Pages

December 23, 2019

Review | Goodbye, Chrome: Google’s Web browser has become spy software

Washington Post - This was made possible by the Web’s biggest snoop of all: Google. Seen from the inside, its Chrome browser looks a lot like surveillance software.

Lately I’ve been investigating the secret life of my data, running experiments to see what technology really gets up to under the cover of privacy policies that nobody reads. It turns out, having the world’s biggest advertising company make the most popular Web browser was about as smart as letting kids run a candy shop.

It made me decide to ditch Chrome for a new version of nonprofit Mozilla’s Firefox, which has default privacy protections. Switching involved less inconvenience than you might imagine.

My tests of Chrome vs. Firefox unearthed a personal data caper of absurd proportions. In a week of Web surfing on my desktop, I discovered 11,189 requests for tracker “cookies” that Chrome would have ushered right onto my computer but were automatically blocked by Firefox. These little files are the hooks that data firms, including Google itself, use to follow what websites you visit so they can build profiles of your interests, income and personality.

Chrome welcomed trackers even at websites you would think would be private. I watched Aetna and the Federal Student Aid website set cookies for Facebook and Google. They surreptitiously told the data giants every time I pulled up the insurance and loan service’s log-in pages.

And that’s not the half of it.

Look in the upper right corner of your Chrome browser. See a picture or a name in the circle? If so, you’re logged in to the browser, and Google might be tapping into your Web activity to target ads. Don’t recall signing in? I didn’t, either. Chrome recently started doing that automatically when you use Gmail.

Chrome is even sneakier on your phone. If you use Android, Chrome sends Google your location every time you conduct a search. (If you turn off location sharing it still sends your coordinates out, just with less accuracy.)

Firefox isn’t perfect — it still defaults searches to Google and permits some other tracking. But it doesn’t share browsing data with Mozilla, which isn’t in the data-collection business.

At a minimum, Web snooping can be annoying. Cookies are how a pair of pants you look at in one site end up following you around in ads elsewhere. More fundamentally, your Web history — like the color of your underpants — ain’t nobody’s business but your own. Letting anyone collect that data leaves it ripe for abuse by bullies, spies and hackers.

Google’s product managers told me in an interview that Chrome prioritizes privacy choices and controls, and they’re working on new ones for cookies. But they also said they have to get the right balance with a “healthy Web ecosystem” (read: ad business).

Firefox’s product managers told me they don’t see privacy as an “option” relegated to controls. They’ve launched a war on surveillance, starting this month with “enhanced tracking protection” that blocks nosy cookies by default on new Firefox installations. But to succeed, first Firefox has to persuade people to care enough to overcome the inertia of switching.

It’s a tale of two browsers — and the diverging interests of the companies that make them.


The cookie fight


A decade ago, Chrome and Firefox were taking on Microsoft’s lumbering giant Internet Explorer. The upstart Chrome solved real problems for consumers, making the Web safer and faster. Today it dominates more than half the market.

Lately, however, many of us have realized that our privacy is also a major concern on the Web — and Chrome’s interests no longer always seem aligned with our own.

That’s most visible in the fight over cookies. These code snippets can do helpful things, like remembering the contents of your shopping cart. But now many cookies belong to data companies, which use them to tag your browser so they can follow your path like crumbs in the proverbial forest.

They’re everywhere — one study found third-party tracking cookies on 92 percent of websites. The Washington Post website has about 40 tracker cookies, average for a news site, which the company said in a statement are used to deliver better-targeted ads and track ad performance.

You’ll also find them on sites without ads: Both Aetna and the FSA service said the cookies on their sites help measure their own external marketing campaigns.

The blame for this mess belongs to the entire advertising, publishing and tech industries. But what responsibility does a browser have in protecting us from code that isn’t doing much more than spying?

In 2015, Mozilla debuted a version of Firefox that included anti-tracking tech, turned on only in its “private” browsing mode. After years of testing and tweaking, that’s what it activated this month on all websites. This isn’t about blocking ads — those still come through. Rather, Firefox is parsing cookies to decide which ones to keep for critical site functions and which ones to block for spying.

Apple’s Safari browser, used on iPhones, also began applying “intelligent tracking protection” to cookies in 2017, using an algorithm to decide which ones were bad.

Chrome, so far, remains open to all cookies by default. Last month, Google announced a new effort to force third-party cookies to better self-identify, and said we can expect new controls for them after it rolls out. But it wouldn’t offer a timeline or say whether it would default to stopping trackers.

I’m not holding my breath. Google itself, through its Doubleclick and other ad businesses, is the No. 1 cookie maker — the Mrs. Fields of the Web. It’s hard to imagine Chrome ever cutting off Google’s moneymaker.

“Cookies play a role in user privacy, but a narrow focus on cookies obscures the broader privacy discussion because it’s just one way in which users can be tracked across sites,” said Ben Galbraith, Chrome’s director of product management. “This is a complex problem, and simple, blunt cookie blocking solutions force tracking into more opaque practices.”

There are other tracking techniques — and the privacy arms race will get harder. But saying things are too complicated is also a way of not doing anything.

“Our viewpoint is to deal with the biggest problem first, but anticipate where the ecosystem will shift and work on protecting against those things as well,” said Peter Dolanjski, Firefox’s product lead.

Both Google and Mozilla said they’re working on fighting “fingerprinting,” a way to sniff out other markers in your computer. Firefox is already testing its capabilities and plans to activate them soon.


Making the switch



Choosing a browser is no longer just about speed and convenience — it’s also about data defaults.

It’s true that Google usually obtains consent before gathering data, and offers a lot of knobs you can adjust to opt out of tracking and targeted advertising. But its controls often feel like a shell game that results in us sharing more personal data.

I felt hoodwinked when Google quietly began signing Gmail users into Chrome last fall. Google says the Chrome shift didn’t cause anybody’s browsing history to be “synced” unless they specifically opted in — but I found mine was being sent to Google and don’t recall ever asking for extra surveillance. (You can turn off the Gmail auto-login by searching “Gmail” in Chrome settings and switching off “Allow Chrome sign-in.”)

After the sign-in shift, Johns Hopkins associate professor Matthew Green made waves in the computer science world when he blogged he was done with Chrome. “I lost faith,” he told me. “It only takes a few tiny changes to make it very privacy unfriendly.”

There are ways to defang Chrome, which is much more complicated than just using “Incognito Mode.” But it’s much easier to switch to a browser not owned by an advertising company.

Like Green, I’ve chosen Firefox, which works across phones, tablets, PCs and Macs. Apple’s Safari is also a good option on Macs, iPhones and iPads, and the niche Brave browser goes even further in trying to jam the ad-tech industry.

What does switching to Firefox cost you? It’s free, and downloading a different browser is much simpler than changing phones.

In 2017, Mozilla launched a new version of Firefox called Quantum that made it considerably faster. In my tests, it has felt almost as fast as Chrome, though benchmark tests have found it can be slower in some contexts. Firefox says it’s better about managing memory if you use lots and lots of tabs.

Switching means you’ll have to move your bookmarks, and Firefox offers tools to help. Shifting passwords is easy if you use a password manager. And most browser add-ons are available, though it’s possible you won’t find your favorite.

Mozilla has challenges to overcome. Among privacy advocates, the nonprofit is known for caution. It took a year longer than Apple to make cookie blocking a default.

And as a nonprofit, it earns money when people make searches in the browser and click on ads — which means its biggest source of income is Google. Mozilla’s chief executive says the company is exploring new paid privacy services to diversify its income.

Its biggest risk is that Firefox might someday run out of steam in its battle with the Chrome behemoth. Even though it’s the No. 2 desktop browser, with about 10 percent of the market, major sites could decide to drop support, leaving Firefox scrambling.

If you care about privacy, let’s hope for another David and Goliath outcome.


Dig deeper: New Technology + Privacy


Want to explore the impact of new technology on our privacy? Check out our curated list of stories below.

An Oregon sheriff’s department became the first law enforcement agency in the country to use Amazon’s facial-recognition software, running 1,000 searches in a year to help solve crimes. But experts fear it could increase wrongful arrests.

There is no proof that facial-recognition software can prevent school shootings, yet companies are building sales pitches to schools around the promise of keeping children safe from school shooters.

Our tech reviewer found more than 11,000 requests in a week for trackers from websites in Google Chrome. The browser even welcomed trackers from websites you would think were private, like Aetna and the Federal Student Aid website.

Read more tech advice and analysis from Geoffrey A. Fowler:

Source: https://www.washingtonpost.com/technology/2019/06/21/google-chrome-has-become-surveillance-software-its-time-switch/

What’s the Difference Between Chromium and Chrome?






Chromium is an open-source browser project that forms the basis for the Chrome web browser. But let’s take a little deeper look at what that means.
When Google first introduced Chrome back in 2008, they also released the Chromium source code on which Chrome was based as an open-source project. That open-source code is maintained by the Chromium Project, while Chrome itself is maintained by Google.
The biggest difference between the two browsers is that, while Chrome is based on Chromium, Google also adds a number of proprietary features to Chrome like automatic updates and support for additional video formats. Google also took a similar approach with the Chromium OS, which is an open-source project that forms the basis for their own Chrome OS—the operating system that runs on Chromebooks.

What Chrome Has That Chromium Doesn’t

Chrome is based on Chromium, but Google adds a number of proprietary, closed-source bits to their Chrome browser that Chromium lacks. Specifically, Google takes Chromium and then adds the following:
  • AAC, H.264, and MP3 Support. Chrome includes licensed codecs for these proprietary media formats, giving you acess to a wider variety of media content—particularly sites using HTML5 video to stream H.264 videos. Both browsers include the basic, free codecs: Opus, Theora, Vorbis, VP8, VP9, and WAV.
  • Adobe Flash (PPAPI). Chrome includes a sandboxed Pepper API (PPAPI) Flash plug-in that Google automatically updates along with Chrome. This is the only way to get the most modern version of Flash on Linux. Even on Windows and Mac, you’re better off with the sandboxed PPAPI Flash plugin from Chrome rather than the older NPAPI Flash plug-in available from Adobe’s website. (You can actually get a Pepper Flash plug-in from Chrome and then install it and use it in Chromium, if you like.)
  • Google Update. Windows and Mac users of Chrome get an extra background app that automatically keeps Chrome up-to-date. Linux users use their standard software management tools.
  • Extension Restrictions. For Chrome, Google disables extensions that are not hosted in the Chrome Web Store.
  • Crash and Error Reporting. User of Chrome can opt to send statistics on crashes and errors to Google for analysis.
  • Security Sandbox (?). Google also notes that some Linux distributions may disable Chromium’s security sandbox, so you’ll want to navigate to about:sandbox in Chromium to ensure the sandbox is enabled and functioning by default. This is one of Chromium (and Chrome’s) best features.

You should note that while it’s not Google-branded, Chromium is still very Google-centric. For example, Chromium contains the same sync features found in Chrome, allowing you to log in with a Google account and sync your data.

Getting Chromium

Getting Google Chrome on pretty much any platform just involves visiting the Google Chrome download page, so let’s just take a look at how you can get your hands on Chromium if you want it.
On Linux, you can often install Chromium directly from your Linux distribution’s software repositories. On Ubuntu Linux, for example, you can install it by opening the Ubuntu Software Center, searching for Chromium, and then clicking Install. Chromium gets updated with security updates through your Linux distribution’s software repositories.

On Windows and Mac, using Chromium is a little tougher. You can get official Chromium builds, but they’re bleeding-edge-only and won’t automatically update. The updater is a closed-source part of Google Chrome. You could get third-party builds from someone, but they wouldn’t automatically update either and you’d have to trust the third-party distributor. You could also compile Chromium from the source code yourself, but would you really want to do that every time an update is available? Probably not.

What About the “Spyware?” (It’s Not Actually Spyware)

Google Chrome includes crash reporting features not found in Chromium. If you choose to enable crash reporting in Chrome, information about crashes will be sent to Google. If you use Chromium, this crash reporter isn’t present and you’ll have to get a bug trace the old-fashioned way. Linux distributions may also modify Chromium’s code before giving it to you. If you’re trying to pin down some Chrome bug, you’re probably better off using Chrome instead of Chromium.
Chromium also lacks the usage-tracking or “user metrics” feature found in Chrome. This is an optional feature that sends information about how you use the different parts of the browser to Google, giving them data they can use to base decisions on. (This was the sort of data Microsoft claimed they used when they said they removed the Start menu because no one used it, so perhaps geeks should start leaving such features on.)
In the past, users were worried that each Chrome browser shipped with a unique “client ID” and noted that Chromium did not. Google stopped doing this back in 2010.
However, Chromium does include many features that depend on Google’s servers, and those features are enabled by default. You’ll see these features listed on the Chromium Settings page. They include a web service that helps fix mistyped web addresses, a prediction service, Google’s anti-phishing feature, and more.

So, Which Should You Use?

Chromium is nice because it allows Linux distributions that require open-source software to package up a web browser that’s almost identical to Chrome and ship it to their users. Such Linux distributions could even use Chromium as their default web browser instead of Firefox—and some do. If you’re into open-source software and try to avoid any closed-source bits, Chromium is a good option for you.
However, many Linux users who aren’t so passionate about open-source software might want to install Chrome rather than Chromium. Installing Chrome gets you a better Flash player if you’re using Flash and unlocks a larger amount of media content online. For example, Google Chrome on Linux can now stream Netflix videos. This requires H.264 support for HTML5 video, something Chromium doesn’t include.


So, Chrome or Chromium? If you’re using Windows and Mac, the choice is pretty clear. Chromium is just too finicky to actually use—mostly because you can’t get official stable builds that will update automatically. The real choice here is should be made by Linux users.

Chris Hoffman is a technology writer and all-around computer geek. He's as at home using the Linux terminal as he is digging into the Windows registry. Connect with him on Twitter.

Source: https://www.howtogeek.com/202825/what%E2%80%99s-the-difference-between-chromium-and-chrome/

December 1, 2019

It's Official: Chromium-Based Microsoft Edge Web Browser Is Coming to Linux

Microsoft has confirmed during its Ignite 2019 conference that the forthcoming Chromium-Based Microsoft Edge web browser will also be available on the Linux platform.




Initially designed only as a replacement for the existing Microsoft Edge web browser that ships with the latest Windows 10 operating system, the new Chromium-based build aims to be cross-platform, allowing users to use it on their Windows PCs, Macs, and even Linux PCs, as well as on mobile devices.

During the Microsoft Ignite 2019 conference, an annual gathering of technology leaders and practitioners, the tech giant revealed all the platforms on which is upcoming Edge browser will be compatible with, such as Android, iOS, and macOS, and, to our surprise, a Linux version will be coming in the near future as well.

Chromium-based Microsoft Edge launches on January 15th, 2020
At the moment, Microsoft's Chromium-based Edge web browser is still in development with an RC (Release Candidate) build already available for download on Windows and Mac platforms. The company confirmed the general availability on January 15th, 2020, but don't expect it to be available on Linux at that time.

Microsoft hasn't detailed its plans for the Chromium-based Edge browser on the Linux platform, so we'll just have to trust them and wait for the first pre-release version to hit the streets to believe Microsoft really does care for Linux users and it's not just showing off to be cool again.
While the Chromium-based Microsoft Edge web browser promises numerous interesting features, most of them will be useful only to Windows users, of course, so for Linux users the upcoming web browser might be yet another Chromium clone, so you better stick with the original, which is open source and free to download on all GNU/Linux distributions.

Here are all the platforms the new Microsoft Edge is compatible with. Linux coming later. pic.twitter.com/k5k0slsfAK — Zac Bowden (@zacbowden) November 4, 2019

Source: https://news.softpedia.com/news/it-s-official-chromium-based-microsoft-edge-web-browser-is-coming-to-linux-528111.shtml

Firefox 70.0 release information - features faster page loading and tracking protection

Firefox 70.0 is the new stable version of the Firefox web browser as of October 22, 2019.
Mozilla releases updates for all channels of the Firefox web browser at the same time; this means that besides Firefox 70, Firefox Beta and Dev are upgraded to version 71 and Firefox Nightly is upgraded to version 72.
Firefox ESR versions can only be upgraded to Firefox ESR 68.2 as the 60.x branch is no longer supported.
You can check out our Firefox 69.0 release overview in case you missed it.

Executive Summary

  • The release marks the end of the Firefox 60.x ESR branch. ESR versions need to update to the 68.x branch.
  • Huge page load improvements on all systems (especially Mac OS X).

Firefox 70.0 download and update

 

firefox browser 70.0


Updates are made available on October 22, 2019. We publish the release overview early usually to provide users with information prior to the release.
Once released, you may run a manual check for updates in Firefox by selecting Menu > Help > About Firefox. Firefox opens a new window that runs a check for update and either suggests to download and install it, or does to automatically.
The following pages list direct downloads for supported Firefox channels.

Firefox 70.0 Changes

Enhanced Tracking Protection improvements
Mozilla improved the built-in tracking protection feature of the Firefox web browser once more in Firefox 70.0. The organization added the social media tracker blocking component to the standard setting making it a default in the new Firefox version.
Firefox users had to switch to strict or custom blocking in previous releases to enable the protection.
Social Media trackers are used by social media sites like Facebook or Twitter.
Tip: check the about:protections page of the Firefox web browser to look at protection statistics.


Firefox Lockwise improvements


firefox lockwise


Firefox Lockwise is a password management solution that Mozilla launched some time ago; it is part of the Firefox web browser and can be opened at any time by loading about:logins in the browser's address bar.
The desktop version of Lockwise supports synchronization and the creating, updating, and deleting of logins and passwords.


breach alerts


The new version supports integrated breach alerts powered by Firefox Monitor in the new release; this informs users about potentially compromised passwords so that users may react by changing passwords quickly.


Firefox Account icon and menu, and What's New icon


firefox account icon



Mozilla placed a new Firefox Account icon on the Firefox toolbar. A click opens account specific options, e.g. to sign in to a Firefox account, enable synchronization, access logins and passwords, or open the Firefox services Monitor and Send.
Firefox users who don't need the icon can remove it with a right-click on the icon and the selection of Remove from Toolbar from the context menu.
To add it back at a later time select Firefox Menu > Customize and drag & drop the Firefox Account icon to the toolbar again.
A What's New icon is also available that highlights new releases and features.

Other changes

  • Firefox may suggest secure passwords when the user encounters input fields that have the autocomplete="new-password" attribute.
  • The default referrer policy for third-party tracking resources is set to strict-origin-when-cross-origin if Tracking Policy is enabled.
  • All FTP resources are downloaded instead of rendered.
  • Firefox will display a notification if a Firefox extension shortcut is already in use.
  • Page Loading improvements (Mozilla claims up to 8%) thanks to a "faster JavaScript Baseline Interpreter.
  • WebRender technology is available on more desktop systems. Enabled by default on all Windows Desktops with integrated Intel graphics cards and a resolution of 1920x1200 or less).
  • Mac OS X users benefit from Compositor improvements. It reduces page load time by up to 22% and resource use of videos by up to 37% according to Mozilla.
  • When a site uses Geolocation, an indicator is now displayed in the Firefox address bar.
  • Firefox pages use the system theme (dark or light) in the new release.
  • Firefox users on Mac Os X devices may import passwords from Chrome now.

Firefox 70.0 known issues

Developer Changes

  • The developer tools place an icon next to inactive CSS properties in the Rules View of the Page Inspector. Hover over the icon to find out why the property is inactive.
  • The Color Picker in the CSS Rules View interface informs you whether the contrast of foreground colors with background colors meets accessibility conformance criteria.
  • Stylesheets in <style> elements are now cached by Firefox.
  • New Web Audio API features implemented or updated.
  • Notification permission requests from cross-origin iframes are disallowed.
  • Permission requests are not allowed anymore in fullscreen mode.
  • New Network Status API to look up Internet connection properties.
  • The Downloads API supports the Referer header in the browser.downloads.download API's headers object.
  • Extension storage can now be inspected using the Storage Inspector of the Developer Tools.
  • Network Resource Search option in the Developer Tools to find resources quickly.

Firefox for Android

  • Fixed a welcome screen crash.
  • New sign-in to Firefox Account options.

Security updates / fixes

Security updates are revealed after the official release of the web browser. You find the information published here later today.
Additional information / sources