Chrome's anonym-ish incognito mode

Subject: General Tech | August 23, 2018 - 12:27 PM |
Tagged: chrome, google, incognito, obvious

To cut straight to the chase, if you are browsing anonymously and log into one of your accounts, you are no longer anonymous; a seemingly obvious fact which is making headlines today.  A Google rep feels this is being pushed by Oracle who are hoping to turn public opinion against Google, though how that would affect their ongoing legal battles is unclear.  The timing is rather unfortunate as the publics opinion of Google plummeted after being reminded that Google Maps always knows where you are if you have it installed. 

The Inquirer does remind us what is worth getting upset about; Google's unsubstantiated claim that they offer tools to prevent their products from tracking you and a way to delete your entire history. 

incognito-mode1.jpg

"A researcher from Vanderbilt University in Nashville, Tennessee found that although the data collected appears to be anonymised, in reality, Google can retroactively identify it from the usernames and other account data used during the session."

Here is some more Tech News from around the web:

Tech Talk

 

Source: The Inquirer

Spectre doesn't stand a ghost of a chance on the new Chrome, nor will your available RAM

Subject: General Tech | July 12, 2018 - 02:10 PM |
Tagged: chrome, security, spectre

Chrome's predilection for gobbling up vast amounts of RAM will soon increase to new levels but it is for a very good reason.  Chrome 67 will offer a Site Isolation feature which will protect you against a variety of Spectre attacks.   When you have this feature enabled in Chrome each site would be isolated, with the a single renderer process per page.  This means coss-site iframes and pop-ups will be unable to read data from other pages; in fact a single site may spawn multiple render processes, each running in isolation.

There is of course a cost, The Inquirer was quoted an increase of 10-13% in RAM usage ... so better get a 128GB kit.

d3aql.png

"The new feature basically splits the render process into separate tasks using out-of-process iframes, which makes it difficult for speculative execution exploits like Spectre to snoop on data."

Here is some more Tech News from around the web:

Tech Talk

 

Source: The Inquirer

Mozilla, Opera, and Google Pull Malicious Extension

Subject: General Tech | July 6, 2018 - 09:12 PM |
Tagged: Opera, mozilla, google, firefox, chrome

I don’t think this should surprise anyone, but it’s good to report on none-the-less. There was a popular browser extension, called Stylish, that allowed users to customize the pages that they visit, and share those customizations with their friends. It’s a cool concept, but it was later sold to another company. That new owner changed the extension to monitor its users.

Mozilla, Opera, and Google slapped it across the jaw with a banhammer.

valve-nope.jpg

If you go to Mozilla’s Firefox Add-ons site, Opera's Add-ons site, or Google’s Chrome Web Store, you will get a 404. If you already installed the extension, it will be removed from your browser. As such, you probably don’t need to worry about it, because the browser vendors went DEFCON 1 on it.

But just in case you haven’t yet got the kill signal (because you’re behind a limited VPN or something) be sure to remove “Stylish” from your browser.

This also raises the point about curated app stores: review isn't perfect. Sometimes malicious software can go unnoticed for years. It's best not to get too complacent.

Source: Sophos

Google versus the law of unintended consequences

Subject: General Tech | May 16, 2018 - 01:21 PM |
Tagged: google, alphabet, chrome, ads

Killing off autoplaying adverts in Chrome is a wonderful thing and has brought peace and quiet to many a browsing session, unless you are someone who likes to play games in your browser.  It seems some games are not functioning properly, even after being whitelisted and so in the new version Google will be rolling back that change to give devs time to change how their games work.  This likely means a fair amount of games are about to be abandoned as Google does not intend to change how their block works but are instead putting the onus on the devs to change the code on their free to play games.  The Inquirer links to the Chromium blog so you can get the news straight from the horse's mouth.

26-newgrounds.w710.h473.jpg

"GOOGLE HAS been forced to roll back its new autoplay policy for web video in Chrome after it became apparent that it was borking legitimate content."

Here is some more Tech News from around the web:

Tech Talk

Source: The Inquirer

Chrome offers a more peaceful web

Subject: General Tech | February 14, 2018 - 12:47 PM |
Tagged: chrome, ad blocker

On Feb 15th Chrome will push out an update which will enable ad filtering on the popular web browser.  They will not take this to the extremes of many ad blocker or script filtering add-ins but instead will block ads which do not conform to the guidelines of the Coalition for Better Ads.  That would mean full page ads with a timer to prevent you from accessing the page until it hits zero, ones with autoplaying audio, pop ups and flashing ads

There will likely be some unintended consequences, as various text editors have pop ups to recover data and there are sites where you want autoplaying content so we shall see how Chrome modifies their ad filter over time.  This is good news for websites as it does not completely prevent ad revenue, only encourages the owners to ensure the ads they allow to be displayed follow certain guidelines.   Pop by Slashdot if you want to join in their reasoned and informed discussion about tomorrows update.

ads-720184.jpg

"Chrome's ad filtering is designed to weed out some of the web's most annoying ads, and push website owners to stop using them. Google is not planning to wipe out all ads from Chrome, just ones that are considered bad using standards from the Coalition for Better Ads. Full page ads, ads with autoplaying sound and video, and flashing ads will be targeted by Chrome's ad filtering, which will hopefully result in less of these annoying ads on the web."

Here is some more Tech News from around the web:

Tech Talk

 

Source: Slashdot

Cryptonight mining with Chrome

Subject: General Tech | October 24, 2017 - 01:14 PM |
Tagged: cryptonight, chrome, mining, security

Have you noticed your Chrome sessions are using a lot more CPU power now than they used to and you have installed the Short URL (goo.gl) extension recently?  Congratulations, you are a cryptocurrency miner!  It seems some ne'r-do-well managed to infect the server which provides that app with a mining program called Cryptonight which enlists your browser into mining XMR coins.  For now your best bet is to uninstall that application if you have it installed; it has been removed from Google Play if you do not.  The Register has a bit more information on Cryptonight as well as some history on similar browser miners here.

monero-la-gi.png

"Another Chrome extension has been found secretly harboring a cryptocurrency miner – and it appears this issue is going to get worse before it gets better."

Here is some more Tech News from around the web:

Tech Talk

 

Source: The Register

Fool me once, shame on me ... Chrome gives Symantec the cold shoulder

Subject: General Tech | September 12, 2017 - 02:29 PM |
Tagged: chrome, symantec, security

The original issue dates back two years ago, when a serious security issue was discovered effecting all Norton and Symantec products which allowed an attacker to easily infect your Windows kernel without any user interaction.  Following that revelation were a round of firings at Symantec which were intended to reassure customers and security experts which were somewhat successful, until earlier this year.  In January it was discovered that Symantec provided digital certificates to verify the authenticity of several questionable sites, including ones never authorized by ICANN.  This has been enough for Google; Chrome will no longer trust older Symantec certs in version 66 and will not trust any as of version 70.  The Inquirer provides a full timeline here.

1406048971_Symantec-Logo.png

"The decision to remove Symantec certificates came as a result of the discovery of a dodgy certificate in 2015, leading to a fuller investigation that brought forward more issues with security at the beginning of this year."

Here is some more Tech News from around the web:

Tech Talk

 

Source: The Inquirer

Firefox 51 and Chrome 56 Launch with WebGL 2.0

Subject: General Tech | January 27, 2017 - 03:55 PM |
Tagged: webgl, webgl2, firefox, chrome, google, mozilla, Opera

After quite a bit of anticipation, both Mozilla and Google have just shipped compatible implementations of WebGL 2. This feature was unlocked to the public in Firefox 51 and Chrome 56 for the desktop, both released this week, while Opera will push it out to desktop and mobile on their next version, Opera 43. Microsoft currently has the API “under consideration” for Edge.

As we’ve highlighted in the past, this new version of the graphics API pushes the platform up to OpenGL ES 3.0, with a few exceptions that are typically made for security reasons. This update allows quite a few new features like off-screen render targets, which is useful for deferred rendering. The shading language is also significantly larger, and can now operate natively on integer types and 3D textures.

WebGL 2.0 does not include compute shaders, however, which is a bit unfortunate. That said, it is (at least last I checked) a highly-requested feature and the browser vendors are interested in providing it.

"HTML5 by Default" Rolling in to Chrome Userbase

Subject: General Tech | December 13, 2016 - 02:47 PM |
Tagged: google, chrome, Adobe, flash

Google is about to begin transitioning their users away from Flash, unless they explicitly enable it on a site-by-site basis. This is a step beyond click-to-activate, which refuses to activate the plug-in until the user permits it, that will not even acknowledge the plug-in’s existence unless the user requests it. The difference is that this tells sites to treat the browser as not having Flash, which, for PC Perspective as an example, should load our HTML5 article carousel instead of presenting a click-to-activate Flash one that has an expanding oval transition animation.

Google_Chrome_icon_(2011).png

Because changes like these could have side-effects, Google is dipping their toe before jumping in. About 1% of users on the current Chrome 55 (and ~50% of Chrome 56 pre-release users) will have this change flipped on any day now, which contains the outrage if it breaks something popular or, otherwise, causes user grief. If it all goes well, though, it will be enabled for everyone when Chrome 56 arrives for the general public in February.

Source: Google

About the "Firefox Is Eating Your SSD" Story

Subject: Storage | October 5, 2016 - 07:57 PM |
Tagged: ssd, mozilla, google, firefox, endurance, chrome

A couple of weeks ago, I saw a post pop up on Twitter a few times about Firefox performing excessive writes to SSDs, which total up to 32GBs in a single day. The author attributes it mostly to a fast-updating session restore feature, although cookies were also resource hogs in their findings. In an update, they also tested Google Chrome, which, itself, clocked in over 24GB of writes in a day.

mozilla-2016-donothurt.png

This, of course, seemed weird to me. I would have thought that at least one browser vendor might notice an issue like this. Still, I passed the link to Allyn because he would be much more capable in terms of being able to replicate these results. In our internal chat at the time, he was less skeptical than I was. I've since followed up with him, and he said that his initial results “wasn't nearly as bad as their case”. He'll apparently elaborate on tonight's podcast, and I'll update this post with his findings.