Mozilla's interim CEO Laura Chambers "says the company is reinvesting in Firefox after letting it languish in recent years," reports Fast Company, "hoping to reestablish the browser as independent alternative to the likes of Google's Chrome and Apple's Safari.

"But some of those investments, which also include forays into generative AI, may further upset the community that's been sticking with Firefox all these years..." Chambers acknowledges that Mozilla lost sight of Firefox in recent years as it chased opportunities outside the browser, such as VPN service and email masking. When she replaced Mitchell Baker as CEO in February, the company scaled back those other efforts and made Firefox a priority again. "Yes, Mozilla is refocusing on Firefox," she says. "Obviously, it's our core product, so it's an important piece of the business for us, but we think it's also really an important part of the internet."

Some of that focus involves adding features that have become table-stakes in other browsers. In June, Mozilla added vertical tab support in Firefox's experimental branch, echoing a feature that Microsoft's Edge browser helped popularize three years ago. It's also working on tab grouping features and an easier way to switch between user profiles. Mozilla is even revisiting the concept of web apps, in which users can install websites as freestanding desktop applications. Mozilla abandoned work on Progressive Web Apps in Firefox a few years ago to the dismay of many power users, but now it's talking with community members about a potential path forward.

"We haven't always prioritized those features as highly as we should have," Chambers says. "That's been a real shift that's been very felt in the community, that the things they're asking for . . . are really being prioritized and brought to life."
Firefox was criticized for testing a more private alternative to tracking cookies which could make summaries of aggregated data available to advertisers. (Though it was only tested on a few sites, "Privacy-Preserving Attribution" was enabled by default.) But EFF staff technologist Lena Cohen tells Fast Company that approach was "much more privacy-preserving" than Google's proposal for a "Privacy Sandbox." And according to the article, "Mozilla's system only measures the success rate of ads — it doesn't help companies target those ads in the first place — and it's less susceptible to abuse due to limits on how much data is stored and which parties are allowed to access it." In June, Mozilla also announced its acquisition of Anonym, a startup led by former Meta executives that has its own privacy-focused ad measurement system. While Mozilla has no plans to integrate Anonym's tech in Firefox, the move led to even more anxiety about the kind of company Mozilla was becoming. The tension around Firefox stems in part from Mozilla's precarious financial position, which is heavily dependent on royalty payments from Google. In 2022, nearly 86% of Mozilla's revenue came from Google, which paid $510 million to be Firefox's default search engine. Its attempts to diversify, through VPN service and other subscriptions, haven't gained much traction.

Chambers says that becoming less dependent on Google is "absolutely a priority," and acknowledges that building an ad-tech business is one way of doing that. Mozilla is hoping that emerging privacy regulations and wider adoption of anti-tracking tools in web browsers will increase demand for services like Anonym and for systems like Firefox's privacy-preserving ad measurements. Other revenue-generating ideas are forthcoming. Chambers says Mozilla plans to launch new products outside of Firefox under a "design sprint" model, aimed at quickly figuring out what works and what doesn't. It's also making forays into generative AI in Firefox, starting with a chatbot sidebar in the browser's experimental branch.
Chambers "says to expect a bigger marketing push for Firefox in the United States soon, echoing a 'Challenge the default' ad campaign that was successful in Germany last summer. Mozilla's nonprofit ownership structure, and the idea that it's not beholden to corporate interests, figures heavily into those plans."

Though "It could take years to resolve," the Washington Post imagines six changes that could ultimately result from the two monopoly rulings on Google: Imagine a Google-quality search engine but without ads — or one tailored to children, news junkies or Lego fans. It's possible that Google could be forced to let other companies access its search technology or its essential data to create search engines with the technical chops of Google — but without Google...

Would Apple create a search engine...? The likeliest scenario is you'd need to pick whether to use Google on your iPhone or something else. But technologists and stock analysts have also speculated for years that Apple could make its own search engine. It would be like when Apple started Apple Maps as an alternative to Google Maps.

What if Google weren't allowed to know so much about you? Jason Kint of Digital Content Next, an industry group that includes online news organizations, said one idea is Google's multiple products would no longer be allowed to commingle information about what you do. It would essentially be a divorce of Google's products without breaking the company up. That could mean, for example, that whatever you did on your Android phone or the websites you visit using Chrome would not feed into one giant Google repository about your activities and interests.
The article also wonders if the judge could order Google to be broken up, with separate companies formed out of Android, Google search, and Chrome. (Or if more search competition might make prices drop for the products advertised in search results — or lower the fees charged in Android's app store.) Android's app store might also lose its power to veto apps that compete with Google.

"This is educated speculation," the article acknowledges. "It's also possible that not much will really change. That's what happened after Google was found to have broken the European Union's anti-monopoly laws."

Google has also said it plans to appeal Monday's ruling.

"Samsung's latest solid-state battery technology will power up premium EVs first, giving them up to 621 miles of range," writes PC Magazine: The new batteries — which promise to improve vehicle range, decrease charging times, and eliminate risk of battery fires — could go into mass production as soon as 2027. Multiple automakers have been reportedly testing samples. Samsung did not list any by name but it's worked with Hyundai, Stellantis, and General Motors, among others. "We supplied samples to customers from the end of last year to the beginning of this year and are receiving positive feedback," Samsung SDI VP Koh Joo-young said at SNE Battery Day 2024 in Seoul, according to Korean outlet The Elec and translated by Google.

Perhaps unsurprisingly, the batteries won't be cheap. They will initially go in "super premium EVs" and will offer 900 to 1,000 kilometers (559-621 miles) of range and improved safety... Samsung's presentation also reiterated previously announced plans to create batteries that can charge in nine minutes and last 20 years by 2029.
More details from Notebookcheck: According to Samsung SDI's VP, automakers are interested in its solid-state battery packs because they are smaller, lighter, and much safer than what's in current electric cars. Apparently, they are also rather expensive to produce, since it warns that they will first go into the "super premium" EV segment. Those Samsung defines as luxury electric cars that can cover more than 600 miles on a charge.

Samsung's oxide solid-state battery technology is rated for an energy density of about 500 Wh/kg, which is about double the density of mainstream EV batteries. Those have capacities that already allow more than 300 miles on a charge, so 600 miles of range in a similar footprint is not out of the question, but the issue is production costs.
Thanks to Slashdot reader npetrov for sharing the news.

"CrowdStrike has continued doing what gave it such an expansive footprint in the first place," writes CSO Online — "detecting cyber threats and protecting its clients from them."

They interviewed Adam Meyers, CrowdStrike's SVP of counter adversary operations, whose team produced their 2024 Threat Hunting Report (released this week at the Black Hat conference). Of seven case studies presented in the report, the most daring is that of a group CrowdStrike calls Famous Chollima, an alleged DPRK-nexus group. Starting with a single incident in April 2024, CrowdStrike discovered that a group of North Koreans, posing as American workers, had been hired for multiple remote IT worker jobs in early 2023 at more than thirty US-based companies, including aerospace, defense, retail, and technology organizations.

CrowdStrike's threat hunters discovered that after obtaining employee-level access to victim networks, the phony workers performed at minimal enough levels to keep their jobs while attempting to exfiltrate data using Git, SharePoint, and OneDrive and installing remote monitoring and management (RMM) tools RustDesk, AnyDesk, TinyPilot, VS Code Dev Tunnels, and Google Chrome Remote Desktop. The workers leveraged these RMM tools with company network credentials, enabling numerous IP addresses to connect to victims' systems.

CrowdStrike's OverWatch hunters, a team of experts conducting analysis, hunted for RMM tooling combined with suspicious connections surfaced by the company's Falcon Identity Protection module to find more personas and additional indicators of compromise. CrowdStrike ultimately found that over 100 companies, most US-based technology entities, had hired Famous Chollima workers. The OverWatch team contacted victimized companies to inform them about potential insider threats and quickly corroborated its findings.
Thanks to Slashdot reader snydeq for sharing the news.

Google's loss in an antitrust trial is just the beginning. According to Yahoo Finance's senior legal reporter, Google now also has to defend itself "against another perilous antitrust challenge that could inflict more damage." Starting in September, the tech giant will square off against federal prosecutors and a group of states claiming that Google abused its dominance of search advertising technology that is used to sell, buy, and broker advertising space online... Juggling simultaneous defenses "will definitely create a strain on its resources, productivity, and most importantly, attention at the most senior levels," said David Olson, associate professor at Boston College Law School.... The two cases targeting Google have the potential to inflict major damage to an empire amassed over the last two decades.

The second case that begins next month began with a lawsuit filed in the US District Court for the Eastern District of Virginia by the Justice Department and eight states in December 2020... Prosecutors allege that since at least 2015 Google has thwarted meaningful competition and deterred innovation through its ownership of the entities and software that power the online advertising technology market. Google owns most of the technology to buy, sell, and serve advertisements online... Google's share of the US and global advertising markets — when measured either by revenue or impressions — exceeded 90% for "many years," according to the complaint.

The government prosecutors accused Google of siphoning off $0.35 of each advertising dollar that flowed through its ad tech tools.
Thanks to Slashdot reader ZipNada for sharing the article.

Russia has blocked access to the encrypted Signal messaging app to "prevent the messenger's use of terrorist and extremist purposes." YouTube is also facing mass outages following repeated slowdowns in recent weeks. The Associated Press reports: Russian authorities expanded their crackdown on dissent and free media after Russian President Vladimir Putin sent troops into Ukraine in February 2022. They have blocked multiple independent Russian-language media outlets critical of the Kremlin, and cut access to Twitter, which later became X, as well as Meta's Facebook and Instagram.

In the latest blow to the freedom of information, YouTube faced mass outages on Thursday following repeated slowdowns in recent weeks. Russian authorities have blamed the slowdowns on Google's failure to upgrade its equipment in Russia, but many experts have challenged the claim, arguing that the likely reason for the slowdowns and the latest outage was the Kremlin's desire to shut public access to a major platform that carries opposition views.

An anonymous reader quotes a report from Ars Technica: Back in July 2022, when mobile app metrics firm Branch acquired the popular and well-regarded Nova Launcher for Android, the app's site put up one of those self-directed FAQ posts about it. Under the question heading "What does Branch want with Nova?," Nova founder and creator Kevin Barry started his response with, "Not to mess it up, don't worry!" Branch (formerly/sometimes Branch Metrics) is a firm concerned with helping businesses track the links that lead into their apps, whether from SMS, email, marketing, or inside other apps. Nova, with its Sesame Search tool that helped users find and access deeper links -- like heading straight to calling a car, rather than just opening a rideshare app -- seemed like a reasonable fit. Barry wrote that he had received a number of acquisition offers over the years, but he didn't want to be swallowed by a giant corporation, an OEM, or a volatile startup. "Branch is different," he wrote then, because they wanted to add staff to Nova, keep it available to the public, and mostly leave it alone.

Two years later, Branch has left Nova Launcher a bit too alone. As documented on Nova's official X (formerly Twitter) account, and transcripts from its Discord, as of Thursday Nova had "gone from a team of around a dozen people" to just Barry, the founder, working alone. The Nova cuts were part of "a massive layoff" of purportedly more than 100 people across all of Branch, according to now-former Nova workers. Barry wrote that he would keep working on Nova, "However I have less resources." He would need to "cut scope" on an upcoming Nova release, he wrote. Other employees noted that customer support, marketing, and even correspondence would likely be strained or disappear. "While Nova is not dead (despite mine and others' eulogistic tones), it's certainly not positioned to launch bold new features or plot new futures," writes Ars' Kevin Purdy, in closing. "Here's hoping Barry can make a go of Nova Launcher for as long as it's viable for him."

An anonymous reader quotes a report from TechCrunch: In a newly published paper titled "Achieving Human Level Competitive Robot Table Tennis," Google's DeepMind Robotics team is showcasing its own work on the game. The researchers have effectively developed a "solidly amateur human-level player" when pitted against a human component. During testing, the table tennis bot was able to beat all of the beginner-level players it faced. With intermediate players, the robot won 55% of matches. It's not ready to take on pros, however. The robot lost every time it faced an advanced player. All told, the system won 45% of the 29 games it played. "This is the first robot agent capable of playing a sport with humans at human level and represents a milestone in robot learning and control," the paper claims. "However, it is also only a small step towards a long-standing goal in robotics of achieving human level performance on many useful real world skills. A lot of work remains in order to consistently achieve human-level performance on single tasks, and then beyond, in building generalist robots that are capable of performing many useful tasks, skillfully and safely interacting with humans in the real world."

The robot's biggest trouble areas are responding to fast balls, high and low balls. It also has trouble with backhand and the ability to read the spin on an incoming ball. Here's how the researchers plan to address the issue with fast balls: "To address the latency constraints that hinder the robot's reaction time to fast balls, we propose investigating advanced control algorithms and hardware optimizations. These could include exploring predictive models to anticipate ball trajectories or implementing faster communication protocols between the robot's sensors and actuators."

Italy's telecoms regulator AGCOM has summoned Google and Cloudflare to a September meeting to discuss strategies for combating online piracy, six months after launching its Piracy Shield blocking system. The move comes as IPTV piracy remains resilient despite new anti-piracy legislation passed in the country last year. The law introduced harsher penalties for providers and consumers of pirated content, including fines for watching pirate streams. It also granted more aggressive site-blocking powers.

Major stream suppliers appear minimally affected by overseas laws. however. AGCOM chief Massimiliano Capitanio seeks commitments from Google to limit pirate services in search results, according to TorrentFreak. The regulator also wants Cloudflare to address IPTV providers using its services to evade blocking.

theodp writes: After issuing mea culpas over diversity and compensation equity issues, tech companies began to promote their K-12 CS education philanthropy initiatives as corrective measures as they sought to deflect criticism and defeat shareholder calls for greater transparency into hiring and compensation practices. In 2016, for instance, Amazon argued it was already working with tech-backed nonprofits such as Code.org, the Anita Borg Institute, and Girls Who Code to increase women's and minorities' involvement in tech as it sought the SEC's permission to block a shareholder vote on a proposal on gender pay equality. As such, it wasn't terribly surprising to see the nation's tech giants again remind the public of their K-12 CS philanthropy efforts as they recently announced quarterly earnings.

In the Addressing Racial Injustice and Inequity section of its most recent 10-K Annual Report SEC filing, Microsoft boasted, "We also expanded our Technology Education and Learning Support ("TEALS") program to reach nearly 550 high schools across 21 racial equity expansion regions with the support of nearly 1,500 volunteers, 12% of whom identify as Black or African American."

An Amazon press release claimed the company is inspiring Girl Scouts to explore the future of STEM by awarding girls aged 7-and-up a co-branded Girl Scouts and Amazon patch for attending in-person or virtual Amazon warehouse tours. "As humanity looks to science, technology, engineering, and math (STEM) for new ideas and discoveries," Amazon explained, "it is more important than ever to harness the unique insights, skills, and potential of girls. [..] That's why Amazon partnered with Girl Scouts of the USA (GSUSA) to host exclusive tours [of Amazon fulfillment centers] for troops around the nation to showcase the importance and diversity of careers in STEM."

Most recently, a press release celebrated the move of Google's Code Next high school program into a lab located in the newly-rehabbed Michigan Central Station, which has thus far enrolled approximately 100 students. "Google has called Michigan home for over 15 years with offices in Detroit and Ann Arbor. We're dedicated to investing in the city and providing its students with the resources and inspiration they need to excel," said Shanika Hope, Director, Google Education and Social Impact. "We're excited to bring our Code Next program to Michigan Central, empowering Detroit's youth with computer science education to help them reach their full potential in the classroom and beyond."

U.S. Judge Amit Mehta released a 286-page ruling Monday in the Google search antitrust case, revealing key details of the tech giant's business practices. The document is packed with factual findings and legal conclusions and some amazing comments. Here's one, for instance: Google pays Apple billions of dollars a year to be the default search engine in Safari. But according to Eddy Cue, Apple's senior vice president of services, there's no other meaningful alternative. During the trial, he said that "there's no price that Microsoft could ever offer" to Apple to get the company to preload Bing in Safari. "I don't believe there's a price in the world that Microsoft could offer us," Cue said at another point. "They offered to give us Bing for free. They could give us the whole company."

For Google, this is a sign that they've earned their default status (which, incidentally, they pay Apple gobs of money to maintain). Judge Mehta says that this is an indication that the "market reality is that Google is the only real choice as the default GSE [general search engine]." (Of course, Cue's opinion doesn't mean Bing is objectively bad. Elsewhere, the opinion notes that Bing's search quality is comparable to Google's on desktop, though it falls behind on mobile.)

Speaking of Google launching a new TV streaming device, the company says it's "ending production of Chromecast" after 11 years of selling the streaming dongles. From a report: Even though Chromecast devices will now be available "while supplies last," Google says it will continue to push software and security updates to its newer devices without specifying which ones. The most recent update to the lineup was the Chromecast with Google TV released in 2022.

But now, Google says "technology has evolved dramatically" since the launch of the original Chromecast in 2013. "We invested heavily in embedding Google Cast technology into millions of TV devices, including Android TV," Google writes. "We are taking the next step in evolving how streaming TV devices can add even more capabilities to your smart TV, built on top of the same Chromecast technology."

An anonymous reader shares a report: Google has revealed technical details of its in-house data transfer tool, called Effingo, and bragged that it uses the project to move an average of 1.2 exabytes every day. As explained in a paper [PDF] and video to be presented on Thursday at the SIGCOMM 2024 conference in Sydney, bandwidth constraints and the stubbornly steady speed of light mean that not even Google is immune to the need to replicate data so it is located close to where it is processed or served.

Indeed, the paper describes managed data transfer as "an unsung hero of large-scale, globally-distributed systems" because it "reduces the network latency from across-globe hundreds to in-continent dozens of milliseconds." The paper also points out that data transfer tools are not hard to find, and asks why a management layer like Effingo is needed. The answer is that the tools Google could find either optimized for transfer time or handled point-to-point data streams -- and weren't up to the job of handling the 1.2 exabytes Effingo moves on an average day, at 14 terabytes per second. To shift all those bits, Effingo "balances infrastructure efficiency and users' needs" and recognizes that "some users and some transfers are more important than the others: eg, disaster recovery for a serving database, compared to migrating data from a cluster with maintenance scheduled a week from now."

Google today unveiled its new Google TV Streamer, a $99.99 set-top box replacing the Chromecast. The device, shipping September 24, boasts improved performance with a 22% faster processor (over its predecessor), doubled RAM, and 32GB storage. It integrates Thread and Matter for smart home control, featuring a side-panel accessible via the remote. The Streamer supports Dolby Vision, Dolby Atmos and includes an Ethernet port. Design changes include a low-profile form factor in two colors and a redesigned remote with a finder function. Software enhancements use Gemini AI for content summaries and custom screensavers.

Mozilla, the non-profit behind the Firefox browser, faces an uncertain future following Monday's landmark antitrust ruling against Google. The decision, which found Google illegally maintained its search monopoly, puts Mozilla's primary funding source at risk. In 2021-2022, Mozilla received $510 million from Google out of $593 million total revenue, according to its latest financial report. Fortune adds: You can be sure that critics of the judge's ruling will highlight the potentially devastating impact on Mozilla to make the case that the antitrust ruling will have unintended consequences on smaller tech industry players. Others might argue that Mozilla hasn't done enough with those spoils to differentiate its Firefox browser, or that it could cut a deal with another search engine like Bing if its Google deal goes away completely. Either way, Google will appeal the suit so a long battle may ensue. And there's another big domino to fall: the judge will rule on the remedy or remedies -- essentially, the business-model penalties -- that Google will face. Apple also stands to lose more than $20 billion a year that Google pays the iPhone-maker to be the default search engine on Safari. But as Fortune notes, "Apple is a large, diversified company with many sources of revenue."

An anonymous reader quotes a report from Ars Technica: Hackers delivered malware to Windows and Mac users by compromising their Internet service provider and then tampering with software updates delivered over unsecure connections, researchers said. The attack, researchers from security firm Volexity said, worked by hacking routers or similar types of device infrastructure of an unnamed ISP. The attackers then used their control of the devices to poison domain name system responses for legitimate hostnames providing updates for at least six different apps written for Windows or macOS. The apps affected were the 5KPlayer, Quick Heal, Rainmeter, Partition Wizard, and those from Corel and Sogou.

Because the update mechanisms didn't use TLS or cryptographic signatures to authenticate the connections or downloaded software, the threat actors were able to use their control of the ISP infrastructure to successfully perform machine-in-the-middle (MitM) attacks that directed targeted users to hostile servers rather than the ones operated by the affected software makers. These redirections worked even when users employed non-encrypted public DNS services such as Google's 8.8.8.8 or Cloudflare's 1.1.1.1 rather than the authoritative DNS server provided by the ISP. "That is the fun/scary part -- this was not the hack of the ISPs DNS servers," Volexity CEO Steven Adair wrote in an online interview. "This was a compromise of network infrastructure for Internet traffic. The DNS queries, for example, would go to Google's DNS servers destined for 8.8.8.8. The traffic was being intercepted to respond to the DNS queries with the IP address of the attacker's servers."

In other words, the DNS responses returned by any DNS server would be changed once it reached the infrastructure of the hacked ISP. The only way an end user could have thwarted the attack was to use DNS over HTTPS or DNS over TLS to ensure lookup results haven't been tampered with or to avoid all use of apps that deliver unsigned updates over unencrypted connections. As an example, the 5KPlayer app uses an unsecure HTTP connection rather than an encrypted HTTPS one to check if an update is available and, if so, to download a configuration file named Youtube.config. StormBamboo, the name used in the industry to track the hacking group responsible, used DNS poisoning to deliver a malicious version of the Youtube.config file from a malicious server. This file, in turn, downloaded a next-stage payload that was disguised as a PNG image. In fact, it was an executable file that installed malware tracked under the names MACMA for macOS devices or POCOSTICK for Windows devices. As for the hacked ISP, the security firm said "it's not a huge one or one you'd likely know."

"In our case the incident is contained but we see other servers that are actively serving malicious updates but we do not know where they are being served from. We suspect there are other active attacks around the world we do not have purview into. This could be from an ISP compromise or a localized compromise to an organization such as on their firewall."

Silicon Valley's fascination with AI has led to parents enrolling children as young as five in AI-focused summer camps. "It's common for kids on summer break to attend space, science or soccer camp, or even go to coding school," writes Priya Anand via the San Francisco Standard. "But the growing effort to teach kindergarteners who can barely spell their names lessons in 'Advanced AI Robot Design & AR Coding' shows how far the frenzy has extended." From the report: Parents who previously would opt for coding camps are increasingly interested in AI-specific programming, according to Eliza Du, CEO of Integem, which makes holographic augmented reality technology in addition to managing dozens of tech-focused kids camps across the country. "The tech industry understands the value of AI," she said. "Every year it's increasing." Some Bay Area parents are so eager to get their kids in on AI's ground floor that they try to sneak toddlers into advanced courses. "Sometimes they'll bring a 4-year-old, and I'm like, you're not supposed to be here," Du said.

Du said Integem studied Common Core education standards to ensure its programming was suitable for those as young as 5. She tries to make sure parents understand there's only so much kids can learn across a week or two of camp. "Either they set expectations too high or too low," Du said of the parents. As an example, she recounted a confounding comment in a feedback survey from the parent of a 5-year-old. "After one week, the parent said, "My child did not learn much. My cousin is a Google engineer, and he said he's not ready to be an intern at Google yet.' What do I say to that review?" Du said, bemused. "That expectation is not realistic." Even less tech-savvy parents are getting in on the hype. Du tells of a mom who called the company to get her 12-year-old enrolled in "AL" summer camp. "She misread it," Du said, explaining that the parent had confused the "I" in AI with a lowercase "L."

An anonymous reader quotes a report from Reuters: Indonesia said it has banned the privacy-oriented search engine DuckDuckGo, citing concerns that it could be used to access pornography and online gambling websites which are illegal in the country, the communications ministry said on Friday. Indonesia, with the world's biggest Muslim population, has strict rules that ban the sharing online of content deemed obscene. Social media platform Reddit and video-hosting platform Vimeo are blocked.

Usman Kansong, a communications ministry official, told Reuters that DuckDuckGo had been blocked "because of the many complaints made to us about the rampant online gambling and pornography content in its search results." The ministry did not say how DuckDuckGo differs from other search engines such as Alphabet's Google but on its website, DuckDuckGo said it offered several products intended to "help people protect their online privacy" including the search engine, which it said has been praised by privacy advocates.

Google's payments to make its search engine the default on smartphone web browsers violates US antitrust law, a federal judge ruled Monday, handing a key victory to the Justice Department. From a report: Judge Amit Mehta in Washington said that the Alphabet unit's $26 billion in payments effectively blocked any other competitor from succeeding in the market. Antitrust enforcers alleged that Google has illegally maintained a monopoly over online search and related advertising. The government said that Google has paid Apple, Samsung and others billions over decades for prime placement on smartphones and web browsers. This default position has allowed Google to build up the most-used search engine in the world, and fueled more than $300 billion in annual revenue largely generated by search ads.

snydeq writes: CSO Online's Evan Schuman reports on a design flaw in Microsoft Authenticator that causes it to often overwrite authentication accounts when a user adds a new one via QR scan. "But because of the way the resulting lockout happens, the user is not likely to realize the issue resides with Microsoft Authenticator. Instead, the company issuing the authentication is considered the culprit, resulting in wasted corporate helpdesk hours trying to fix an issue not of that company's making."

Schuman writes: "The core of the problem? Microsoft Authenticator will overwrite an account with the same username. Given the prominent use of email addresses for usernames, most users' apps share the same username. Google Authenticator and just about every other authenticator app add the name of the issuer -- such as a bank or a car company -- to avoid this issue. Microsoft only uses the username."

The flaw appears to have been in place since Authenticator was released in 2016. Users have complained about this issue in the past to no avail. In its two correspondences with Schuman, Microsoft first laid blame on users, then on issuers. Several IT experts confirmed the flaw, with one saying, "It's possible that this problem occurs more often than anyone realizes because [users] don't realize what the cause is. If you haven't picked an authentication app, why would you pick Microsoft?"