x_t0ken_407 quotes BleepingComputer: A HTML standard called hyperlink auditing that allows sites to track link clicks is enabled by default on Safari, Chrome, Opera, and Microsoft Edge, but will soon have no way to disable it. As it is considered a privacy risk, browsers previously allowed you to disable this feature. Now they are going in the opposite direction.

Hyperlink auditing is an HTML standard that allows the creation of special links that ping back to a specified URL when they are clicked on. These pings are done in the form of a POST request to the specified web page that can then examine the request headers to see what page the link was clicked on.
The article concludes that "Firefox and Brave win the award" for people who want this click-tracking capability disabled -- since "only Brave and Firefox currently disable it by default, and do not appear to have any plans on enabling it in the future."

An anonymous reader quotes a report from BleepingComputer: Google is adding a new admin policy to Chrome that will automatically uninstall browser extensions that are blacklisted by administrators. Currently, administrators can enable a policy called "Configure extension installation blacklist" to create a blacklist of Chrome extension. These blacklisted extensions are added as individual extension ids, and once added, will prevent managed users from installing the associated extensions. To do this, Windows administrators can download Chrome's policy templates and add them to the Group Policy Editor. Once added, they will be able to configure various group polices.

While this policy prevents users from installing an extension, it does not do anything for those users who have already installed the extension. Due to this, administrators have been requesting a new group policy that will cause Chrome to remove any extension that is listed under the "Configure extension installation blacklist" policy. Google agrees and have started working on a new Chrome policy called "Uninstall blacklisted extensions" that will uninstall any extensions whose IDs have been blacklisted. In addition to removing the extensions, it will remove any associated local user data as well. The new policy is expected to be released with Chrome 75, which is heading to beta in May and expected to be released to the Stable channel in June.

Steven J. Vaughan-Nichols, writing for ComputerWorld : Of course, at one time, to get any work done with a computer, you first had to learn a lot, about computers, operating systems, commands and more. Eventually, "friendly" became the most important adverb in computing circles, and we've reached the point in user-friendliness that people don't even talk about it anymore. Today, Google has shown with its Chrome OS that most of us can pretty much do anything we need to do on a computer with just a web browser. But Google's path is not Microsoft's path. Instead, it's moving us first to Windows as desktop as a service (DaaS) via Microsoft Managed Desktop (MMD). This bundles Windows 10 Enterprise, Office 365 and Enterprise Mobility + Security and cloud-based system management into Microsoft 365 Enterprise.

The next step, Windows Virtual Desktop, enables companies to virtualize Windows 7 and 10, Office 365 ProPlus apps and other third-party applications on Azure-based virtual machines. If all goes well, you'll be able to subscribe to Windows Virtual Desktop this fall. Of course, Virtual Desktop is a play for business users -- for now. I expect Virtual Desktop to be offered to consumers in 2020. By 2025, Windows as an actual desktop operating system will be a niche product. Sound crazy? Uh, you do know that Microsoft already really, really wants you to "rent" Office 365 rather than buy Office 2019, don't you?

But what about games, you say? We'll always have Windows for games! Will we? Google, with its Google Stadia gaming cloud service, is betting we're ready to move our games to the cloud as well. It's no pipe dream. Valve has been doing pretty well for years now with its Steam variation on this theme. So where is all this taking us? I see a world where the PC desktop disappears for all but a few. Most of us will be writing our documents, filling out our spreadsheets and doing whatever else we now do on our PCs via cloud-based applications on smart terminals running Chrome OS or Windows Lite. If you want a "real" PC, your choices are going to be Linux or macOS.

Remember when Microsoft announced they'd be switching to Google's open source Chromium browser for developing their own Edge browser? At the time Google announced "We look forward to working with Microsoft and the web standards community to advance the open web, support user choice, and deliver great browsing experiences."

Now MSPoweruser reports Microsoft has indeed started collaborating on Chromium -- making suggestions like caret browsing and a native high-contrast mode -- and at least one of Microsoft's suggestions is already coming to Chrome. it looks like there is one feature that Chromium approved which will be making its way to Chrome soon. According to a new bug (via Techdows) filing on Chromium, Google is working on bringing text suggestions for hardware keyboard to Chrome soon. The feature will allow users to get suggestions as they type which is currently available on Windows 10 and on Microsoft Edge.

Google has just started working on the feature and has set the priority to 2 which suggests that the feature should be available sooner than later.

Google has patched a Chrome bug that was being abused in the wild by tech support scammers to create artificial mouse cursors and lock users inside browser pages by preventing them from closing and leaving browser tabs. From a report: The trick was first spotted in September 2018 by Malwarebytes analyst Jerome Segura. Called an "evil cursor," it relied on using a custom image to replace the operating system's standard mouse cursor graphic. A criminal group that Malwarebytes called Partnerstroka operated by switching the standard OS 32-by-32 pixels mouse cursor with one of 128 or 256 pixels in size. A normal cursor would still appear on screen, but in the corner of a bigger transparent bounding box. [...] The "evil cursor" fix is currently live for Google Canary users, and is scheduled to land in the Chrome 75 stable branch, to be released later this spring.

Back in 2009, the EU's European Commission said Microsoft was harming competition by bundling its browser -- Internet Explorer -- with Windows. Eventually Microsoft and the European Commission settled on the "browser ballot," a screen that would pop up and give users a choice of browsers. Almost 10 years later, the tech industry is going through this again, this time with Google and the EU. After receiving "feedback" from the European Commission, Google announced last night that it would offer Android users in the EU a choice of browsers and search engines. Ars Technica reports: In July, the European Commission found Google had violated the EU's antitrust rules by bundling Google Chrome and Google Search with Android, punishing manufacturers that shipped Android forks, and paying manufacturers for exclusively pre-installing Google Search. Google was fined a whopping $5.05 billion (which it is appealing) and then the concessions started. Google said its bundling of Search and Chrome funded the development and free distribution of Android, so any manufacturer looking to ship Android with unbundled Google apps would now be charged a fee. Reports later pegged this amount as up to $40 per handset.

We don't have many details on exactly how Google's new search and browser picker will work; there's just a single paragraph in the company's blog post. Google says it will "do more to ensure that Android phone owners know about the wide choice of browsers and search engines available to download to their phones. This will involve asking users of existing and new Android devices in Europe which browser and search apps they would like to use."

An anonymous reader quotes a report from Motherboard: Now, for Pi Day (March 14), music software programmer Canton Becker has crafted a million-hour song based on Pi that unfolds generatively on a virtual tape deck. Titled "Shepard's Pi," the song combines two of Becker's favorite infinities: Pi, and an auditory illusion called a Shepard tone, which he describes as an "unsettling sonic illusion of a pitch that climbs or descends forever, never reaching a top or a bottom." Found at PiSongs.com, users can tune into "Shepard's Pi" in real time with a custom virtual tape deck. The track itself evolves moment to moment, but the synthesized and sampled tones will be familiar to anyone who has ever listened to the electronic music of Kraftwerk, Tangerine Dream, Aphex Twin, and Global Communication. Far from being a mere gimmick, it is a highly evocative and transporting piece of electronic music, alternately ambient, glitchy, and interestingly rhythmic. The 58,999 GB MP3 file needed to be distributed via a webpage or app, so Becker "started hacking away at the basic algorithm in the programming languages PHP and Javascript," reports Motherboard. "In between coding marathons, Becker composed and recorded the loops and samples that would form the basis of the song. He experimented with sounds that would work well together regardless of being stacked one upon the other."

"When users hit 'play' on the virtual tape deck, the algorithm actually 'performs' the piece," the report says. "This way, the 114-year song can fit in just one gigabyte of space, which is mostly comprised of the digits of Pi. The virtual tape deck was also a solution to a built-in quirk of browsers such as Chrome, Safari, and Firefox -- users must click on a webpage to trigger a sound." From start to finish, the song lasts 999,999 hours, "a limitation imposed by only considering the first one billion digits of Pi."

An anonymous reader quotes a report from Ars Technica: A report from Business Insider claims that Google has axed "dozens" of employees from its laptop and tablet division. BI's sources describe the move as "roadmap cutbacks" and also say that Google will likely "pare down the portfolio" in the future. Google's Hardware division is run by Rick Osterloh and is expected to launch a game streaming console later this month. The division is responsible for the Pixel phones, Google Home speakers, the Chromecast, Google Wi-Fi, and lately, the Nest smart home division.

You could also call the "laptop and tablet" division the "Chrome OS" division. Both the Pixelbook and Pixel Slate ran Chrome OS, and they are the company's only products supporting that operating system. Is Chrome OS going to be OK? BI notes that manufacturing roles in the hardware division haven't changed, so in the short-term, Google's product lineup is likely to keep going. The report says that Google had "a bunch of stuff in the works" that now probably won't see the light of day. The move comes after the group received pressure to turn Google Hardware into "a real business" from higher-ups at Google/Alphabet. It's easy to imagine that the laptops and tablets -- which are Google Hardware's most expensive products -- were selling the worst.

An anonymous reader shares a report: In an update to the chromium engine, which underpins Google's popular Chrome browser, the search giant has quietly updated the lists of default search engines it offers per market -- expanding the choice of search product users can pick from in markets around the world. Most notably it's expanded search engine lists to include pro-privacy rivals in more than 60 markets globally. The changes, which appear to have been pushed out with the Chromium 73 stable release yesterday, come at a time when Google is facing rising privacy and antitrust scrutiny and accusations of market distorting behavior at home and abroad.

An anonymous reader quotes a report from Engadget: Alphabet offshoot Jigsaw is launching a Chrome extension designed to help moderate toxic comments on social media. The new open-source tool, dubbed "Tune," builds on the machine learning smarts introduced in Jigsaw's "Perspective" tech to help sites like Facebook and Twitter set the "volume" of abusive comments. Using "filter mix" controls, users can either turn toxic comments off altogether (what's known as "zen mode") or show selective types of posts containing attacks, insults, or profanity. Tune also works with Reddit, YouTube and Disqus. Jigsaw admits that Tune is still an experiment, meaning it may not spot all forms of toxicity or could hide non-offensive comments. "We're constantly working to improve the underlying technology, and users can easily give feedback right in the tool to help us improve our algorithms," C.J. Adams, Jigsaw product manager, wrote in a blog post.

An anonymous reader quotes a report from VentureBeat: Google today launched Chrome 73 for Windows, Mac, and Linux. The release includes support for hardware media keys, PWAs and dark mode on Mac, and the usual slew of developer features. You can update to the latest version now using Chrome's built-in updater or download it directly from google.com/chrome. Chrome 73 supports Progressive Web Apps (PWAs) on macOS. These apps install and behave like native apps (they don't show the address bar or tabs). Google killed off Chrome apps last year and has been focusing on PWAs ever since. Adding Mac support means Chrome now supports PWAs on all desktop and mobile platforms: Windows, Mac, Linux, Chrome OS, Android, and iOS. Chrome now also supports dark mode on Apple's macOS; dark mode for Windows is on the way, the team promises.

The VentureBeat report includes a long list of developer features included in this release, as well as all the security fixes found by external researchers. Chrome 73 implements a total of 60 security fixes.

An anonymous reader shares a report: Frustrated by web pages that never seem to load properly? Well, Google hopes to make them a thing of the past. Today, the company announced that Chrome on Android's Data Saver, a feature that automatically improves page loading using "built-in optimizations" and dedicated servers -- speeding them up by a factor of two and reducing data usage by up to 90 percent -- now supports encrypted HTTPS webpages. Previously, it only worked with unencrypted HTTP content. The latest stable version of Chrome on Android indicates in the URL bar when a lightweight version of a web page -- a Lite page -- is being displayed. Tapping the indicator shows additional information and provides an option to load the original version of the page. Google says that Chrome will automatically disable Lite pages on a per-site basis when it detects that "users frequently opt to load the original page."

"Japanese police have brought in, questioned, and charged a 13-year-old female student from the city of Kariya for sharing [links to] browser exploit code online," writes ZDNet. An anonymous reader shares their report: The code was a mere prank that triggered an infinite loop in JavaScript to show an "unclosable" popup when users accessed a certain link, Japanese news agency NHK reported yesterday. The popup could be closed in some browsers -- such as Edge and Firefox on desktop -- but couldn't be closed in others, such as Chrome on desktop and the majority of mobile browsers.

The popup was hosted in several places online, and police say the teenager helped spread the links... The teenage girl did not create the malicious code, which had been shared on online forums by multiple users for the past few years. NHK reported that police also searched the house of a second suspect, 47-year-old man from Yamaguchi, and are also looking at three other suspects for the same "crime" of sharing the link on internet forums.
Ars Technica found a tweet suggesting that the code was actually written in 2014.

Google said this week that a Chrome zero-day the company patched last week was actually used together with a second one, a zero-day impacting the Microsoft Windows 7 operating system. From a report: The two zero-days were part of ongoing cyber-attacks that Clement Lecigne, a member of Google's Threat Analysis Group, discovered last week on February 27. The attackers were using a combination of a Chrome and Windows 7 zero-days to execute malicious code and take over vulnerable systems. The company revealed the true severity of these attacks in a blog post this week. Google said that Microsoft is working on a fix, but did not give out a timeline. The company's blog post comes to put more clarity into a confusing timeline of events that started last Friday, March 1, when Google released Chrome 72.0.3626.121, a new Chrome version that included one solitary security fix (CVE-2019-5786) for Chrome's FileReader --a web API that lets websites and web apps read the contents of files stored on the user's computer.

Microsoft this week revamped Skype's browser-based client with a slew of new features. From a report: The Seattle company this week announced the rollout of a major Skype for Web update, which introduces high-definition video calling, a redesigned notifications panels, a revamped media gallery, and more. It's available on any PC running Windows 10 and Mac OS X 10.12 or higher with the latest versions of Google Chrome or Microsoft Edge. The bulk of the new capabilities debuted in preview last October, but they're available widely starting this week. Skype for Web does not support Safari, Firefox, and Opera browsers, Microsoft has confirmed.

Last December, Microsoft announced that it has embraced Google's Chromium open source project for Edge development on the desktop, a move that shocked many. We now have some leaked screenshots of the browser in its current state, and they appear to show a browser resembling Google Chrome. Neowin reports: A lot of the design language and icons have remained similar to what they were like before, but there are definitely many changes that will be familiar to Chrome users. For one, the options to see all your tabs and to set aside the currently open tabs have been removed compared to the current version of Edge. To the right of the address bar, you'll be able to find your extensions, as well as your profile picture similar to what Chrome looks like. Bing is integrated into the browser -- as you'd expect of a Microsoft-made browser -- and the New Tab background can be set to rotate based on Bing's image of the day. Scrolling down will reveal a personalized news feed powered by Microsoft News, similar to the old Edge. The layout of the feed can be customised based on your preference from among a number of options.

The settings options for the browser have also changed. While Edge settings are currently available via a slide-out menu from the right, the new Edge's settings are accessible through a new tab similar to Chrome. It'll show the Microsoft account you're logged into, as well as the usual array of toggles and tidbits you'd expect. Ominously, the about page for the browser now acknowledges the contributions of the Chromium project, as well as other open source software, a stark reminder that this isn't the Microsoft of yesteryear. This is a new browser, and a new Microsoft.

The World Wide Web Consortium (W3C) today declared that the Web Authentication API (WebAuthn) is now an official web standard. From a report: First announced by the W3C and the FIDO Alliance in February 2016, WebAuthn is now an open standard for password-free logins on the web. It is supported by W3C contributors, including Airbnb, Alibaba, Apple, Google, IBM, Intel, Microsoft, Mozilla, PayPal, SoftBank, Tencent, and Yubico. The specification lets users log into online accounts using biometrics, mobile devices, and/or FIDO security keys. WebAuthn is supported by Android and Windows 10. On the browser side, Google Chrome, Mozilla Firefox, and Microsoft Edge all added support last year. Apple has supported WebAuthn in preview versions of Safari since December.

Chrome is going to get a big speed boost -- at least for web pages you've recently visited. CNET: With a feature called bfcache -- backward-forward cache -- Google's web browser will store a website's state as you navigate to a new page. If you then go back to that page, Chrome will reconstitute it rapidly instead of having to reconstruct it from scratch. Then, if you retrace your steps forward again, Chrome will likewise rapidly pull that web page out of its memory cache. The speed boost doesn't help when visiting new websites. But this kind of navigation is very common: Going back accounts for 19 percent of pages viewed on Chrome for Android and 10 percent on Chrome for personal computers, Google said. With bfcache, that becomes "extremely fast."

The FIDO Alliance -- a consortium that develops open source authentication standards -- has been pushing to expand its secure login protocols to make seamless logins a reality for several years. Today, it has hit the jackpot: Google. From a report: On Monday, Google and the FIDO Alliance announced that Android has added certified support for the FIDO2 standard, meaning that the vast majority of devices running Android 7 or later will now be able to handle password-less logins in mobile browsers like Chrome. Android already offered secure FIDO login options for mobile apps, where you authenticate using a phone's fingerprint scanner or with a hardware dongle like a YubiKey. But FIDO2 support will make it possible to use these easy authentication steps for web services in a mobile browser instead of laboriously typing in your password every time you want to log in. Web developers can now design their sites to interact with Android's FIDO2 management infrastructure.

More than a third of all Google Chrome extensions ask users for permission to access and read all their data on any website, a recent survey conducted by US cyber-security firm Duo Labs of over 120,000 Chrome extensions has revealed. From a report: The same survey also found that roughly 85 percent of the 120,000 Chrome extensions listed on the Chrome Web Store don't have a privacy policy listed, meaning there's no legally-binding document describing how extension developers are committing to handling user data. Additional survey findings include the fact that 77 percent of the tested Chrome extensions didn't list a support site, 32 percent used third-party JavaScript libraries that contained publicly known vulnerabilities, and nine percent could access and read cookie files, some of which are used for authentication operations.