News
Operating Systems
Microsoft plans to disable the ability of printer manufacturers to submit and deliver printer drivers via Windows Update. The change won’t affect the option to still create and distribute printer drivers through the manufacturer’s website and other means.
Most do, or will, support a new standard for printer drivers that makes Windows detect printers automatically. Custom features would then need to be distributed via apps in the Windows Store.
Classic troubleshooting tools of Windows will be retired in the coming years in favor of the Get Help app. Not all troubleshooters will be available in Get Help. Another issue that some users may have with the change is that the Get Help app is displaying advertisement.
Mobile
Microsoft ended support for the first-generation Surface Duo after just three years. Three-years is no longer the standard for many other manufacturers who produce Android devices. The Surface Duo 2 is also only getting three years of support and will run out of support next year.
Browser
Google Chrome’s Safe Browsing feature has been switched from using regularly updated local definition files to real-time checks. To be precise, the default setting has, as the Enhanced Protection option is already making real-time checks.
One difference between the two is that the real-time checks of the default Safe Browsing setting uses Fastly Oblivious HTTP Relays, which reduces the information that Google gets while checks are made.
Vivaldi has disabled Google Topics in the Chromium-based browser and won’t enable it. Topics is used to track users by locally analyzing the browsing history and assigning the user to interest groups.
Privacy and Security
A critical security issue has been detected in the Google Chrome web browser; this particular vulnerability is exploited in the wild, according to Google. Chrome users should update the browser immediately to protect it against attacks.
Notepad++ users may want to update the client to the latest version, as the update addresses 4 security issues in previous versions of the plain text editor.
Software Releases and Updates
Thunderbird 102 users need to pay attention to updates, as upgrades to version 115 are now enabled via the email client’s automatic updating system.
Microsoft Paint is getting a background removal tool. The feature is in testing in Insider builds of Windows 11 currently.
QuaranTab is an interesting add-on for Firefox that allows a site or service to be used offline (meaning, without communication with the host). The developer explains that this can be useful to run online tools that may have sensitive data as input without having to worry about data leaking to the host.
Gaming and Entertainment
Valve Software’s Steam Platform celebrated its 20th birthday this week. What started out as a distribution platform for the company’s own Half-Life 2 game turned into the de-facto main game distribution platform on PC. Valve may also unveil a new hardware device soon. Whether that is the long-awaited Steam Deck 2 or something different is unclear at this point.
Piped Material is a fork of Piped, a third-party YouTube client (without ads and tracking). The open source project’s aim is to improve “performance, design and efficiency” of Piped.
Hardware
Apple has unveiled a range of new hardware, including new iPhone 15, iPhone 15 Pro, iPhone 15 Pro Max smartphones and Apple Watch Series 9 and Watch Ultra 2 smartwatches.
Other
KC Softwares, known for the software updater SUMO and more than a dozen of other apps, is terminating its business in October 2023.
EBay’s Magical Listing Tool sounds as if it could be quite the interesting tool for sellers on the platform. It improves the process of listing items on eBay by using AI to “analyze, research, and extrapolate information from a small amount of data provided by the seller” according to the post on eBay’s Tech blog. In the best case, sellers take a photo of an item and let the AI on eBay do all the rest, including identifying the item and suggesting a price.
OpenAI confirmed once again that AI writing detectors do not work.
Article(s)
Google turns Chrome into an ad-platform that tracks users on behalf of advertisers
More and more parts of Google’s Privacy Sandbox project are integrated into the company’s Chrome web browser and also in Chromium. The company plans to make the full switch in the second half of 2024, but different components and also controls are already baked into Chrome at this point.
Called Privacy Sandbox, it is the first time that a browser maker has integrated an advertising platform directly into a browser that tracks users.
On today’s web, most of the tracking happens on sites that users visit. You visit a site, it and other sites loaded on it may play cookies and site data in browser storage. Some may also use advanced tracking that relies on fingerprinting and other concepts.
When you visit another site, one that is loading content from the same sites, say advertisers A and B, information about the previous visits is linked to that visit. Profiles are created over time to collect information about a user’s interests.
With cookies, users of the browser are in control. All browsers support disabling third-party cookies, which has very few side-effects, and also deleting cookies and site data at any time or automatically.
With Google’s Privacy Sandbox, tracking is moved from the sites visited in the browser to the browser itself. Chrome analyzes visits, locally according to Google, to assign the user to groups.
Visit lots of football sites and watch other sports clips on sites like YouTube? Chance is good that you are moved to the Sports group. When you visit a site, your browser informs the site about your interests. Even if you have never visited the site before.
Your web browser spies on you and leaks the information to sites that use the advertising system. Called Topics API, it is but one component of the Privacy Sandbox.
From Google’s point of view, Privacy Sandbox is improving privacy for users. It will disable third-party cookies in Chrome, which eliminates much of the traditional tracking that is going on. It will also move tracking from the user-level to the group level, which should make it more difficult to identify and track individual users.
What Google does not mention is that Chromium is more or less the only browser that is allowing third-party cookies to be placed unhindered in the browser. Mozilla’s Firefox web browser and Apple’s Safari browser block third-party cookies or include protections, which are enabled by default, that block tracking cookies.
Google does shy away from addressing the main points of criticism or discussing these publicly:
Tracking is now baked into Chrome and also Chromium, which means that the browser is doing the heavy lifting.
Google is in control of Chromium and Chrome, and it is also the largest advertising company in the world. What could possibly go wrong?
To Google’s credit, it has at least integrated controls into the Chrome web browser, which enable users to manage these tracking features. Most Chrome users are probably unaware of these, even though Google is displaying popups to users about them.
In true Google fashion, it is using a number of popups, some of which are informative in nature only. Some users may turn off certain components directly in the popup, others may need to visit the Settings to do so.
On a test system, Google displayed two Ad Privacy prompts in Chrome. The first included an option to turn off Ad Topics, one of the components. The second, informed about Site-suggested ads and ad measurement, but did not include an option to turn them off. A link to the Settings was provided though.
Load chrome://settings/adPrivacy in the Chrome web browser to get the list of options. You may turn off all three of the available options; here is what they do:
Ad topic — This is the feature that analyzes the browsing history locally to assign you to interests groups.
Site-suggested ads — This feature gives sites you visit the option to suggests ads that you may be interested in.
Ad measurement — This component gives sites and advertisers options to measure the performance of advertising. It includes “limited” data sharing.
Turning these off disables the core of the new advertising system. It won’t lead to fewer advertisement, but it will eliminate the new browser tracking-based advertisement.
Loading chrome://settings/cookies in the browser displays the cookie settings. There you may switch from “allow third-party cookies” to “block third-party cookies” by default. It eliminates most of the tracking right away.
While Chrome is comfortable to use, users may want to consider switching to a browser that values privacy more. There are Vivaldi and Brave, which are both based on Chromium, or Firefox, which is based on a different architecture.
These browsers won’t support Google’s Privacy Sandbox, including the Topics API.
Google is putting all of its chips into the Privacy Sandbox basket. Tracking is beneficial to advertisers, including Google, as it is said to increase advertising revenue. It makes sense to a degree, considering that users may be inclined to buy things they are interested in more often than things that they are not interested in.
While there are negative sides to this, for instance that ads show items to the user weeks after interest in them has been lost, e.g., after a purchase has been made, the general consensus is that this improves revenue.
The new form of tracking, baked into Google Chrome, which holds a dominating lead on desktop and also Android, ensures that tracking can go on, even after third-party cookies are no longer used for that. Google is late to the party in regards to third-party cookies, and the only reason for that is that it needs to have its new system working before disabling the old.
A world without tracking would still have advertisement. Traditional TV ads work this way. They don’t know anything about individual users, only that the user is watching a particular show or movie. TV companies may gather more information about their viewership by using polls or other means.
Adverts are largely based on what is shown at the time and also information about the largest demographic. Sport shows may focus on cars or beer, while children’s shows on toys.
Similarly, advertising on the Web could do the same. A site about the latest computers and laptops may show ads about these items, a site about gardening ads about gardening equipment or books about gardening.
Revisiting Spectre, the password app that does not save passwords
There are quite a few good password managers available, from KeePass or one of its clones to Bitwarden. While the password managers differ in features, they all share a common architecture and philosophy: use encryption to protect user passwords against attacks.
How the database is protected differs somewhat, but all password managers support using a main password, used to encrypt and decrypt the entire cache of passwords and data. Some, especially those that store passwords in the cloud, support two-factor authentication, and more and more also passwordless sign-ins.
Spectre is a different kind of password manager. It can best be described as a password manager that does not store passwords. While it would be complicated to dive deep into the architecture, the main idea is to generate and use passwords base on a secret, which is comparable to the main password of traditional password managers, a username, and site information.
Spectre creates the password on the fly when the user enters the data. It does not store it, but each time the user enters the same data, the same password is returned.
You can try it right now on the Spectre website. Everything stands and falls with the main password, but this is true for other password managers as well, provided that no additional security protections, such as two-factor authentication, is supported and has been set up by the user.
What is interesting about Spectre is that it will return site passwords each time a user enters the name, secret and site domain. If it is the wrong combination, a password that does not work to authenticate the account is returned. This is another difference to traditional password managers, as these return errors when the wrong main password is entered.
One of the main problems associated with Spectre is that it has not really seen any form of development since 2021. While it is without doubt an interesting idea and concept, lack of development should be a red flag.
Links
Password-stealing Linux malware served for 3 years and no one noticed
Sucking carbon dioxide out of the sky is moving from science fiction to reality