Google

Google Chrome To Identify and Label Slow Websites (techcrunch.com) 53

Is it the web page that's slow or is it your network connection? In the future, Google's Chrome web browser may have an answer for you. From a report: Google announced today a plan to identify and label websites that typically load slowly by way of clear badging. The company says it may later choose to identify sites that are likely to be slow based on the user's device and current network conditions, as well. Google hasn't yet determined how exactly the slow websites will be labeled, but says it may experiment with different options to see which makes the most sense. For example, a slow-loading website may show a "Loading..." page that includes a warning, like a caution icon and text that reads "usually loads slow." Meanwhile, a fast website may display a green progress indicator bar at the top of the page instead of a blue one. And for links, Chrome may use the context menu to help users know if the site will be slow so you can decide whether or not you want to click.
Google

Google Wants Chrome To Offer Instantaneous and Native App-Like Experiences (venturebeat.com) 45

An anonymous reader writes: At Chrome Dev Summit in San Francisco today, Google shared its latest vision for the web. First, the company is trying to make loading disappear via instantaneous experiences. The company demoed Web Bundles, a new platform primitive that lets developers distribute their content across any format without a constant connection, and Portals, an experimental API that lets developers instantly give users access to their web experiences. Secondly, Google wants to have Chrome offer native app-like experiences. The Background Sync API will proactively cache web content and SMS Retriever adds two factor SMS functionality to web apps.
Microsoft

Reactions To the News That Microsoft's Edge Browser Is Coming to Linux (msn.com) 194

"Microsoft is bringing Edge to Linux, for all the Microsoft fans running Linux," jokes the headline at the Inquirer. ("We can just imagine the amount of bunting and party poppers that the Linux community has just ordered. After all, why wouldn't you want a browser from the company that you joined Linux to get away from?") And the headline at Liliputting quips that the Edge browser "is coming to Linux (whether you want it or not)," calling the move "the latest evidence that Microsoft's relationship to Linux has changed a lot in recent years.

But TechRadar had an even more sardonic headline. "Hell freezes over as Microsoft Edge comes to Linux." One other thing to consider is that the introduction of Edge to Linux is something of a thorny subject in that the folks who choose a Linux distro often do so to break away from the chains of Microsoft and Windows (or indeed Apple). So certainly some of the more fervent open source types out there may not welcome a Microsoft browser with open arms, and doubtless it will be regarded with suspicion in some quarters. No matter how much Microsoft has been banging the open source drum in many different ways in recent times.

That said, there will doubtless be Linux users who are curious, and may want to pick up a mainstream alternative to Firefox on Linux which, when compared to Chrome -- with its famous memory hogging antics -- makes a far preferable choice in some respects. Edge will also do streaming better (by default Chrome limits you to 720p when you're trying to watch a spot of Netflix). All the testing feedback about Edge has been pretty positive in the main thus far, too, so maybe that will persuade even doubters to at least consider it.

One thing's for sure: it will certainly be interesting to see the reaction Microsoft's browser gets when it is deployed to Linux.

Edge may face a rocky reception. "I am not feeling a tingling all over at the thought of Edge coming to Linux," posted one commenter on Beta News. "It's not really necessary to bring Linux down to the level of Windows 10."

But how do Slashdot's readers feel? What's your reaction to the news that Microsoft's Edge browser is coming to Linux?
Firefox

Firefox Turns 15 (fastcompany.com) 50

harrymcc writes: On November 9 2004, a new version of Mozilla's browser called Firefox shipped. It was taking on one of the most daunting monopolies in tech: Microsoft's Internet Explorer, which had more than 90 percent market share. But Firefox was really good, and it became an instant hit, ending Microsoft's dominance of the web. Over at Fast Company, Sean Captain took a look at the browser's original rise, the challenges it faced after Google's Chrome arrived on the scene, and the moves it's currently making to put user privacy first.
Security

DNS-over-HTTPS Will Eventually Roll Out in All Major Browsers, Despite ISP Opposition (zdnet.com) 119

All major browsers -- including Chrome, Firefox, Safari, Opera, Microsoft Edge, Vivaldi, Brave -- have plans to support DNS-over-HTTPS (or DoH), a protocol that encrypts DNS traffic and helps improve a user's privacy on the web. From a report: The DoH protocol has been one of the year's hot topics. It's a protocol that, when deployed inside a browser, it allows the browser to hide DNS requests and responses inside regular-looking HTTPS traffic. Doing this makes a user's DNS traffic invisible to third-party network observers, such as ISPs. But while users love DoH and have deemed it a privacy boon, ISPs, networking operators, and cyber-security vendors hate it. A UK ISP called Mozilla an "internet villain" for its plans to roll out DoH, and a Comcast-backed lobby group has been caught preparing a misleading document about DoH that they were planning to present to US lawmakers in the hopes of preventing DoH's broader rollout. However, this may be a little too late. ZDNet has spent the week reaching out to major web browser providers to gauge their future plans regarding DoH, and all vendors plan to ship it, in one form or another.
Chrome

Chrome OS 78 Rolling Out With Picture-In-Picture Support For YouTube, Split Browser/Device Settings, More (9to5google.com) 15

The latest version of Chrome OS, version 78, adds separate browser and device settings, click-to-call, and picture-in-picture support for YouTube. It also introduces virtual desktop support for the operating system with a feature called Virtual Desks. 9to5Google reports: Chrome is getting another cross-device sharing feature after "Send this page" widely rolled in September. With "click-to-call," you can right-click on phone number links -- like tel:800-800-8000 -- to have them sent to your Android device. It's quicker than manually entering those digits or transferring via email. Chrome OS 78 will separate browser and device settings. The former is accessible directly at chrome://settings and what opens when clicking "Settings" at the bottom of the Overflow menu in the top-right corner of any browser window. It opens as a tab and provides web-related preferences. Meanwhile, chrome://os-settings opens as its own window, and can be accessed from the quick settings sheet. It provides device options like Wi-Fi, Bluetooth, and Assistant in a white Material Theme UI with an icon in the launcher/app shelf.

YouTube for Android now supports picture-in-picture with Chrome OS 78. After starting a video in the mobile client, switching to another window, covering, or minimizing the app will automatically open a PiP in the bottom-right corner. Available controls include switching to audio, play/pause, and skipping to the next track. In the top-left, you can expand the window and a settings gear on the other side allows you to open system settings. Tapping in the center expands and returns you to the YouTube Android app.
Chrome OS 78 simplifies the printing experience by automatically listing compatible printers without any prior setup required. There are also a number of Linux on Chrome OS enhancements in this version:

- Backups of Linux apps and files can now be saved to local storage, external drive, or Google Drive. That copy can be then restored when setting up a new computer.
- Crostini GPU support will be enabled by default for a "crisp, lower-latency experience."
- You'll be warned when using a Linux app that does not support virtual keyboard in tablet mode.
Firefox

ISPs Lied To Congress To Spread Confusion About Encrypted DNS, Mozilla Says (arstechnica.com) 70

An anonymous reader quotes a report from Ars Technica: Mozilla is urging Congress to reject the broadband industry's lobbying campaign against encrypted DNS in Firefox and Chrome. The Internet providers' fight against this privacy feature raises questions about how they use broadband customers' Web-browsing data, Mozilla wrote in a letter sent today to the chairs and ranking members of three House of Representatives committees. Mozilla also said that Internet providers have been giving inaccurate information to lawmakers and urged Congress to "publicly probe current ISP data collection and use policies." DNS over HTTPS helps keep eavesdroppers from seeing what DNS lookups your browser is making. This can make it more difficult for ISPs or other third parties to monitor what websites you visit.

"Unsurprisingly, our work on DoH [DNS over HTTPS] has prompted a campaign to forestall these privacy and security protections, as demonstrated by the recent letter to Congress from major telecommunications associations. That letter contained a number of factual inaccuracies," Mozilla Senior Director of Trust and Security Marshall Erwin wrote. This part of Erwin's letter referred to an Ars article in which we examined the ISPs' claims, which center largely around Google's plans for Chrome. The broadband industry claimed that Google plans to automatically switch Chrome users to its own DNS service, but that's not what Google says it is doing. Google's publicly announced plan is to "check if the user's current DNS provider is among a list of DoH-compatible providers, and upgrade to the equivalent DoH service from the same provider." If the user-selected DNS service is not on that list, Chrome would make no changes for that user.

Chromium

Microsoft Launches Chromium Edge Release Candidate, Brings Intranet Search To Phones (venturebeat.com) 17

Microsoft today announced that its new Edge browser based on Google's Chromium open source project has hit release candidate status. From a report: Additionally, the company shared that Chromium Edge will hit general availability in more than 90 languages on January 15, 2020. Microsoft also detailed some new features around Microsoft Search in Bing. While the two announcements might seem disjointed at first, Microsoft is trying to position Edge and Bing as "the browser and search engine for business." [...] Now that Chromium Edge is at the release candidate stage, Microsoft is sharing a little more about how it plans to differentiate the new browser from the many other Chromium-based options. As with its decision to build its own Android phone, Microsoft is tapping Google to give business users unique features on popular consumer platforms.

Whether it's hardware or software, Microsoft is obsessed with selling productivity. So that's what Chromium Edge appears destined to be: a business browser. Businesses mainly use Windows, though some also have Macs floating around so Chromium Edge is not just a Windows 10 affair. Microsoft knows the existing version of Edge isn't appealing because it isn't keeping up with the web. But the company also knows Chromium Edge will not convert most existing Chrome users, so it's focusing on the business use case. To do so, Microsoft plans to give Chromium Edge some extra privacy tools and access to corporate information that exists on company intranets. "The irony is that it is easier to find an obscure piece of information on the much larger internet than it is to find a simple document on your company's intranet -- such as a paystub portal, a pet at work policy, or the office location of a fellow employee," Microsoft CVP Yusuf Mehdi laments.

Chrome

Chrome Tries APIs That Allow Changing A User's Files, Receiving SMS Verification Texts (androidpolice.com) 68

"Web pages have never been able to directly access your computer's (or phone's) file system, unless there was a plugin like Java or ActiveX involved somewhere," reports Android Police.

The new Native File System API in Chrome 78 changes that... Here's how the API works: A web page can bring up a file picker dialog, just like you would see when clicking an Upload button on any web site. One file, a group of files, or an entire folder can be selected (it's up to the web page). The page can later save changes to those files, if it wants.

Before you start freaking out that web sites can now alter your files, there are a lot of security precautions built into this already, and the Chrome team will likely add more before the feature is ready for widespread use. Sites can only see the files you specifically select, they can only save changes back to those files if granted permission, an indicator is added to the address bar if a site has file permissions (on the desktop, anyway), and right now the permission only stays granted until the site is closed.

I can't wait to see what gets done with this functionality. We could get online code editors that can actually work with several local files at once, or maybe Google Docs could edit Word files directly on your PC without uploading/converting them first.

The article also describes one possible application from Chrome's SMS Receiver API (currently in "Origin Trial" status): Many apps and services ask you to verify your phone number by sending a code via SMS. In most cases, you have to leave the app, open the messaging app, copy the code, return to the original app, and paste the code. Google just added an API for Android apps that can automate this process, and now a similar feature is in the works for Chrome.
Security

Google Discloses Chrome Zero-Day Exploited in the Wild (zdnet.com) 17

Yesterday, on late Halloween night, Google engineers delivered the best scare of the evening and released an urgent update for the Chrome browser to patch an actively exploited zero-day. From a report: "Google is aware of reports that an exploit for CVE-2019-13720 exists in the wild," Google engineers said in a blog post announcing the new v78.0.3904.87 release. The actively-exploited zero-day was described as a use-aster-free bug in Chrome's audio component. Use-after-free vulnerabilities are memory corruption bugs that occur when an application tries to reference memory that was previously assigned to it but has been freed or deleted in the meantime. This usually causes a program to crash, but can also sometimes lead to other, unintended consequences, such as code execution scenarios. Google credited Anton Ivanov and Alexey Kulaev, two malware researchers from Kaspersky, with reporting the issue. According to a blog post published after this article's publication, Kaspersky said the zero-day was being used to install malware on user devices. It was being deployed on user devices via a Korean-language news portal.
Android

Incognito Mode For Google Maps Arrives On Android (engadget.com) 22

Incognito Mode for Google Maps is rolling out to Android users to prevent your search queries and real-time tracked location from being recorded onto your Google account. Engadget reports: It's not something you'll want to use all the time as some features will be disabled, and it's important to note that it doesn't turn off all tracking. The places you go won't be saved to your Location History (if you have that enabled), your searches won't be saved to your account and it won't use your information to personalize the experience. Still, you could be tracked by internet service providers, other apps, or if you're using Assistant and other Google services. Similar to incognito on Chrome, it's more useful as a depersonalized look at recommendations than as a full-fledged privacy protector, and a way to make sure that whatever you're searching for in this instance doesn't affect your recommendations later -- don't worry, we're not judging.
Chrome

Google Workers Sidestepping Controversial Chrome Tool Sparks Security Worries (cnet.com) 55

Google is facing a backlash over an internal tool for the company's Chrome browser that some employees worry is intended for spying on workers organizing protests and discussing workplace issues. From a report: To get around using the tool, some employees have turned to third-party browsers. That's prompted at least one security engineer at Google to voice concern over the possible vulnerabilities that using outside software could bring. The tool is a software extension for Google's Chrome browser, which is installed on all employee computers. It's designed to activate when workers create calendar events that include more than 100 people or use more than 10 rooms. Google said the tool is a pop-up reminder that asks people to "be mindful" before setting up large meetings. But some employees have accused Google management of trying to keep tabs on big gatherings. Google has called those claims "categorically false" and said the purpose of the tool is to cut down on calendar spam. To avoid the extension, employees are encouraging each other to use browsers other than Chrome, a Google security engineer wrote in an internal forum, screenshots of which were reviewed by CNET. Those browsers include Chromium, the open-source browser foundation on which Google Chrome is built, the engineer wrote, adding that people shifting to other browsers "has an impact on overall security of this fleet."
Chrome

Symantec Antivirus Crashed Chrome 78 (zdnet.com) 23

SmartAboutThings tipped us off to an interesting bug reported by ZDNet Thursday: For the fourth time in three months, a Symantec security product is crashing user apps, and this time it's the latest Chrome release, v78, which rolled out earlier this week, on Tuesday, October 22. According to reports on Reddit [1, 2] the Google support forums [1, 2], and in comments on the official Google Chrome blog, Symantec Endpoint Protection 14 is crashing Chrome 78 instances with an "Aw, Snap! Something went wrong while displaying this webpage" error... The errors have been plaguing users for the past two days, with the vast majority of reports coming from enterprise environments, where SEP installs are more prevalent....

According to the antivirus maker, the issues are only affecting SEP 14 users on Windows 10 RS1, Windows Server 2012, and Windows Server 2016 operating systems. Symantec users on other OS versions can fix this by updating to the latest SEP 14.2 release. Users of Microsoft Edge Chromium are also impacted, but the Chromium-based Edge version has not been officially released; hence there are almost no users impacted by this issue in the real world...

Symantec blamed the issue on Microsoft's Code Integrity security feature, which Google uses to protect the Chrome browser process. As a temporary solution, Symantec recommends that users exclude Chrome from receiving protection from their antivirus product, or modify their Chrome clients, so the browser starts without Code Integrity protections. However, this opens the browser to various attacks and is not recommended as long as users can simply use another browser until this is fixed.

ZDNet adds that the issue "should have not surprised Symantec staff, who received early warnings about this more than three months ago, according to a bug report filed in early August while Chrome 78 was still in testing in the Canary channel."
Google

Google Accused of Creating Spy Tool To Squelch Worker Dissent (bloomberg.com) 57

An anonymous reader quotes a report from Bloomberg: Google employees are accusing the company's leadership of developing an internal surveillance tool that they believe will be used to monitor workers' attempts to organize protests and discuss labor rights. Earlier this month, employees said they discovered that a team within the company was creating the new tool for the custom Google Chrome browser installed on all workers' computers and used to search internal systems. The concerns were outlined in a memo written by a Google employee and reviewed by Bloomberg News and by three Google employees who requested anonymity because they aren't authorized to talk to the press.

The tool would automatically report staffers who create a calendar event with more than 10 rooms or 100 participants, according to the employee memo. The most likely explanation, the memo alleged, "is that this is an attempt of leadership to immediately learn about any workers organization attempts." A representative for Alphabet Inc.'s Google said, "These claims about the operation and purpose of this extension are categorically false. This is a pop-up reminder that asks people to be mindful before auto-adding a meeting to the calendars of large numbers of employees." The extension was prompted by an increase in spam around calendars and events, according to Google. It doesn't collect personally identifiable information, nor does it stop the use of calendars but rather adds a speed bump when employees are reaching out to a large group, the company said.

Businesses

Comcast Is Lobbying Against Encryption That Could Prevent it From Learning Your Browsing History (vice.com) 79

Internet giant Comcast is lobbying U.S. lawmakers against plans to encrypt web traffic that would make it harder for internet service providers (ISPs) to determine your browsing history, Motherboard reported Wednesday, citing a lobbying presentation. From the report: The plan, which Google intends to implement soon, would enforce the encryption of DNS data made using Chrome, meaning the sites you visit. Privacy activists have praised Google's move. But ISPs are pushing back as part of a wider lobbying effort against encrypted DNS, according to the presentation. Technologists and activists say this encryption would make it harder for ISPs to leverage data for things such as targeted advertising, as well as block some forms of censorship by authoritarian regimes.

Mozilla, which makes Firefox, is also planning a version of this encryption. "The slides overall are extremely misleading and inaccurate, and frankly I would be somewhat embarrassed if my team had provided that slide deck to policy makers," Marshall Erwin, senior director of trust and safety at Mozilla, told Motherboard in a phone call after reviewing sections of the slide deck. "We are trying to essentially shift the power to collect and monetize peoples' data away from ISPs and providing users with control and a set of default protections," he added, regarding Mozilla's changes.

Chrome

Chrome 78 Arrives With New APIs, Dark Mode Improvements On Android and iOS 45

An anonymous reader quotes a report from VentureBeat: Google today launched Chrome 78 for Windows, Mac, Linux, Android, and iOS. The release includes the CSS Properties and Values API, Native File System API, new Origin Trials, and dark mode improvements on Android and iOS. You can update to the latest version now using Chrome's built-in updater or download it directly from google.com/chrome. With over 1 billion users, Chrome is both a browser and a major platform that web developers must consider. In fact, with Chrome's regular additions and changes, developers often have to stay on top of everything available -- as well as what has been deprecated or removed. Chrome 78, for example, removes the XSS Auditor due to privacy concerns. Chrome 78 implements the CSS Properties and Values API to let developers register variables as full custom properties. There's a new Native File System API that lets developers build web apps that interact with files on the user's local device. Chrome 78 adds to the Original Trials introduced in Chrome 77, such as Signed Exchanges and SMS Receiver API. "The former allow a distributor to provide content signed by a publisher," reports VentureBeat. "The latter allows websites to access SMS messages that are delivered to the user's phone."

Other features that are rolling out gradually include the ability to be able to highlight and right-click a phone number link in Chrome and forward the call to their Android device. "Some users might also see an option to share their clipboard content between their computers and Android devices," adds VentureBeat. "Chrome is also getting Google Drive integration. From Chrome's address bar, you will be able to search for Google Drive files that you have access to."
Firefox

Firefox To Get Page Translation Feature, Like Chrome (zdnet.com) 50

An anonymous reader writes: Mozilla developers are working on adding an automatic page translation feature to Firefox, similar to the one included in Google Chrome. However, Firefox's page translation feature will be different from the one supported in Google Chrome. Instead of relying on cloud-based text translation services (like Google Translate, Bing Translator, or Yandex.Translate), Firefox will use a client-side, machine learning-based translation library, currently being developed part of the Bergamot Project, which received $3.35 million in EU funding from the European Union's Horizon 2020 research and innovation programme.
Movies

Disney+ Does Not Work On Linux Devices (ghacks.net) 80

If you plan on streaming content from the new Disney+ streaming service on Linux devices, you'll likely be greeted with Error Code 83. Fedora Linux package maintainer Hans De Goede from the Netherlands first made the unpleasant discovery. gHacks reports: De Goede noticed that Disney+ would not work in any of the web browsers that he tried on systems running Fedora Linux. He tried Firefox and Chrome, and both times Disney+ threw the error "error code 83." Disney+ Support was not able to assist de Goede. It replied with a generic message stating that the error was known and that it happened often when customers tried to play Disney+ in web browsers or using certain devices. Support recommended to use the official applications on phones or tablets to watch the shows or movies. Other streaming services, e.g. Netflix, work fine on Linux.

A user on the Dutch site Tweakers dug deeper and uncovered the response code that the site returned when a device or browser was used that could not be used to play streams. According to the information, error code 83 means that the platform verification status is incompatible with the security level. Disney uses the DRM solution Widevine to protect its streams from unauthorized activity. Widevine supports three different security levels, called 1, 2 and 3, which have certain requirements. The supported level determines the maximum stream quality and may even prevent access to a stream if the requirements are not met. It appears that Disney set Widevine to a more restrictive level than its competitors. The decision affects Disney+ on Linux devices and on other devices that don't support the selected Widevine security standard.

Ubuntu

Canonical Releases Ubuntu Linux 19.10 Eoan Ermine with GNOME 3.34, Light Theme, and Raspberry Pi 4 Support (betanews.com) 50

Following the beta period, one of the best and most popular Linux-based desktop operating systems reaches a major milestone -- you can now download Ubuntu 19.10! Code-named "Eoan Ermine", the distro is better and faster then ever. From a report: By default, Ubuntu 19.10 comes with one of the greatest desktop environments -- GNOME 3.34. In addition, users will be delighted by an all-new optional Yaru light theme. There is even baked-in support for the Raspberry Pi 4. The kernel is based on Linux 5.3 and comes with support for AMD Navi GPUs. There are plenty of excellent pre-installed programs too, such as LibreOffice 6.3, Firefox 69, and Thunderbird 68. While many users will be quick to install Google Chrome, I would suggest giving Firefox a try -- it has improved immensely lately. "With GNOME 3.34, Ubuntu 19.10 is the fastest release yet with significant performance improvements delivering a more responsive and smooth experience, even on older hardware. App organization is easier with the ability to drag and drop icons into categorized folders, while users can select light or dark Yaru theme variants depending on their preference or for improved viewing accessibility. Native support for ZFS on the root partition is introduced as an experimental desktop installer option. Coupled with the new zsys package, benefits include automated snapshots of file system states, allowing users to boot to a previous update and easily roll forwards and backwards in case of failure," says Canonical.
Firefox

Germany's Cybersecurity Agency Recommends Firefox As Most Secure Browser (arstechnica.com) 52

An anonymous reader quotes a report from ZDNet: Firefox is the only browser that received top marks in a recent audit carried out by Germany's cyber-security agency -- the German Federal Office for Information Security (or the Bundesamt fur Sicherheit in der Informationstechnik -- BSI). The BSI tested Mozilla Firefox 68 (ESR), Google Chrome 76, Microsoft Internet Explorer 11, and Microsoft Edge 44. The tests did not include other browsers like Safari, Brave, Opera, or Vivaldi. The audit was carried out using rules detailed in a guideline for "modern secure browsers" that the BSI published last month, in September 2019. The BSI normally uses this guide to advise government agencies and companies from the private sector on what browsers are safe to use. The article includes a list of all the minimum requirements required for the BSI to consider a browser "secure." It also lists the areas where the other browsers failed, such as: Lack of support for a master password mechanism (Chrome, IE, Edge); No built-in update mechanism (IE), and No option to block telemetry collection (Chrome, IE, Edge).

Slashdot Top Deals