Tech News Weekly: Issue 48
AI-powered on-page search, lots of privacy and security news, obeying user browser selections on Windows, and a Bonjour from Strasbourg
News
Operating Systems
Users from the European Economic Area (EEA) will soon have their links opened in their selected browser and not in Microsoft Edge on Windows, even if they activate links in search and other areas that Microsoft used to hardcode the use of Edge into.
Did Microsoft change how the Windows operating system handles a Symantec root certificate that has not been trusted for years? It appears Microsoft did. According to an Ars Technica report, Microsoft changed the status of the root certificate from “NotBefore” to “Disabled”, and restored the old status days later as “customers with specific configurations” started to run into issues.
Microsoft is pushing out a new Settings homepage on Windows devices. It replaces the default startpage, System, of the Settings app. While that is a good idea, the implementation looks more like another way to promote its cloud services to Windows users. Remains to be seen if this new Settings startpage is going to become a useful addition after all.
Downfall is the name of a new security issue that is affecting many Intel processors. Microsoft released guidance on the security issue, which you may access here directly.
Mobile
Google Messages will soon get an SOS Emergency feature that looks as if it is going to use Garmin Response. The feature requires specific chips, which will likely be included in upcoming Pixel devices. The feature enables Android users to request help, even when there is no mobile or WiFi reception.
Browser
Vivaldi 6.2 comes with improved performance, especially when opening windows, and a new unique feature that enables users to select the sources the browser users to return data when something is typed into the address field. It is possible to disable search, remove auto-complete, remove the typed history, and mix and match to create a custom experience.
Mozilla is working on integrating an extension import feature into the Firefox browser that supports the importing of extensions from other browsers. The feature is limited to extension pairs currently, which refers to extensions from the same developer, that are available for Chrome and Firefox. Limited to Chrome currently and less than 100 extensions, the feature will see improvements in the coming weeks and months.
Mozilla released Firefox 117 this week. The new version of the browser includes the long-awaited native translate feature, which supports offline translations for about a dozen languages.
The feature is not enabled by default in Firefox 117, but will roll out to Firefox users over the course of the coming weeks and months. Here is how you can enable it right now:
Load about:config in the browser's address bar.
Search for browser.translations.enable.
Set the status of the experimental flag to True.
Restart the Firefox web browser.
Microsoft is removing several tools from Microsoft Edge’s “More Tools” menu to make the browser simpler to use. The tools in question are Math Solver, Picture Dictionary, Citations, Grammar Tools and Kids Mode. At least some of these are available elsewhere.
Privacy and Security
Google released two Chrome point updates this week, which both address security issues in the browser. You can check out information about the first and second update by following the links, or just make sure the browser is updated to the latest version. Chrome 117 will be released next week.
Gmail is getting sensitive actions security improvements. Google has added additional protections to actions regarding email filters, forwarding and IMAP access. If the system determines that there may be malicious intent at play, it may ask for verification and informs the account owner about by sending out critical security alerts.
Google is pushing out notifications on Android that informs users about the new Ads Privacy feature, which, unlike its name suggests, is still about tracking user habits and selling targeted ads.
Granted, the new system does not track users individually, but it still looks at interests based on browsing and app usage habits, and lets sites and advertisers know about them.
One of the main issues here is that the system is giving Google even more control over the advertising market, as it controls Chrome, which is the major browser, and much of the advertising market.
Notepad++ has several open security issues, which have not been fixed up to this date. The first issue was reported to the project at the end of April 2023. The issue requires that users open a specially crafted file.
Software Releases and Updates
Meta is retiring Messenger Lite for Android, more than two years after the iOS version was put to rest. Users are asked to use the Messenger app or Facebook / Facebook Lite on Android for their messaging tasks.
qBittorrent 4.5.5 Stable is a smaller release with a number of bug fixes, such as improved performance when scrolling file lists of large torrents.
SpeedCommander is celebrating its 30th birthday and the developer of the application has released several older versions of the application, and some other apps, as freeware.
Thunderbird 115.2.0 and 102.15.0 address security issues in the open source email client. The latest version, 115.2.0, includes a large number of fixes next to that.
Gaming and Entertainment
Can you block YouTube ads on AppleTV? Yes, you can, but it is complicated.
Valve’s Steam Deck is now also available as a certified refurbished version for $319, $419 and $519 for the 64GB, 256GB and 512GB version respectively. The “new” prices are $399, $529 and $649.
Hardware
Other
Unlimited storage plans are always problematic, even if the promise comes from major Internet players, such as Google, Microsoft, Amazon or Dropbox. Dropbox announced recently that its is limiting storage for its Advanced plan for businesses because of, you guessed it, abuse, as the company puts it.
Article(s)
Cromite promises to replace Bromite as a Chromium-based browser that focuses on privacy and content blocking
Cromite is a Bromite fork which is a Chromium fork. Bromite promised ad-blocking and privacy enhancements in Chromium, the open source part of Google Chrome and other browsers, including Microsoft Edge, Brave, Opera and Vivaldi.
The last Bromite release dates back to December 2022, which is a long time in the browser world. Chromium is updated frequently and most browsers based o Chromium are updated at least once per month.
Cromite’s aim is to limit tracking features in Chromium, connections with third-parties in the browser, and continue the legacy of Bromite while doing so.
Many features have been taken over from Bromite. The GitHub project page lists all of them, here is a short selection:
Customizable ad-block filters and auto-updating filters.
Always-on Incognito Mode.
Click tracking and AMP removed from search results.
Integration of security enhancement patches from GraphenOS project.
Disable the reporting of certificate errors.
Next to these, Chromite introduces its own set of features. It supports the use of Enterprise-policies to disable features such as translate, sign-in, Google search side panel or contextual searches, disables various APIs, and more.
Apart from these privacy-specific features, Chromite derived non-privacy features from Bromite and introduced several features of its own as well-
Chromite, for example, supports auto-updating functionality and may also import and export bookmarks, which makes the switching and managing of the browser easier.
It supports all included codecs, including AV1 and plenty of features besides that.
Chromite’s startpage is barebones. There is just a link to the Chrome Web Store there on the otherwise white page. There is no request to sign-in or import items from other browsers either.
Opening sites is as quick as in other Chromium-based browsers. Support for content filters ensures that most advertising and some annoyances are filtered out automatically, which speeds up the loading of sites and saves battery.
There is a lot less Google in Chromite, which privacy-conscious users may find reassuring.
Still, some defaults, including using Google as the default search engine in Chromite, may be questioned. It is possible to switch to other search engines, several of which are included by default.
Most of the available controls are identical to those in other Chromium-based browsers, but users may notice that some are removed. A right-click on an item displays a much leaner menu, which some will love and others will find too barebones, as an option that they have been using previously is missing.
One question that may come to mind is whether it is better to use Chromite or another Chromium-based browser, one that claims to improve privacy as well.
Brave, for instance, promises privacy protections, but the browser has also been criticized since its introduction for its integration of crypto-currency features. There is also Vivaldi, which is held back a bit by the relatively small team size.
Cromite, on the other hand, is a relatively new browser. It remains to be seen if the browser will be maintained for years to come. There is also the question of trust, which any new project faces. While Chromite is open source, most of its users may not be able or want to analyse the code to make sure that it is delivering what it promises.
For now, I would suggest to keep an eye on Cromite and see how the project evolves in the coming weeks and months. It certainly has the potential to attract Bromite users, as these are most familiar with the project already.
Microsoft Edge is getting a new AI-powered Search feature, which you may want to keep disabled
Search functionality is essential to any web browser. Usually, search is divided into on-page and web searches. On-page searches refer to finding words, phrases or strings on the active webpage or webpages in the browser. Most browsers support single-page searches only, but there are browser extensions that enable searches across multiple pages at once.
Web searches, on the other hand, rely on a search engine and the results that it provides. These searches may be run by opening the search engine’s website, typing in the browser’s address bar, or by selecting characters on webpages to run searches.
Microsoft introduced a new Smart Find feature in development versions of the Microsoft Edge browser recently. Its aim is to improve on-page searches with the use of artificial intelligence.
Microsoft describes the feature in the following way here:
Searching for a word or phrase on a webpage has become easier with AI. Even if you misspell a word in your search query, related matches and words are suggested, making it effortless to find what you're looking for. When you search, select the suggested link to quickly locate the desired word or phrase.
It sounds a lot like fuzzy search, which is a technique to find strings that match the search term approximately. Running a search for “worb” may return all instances of “word” on the page.
This sounds useful on first glance, especially if words or phrases are spelled differently. A simple example is a webpage from the UK and a searcher from the US. A search for “flavor” might return instances of the British “flavour”, but it also works for misspellings, use of hyphens and in some other situations.
The main problem here is that Smart Find seems to require cloud connectivity. Microsoft’s Help page is not online yet, but the policy, RelatedMatchesCloudServiceEnabled, suggests that the cloud is involved.
This is confirmed by the policy description:
If you enable or don't configure this policy, users can receive related matches in Find on Page on all sites. The results are processed in a cloud service.
If you disable this policy, users can receive related matches in Find on Page on limited sites. The results are processed on the user's device.
If enabled, Microsoft Edge will communicate with cloud servers whenever users use the on-page feature and have Smart Find enabled in the browser. It is a privacy issue. One has to wait for Microsoft publishing Smart Find’s privacy policy to know which data Microsoft gets access to and collects, when the feature is used.
Administrators may configure the policy to disable Smart Find. Microsoft does not provide an explanation for the “limited sites” claim that it makes in the policy’s description.
What are these sites, is there a list that users may access and manage, and how are these determined? Why is it possible to enable this limited functionality without cloud connectivity and would it be possible to extend it to all sites open in Edge?
Lots of questions are unanswered at this point. Will the feature be turned on by default? My recommendation is to keep this turned off, if there is a switch in Edge or by using the policy, or to turn it off, it Edge launches with the feature enabled.
Links
This Is What Happens When People Start Actually Reading Privacy Policies