A reporter for Medium's tech site OneZero recently spotted an especially bizarre ad on Instagram: The ad features a GIF of a person wearing a Fitbit-style wristband, with the text "Eliminate Cravings." Across the frame from their hand sits a giant slice of cake. As the person reaches towards the cake, the wristband turns red and zaps them with electricity. You can tell it's zapping them because the whole frame vibrates, and little lightning bolts shoot out of the wristband, like in an old-school Batman movie. All that's missing is an animated "POW!"

At first, I thought it must be either a joke or a metaphor...

Nope. It turns out the Pavlok is exactly what the ad suggests: a Bluetooth-connected, wearable wristband that uses accelerometers, a connected app, and a "snap circuit" to shock its users with 450 volts of electricity when they do something undesirable. The device costs $149.99 and is available on Amazon. The company says it has over 100,000 customers who use the device to help kill food cravings, quit smoking, and to stop touching their face... I immediately saw two fundamental truths at the exact same time. Firstly, the mere existence of an automated self-flagellation wristband is proof that we've reached Peak Wearables. And second, this is the perfect device for Our Times...

Pavlok's founder says he came up with the idea for the company after paying an assistant to slap him every time he went on Facebook.... Through a Chrome extension, it can also (Doom scrollers rejoice) automatically punish actions like spending too much time on Facebook, Twitter, and other potentially time-wasting websites. It can zap you when you open too many Chrome tabs — a use case I'd love to recommend to several programmer friends... But perhaps the most relevant feature for today's world is the ability to program the device to shock you every time you touch your face. This is something which humans do alarmingly often — up to 16 times per hour. The practice has been implicated in spreading coronavirus, or at least contaminating face masks and leading to wasted PPE...

Pavlok may sound bizarre, but it's just the logical extension of an overall trend toward using tech to tweak and prod our brains into new ways of thinking... Pavlok acts as the metaphorical stick to these apps' carrots, giving you the option to beat your brain into submission instead of just tweaking it.
In 2016 Mark Cuban called Pavlok "everything but a legitimate product" in what was probably one of the least-success Shark Tank appearances ever. But Medium's reporter seems convinced it's the appropriate response to this moment in time. "I only need to look at Twitter to feel that I'm being jolted awake with a powerful electrical shock...

"The real thing feels kind of appropriate."

At the Black Hat security conference, researchers from the Taiwanese cybersecurity firm CyCraft revealed at least seven Taiwanese chip firms have been breached over the past two years, reports Wired: The series of deep intrusions — called Operation Skeleton Key due to the attackers' use of a "skeleton key injector" technique — appeared aimed at stealing as much intellectual property as possible, including source code, software development kits, and chip designs. And while CyCraft has previously given this group of hackers the name Chimera, the company's new findings include evidence that ties them to mainland China and loosely links them to the notorious Chinese state-sponsored hacker group Winnti, also sometimes known as Barium, or Axiom. "This is very much a state-based attack trying to manipulate Taiwan's standing and power," says Chad Duffy, one of the CyCraft researchers who worked on the company's long-running investigation...

The researchers found that, in at least some cases, the hackers appeared to gain initial access to victim networks by compromising virtual private networks, though it wasn't clear if they obtained credentials for that VPN access or if they directly exploited vulnerabilities in the VPN servers. The hackers then typically used a customized version of the penetration testing tool Cobalt Strike, disguising the malware they planted by giving it the same name as a Google Chrome update file. They also used a command-and-control server hosted on Google's or Microsoft's cloud services, making its communications harder to detect as anomalous....

Perhaps the most remarkable of those new clues came from essentially hacking the hackers. CyCraft researchers observed the Chimera group exfiltrating data from a victim's network and were able to intercept an authentication token from their communications to a command-and-control server. Using that same token, CyCraft's analysts were able browse the contents of the cloud server, which included what they describe as a "cheat sheet" for the hackers, outlining their standard operating procedure for typical intrusions. That document was notably written in simplified Chinese characters, used in mainland China but not Taiwan...
"It's possible that what they're seeing is just a small fragment of a larger picture," says the director of Kaspersky's Global Research & Analysis Team, who tells Wired the group has also attacked telecoms, tech firms, and a broad range of other Taiwanese companies.

But in the same article one of CyCraft's researchers argues the group could be looking for even more exploits. "If you have a really deep understanding of these chips at a schematic level, you can run all sorts of simulated attacks on them and find vulnerabilities before they even get released."

An anonymous reader shares a report: Google has tried on and off for years to hide full URLs in Chrome's address bar, because apparently long web addresses are scary and evil. Despite the public backlash that came after every previous attempt, Google is pressing on with new plans to hide all parts of web addresses except the domain name in Chrome 86, this time accompanied by an admittedly hover animation. The new look builds upon the animation-less hover reveal that's already in testing, but in contrast to that method, the improved variant also displays the protocol and the subdomain, which remain invisible in the older version. That's achieved with a neat sliding animation that moves over the visible part of the URL to make space for the strings preceding it.

Google today launched ChromeOS.dev, a new site that aims to help developers get started with building Android apps for the company's Linux-based operating system. With today's update, Google is also making it easier to build and test Android applications on Chromebooks. From a report: The new ChromeOS.dev site, which is available in English and Spanish for now, is meant to "help developers maximize their capabilities on the platform through technical resources/tutorials, product announcements, code samples and more," a Google spokesperson told us. As Google notes in today's announcement, in the last quarter, Chromebook unit sales were up 127% year-over-year in the last quarter, compared to 40% for notebook sales in general. To help Android developers do all of their work on a Chromebook if they so desire, Google now offers the full Android Emulator on Chrome OS to test apps right on their Chromebooks. The team also made deploying apps on Chrome OS (M81 and newer) much easier. Developers can now deploy and test apps directly without having to use developer mode or connect devices via USB.

An anonymous reader writes: More than 80 million Chrome users have installed one of 295 Chrome extensions that have been identified to hijack and insert ads inside Google and Bing search results. The malicious extensions were discovered by AdGuard, a company that provides ad-blocking solutions, while the company's staff was looking into a series of fake ad-blocking extensions that were available on the official Chrome Web Store. AdGuard says that most of the extensions (245 out of the 295 extensions) were simplistic utilities that had no other function than to apply a custom background for Chrome's "new tab" page. In addition to the 295 cluster, AdGuard also found a large number of copycat extensions that cloned popular add-ons to capitalize on their brands, and then load malicious code that performed ad fraud or cookie stuffing. ZDNet has the full list of 295 Chrome extensions embedded in their article.

An anonymous reader shares a report: For years now, Google Chrome has been an absolute dominant force in the world of web browsers, but since the relaunch of Microsoft Edge based on Google's Chromium, that position has been challenged. Now, Google is preparing to drive more Android owners back to using Chrome through targeted notifications. Over the admittedly brief history of the Internet, there have been a number of fierce competitions, commonly called "browser wars," between companies, in an effort to get more people to use their particular web browser. Mozilla and Netscape waged war against Internet Explorer, and Chrome fought and won against Firefox. Most recently, Microsoft Edge and Samsung Internet have begun to wage war against Chrome on desktop and Android respectively. Now, we've found that Google is preparing to try and win back some of those who have left Chrome for other browsers, starting on Android. Based on our reading of a series of code changes, we believe Google Chrome for Android will send you a notification if you haven't used Chrome in a while.

July's statistics from web analytics firm Net Applications showed continuing changes in the most frequently-used web browsers. Softpedia reports: Last month, Google Chrome increased its market share from 70.19% to 71.00%, while Microsoft Edge jumped from 8.07% to 8.46%... The migration to the Chromium engine allowed Microsoft to turn Edge into a cross-platform browser, and this is one of the reasons that contributed to the growth of the new app. Edge is now available not only on Windows 10, but also on Windows 7, Windows 8, Windows 8.1, and even macOS. At the same time, Microsoft is also working on a Linux version of the browser, and a preview build is expected by the end of the year.

But what made Microsoft Edge the second most-used desktop browser out there so fast after the switch to Chromium is definitely Microsoft offering it as the default browser in Windows 10.
But what about Firefox? And Opera, and Apple's Safari? Computerworld reports: A decade ago, Mozilla's browser may have dreamed of upsetting the then-order of things, taking its April 2010 share of 25.1% and parlaying it into victory over IE — down to 61.2% by then... But that was Firefox's peak.

At the end of July, Firefox stood at 7.3%, down three-tenths of a percentage point from the previous month... Firefox let its second-place spot (far, far behind Chrome) slip away in March, when Edge snatched it. That did not change in July. The gap between the two more than doubled, in fact, to 1.2 points. On almost every browser share metric, Firefox is in trouble... Since the end of January, Firefox has been stuck in the 7s; for the eight months before that, it was mired in the 8s; and between May 2018 and March 2019, Firefox floundered in the 9s. The trend is crystal clear...

Elsewhere in Net Applications' numbers, Apple's Safari plunged to 3%, a loss of six-tenths of a point, its lowest mark since late 2008. Opera software's Opera also took a dive, ending July at 0.8%, a decline of three-tenths of a point. Those numbers have to be frightening to both those browsers' makers.

Some Windows 10 users have complained that when Microsoft sets up its Edge browser, it steals data from Chrome and Firefox without asking first, writes ZDNet columnist Chris Matyszczyk.

But today a reader sent him a new complaint involving Windows 7: "My wife's computer, which is running Windows 7, got a Windows update this morning, which then gave the full-screen welcome page for Edge Chromium. She was terrified as this looked exactly as if malware had taken over the machine... How could any application be running that she hadn't started? How is it that Microsoft can't manage to provide security updates for Windows 7, as it is end of life, but still manage to force a new web browser that isn't wanted on Windows 7 users...?"

"The full-screen welcome page for Chomium Edge did have a faint 'close' gadget in the top right, which was the very first thing we clicked... This still left Edge pinned on the taskbar and when I hovered over it, it showed all the recent sites she had visited on Chrome. So it must have stolen that data from Chrome which is the only browser she ever uses."
The ZDNet columnist shared his own reaction to the story. "Edge is a fine browser. It's quick, effective, and has superior privacy instincts than does Chrome. I have begun to use it and I like it. When you launch a new product, however, you have two choices: You can announce it, make people feel good about it, and then rely on word of mouth. Or you can try ramming it down people's throats.

"The former is often more effective. Microsoft has chosen the latter."

"Google has taken one step closer to banishing third-party cookies from Chrome," reports Engadget. The internet giant has started testing its trust tokens with developers, with promises that more would move to live tests "soon." As before, the company hoped to phase out third-party cookies in Chrome once it could meet the needs of both users and advertisers.

Trust tokens are meant to foster user trust across sites without relying on persistent identifying data like third-party cookies. They theoretically prevent bot-based ad fraud without tying data to individuals. This would be one framework as part of a larger Privacy Sandbox including multiple open standards.

The company still hopes to eliminate third-party cookies by 2022.

Google and Apple, which already battle over mobile operating systems, are opening a new front in their fight. How that plays out may determine the future of the web. From a report: Google was born on the web, and its business reflects its origin. The company depends on the web for search and advertising revenue. So it isn't a surprise that Google sees the web as key to the future of software. Front and center are web apps, interactive websites with the same power as conventional apps that run natively on operating systems like Windows, Android, MacOS and iOS. Apple has a different vision of the future, one that plays to its strengths. The company revolutionized mobile computing with its iPhone line. Its profits depend on those products and the millions of apps that run on them. Apple, unsurprisingly, appears less excited about developments, like web apps, that could cut into its earnings.

The two camps aren't simply protecting their businesses. Google and Apple have philosophical differences, too. Google, working to pack its dominant Chrome browser with web programming abilities, sees the web as an open place of shared standards. Apple, whose Safari browser lacks some of those abilities, believes its restraint will keep the web healthy. It wants a web that isn't plagued by security risks, privacy invasion and annoyances like unwanted notifications and permission pop-ups. Google leads a collection of heavy-hitting allies, including Microsoft and Intel, trying to craft new technology called progressive web apps, which look and feel like native apps but are powered by the web. PWAs work even when you have no network connection. You can launch PWAs from an icon on your phone home screen or PC start menu, and they can prod you with push notifications and synchronize data in the background for fast startup. PWA fans include Uber, travel site Trivago and India e-commerce site Flipkart. Starbucks saw its website usage double after it rolled out a PWA.

The split over native apps and web apps is more than just a squabble between tech giants trying to convert our lives online into their profits. How it plays out will shape what kind of a digital world we live in. Choosing native apps steers us to a world where we're locked into either iOS or Android, limited to software approved by the companies' app stores and their rules. Web apps, on the other hand, reinforce the web's strength as a software foundation controlled by no single company. A web app will work anywhere, making it easier to swap out a Windows laptop for an iPad. "What you're seeing is the tension between what is good for the user, which is to have a flexible experience, and what's good for the platform, which is to keep you in the platform as much as possible," said Mozilla Chief Technology Officer Eric Rescorla.

"Google has decided to disable a feature in Windows 10 version 2004 that allowed Chrome and Microsoft Edge browsers to use a lot less RAM," reports ZDNet: Windows 10 gave Win32 apps including Chrome access to a 'segment heap' API to allow apps to reduce memory usage, but as Techdows spotted, Chromium engineers have decided for now to turn off the feature by default in Chrome 85 after discovering it has a negative impact on CPU usage. Chrome 85 should reach stable status in August...

The CPU issue was discovered by an Intel engineer who found that when Chrome used segment heap, it led to significant performance regression in benchmarks on a PC with an Intel Core i9-9900K processor...

Microsoft has defended the trade-off between memory and CPU but conceded it can be implemented better to reduce the impact on CPU performance. "It is common practice to trade one resource for another. More often it's increased memory usage for reduced CPU usage. In this case it's increased CPU usage for dramatically reduced memory usage, or more accurately commit," wrote a Microsoft employee... "In the short term this is a good trade-off of one resource for another as memory/commit usage is a significant pain point for browser users," argued the Microsoft employee....

However, Chromium developers want to see more evidence about the possible impact of Chrome using segment heap... "The CPU cost (10% slowdown on Speedometer 2.0, 13% increase in CPU/power consumption) is too great for us to keep."

An anonymous reader quotes a report from VentureBeat: Google today launched Chrome 84 for Windows, Mac, Linux, Android, and iOS. Chrome 84 resumes SameSite cookie changes, includes the Web OTP API and Web Animations API, and removes older Transport Layer Security (TLS) versions. First deprecated with Chrome 81 in April, TLS 1.0 and TLS 1.1 have now been completely removed with Chrome 84. This is notable for anyone who manages a website, even if they don't use Chrome at home or at work. TLS is a cryptographic protocol designed to provide communications security over a computer network -- websites use it to secure all communications between their servers and browsers. TLS also succeeds Secure Sockets Layer (SSL) and thus handles the encryption of every HTTPS connection.

In May 2016, Chrome 51 introduced the SameSite attribute to allow sites to declare whether cookies should be restricted to a same-site (first-party) context. The hope was this would mitigate cross-site request forgeries (CSRF). Chrome 80 began enforcing a new secure-by-default cookie classification system, treating cookies that have no declared SameSite value as SameSite=Lax cookies. Only cookies set as SameSite=None; Secure are available in third-party contexts, provided they are being accessed from secure connections. Due to the coronavirus crisis, however, Google paused the SameSite cookie changes, with plans to resume enforcement sometime over the summer. SameSite cookie enforcement has now resumed with a gradual rollout ramping up over the next several weeks for Chrome 80 and newer.

Chrome 84 introduces the Web OTP API (formerly called the SMS Receiver API). This API helps users enter a one-time password (OTP) on a webpage when a specially crafted SMS message is delivered to their Android phone. When verifying the ownership of a phone number, developers typically send an OTP over SMS that must be manually entered by the user (or copied and pasted). The user has to switch to their native SMS app and back to their web app to input the code. The Web OTP API lets developers help users enter the code with one tap. Chrome 84 also adopts the Web Animations API, which gives developers more control over web animations. These can be used to help users navigate a digital space, remember your app or site, and provide implicit hints around how to use your product. Parts of the API have been around for some time, but this implementation brings greater spec compliance and supports compositing operations, which control how effects are combined and offer many new hooks that enable replaceable events. The API also supports Promises, which allow for animation sequencing and provide greater control over how animations interact with other app features.

The Wall Street Journal's senior personal tech columnist just published an article urging readers to "quit Chrome. Safari and Edge are just better browsers." It begins with the reporter pretending to break up with Chrome, adding "I'd say I'll remember the good times — your speed, your superb handling of Gmail — but your RAM hoovering, battery draining and privacy disregarding make it easy to not look back.

"This is the year, people. It's the year I challenge you to pack up your bookmarks and wave bye-bye to Google's browser..."

And the article is even accompanied by a video titled "Four ways to stop Chrome from slowing down your computer," where tip #1 is just: "Stop using Chrome..." "Sure, Chrome has far more browser market share [than Firefox, Safari, and Edge]. But all of them have actually gotten quite good over the last number of years. Heck, the new Microsoft Edge browser even uses Chromium, the same underlying technology as Chrome, and the performance is much improved, across Windows PCs, and Macs. Yes, Microsoft's browser is available for Mac, and it's good.

"In my weeks of testing, Edge used 5% less resources than Chrome on Windows. Safari used up to 10% less in some of my tests on my Mac. That meant up to 2 extra hours of battery life in their respective operating systems. Firefox, unfortunately, took up just as much power as Chrome. Google says it's working on some resource-saving improvements that will come in the next few months.

If you can switch to just one of those, go for it, even if just for their better privacy tools."
The video opens with a cartoon depiction of "Chrome-y," who lives inside your computer and eats your RAM and other resouces. "But don't worry. You can put him on a diet and take back your computer with some of these tips." The other tips including uninstalling extensions, and using Chrome's Task Manager to "spot and kill the RAM gobblers."

But throughout the video, "Chrome-y" continues chomping on your RAM...

The new lightweight and royalty-free AVIF image format is coming to web browsers. Work is almost complete on adding AVIF support to Google Chrome and Mozilla Firefox. From a report: The new image format is considered one of the lightest and most optimized image compression formats, and has already gained praise from companies such as Netflix, which considers it superior to existing image formats such as JPEG, PNG, and even the newer WebP. The acronym of AVIF stands for AV1 Image File Format. As its name hints, AVIF is based on AV1, which is a video codec that was developed in 2015, following a collaboration between Google, Cisco, and Xiph.org (who also worked with Mozilla). At the time, the three decided to pool their respective in-house video codecs (VPX, Thor, and Daala) to create a new one (AV1) that they planned to offer as an open-source and royalty-free alternative to all the commercial video codecs that had fragmented and clogged the video streaming market in the late 2000s and early 2010s.

Slashdot reader techtsp writes: Starting with October's release of Chrome 86, the web browser will offer a way to limit JavaScript timer wake ups in background web pages to one wake up per minute, restricting the execution of certain background tasks — for example, checking if the scroll position changed, reporting logs, and analyzing interactions with ads. Google plans to achieve this courtesy of a new experimental feature called "Throttle Javascript timers in background."

Google recently experimented with a prototype that limits Javascript timer wake ups to one per minute. In this experiment, Google opened 36 random tabs in the background while the foreground tab was about:blank. At the end of the experiment, Google found that throttling Javascript timers extends the battery life by almost 2 hours (28 percent) for a user with up to 36 background tabs, and when the foreground tab is about:blank...

Chrome will provide developers with a message in the DevTools console when a Javascript timer is delayed by more than 5 seconds.

An anonymous reader shares a report: The first Android version to support 64-bit architecture was Android 5.0 Lollipop, introduced back in November 2014. Since then, more and more 64-bit processors shipped, and today, virtually all Android devices are capable of running 64-bit software (excluding one or two or more oddballs). However, Google Chrome has never made the jump and is only available in a 32-bit flavor, potentially leading to some unnecessary security and performance degradations. That's finally changing: Starting with Chrome 85, phones running Android 10 and higher will automatically receive a 64-bit version. A look at chrome://version confirms as much: The current stable and beta builds, version 83 and 84, note that they're still 32-bit applications. Chrome Dev and Chrome Canary (release 85 and 86) are proper 64-bit apps. Google confirms as much on its Chromium Bugs tracker.

When compared in a number of Octane 2.0 benchmarks, the 64-bit version got consistently better results than the 32-bit version. It's possible that there have been other optimizations that make Chrome 85 faster than 83 -- the architecture is not necessarily all there is to it. Still, the benchmark results suggest that there are some enhancements, even if these tests aren't easy to translate to real-world usage.

Sean Hollister, writing for The Verge: If I told you that my entire computer screen just got taken over by a new app that I'd never installed or asked for -- it just magically appeared on my desktop, my taskbar, and preempted my next website launch -- you'd probably tell me to run a virus scanner and stay away from shady websites, no? But the insanely intrusive app I'm talking about isn't a piece of ransomware. It's Microsoft's new Chromium Edge browser, which the company is now force-feeding users via an automatic update to Windows. Seriously, when I restarted my Windows 10 desktop this week, an app I'd never asked for:

1. Immediately launched itself
2. Tried to convince me to migrate away from Chrome, giving me no discernible way to click away or say no
3. Pinned itself to my desktop and taskbar
4. Ignored my previous browser preference by asking me -- the next time I launched a website -- whether I was sure I wanted to use Chrome instead of Microsoft's oh-so-humble recommendation.
5. Did I mention that, as of this update, you can't uninstall Edge anymore?

Both Edge and Chrome already allow users to try unreleased, experimental features (by typing about:flags in the address bar). Soon there'll be a similar "Firefox Experiments" option starting in Firefox 79.

Slashdot reader techtsp shares this report from the Windows Club: Mozilla has a dedicated Experimental Features page on MDN just for that. But limiting experimental features to Firefox's Nightly channel has a limitation: A fairly limited number of "curious" users. Now, extending some of these experimental features to stable releases will increase the scope of "Firefox Experiments" as a whole... This option will allow users to enable/disable experimental features under Preferences...

[In Firefox 79] Navigate to Preferences by entering about:preferences in the browser's address bar or click the gear icon and got to "Preferences." Discover and set browser.preferences.experimental to True. Now, you should be able to see the "Firefox Experiments" menu under Firefox 79 Preferences.

An anonymous reader shares a column: Back when there were rumors of Google building an operating system, I thought "Lol." Then I watched then-PM Sundar Pichai announce Chrome OS. My heart raced. It was perfect. I got my email through Gmail, I wrote documents on Docs, I listened to Pandora, I viewed photos on TheFacebook. Why did I need all of Windows Vista? In 2010, I predicted that by 2020 Chrome OS would be the most popular desktop OS in the world. It was fast, lightweight, and $0. "Every Windows and OS X app will be re-built for the browser!" I thought. Outlook > Gmail. Excel > Sheets. Finder > Dropbox. Photoshop > Figma. Terminal > Repl.it. All of your files would be accessible by whoever you wanted, wherever you wanted, all the time. It was obvious. Revolutionary. I haven't installed MSFT Office on a machine since 2009. Sheets and Docs have been good enough for me. The theoretical unlimited computing power and collaboration features meant Google Docs was better than Office (and free!). Then something happened at Google. I'm not sure what. But they stopped innovating on cloud software.

Docs and Sheets haven't changed in a decade. Google Drive remains impossible to navigate. Sharing is complicated. Sheets freezes up. I can't easily interact with a Sheets API (I've tried!). Docs still shows page breaks by default! WTF! Even though I have an iPhone and a MacBook, I've been married to Google services. I browse Chrome. I use Gmail. I get directions and lookup restaurants on Maps. I'm a YouTube addict. Yet I've been ungluing myself from Google so far this year. Not because of Google-is-reading-my-emails-and-tracking-every-keystroke reasons, but because I like other software so much more that it's worth switching. At WWDC, Apple shared Safari stats for macOS Big Sur. It reminded me how much Chrome makes my machine go WHURRRRRR. [...] I've given up on Google Docs. I can never find the documents Andy shares with me. The formatting is tired and stuck in the you-might-print-this-out paradigm. Notion is a much better place to write and brainstorm with people. The mobile Google results page is so cluttered that I switched my iPhone's default search to DuckDuckGo. The results are a tad worse, but I'm never doing heavy-duty searches on the go. And now I don't have to scroll past 6 ads to get the first result. DuckDuckGo's privacy is an added bonus.

With Safari on iOS 14, MacOS Big Sur and iPadOS 14, you'll be able to log in to websites using Apple's Face ID and Touch ID biometric authentication. That's a powerful endorsement for technology called FIDO -- Fast Identity Online -- that's paving the way to a future without passwords. From a report: Apple disclosed the biometric authentication support in Safari on Wednesday at WWDC, its annual developers conference. "It's both much faster and more secure," Apple Safari programmer Jiewen Tan said during one of the WWDC video sessions Apple offered after the coronavirus pandemic pushed the conference online. The change is a big boost for browser technology called Web Authentication, aka WebAuthn, developed by the FIDO consortium allies. Apple's not the first supporter -- it's already in Mozilla Firefox, Google Chrome and Microsoft Edge, and works with Windows Hello facial recognition and Android fingerprint authentication.