Jump to content

Search the Community

Showing results for tags 'browsers'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 17 results

  1. Where do browsers stand on Flash's impending demise? It's been two years since Adobe announced it would finally kill off its Flash Player; browser makers plan to follow suit on their own timelines. Thinkstock Two years ago, Adobe announced it would finally kill and bury Flash Player, the plug-in that simultaneously launched a million websites and gave security professionals nightmares. The oft-abused technology, equally praised and scorned even when it was at the top of its game, will land in the digital landfill at the end of 2020, when the company said it "will stop updating and distributing the Flash Player." Browser makers quickly chimed in to tell their users how they would sunset Flash, setting up sometimes specific, sometimes vague, timetables for curtailing usage, figuring that going cold turkey would catch site owners unprepared, break the web and turn customers into angry peasants waving torches and pitchforks. Two years after those initial promises of cutting out Flash, where are the browsers? How about a status update? Chrome's this close to turning Flash off by default Starting with Chrome 76, which is the next version slated to ship, Google's browser will disable Flash by default, the state the browser will remain in until all support is yanked in late 2020. With Flash default disabled - Chrome 76 will appear July 30, or in six weeks - sites requiring the plug-in will show the "missing puzzle piece" symbol and the message "Adobe Flash Player is blocked." Users will not be able to run Flash - at all - without going into Settings. Only after re-enabling Flash - Settings->Advanced->Site Settings->Flash->Ask First - will Chrome users be able to run Flash and display Flash content, and then only after their explicit okay. Google is thinking about adding what it called an "infobar" to the top of Chrome with the debut of version 76. If the user manually switches Flash back on through Settings, the infobar will appear, warning that the plug-in won't be supported at all after December 2020. IDG/Gregg Keizer Starting with Chrome 76, users will have to dive into Settings to run Flash after seeing this message on a site. Firefox soon to limit Flash options At this point, Firefox continues to run Flash Player on a per-site basis when a user authorizes the action. And Firefox will remember the site that was authorized if the user checks the box marked "Remember this decision" in the pop-up that appears when giving Flash permission. In early September, Mozilla will take the next step in purging the plug-in. With Firefox 69, scheduled for release Sept. 3, the browser is losing the "Always Activate" option for Flash, meaning that every request to run it must be user approved. From this point forward, the only settings will be "Ask to Activate," the default, and "Never Activate." (Most Firefox users probably didn't know that there was an "Always Activate" setting that let them skip the authorization hassle. It's in Preferences (macOS) and Options (Windows): Extensions & Themes-Plugins->Shockwave Flash->Always Activate.) Still to come for Firefox: Mozilla plans to strip all Flash support from the browser in early 2020. The exception will be Firefox's Extended Support Release (ESR), designed for enterprise settings, which will continue to run the plug-in through 2020. On a related note, Mozilla pointed out that barely half - 50.8% - of all copies of Firefox now have Flash installed. IDG/Gregg Keizer September's Firefox 69 will eliminate the "Always Activate" shortcut, forcing users to approve Flash every time on every site. No exceptions. Edge in turmoil What to say about Microsoft's Edge? Microsoft had a fire-Flash plan two years ago. But then the Redmond, Wash. developer went and decided to bag its version of Edge and instead go full-Chromium, replacing its foundational technology with the same that drives Chrome. While Microsoft didn't necessarily tie itself to Google's Flash timetable when it adopted Chromium, the company is likely to copy the browser big dog. There's no reason not to: "full-Chromium" Edge won't make a difference, one way or the other, to websites still running Flash, not with its very small share. By the time Microsoft has Chromium Edge ready, Chrome will have long put version 76, and its Flash-disabled-by-default behind it. Edge will do the same, whether it launches this year or next. As for Internet Explorer (IE) and the old Edge, in 2017 Microsoft promised that somewhere around mid-to-late 2019, those browsers would default to a disabled Flash state. Users were going to have to manually re-enable Flash in the browsers' settings panels to view content. The change has yet to appear in either browser. (It was unclear when Microsoft would throw the disabled-Flash switch; there was no hint, for example, in the Edge development roadmap.)_ Because Microsoft only upgrades old-Edge when it issues a Windows 10 feature upgrade, the next opportunity for this will be the fall refresh, 1909 in the operating system's yymm notation. Microsoft has hinted that it will retain old-Edge even after full-Chromium Edge ships, so it will have to manage multiple browsers - IE, too, for Windows 10 users and laggards still running Windows 7 - through their Flash end times. IDG/Gregg Keizer The 'old-Edge,' the one powered by Microsoft's own EdgeHTML engine, still lets users run Flash with minimal hassle. But the upcoming 'full-Chromium' Edge will probably mimic Chrome when it debuts. Safari and the no-Flash zone Apple and Flash never much cared for each other. iOS has always been a no-Flash operating system and macOS, formerly OS X, has omitted the Adobe plug-in since 2010, when Cupertino first told users to fetch Flash themselves. (Meanwhile, Chrome, and later, Edge, came with Flash baked in. Chrome dropped that approach in 2016 with version 53. Since then, Flash has been background downloaded the first time the Chrome user calls on it to render content.) "Apple is working with Adobe, industry partners, and developers to complete this transition," a July 2017 post to the WebKit blog asserted. Since then, nothing. Even if a user installs Flash on macOS, Safari still treats it as off by default. And Safari still requires user approval on each site (although the user can tell that site to run Flash every time going forward). In other words, Apple's made no change - and has announced none that it will make - in how Safari deals with Flash. IDG/Gregg Keizer Safari's handling of Flash hasn't changed in the two years since Adobe announced the plug-in's 2020 demise. This is still what users see when they click on content. Source: Where do browsers stand on Flash's impending demise? (Computerworld - Gregg Keizer)
  2. As the company transitions its Edge browser in Windows 10 to one that's Chromium based, it also plans to maintain support for IE11. For IT admins, the variety of browser iterations could get confusing. Microsoft Microsoft will continue to include Internet Explorer 11 (IE11) and the original Edge with Windows 10, according to a company program manager. In a video recorded for this week's Microsoft Build conference, Fred Pullen, a principal program manager on the Edge team, filled in some of the blanks about the "IE mode" to be inserted inside the under-construction Edge based on Chromium. (Chromium is the open-source project whose technologies already power Google Chrome and other browsers.) Details of how enterprises will manage "full-Chromium" Edge and its IE mode have been scant thus far. When Microsoft announced IE mode earlier this week, it said only that it would share "more details on deploying and managing Microsoft Edge later this year." How Edge and IE11 work together now Pullen spent the first quarter of his time walking viewers through the convoluted history of IE and how Microsoft supported backwards compatibility with older versions using various "modes" that emulated, for instance, IE6 within IE8 or IE9 and IE10 within IE11. He then explained how the current Edge worked with IE11 and its multiple modes to produce what he called a "two-browser experience." "Our guidance for years has been as you upgrade your web applications to modern standards, you can ((alleviate)) yourself of the dependency on Internet Explorer," said Pullen. "When we introduced Windows 10, our suggestion to customers was to standardize on Microsoft Edge using EdgeHTML as your modern browser and fall back to IE11 as needed just for backward compatibility." That "fall back to IE11" would be automated by IT. They would create an Enterprise Mode Site List of URLs to apps and sites that required some of those IE compatibility modes, or IE-associated technologies, such as ActiveX, which Edge didn't support. IT could also instruct every intranet site to open in IE11. When a worker tried to access a site on the list in Edge, IE11 opened instead, loading the whitelisted site; thus the two browser experience Pullen described. But there were problems with what Microsoft did, Pullen acknowledged. "This is a jarring experience. It's two different browsers," he said. "Even if you're using the Enterprise Mode Site Lists to automatically pop up the appropriate browser at the appropriate time, it's still two different browsers and it's a confusing user experience." More than one IE11 in Windows 10? According to Pullen, Windows 10 - and presumably Windows 7 and Windows 8.1 as well, since those older OSes are slated to get full-Chromium Edge, too - will still include the stand-alone IE11 browser when Edge and its IE mode reach the Stable channel. "What we're adding in Internet Explorer mode is just a couple of policies," Pulled said. "We have one policy in Microsoft Edge that decides what the default IE integration level is. So you can decide to keep the two-browser experience. You can decide to run IE11 as an application just as you can today with Microsoft Edge." Elsewhere in his presentation, Pullen seemed to preemptively knock down any talk that IE11 - as a separate application - would vanish. "I also want to reassure you that Internet Explorer is not going away," Pullen said near the end of his video. "Internet Explorer is considered a component of the Operating System and follows the life-cycle of the Operating System on which it's installed. So in Windows Server 2019 for example, Internet Explorer 11 is supported until 2029 (emphasis added)." His phrasing was almost word-for-word from Microsoft's documentation on IE's support lifecycle, which states: "Internet Explorer is a component of the Windows operating system and follows the Lifecycle Policy for the product on which it is installed." Even so, Pullen's pledge was far from ironclad. His "support," for example, could easily - and legitimately - hinge on the inside-Edge IE mode, not the stand-alone application. It's all about what he meant by that word. Pullen hinted that IE11 (the application) would remain as part of Windows for some time to come even, though Microsoft's long-term goal is to purge it from the OS. "We want to make sure that we start to restrict when and where and how Internet Explorer 11 is instantiated," he said. Computerworld has assumed that Microsoft would want to get rid of IE11 (the application) as soon as possible. Pullen made that stance difficult to defend. More than one Edge in Windows 10? Windows 10, at least, will also sport more than one Edge browser, Pullen contended. "We do have to add a policy deciding which version of Microsoft Edge you would prefer Internet Explorer to bounce back to," Pullen said, referring to the back-and-forth between the two browsers. "In other words, if I've chosen to launch Internet Explorer 11, and [I'm] using that switch to IE11 app mode, I need to know which version of Microsoft Edge to switch back to. "It could be that in your environment, you're happy with Microsoft Edge on EdgeHTML, and you want to be able to fully test Microsoft Edge on Chromium before deploying, that's fine," Pullen continued. Participants in Microsoft's Edge Insider program - the preview program for the full-Chromium Edge - may run multiple versions of the browser on a device, whether two or more of the previews or one or more preview and the original Edge. (The latter is what Pullen talked about when he mentioned "EdgeHTML," the name of that version's Microsoft-made rendering engine.) It was unclear whether multiple Edges would be available and supported once the full-Chromium version is finalized. Pullen implied that at some point users would no longer see two when he referred to returning to EdgeHTML-based Edge while still testing the full-Chromium Edge. A bit later in the video Pullen doubled down, again limiting Chromium Edge to a preview phase. "You need to decide, 'Is it okay if we choose the Beta version of Microsoft Edge on Chromium, or do I fall back to Microsoft Edge using EdgeHTML if the Beta version is not available?'" Pullen posed. But what's the end game? Two IE11s, two Edges. Is Microsoft really going to let its browsers multiply like rabbits? In the short term, yes. But the long game is to wean users off IE entirely. "We want to give you the tools that you need to be able to limit how and when and where your users get to Internet Explorer, and Internet Explorer Mode is an important step in that journey," Pullen said. "Obviously, as you upgrade your web applications to modern standards, you can continue to limit more and more and more where Internet Explorer is running," he added. The trouble with that message is it's one Microsoft has been transmitting since Windows 10's mid-2015 launch and the early 2016 reduction in browser support that triggered massive desertions from IE's user base. Pullen acknowledged as much. "There's still a need for Internet Explorer even though our guidance for years has been ... ((to alleviate)) yourself of the dependency on Internet Explorer," he said. Source: Coming to Windows 10: More browsers, not fewer (Computerworld - Gregg Keizer)
  3. Newer versions of Chrome, Safari, and Opera will no longer allow you to disable hyperlink auditing, which is a concern for those seeking maximum privacy. While some of these browsers previously allowed you to disable this feature, newer versions are going in the opposite direction. Hyperlink auditing is an HTML standard that can be used to track clicks on web site links. This is done by creating special links that ping back to a specified URL when they are clicked on. These pings are done in the form of a POST request to the specified web page, which can then examine the request headers to see what page the click came from. To create a hyperlink auditing URL, you can simply create a normal hyperlink HTML tag, but also include a ping="" variable as shown below. Example Ping POST Request Ping HTML Link This will render on the page as a normal link to google.com and if you hover over it, will only show you the destination URL. It does not show you the ping back URL of https://www.bleepingcomputer.com/pong.php, so users will not even realize this is happening unless they examine the sites source code. When a user clicks on the above link, the browser will first send a POST request back to the ping URL https://www.bleepingcomputer.com/pong.php as shown below. It will then open the www.google.com page. This means that every time a user clicks on a hyperlink audited link, the browser will make two requests instead of one. Scripts that receive the ping POST request, can then parse the headers in order to see what page the ping came from and where the hyperlink audited link was going to. The headers associated with the information sent in the ping request are shown below. [HTTP_PING_FROM] => https://www.bleepingcomputer.com/ping.html [HTTP_PING_TO] => https://www.google.com/ [CONTENT_TYPE] => text/ping As you can see, using Hyperlink Auditing developers can track link clicks from any web property that they have access to. Most browsers wont let you disable in the future With privacy and online tracking being such a large problem and major concern for many users, you would think that browser developers would give you the option to disable anything that could affect your privacy. Unfortunately, this seems to be going in the reverse direction when it comes to hyperlink auditing. According to developer Jeff Johnson, Safari enabled hyperlink auditing by default, but allowed you to disable it by using the following hidden preference. defaults write com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2HyperlinkAuditingEnabled -bool false Johnson has stated that this flag no longer works with Safari 12.1. "Unfortunately, this no longer works in Safari 12.1. I actually discovered the issue in Safari Technology Preview 72, and I filed a Radar on January 2, 2019 as rdar://problem/47000341," Johnson stated in a blog post. "Despite several months notice from me, Apple shipped Safari 12.1 last week to the public with no way to disable hyperlink auditing. I hope to raise awareness about this issue, with the ultimate goal of getting hyperlink auditing disabled by default in Safari. Apple claims that Safari is supposed to protect your privacy and prevent cross-site tracking, but hyperlink auditing is a wide open door to cross-site tracking that still exists. To end this article, I'll quote the full text of the Radar that I filed:" Chrome 73 Hyperlink Auditing Flag Google Chrome also enables this tracking feature by default, but in the current Chrome 73 version it includes a "Hyperlink auditing" flag that can be used to disable it from the chrome://flags URL. In the Chrome 74 Beta and Chrome 75 Canary builds, though, this flag has been removed and there is no way to disable hyperlink auditing. Firefox and Brave win the award Of all the browsers I tested, only Brave and Firefox currently disable it by default and do not appear to have any plans on enabling it in the future. Firefox 66, Firefox Beta 67, and Firefox Nightly 68 disable Hyperlink auditing by default and allow users to enable it using the browser.send_pings about:config setting. The privacy focused Brave Browser also disables it by default and does not allow you to enable it at all. It does have a display bug in the brave://flags that show that Hyperlink auditing is enabled, but this is a carryover from Chrome and is not displayed correctly. Going forward, if privacy is important to you and you want to reduce the risk of being tracked online, then you will need to use Firefox or Brave. Source
  4. For the second straight month, Mozilla's Firefox gained user share in January. That puts its share back where it was in mid-2018. Mozilla's Firefox wrapped up a two-month resurgence this week, clawing back some previously-lost user share to return to a level last seen in the middle of 2018. The open-source browser remains the only major browser committed to using a rendering engine that is not based on Google's Blink or its predecessor, WebKit. According to web analytics vendor Net Applications, Firefox's share rose by three-tenths of a percentage point in January, reaching 9.9%. The increase was the second consecutive month of user share growth and put Firefox back where it was last June. Firefox's gains were important, as the browser flirted with dangerous territory as recently as November, when it slumped to below 9%. The trend at the time looked nasty; if the declines had continued at the 12-month average pace, Firefox would have fallen below 7% by August 2019. The increases of the last two months have altered that forecast. The 12-month average, if continued, would still erode Firefox's user share, but at a much slower tempo: the browser should remain above 9% throughout this year, falling under that bar only in January 2020. If Mozilla maintains the Firefox user share recovery, its efforts to revitalize the browser - starting with the November 2017 debut of Firefox Quantum - will be validated. What's unclear is whether that work will simply let Firefox survive or if it can trigger a return to a time when the browser was in solid second place (then behind IE) with a quarter of the world's share. The browser maker does have a message that may resonate in 2019: On Windows, it will soon be the only major browser running on non-Google technologies. In December, Microsoft announced that it would abandon its home-grown rendering and JavaScript engines for those built by Chromium, the open-source project led by Google. Mozilla has already used that to argue people should download and try Firefox, and certainly will do so again. Net Applications calculates user share by detecting the agent strings of the browsers people run to reach the websites of Net Applications' clients. The firm tallies the visitor sessions rather than count users, as it once did. In other words, Net Applications' data best illustrates user activity. IE sinks, Edge doesn't Microsoft's browsers - Internet Explorer (IE) and Edge - also gained ground in January, adding approximately two-tenths of a percentage point to put their combined shares at 12.6%. The increase wasn't unprecedented, as the browsers posted in-the-black numbers four out of the 12 months in 2019. One month does not a trend make, however. The increase was solely due to Edge, which rose by half a percentage point to 4.6%, a number that meant about 11% of all Windows 10 users ran the browser in January. The latter figure has been an important metric, as it has showed the enthusiasm (or lack thereof) for the Windows 10-only browser. Plainly put, there has been little to none, although it also has occasionally climbed rather than fallen. Microsoft's decision to go "full-Chromium" with Edge - to effectively give up the fight against Chrome's dominance and join it by crafting a doppelgänger - was a bet that the browser could survive, even grow, under that strategy. The question is whether there will be much of an Edge left by the time Microsoft switches technologies. As a result, January's uptick had to be welcome by Microsoft. On the other hand, IE dropped nearly four-tenths of a percentage point last month, sliding to 7.9%, a record low for the browser that once lorded it over the world - at least the worldwide web - with as much impunity as any of history's monarchs. IE was used on about 9% of all Windows PCs in January, also an all-time low. Microsoft may well applaud the downward spiral of IE, as the browser has been maintained solely for legacy purposes in enterprises. There are, in fact, good arguments to be made that Microsoft will drop IE as soon as it has built "full-Chromium" Edge. Chrome grabs more share...yawn Net Applications pegged Chrome's user share at 67.3% for January, a one-tenth of a percentage point boost. It was the ninth increase in the previous 12 months. Google's browser remained on a steep trend line, with its 12-month average indicating it would crack 68% in March and 70% in July. Each time Chrome takes a pause that could be interpreted as a high-water mark, within a month or two it jumps up again to maintain momentum. Elsewhere, Apple's Safari added three-tenths of a percentage point to its user share, ending January with an even 4%, the browser's highest mark since April 2018. Its portion of all Macs also grew, climbing to 37.8% - or more than two-and-a-half points above December - even though the operating system share of macOS remained above 10.6% for the second straight month. Source: Top web browsers 2019: Firefox scores second straight month of share growth (Computerworld - Gregg Keizer)
  5. A new web security paper via ArXiv has revealed details about a little known TLS tracking technique that companies can use to track users across the web. TLS Tracking Across the Web Most users know that they can be tracked via cookies, which is why some delete them or use their browsers’ own “private modes,” which don’t store session cookies. However, over the past few years, due to browsers continuing to implement advanced new features, new tracking capabilities have appeared, such as browser fingerprinting and now TLS tracking too. When a TLS connection is made between the user’s computer and the visited website’s server, some encryption-related information is exchanged, which can be reused the next time the same visitor comes to the site. Because this information is unique to that user, the service provider or a third-party tracker can recognize and then track the user across the web. The Hamburg University researchers also revealed that the default lifetime for TLS session resumption in most browsers is up to eight days. What this means in practice is that two-thirds of the internet users can be tracked permanently through these TLS sessions. The danger is associated mostly with third-party trackers, such as Google, that interact with users via many host names. The researchers noted that Google’s tracking service is present on 80 percent of the sites on Alexa's top one million sites list. The researchers also warned that in the case of 0-RTT (zero-round trip) resumptions when using TLS 1.3, forward secrecy can not be supported, thus also reducing the communications security. Countermeasures Against TLS Tracking The best way to fight against this form of TLS tracking is to pressure browsers to disable it completely (especially for third-party tracking services) or at least allow users to disable it manually. The Tor browser is one of the browsers that disables TLS tracking by default. Based on the empirical evidence the researchers have gathered, they recommended that the TLS session resumption lifetime should be at most 10 minutes, not seven days as it’s currently recommended for the latest version of TLS (1.3). Workaround for Firefox Credits to: audiospecaccts The reason you must add security.ssl.disable_session_identifiers see here https://bugzilla.mozilla.org/show_bug.cgi?id=967977#c17 Source
  6. Windscribe VPN 1.81 Build 42 / 41 Stable Internet As It Should Be Windscribe is a desktop application and browser extension that work together to block ads and trackers, restore access to blocked content and help you safeguard your privacy online. Learn More. https://assets.windscribe.com/video/windscribe_explainer_480p.mp4 What's New: https://blog.windscribe.com/windscribe-1-81-beta-changelog-b9c557906d60 We’ve been working on this version for quite a while, existing installations should prompt you to update the app over the next 48 hrs. Here is what’s new. Changelog: New features IKEv2 protocol support (manual and automatic mode) Emergency Connect / Secure Login Fixed bugs Wifi-sharing not working after wakeup Forcibly close all TCP sockets after tunnel up Don’t forcibly disconnect if currently connected node is missing from the server list Language detection defaults to English instead of Arabic Reinstall/enable WAN miniport adapters if missing/disabled Adjusted DPI to work with multiple scale factors Other Changes Added “Disconnecting” state Eliminated redundant API calls Reduced the server ping frequency Updated OpenVPN binaries to latest version Don't auto-enable the firewall (in Automatic mode) on computer start up if auto-connect is false Simplified installer flow + additional “custom install” options Async DNS resolver Adjusted node selection algorithm to favor lower latency nodes Forcibly expand certain locations when the country name is clicked Detect if LAN range is RFC-1918 complaint To-do list for next version: CLI interface Favorite locations Dedicated IP support IKEv2 connectivity test SOCKS5 server UDP associate support Fix startup error on multi-user computers Mystery feature 1 Mystery feature 2 Downloads: Windscribe for Your Computer: Windscribe for Your Browser: Windscribe for Your Phone: Windscribe for Your TV: Windscribe for Your Router: Config Generators:
  7. Mozilla engineers have borrowed yet another feature from the Tor Browser and starting with version 58 Firefox will block attempts to fingerprint users using the HTML5 canvas element. Canvas blocking is an important addition to Firefox's user privacy protection measures, as canvas fingerprinting has been used for a long time by the advertising industry to track users. Canvas fingerprinting has become widespread in recent years The method has become widespread in recent years after the EU has forced websites to show cookie popups. Because canvas fingerprinting doesn't need to store anything in the user's browser, there are very few legal complications that come with it and this user tracking/fingerprinting solution has become a favorite among ad networks. Canvas fingerprinting works by loading a canvas HTML tag inside a hidden iframe and making the user's browser draw a series of elements and texts. The resulting image is converted into a file hash. Because each computer and browser draws these elements differently, ad networks can reliably track the user's browser as he accesses various sites on the Internet. Canvas fingerprinting is described in better detail in this 2012 research paper. Feature borrowed from the Tor Browser The Tor Browser has fixed this problem by blocking any website from accessing canvas data by default. The Tor Browser displays the following popup every time a site wants to access the canvas element. Tor Browser's canvas fingerprinting blocking system Based on an entry in the Mozilla bug tracker, engineers plan to prompt users with a site permission popup when a website wants to extract data from a < canvas > HTML element. This is similar to the permission shown when websites wish to access a user's webcam or microphone. Firefox 58 is scheduled for release on January 16, 2018. The second feature Firefox takes from the Tor Browser Canvas fingerprinting blocking is the second feature Mozilla engineers have borrowed from the Tor Project. Previously, Mozilla has added a mechanism to Firefox 52 that prevents websites from fingerprinting users via system fonts. Mozilla's efforts to harden Firefox are part of the Tor Uplift project, an initiative to import more privacy-focused feature from the Tor Browser into Firefox. The Tor Browser is based on Firefox ESR, and usually features flowed from Firefox to Tor, and not the other way around. In August 2016, Mozilla also blocked a list of URLs known to host fingerprinting scripts. Previous efforts to improve Firefox user privacy also included removing the Battery Status API. Source
  8. The warning users will see when loading an SHA-1 website Microsoft has completed the deprecation of SHA-1 certificates with the May 2017 security updates, so websites that are using it are now blocked in Microsoft Edge and Internet Explorer. Split into three different phases, the SHA-1 deprecation is a security measure that all major browser developers have agreed with, including Microsoft, Google, and Mozilla, with Redmond now applying the changes to its new Windows 10 browser as well. Users trying to load a website that uses an SHA-1 certificate will see a warning telling them “there’s a problem with this website’s security certificate” and “this might mean that someone’s trying to fool you or steal any info you send to the server.” Microsoft recommends users to “close this site immediately,” but provides them with two options, one of which is to continue to the webpage. Also blocked in Firefox and Chrome “We intend to do more to warn consumers about the risk of downloading software that is signed using an SHA-1 certificate. Our goal is to develop a common, OS-level experience that all applications can use to warn users about weak cryptography like SHA-1. Long-term, Microsoft intends to distrust SHA-1 throughout Windows in all contexts. Microsoft is closely monitoring the latest research on the feasibility of SHA-1 attacks and will use this to determine complete deprecation timelines,” Microsoft explains. The SHA-1 deprecation is taking place on all Windows versions that are still supported in May 2017, so while Edge is only available in Windows 10, Internet Explorer is introducing this change on Windows 7, 8.1, and 10. Microsoft explains that enterprise and self-signed SHA-1 certificates are not affected by this security update, though the company recommends everyone to switch to SHA-2 as soon as possible. Seeing Microsoft finally banning SHA-1 is not such a big surprise, as this hashing function has been around since 1995, with a growing number of attacks recorded in the last decade. Companies and organizations alike have blocked the use of SHA-1 certifications, including US federal agencies which are no longer allowed to use it since 2010. Source
  9. Microsoft Edge in Windows 10 Creators Update Windows 10 Redstone 3 is scheduled to launch in September, and just like the Creators Update, it’s expected to introduce a bunch of new major features on PCs (the future of mobile is still uncertain right now, and there are rumors that focus on smartphones could drop completely until the fall). One of these features appears to be aimed at Microsoft Edge, as according to a new report, the software giant wants to start delivering updates for the browser through the Windows Store. Why is this so important? First and foremost, Microsoft Edge is currently updated only when new OS releases are getting the go-ahead. This means twice every year, as per Microsoft’s Windows 10 update schedule, as the operating system is now receiving major updates in March and September. More frequent updates Already used in the past, when Edge received extension support in the Anniversary Update and tab improvements, more Flash controls, and a bunch of other features in the Creators Update, this strategy is keeping Microsoft’s new browser behind rivals, which are getting updates at a much faster pace, in most of the cases monthly or even more frequently. With Windows 10 Redstone 3, all of these could finally change, as Microsoft wants to deliver updates for Edge through the Windows Store, so users won’t have to wait until a new OS version goes live to get these improvements. This is possible because Edge itself is developed as a universal app, so shipping updates can be done through the Store more often if needed. Most likely, Microsoft will adopt a strategy similar to other apps like Office and Groove Music, with improvements first shipped to insiders and then to users in the production ring when testing is complete. More information could be provided by Microsoft at the Build developer conference this month, but there’s no doubt this is the better strategy, especially because Edge is still trailing behind its rivals in terms of features. Third-party data puts Google Chrome on the first spot with nearly 60 percent market share on the desktop, while Edge is far behind with just 5 percent. Source
  10. With its Fathom JavaScript framework, Mozilla wants to extract meaning out of web pages and produce a more intelligent browser. Positioned as a "mini language" for writing semantic extractors, Fathom already is in production with Firefox's Activity Stream web traffic tracker, picking out page descriptions, images, and other items, said Mozilla's Erik Rose. Still in an early stage of development, Fathom "enables Firefox to understand the structure and content of a web page," he said. The framework could be implemented in browsers, browser extensions, and server-side software. Rose presented scenarios in which Firefox could understand pages the same as a person. For example, the browser could recognize and follow a log-in link, provide hotkeys to dismiss popovers, hide superfluous navigation or header sections on small screens, and determine what to print without needing print stylesheets. These scenarios, he said, assume the browser can identify meaningful parts on a page. Echoing the much-touted semantic web, Rose cited previous attempts in this vein, such as semantic tags, Resource Description Framework, and microformats. Fathom, meanwhile, is a data-flow language like Prolog. It extracts meaning from web pages, identifying parts like address forms, Previous/Next buttons, and the main textual content. DOM nodes are scored and extracted based on user-specified conditions, and a system of types and annotations expresses dependencies between scoring steps and controls state. Existing sets of scoring rules can be extended without having to directly edit them, so third-party refinements can be mixed in. Fathom's rule sets are data that look like JavaScript function calls, but the calls are making annotations in a version of a syntax tree. "Today, that gets us automatic tuning of score constants," Rose said. "Tomorrow, it could get us automatic generation of rules themselves." Source
  11. Initial Opera Developer 46 Release It’s unusual to have a new developer version on Friday, thus we also have an unusual non-default screenshot to start with – all in dark. Important things first This initial build of Opera 46 comes with important fixes for the out of memory bug when using VPN and one nasty crash that might appear during startup. It’s important for us to verify them – our lab tests suggest there should be no further problems, but to be completely sure we need your help. Weekend comes, so browse a lot. Further UI changes In addition there are multiple UI-related fixes. The most visible ones are addressing the misbehaving tooltips both in normal and private mode. Changes specific to Mac, such as removing little visual glitches and minor fixes for ad blocker, have been made. Under the hood This version comes with an updated Chromium (59.0.3047.4) and enabled expensive background tabs throttling (opera://flags/#background-tab-throttling-max-delay-30s). You can try it out yourself: background timer throttling demo. If you encounter any problems related to background tabs and their behavior let us know. Detailed list of changes in the changelog. Installation links: Opera developer for Windows (Using Opera developer for Windows installer means Opera for Computers EULA is accepted) Opera developer for Windows (Portable version) Opera developer for macOS Opera developer for Linux – deb packages Opera developer for Linux – RPM packages Source Direct Download - Offline(Standalone) installer[Win/Linux/Mac]: https://get.geo.opera.com/pub/opera-developer/46.0.2556.0/
  12. Opera 45 With Reborn Goes Beta Today, project “Reborn”, Opera’s redesign process reaches the beta stage. It’s full of user interface improvements, but it also brings you quite a few new features. Read on and enjoy one of the longest list of changes in the Opera’s beta channel history! What is Reborn? It’s more than just a UI refresh. Reborn is a codename for the project that is gradually redesigning the entirety of Opera’s user experience. Bringing along a fresh look, it has a set of new, handy features, new icons, colors, wallpapers, and a touch of animation. Reborn is inspired by Opera Neon and shares its vision of making Opera’s UI truly modern, simplified, refined, and playful. Brand new look and feel Opera’s entire layout has been updated with a new, high-quality graphical design that is more consistent across platforms. The tabs are simplified, lighter, and more elegant, making it easier to locate open tabs. The new sidebar is more subtle and refined with a touch of animation. The Speed Dial has also been renovated with smooth animations. Browser sidebar Opera’s sidebar has been moved from the Speed Dial to the main browser window, similar to how it is in Opera Neon. It provides one-click access to important tools such as bookmarks, history, personal news, and extensions. You can customize the tools that appear in the sidebar according to what you find useful. The new sidebar will be visible by default for new users installing Opera beta for the first time. Current users of beta will find the option to turn it on by flipping the pin/unpin switch at the bottom left of the Speed Dial. Chat with your friends while browsing Chatting with your friends while browsing the web doesn’t always work seamlessly. Switching between tabs when responding to a message is cumbersome and inefficient. Reborn allows you to keep your favorite messenger as a side tab for an easy reach. Three popular communicators are now available directly in the sidebar: Facebook Messenger, WhatsApp, and Telegram. To use any of them, simply click their icon. After you log in to the site, there are two ways of using this feature: you can open it in overlay or pin it side-by-side with your current tab. Pinning a communicator allows you to combine online chatting with a full browsing experience. If you use more than one messenger, you can easily switch between them by using our shortcut key for quicker access (⌘ + ⇧ + m on macOS, CTRL + SHIFT + m on Windows and Linux). The three-dotted menu button allows you to log out from your sidebar communicator without needing to visit the communicator’s website. From the menu, you can also mute your communicator’s notifications. Give your browser a new coat of colors Opera is now available in two color themes: light and dark. You can also select one of the cool backgrounds that perfectly complement Opera’s new look and feel. For this beta release, we have prepared some completely new ones. Let us know which one you like the most. Both the background wallpaper and the browser’s color theme can be managed in the “customize start page” panel and in browser settings. Fresh and refined icons Opera’s “rebirth” also means a complete icon overhaul. New icons are even more refined and elegant, and some even change colors when active. We have carefully optimized the icons for various DPIs in order to make them look perfect. Animations Animations make the Reborn interface more alive and playful. The most visible one can be found when opening private mode. Windows 7 look and feel One of Reborn’s goals is to bring a more consistent look across all platforms. This doesn’t mean Reborn will disregard the browsing experience users have been familiar with on different platforms, such as Windows 7. Despite all the changes, Reborn has retained Windows 7’s well-known platform feeling with transparent borders and a system button to close, maximize, and minimize a window. Narrow sidebar for macOS The sidebar in the Mac version can be now as narrow as on Windows. To adjust it, go to Settings -> Browser -> Sidebar -> “Enable Narrow Sidebar,” or use the sidebar context menu. New bookmark pop-up Opera now brings you a new pop-up when adding bookmarks which includes the “Finished” button. This option gives a clearer way of adding bookmarks for users who missed the confirmation that a new website was already added to the bookmark folder. Ad blocker improvements Opera automatically reloads a page when toggling ad blocking on or off for that page. It’s especially useful if you want to quickly flip the switch and it gives you much more control and comfort while browsing with ad blocker. Also, we have added some important changes to the block list management. Now, you have control over which block lists are loaded. Easylist and EasyPrivacy are turned on by default. Other lists, including regional and custom lists, can now be managed through the “Manage Lists…” dialog. Let us know if there are any other lists that you would find beneficial. Also, Opera now offers support for more advanced CSS selectors, which helps you block more ads. Spring cleanup for languages As part of a spring cleanup we have removed support for the least-used languages in the browser user interface. While we would like to support as many languages as possible, this decision frees up our time for other important tasks. The discontinued languages are Azerbaijani, Macedonian, New Norwegian, Uzbek, Afrikaans, Croatian, Kazakh, Zulu, Frisian, Punjabi, Gaelic, Irish, Myanmar, Sinhala, and Urdu. After this, Opera supports 48 different languages. Performance and security changes H.264 video works in Windows 8.x again and it now has the same hardware support as Windows 7 and Windows 10, both given in the last developer release. Opera adds in-form warnings for sensitive fields when the top-level page is not HTTPS. Whenever you start filling in your password or credit card number on a page, which is not HTTPS, the warning will appear. If you’ve made it this far, go on and check out the changelog with all the backports listed. Installation links: Opera beta for Windows (Using Opera beta for Windows installer means Opera for Computers EULA is accepted) Opera beta for Windows (Portable version) Opera beta for macOS Opera beta for Linux – deb packages Opera beta for Linux – RPM packages Source
  13. The new version lets users quickly log out from messengers Opera 45 developer has just received another significant update, as the company advances with the Reborn overhaul, while at the same time working on some other improvements as well. The most recent version of Opera 45 comes with a menu button that makes it possible to log out from messengers in the sidebar without having to go to the official page. This means that if you want to log out from Facebook Messenger, you don’t have to do it from Facebook, as you only need to click this button and then hit the log out option. Additionally, there’s a new bookmark pop-up that integrates a button called “Finished,” which according to Opera is supposed to make it a little bit clearer when adding new websites to favorites. The ad blocker is also getting some improvements with this update, with this Opera version introducing an option that allows users to choose which block lists are loaded. “Opera automatically reloads a page when toggling ad blocking on or off for that page. It’s especially useful if you want to quickly flip the switch and it gives you much more control and comfort while browsing with ad blocker,” the developing team explains. Big update for Windows 7 planned There are also some other smaller improvements, such as support for more advanced CSS selectors, but also some known issues, as new configurations are not applied immediately, but only after a browser reboot. In terms of performance, Opera managed to repair H.264 video in Windows 8, while for security, there are now new warnings displayed when in-page forms do not use HTTPS when asking for credentials. As far as Windows 7 users are concerned, Opera says that a big update is on its way, though no specifics are available at the moment. Keep in mind that this version is still part of the development stage and some bugs could still be there, so if you don’t feel like diagnosing bugs and submitting feedback, you'd better stick with the stable version. Ad blocker improvements are also part of this new version Source
  14. Rust Programming Language Takes More Central Role in Firefox Development Starting with the release of Firefox 54, the Rust programming language will take a bigger role in the Firefox browser, as more and more components will work on top of this new technology developed in the past years by the Mozilla Research team. For people unfamiliar with Rust, this is a new programming language developed by a Mozilla employee, which the Foundation officially started to sponsor beginning with 2009. In simple terms, Rust is a safer version of programming languages like C and C++, the languages at the base of Firefox and most of today's desktop software. Applications written in Rust have fewer memory-related errors and are safer to use thanks to the way the language was designed. Mozilla shipped first Rust component in Firefox 48 After seven years of working on Rust, Mozilla shipped the first Rust component with Firefox in August 2016, when the language was used to rewrite the browser's multimedia stack, the module that deals with rendering audio and video files. At the time, Mozilla reported they had zero issues during tests. Since then, Mozilla engineers have been slowly replacing more and more Firefox core components with Rust-based alternatives. According to an entry in the Mozilla bug tracker, there's so much Rust code in the Firefox core that starting with Firefox 54, Mozilla developers will need to have the Rust compiler installed on their devices in order to compile a binary version of Firefox. Mozilla might lose some Firefox users According to Firefox developer Ted Mielczarek and others, this will lead to some problems, and the bigger one is that Mozilla employees won't be able to compile binaries for platforms with smaller userbases, such as IBM's PPC64el and S390X, deployed at various companies around the world. The reason is that there's no Rust compiler for those platforms, which means that Firefox devs will fail when trying to compile a binary. The only way to fix this is if a compiler will be developed for those platforms. Most Firefox users won't be affected by this change, but Mozilla hopes they'll see a boost in performance in the future. In the upcoming year, Mozilla plans to replace most of Firefox's core engine, called Gecko, with Rust components. This operation will be done through small changes across different versions. Developer Jen Simmons perfectly described this very complex process in a blog post called "Replacing the Jet Engine While Still Flying." Source
  15. Chrome 55 Now Blocks Flash, Uses HTML5 by Default Chrome 55, released earlier this week, now blocks all Adobe Flash content by default, according to a plan set in motion by Google engineers earlier this year. Back in May, Google's staff announced that starting with Q4 2016, Chrome would use HTML5 by default, while Flash would be turned off. While some of the initial implementation details of the "HTML5 By Default" plan changed since May, Flash has been phased out in favor of HTML5 as the primary technology for playing multimedia content in Chrome. Users have to allow Flash to run on non-HTML5 websites Google's plan is to turn off Flash and use HTML5 for all sites. Where HTML5 isn't supported, Chrome will prompt users and ask them if they want to run Flash to view multimedia content. The user's option would be remembered for subsequent visits, but there's also an option in the browser's settings section, under Settings > Content Settings > Flash > Manage Exceptions, where users can add the websites they want to allow Flash to run by default. Back in May, to avoid over-prompting users, Google said it would whitelist some of the Internet's biggest web portals where HTML5 isn't yet supported, or where not all content could be played back via HTML5 just yet. The list included YouTube, Flash, VK, and others. This top 10 list has been dropped, in favor of a better system called Site Engagement (chrome://site-engagement) that gives scores to websites based on the number of visits and time spent on each site. The Site Engagement indicator takes a value from 1 to 100, and once it drops under 30, users will be prompted to enable Flash, regardless of the site's popularity and Alexa ranking. Flash, who's been accused of being a resource hog and a security threat, will continue to ship with Chrome for the time being. If you don't like Google's decision to go with HTML5 by default, there's an option in the chrome://flags section where you can revert to using Flash. Google has been preparing for a life without Flash for many years now. YouTube has dropped Flash support a long time ago, while starting with January 2, 2017, Google will stop accepting Flash ads in its AdWords program. Both Chrome and Firefox now block non-essential Flash content, such as analytics and user fingerprinting scripts. Google has been doing this since Chrome 53, and Mozilla since Firefox 48. Source
  16. BadKernel Vulnerability Affects One in 16 Android Smartphones Security flaw affects Chromium browsers & WebView component The issue at play here has been discovered and fixed in the summer of 2015 and affected the Google V8 JavaScript engine, between versions 3.20 and 4.2. Despite this bug being public for more than a year, only in August 2016 have Chinese security researchers discovered that the V8 issue also affected a whole range of Android-related products where the older V8 engine versions had been deployed. BadKernel flaw is trivial to exploit, just like Stagefright Researchers from Chinese cyber-security firm Qihoo 360 discovered that they could leverage the 2015 V8 bug to execute malicious code on Android devices via the vulnerable apps where the V8 engine had been embedded. This bug, nicknamed BadKernel, allowed them to steal data from the device, take over the user's camera, intercept SMS messages, and anything else they wanted. Since this was an RCE (Remote Code Execution) flaw, the attackers had full control over any affected smartphone. Because the BadKernel flaw can be exploited just by loading the content of a malicious web page, attackers face no difficulty in weaponizing and deploying BadKernel exploits. BadKernel affects countless of other apps Google ships the V8 engine with the Chromium mobile browser framework, used for the creation of mobile browsers such as Chrome and Opera. The V8 engine also ships with the WebView Android component, which mobile developers use inside their apps to view Web content inside the application, without opening a dedicated browser. Currently, many popular apps such as WeChat, Facebook, Twitter, or Gmail, use the WebView component. Vulnerable WebView versions are also the default on Android 4.4.4 up to version 5.1. Additionally, some SDKs, such as the Tencent X5.SDK, also deployed a custom V8 engine, based on the V8 versions vulnerable to BadKernel. This means that apps created with this SDK are also vulnerable to BadKernel attacks. This list is mainly comprised of Chinese mobile apps such as QQ, QQ Space, Jingdong, 58 City, Sohu, and Sina News. Many outdated apps still use vulnerable WebView components While the V8 engine is currently at version 5.1, the vulnerable versions are still embedded in many applications, some of which have remained out-of-date, while others have not been updated by their users. At the time of writing, the BadKernel flaw has received very little attention, despite being known since August 2016. "BadKernel is still relatively unknown in the US and Europe because it was discovered by the Qihoo 360 research group who published their original findings in Chinese, which was not easily accessible by the rest of the world," Clark Dong of Trustlook Mobile Security told Softpedia via email. All major smartphone vendors affected by BadKernel flaw Dong's company has compiled a list of smartphone models, Android and browsers versions that are currently vulnerable to this flaw. The list includes all the big industry names from Alcatel to HTC, and from Lenovo to Sony, just to name a few. Trustlook, who operates a mobile antivirus solution for Android devices, has leveraged telemetry data from its customers to gather some statistics on the number of potentially affected users. The company says that 41.48 percent of all Samsung smartphone models may be affected by the BadKernel flaw. Additionally, 38.89 percent of Huawei smartphone models may also affected, followed by 26.67 percent of all Motorola models, and 21.93% percent of all LG devices. The most affected country seems to be Peru, with one in every five devices vulnerable to BadKernel. Peru is followed by France (14.7 percent), Nigeria (12.4 percent), Bangladesh (10.2 percent), and Thailand (9.4 percent). Three in four LG built-in browsers affected by BadKernel The same telemetry data has also revealed that the most affected browsers are LG's built-in browser (75.1 percent of all installations are vulnerable), followed by Samsung's built-in browser (41 percent of all installations), and standalone mobile Google Chrome browsers (11 percent of all installations). Users that want to check to see if their device model is affected can consult this list on Trustlook's website, or they can install a dedicated BadKernel security scanner from the Play Store (how-to video here). To avoid exposing themselves to BadKernel attacks, users should always keep their apps up-to-date, and they should not delay installing Android OS system updates. Source
  17. Now 30 is beta. http://dl.google.com/chrome/win/30.0.1599.14_chrome_installer.exe
  • Create New...