as it's being autofilled by a credential manager. Once visited, the iLeakage site requires about five minutes to profile the target machine and, on average, roughly another 30 seconds to extract a 512-bit secret, such as a 64-character string.