DuckDuckGo keeps adding new features to its browser; and while these features are common in other browsers, DuckDuckGo is giving them a privacy-minded twist. The latest is a private, end-to-end encrypted syncing service. There's no account needed, no sign-in, and the company says it never sees what you're syncing. From a report: Using QR codes and shortcodes, and a lengthy backup code you store somewhere safe, DuckDuckGo's browser can keep your bookmarks, passwords, "favorites" (i.e., new tab page shortcuts), and settings for its email protection service synced between devices and browsers. DuckDuckGo points to Google's privacy policy for using its signed-in sync service on Chrome, which uses "aggregated and anonymized synchronized browsing data to improve other Google products and services." DuckDuckGo states that the encryption key for browser sync is stored only locally on your devices and that it lacks any access to your passwords or other data.

The Chromium team is prototyping Web Monetization to allow websites to automatically receive micro payments from visitors for their content, bypassing traditional ad or subscription models. The Register reports: Earlier this month, Alexander Surkov, a software engineer at open source consultancy Igalia, announced the Chromium team's intent to prototype Web Monetization, an incubating community specification that would let websites automatically receive payments from online visitors, as opposed to advertisers, via a web browser and a designated payment service.

"Web monetization is a web technology that enables website owners to receive micro payments from users as they interact with their content," Surkov wrote in an explanatory document published last summer. "It provides a way for content creators and website owners to be compensated for their work without relying solely on ads or subscriptions. Notably, Web Monetization (WM) offers two unique features -- small payments and no user interaction -- that address several important scenarios currently unmet on the web."

"Open Payments API is an open HTTP-based standard created to facilitate micro transactions on the web," wrote Surkov. "It is implemented by a wallet and enables the transfer of funds between two wallets. It leverages fine-grained access grants, based on GNAP (Grant Negotiation and Authorization Protocol), which gives wallet owners precise control over the permissions granted to applications connected to their wallet." The basic idea is web users will get a digital wallet, provided by Gatehub and Fynbos presently, and web publishers will add a link tag to their site's block formatted like so: . Thereafter, site visitors who have linked their digital wallet to their browser will pay out funds to the requesting publisher, subject to the browser's permissions policy.

Less than a week after naming Laura Chambers as interim CEO, Firefox's maker Mozilla said it is cutting about 60 jobs, or 5% of its workforce. The cuts are primarily in the product development organization. Bloomberg reports: "We're scaling back investment in some product areas in order to focus on areas that we feel have the greatest chance of success," Mozilla said in a statement. "We intend to re-prioritize resources against products like Firefox Mobile, where there's a significant opportunity to grow and establish a better model for the industry."

Mozilla last cut a significant number of jobs four years ago at the height of the Covid-19 pandemic. The not-for-profit company, which competes with Alphabet Inc.'s Google Chrome, Apple Inc.'s Safari and Microsoft Corp.'s Edge, has been grappling with sliding market share of its Firefox web browser in recent years. So far in 2024, the tech sector has cut 32,000 jobs.

Remember "Servo," Mozilla's "next-generation browser engine," focused on performance and robustness?

"The developers of Servo are starting 2024 by going all in..." reports It's FOSS News, citing a social media post from FOSDEM. "[T]he Servo Project team were there showing off the work done so far." If you were not familiar, Servo is an experimental browser engine that leverages the power of Rust to provide a memory-safe and modular experience that is highly adaptable. After Mozilla created Servo back in 2012 as a research project, it saw its share of ups and downs over the years, with it making a comeback in 2023; thanks to a fresh approach by the developers on how Servo should move forward.

Even though there are plenty of open source Chrome alternatives, with this, there's a chance that we will get some really cool options based on Servo that just might give Blink and Gecko a run for the money! Just a few months back, in September 2023, after The Servo Project officially joined Linux Foundation Europe, the existing contributors from Igalia stepped up their game by taking over the project maintenance. To complement that, at Open Source Summit Europe last year, Manuel Rego from Igalia shared some really useful insights when he presented.

He showcased stuff like the WebGL support, cross-platform support including mobile support for Android and Linux, among other things. They have experimented with Servo for embedded applications use-cases (like running it on Raspberry Pi), and have plans to make advances on it. As far as I can see, it looks like, Servo is faster for Raspberry Pi compared to Chromium. You can explore more such demos on Servo's demo webpage.
2024's roadmap includes "Initial Android support, that will see Servo being made to build on modern Android versions," according to the article, "with the developers publishing nightly APKs on the official website some time in the future."

One fun fact? "Even though Mozilla dropped the experimental project, Firefox still utilizes some servo components in the browser"

Another FOSDOM update from social media: "Thunderbird is also embracing Rust."

Apple is making changes to iOS in Europe to comply with the EU's Digital Markets Act cracking down on Big Tech gatekeepers. The act demands interoperability, fairness and privacy measures including allowing competing browser engines on iOS. Despite better browser choice, Google and Mozilla are unhappy with Apple's proposed changes. Mozilla says restricting browser engine integration to EU apps burdens rivals to build separate implementations. Mozilla's comment: "We are still reviewing the technical details but are extremely disappointed with Apple's proposed plan to restrict the newly-announced BrowserEngineKit to EU-specific apps. The effect of this would be to force an independent browser like Firefox to build and maintain two separate browser implementations -- a burden Apple themselves will not have to bear. Apple's proposals fail to give consumers viable choices by making it as painful as possible for others to provide competitive alternatives to Safari. This is another example of Apple creating barriers to prevent true browser competition on iOS." Google's VP of engineering for Chrome, Parisa Tabriz, commented on DeMonte's statement, saying, "Strong agree with Mozilla. Apple isn't serious about supporting web browser or engine choice on iOS. Their strategy is overly restrictive, and won't meaningfully lead to real choice for browser developers."

Mozilla claims in a new 74-page research report that Microsoft "repeatedly uses harmful design" and "dark patterns" to push users toward Microsoft Edge and away from rival browsers like Mozilla's Firefox or Google's Chrome browser. PCMag: "Microsoft uses the harmful preselection, visual interference, trick wording, and disguised ads patterns to skew user choice," the report argues, adding that "Microsoft's harmful design practices mean users are unable to download, install, use, or set as default an alternative browser without interference." The researchers claim this harms consumers because they can experience "distortion of choice," lose trust in the broader tech industry, and even possibly experience "emotional distress" as a result of Microsoft's efforts.

For the study, user experiences were tested on Windows 10 Home and Windows 11 Pro as well as the Windows 11 Home Insider Preview Version. The UK-based testers did not attempt to use a VPN to change or hide their IP addresses during their investigation. While Microsoft recently said it will allow users in the European Union to uninstall Edge as part of its efforts to comply with the Digital Markets Act (DMA), it's unclear whether US, UK, or other users around the globe could ever get the same option. Some Windows 11 users can remove five other apps that come preinstalled, however.

Tom Warren, writing for The Verge: Last week, I turned on my PC, installed a Windows update, and rebooted to find Microsoft Edge automatically open with the Chrome tabs I was working on before the update. I don't use Microsoft Edge regularly, and I have Google Chrome set as my default browser. Bleary-eyed at 9AM, it took me a moment to realize that Microsoft Edge had simply taken over where I'd left off in Chrome. I never imported my data into Microsoft Edge, nor did I confirm whether I wanted to import my tabs. But here was Edge automatically opening after a Windows update with all the Chrome tabs I'd been working on. I didn't even realize I was using Edge at first, and I was confused why all my tabs were suddenly logged out.

After the shock wore off, I looked to make sure I hadn't accidentally allowed this behavior. I found a setting in Microsoft Edge that imports data from Google Chrome on each launch. "Always have access to your recent browsing data each time you browse on Microsoft Edge," reads Microsoft's description of the feature in Edge. This setting was disabled, and I had never been asked to turn it on. So I went to install the same Windows update on a laptop, which actually resulted in it failing and my having to do a system restore. Once the system restore was complete, the same thing happened. Edge opened automatically with all of my Chrome tabs. I haven't been able to replicate the behavior on other PCs, but a number of X users replied to my post about this saying they have experienced the same thing in the past.

David Pierce reports via The Verge: A few minutes ago, I opened the new Arc Search app and typed, "What happened in the Chiefs game?" That game, the AFC Championship, had just wrapped up. Normally, I'd Google it, click on a few links, and read about the game that way. But in Arc Search, I typed the query and tapped the "Browse for me" button instead. Arc Search, the new iOS app from The Browser Company, which has been working on a browser called Arc for the last few years, went to work. It scoured the web -- reading six pages, it told me, from Twitter to The Guardian to USA Today -- and returned a bunch of information a few seconds later. I got the headline: Chiefs win. I got the final score, the key play, a "notable event" that also just said the Chiefs won, a note about Travis Kelce and Taylor Swift, a bunch of related links, and some more bullet points about the game.

Basically, instead of returning a bunch of search queries about the Chiefs game, Arc Search built me a webpage about it. And somewhere in there is The Browser Company's big idea about the future of web browsers -- that a browser, a search engine, an AI chatbot, and a website aren't different things. They're all just parts of an internet information finder, and they might as well exist inside the same app. [...] But from a pure product perspective, this feels closer to the way AI search should work than anything I've tried. Products like Copilot and Perplexity AI are cool, but they're fundamentally just chatbots with web access. Arc Search imagines something else entirely: AI that explores websites by building you a new one every time you ask.

Apple's new rules in the European Union mean browsers like Firefox can finally use their own engines on iOS. Although this may seem like a welcome change, Mozilla spokesperson Damiano DeMonte tells The Verge it's "extremely disappointed" with the way things turned out. From a report: "We are still reviewing the technical details but are extremely disappointed with Apple's proposed plan to restrict the newly-announced BrowserEngineKit to EU-specific apps," DeMonte says. "The effect of this would be to force an independent browser like Firefox to build and maintain two separate browser implementations -- a burden Apple themselves will not have to bear." In iOS 17.4, Apple will no longer force browsers in the EU to use WebKit, the underlying engine that powers Safari. The change opens the door for other popular engines, such as Blink, which is used by Google Chrome and Microsoft Edge, as well as Gecko, the engine used by Firefox. It also means third-party browsers could become fully functional on iOS without any of the limitations that come along with WebKit.

prisoninmate shares a 9to5linux report: Flathub is currently one of the most popular app stores for Linux serving 1.6 billion downloads of over 2,400 apps in the Flatpak format, of which more than 850 apps have been verified by their original authors. And now, Flathub proudly announced today that it surpassed 1 million active users of Flatpak apps. The team believes that the recent growth in users comes from several factors, including the availability of some very popular apps (e.g. Firefox, Thunderbird, VLC, Spotify, OBS Studio, Google Chrome, Telegram), support for new and verified apps, the inclusion of Flathub as the default app source for the Steam Deck's desktop mode, as well as the growing adoption among many popular GNU/Linux distributions like Fedora Linux, Linux Mint, KDE neon, and others.

Nvidia is launching RTX Video HDR in its 551.23 Game Ready driver update, enabling RTX GPU owners to use AI to convert SDR videos to HDR in Microsoft Edge and Chrome. While subtle, it can add color detail to non-HDR YouTube videos when viewed on an HDR monitor. Like Nvidia's prior RTX Video Super Resolution for upscaling and sharpening web videos, the effect is minor but noticeable when toggling on and off.

Google is adding new AI features to Chrome, including tools to organize browser tabs, customize themes, and assist users with writing online content such as reviews and forum posts.

The writing helper is similar to an AI-powered feature already offered in Google's experimental search experience, SGE, which helps users draft emails in various tones and lengths. With the built-in Chrome writing tool, Google said users could potentially compose business reviews, RSVP messages, rental inquiries, and posts for online forums. TechCrunch adds: The still-experimental feature will be accessible in next month's Chrome release by right-clicking on a text box or field on the web and then choosing "help me write." To get started, you'll first write a few words and then Google's AI will jump in to help.

In a blog post today, Google announced that WebGPU is "now enabled by default in Chrome 121 on devices running Android 12 and greater powered by Qualcomm and ARM GPUs," with support for more Android devices rolling out gradually. Previously, the API was only available on Windows PCs that support Direct3D 12, macOS, and ChromeOS devices that support Vulkan.

Google says WebGPU "offers significant benefits such as greatly reduced JavaScript workload for the same graphics and more than three times improvements in machine learning model inferences." With lower-level access to a device's GPU, developers are able to enable richer and more complex visual content in web applications. This will be especially apparent with games, as you can see in this demo.

Next up: WebGPU for Chrome on Linux.

An anonymous reader quotes a report from Ars Technica: Google is updating the warning on Chrome's Incognito mode to make it clear that Google and websites run by other companies can still collect your data in the web browser's semi-private mode. The change is being made as Google prepares to settle a class-action lawsuit that accuses the firm of privacy violations related to Chrome's Incognito mode. The expanded warning was recently added to Chrome Canary, a nightly build for developers. The warning appears to directly address one of the lawsuit's complaints, that the Incognito mode's warning doesn't make it clear that Google collects data from users of the private mode.

Many tech-savvy people already know that while private modes in web browsers prevent some data from being stored on your device, they don't prevent tracking by websites or Internet service providers. But many other people may not understand exactly what Incognito mode does, so the more specific warning could help educate users. The new warning seen in Chrome Canary when you open an incognito window says: "You've gone Incognito. Others who use this device won't see your activity, so you can browse more privately. This won't change how data is collected by websites you visit and the services they use, including Google." The wording could be interpreted to refer to Google websites and third-party websites, including third-party websites that rely on Google ad services. The new warning was not yet in the developer, beta, and stable branches of Chrome as of today. It also wasn't in Chromium. The change to Canary was previously reported by MSPowerUser.

Incognito mode in the stable version of Chrome still says: "You've gone Incognito. Now you can browse privately, and other people who use this device won't see your activity." Among other changes, the Canary warning replaces "browse privately" with "browse more privately." The stable and Canary warnings both say that your browsing activity might still be visible to "websites you visit," "your employer or school," or "your Internet service provider." But only the Canary warning currently includes the caveat that Incognito mode "won't change how data is collected by websites you visit and the services they use, including Google." The old and new warnings both say that Incognito mode prevents Chrome from saving your browsing history, cookies and site data, and information entered in forms, but that "downloads, bookmarks and reading list items will be saved." Both warnings link to this page, which provides more detail on Incognito mode.

Google has formally discontinued its efforts to bring the full Chrome browser experience to its Fuchsia operating system. 9to5Google reports: In 2021, we reported that the Chromium team had begun an effort to get the full Chrome/Chromium browser running on Google's in-house Fuchsia operating system. Months later, in early 2022, we were even able to record a video of the progress, demonstrating that Chromium (the open-source-only variant of Chrome) could work relatively well on a Fuchsia-powered device. This was far from the first time that the Chromium project had been involved with Fuchsia. Google's full lineup of Nest Hub smart displays is currently powered by Fuchsia under the hood, and those displays have limited web browsing capabilities through an embedded version of the browser.

In contrast to that minimal experience, Google was seemingly working to bring the full might of Chrome to Fuchsia. To observers, this was yet another signal that Google intended for Fuchsia to grow beyond the smart home and serve as a full desktop operating system. After all, what good is a laptop or desktop without a web browser? Fans of the Fuchsia project have anticipated its eventual expansion to desktop since Fuchsia was first shown to run on Google's Pixelbook hardware. However, in the intervening time -- a period that also saw significant layoffs in the Fuchsia division -- it seems that Google has since shifted Fuchsia in a different direction. The clearest evidence of that move comes from a Chromium code change (and related bug tracker post) published last month declaring that the "Chrome browser on fuchsia won't be maintained."

An anonymous reader quotes a report from TechCrunch: Polestar CEO Thomas Ingenlath couldn't be happier with the integration of Google built-in, the branded product that embeds Google apps and services directly into the company's EVs. But don't expect the EV maker to drop Android Auto or Apple CarPlay as a result. On the sidelines of CES 2024, Ingenlath committed to sticking with Android Auto and Apple CarPlay, the middleware that allows drivers to project their smartphone onto the car's infotainment display. He went a step further and questioned automakers that have. GM, for instance, decided not to make the new 2024 Chevy Blazer EV compatible with Android Auto or Apple CarPlay.

"It's still too important for our customers to have the choice," Ingenlath said during an interview at CES 2024. He later added that, in his view, removing the option isn't the right way of treating customers. "Our priority is very clear; We have a really fantastic system together with Google," he said. While Ingenlath admitted that adding that Google Built-in provides the best experience, he asked "why would we try to dogmatically educate our customers?" Polestar has been a champion of Google built-in. However, it's willingness to keep Android Auto and Apple CarPlay is notable because it illustrates the complexity of appeasing customers even if it might overshadow the native technology in the vehicle. "Ingenlath seems convinced that as Google built-in improves and continues to add apps and services, consumers will give up Android Auto or Apple CarPlay on there own," adds TechCrunch. "And the updates do keep coming."

"At CES 2024, for instance, Polestar announced that the Chrome browser would start rolling out to Polestar 2 in beta, allowing drivers to surf the internet via the central vehicle display while parked. Ingenlath hinted of more improvements in the future, including more precise navigation in Google Maps that drills down to the specific lane as well as customized features designed for Polestar customers."

"If you have been affected, you will will receive a notification when you open Chrome on either desktop or Android devices," reports Search Engine Land. But they add that "discussions among digital marketers on X indicate that advertisers are still not ready..."

An anonymous reader writes: Google started its campaign to phase out of third-party cookies as announced earlier. At the beginning cookies are turned off for 1% of users, and those lucky ones unlock a "tracking protection" in Chrome settings. In agreement with the UK Competitions and Markets Authority, third-party cookies will be completely removed at the end of this year, a move under tight anti-competition scrutiny also in Brussels. Meanwhile, a technology researcher released their privacy audit of Google's third-party cookie replacement, Privacy Sandbox's Protected Audience API, validating its standing against EU data protection, which may even close the ever-present cookie consent popups disliked universally in Europe.

Dan Goodin reports via Ars Technica: Software maker Ivanti is urging users of its end-point security product to patch a critical vulnerability that makes it possible for unauthenticated attackers to execute malicious code inside affected networks. The vulnerability, in a class known as a SQL injection, resides in all supported versions of the Ivanti Endpoint Manager. Also known as the Ivanti EPM, the software runs on a variety of platforms, including Windows, macOS, Linux, Chrome OS, and Internet of Things devices such as routers. SQL injection vulnerabilities stem from faulty code that interprets user input as database commands or, in more technical terms, from concatenating data with SQL code without quoting the data in accordance with the SQL syntax. CVE-2023-39336, as the Ivanti vulnerability is tracked, carries a severity rating of 9.6 out of a possible 10.

"If exploited, an attacker with access to the internal network can leverage an unspecified SQL injection to execute arbitrary SQL queries and retrieve output without the need for authentication," Ivanti officials wrote Friday in a post announcing the patch availability. "This can then allow the attacker control over machines running the EPM agent. When the core server is configured to use SQL express, this might lead to RCE on the core server." RCE is short for remote code execution, or the ability for off-premises attackers to run code of their choice. Currently, there's no known evidence the vulnerability is under active exploitation. Ivanti has also published a disclosure that is restricted only to registered users. A copy obtained by Ars said Ivanti learned of the vulnerability in October. [...]

Putting devices running Ivanti EDM behind a firewall is a best practice and will go a long way to mitigating the severity of CVE-2023-39336, but it would likely do nothing to prevent an attacker who has gained limited access to an employee workstation from exploiting the critical vulnerability. It's unclear if the vulnerability will come under active exploitation, but the best course of action is for all Ivanti EDM users to install the patch as soon as possible.

They create a dedicated desktop icon for your favorite web-based application — a simplified browser that opens to that single URL. Yet while Linux usually offers the same functionality as other operating systems, "Peppermint OS's Ice and its successor Kumo are the only free software versions of Site-Specific Browsers available on Linux," according to Linux magazine.

"Fortunately for those who want this functionality, Peppermint OS is a Debian derivative, and both can be installed on Debian and most other derivatives." Since SSBs first appeared in 2005, they have been available on both Windows and macOS. On Linux, however, the availability has come and gone. On Linux, Firefox once had an SSB mode, but it was discontinued in 2020 on the grounds that it had multiple bugs that were time-consuming to fix and there was "little to no perceived user benefit to the feature." Similarly, Chromium once had a basic SSB menu item, Create Application Shortcut, which no longer appears in recent versions. As for GNOME Web's (Epiphany's) Install Site as Web Application, while it still appears in the menu, it is no longer functional. Today, Linux users who want to try SSBs have no choices except Ice or Kumo.

Neither Ice or Kumo appears in any repository except Peppermint OS's. But because Peppermint OS installs packages from Debian 12 ("bookworm"), either can be installed to Debian or a derivative... To install successfully, at least one of Firefox, Chrome, Chromium, or Vivaldi also must be installed... Because both Ice and Kumo are written in Python, they can be run on any desktop.
The article concludes that Site-Specific Browsers might make more sense "on a network or in a business where their isolation provides another layer of security. Or perhaps the time for SSBs is past and there's a reason browsers have tried to implement them, and then discarded them."

Google has indicated that it is ready to settle a class-action lawsuit filed in 2020 over its Chrome browser's Incognito mode. From a report: Arising in the Northern District of California, the lawsuit accused Google of continuing to "track, collect, and identify [users'] browsing data in real time" even when they had opened a new Incognito window. The lawsuit, filed by Florida resident William Byatt and California residents Chasom Brown and Maria Nguyen, accused Google of violating wiretap laws.

It also alleged that sites using Google Analytics or Ad Manager collected information from browsers in Incognito mode, including web page content, device data, and IP address. The plaintiffs also accused Google of taking Chrome users' private browsing activity and then associating it with their already-existing user profiles. Google initially attempted to have the lawsuit dismissed by pointing to the message displayed when users turned on Chrome's incognito mode. That warning tells users that their activity "might still be visible to websites you visit."