Facebook announced on Thursday it will begin testing end-to-end encryption as the default option for some users of its Messenger app on Android and iOS. The Guardian reports: Facebook messenger users currently have to opt in to make their messages end-to-end encrypted (E2E), a mechanism that theoretically allows only the sender and recipient of a message to access its content. Facebook spokesperson Alex Dziedzan said on Thursday that E2E encryption is a complex feature to implement and that the test is limited to a couple of hundred users for now so that the company can ensure the system is working properly. Dziedzan also said the move was "not a response to any law enforcement requests." Meta, Facebook's parent company, said it had planned to roll out the test for months. The company had previously announced plans to make E2E encryption the default in 2022 but pushed the date back to 2023. "The only way for companies like Facebook to meaningfully protect people is for them to ensure that they do not have access to user data or communications when a law enforcement agency comes knocking," Evan Greer, the director of the digital rights group Fight for the Future, said. "Expanding end-to-end encryption by default is a part of that, but companies like Facebook also need to stop collecting and retaining so much intimate information about us in the first place."

An ongoing dispute over privacy between Apple and Facebook is roiling the digital economy, leading companies to shift billions in ad spending as users continue to limit the data available to advertisers. The feud took off last year, when Apple rolled out iOS 14.5, a version of its mobile operating system that made it easier than ever for iPhone and iPad users to opt out of letting apps like Facebook track their activity on their devices. The two companies weren't always at odds. In fact, they were almost business partners. From a report: In the years before the change, Apple suggested a series of possible arrangements that would earn the iPhone maker a slice of Facebook's revenue, according to people who either participated in the meetings or were briefed about them. As one person recalled: Apple officials said they wanted to "build businesses together." One idea that was discussed: creating a subscription-based version of Facebook that would be free of ads, according to people familiar with the discussions. Because Apple collects a cut of subscription revenue for apps in its App Store, that product could have generated significant revenue for the Cupertino, Calif., giant.

The companies also haggled over whether Apple was entitled to a piece of Facebook's sales from so-called boosted posts, said people familiar with the matter. A boost allows a user to pay to increase the number of people that see a post on Facebook or Instagram. Facebook, which considers boosts ads, has always contended that boosts are a form of advertising, in part because they are often used by small businesses to reach a bigger audience, said one of the people. Apple, which doesn't take a cut of advertising from developers, argued that Facebook boosts should be considered in-app purchases, according to a person familiar with the matter. Apple's standard terms would entitle it to take a 30% share of those sales.

Meta, the owner of Facebook and Instagram, has been rewriting websites its users visit, letting the company follow them across the web after they click links in its apps, according to new research from an ex-Google engineer. The Guardian reports: The two apps have been taking advantage of the fact that users who click on links are taken to webpages in an "in-app browser," controlled by Facebook or Instagram, rather than sent to the user's web browser of choice, such as Safari or Firefox. "The Instagram app injects their tracking code into every website shown, including when clicking on ads, enabling them [to] monitor all user interactions, like every button and link tapped, text selections, screenshots, as well as any form inputs, like passwords, addresses and credit card numbers," says Felix Krause, a privacy researcher who founded an app development tool acquired by Google in 2017.

Krause discovered the code injection by building a tool that could list all the extra commands added to a website by the browser. For normal browsers, and most apps, the tool detects no changes, but for Facebook and Instagram it finds up to 18 lines of code added by the app. Those lines of code appear to scan for a particular cross-platform tracking kit and, if not installed, instead call the Meta Pixel, a tracking tool that allows the company to follow a user around the web and build an accurate profile of their interests. The company does not disclose to the user that it is rewriting webpages in this way. No such code is added to the in-app browser of WhatsApp, according to Krause's research. [...] It is unclear when Facebook began injecting code to track users after clicking links. "We intentionally developed this code to honor people's [Ask to track] choices on our platforms," a Meta spokesperson told The Guardian in a statement. "The code allows us to aggregate user data before using it for targeted advertising or measurement purposes. We do not add any pixels. Code is injected so that we can aggregate conversion events from pixels."

They added: "For purchases made through the in-app browser, we seek user consent to save payment information for the purposes of autofill."

DNSFilter, a Washington, D.C.-based provider of DNS-based web content filtering and threat protection, has announced it's acquiring Guardian, a privacy-protecting firewall for iOS. Financial terms of the deal were not disclosed. From a report: Guardian was founded in 2013 by Will Strafach, a security researcher and former iPhone jailbreaker who in 2017 discovered that AccuWeather was secretly sending precise location data to a third-party company without a user's permission. The company's "smart firewall" iPhone app blocks apps from sharing users' personal information with third-parties, such as IP addresses and location data, by funneling data through an encrypted virtual private network (VPN). The startup, which claims to have so far blocked more than 5 billion data trackers and 1 billion location trackers, recently joined forces with Brave to integrate its firewall and VPN functionality into its eponymous non-tracking browser.

An anonymous reader quotes a report from Wired: As marketers, data brokers, and tech giants endlessly expand their access to individuals' data and movements across the web, tools like VPNs or cookie blockers can feel increasingly feeble and futile. Short of going totally off the grid forever, there are few options for the average person to meaningfully resist tracking online. Even after coming up with a technical solution last year for how phone carriers could stop automatically collecting users' locations, researchers Barath Raghavan and Paul Schmitt knew it would be challenging to convince telecoms to implement the change. So they decided to be the carrier they wanted to see in the world. The result is a new company, dubbed Invisv, that offers mobile data designed to separate users from specific identifiers so the company can't access or track customers' metadata, location information, or mobile browsing. Launching in beta today for Android, the company's Pretty Good Phone Privacy or PGPP service will replace the mechanism carriers normally use to turn cell phone tower connection data into a trove of information about users' movements. And it will also offer a Relay service that disassociates a user's IP address from their web browsing.

PGPP's ability to mask your phone's identity from cell towers comes from a revelation about why cell towers collect the unique identifiers known as IMSI numbers, which can be tracked by both telecoms and other entities that deploy devices known as IMSI catchers, often called stringrays, which mimic a cell tower for surveillance purposes. Raghavan and Schmitt realized that at its core, the only reason carriers need to track IMSI numbers before allowing devices to connect to cell towers for service is so they can run billing checks and confirm that a given SIM card and device are paid up with their carrier. By acting as a carrier themselves, Invisv can implement their PGPP technology that simply generates a "yes" or "no" about whether a device should get service. On the PGPP "Mobile Pro" plan, which costs $90 per month, users get unlimited mobile data in the US and, at launch, unlimited international data in most European Union countries. Users also get 30 random IMSI number changes per month, and the changes can happen automatically (essentially one per day) or on demand whenever the customer wants them. The system is designed to be blinded so neither INVISV nor the cell towers you connect to know which IMSI is yours at any given time. There's also a "Mobile Core" plan for $40 per month that offers eight IMSI number changes per month and 9 GB of high-speed data per month.

Both of these plans also include PGPP's Relay service. Similar to Apple's iCloud Private Relay, PGPP's Relay is a method for blocking everyone, from your internet provider or carrier to the websites you visit, from knowing both who you are and what you're looking at online at the same time. Such relays send your browsing data through two way stations that allow you to browse the web like normal while shielding your information from the world. When you navigate to a website, your IP address is visible to the first relay -- in this case, Invisv -- but the information about the page you're trying to load is encrypted. Then the second relay generates and connects an alternate IP address to your request, at which point it is able to decrypt and view the website you're trying to load. The content delivery network Fastly is working with Invisv to provide this second relay. Fastly is also one of the third-party providers for iCloud Private Relay. In this way, each relay knows some of the information about your browsing; the first simply knows that you are using the web, and the second sees the sites you connect to, but not who specifically is browsing there. In addition to being included in the two PGPP data plans, customers can also purchase the Relay service on its own for $5 per month and turn it on while connected to mobile data or Wi-Fi. The carrier is still working to bring its services to Apple's iOS. It's also worth noting that Invisv only offers mobile data; there are no voice calling services.

Mark Zuckerberg believes that Apple and his company are in a "very deep, philosophical competition" to build the metaverse, suggesting the two tech giants are ready to butt heads in selling hardware for augmented and virtual reality. The Verge reports: The Meta CEO told employees earlier this month that they were competing with Apple to determine "what direction the internet should go in," according to a recording of his comments during an internal all-hands meeting obtained by The Verge. He said that Meta would position itself as the more open, cheaper alternative to Apple, which is expected to announce its first AR headset as soon as later this year. "This is a competition of philosophies and ideas, where they believe that by doing everything themselves and tightly integrating that they build a better consumer experience," Zuckerberg said of the brooding rivalry. "And we believe that there is a lot to be done in specialization across different companies, and [that] will allow a much larger ecosystem to exist."

Since rebranding Facebook's company name to Meta, Zuckerberg has been pushing for the concept of interoperability for the metaverse, or what he sees as the next major chapter of computing after mobile phones. Meta recently helped stand up the Metaverse Open Standards Group with Microsoft, Epic Games, and others. The idea is to spur the creation of open protocols that will let people easily move through future immersive, 3D worlds with their virtual goods. Apple is absent from the group, which Zuckerberg called out as not surprising in his comments to employees. He explained how Apple's approach of building hardware and software it tightly controls had worked well with the iPhone, but that for the metaverse, "it's not really clear upfront whether an open or closed ecosystem is going to be better."

[...] If VR and AR do take off like Zuckerberg hopes, it seems he wants to position Meta as the Android to Apple's iOS. There is a parallel to draw already: Meta's Quest headset already allows the side loading of apps that are not approved by Meta's VR app store, similar to how Google's Android allows for sideloading. And even though it just increased the price of the Quest by $100, Meta's hardware is still mostly sold at a loss or breakeven. [...] Zuckerberg's remarks suggest that even as he tries to invent his way out of being under Apple's thumb on mobile, the two tech giants are going to be battling for years to come.

iPhone and iPad users looking to subscribe to Netflix via the streaming platform's iOS app are being redirected to an external website which removes the need to pay the App Store tax. From a report: As 9To5Mac reports, the redirection looks to be rolling out globally and takes advantage of a new iOS API that allows apps classed as "reader apps" to sign-up new users and manage their accounts outside of the App Store.

Reader apps, as described by Apple, provide one or more digital content types -- including magazines, newspapers, books, audio, music, or video -- as its primary function. That includes popular services such as Spotify, Zinio, Amazon Kindle, and YouTube. In the case of Netflix, new customers are diverted to a separate website at the tap of a button in the app to enter personal data, choose a payment method, and select a streaming plan. This update ensures transactions are no longer Apple's responsibility and all subscription management is therefore completed by Netflix. Once signed up, the Netflix iOS app should provide full content access.

In an upcoming update, Chromebooks equipped with mobile data will be able to serve as a Wi-Fi hotspot for other devices, just like Android and iOS devices can today. 9to5Google reports: The work-in-progress feature has made its first appearance in ChromeOS code in the form of a new flag coming to chrome://flags. The details are quite slim at the moment, with little more than the flag description available today. That said, it's easy to imagine how a mobile hotspot would work on ChromeOS, based on how the same feature works on Android phones today.

Presumably, you would be able to choose the name and password for your Chromebook's hotspot through the Settings app in ChromeOS, where you can also toggle the hotspot on and off. If it truly follows the example of Android, there would also be an easy way to turn on your hotspot through a Quick Settings toggle.

After trying, and failing, to acquire the popular chat platform Discord for $10 billion, Microsoft has opted for the next-best thing: directly integrating Discord's voice-chat capabilities into Xbox consoles. Ars Technica reports: The news arrived on Wednesday on Xbox Blog, and it clarified that for the time being, Discord access would be exclusive to the optional "Xbox Insider" tier of early, beta, and preview console OS updates. That update is already going live in waves to Xbox Insiders today, and it adds a new tooltip to the system's "chat" sidebar: "Try Discord Voice on Xbox today!"

[...] Sadly, this week's rollout of Discord on Xbox is a bit limited. The biggest issue is that there is no formal Discord app or interface on Xbox. You will need to keep a smartphone handy to initiate a "handoff" of your Discord session. Get ready for an annoying first-time setup process. Should you have an updated Xbox on the Insider OS track, its new "Try Discord Voice" prompt will initiate an account-sync process, which requires using a mobile Discord app to take a photo of a QR code displayed by your Xbox. (You'll need to re-do this if you've done so before, due to it adding a new level of credential for voice chat.) With this in place, when you are about to join a voice channel on Discord, a new "try voice chat on console" prompt will appear. Tapping through this will then, ugh, create another handover to Microsoft's dedicated Xbox app on either iOS or Android. Yes, if you want this to work, you need to install the Xbox app on your mobile device (and Discord will suggest you do so, if you haven't yet). This facilitates the key technical aspect of forwarding all Discord audio to your Xbox hardware.

With all that in place, presto: You can now talk to any participants in the Discord voice channel you chose directly on your Xbox. Its menu interface supports either muting or changing the volume level of every other user in the voice chat channel you chose, which is appreciated as a quickly accessible option during frantic gameplay. A one-button toggle in the menu allows chatters to switch between Discord voice chat and a particular game's dedicated voice-chat channel. (This is useful when you're talking to friends while in the midst of random online matchmaking, then need to turn on in-game voice chat for a second to confirm a strategy to your current teammates before going back to discussing souffle recipes with buddies.) All greater Discord control, sadly, goes back to your smartphone...

"The lock screen is about to change," writes CNET — both for iOS and Android devices. Apple's iOS 16 update, which launched in public beta on Monday, will bring more customization options and new widgets to the iPhone's lock screen when it arrives this fall. You'll be able to see more information quickly and apply stylistic effects to lock screen photos similar to the iPhone's Portrait Mode photography feature.... Like the Apple Watch, the new lock screen should make it easier to see crucial pieces of information without having to dig into apps or even unlock your phone.
And for Android phones: Glance, a Google-backed subsidiary of mobile ad tech company InMobi, also reiterated its plans to bring its lock screen platform to the U.S. [though the company also says there's "no definitive timeline."] And Google is reportedly planning to incorporate more bits of information into its own lock screen widget for Pixel phones.... Glance's lock screen will appear in the form of what it calls "spaces," which are essentially curated lock screens designed to fit specific themes. A fitness-oriented lock screen, for example, would show statistics such as calories burned and exercise goals alongside a music player. A news "space" would show headlines and the weather, while a music version could surface live concerts....

The TechCrunch report about Glance's US arrival sparked concerns that advertisements would be coming to the lock screen, too. Glance's business page shows examples of advertisers that have used its platform to reach potential customers on the very first screen they see when picking up their phone. Intel, Zomato and Garnier are among the listed case studies. But Rohan Choudhary, vice president and general manager of the Glance feed, told CNET the US version would be ad-free. "We are very clear that in the US, we will not have ads on the lock screen at all," he said....

The company says it plans to monetize its service through news subscriptions and commerce links from shopping platforms that are surfaced through Glance.
Glance's motto? "Transforming lock screens into smart surfaces."

An anonymous reader quotes a report from Ars Technica: Google's developer deadline for the Play Store's new "Data Safety" section is next week (July 20), and we're starting to see what the future of Google Play privacy will look like. The actual Data Safety section started rolling out in April, but now that the developer deadline is approaching... Google is turning off the separate "app permissions" section? That doesn't sound like a great move for privacy at all.

The Play Store's new Data Safety section is Google's answer to a similar feature in iOS 14, which displays a list of developer-provided privacy considerations, like what data an app collects, how that data is stored, and who the data is shared with. At first blush, the Data Safety entries might seem pretty similar to the old list of app permissions. You get items like "location," and in some ways, it's better than a plain list of permissions since developers can explain how and why each bit of data is collected.

The difference is in how that data ends up in Google's system. The old list of app permissions was guaranteed to be factual because it was built by Google, automatically, by scanning the app. The Data Safety system, meanwhile, runs on the honor system. Here's Google's explanation to developers of how the new section works: "You alone are responsible for making complete and accurate declarations in your app's store listing on Google Play. Google Play reviews apps across all policy requirements; however, we cannot make determinations on behalf of the developers of how they handle user data. Only you possess all the information required to complete the Data safety form. When Google becomes aware of a discrepancy between your app behavior and your declaration, we may take appropriate action, including enforcement action."

We're a couple of months out from Apple officially rolling out the next major versions of its various operating systems. However, you can try out iOS 16, iPadOS 16, watchOS 9, macOS Ventura and tvOS 16 right now. Apple has released a public beta, a few weeks after it offered up the first developer betas. To access them, you'll need to sign up for the Apple Beta Software Program and follow the directions.

Google today announced an update to its password manager that will finally introduce a consistent look-and-feel across the service's Chrome and Android implementations. From a report: Users will soon see a new unified user experience that will automatically group multiple passwords for the same sites or apps together, as well as a new shortcut on the Android home screen to get access to these passwords. In addition to this, Google is also now adding a new password-related feature to Chrome on iOS, which can now generate strong passwords for you (once you set Chrome as an autofill provider). Meanwhile, on Android, Google's password check can now also flag weak and re-used passwords and help you to automatically change them, while Chrome users across platforms will now see compromised password warnings.

Google is warning of a sophisticated new spyware campaign that has seen malicious actors steal sensitive data from Android and iOS users in Italy and Kazakhstan. Engadget reports: On Thursday, the company's Threat Analysis Group (TAG) shared its findings on RCS Labs, a commercial spyware vendor based out of Italy. On June 16th, security researchers at Lookout linked the firm to Hermit, a spyware program believed to have been first deployed in 2019 by Italian authorities as part of an anti-corruption operation. Lookout describes RCS Labs as an NSO Group-like entity. The firm markets itself as a "lawful intercept" business and claims it only works with government agencies. However, commercial spyware vendors have come under intense scrutiny in recent years, largely thanks to governments using the Pegasus spyware to target activists and journalists.

According to Google, Hermit can infect both Android and iOS devices. In some instances, the company's researchers observed malicious actors work with their target's internet service provider to disable their data connection. They would then send the target an SMS message with a prompt to download the linked software to restore their internet connection. If that wasn't an option, the bad actors attempted to disguise the spyware as a legitimate messaging app like WhatsApp or Instagram.

What makes Hermit particularly dangerous is that it can gain additional capabilities by downloading modules from a command and control server. Some of the addons Lookout observed allowed the program to steal data from the target's calendar and address book apps, as well as take pictures with their phone's camera. One module even gave the spyware the capability to root an Android device. Google believes Hermit never made its way to the Play or App stores. However, the company found evidence that bad actors were able to distribute the spyware on iOS by enrolling in Apple's Developer Enterprise Program. Apple told The Verge that it has since blocked any accounts or certificates associated with the threat. Meanwhile, Google has notified affected users and rolled out an update to Google Play Protect.

T-Mobile has just officially launched its new ad platform, known as T-Mobile Advertising Solutions. That innocuous name hides a rather sketchy business model -- it aggregates your mobile application usage and sells it to advertisers. Android Police reports: The specifics of the program will sound familiar to anyone who has followed the ebb and flow of browser tracking. T-Mobile uses network-level tools to track the apps that people use on their phones, and it then anonymizes and aggregates that data to lump you into various "personas," or "cohorts" as other platforms would call it. For example, if you regularly use Expensify and airline apps on your phone, T-Mobile could identify you as a business traveler for advertising purposes. This program has been in testing for the past year as "T-Mobile Marketing Solutions," according to The Verge, but it is now live with its new name.

There is some good news (but less of it for Android fans). T-Mobile does not currently collect app data on iOS users, fearing it could run afoul of Apple's privacy rules. But we Android users are fair game, apparently. However, you can opt-out of T-Mobile's program using its official "Magenta Marketing Platform Choices" app. Alternatively, the Digital Advertising Alliance offers an app that lets you opt-out of numerous trackers, including T-Mobile Advertising Solutions, which is listed under its old name of T-Mobile Marketing Solutions.

"Unlike practically every major game console that's come before it, the Steam Deck, from PC gaming giant Valve, doesn't lock users into one ecosystem," writes Fast Company's Jared Newman. "While Valve's own Steam store is the default way to buy and play games, the Steam Deck also lets users install whatever software they want on the device's Linux-based operating system. The experience has been liberating..." From the report: In recent weeks, I've gorged on weird indie creations from itch.io, classic games from GOG.com, and free games from the Epic Games Store. I've used Plexamp to stream my personal music collection in place of in-game soundtracks, and I've used Vivaldi to browse the web in the Steam Deck's desktop mode. You don't have to use your Steam Deck this way, but just being knowing that it's an option makes the device more capable and personal. The tech industry is filled with companies that seem deathly afraid of this model, either because they don't trust their users or don't want to risk weakening their own ecosystems. By taking the opposite approach, Valve is proving that open platforms aren't so catastrophic, and it elevates the Steam Deck from yet another gadget into the most exciting consumer electronics device in years. [...]

Valve could have easily used the Steam Deck to lock players into its own ecosystem. It could have opted not to include a desktop mode and withheld instructions on how to lift its read-only restrictions. It could have discouraged users from installing different operating systems and made its recovery tools unavailable to the public. Console makers have long insisted that such restrictions are necessary for the good of their platforms. In 2020, for instance, Microsoft argued that because console makers sell their hardware at or below cost to create a market for their software, they shouldn't have to accommodate third-party app stores or sideloading.

Similar arguments have spilled out into the broader mobile app business as well. In response to a lawsuit from Epic Games, Apple has claimed that its investments in the App Store wouldn't be feasible if it couldn't force developers to use its in-app purchase mechanisms. Some defenders of Apple's viewpoint, such as Daring Fireball's John Gruber, have argued that iOS is more like a game console than a PC platform. So, it's all the more remarkable that Valve ignored all this hand-wringing and made the Steam Deck a haven for tinkerers. Instead of trying to shut out competitors, the company is betting that its own store will prevail on quality. If the Steam Deck successful -- as it appears to be so far -- it could upend years of conventional wisdom around walled gardens and become a threat to other consoles in more ways than one.

Tapping on images of traffic lights or deciphering squiggly text to prove you are human will soon be a much less common nuisance for iPhone users, as iOS 16 introduces support for bypassing CAPTCHAs in supported apps and websites. From a report: The handy new feature can be found in the Settings app under Apple ID > Password & Security > Automatic Verification. When enabled, Apple says iCloud will automatically and privately verify your device and Apple ID account in the background, eliminating the need for apps and websites to present you with a CAPTCHA verification prompt.

From the MacRumors blog earlier this week: Germany's Federal Cartel Office, the Bundeskartellamt, has initiated proceedings against Apple to investigate whether its tracking rules and anti-tracking technology are anti-competitive and self-serving, according to a press release. The proceeding announced will review under competition law Apple's tracking rules and specifically its App Tracking Transparency Framework (ATT) in order to ascertain whether they are self-preferencing Apple or being an impediment to third-party apps...

Introduced in April 2021 with the release of iOS 14.5 and iPadOS 14.5, Apple's App Tracking Transparency Framework requires that all apps on âOEiPhoneâOE and âOEiPadâOE ask for the user's consent before tracking their activity across other apps. Apps that wish to track a user based on their device's unique advertising identifier can only do so if the user allows it when prompted.

Apple said the feature was designed to protect users and not to advantage the company... Earlier this year it commissioned a study into the impact of ATT that was conducted by Columbia Business School's Marketing Division. The study concluded that Apple was unlikely to have seen a significant financial benefit since the privacy feature launched, and that claims to the contrary were speculative and lacked supporting evidence.
The technology/Apple blog Daring Fireball offers its own hot take: In Germany, big publishing companies like Axel Springer are pushing back against Google's stated plans to remove third-party cookie support from Chrome. The notion that if a company has built a business model on top of privacy-invasive surveillance advertising, they have a right to continue doing so, seems to have taken particular root in Germany. I'll go back to my analogy: it's like pawn shops suing to keep the police from cracking down on a wave of burglaries....

The Bundeskartellamt perspective here completely disregards the idea that surveillance advertising is inherently unethical and Apple has studiously avoided it for that reason, despite the fact that it has proven to be wildly profitable for large platforms. Apple could have made an enormous amount of money selling privacy-invasive ads on iOS, but opted not to.

Brave CEO Brendan Eich took aim at rival DuckDuckGo on Wednesday by challenging the web search engine's efforts to brush off revelations that its Android, iOS, and macOS browsers gave, to a degree, Microsoft Bing and LinkedIn trackers a pass versus other trackers. The Register reports: Eich drew attention to one of DuckDuckGo's defenses for exempting Microsoft's Bing and LinkedIn domains, a condition of its search contract with Microsoft: that its browsers blocked third-party cookies anyway. "For non-search tracker blocking (e.g. in our browser), we block most third-party trackers," explained DuckDuckGo CEO Gabriel Weinberg last month. "Unfortunately our Microsoft search syndication agreement prevents us from doing more to Microsoft-owned properties. However, we have been continually pushing and expect to be doing more soon."

However, Eich argues this is disingenuous because DuckDuckGo also includes exceptions that allow Microsoft trackers to circumvent third-party cookie blocking via appended URL parameters. "Trackers try to get around cookie blocking by appending identifiers to URL query parameters, to ID you across sites," he explained. DuckDuckGo is aware of this, Eich said, because its browser prevents Google, Facebook, and others from appending identifiers to URLs in order to bypass third-party cookie blocking. "[DuckDuckGo] removes Google's 'gclid' and Facebook's 'fbclid'," Eich said. "Test it yourself by visiting https://example.org/?fbclid=sample in [DuckDuckGo]'s macOS browser. The 'fbclid' value is removed." "However, [DuckDuckGo] does not apply this protection to Microsoft's 'msclkid' query parameter," Eich continued. "[Microsoft's] documentation specifies that 'msclkid' exists to circumvent third-party cookie protections in browsers (including in Safari's browser engine used by DDG on Apple OSes)." Eich concluded by arguing that privacy-focused brands need to prioritize privacy. "Brave categorically does not and will not harm user privacy to satisfy partners," he said.

A spokesperson for DuckDuckGo characterized Eich's conclusion as misleading. "What Brendan seems to be referring to here is our ad clicks only, which is protected in our agreement with Microsoft as strictly non-profiling (private)," a company spokesperson told The Register in an email. "That is these ads are privacy protected and how he's framed it is ultimately misleading. Brendan, of course, kept the fact that our ads are private out and there is really nothing new here given everything has already been disclosed." In other words, allowing Bing to append its identifier to URLs enables Bing advertisers to tell whether their ad produced a click (a conversion), but not to target DuckDuckGo browser users based on behavior or identity.

DuckDuckGo's spokesperson pointed to Weinberg's attempt to address the controversy on Reddit and argued that DuckDuckGo provides very strong privacy protections. "This is talking about link tracking which no major browser protects against (see https://privacytests.org/), however we've started protecting against link tracking, and started with the primary offenders (Google and Facebook)," DuckDuckGo's spokesperson said. "To note, we are planning on expanding this to more companies, including Twitter, Microsoft, and more. We are not restricted from this and will be doing so."

An anonymous reader quotes a report from ZDNet: The memory of "Batterygate" continues to be a thorn in Apple's side. In case you need a reminder, "Batterygate" refers to a 2016/17 scandal where Apple added an undocumented battery throttling capabilities to iOS 10.2.1 designed to slow the performance of the iPhone if the battery was deemed to be worn. It also came with unexpected side effects, causing handsets to reboot in cold weather or when the battery's charge level was low. The feature was initially rolled out to iPhone 6, iPhone 6s, and iPhone SE and later expanded to include the iPhone 7, 7 Plus, 8, 8 Plus and iPhone X models.

This latest UK-based multimillion-pound legal claim has been launched by Justin Gutmann, a consumer rights campaigner, and alleges that Apple deliberately misled users, and rather than roll out a battery recall or replacement program; the company instead pushed out this feature to cover up the fact that older iPhone batteries were not able to cope with the new power demands put on them.

Apple did eventually roll out a $29 battery replacement program, a program that saw the company carry out 11 million battery replacements in 2018, compared to the 1 to 2 million that would normally be carried out in a year. This resulted in Apple issuing a profit warning in January 2019, the company's first since 2002. If Apple loses, the company could be forced to pay damages of more than $950m to the 25 million people who purchased affected iPhones. Following the US settlement in March 2020, Apple agreed to settle a class-action lawsuit over the same issue, paying out $25 per iPhone, with the total capped at $310m. "We have never -- and would never -- do anything to intentionally shorten the life of any Apple product or degrade the user experience to drive customer upgrades," Apple said in a statement on Thursday. "Our goal has always been to create products that our customers love, and making iPhones last as long as possible is an important part of that."