Tech News Weekly: Issue 44
Back from lovely Scotland, software updates are a go, and lots of browser news
News
Operating Systems
Microsoft announced this week that it is going to disable TLS 1.0 and TLS 1.1 soon in Windows. These older versions, used for setting up encrypted channels of communication, have long been surpassed by TLS 1.2 and TLS 1.3, which applications will use before they might fall back to the older protocol versions.
Starting in September 2023, TLS 1.0 and 1.1 will be disabled by default in Windows 11 Insider builds and thereafter in operating system updates.
Support can be reenabled in the Windows Registry, Microsoft notes.
If there are no alternatives available and TLS 1.0 or TLS 1.1 is needed, the protocol versions can be re-enabled with a system registry setting. To override a system default and set a (D)TLS or SSL protocol version to the Enabled state, create a DWORD registry value named "Enabled" with an entry value of "1" under the corresponding version-specific subkey. Examples of TLS 1.0 subkeys are as follows:
HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client
HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server
Mobile
OpenAI has released the official ChatGPT application for Google Android devices. The app requires an account and data is synced automatically between the devices a user uses to interact with ChatGPT.
Browser
Firefox 116 Stable, as well as Firefox 115.1.0 ESR, were released this week. The update fixes 14 different security issues, improves the browser’s picture-in-picture mode by adding a volume control slider to it, and improves the Ctrl-Shift-T shortcut, which now supports restoring browser windows as well.
Firefox 117 is getting the long-awaited translate feature baked in. While it does not support as many language as cloud-based products, such as Google Translate or Microsoft Translate, it does not communicate with the cloud and may even be run while offline. Great for privacy.
Opera’s GX browser got a rather morbid feature this week; users may configure it to fake the entire browsing history after 14 days of inactivity, including their death. The browser deletes the entire browsing history and replaces it with searches and visits that paint the user in a respectable light.
Brave Browser, Firefox and Vivaldi won’t implement Google’s Web Environment Integrity API, if the company goes forth with its plans. The companies see the API as an attack against the open web and another attempt by Google to increase its control over the Internet.
Privacy and Security
The password management service Bitwarden operates data centers in the United States and Europe. Users may select a data center during sign-up by creating the account on the EU or US site of the service:
EU server: https://vault.bitwarden.eu/
US server: https://vault.bitwarden.com/
Existing users may follow my guide on migrating Bitwarden vaults.
Google has published its 0-day report for the year 2022. The number of reported 0-days across platforms and browsers has dropped from the 2021 all-time high, but is still higher than the average.
Main takeaways from the 2022 report are:
Patching on Android is still severely lacking, effectively turning 0-day vulnerabilities into vulnerabilities that can be exploited for longer periods.
0-day attacks against browsers were down in 2022, caused by a shift towards 0-click exploit attacks and better browser security.
Variants of existing vulnerabilities made up more than 40% of the detected 0-days. Google’s explanation for this is that the patches that companies release are sometimes to narrow in scope.
Canon is warning its customers that resetting its printers does not necessarily wipe the Wi-Fi settings on the devices. Customers are asked to manually erase the sensitive information before handing the devices over to someone else.
The company writes in an advisory published on Monday:
Sensitive information on the Wi-Fi connection settings stored in the memories of inkjet printers (home and office/large format) may not be deleted by the usual initialization process.
Canon explains that the following steps need to be taken before “repairing, lending or disposing the printer”:
Reset all settings (Reset settings ‐> Reset all)
Enable the wireless LAN
Reset all settings one more time
For models that do not have the Reset all settings function, take the following steps:
Reset LAN settings
Enable the wireless LAN
Reset LAN settings one more time
Software Releases and Updates
After Valve’s Steam Deck and ASUS’ Rog Ally comes Lenovo’s Legion Go gaming handheld. Lenovo has yet to announce the device officially, but it is good to see that competition is heating up in the niche.
Gaming and Entertainment
No-Bullshit Games offers huge collections of Android and iOS games that the creators consider non-annoying. Usually, this means games without advertisement, limiting features designed solely to get users to pay and other unwanted and user-unfriendly features.
Games can be sorted in a number of ways, for example by genre, rating or type (paid or free). All games link to the official stores of the platform.
A proposal in the United States and Canada suggests to use facial recognition to gain consent of parents when children under the age of 13 play videogames.
Hardware
Other
The long-awaited Thunderbird Sync feature, to sync some data between Thunderbird email client installations, has been postponed. It won’t be released this year and the team aims for a release in 2024 now. Main reason is that the team still needs an engineer for the project and that it wants to make certain that Sync is reliable and secure before final release.
LearnLingo is a new freemium service that uses AI for learning languages. In this particular case, it uses AI to practice conversations.
Software Updates
DoNotSpy11 version 1.1.0.2 recovers more than 10 tweaks that were missing. The app is a tweaker to improve privacy and remove unwanted features on Windows.
FastCopy 5.6.2 is a smaller release that fixes an installation problem and improves the Simplified Chinese translation. The program offers an alternative to Windows’ native file copy functionality.
Oculess, a program to remove account requirements and telemetry from Oculus Quest devices, has been updated to version 1.5. It improves background audio and the developer has published a tutorial on restoring the Meta account.
Paint.NET 5.0.8 is a bug fix release for the most part. There are two improvements to the Colors window and some plugin updates as well.
PowerToys 0.72, Microsoft’s open source tools collection for Windows, has had its size on disk reduced significantly from over 3 gigabytes to less than 600 megabytes.
WinRAR 6.23 is a smaller release of the popular archive app. It is a bug fix release for the most part, but it does change the handling of temporary files as well, as these get deleted immediately now instead of on the next run of the application. The update addresses two security issues as well.
Article(s)
Installing Windows 10/11 without some of its bloat? It is easier than you think
Bloat refers to components of the operating system that users do not use, require or find otherwise lacking. The installation of Windows is sometimes associated with bloat. Here, users may distinguish between apps and features that are installed natively by Microsoft, and apps and features that a manufacturer may add to the operating system.
The former installs such delightful apps such as 3D Builder and Viewer, Cortana or Paint 3D, the latter often a truckload of manufacturer-specific apps and often also apps that the manufacturer gets paid for.
Most Windows users address the bloat issue after the installation and out-of-box experience. Programs such as DoNotSpy11 or ShutUp10++ or AppBuster take care of many unwanted features semi-automatically.
For some time now, there has also been an option to alter what gets installed during the installation of Windows 10 or 11. The good thing about this is that you don’t need a third-party app for that, as it is a built-in feature (or bug?).
Basically, all you have to do is change the following selection during setup:
Set the region to either English (World) or English (Europe) when prompted to select a region.
Windows somehow can’t get its functions around the fact that either of these regions have been selected. The resulting chaos may make the OS throw a few errors during the out of box experience, but nothing major.
The effect is that certain bloatware, think Candy Crush Saga and other third-party apps, do not get installed by the operating system, likely, because it can’t determine the region correctly.
There are a few downsides to this method. First, that you may need to modify the region and language after installation in the Settings.
Second, that you still get a lot of native Windows apps installed, as these will be installed regardless of the selected region.
Still, it may be worth a try to skip the installation of some of the bloat on the operating system.
You can check out the full guide on the CTRL blog and many other sites that reported on this.
One-Time Permissions is a great new Chrome feature that is super useful
Google is rolling out a new feature in Chrome 116 that adds a new option to the website permission prompt in the browser. Browser users see these prompts when websites try to use a feature that is locked by the browser by default.
These features, such as using an API to find out about a user’s location, or use the microphone or camera, are blocked by default. Users need to give sites permission to access the feature. They may change permissions for individual sites or globally, for example, to always block requests to use the microphone.
Right now, users have two options whenever they see a permission prompt: allow or deny. Both are permanent and while users may revoke these, most may have trouble finding the option to do so.
Google plans to change the permission prompt by adding temporary responses to it. Under the new prompt, Chrome users get four options to react to permission prompts requesting permission to access the camera, microphone or location:
Allow this time to give temporary permission to use the feature. The permission is valid for the active interaction with the website or service, and will be revoked immediately afterwards.
Allow on every visit to give permanent permission until revoked manually by the user.
Don’t allow to block access permanently and avoid future prompts; again, until revoked.
Using the x-button of the prompt to block the request temporarily.
The new temporary permission options are quite useful. Previously, users had to allow the request, even if they wanted it to be a one-time use. It was necessary to open the site’s permissions to reset the given permission after access to the site. Most users probably kept the allow state and did not do so.
Now, with the temporary permission options, users may allow a site to make use of a feature once only. Chrome resets the permission automatically after the session.
Here is how Chrome’s temporary permission logic works in detail. The temporary permission is revoked when one of the following happens:
The user closes the page, navigates to another page and if the page is discarded.
When the Chrome web browser is closed.
When the permission is revoked manually by the user.
When 16 hours have passed since granting the temporary permission.
When the page has been in the background for at least 5 minutes, unless a capability is allowed to run in the background (e.g. camera and microphone during video calls).
Google Chrome is not the only browser that supports the functionality. Firefox, for example, makes location, camera and microphone permissions temporary by default. The browser displays a “remember this decision” checkbox to make the decision permanent.
Safari allows geolocation access temporarily only as well, and users may check a box to increase the period to 24 hours.
Google expects that users give fewer permanent permissions to sites and apps once the change lands in the stable version of Chrome.
Links
How to be German in 20 easy steps – part 1
Meta apparently switches to consent for behavioral ads after five years of litigation
Who and What is Behind the Malware Proxy Service SocksEscort?