Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Privacy

Fingerprinting Methods Identify Users Across Different Browsers On the Same PC (bleepingcomputer.com) 88

An anonymous reader quotes a report from BleepingComputer: A team of researchers from universities across the U.S. has identified different fingerprinting techniques that can track users when they use different browsers installed on the same machine. Named "cross-browser fingerprinting" (CBF), this practice relies on new technologies added to web browsers in recent years, some of which had been previously considered unreliable for cross-browser tracking and only used for single browser fingerprinting. These new techniques rely on making browsers carry out operations that use the underlying hardware components to process the desired data. For example, making a browser apply an image to the side of a 3D cube in WebGL provides a similar response in hardware parameters for all browsers. This is because the GPU card is the one carrying out this operation and not the browser software. According to the three-man research team led by Assistant Professor Yinzhi Cao from the Computer Science and Engineering Department at Lehigh University, the following browser features could be (ab)used for cross-browser fingerprinting operations: [Screen Resolution, Number of CPU Virtual Cores, AudioContext, List of Fonts, Line, Curve, and Anti-Aliasing, Vertex Shader, Fragment Shader, Transparency via Alpha Channel, Installed Writing Scripts (Languages), Modeling and Multiple Models, Lighting and Shadow Mapping, Camera and Clipping Planes.] Researchers used all these techniques together to test how many users they would be able to pin to the same computer. For tests, researchers used browsers such as Chrome, Firefox, Edge, IE, Opera, Safari, Maxthon, UC Browser, and Coconut. Results showed that CBF techniques were able to correctly identify 99.24% of all test users. Previous research methods achieved only a 90.84% result.
Opera

Opera Neon Turns Your Web Browser Into a Mini Desktop (engadget.com) 78

Opera today announced it's launching a new browser called Opera Neon. From a report on Engadget:It's a separate "concept" browser that shows where software could go. It's much more visual, with an uncluttered look, tabs and shortcuts as bubbles and a side control bar that largely gets out of your way. However, the real fun starts when you want to juggle multiple sites -- this is more of an intelligent desktop than your usual web client. If you want to have two pages running side by side, it's relatively easy: you drag one of your open tabs to the top of the window, creating a split view much like what you see in Windows or the multi-window modes on mobile devices. Also, Neon acknowledges that your browser can frequently double as a media player. You can listen to tunes in the background, or pop out a video in order to switch websites while you watch. These aren't completely novel concepts all by themselves, but it's rare to see all of them in a browser at the same time.
Mozilla

Browser Autofill Profiles Can Be Abused For Phishing Attacks (bleepingcomputer.com) 112

An anonymous reader quotes Bleeping Computer: Browser autofill profiles are a reliable phishing vector that allow attackers to collect information from users via hidden form fields, which the browser automatically fills with preset personal information and which the user unknowingly sends to the attacker when he submits a form... Finnish web developer Viljami Kuosmanen has published a demo on GitHub... A user looking at this page will only see a Name and Email input field, along with a Submit button. Unless the user looks at the page's source code, he won't know that the form also contains six more fields named Phone, Organization, Address, Postal Code, City, and Country. If the user has an autofill profile set up in his browser, if he decides to autofill the two visible fields, the six hidden fields will be filled in as well, since they're part of the same form, even if invisible to the user's eye.

Browsers that support autofill profiles are Google Chrome, Safari, and Opera. Browsers like Edge, Vivaldi, and Firefox don't support this feature, but Mozilla is currently working on a similar feature.

Electronic Frontier Foundation

2016 Saw A Massive Increase In Encrypted Web Traffic (eff.org) 91

EFF's "Deeplinks" blog has published nearly two dozen "2016 in Review" posts over the last nine days, one of which applauds 2016 as "a great year for adoption of HTTPS encryption for secure connections to websites." An anonymous reader writes: In 2016 most pages viewed on the web were encrypted. And over 21 million web sites obtained security certificates -- often for the first time -- through Let's Encrypt. But "a sizeable part of the growth in HTTPS came from very large hosting providers that decided to make HTTPS a default for sites that they host, including OVH, Wordpress.com, Shopify, Tumblr, Squarespace, and many others," EFF writes. Other factors included the support of Transport Layer Security (TLS) 1.3 by Firefox, Chrome, and Opera.
Other "2016 in Review" posts from EFF include Protecting Net Neutrality and the Open Internet and DRM vs. Civil Liberties. Click through for a complete list of all EFF "2016 in Review" posts.
Chrome

Slashdot Asks: Why Are Browsers So Slow? (ilyabirman.net) 766

Designer Ilya Birman writes: I understand why rendering a complicated layout may be slow. Or why executing a complicated script may be slow. Actually, browsers are rather fast doing these things. If you studied programming and have a rough idea about how many computations are made to render a page, it is surprising the browsers can do it all that fast. But I am not talking about rendering and scripts. I am talking about everything else. Safari may take a second or two just to open a new blank tab on a 2014 iMac. And with ten or fifteen open tabs it eventually becomes sluggish as hell. Chrome is better, but not much so. What are they doing? The tabs are already open. Everything has been rendered. Why does it take more than, say, a thousandth of a second to switch between tabs or create a new one? Opening a 20-megapixel photo from disk doesn't take any noticeable amount of time, it renders instantaneously. Browsers store their stuff in memory. Why can't they just show the pixels immediately when I ask for them? [...] Unfortunately, modern browsers are so stupid that they reload all the tabs when you restart them. Which takes ages if you have a hundred of tabs. Opera was sane: it did not reload a tab unless you asked for it. It just reopened everything from cache. Which took a couple of seconds. Modern browsers boast their rendering and script execution performance, but that's not what matters to me as a user. I just don't understand why programmers spend any time optimising for that while the Chrome is laughably slow even by ten-years-old standards.Do you agree with Birman? If yes, why do you think browsers are generally slow today?
Opera

Opera Developer Comes With Address Bar Speculative Prerenderer Feature (opera.com) 59

Earlier this month, Opera announced a new interesting feature with Opera 43 developer that predicts the website you're about to go to. The company explains: There are two ways we can predict what page the user will soon load. When the current page tells us so, and when we can determine from the users actions that they are about to load something. Pages can use the tag, and for instance Google uses that for search results if they are pretty sure of what you will load next. When someone writes in the address bar they are humanly slow. Sometimes it is obvious what they will write after just 1-2 characters but they will just keep writing or arrowing through suggestions for millions or billions of wasted clock cycles. We expect this feature to results in an average of 1 second faster loads from the address bar. The company insists that this feature saves time and energy without compromising the security. What's your thought?
Opera

Opera Browser Asked to Blacklist Pirate Sites in 'Turbo Mode' (torrentfreak.com) 39

Opera web browser's 'Turbo Mode' is designed to speed up browsing. As a side effect, it also bypasses website blocks, something popular with pirates. However, it appears that the company has been in talks to integrate a blacklist which could stop access to blocked domains. From a report on TorrentFreak: It transpires that earlier this year, Opera's owners were approached by Russian telecoms watchdog Roskomnadzor who aired concerns about the browser's ability to unblock banned sites. It was suggested that Opera should introduce some kind of filtering/blacklist mechanism to disallow blocked sites from accessing 'Turbo Mode.' Russian publication Kommersant says that it was able to confirm the nature of the discussions with sources within Opera. And according to Roskomnadzor's Vadim Ampelonsky, a meeting took place between the parties early in the fall. Ampelonsky says that discussion surrounded the technical issues of keeping blocked sites inaccessible when 'Turbo Mode' is activated. Representatives from Opera reportedly confirmed that this kind of filtering is possible. "We are ready to periodically send a list of sites to enter into such a filter at the conclusion of a bilateral agreement [with Opera]," Ampelonsky says, adding that discussions continue.
Social Networks

Ask Slashdot: Should Web Browsers Have 'Fact Checking' Capability Built-In? 240

Reader dryriver writes: There is no shortage of internet websites these days that peddle "information", "knowledge", "analysis", "explanations" or even supposed "facts" that don't hold up to even the most basic scrutiny -- one quick trip over to Wikipedia, Snopes, an academic journal or another reasonably factual/unbiased source, and you realize that you've just been fed a triple dose of factually inaccurate horsecrap masquerading as "fact". Unfortunately, many millions of more naive internet users appear to frequent sites daily that very blatantly peddle "untruths", "pseudo-facts" or even "agitprop-like disinformation", the latter sometimes paid for by someone somewhere. No small number of these more gullible internet users then wind up believing just about everything they read or watch on these sites, and in some cases cause other gullible people in the offline world to believe in them too. Now here is an interesting idea: What if your internet browser -- whether Edge, Firefox, Chrome, Opera or other -- was able provide an "information accuracy rating" of some sort when you visit a certain URL. Perhaps something like "11,992 internet users give this website a factual accuracy rating of 3.7/10. This may mean that the website you are visiting is prone to presenting information that may not be factually accurate." You could also take this 2 steps further. You could have a small army of "certified fact checkers" -- people with scientific credentials, positions in academia or similar -- provide a rolling "expert rating" on the very worst of these websites, displayed as "warning scores" by the web browser. Or you could have a keyword analysis algorithm/AI/web crawler go through the webpage you are looking at, try to cross-reference the information presented to you against a selection of "more trusted sources" in the background, and warn you if information presented on a webpage as "fact" simply does not check out. Is this a good idea? Could it be made to work technically? Might a browser feature like this make the internet as a whole a "more factually accurate place" to get information from?That's a remarkable idea. It appears to me that many companies are working on it -- albeit not fast enough, many can say. Google, for instance, recently began adding "Fact check" to some stories in search results. I am not sure how every participating player in this game could implement this in their respective web browsers though. Then there is this fundamental issue: the ability to quickly check whether or not something is indeed accurate. There's too much noise out there, and many publications and blogs report on things (upcoming products, for instance) before things are official. How do you verify such stories? If the NYTimes says, for instance, Apple is not going to launch any iPhone next year, and every website cites NYTimes and republishes it, how do you fact check that? And at last, a lot of fake stories circulate on Facebook. You may think it's a problem. Obama may think it's a problem, but does Facebook see it as a problem? For all it care, those stories are still generating engagement on its site.
Opera

Web of Trust, Downloaded 140M Times, Pulled From Extension Stores After Revelations That It Sells Users' Data (theregister.co.uk) 115

According to multiple reports, Web of Trust, one of the top privacy and security extensions for web browsers with over 140 million downloads, collects and sells some of the data of its users -- and it does without properly anonymizing it. Upon learning about this, Mozilla, Google and Opera quickly pulled the extension off their respective extension stores. From a report on The Register: A browser extension which was found to be harvesting users' browsing histories and selling them to third parties has had its availability pulled from a number of web browsers' add-on repositories. Last week, an investigative report by journalists at the Hamburg-based German television broadcaster, Norddeutscher Rundfunk (NDR), revealed that Web of Trust Services (WoT) had been harvesting netizens' web browsing histories through its browser add-on and then selling them to third parties. While WoT claimed it anonymised the data that it sold, the journalists were able to identify more than 50 users from the sample data it acquired from an intermediary. NDR quoted the data protection commissioner of Hamburg, Johannes Caspar, criticising WoT for not adequately establishing whether users consented to the tracking and selling of their browsing data. Those consent issues have resulted in the browser add-on being pulled from the add-on repositories of both Mozilla Firefox and Google Chrome, although those who have already installed the extension in their browsers will need to manually uninstall it to stop their browsing being tracked.
Software

Opera Max Turns To Nagware, Now Prompts Users To Re-enable It Every 12 Hours (androidpolice.com) 121

Opera has long advertised its free VPN service Opera Max to customers. But it looks like, the company isn't pleased with users keeping its servers at work at all times. Over the last few days, according to a report on AndroidPolice, Opera Max has introduced ads on its apps, as well as links to sponsored apps. But the company is not done yet. It now requires a user to go back to the app and "add time" to the free VPN service every 12 hours if they wish to continue the service. Adding time doesn't cost anything, but it will subject users to an ad on each occasion.
Encryption

Firefox Users Reach HTTPS Encryption Milestone (techcrunch.com) 63

For the first time ever, secure HTTPS encryption was used for over half the pageloads served to Mozilla users, representing a big milestone for encryption. TechCrunch reports on the telemetry data tweeted by the Head of Let's Encrypt: Mozilla, which is one of the organizations backing Let's Encrypt, was reporting that 40% of page views were encrypted as of December 2015. So it's an impressively speedy rise...

The Let's Encrypt initiative, which exited beta back in April, is doing some of that work by providing sites with free digital certificates to help accelerate the switch to HTTPS. According to [co-founder Josh] Aas, Let's Encrypt added more than a million new active certificates in the past week -- which is also a significant step up. In the initiative's first six months (when still in beta) it only issued around 1.7 million certificates in all.

The "50% HTTPS" figure is just a one-day snapshot, and it's from "only a subset of Firefox users who are running Mozilla's telemetry browser...not default switched on for most Firefox users (only for users of pre-release Firefox builds)." But the biggest caveat is it's only counting Firefox users, which in July represented just 7.7% of web surfers (according to Statista), behind both Chrome (49.5%) and Safari (13.68%) -- but also ahead of Internet Explorer (5.4%) and Opera (5.99%).
Android

BadKernel Vulnerability Affects One In 16 Android Smartphones (softpedia.com) 58

An anonymous reader writes from a report via Softpedia: A security bug in Google's V8 JavaScript engine is indirectly affecting around one in 16 Android devices, impacting smartphone models from all major vendors, such as LG, Samsung, Motorola, and Huawei. Despite this bug being public for more than a year, only in August 2016 have Chinese security researchers discovered that the V8 issue also affected a whole range of Android-related products where the older V8 engine versions had been deployed. Affected products included Google Chrome Mobile, Opera Mobile, apps that use the WebView component (Gmail, Facebook, Twitter, WeChat, etc.) and apps that deploy the Tencent X5.SDK (a bunch of Chinese apps). It is estimated that around one in 16 Android devices is vulnerable to this issue, nicknamed BadKernel. The flaw leads to a RCE on Android devices, allowing attackers to take full control over one's smartphone. Despite BadKernel being discovered in August 2016, because all research was only published in Chinese, most E.U. and U.S. users have no clue they might be affected. One of the best ways to protect yourself, as noted in the report, is to keep your apps and operating system updated. You can view this list via Trustlook's website to see if your device is affected. There's also a dedicated BadKernel security scanner you can download from the Play Store to check for the vulnerability.
Microsoft

Microsoft Unveils $37 Nokia 216 Feature Phone (theverge.com) 57

Earlier this year, Microsoft announced that it had sold Nokia's remaining feature phone business to FIH Mobile, a subsidiary of Foxconn, for $350 million. Today, Microsoft unveiled the Nokia 216 feature phone, dispelling rumors that it would stop making Nokia phones. The Verge reports: The new Nokia 216 is one of the most basic phones that Microsoft manufactures, and it will be available in India next month for around $37. It includes a 2.4-inch QVGA display, with 0.3-megapixel cameras at the front and rear, running on the Series 30 OS with the Opera mini browser. It even has a headphone jack. It's easy to understand why Microsoft continues to create feature phones, as the company still sells millions of them every month. Microsoft previously hoped that feature phone users would create a Microsoft account and become part of the Microsoft ecosystem, but it's not clear whether the millions of feature phone users ever actually did that. Microsoft hinted earlier this year that it's planning to kill off its Lumia smartphones, and recent rumors have suggested that the Lumia brand will die off toward the end of the year.
Microsoft

Microsoft Reproduces Google's Battery Life Test To Show Edge Beats Chrome (venturebeat.com) 132

Earlier this year, Microsoft said that its Edge browser was more power efficient than Google's Chrome, a claim that Google refuted with its own findings. But the debate isn't over. An anonymous reader writes: Microsoft is at it again -- touting Edge as the most battery-efficient browser on Windows 10. The company has rerun its battery tests from the previous quarter using the latest versions of the major browsers, open-sourced its lab test on GitHub, and published the full methodology. But this time, Microsoft says it also replicated one of Google's tests to show that Edge lasts longer than Chrome, Firefox, and Opera.
Opera

Opera Sync Users May Have Been Compromised In Server Breach (fortune.com) 26

An anonymous reader writes: Someone broke into Opera's servers. The Opera browser has a handy feature for synchronizing browsing data across different devices. Unfortunately, some of the passwords and login information used to enable the feature may have been stolen from Opera's servers. Opera's sync service is used by around 1.7 million people each month. Overall, the browser has 350 million users. The Norwegian firm told its users that someone had gained access to the Opera sync system, and "some of our sync users' passwords and account information, such as login names, may have been compromised." As a result, Opera had to reset all the passwords for the feature, meaning users will need to select new ones.
Android

Opera Brings Its Free VPN Service To Android (techcrunch.com) 26

Frederic Lardinois, writing for TechCrunch: Earlier this year, Opera launched its free and unlimited VPN service for iOS; today it is bringing the same functionality to Android. Like the iOS version, the Android app is based on Opera's acquisition of SurfEasy in 2015 and allows you to surf safely when you are on a public network. While Opera's marketing mostly focuses on safety, Opera VPN also allows you to appear as if you are in the U.S., Canada, Germany, Singapore and The Netherlands, so it's also a way to route around certain geo-restrictions without having to opt for a paid service. In addition to its VPN features, the service also allows you to block ad trackers. Somewhat ironically, though, the app itself will show you some pretty unintrusive ads. "The Opera VPN app for Android sets itself apart from other VPNs by offering a completely free service; without a data limit, no log-in required, advanced Wi-Fi protection features and no need for a subscription," says Chris Houston, the president of Opera's SurfEasy VPN division, in today's announcement.
Bug

FalseCONNECT Vulnerability Affects Software From Apple, Microsoft, Oracle, More (softpedia.com) 32

An anonymous reader writes from a report via Softpedia: "Researcher Jerry Decime revealed details about a security vulnerability that allows an attacker to gain a Man-in-the-Middle position and intercept HTTPS traffic thanks to flaws in the implementation of proxy authentication procedures in various products," reports Softpedia. The flaw can be used to collect user credentials by tricking victims into re-authenticating, sending data to a third-party. Multiple software vendors deploy applications that can handle proxy connections. Until now, Apple, Microsoft, Oracle, and Opera have acknowledged their products are affected. Lenovo said this bug does not impact its software. Other software vendors that are still evaluating the FalseCONNECT bug and may be affected include multiple Linux distros, Cisco, Google, HP, IBM, Juniper, Mozilla, Nokia, OpenBSD, SAP, Sony, and others.
Television

TVs Are Still Too Complicated, and It's Not Your Fault (theverge.com) 234

In his latest column for The Verge, renowned journalist Walt Mossberg argues that TVs -- their UI, execution, underlying technologies, and remote -- are still too complicated. In the latest weekly, he has shared the experience of buying a new TV, setting it up, and the first few days of getting through it. The modern set, Smart TV for most, comes with a plethora of proprietary and standard features. But only a handful of people actually know what these features are -- and how they differ in the models offered by the same company. Mossberg says folks at Best Buy were of little use when explaining these features, but did a good job making false claims such as "you have to buy a sound bar because the TV doesn't have good speakers" even when that wasn't necessarily the case. Now Mossberg, having pioneered tech journalism as it is known today, knows a thing or two about TVs, but for a general consumer, it is an unnecessary thing that could spoil the experience, and make a bigger dent in their TV budget than it should have. But buying the TV wasn't the worst part. Following are excerpts from his column: But learning to use the TV is a whole other story. The Bean Bird (assistive cartoon feature) setup process was pretty straightforward, but it gets you going just enough to start watching something. Tweaking all of the TV's many features, including common ones like picture tones and uncommon ones like zooming in on a part of the picture or using a built-in web browser, takes hours. You must wade through menus containing scores of choices. And some controversial features common to modern TVs are buried deep in these menus. For instance, while I like motion smoothing others strongly dislike it -- it's sometimes known as the "soap opera effect." If you don't like it, the LG's interface doesn't make it at all easy to understand what's happening to your picture or what setting to adjust to turn it off. It's not even called motion smoothing in the menus -- LG calls it "TruMotion." The user interface is also somewhat confusing. There are at least three ways, for instance, to change inputs and at least two to bring up quick settings. The menu for launching apps like Netflix, inputs, and more appears to have a million icons in it and marches for what seems like miles across the bottom of the screen. So you have to edit it, which takes a bunch of time.Mossberg also found issues with the way the remote was designed to execute. "For instance, it's supposed to become a "universal" remote, controlling all your connected set-top boxes, but I can only get it to control some, but not all, of the basic features of my cable box, a TiVo Bolt. And its voice search is pathetic -- far worse than the one on the latest Apple TV."
Firefox

Mozilla To Remove Hello In Firefox 49 (softpedia.com) 128

Firefox's voice and videoconferencing add-on was described as "the first global communications system built directly into a browser" -- but things change. An anonymous Slashdot reader writes: An entry on Mozilla's issue tracker opened on July 17 reveals ongoing efforts from Mozilla engineers to remove the Hello system add-on from default Firefox installations starting with version 49, set for public release on September 13, 2016. Mozilla added Hello to Firefox in version 34, released on December 1, 2014, and from the beginning, it was part of the browser's core code, but was moved in December 2015 into a separate add-on, one that came pre-installed with Firefox, making Hello its first ever system add-on.

Mozilla plans to remove Hello from the codebases of Firefox Beta 49, Firefox Developer Edition 50, and Firefox Nightly 51. Based on the currently available information, the deadline for the Hello code removal operations is for this Monday, August 1, after which the first Firefox builds with no Hello integration will be available for testing, and will ship out in the fall with the stable release.

The article suggests this may have been a space-saving measure, "since Mozilla is focused on rebuilding Firefox's code from scratch to keep up with speedier competitors like Chrome, Opera, and Vivaldi."
Opera

Chinese Consortium's $1.24B Bid To Acquire Opera Software Fails, $600M Deal Agreed Instead (tech.eu) 85

The $1.24 billion takeover of Opera Software by a Chinese consortium of internet firms has failed, Opera said on Monday. The deal did not receive the required regulatory approval in time of a final deadline. But they will be doing some business. The consortium will now acquire only certain parts of Opera's consumer business, including its mobile and desktop browsers, for $600 million on an enterprise value basis. Tech.eu reports: What will not be acquired by the consortium is: Opera Mediaworks, Apps & Games and Opera TV. In 2015, Opera says these business units combined delivered revenues of $467 million. The company will report second-quarter results on August 31, 2016.

Slashdot Top Deals