Linux on Chromebooks is finally coming out of beta with the release of Chrome OS 91, Google said at its developer I/O conference. From a report: The company had offered Linux apps on Chrome OS alongside Android apps, hoping to reach an audience of developers with IDEs and so on. However, the Linux Development Environment, as Google had dubbed it, had been in beta ever since while first launched. The company had added new features at a steady cadence, enabling things like GPU acceleration, better support for USB drives, and so on so people could be more productive while using Linux apps. Alongside Linux, Google also announced that it would be bringing Android 11 to Chromebooks. Technically, the update has already started with Chrome OS 90 for select Chromebooks, and it'll come with a host of new features including increased optimization of Android apps and a new dark theme. Google's increased support of Android is no coincidence. The company says that the operating system sees 3x increased usage of Android apps, and the new Android 11 update will see Android move to a virtual machine rather than the current container based method, making it easier to update in the future.

Chrome, at least in its experimental Canary version on Android (and only for users in the U.S.), is getting an interesting update in the coming weeks that brings back RSS, the once-popular format for getting updates from all the sites you love in Google Reader and similar services. From a report: In Chrome, users will soon see a 'Follow' feature for sites that support RSS and the browser's New Tab page will get what is essentially a (very) basic RSS reader -- I guess you could almost call it a "Google Reader." Now we're not talking about a full-blown RSS reader here. The New Tab page will show you updates from the sites you follow in chronological order, but it doesn't look like you can easily switch between feeds, for example. It's a start, though.

"Today, people have many ways to keep up with their favorite websites, including subscribing to mailing lists, notifications and RSS. It's a lot for any one person to manage, so we're exploring how to simplify the experience of getting the latest and greatest from your favorite sites directly in Chrome, building on the open RSS web standard," Janice Wong, Product Manager, Google Chrome, writes in today's update. "Our vision is to help people build a direct connection with their favorite publishers and creators on the web." A Google spokesperson told me that the way the company has implemented this is to have Google crawl RSS feeds "more frequently to ensure Chrome will be able to deliver the latest and greatest content to users in the Following section on the New Tab page."

The same technology that powers Google Duplex to call businesses and make appointments for you is being used to help you automatically change your password to a website that's been compromised in a security breach. TechCrunch reports: This new feature will start to roll out slowly to Chrome users on Android in the U.S. soon (with other countries following later), assuming they use Chrome's password-syncing feature. It's worth noting that this won't work for every site just yet. As a Google spokesperson told us, "the feature will initially work on a small number of apps and websites, including Twitter, but will expand to additional sites in the future."

At Google I/O 2021 today, Google confirmed that Android 12 is getting a huge new design. Ars Technica reports: Google calls the new design "Material You," and just like in the leaks, it's a UI that changes colors like a chameleon. For now, this design will only show up in Google Pixels, but Google says it will roll out across the ecosystem to the web, Chrome OS, smart displays, cars, watches, tablets, and every other Google form factor. The new interface is powered by a "color extraction" API that can pull the colors out of your wallpaper and apply them to the UI. This sounds exactly like the Palette API that was introduced in Android 5.0 (along with the original introduction of Material Design), but it's apparently a second swing at the color extraction idea, and Google is heavily using it in the UI now. The demo interfaces featured customized highlight colors, clock faces, widget backgrounds, and more, all matching the color of your wallpaper. Besides new colors, there are also tons of layout changes to the quick settings and notification panel. The first public beta of Android is now available. Google Pixel smartphones as far back as the Pixel 3 are eligible, as well as several devices from device-maker partners, including ASUS and OnePlus.

Microsoft today acknowledged that the company isn't going to release its Windows 10X operating system variant, as reported more than a week ago. Mary Jo Foley, writing at ZDNet: Don't be surprised if you missed the acknowledgement, as Microsoft buried it in its blog post about the rollout of the Windows 10 21H1 feature update -- which it published at the start of the Google I/O keynote. Toward the end of the post, under the "Our customer first focus" subheading, officials said Windows 10X wouldn't be coming to market in 2021, after all. Instead, Microsoft will be integrating some of the 10X "foundational" technologies into other parts of Windows and other products. Windows 10X was supposed to be Microsoft's answer to Chrome OS -- a simpler Windows 10 variant that was slated to debut first on PCs for education and the first line-worker market.

Google announced a new feature for its Chrome browser today that alerts you when one of your passwords has been compromised and then helps you automatically change your password with the help of... wait for it ... Google's Duplex technology. From a report: This new feature will start to roll out slowly to Chrome users on Android in the U.S. soon (with other countries following later), assuming they use Chrome's password-syncing feature. It's worth noting that this won't work for every site just yet. As a Google spokesperson told us, "the feature will initially work on a small number of apps and websites, including Twitter, but will expand to additional sites in the future."

Now you may remember Duplex as the somewhat controversial service that can call businesses for you to make hairdresser appointments or check opening times. Google introduced Duplex at its 2018 I/O developer conference and launched it to a wider audience in 2019. Since then, the team has chipped away at bringing Duplex to more tasks and brought it the web, too. Now it's coming to Chrome to change your compromised passwords for you.

Google, making the announcement in a blog post: We're updating the way Google Docs renders documents. Over the course of the next several months, we'll be migrating the underlying technical implementation of Docs from the current HTML-based rendering approach to a canvas-based approach to improve performance and improve consistency in how content appears across different platforms. We don't expect this change to impact the functionality of the features in Docs. However, this may impact some Chrome extensions, where they may no longer work as intended.

Some Chrome extensions rely on the way the backend of a Google Doc is structured or specific bits of HTML to function properly. By moving away from HTML-based rendering to a canvas-based rendering, some Chrome extensions may not function as intended on docs.google.com and may need to be updated. Admins should review the current extensions deployed in their organization. [...] If you are building your own integrations with Google Docs, we recommend using Google Workspace Add-ons framework, which uses the supported Workspace APIs and integration points. This will help ensure there will be less work in the future to support periodic UI implementation changes to Docs.

The Electronic Frontier Foundation (EFF) has filed a lawsuit against the remote testing company Proctorio on behalf of Miami University student Erik Johnson. The Verge reports: The lawsuit is intended to "quash a campaign of harassment designed to undermine important concerns" about the company's remote test-proctoring software, according to the EFF. The lawsuit intends to address the company's behavior toward Johnson in September of last year. After Johnson found out that he'd need to use the software for two of his classes, Johnson dug into the source code of Proctorio's Chrome extension and made a lengthy Twitter thread criticizing its practices -- including links to excerpts of the source code, which he'd posted on Pastebin. Proctorio CEO Mike Olsen sent Johnson a direct message on Twitter requesting that he remove the code from Pastebin, according to screenshots viewed by The Verge. After Johnson refused, Proctorio filed a copyright takedown notice, and three of the tweets were removed. (They were reinstated after TechCrunch reported on the controversy.)

In its lawsuit, the EFF is arguing that Johnson made fair use of Proctorio's code and that the company's takedown "interfered with Johnson's First Amendment right." "Copyright holders should be held liable when they falsely accuse their critics of copyright infringement, especially when the goal is plainly to intimidate and undermine them," said EFF Staff Attorney Cara Gagliano in a statement. "I'm doing this to stand up against student surveillance, as well as abuses of copyright law," Johnson told The Verge. "This isn't the first, and won't be the last time a company abuses copyright law to try and make criticism more difficult. If nobody calls out this abuse of power now, it'll just keep happening."

On iOS, Apple wants all the browsers to run WebKit. Even Google Chrome is forced to use WebKit on iOS devices. Alex Russel, Google's engineer, in a blog post outlines his case: Apple's iOS browser (Safari) and engine (WebKit) are uniquely under-powered. Consistent delays in the delivery of important features ensure the web can never be a credible alternative to its proprietary tools and App Store. Alex has cited an example of this by mentioning Stadia and other cloud gaming services. Apple did not allow those services to be available on the App Store and pushed them to use the web instead, which requires Apple to allow gamepad APIs so controllers can be used with these new web apps. That is a function that other browsers have offered for a long time except on iOS. He writes: Suppose Apple had implemented WebRTC and the Gamepad API in a timely way. Who can say if the game streaming revolution now taking place might have happened sooner? It's possible that Amazon Luna, NVIDIA GeForce NOW, Google Stadia, and Microsoft xCloud could have been built years earlier. It's also possible that APIs delivered on every other platform, but not yet available on any iOS browser (because Apple), may hold the key to unlocking whole categories of experiences on the web. Blog WCCFTech adds: Alex has also talked about how iOS browsers are underpowered in several other places compared to the competition. For starters, iOS browsers lack push notifications, standardized Progressive Web App (PWA) install buttons, background sync, and numerous other tools that make it easier for developers to make fully functional web apps. Access to hardware such as Bluetooth, USB, and NFC are also not easily available. Last but not least, the royalty-free AV1 standard is also not available.

New submitter oblom writes about Mighty, a new approach to web browsing: In short, server-side web navigation, with client-side rendering. Per Y Combinator founder Paul Graham: "Usually when people talk about grand things like changing "the future of computing," they're full of it. But not this time. Suhail [founder of Mighty] has been working on this for 2 years. There's a good chance it's the new default infrastructure. Suhail writes in a blog post: After 2 years of hard work, we've created something that's indistinguishable from a Google Chrome that runs at 4K, 60 frames a second, takes no more than 500 MB of RAM, and often less than 30% CPU with 50+ tabs open. This is the first step in making a new kind of computer. [...] When you switch to Mighty, it will feel like you went out and bought a new computer with a much faster processor and much more memory. But you don't have [to] buy a new computer. All you have to do is download a desktop app.

To make Mighty work, we had to solve a lot of complex engineering problems, including designing a custom server to keep costs low, building a custom low-latency networking protocol, forking Chromium to integrate directly with various low-level render/encoder pipelines, and making the software interoperate with a long list of macOS features. We are working hard at ramping up server capacity across the world as we roll it out to users. You might be thinking: "Yeah but what about the lag?" Lag would have been a real problem 5 years ago, but new advances since then have allowed us to eliminate nearly all of it: 5 Ghz WiFi bands, H.265 hardware-accelerated low-latency encoders, widespread 100 Mbps Internet, and cheaper, more powerful GPUs. We also designed a new low-latency network protocol, and we locate servers as close to users geographically as possible. As a result, a user with 100 Mbps internet will rarely notice lag while using Mighty. Watch this demo video and see for yourself.

Artem S. Tashkinov writes: Over the past ten years, Firefox market share has decreased substantially and the web browser has lost its appeal and coolness. Seeing that, someone at Mozilla probably decided that the best way to entice people back is by changing its UI, thus Firefox has already seen quite a huge number of changes despite other major web browsers staying relatively the same in terms of their visuals; i.e. Google Chrome and Apple Safari look almost the same as they did a decade ago. The most substantial redesign, which is being prepared for the next release, called Proton, promises to drive most power users away because it's broken on a number of levels and makes using the browser a very unpleasant experience.

So, what has changed:
- The compact density option for the address bar is now gone, and not only that, the title bar is now a lot taller than before. Overall, vertically, the title bar and address bar now take almost a dozen pixels more than previous Firefox releases, which steals very precious vertical space.
- The floating tabs. The active tab is now totally disconnected from the active web page and it looks out of place.
- The inactive tabs now completely lack a delimiter between them; and in the case of websites lacking a favicon, all inactive tabs look like one, which makes understanding what's open and what to click very difficult and time consuming.
- Mozilla has removed icons from menus, which makes navigating them slower and more difficult. Human beings can easily recognize and memorize icons, and now instead you have to read 20 menu items and try to understand what you actually need to click. Just to illustrate it, check how Firefox 88 looks and what is up and coming.

It surely looks like whatever UX studies Mozilla has done were either not run properly, or the data being collected was not properly understood. Mozilla has disabled feedback for Firefox, they've made it abundantly clear that you cannot leave comments in their Bugzilla, and considering they want to deprecate userChrome.css, it makes it impossible to restore the semblance of a good web browser experience. The Slashdot crowd loves free and open-source web browsers, so the question is, how can we make the company stop maiming and destroying their most important product?

wiredmikey shares a report from SecurityWeek: Google late Tuesday shipped another urgent security patch for its dominant Chrome browser and warned that attackers are exploiting one of the zero-days in active attacks. This is the fourth in-the-wild Chrome zero-day discovered so far in 2021 and the continued absence of IOC data or any meaningful information about the attacks continue to raise eyebrows among security experts.

The newest Chrome update -- 90.0.4430.85 -- is available for Windows, Mac and Linux users and is being rolled out via the browser's automatic update mechanism. The vulnerability being exploited is identified as CVE-2021-21224 and simply described as a "type confusion" in the V8 Chrome rendering engine. Google credited the Jose Martinez (tr0y4) from VerSprite Inc. for reporting the vulnerability. "Google is aware of reports that exploits for CVE-2021-21224 exist in the wild," the company said, with no additional details.

An anonymous reader quotes a report from 9to5Google: The latest addition coming to Microsoft Edge is "performance mode." Rolling out first to the Canary channel, "performance mode" in Microsoft Edge is designed to improve how the browser uses the resources available to it. In practice, Microsoft says the new mode will improve speed and responsiveness overall while "optimizing" the use of battery, CPU, and RAM. Apparently, the mode may adjust based on your browsing habits too. "Performance mode helps you optimize speed, responsiveness, memory, CPU and battery usage," says Microsoft. "Performance improvements might vary depending on your individual specifications and browser habits."

One specific change Microsoft notes is that the "Sleeping Tabs" feature in Edge will be locked to five minutes when performance mode is turned on. "Sleeping Tabs" essentially freezes a tab that's left open in the background, saving resources when it's not actively being used. Performance Mode is rolling out now in version 91.0.856.0, available in the Canary channel. The toggle is available in the "System" section of the settings menu.

AmiMoJo writes: WordPress announced over the weekend that they plan on treating Google's new FLoC tracking technology as a security concern and hence block it by default on WordPress sites. For some time, browsers have begun to increasingly block third-party browser cookies used by advertisers for interest-based advertising. In response, Google introduced a new ad tracking technology called Federated Learning of Cohorts, or FLoC, that uses a web browser to anonymously place users into interest or behavioral buckets based on how they browse the web. After Google began testing FLoC this month in Google Chrome, there has been a consensus among privacy advocates that Google's FLoC implementation just replaces one privacy risk with another one.

"WordPress powers approximately 41% of the web -- and this community can help combat racism, sexism, anti-LGBTQ+ discrimination and discrimination against those with mental illness with four lines of code," says WordPress. WordPress states that this code is planned for WordPress 5.8, scheduled for release in July 2021. As FLoC is expected to roll out sooner, WordPress is considering back-porting this code to earlier versions to "amplify the impact" on current versions of the blogging platform. Further reading: Nobody is Flying To Join Google's FLoC.

Google is all alone with its proposed advertising technology -- FLoC-- to replace third-party cookies. Every major browser that uses the open source Chromium project has declined to use it, and it's unclear what that will mean for the future of advertising on the web. Firefox, Safari, Microsoft Edge, Vivaldi, and Brave have said they are not implementing Google's FLoC into their browsers.

An Indian security researcher has published today proof-of-concept exploit code for a recently discovered vulnerability impacting Google Chrome, Microsoft Edge, and other Chromium-based browsers like Opera and Brave. From a report: The researcher, Rajvardhan Agarwal, told The Record today that the exploit code is for a Chromium bug that was used during the Pwn2Own hacking contest that took place last week. During the contest, security researchers Bruno Keith (@bkth_) & Niklas Baumstark (@_niklasb) of Dataflow Security used a vulnerability to run malicious code inside Chrome and Edge, for which they received $100,000. Per contest rules, details about this bug were handed over to the Chrome security team so the bug could be patched as soon as possible. While details about the exact nature of the bug were never publicly disclosed, Agarwal told The Record he spotted the patches for this bug by looking at the source code commits to the V8 JavaScript engine, a component of the Chromium open-source browser project, which allowed him to recreate the Pwn2Own exploit, which he uploaded earlier today on GitHub, and shared on Twitter. However, while Chromium developers have patched the V8 bug last week, the patch has not yet been integrated into official releases of downstream Chromium-based browsers such as Chrome, Edge, and others, which are still vulnerable to attacks.

A Google proposal which enables a web browser to treat a group of domains as one for privacy and security reasons has been opposed by the W3C Technical Architecture Group (TAG). From a report: Google's First Party Sets (FPS) relates to the way web browsers determine whether a cookie or other resource comes from the same site to which the user has navigated or from another site. The browser is likely to treat these differently, an obvious example being the plan to block third-party cookies. The proposal suggests that where multiple domains owned by the same entity -- such as google.com, google.co.uk, and youtube.com -- they could be grouped into sets which "allow related domain names to declare themselves as the same first-party." The idea allows for sites to declare their own sets by means of a manifest in a known location. It also states that "the browser vendor could maintain a list of domains which meet its UA [User Agent] policy, and ship it in the browser."

In February 2019, Google software engineer Mike West requested a TAG review and feedback on the proposal was published yesterday. "It has been reviewed by the TAG and represents a consensus view," the document says. According to the TAG, "the architectural plank of the origin has remained relatively steady" over the last 10 years, despite major changes in web technology. It added: "We are concerned that this proposal weakens the concept of origin without considering the full implications of this action." The group identified some vagueness in the proposal, such as whether FPS applies to permissions such as access to microphone and camera. A Google Chrome engineering manager has stated: "No, we are not proposing to change the scope for permissions. The current scope for FPS is only to be treated as a privacy boundary where browsers impose cross-site tracking limitations." But the TAG reckons that the precise scope of FPS should be laid out in the proposal. A second concern is over the suggestion that browser vendors would ship their own lists. "This could lead to more application developers targeting specific browsers and writing web apps that only work (or are limited to) those browsers, which is not a desirable outcome," said the TAG.

An anonymous reader quotes a report from Motherboard: Students of color have long complained that the facial detection algorithms Proctorio and other exam surveillance companies use fail to recognize their faces, making it difficult if not impossible to take high-stakes tests. Now, a software researcher, who also happens to be a college student at a school that uses Proctorio, says he can prove the Proctorio software is using a facial detection model that fails to recognize Black faces more than 50 percent of the time. Akash Satheesan, the researcher, recently published his findings in a series of blog posts. In them, he describes how he analyzed the code behind Proctorio's extension for the Chrome web browser and found that the file names associated with the tool's facial detection function were identical to those published by OpenCV, an open-source computer vision software library. Satheesan demonstrated for Motherboard that the facial detection algorithms embedded in Proctorio's tool performed identically to the OpenCV models when tested on the same set of faces. Motherboard also consulted a security researcher who validated Satheesan's findings and was able to recreate his analysis. [...]

Satheesan tested the models against images containing nearly 11,000 faces from the FairFaces dataset, a library of images curated to contain labeled images representative of multiple ethnicities and races. The models failed to detect faces in images labeled as including Black faces 57 percent of the time. Some of the failures were glaring: the algorithms detected a white face, but not a Black face posed in a near-identical position, in the same image. The pass rates for other groups were better, but still far from state-of-the-art. The models Satheesan tested failed to detect faces in 41 percent of images containing Middle Eastern faces, 40 percent of those containing white faces, 37 percent containing East Asian faces, 35 percent containing Southeast Asian or Indian faces, and 33 percent containing Latinx faces.

This week the lead consumer technology writer for The New York Times urged readers to switch their browser from Chrome, Safari, or Microsoft Edge to a private browser.

"For about a week, I tested three of the most popular options — DuckDuckGo, Brave and Firefox Focus. Even I was surprised that I eventually switched to Brave as the default browser on my iPhone." Firefox Focus, available only for mobile devices like iPhones and Android smartphones, is bare-bones. You punch in a web address and, when done browsing, hit the trash icon to erase the session. Quitting the app automatically purges the history. When you load a website, the browser relies on a database of trackers to determine which to block.

The DuckDuckGo browser, also available only for mobile devices, is more like a traditional browser. That means you can bookmark your favorite sites and open multiple browser tabs. When you use the search bar, the browser returns results from the DuckDuckGo search engine, which the company says is more focused on privacy because its ads do not track people's online behavior. DuckDuckGo also prevents ad trackers from loading. When done browsing, you can hit the flame icon at the bottom to erase the session.

Brave is also more like a traditional web browser, with anti-tracking technology and features like bookmarks and tabs. It includes a private mode that must be turned on if you don't want people scrutinizing your web history. Brave is also so aggressive about blocking trackers that in the process, it almost always blocks ads entirely. The other private browsers blocked ads less frequently....

In the end, though, you probably would be happy using any of the private browsers... For me, Brave won by a hair. My favorite websites loaded flawlessly, and I enjoyed the clean look of ad-free sites, along with the flexibility of opting in to see ads whenever I felt like it. Brendan Eich, the chief executive of Brave, said the company's browser blocked tracking cookies "without mercy."

"If everybody used Brave, it would wipe out the tracking-based ad economy," he said.

Count me in.

An anonymous reader quotes a report from Ars Technica: Google is officially bringing its "Live Caption" technology to any website with the new version of Chrome. The feature, which debuted on Pixel phones and should be available on most Android 10+ devices, lets you easily apply Google's speech-to-text technology to any audio source, making it simple to get closed-captioning on audio that's lacking in the accessibility department. Starting today, Google is beginning to roll out the feature to Chrome 89 and up on desktop PCs.

You can enable the feature from the Chrome settings by going to "Advanced" and "Accessibility" and then turning on "Live Caption." Live captions appear on webpages as a gray box that fills with text as the video or audio plays. You can drag the box around so it never gets in the way, and you can even pick between two sizes. Live Caption will attempt to work with every audio source on the web; you can temporarily close the box each time you load a page, but there's no way to enable it on some websites and disable it on others. Google says all the processing happens locally on your device and won't end up on the Internet. For now, Google says Live Caption "currently supports English and is available globally on the latest release of Chrome on Windows, Mac and Linux devices and will be coming soon to ChromeOS."