×
Firefox

Does Desktop Linux Have a Firefox Problem? (osnews.com) 164

Posted by EditorDavid from the tangle-web dept.
OS News' managing editor calls Firefox "the single most important desktop Linux application," shipping in most distros (with some users later opting for a post-installation download of Chrome).

But "I'm genuinely worried about the state of browsers on Linux, and the future of Firefox on Linux in particular..." While both GNOME and KDE nominally invest in their own two browsers, GNOME Web and Falkon, their uptake is limited and releases few and far between. For instance, none of the major Linux distributions ship GNOME Web as their default browser, and it lacks many of the features users come to expect from a browser. Falkon, meanwhile, is updated only sporadically, often going years between releases. Worse yet, Falkon uses Chromium through QtWebEngine, and GNOME Web uses WebKit (which are updated separately from the browser, so browser releases are not always a solid metric!), so both are dependent on the goodwill of two of the most ruthless corporations in the world, Google and Apple respectively.

Even Firefox itself, even though it's clearly the browser of choice of distributions and Linux users alike, does not consider Linux a first-tier platform. Firefox is first and foremost a Windows browser, followed by macOS second, and Linux third. The love the Linux world has for Firefox is not reciprocated by Mozilla in the same way, and this shows in various places where issues fixed and addressed on the Windows side are ignored on the Linux side for years or longer. The best and most visible example of that is hardware video acceleration. This feature has been a default part of the Windows version since forever, but it wasn't enabled by default for Linux until Firefox 115, released only in early July 2023. Even then, the feature is only enabled by default for users of Intel graphics — AMD and Nvidia users need not apply. This lack of video acceleration was — and for AMD and Nvidia users, still is — a major contributing factor to Linux battery life on laptops taking a serious hit compared to their Windows counterparts... It's not just hardware accelerated video decoding. Gesture support has taken much longer to arrive on the Linux version than it did on the Windows version — things like using swipes to go back and forward, or pinch to zoom on images...

I don't see anyone talking about this problem, or planning for the eventual possible demise of Firefox, what that would mean for the Linux desktop, and how it can be avoided or mitigated. In an ideal world, the major stakeholders of the Linux desktop — KDE, GNOME, the various major distributions — would get together and seriously consider a plan of action. The best possible solution, in my view, would be to fork one of the major browser engines (or pick one and significantly invest in it), and modify this engine and tailor it specifically for the Linux desktop. Stop living off the scraps and leftovers thrown across the fence from Windows and macOS browser makers, and focus entirely on making a browser engine that is optimised fully for Linux, its graphics stack, and its desktops. Have the major stakeholders work together on a Linux-first — or even Linux-only — browser engine, leaving the graphical front-end to the various toolkits and desktop environments....

I think it's highly irresponsible of the various prominent players in the desktop Linux community, from GNOME to KDE, from Ubuntu to Fedora, to seemingly have absolutely zero contingency plans for when Firefox enshittifies or dies...
Encryption

Google's Chrome Begins Supporting Post-Quantum Key Agreement to Shield Encryption Keys (theregister.com) 13

Posted by EditorDavid from the quantum-leaps dept.
"Teams across Google are working hard to prepare the web for the migration to quantum-resistant cryptography," writes Chrome's technical program manager for security, Devon O'Brien.

"Continuing with our strategy for handling this major transition, we are updating technical standards, testing and deploying new quantum-resistant algorithms, and working with the broader ecosystem to help ensure this effort is a success." As a step down this path, Chrome will begin supporting X25519Kyber768 for establishing symmetric secrets in TLS, starting in Chrome 116, and available behind a flag in Chrome 115. This hybrid mechanism combines the output of two cryptographic algorithms to create the session key used to encrypt the bulk of the TLS connection:

X25519 — an elliptic curve algorithm widely used for key agreement in TLS today
Kyber-768 — a quantum-resistant Key Encapsulation Method, and NIST's PQC winner for general encryption

In order to identify ecosystem incompatibilities with this change, we are rolling this out to Chrome and to Google servers, over both TCP and QUIC and monitoring for possible compatibility issues. Chrome may also use this updated key agreement when connecting to third-party server operators, such as Cloudflare, as they add support. If you are a developer or administrator experiencing an issue that you believe is caused by this change, please file a bug.
The Register delves into Chrome's reasons for implementing this now: "It's believed that quantum computers that can break modern classical cryptography won't arrive for 5, 10, possibly even 50 years from now, so why is it important to start protecting traffic today?" said O'Brien. "The answer is that certain uses of cryptography are vulnerable to a type of attack called Harvest Now, Decrypt Later, in which data is collected and stored today and later decrypted once cryptanalysis improves." O'Brien says that while symmetric encryption algorithms used to defend data traveling on networks are considered safe from quantum cryptanalysis, the way the keys get negotiated is not. By adding support for a hybrid KEM, Chrome should provide a stronger defense against future quantum attacks...

Rebecca Krauthamer, co-founder and chief product officer at QuSecure, told The Register in an email that while this technology sounds futuristic, it's useful and necessary today... [T]he arrival of capable quantum computers should not be thought of as a specific, looming date, but as something that will arrive without warning. "There was no press release when the team at Bletchley Park cracked the Enigma code, either," she said.
Chrome

Google Chrome Switching To Weekly Security Patch Updates (9to5google.com) 28

Posted by BeauHD from the addressing-the-security-patch-gap dept.
Google announced today that Chrome is now adopting weekly Stable channel updates in an effort to block major exploits quicker. 9to5Google reports: Google's browser gets major "milestone" updates every four (previously six) weeks, like going from version 100 to 101. In the past, Chrome would get a "Stable Refresh" update to "address security and other high impact bugs" in-between milestones every two weeks. This is now changing to occur weekly between milestones, starting with Google Chrome 116 on desktop and mobile, so that security updates get to end users much faster. Since Chromium is an open source project, "anyone can view the source code, submit changes for review, and see the changes made by anyone else, even security bug fixes." [...]

The current patch gap is around 15 days. It was previously 35 days before switching to patch updates every two weeks in 2020. Google expects weekly patch updates to result in security fixes shipping "3.5 days sooner on average, greatly reducing the already small window for n-day attackers to develop and use an exploit against potential victims and making their lives much more difficult." This new schedule will also result in fewer unplanned updates that occur when there are known in-the-wild exploits: "By now shipping stable updates weekly, we expect the number of unplanned updates to decrease since we'll be shipping updates more frequently."
Google

Google Fails To End $5 Billion Consumer Privacy Lawsuit (reuters.com) 29

Posted by msmash from the tussle-continues dept.
A U.S. judge rejected Google's bid to dismiss a lawsuit claiming it invaded the privacy of millions of people by secretly tracking their internet use. From a report: U.S. District Judge Yvonne Gonzalez Rogers on Monday said she could not find that users consented to letting Google collect information about what they viewed online because the Alphabet unit never explicitly told them it would. David Boies, a lawyer for the plaintiffs in the proposed $5 billion class action, called the decision "an important step in protecting the privacy interests of millions of Americans."

The plaintiffs alleged that Google's analytics, cookies and apps let the Mountain View, California-based company track their activity even when they set Google's Chrome browser to "Incognito" mode and other browsers to "private" browsing mode. They said this let Google learn enough about their friends, hobbies, favorite foods, shopping habits, and "potentially embarrassing things" they seek out online, becoming "an unaccountable trove of information so detailed and expansive that George Orwell could never have dreamed it."
AI

Microsoft's AI-Powered Bing Chat Is Coming To Mobile Browsers 9

Posted by BeauHD from the open-access dept.
Microsoft is bringing its AI-powered Bing Chat to all mobile browsers as part of the broader changes to stop blocking Bing Chat on third-party browsers. The Verge reports: Bing Chat first launched in February, but it was restricted to Microsoft's own Edge browser. Microsoft started opening up to Chrome and Safari desktop browsers in late July as part of testing for full third-party browser support. "With so many new, useful features now a part of Bing, we're excited to announce you can start experiencing the new AI-powered Bing in third-party browsers on web and mobile soon," says the Bing team in a blog post. "This next step in the journey allows Bing to showcase the incredible value of summarized answers, image creation and more, to a broader array of people."
Piracy

Z-Library Rolls Out Browser Extensions In Anticipation of Domain Name Troubles (torrentfreak.com) 15

Posted by BeauHD from the no-signs-of-slowing-down dept.
Pirate eBook repository Z-Library has launched browser extensions that should make it easier for users to find the site if its current domains are seized in the future. While the site doesn't explicitly mention the U.S. Government crackdown, it likely plays a key role in the decision to make these extensions available. TorrentFreak reports: Since the shadow library is now well aware that its domain names could be taken away at any moment, numerous precautions are being taken to mitigate the risks. A few weeks ago, Z-Library released a dedicated desktop application that should make it easier to access the site. The software has the ability to redirect users to working domains and whenever necessary, connect over the Tor network, which also helps to evade blocking efforts. In an announcement this week, the operators of the shadow library unveiled new precautionary tools to redirect users to working domains, including any new ones, should they be needed.

The new browser extensions are available for both Chrome and Firefox and promise 'seamless access' to alternative domains in the event that existing ones run into trouble. "Say goodbye to searching for available domains, as this handy extension takes care of everything for you. Simplify your online library experience and enjoy seamless access to a world of knowledge, right at your fingertips. "After launching the extension, the process of searching for an available domain will begin. Within some seconds when the domain is found, you will be redirected to the library homepage," Z-Library explains.

While installing browser extensions should always happen with caution, in just a few hours thousands of Z-Library users have already installed the new software. According to the Chrome store, the Z-Library Finder currently has over 7,000 users. These extensions may indeed help to point users to new domain names, but the solution isn't bulletproof. The authorities may attempt to remove the listings from the Chrome and Firefox extension libraries, for example. Even if Z-Library decides to self-host these tools, they still rely on technical infrastructure that could be targeted in the future. That being said, the releases are still notable; it's rare to a service going full steam ahead in the face of an active criminal case.
Chrome

ChromeOS Is Splitting the Browser From the OS, Getting More Like Linux 19

Posted by BeauHD from the behind-the-scenes-changes dept.
Google's long-running project to split up ChromeOS and its Chrome browser is currently in beta and should be live in the stable channel later this month. The flags that turn on the feature by default were spotted by Kevin Tofel from About Chromebooks. Ars Technica reports: The project is called "Lacros" which Google says stands for "Linux And ChRome OS." This will split ChromeOS's Linux OS from the Chrome browser, allowing Google to update each one independently. Google documentation on the project says, "On Chrome OS, the system UI (ash window manager, login screen, etc.) and the web browser are the same binary. Lacros separates this functionality into two binaries, henceforth known as ash-chrome (system UI) and lacros-chrome (web browser)." Part of the project involves sprucing up the ChromeOS OS, and Google's docs say, "Lacros can be imagined as 'Linux chrome with more Wayland support.'"

On the browser side, ChromeOS would stop using the bespoke Chrome browser for ChromeOS and switch to the Chrome browser for Linux. The same browser you get on Ubuntu would now ship on ChromeOS. In the past, turning on Lacros in ChromeOS would show both Chrome browsers, the outgoing ChromeOS one and the new Linux one. Lacros has been in development for around two years and can be enabled via a Chrome flag. Tofel says his 116 build no longer has that flag since it's the default now. Google hasn't officially confirmed this is happening, but so far, the code is headed that way.
Businesses

GameStop To Remove Crypto Wallets Citing 'Regulatory Uncertainty' (coindesk.com) 11

Posted by msmash from the rolling-back-to-normal dept.
Video game retailer GameStop said it will remove its support for crypto wallets citing regulatory uncertainty in the United States, just one year after rolling out the service. From a report: "Due to the regulatory uncertainty of the crypto space, GameStop has decided to remove its iOS and Chrome Extension wallets from the market on November 1, 2023," according to its website. Customers will have access until October 1. The wallets, which were rolled out just about a year ago, allow users to manage crypto and non-fungible tokens (NFTs) throughout decentralized apps and enable transactions of GameStop's NFT marketplace.
The Internet

'Tor's Shadowy Reputation Will Only End If We All Use It' (engadget.com) 65

Posted by BeauHD from the not-what-you-think-it-is dept.
Katie Malone writes via Engadget: "Tor" evokes an image of the dark web; a place to hire hitmen or buy drugs that, at this point, is overrun by feds trying to catch you in the act. The reality, however, is a lot more boring than that -- but it's also more secure. The Onion Router, now called Tor, is a privacy-focused web browser run by a nonprofit group. You can download it for free and use it to shop online or browse social media, just like you would on Chrome or Firefox or Safari, but with additional access to unlisted websites ending in .onion. This is what people think of as the "dark web," because the sites aren't indexed by search engines. But those sites aren't an inherently criminal endeavor.

"This is not a hacker tool," said Pavel Zoneff, director of strategic communications at The Tor Project. "It is a browser just as easy to use as any other browser that people are used to." That's right, despite common misconceptions, Tor can be used for any internet browsing you usually do. The key difference with Tor is that the network hides your IP address and other system information for full anonymity. This may sound familiar, because it's how a lot of people approach VPNs, but the difference is in the details. VPNs are just encrypted tunnels hiding your traffic from one hop to another. The company behind a VPN can still access your information, sell it or pass it along to law enforcement. With Tor, there's no link between you and your traffic, according to Jed Crandall, an associate professor at Arizona State University. Tor is built in the "higher layers" of the network and routes your traffic through separate tunnels, instead of a single encrypted tunnel. While the first tunnel may know some personal information and the last one may know the sites you visited, there is virtually nothing connecting those data points because your IP address and other identifying information are bounced from server to server into obscurity.

Accessing unindexed websites adds extra perks, like secure communication. While a platform like WhatsApp offers encrypted conversations, there could be traces that the conversation happened left on the device if it's ever investigated, according to Crandall. Tor's communication tunnels are secure and much harder to trace that the conversation ever happened. Other use cases may include keeping the identities of sensitive populations like undocumented immigrants anonymous, trying to unionize a workplace without the company shutting it down, victims of domestic violence looking for resources without their abuser finding out or, as Crandall said, wanting to make embarrassing Google searches without related targeted ads following you around forever.
DRM

Google's Nightmare 'Web Integrity API' Wants a DRM Gatekeeper For the Web 163

Posted by msmash from the closer-look dept.
Google's newest proposed web standard is... DRM? Over the weekend the Internet got wind of this proposal for a "Web Environment Integrity API. " From a report: The explainer is authored by four Googlers, including at least one person on Chrome's "Privacy Sandbox" team, which is responding to the death of tracking cookies by building a user-tracking ad platform right into the browser. The intro to the Web Integrity API starts out: "Users often depend on websites trusting the client environment they run in. This trust may assume that the client environment is honest about certain aspects of itself, keeps user data and intellectual property secure, and is transparent about whether or not a human is using it."

The goal of the project is to learn more about the person on the other side of the web browser, ensuring they aren't a robot and that the browser hasn't been modified or tampered with in any unapproved ways. The intro says this data would be useful to advertisers to better count ad impressions, stop social network bots, enforce intellectual property rights, stop cheating in web games, and help financial transactions be more secure. Perhaps the most telling line of the explainer is that it "takes inspiration from existing native attestation signals such as [Apple's] App Attest and the [Android] Play Integrity API." Play Integrity (formerly called "SafetyNet") is an Android API that lets apps find out if your device has been rooted.

Root access allows you full control over the device that you purchased, and a lot of app developers don't like that. So if you root an Android phone and get flagged by the Android Integrity API, several types of apps will just refuse to run. You'll generally be locked out of banking apps, Google Wallet, online games, Snapchat, and some media apps like Netflix. [...] Google wants the same thing for the web. Google's plan is that, during a webpage transaction, the web server could require you to pass an "environment attestation" test before you get any data. At this point your browser would contact a "third-party" attestation server, and you would need to pass some kind of test. If you passed, you would get a signed "IntegrityToken" that verifies your environment is unmodified and points to the content you wanted unlocked. You bring this back to the web server, and if the server trusts the attestation company, you get the content unlocked and finally get a response with the data you wanted.
Chrome

Google Urges Gmail Users to Enable 'Enhanced Safe Browsing' for Faster, More Proactive Protection (msn.com) 58

Posted by EditorDavid from the click-no-evil dept.
The Washington Post's "Tech Friend" newsletter has the latest on Google's "Enhanced Safe Browsing" for Chrome and Gmail, which "monitors the web addresses of sites that you visit and compares them to constantly updated Google databases of suspected scam sites." You'll see a red warning screen if Google believes you're on a website that is, for example, impersonating your bank. You can also check when you're downloading a file to see if Google believes it might be a scam document. In the normal mode without Enhanced Safe Browsing, Google still does many of those same security checks. But the company might miss some of the rapid-fire activity of crooks who can create a fresh bogus website minutes after another one is blocked as a scam.

This enhanced security feature has been around for three years, but Google recently started putting a message in Gmail inboxes suggesting that people turn on Enhanced Safe Browsing.

Security experts told me that it's a good idea to turn on this safety feature but that it comes with trade-offs. The company already knows plenty about you, particularly when you're logged into Gmail, YouTube, Chrome or other Google services. If you turn on Enhanced Safe Browsing, Google may know even more about what sites you're visiting even if you're not signed into a Google account. It also collects bits of visual images from sites you're visiting to scan for hallmarks of scam sites.

Google said it will only use this information to stop bad guys and train its computers to improve security for you and everyone else. You should make the call whether you are willing to give up some of your privacy for extra security protections from common crimes.
Gmail users can toggle the feature on or off at this URL. Google tells users that enabling the feature will provide "faster and more proactive protection against dangerous websites, downloads, and extensions."

The Post's reporter also asked Google why it doesn't just enable the extra security automatically, and "The company told me that because Google is collecting more data in Enhanced Safe Browsing mode, it wants to ask your permission."

The Post adds as an aside that "It's also not your fault that phishing scams are everywhere. Our whole online security system is unsafe and stupid... Our goal should be to slowly replace the broken online security system with newer technologies that ditch our crime-prone password system for different methods of verifying we are who we say we are."
Chrome

ChromeOS 115 Rolling Out: Android App Streaming, PDF Signatures (9to5google.com) 4

Posted by BeauHD from the new-and-improved dept.
An anonymous reader quotes a report from 9to5Google: Google is rolling out ChromeOS 115 as a bigger-than-usual update with a number of user-facing additions over the coming days. Amidst I/O 2023, Google announced the beta availability of Android App Streaming from your Pixel (4a+) or Xiaomi (12T, 12T Pro, 13, 13 Pro) phone running Android 13 and newer with Cross-Device Services installed. It's now entering stable with ChromeOS 115 so that you can stream apps from your mobile device to your Chromebook. This is framed as letting you "complete quick tasks like replying to a conversation, checking on the status of a rideshare or delivery, and editing your shopping list."

Android apps, which open in a phone-sized window, can be launched via the Phone Hub where you get a row of Recent apps at the bottom of the panel with the ability to browse all compatible "Apps from your phone." Applications can also open when you tap through a messaging notification. When opening PDFs in the Gallery app, ChromeOS 115 adds a signature tool. Appearing next to Draw in the top toolbar, you can add a signature, which is much easier with a touchscreen than a trackpad and save it for future use. You can place it in any document and resize the signature to ensure line fit. Lastly, Google has updated the keyboard Shortcuts app with "new navigation and taxonomy," improved search, and a "refreshed shortcut visualization" that better shows what to press.

Meanwhile, this is unmentioned in the stable release notes, but ChromeOS 115 is testing better windowing options in the beta channel. Hovering over the expand/minimize button in the top-right corner control group will show you a new layout menu. There's Split (half), Partial, Full and Float. That last option is new and makes it so that the window is always on top, just like Picture-in-Picture (PiP) for video. The other options were previously accessed by dragging a window and moving to the left/right side of the screen until an overlay appears. This approach is much more accessible and hopefully sees a wide launch soon. The announcement can be read here.
Google

Google Starts the GA Rollout of Its Privacy Sandbox APIs To All Chrome Users (techcrunch.com) 11

Posted by msmash from the PSA dept.
Google continues the rollout of its Privacy Sandbox APIs -- its replacement for tracking cookies for the online advertising industry. From a report: Today, right on schedule and in time for the launch of Chrome 115 into the stable release channel, Google announced that it will now start enabling the relevance and measurement APIs in its browser. This will be a gradual rollout, with Google aiming for a 99% availability by mid-August. At this point, Google doesn't expect to make any major changes to the APIs. This includes virtually all of the core Privacy Sandbox features, including Topics, Protected Audience, Attribution Reporting, Private Aggregation, Shared Storage and Fenced Frames. It's worth noting that for the time being, Privacy Sandbox will run in parallel with third-party cookies in the browser. It won't be until early 2024 that Google will deprecate third-party cookies for 1% of Chrome users. After that, the process will speed up though and Google will deprecate these cookies for all users by the second half of 2024.
Encryption

macOS Sonoma Brings Apple Password Manager To Third-Party Browsers (macrumors.com) 19

Posted by BeauHD from the what-to-expect dept.
An anonymous reader quotes a report from MacRumors: The macOS Sonoma update that is in testing allows Mac owners who opt to use Google Chrome, Microsoft Edge, or another browser to use Apple's Password Manager for filling passwords. Developers and public beta testers running macOS Sonoma can use their iCloud Keychain passwords with non-Safari browsers at this time, autofilling passwords and one-time codes. Third-party browsers can also save new passwords.

Apple has made an iCloud Passwords Chrome extension available for macOS Sonoma users, and it can be downloaded and installed to access Apple passwords on the Chrome browser or any Chromium-based browser. Apple plans to release a similar extension for the Microsoft Edge browser in the near future. Google and other browser developers are also working on implementing support for Passkeys, the password alternative that Apple introduced last year.
Firefox

Firefox 115 Released (mozilla.org) 61

Posted by msmash from the moving-forward dept.
williamyf writes: Today, Mozilla released Firefox 115. Changes most visible to users include:

* Hardware video decoding is now enabled for Intel GPUs on Linux..

* Migrating from another browser? Now you can bring over payment methods you've saved in Chrome-based browsers to Firefox.

* The Tab Manager dropdown now features close buttons, so you can close tabs more quickly.

* The Firefox for Android address bar's new search button allows you to easily switch between search engines and search your bookmarks and browsing history.

* We've refreshed and streamlined the user interface for importing data in from other browsers.

* Users without platform support for H264 video decoding can now fallback to Cisco's OpenH264 plugin for playback.

But the most important feature is that this release is the new ESR. Why this is important? y'all ask, well:

* Many a "downstream" project depends on Firefox ESR, for example the famous email client Thunderbird, or KaiOS (a mobile OS very popular in India, SE Asia, Africa and LatAm), so, for better or worse, whatever made it to (or is lacking from) this version of the browser, those projects have to use for the next year.

* Firefox ESR is the default browser of many distros, like Debian and Kali Linux, so, whatever made it to this version will be there for next year, ditto to whatever is lacking.

* If you are on old -- unsupported OSs, like Windows 7, 8-8.1 or MacOS 10.14 (Mojave, the last MacOS with support for 32 Bit Apps), 10.13 or 10.12 you will automatically be migrated to Firefox ESR, so this will be your browser until Sept. 2024.
Chrome

Google's New Standard For ChromeOS: 'Chromebook X' (9to5google.com) 27

Posted by BeauHD from the best-of-what-ChromeOS-has-to-offer dept.
Google is launching the "Chromebook X" program, aiming to differentiate high-quality laptops and tablets from standard Chromebooks by improving hardware specifications and adding exclusive features such as enhanced video conferencing capabilities and unique wallpapers. Chromebook X devices, expected to be priced between $350 and $500, will provide users with an elevated experience beyond the basic functionality of traditional Chromebooks. The devices are anticipated to be available in stores by the end of the year, coinciding with the release of ChromeOS version 115 or newer. 9to5Google reports: For the past few months, Google has been preparing new branding for above average devices from various Chromebook makers. Notably, we haven't yet seen any signs of Google making a Chromebook X device of its own, which is honestly a shame considering how long it's been since a Pixelbook has been released. The Chromebook X brand, which could change before launch, will appear somewhere on a laptop/tablet's chassis, with a mark that could be as simple as an "X" next to the usual "Chromebook" logo. There should also be a special boot screen instead of the standard "chromeOS" logo that's shown on all machines today.

Aside from the added "X," what actually sets a Chromebook X apart from other devices is the hardware inside. Specifically, Google appears to require a certain amount of RAM, a good-quality camera for video conferencing, and a (presumably) higher-end display. Beyond that, Google has so far made specific preparations for Chromebook X models to be built on four types of processors from Intel and AMD (though newer generations will likely also be included): AMD Zen 2+ (Skyrim), AMD Zen 3 (Guybrush), and Intel Core 12th Gen (Brya & Nissa).

To further differentiate Chromebook X models from low-end Chromebooks, Google is also preparing an exclusive set of features. As mentioned, one of the key focuses of Chromebook X is video conferencing, with Google requiring an up-to-spec camera. Complementing that hardware, Google is bringing unique features like Live Caption (adding generated captions to video calls), a built-in portrait blur effect, and "voice isolation." Earlier this year, we reported that ChromeOS was readying a set of "Time Of Day" wallpapers and screen savers that would change in appearance throughout the day, particularly to match the sunrise and sunset. We now know that these are going to be exclusive to Chromebook X devices. To ensure that those wallpapers only appear on Chromebook X and can't be forcibly enabled, Google is preparing a system it calls "feature management." At the moment, feature management is only used to check whether to enable Chromebook X exclusives. Based on that, some other exclusive features of Chromebook X include: Support for up to 16 virtual desks; "Pinned" (available offline) files from Google Drive; and A revamped retail demo mode.
Bug

Windows 11 Update Breaks Chrome for Some Antivirus Software Users (bleepingcomputer.com) 49

Posted by EditorDavid from the broken-Windows dept.
Wednesday BleepingComputer reported: Malwarebytes confirmed today that the Windows 11 22H2 KB5027231 cumulative update released this Patch Tuesday breaks Google Chrome on its customers' systems... While uninstalling the KB5027231 update fixes the issue, admins report that it's not possible to do so via Windows Server Update Services because of a "catastrophic error..." The Google Chrome process is actually running but is prevented from fully launching the application and loading the user interface due to the conflict.
Then Friday BleepingComputer reported that the same update "also breaks Google Chrome on systems protected by Cisco and WatchGuard EDR and antivirus solutions." "We deploy Secure Endpoint 8.1.7 to our few thousand devices, and we started getting a mountain of reports this morning that Google Chrome would not appear on the screen after attempting to open it," one admin said. "With a little trial & error, I found that killing the Secure Endpoint service or uninstalling Secure Endpoint will allow Chrome to open again..."

WatchGuard staff also confirmed on Friday that Google Chrome wouldn't open on Windows 11 after installing KB5027231 if anti-exploit protection is enabled in the company's Endpoint Security software.
Thanks to Slashdot reader boley1 for sharing the news.
Google

Google Lifts Ban on Downloader App (arstechnica.com) 10

Posted by msmash from the righting-the-wrong dept.
Google has reversed the suspension of an Android TV app that was hit with a copyright complaint simply because it is able to load a pirate website that can also be loaded in any standard web browser. From a report: The Downloader app, which combines a web browser with a file manager, is back in the Google Play Store after an absence of nearly three weeks. As we previously reported, Google suspended the app based on a Digital Millennium Copyright Act (DMCA) complaint from several Israeli TV companies that said the app "allows users to view the infamous copyright infringing website known as SDAROT." But that same website could be viewed on any standard browser, including Google's own Chrome app.

"The app was removed on May 19th due to the DMCA takedown request," developer Elias Saba wrote in a blog post today. "Instead of recognizing the absurdity of the claim that a web browser is somehow liable for all the unauthorized use of copyrighted content on the Internet, Google took a backseat and denied my appeal to have the app reinstated." The free app has been downloaded over 5 million times on Google Play and is available on the Amazon app store for devices such as Fire TVs. In addition to the rejected appeal, Saba filed a DMCA counter notification with Google. That "started a 10-business-day countdown for the [TV companies'] law firm to file legal actions against me," Saba wrote today. "Due to the app being removed on a Friday and the Memorial Day holiday, 10 business days had elapsed with no word from the law firm on June 6th and I contacted Google to have the app reinstated."
Google

Google's Password Manager Gains Biometric Authentication on Desktop (techcrunch.com) 18

Posted by msmash from the PSA dept.
Google's aiming to make it easier to use and secure passwords -- at least, for users of the Password Manager tool built into its Chrome browser. From a report: Today, the tech giant announced that Password Manager, which generates unique passwords and autofills them across platforms, will soon gain biometric authentication on PC. (Android and iOS have had biometric authentication for some time.) When enabled, it'll require an additional layer of security, like fingerprint recognition or facial recognition, before Chrome autofills passwords.

Exactly which types of biometrics are available in Password Manager on desktop will depend on the hardware attached to the PC, of course (e.g. a fingerprint reader), as well as whether the PC's operating system supports it. Beyond "soon," Google didn't say when to expect the feature to arrive.
Cellphones

Progressive Web Apps 'Don't Spy or Clog Your Phone'. Do You Use Them? (msn.com) 94

Posted by EditorDavid from the outside-the-store dept.
"It's worth questioning the status quo of technology," argues the Washington Post's Tech Friend newsletter, "including apps as we know them."

Then they tout the benefits of the "non-app app... a hybrid of a website and a conventional app, with features of each" — the unappreciated Progressive Web App (which many still don't know can be installed on your phone's home screen): Web apps look and function pretty much like the conventional apps for your phone or computer, but they clog less space on your device and are less pushy about surveilling you. People who make web apps also say they are easier to create and update than conventional apps... But web apps have been around for years, and most people don't know they exist...

[Traditional apps] come with profound downsides, including Big Tech control, privacy compromises and high development costs. It would be healthy if there were palatable alternative paths to our current app system. Web apps might be part of the solution... At their core, web apps are "the web with an app-like cover," said Rob Kochman, senior product manager for Google's Chrome. Kochman and other web app fans say these apps are less demanding and less intrusive than a conventional app. The web app for Starbucks, for example, takes up just 429 kilobytes of storage on my phone — or less than 1 percent of the storage taken by the standard Starbucks Android app...

And by design, once a conventional app is on your phone, it can access your phone's guts and peek under the hood of your internet network. Web apps are stingier about access, Kochman and other experts told me. "If you're worried about installing some app, you'd probably prefer that as a web app," said a veteran tech executive who helped develop the original technology for web apps. He referred to a web app as "just a website that took all the right vitamins...."

It's difficult to figure out which companies make web apps or find them. There's not an app store for web apps, although there are some attempts like Store.App and Appscope. They're not ideal... Some technologists told me that Apple has held back web apps by limiting their capabilities for Apple devices. The company has said that's not true. And this year, Apple added iPhone feature options for web apps...

We should keep challenging what can feel like immutable parts of digital life, including apps. We have to keep asking: What if there's something better?
It's as easy as "press the three-dot icon, then select 'Add to home screen.'" But it'd be interesting to hear the perspective of Slashdot readers. So share your thoughts and experiences in the comments.

Are you using progressive web apps?

Slashdot Top Deals