Firefox is working on a blocker for annoying in-page alerts that often ask you to input your email address to receive a newsletter from the site. "The feature is still in the planning stages, but Mozilla is asking users for any examples of sites with annoying pop-ups," reports Android Police. "Mozilla wants to make Firefox automatically detect and dismiss the popups." From the report: If you know of sites that use in-page popups (whether it be newsletter signups, surveys, or something else), you can fill out the survey here. There are also Firefox and Chrome extensions that make the process easier. I'll be interested to see how Mozilla pulls this off, it will no doubt be difficult to detect the difference between helpful and not-helpful popups.

A report by VpnMentor, a website which ranks VPN services, reveals several vulnerabilities in Hotspot Shield, Zenmate, and PureVPN -- all of which promise to provide privacy for their users. VpnMentor says it hired a team of three external ethical hackers to find vulnerabilities in three random popular VPNs. While one hacker wants to keep his identity private, the other two are known as File Descriptor and Paulos Yibelo. ZDNet: The research reveals bugs that can leak real-world IP addresses, which in some cases can identify individual users and determine a user's location. In the case of Hotspot Shield, three separate bugs in how the company's Chrome extension handles proxy auto-config scripts -- used to direct traffic to the right places -- leaked both IP and DNS addresses, which undermines the effectiveness of privacy and anonymity services. [...] AnchorFree, which makes Hotspot Shield, fixed the bugs, and noted that its mobile and desktop apps were not affected by the bugs. The researchers also reported similar IP leaking bugs to Zenmate and PureVPN.

Variety gets access to the people at Netflix who take care of the tech: Netflix has its own cell towers. Netflix wants to test its app running on mobile devices under a variety of conditions available around the world, so the company decided to bring the operating equipment of six cell towers to its Los Gatos offices. "Minus the towers," quipped Scott Ryder, the company's director of mobile streaming. The cell tower equipment is housed in the company's mobile device lab, where they are joined by a number of cabinets that look like fancy Netflix-themed fridges, but in reality are Faraday cage-like boxes to suppress any outside interference, and also make sure that those experimental cell towers don't mess up phone reception on the rest of the campus. Each of these boxes can house dozens of devices, and emulate certain mobile or Wi-Fi conditions. "We can make a box look like India, we can make a box look like the Netherlands," Ryder said. Altogether, Netflix runs over 125,000 tests in its mobile lab every single day.[...]

Netflix just re-encoded its entire catalog, again. To optimize videos for mobile viewing, Netflix recently re-encoded its entire catalog on a per-scene basis. "We segment the videos into shots, we analyze the video per shot," said the company's director of video algorithms Anne Aaron. Now, an action scene in a show may stream at a higher bit rate than a scene featuring a slow monologue -- and users with limited bandwidth are set to save a lot of data. A few years back, 4 GB of mobile data would get you just about 10 hours of Netflix video, said Aaron. Now, members can watch up to 26 hours while consuming the same amount of data. Netflix previously re-encoded its entire catalog on a per-title basis, which already allowed it to stream animated shows at much lower bitrates than action movies with a lot of visual complexity. The next step for the company will be to adopt AV1, an advanced video codec developed by an alliance of companies that also includes Apple, Amazon, and Google. Aaron said Netflix could start streaming in AV1 before the end of this year, with Chrome browsers likely being first in line to receive AV1 streams.

Comcast's Xfinity internet customers have been reporting multiple websites, including PayPal, Steam, and TorrentFreak have been getting blocked by the ISP's "protected browsing" setting. From a report: The "protected browsing" setting is designed to "reduce the risk of accessing known sources of malware, spyware, and phishing for all devices connected to your home network." This, in general, isn't a bad thing. It's similar to Google Chrome's security settings that warn you when you have an insecure connection. But it's odd that Xfinity's security setting would be blocking perfectly harmless sites like PayPal. Multiple consumers have been reporting on Comcast's forums and elsewhere that they've been blocked while trying to access sites that many people use every day. After posting about it on the forums, one user who said they couldn't access PayPal said the problem with that particular site had been fixed. Further reading: Comcast's Protected Browsing Blocks TorrentFreak as "Suspicious" Site (TorrentFreak).

An anonymous reader quotes a report from VentureBeat: Google today launched Chrome 65 for Windows, Mac, Linux, and Android. Additions in this release include Material Design changes and new developer features. You can update to the latest version now using the browser's built-in silent updater or download it directly from google.com/chrome. Chrome 65 comes with a few visual changes. The most obvious is related to Google's Material Design mantra. The extensions page has been completely revamped to follow it. Next up, Chrome 65 replaces the Email Page Location link in Chrome for Mac's File menu with a Share submenu. As you might expect, Mac users can use this submenu to share the URL of a current tab via installed macOS Share Extensions. Speaking of Macs, Chrome 65 is also the last release for OS X 10.9 users. Chrome 66 will require OS X 10.10 or later. Moving on to developer features, Chrome 65 includes the CSS Paint API, which allows developers to programmatically generate an image, and the Server Timing API, which allows web servers to provide performance timing information via HTTP headers.

An anonymous reader quotes a report from Ars Technica: Google's Chrome browser is now built using the Clang compiler on Windows. Previously built using the Microsoft C++ compiler, Google is now using the same compiler for Windows, macOS, Linux, and Android, and the switch makes Chrome arguably the first major software project to use Clang on Windows. Chrome on macOS and Linux has long been built using the Clang compiler and the LLVM toolchain. The open-source compiler is the compiler of choice on macOS, making it the natural option there, and it's also a first-class choice for Linux; though the venerable GCC is still the primary compiler choice on Linux, by using Clang instead, Google ensured that it has only one set of compiler quirks and oddities to work with rather than two. But Chrome on Windows has instead used Microsoft's Visual C++ compiler. The Visual C++ compiler is the best-supported, most widely used compiler on Windows and, critically, is the compiler with the best support for Windows' wide range of debugging and diagnostic tools. The Visual Studio debugger is widely loved by the C++ community, and other tools, such as the WinDbg debugger (often used for analyzing crash dumps), are core parts of the Windows developer experience.

An anonymous reader writes: The percentage of daily Chrome users who've loaded at least one page containing Flash content per day has gone down from around 80% in 2014 to under 8% in early 2018. These statistics on Flash's declining numbers were shared with the public by Parisa Tabriz, Director of Engineering at Google, one of the Google bigwigs in charge of Chrome's security. Google plans to ship Flash disabled-by-default with Chrome 76 (July 2019) and remove it completely in Chrome 87 (December 2020).

Chromebook users may soon have a simpler way to run their favorite Linux distribution and applications on Google's Chrome OS hardware. From a report: As spotted by Chrome Unboxed, there's a newly merged commit in Chromium Gerrit describing a "new device policy to allow Linux VMs on Chrome OS." A related entry suggests support could come with Chrome OS version 66, which is due out in stable release around April 24, meaning Google might announce it at its annual IO developer conference, which starts on May 8. Developers can already use a tool called Crouton to install and run Linux on Chrome OS, but there is a security trade-off because Chrome OS needs to be switched to developer mode to use it. There's also a Crouton extension called Xiwi to enable using an OS in a browser window on Chrome OS. However, it too requires developer mode to be enabled. A recent commit suggests Chrome developers are working on a project called Crostini that may solve the developer mode problem by allowing Linux VMs to run inside a container.

Google's latest consumer version of Chrome, version number 64, just started cleaning up messy referral links for you. From a report: Now, when you go to share an item, you'll no longer see a long tracking string after a link, just the primary link itself. This feature now happens automatically when sharing links in Chrome, either by the Share menu or by copying the link and pasting it elsewhere. Even though it slices off the extra bit of the URL, this doesn't affect referral information. If you choose, you can copy and paste directly from the URL bar to grab the link in entirety.

Google recently removed the convenient "view image" button from its search results as a result of a lawsuit with stock-photo agency Getty. Thankfully, one day later, a developer created an extension that brings it back. 9to5Google reports: It's unfortunate to see that button gone, but an easy to use Chrome extension brings it back. Simply install the extension from the Chrome Web Store, and then any time you view an image on Google Image Search, you'll be able to open that source image. You can see the functionality in action in the video below. The only difference we can see with this extension versus the original functionality is that instead of opening the image on the same page, it opens it in a new tab. The extension is free, and it will work with Chrome for Windows, Mac, Chrome OS, or anywhere else the full version of Chrome can be used. 9to5Google has a separate post with step-by-step instructions to get the Google Images "view image" button back.

TickBox TV, the company behind a Kodi-powered streaming device, must release a new software updater that will remove copyright-infringing addons from previously shipped devices. A California federal court issued an updated injunction in the lawsuit that was filed by several major Hollywood studios, Amazon, and Netflix, which will stay in place while both parties fight out their legal battle. TorrentFreak reports: Last year, the Alliance for Creativity and Entertainment (ACE), an anti-piracy partnership between Hollywood studios, Netflix, Amazon, and more than two dozen other companies, filed a lawsuit against the Georgia-based company Tickbox TV, which sells Kodi-powered set-top boxes that stream a variety of popular media. ACE sees these devices as nothing more than pirate tools so the coalition asked the court for an injunction to prevent Tickbox from facilitating copyright infringement, demanding that it removes all pirate add-ons from previously sold devices. Last month, a California federal court issued an initial injunction, ordering Tickbox to keep pirate addons out of its box and halt all piracy-inducing advertisements going forward. In addition, the court directed both parties to come up with a proper solution for devices that were already sold.

The new injunction prevents Tickbox from linking to any "build," "theme," "app," or "addon" that can be indirectly used to transmit copyright-infringing material. Web browsers such as Internet Explorer, Google Chrome, Safari, and Firefox are specifically excluded. In addition, Tickbox must also release a new software updater that will remove any infringing software from previously sold devices. All tiles that link to copyright-infringing software from the box's home screen also have to be stripped. Going forward, only tiles to the Google Play Store or to Kodi within the Google Play Store are allowed. In addition, the agreement also allows ACE to report newly discovered infringing apps or addons to Tickbox, which the company will then have to remove within 24-hours, weekends excluded.

Google is enabling its built-in ad blocker for Chrome tomorrow (February 15th). From a report: Chrome's ad filtering is designed to weed out some of the web's most annoying ads, and push website owners to stop using them. Google is not planning to wipe out all ads from Chrome, just ones that are considered bad using standards from the Coalition for Better Ads. Full page ads, ads with autoplaying sound and video, and flashing ads will be targeted by Chrome's ad filtering, which will hopefully result in less of these annoying ads on the web. Google is revealing today exactly what ads will be blocked, and how the company notifies site owners before a block is put in place. On desktop, Google is planning to block pop-up ads, large sticky ads, auto-play video ads with sound, and ads that appear on a site with a countdown blocking you before the content loads. Google is being more aggressive about its mobile ad blocking, filtering out pop-up ads, ads that are displayed before content loads (with or without a countdown), auto-play video ads with sound, large sticky ads, flashing animated ads, fullscreen scroll over ads, and ads that are particularly dense.

The most recent Linux Questions poll results are in. Steven J. Vaughan-Nichols, writing for ZDNet: LinuxQuestions, one of the largest internet Linux groups with 550,000 members, has just posted the results from its latest survey of desktop Linux users. In the always hotly-contested Linux desktop environment survey, the winner was the KDE Plasma Desktop. It was followed by the popular lightweight Xfce, Cinnamon, and GNOME. If you want to buy a computer with pre-installed Linux, the Linux Questions crew's favorite vendor by far was System76. Numerous other computer companies offer Linux on their PCs. These include both big names like Dell and dedicated small Linux shops such as ZaReason, Penguin Computing, and Emperor Linux. Many first choices weren't too surprising. For example, Linux users have long stayed loyal to the Firefox web browser, and they're still big fans. Firefox beat out Google Chrome by a five-to-one margin. And, as always, the VLC media player is far more popular than any other Linux media player. For email clients, Mozilla Thunderbird remains on top. That's a bit surprising given how Thunderbird's development has been stuck in neutral for some time now. When it comes to text editors, I was pleased to see vim -- my personal favorite -- win out over its perpetual rival, Emacs. In fact, nano and Kate both came ahead of Emacs.

In an effort to force websites to better protect their users, the Chrome web browser will label all sites not encrypted traffic as "Not secure" in the web address bar, Google announced Thursday. From a report: Encrypted traffic allows users to access data on a website without allowing potential eavesdroppers to see anything the users visit. HTTPS also prevents meddlers from changing information in transit. During normal web browsing, Google currently displays a "Not secure" warning in the next to a site's URL if it forgoes HTTPS encryption and a user enters data. Now the browser will label all sites without HTTPS encryption this way.

Fake news, bots, and propaganda were hot topics at the World Economic Forum meeting in Davos last month, and Google executives there floated an intriguing idea to some fellow attendees -- what if the company could tell users whether information is trustworthy before they shared it on social networks like Facebook and Twitter? From a report: Representatives from Google and its parent company Alphabet eagerly discussed how the company can play a greater role in reducing misleading information online, several Davos attendees involved in and briefed on these conversations told Quartz. A notification system, perhaps via an optional extension for Google's Chrome browser, was an idea that these people said was broached more than once. Such a browser-based system controlled by Google could alert users on Facebook's or Twitter's websites when they're seeing or sharing a link deemed to be false or untrustworthy. Right now, this appears to be merely an idea company executives are discussing, not a product in development.

An anonymous reader writes: The story of Azimuth Security, a tiny startup in Australia, provides a rare peek inside the secretive industry that helps government hackers get around encryption. Azimuth is part of an opaque, little known corner of the intelligence world made of hackers who develop and sell expensive exploits to break into popular technologies like iOS, Chrome, Android and Tor.

An anonymous reader shares a report: The operators of some tech support scam websites have found a new trick to block visitors on their shady sites and scare non-technical users into paying for unneeded software or servicing fees. The trick relies on using JavaScript code loaded on these malicious pages to initiate thousands of file download operations that quickly take up the user's memory resources, freezing Chrome on the scammer's site. The trick is meant to drive panicked users into calling one of the tech support phone numbers shown on the screen. According to Jerome Segura -- Malwarebytes leading expert in tech support scam operations, malvertising, and exploit kits -- this new trick utilizes the JavaScript Blob method and the window.navigator.msSaveOrOpenBlob function to achieve the "download bomb" that freezes Chrome.

Copyediting app Grammarly included a gaping security hole that left users of its browser extension open to more embarrassment than just misspelled words. From a report: The Grammarly browser extension for Chrome and Firefox contained a "high severity bug" that was leaking authentication tokens, according to a bug report by Tavis Ormandy, a security researcher with Google's Project Zero. This meant that any website a Grammarly user visited could access the user's "documents, history, logs, and all other data," according to Ormandy. Grammarly provides automated copyediting for virtually anything you type into a browser that has the extension enabled, from blogs to tweets to emails to your attorney. In other words, there is an unfathomable number of scenarios in which this kind of major vulnerability could result in disastrous real-world consequences. Grammarly has approximately 22 million users, according to Ormandy, and the company told Gizmodo in an email that it "has no evidence that any user information was compromised" by the security hole. "We're continuing to monitor actively for any unusual activity," a Grammarly spokesperson said.

Several news features rolling out to Chromebooks paint a picture of the future of Chrome OS as the rightful replacement for Android tablet software. Those include a new split-screen feature for multitasking while in tablet mode, and a screenshot feature borrowed from Android. The Verge reports: As it stands now, Chrome OS is very close to taking up the mantle there, and features like this push it ever closer to becoming the hybrid OS for all types of Google-powered screens. This has been in the works for quite a while as Google's Chrome and Android teams have coordinated closely to ensure the influx of low-cost, hybrid computing devices like 2-in-1 Chromebooks get the best of both worlds. There is, of course, Android app compatibility on Chrome OS, an initiative that first arrived somewhat half-baked last year and has taken months to fully jell as Google worked out the kinks. For instance, just last month Google added the ability for Android apps on Chromebooks run in the background. In July of last year, Google also began embarking on a touch-focused redesign of Chrome OS to make the software more functional in tablet mode. We're likely not getting the full-blown merging of the two divisions and their respective platforms anytime soon, or perhaps ever, as Google has played with the idea for years without ever seeming to decide that one platform should supersede the other. In essence, however, Android remains Google's dominant mobile OS, while Chrome OS has been taking on more responsibility as Chromebooks have steadily become more capable and tablet-like.

An anonymous reader writes: Future versions of Google Chrome will feature built-in support for lazy loading, a mechanism to defer the loading of images and iframes if they are not visible on the user's screen at load time. This system will first ship with Chrome for Android and Google doesn't rule out adding it to desktop versions if tests go as planned. The feature is called Blink LazyLoad, and as the name hints, it will implement the principle of "lazy loading" inside Chrome itself.

Google engineers reported page load speed improvements varying from 18% to 35%, depending on the underlying network. Other browser makers have been notified of the Chrome team's plan, but none have provided input if they plan to implement a similar feature. Compared to most JS-based lazy loading scripts that only target images, Google implementation will also target iframes.