A day after the European Commission fined Google over Android, more details about Fuchsia, a new operating system the company has been working on for several years has emerged. From the report: But members of the Fuchsia team have discussed a grander plan that is being reported here for the first time: Creating a single operating system capable of running all the company's in-house gadgets, like Pixel phones and smart speakers, as well as third-party devices that now rely on Android and another system called Chrome OS, according to people familiar with the conversations. According to one of the people, engineers have said they want to embed Fuchsia on connected home devices, such as voice-controlled speakers, within three years, then move on to larger machines such as laptops. Ultimately the team aspires to swap in their system for Android, the software that powers more than three quarters of the world's smartphones, said the people, who asked not to be identified discussing internal matters. The aim is for this to happen in the next half decade, one person said.

But Pichai and Hiroshi Lockheimer, his deputy who runs Android and Chrome, have yet to sign off on any road map for Fuchsia, these people said. The executives have to move gingerly on any plan to overhaul Android because the software supports dozens of hardware partners, thousands of developers -- and billions of mobile-ad dollars. [...] Still, Fuchsia is more than a basement skunkworks effort. Pichai has voiced his support for the project internally, said people familiar with the effort. Fuchsia now has more than 100 people working on it, including venerated software staff such as Matias Duarte, a design executive who led several pioneering projects at Google and elsewhere. Duarte is only working part-time on the project, said one person familiar with the company.

An anonymous reader quotes a report from The Verge: The EU's decision to force Google to unbundle its Chrome and search apps from Android may have some implications for the future of Android's free business model. In a blog post defending Google's decision to bundle search and Chrome apps on Android, Google CEO Sundar Pichai outlines the company's response to the EU's $5 billion fine. Pichai highlights the fact a typical Android user will "install around 50 apps themselves" and can easily remove preinstalled apps. But if Google is prevented from bundling its own apps, that will upset the Android ecosystem.

"If phone makers and mobile network operators couldn't include our apps on their wide range of devices, it would upset the balance of the Android ecosystem," explains Pichai, carefully avoiding the fact that phone makers will no longer be forced to bundle these apps but can still choose to do so. Pichai then hints that the free Android business model has relied on this app bundling. "So far, the Android business model has meant that we haven't had to charge phone makers for our technology, or depend on a tightly controlled distribution model," says Pichai. "But we are concerned that today's decision will upset the careful balance that we have struck with Android, and that it sends a troubling signal in favor of proprietary systems over open platforms." While it may be a bluff to court popular opinion, Google is threatening to license Android to phone makers. "[I]f phone makers can bundle their own browsers instead of Chrome and point search queries toward rivals, then that could have implications for Google's mobile ad revenue, which constitutes more than 50 percent of the company's net digital ad revenue," reports The Verge.

The European Union hit Alphabet's Google with a record antitrust fine of $5.06 billion on Monday, a decision that could loosen the company's grip on its biggest growth engine: mobile phones. From a report:The European Commission ordered Google to end the illegal conduct within 90 days or face additional penalties of up to 5 percent of parent Alphabet's average daily worldwide turnover. The EU enforcer also dismissed Google's arguments citing Apple as a competitor to Android devices, saying the iPhone maker does not sufficiently constrain Google because of its higher prices and switching costs for users. The European Commission finding is the most consequential decision made in its eight-year antitrust battle with Google. The fine significantly outstrips the $2.8B charge Brussels imposed on the company last year for favoring its own site in comparison shopping searches. The decision takes aim at a core part of Google's business strategy over the past decade, outlawing restrictions on its Android operating system that allegedly entrenched Google's dominance in online search at a time when consumers were moving from desktop to mobile devices. Android is the operating system used in more than 80 per cent of the world's smartphones and is vital to the group's future revenues as more users rely on mobile gadgets for search services. Google has denied wrongdoing.

The European Commission took issues with the following practices: In particular, Google:
1. has required manufacturers to pre-install the Google Search app and browser app (Chrome), as a condition for licensing Google's app store (the Play Store);
2. made payments to certain large manufacturers and mobile network operators on condition that they exclusively pre-installed the Google Search app on their devices;
and 3. has prevented manufacturers wishing to pre-install Google apps from selling even a single smart mobile device running on alternative versions of Android that were not approved by Google (so-called "Android forks"). Update: Google has announced that it would be appealing against the record fine. In a statement, the company said, "Android has created more choice for everyone, not less. A vibrant ecosystem, rapid innovation and lower prices are classic hallmarks of robust competition. We will appeal the Commission's decision."

Update 2: In a blog post, Sundar Pichai, CEO of Google, said, the European Commission's decision ignores and misses several facts. He wrote: Today, the European Commission issued a competition decision against Android, and its business model. The decision ignores the fact that Android phones compete with iOS phones, something that 89 percent of respondents to the Commission's own market survey confirmed. It also misses just how much choice Android provides to thousands of phone makers and mobile network operators who build and sell Android devices; to millions of app developers around the world who have built their businesses with Android; and billions of consumers who can now afford and use cutting-edge Android smartphones. Today, because of Android, there are more than 24,000 devices, at every price point, from more than 1,300 different brands, including Dutch, Finnish, French, German, Hungarian, Italian, Latvian, Polish, Romanian, Spanish and Swedish phone makers.

[...] The free distribution of the Android platform, and of Google's suite of applications, is not only efficient for phone makers and operators -- it's of huge benefit for developers and consumers. If phone makers and mobile network operators couldn't include our apps on their wide range of devices, it would upset the balance of the Android ecosystem. So far, the Android business model has meant that we haven't had to charge phone makers for our technology, or depend on a tightly controlled distribution model. [...] Rapid innovation, wide choice, and falling prices are classic hallmarks of robust competition and Android has enabled all of them. Today's decision rejects the business model that supports Android, which has created more choice for everyone, not less. We intend to appeal. Update 3: The French government said on Wednesday that it welcomes the record fine imposed on Google by European Union regulators, with a government spokesman describing it as an "excellent decision."

An anonymous reader quotes PCWorld: The critical Meltdown and Spectre bugs baked deep into modern computer processors will have ramifications on the entire industry for years to come, and Chrome just became collateral damage. Google 67 enabled "Site Isolation" Spectre protection for most users, and the browser now uses 10 to 13 percent more RAM due to how the fix behaves.

"Site Isolation does cause Chrome to create more renderer processes, which comes with performance tradeoffs," Googleâ(TM)s Charlie Reis says. "On the plus side, each renderer process is smaller, shorter-lived, and has less contention internally, but there is about a 10-13% total memory overhead in real workloads due to the larger number of processes. Our team continues to work hard to optimize this behavior to keep Chrome both fast and secure." It's a significant performance hit, especially for a browser battling a reputation for being a memory hog, but a worthwhile one nonetheless.
Chrome's Spectre-blocking site isolation "is now enabled by default for 99 percent of Chrome users on all platforms."

An anonymous reader quotes VentureBeat: It's been more than 20 months since our last browser benchmark battle, and we really wanted to avoid letting two years elapse before getting a fresh set of a results. Google Chrome, Mozilla Firefox, and Microsoft Edge have all improved significantly over the past year and a half, and as I've argued before, the browser wars are back. You can click on the individual test to see the results:

SunSpider: Edge wins!
Octane: Chrome wins!
Kraken: Firefox wins!
JetStream: Edge wins!
MotionMark: Edge wins!
Speedometer: Chrome wins!
BaseMark: Chrome wins!
WebXPRT: Firefox wins!
HTML5Test: Chrome wins!

Chrome looks to be ahead of the pack according to these tests. That said, browser performance was solid across all three contestants, and it shouldn't be your only consideration when picking your preferred app for consuming internet content.
Chrome wins in four tests, beating Edge's three wins, and Firefox's two wins.

Google has quietly enabled a security feature called Site Isolation for 99% of its desktop users on Windows, Mac, Linux, and Chrome OS. This happened in Chrome 67, released at the end of May. From a report: Site Isolation isn't a new feature per-se, being first added in Chrome 63, in December 2017. Back then, it was only available if users changed a Chrome flag and manually enabled it in each of their browsers. The feature is an architectural shift in Chrome's modus operandi because when Site Isolation is enabled, Chrome runs a different browser process for each Internet domain. Initially, Google described Site Isolation as an "additional security boundary between websites," and as a way to prevent malicious sites from messing with the code of legitimate sites.

Catalin Cimpanu, reporting for BleepingComputer: A hacker has breached a Hola VPN developer account and has replaced the official Chrome extension with one that redirected users of the MyEtherWallet.com website to a phishing page controlled by the attacker. The compromise took place yesterday and only lasted for five hours the MyEtherWallet (MEW) team said in a tweet. The Hola VPN team admitted to the hack. "The attack was programmed to inject a JavaScript tag in to the MEW site to 'phish' information about MEW accounts that are logging in without being in 'incognito mode', by re-directing the MEW users to the hacker's website," the Hola VPN team said.

Security researchers have discovered a new malicious campaign that utilizes stolen D-Link certificates to sign malware. From a report: A lesser-known cyber-espionage group known as BlackTech was caught earlier this month using a stolen D-Link certificate to sign malware deployed in a recent campaign. "The exact same certificate had been used to sign [official] D-Link software; therefore, the certificate was likely stolen," says Anton Cherepanov, a security researcher for Slovak antivirus company ESET, and the one who discovered the stolen cert. Cherepanov says BlackTech operators used the stolen cert to sign two malware payloads -- the first is the PLEAD backdoor, while the second is a nondescript password stealer. According to a 2017 Trend Micro report, the BlackTech group has used the PLEAD malware in the past. Just like in previous attacks, the group's targets for these most recent attacks were again located in East Asia, particularly in Taiwan. The password stealer isn't anything special, being capable of extracting passwords from only four apps -- Internet Explorer, Google Chrome, Mozilla Firefox, and Microsoft Outlook.

Google could face a new record penalty this month from European regulators for forcing its search and Web-browsing tools on the makers of Android-equipped smartphones and other devices, potentially resulting in major changes to the world's most widely deployed mobile operating system. From a report: The punishment from Margrethe Vestager, the European Union's competition chief, is expected to include a fine raging into the billions of dollars, according to people familiar with her thinking, marking the second time in as many years that the region's antitrust authorities have found that Google threatens corporate rivals and consumers. At the heart of the E.U.'s looming decision are Google's policies that pressure smartphone and tablet manufacturers that use Google's Android operating system to pre-install the tech giant's own apps. In the E.U.'s eyes, device makers such as HTC and Samsung face an anti-competitive choice: Set Google Search as the default search service and offer Google's Chrome browser, or lose access to Android's popular app store. Lacking that portal, owners of Android smartphones or tablets can't easily download games or other apps -- or services from Google's competitors offered by third-party developers.

Web monoculture is well and truly alive when Google cannot be bothered to make a full-featured cross-browser mobile search page. From a report: It has been over five years since Firefox really turned a corner and started to morph from its bloated memory-munching ways into the lightning-quick browser it is today. Buried in Mozilla's issue tracker is a bug that kicked off in February 2014, and is yet to be resolved: Have Google treat Firefox for Android as a first-class citizen and serve up comparable content to what the search giant hands Chrome and Safari. After years of requests, meetings, and to and fro, it has hit a point where the developers of Firefox are experimenting by manipulating the user agent string in its nightly development builds to trick Google into thinking that Firefox Mobile is a Chrome browser. Not only does Google's search page degrade for Firefox on Android, but some new properties like Google Flights have occasionally taken to outright blocking of the browser.

sombragris writes: Stylish, a popular extension available for Chrome and Firefox which allows for easy customization of any website, now phones home and shares its users' browser history with its corporate parent, according to blogger Robert Heaton. This prompted Firefox to ban the extension from its addons site and prompt all users to disable it. The discussion can be seen in the relevant bug report. In Heaton's words:

Stylish is no longer a well-meaning product with your best interests at heart. If you use and like Stylish, please uninstall it and switch to an alternative like Stylus, an offshoot from the good old version of Stylish that works in much the same way, minus the spyware.

Google too has pulled the extension from its extension store. This is not the first time Stylish is at the centre of a privacy debacle

Catalin Cimpanu, writing for BleepingComputer: The release of Google Chrome 67 has reopened a "download bomb" bug that was exploited by tech support scammers last winter, and which had been fixed with the release of Chrome 65 in March 2018. Furthermore, the issue also appears to affect other browsers as well, such as Firefox, Vilvadi, Opera, and Brave, according to tests carried out by Bleeping Computer. The "download bomb" trick is a technique that involves initiating hundreds or thousands of downloads to freeze a browser on a specific page. Across the years, there have been multiple variations of download bombs, and they have often been used by tech support scammers to trap users on shady sites that tried to lure victims into calling a tech support number to have their browser unlocked. Over the winter, security researchers from Malwarebytes noticed a tech support scam campaign that employed a new "download bomb" technique to trap users on its shady sites.

Long-time software guru Dave Winer is criticizing Google's plans to deprecate HTTP (by, for example, penalizing sites that use HTTP instead of HTTPS in search results and flagging them as "insecure" in Chrome). Winer writes: A lot of the web consists of archives. Files put in places that no one maintains. They just work. There's no one there to do the work that Google wants all sites to do. And some people have large numbers of domains and sub-domains hosted on all kinds of software Google never thought about. Places where the work required to convert wouldn't be justified by the possible benefit. The reason there's so much diversity is that the web is an open thing, it was never owned....

If Google succeeds, it will make a lot of the web's history inaccessible. People put stuff on the web precisely so it would be preserved over time. That's why it's important that no one has the power to change what the web is. It's like a massive book burning, at a much bigger scale than ever done before.
"Many of these sites don't collect user data or provide user interaction," adds Slashdot reader saccade.com, "so the 'risks' of not using HTTPS are irrelevant." And Winer summarizes his position in three points.

• The web is an open platform, not a corporate platform.

• It is defined by its stability. 25-plus years and it's still going strong.

• Google is a guest on the web, as we all are. Guests don't make the rules.

"The web is a social agreement not to break things," Winer writes. "It's served us for 25 years. I don't want to give it up because a bunch of nerds at Google think they know best."

Google Earth's new Measure tool is rolling out to Android and Chrome devices that will let you measure the distance and area of things on the map. An iOS version is said to be "coming soon." The Verge reports: With the tool, users can measure the distance between two points or the surface area of a selected chunk of the map. (Now you can finally find out how far your house is from the North Pole.) Users aren't limited to simple squares, either. The Measure tool will let you select the borders of an area so it's easier to measure irregularly shaped objects like parks, buildings, or even states and countries.

Catalin Cimpanu, reporting for BleepingComputer: Upcoming additions to the WebAssembly standard may render useless some of the mitigations put up at the browser level against Meltdown and Spectre attacks, according to John Bergbom, a security researcher at Forcepoint. WebAssembly (WA or Wasm) is a new technology that shipped last year and is currently supported within all major browsers, such as Chrome, Edge, Firefox, and Safari.

The technology is a compact binary language that a browser will convert into machine code and run it directly on the CPU. Browser makers created WebAssembly to improve the speed of delivery and performance of JavaScript code, but as a side effect, they also created a way for developers to port code from other high-level languages (such as C, C++, and others) into Wasm, and then run it inside a browser. All in all, the WebAssembly standard is viewed as a success in the web dev community, and there've been praises for it all around.

Another high-profile endorsement for Firefox -- this time from the lead consumer technology writer for The New York Times. (Alternate link here). The web has reached a new low. It has become an annoying, often toxic and occasionally unsafe place to hang out. More important, it has become an unfair trade: You give up your privacy online, and what you get in return are somewhat convenient services and hyper-targeted ads. That's why it may be time to try a different browser.

Remember Firefox...? About two years ago, six Mozilla employees were huddled around a bonfire one night in Santa Cruz, Calif., when they began discussing the state of web browsers. Eventually, they concluded there was a "crisis of confidence" in the web. "If they don't trust the web, they won't use the web," Mark Mayo, Mozilla's chief product officer, said in an interview.... After testing Firefox for the last three months, I found it to be on a par with Chrome in most categories. In the end, Firefox's thoughtful privacy features persuaded me to make the switch and make it my primary browser.
The Times cites privacy features like Firefox's "Facebook Container," which prevents Facebook from tracking you after you've left their site.

While both Chrome and Firefox have tough security (including sandboxing), Cooper Quintin, a security researcher for the Electronic Frontier Foundation, tells the Times that Google "is fundamentally an advertising company, so it's unlikely that they will ever have a business interest in making Chrome more privacy friendly."

Exploit kits, once a preferred choice of attackers to invade a victim's browser and find way to their computer, are increasingly diminishing in their effectiveness. If you have an updated browser, chances are it packs adequate resources to fight such attacks. Catalin Cimpanu, writing for BleepingComputer: Exploit kits (EK) have been around on the criminal underground for more than a decade and were once pretty advanced, often being a place where researchers found zero-days on a regular basis. But as browsers got more secure in recent years, exploit kits started to die out in 2016-2017. Most operators were arrested, moved to other things, and nobody developed new exploits to add to the arsenal of EK left on the market, which slowly began falling behind when it came to their effectiveness to infect new victims.

A Palo Alto Networks report published yesterday details statistics about the vulnerabilities used by current exploit kits in the first three months of the year (Q1 2018). According to the gathered data, researchers found 1,583 malicious URLs across 496 different domains, leading to landing pages (URLs) where an EK attempted to run exploits only for only a meager eight vulnerabilities. All eight were old and known bugs, with the newest dating back to 2016. Seven of the eight vulnerabilities targeted Internet Explorer, meaning that using a more modern browser like Chrome and Firefox is a simple, yet effective way of avoiding falling victim to exploit kits.

Brian Fagioli, writing for BetaNews: Samsung announces its latest such laptop -- the premium, yet affordable, Chromebook Plus (V2). This is a refresh of the first-gen "Plus" model. It can run Android apps and doubles as a convertible tablet, making it very versatile. Best of all, you won't have to wait long to get it -- it will go on sale very soon. "The Samsung Chromebook Plus (V2) puts productivity and entertainment at consumers' fingertips and at the tip of the built-in pen. At 2.91 pounds, its thin design makes it easy to slip into a bag and carry all day -- or use throughout the day with its extended battery life. Flipping its 12.2-inch FHD 1920x1080 resolution screen transforms it from notebook to tablet to sketchbook -- and back -- with two cameras for making it easier to stay connected with friends and sharing with the world. Plus, Chrome OS helps users get more done by providing access to millions of Android apps on Google Play," says Samsung. The Chromebook Plus, powered by Intel Celeron Processor 3965Y and 4GB of RAM, goes on sale later this month at $499.

jrepin writes: KDE unveils the final release of Plasma 5.13, the free and open-source desktop environment. Members of the Plasma team have focused on optimizing startup and minimizing memory usage. Plasma Browser Integration is a suite of new features which make Firefox, Chrome and Chromium-based browsers work with your desktop. For example, downloads are now displayed in the Plasma notification popup, and the Media Controls Plasmoid can mute and skip videos and music playing from within the browser. Browser tabs can be opened directly using KRunner via the Alt-Space keyboard shortcut. System Settings design has been improved further. Window manager gained much-improved effects for blur and desktop switching. Wayland work continued, with the return of window rules, and initial support for screencasts and desktop sharing. You can view the changelog here.

An anonymous reader writes: Google today announced that Chrome will no longer support inline installation of extensions. New extensions lose inline installation starting today, existing extensions will lose the ability in three months, and in early December the inline install API will be removed from the browser with the release of Chrome 71. Critics have pointed out such moves make the Chrome Web Store a walled garden, while Google insists pushing users to the store ultimately protects them.