One year after its first 1.0 release, Brave says it has hit the milestone of 20.5 million active monthly users. "At the same time last year, the browser had 8.7 million active monthly users, and of the 20 million monthly users, 7 million are daily users, which represents more than a doubling of last year's 3 million," reports ZDNet. "Brave added that since Apple allowed browsers other than its own to be the default option on iOS, it has seen its iOS user base increase by a third." From the report: One of the touted features of the browser is that it hates ads, and will go out of its way to block them, unless users decide to see Brave-powered advertisements. To that end, Brave has hit "2 billion ad confirmation events" and completed 2,215 campaigns from over 460 companies. The browser maker says its users have a click-through rate of 9%, way and away outstripping industry averages. The browser also has its own cryptocurrency, Basic Attention Tokens, that users use to "tip" content creators. Thus far, 26 million of the tokens have been sent to creators. At the time of writing, the blockchain-based token is trading for just under 18 cents, meaning $4.6 million has been sent from users.

Massachusetts overwhelmingly voted to extend its automobile right to repair law, in a huge win for consumers. From a report: Question 1 was the most expensive measure battle in Massachusetts history with the auto industry (and independent repair companies) spending tens of millions of dollars lobbying, according to the Boston Globe. The measure is an essential win for independent mechanics, auto-repair shops, and consumers, as it will require car manufacturers to continue to make diagnostic tools available for years to come. Under the law, car manufacturers will be required to use an open-data system in cars using telematics. This means mechanics will have access to wirelessly sent repair data -- whether they are associated with an official car dealership or an independent shop. While cars currently use a wired connection for diagnostics, there was concern among independent repair professionals that car manufacturers would switch to a wireless system in order to circumvent a 2012 right to repair law that required car dealers make wired repair codes universal. As new car models are produced in coming years, the thought is many will ditch physical diagnostic ports and instead, cars will wirelessly send repair information. Tuesday's ballot measure closes a loophole in the 2012 law that would have exempted wireless diagnostics from the law. Right to repair advocates have hailed the measure. iFixit's Kevin Purdy wrote of the significance of the vote, "that means that independent repair shops will have a level playing field with car makers and dealerships, which have turned increasingly to locked-down wirelessly collected repair data, or telematics. Car owners, too, will be able to see their cars' maintenance information through a smartphone app. And it opens the door for innovations, like wireless diagnostic apps for iOS and Android."

Google has announced plans to run its own certificate root program/store for Chrome, in a major architectural shift for the company's web browser program. From a report: A "root program" or a "root store" is a list of root certificates that operating systems and applications use to verify the identity of a software program during its installation routine. Browsers like Chrome use root stores to check the validity of an HTTPS connection. They do this by looking at the website's TLS certificate and checking if the root certificate that was used to generate the TLS cert is included in the local root program/store. Since its launch in late 2009, Chrome was configured to use the "root store" of the underlying platform. For example, Chrome on Windows checked a site's TLS certificate against the Microsoft Trusted Root Program, the root store that ships with Windows; Chrome on macOS relied on the Apple Root Certificate Program; and so on. But in a wiki page, shared with ZDNet by one of our readers, Google announced plans to create its own root store, named the Chrome Root Program, that will ship with all versions of Chrome, on all platforms, except iOS.

Your iPhone got a new button last month, and you may not have even noticed. The Verge reports: No, Apple didn't sneak into your house and secretly superglue a button onto your smartphone. But it did release iOS 14, the latest version of its iPhone software, which includes a feature called Back Tap. Back Tap adds a fascinating new "button" to your phone that blurs the line between hardware and software. Back Tap turns the entire back of your iPhone into a giant touch-sensitive button that you can double or triple tap to trigger specific functions on your phone. There's a good chance that you haven't noticed it yet. Apple slipped the settings for Back Tap into its Accessibility menu.

Its intended purpose is to give users more options for interacting with their devices. Most of Back Tap's options reflect that, with settings to open the app switcher, notification menu, or control center; scroll through an app or webpage; trigger Siri; or take a screenshot. But Back Tap also ties into Apple's incredibly robust Shortcuts app, which means you can effectively make those new buttons do almost anything you can imagine. It's a fascinating kind of button: entirely invisible to the naked eye, completely nonfunctional until it's enabled through software, but can be tasked to open, interact with, or accomplish nearly any task on your smartphone with just a quick tap.

tsa shares a report from MacRumors: Starting early next year, iOS 14 will require apps to get opt-in permission from users to collect their random advertising identifier, which advertisers use to deliver personalized ads and track how effective their campaigns were. Ahead of this change, The Wall Street Journal reports that advertising companies and publishers have filed a complaint against Apple with France's competition authority, arguing that the enhanced privacy measures would be anticompetitive.

According to the report, the complaint alleges that the wording of Apple's permission prompt will lead most users to decline tracking of their device's advertising identifier, which could result in lost revenue. In August, Facebook warned advertisers that the prompt could lead to a more than 50 percent drop in Audience Network publisher revenue. In a statement, Apple reiterated its belief that "privacy is a fundamental right," adding that "a user's data belongs to them and they should get to decide whether to share their data and with whom." Apple said that its own data collection doesn't count as tracking because it doesn't share the data with other companies.

Apple is stepping up efforts to develop its own search technology as US antitrust authorities threaten multibillion-dollar payments that Google makes to secure prime placement of its engine on the iPhone, Financial Times reported Wednesday [Editor's note: the link may be paywalled; alternative source]. From the report: In a little-noticed change to the latest version of the iPhone operating system, iOS 14, Apple has begun to show its own search results and link directly to websites when users type queries from its home screen. That web search capability marks an important advance in Apple's in-house development and could form the foundation of a fuller attack on Google, according to several people in the industry. The Silicon Valley company is notoriously secretive about its internal projects, but the move adds to growing evidence that it is working to build a rival to Google's search engine. Two and a half years ago, Apple poached Google's head of search, John Giannandrea. The hire was ostensibly to boost its artificial intelligence capabilities and its Siri virtual assistant, but also brought eight years of experience running the world's most popular search engine. The company's growing in-house search capability gives it an alternative if regulators block its lucrative partnership with Google. When the US Department of Justice launched a case last week, over payments that Google makes to Apple to be the iPhone's default search tool, urgency was added to the initiative.

An anonymous reader quotes a report from Polygon: In August, Facebook announced that consumers who use its Oculus virtual reality headsets would be required to log in with their Facebook accounts in order to play games. The transition went into effect earlier this month, and it comes with a catch. If at any point you decide to delete your Facebook account, you immediately forfeit your access to any games or VR experiences you purchased through the Oculus store. The gotcha was spotted last week, and began to surface first on Twitter, only to be confirmed Friday by the team at UploadVR.

According to Facebook, those who create a new Oculus account will be required to use their Facebook credentials. Those who previously used a separate username and password to access the Oculus store have two years before the transition will be forced upon them. Once users flip the switch, they're bound by a new end-user license agreement that formally entangles their VR purchases and their Facebook account. "Deleting your Facebook account will also delete your Oculus information," warns Facebook in the Deactivation and Deletion section of its iOS app. "This includes your app purchases and your achievements. You will no longer be able to return any apps and will lose any existing store credits."

Facebook will soon be the latest tech giant to enter the world of cloud gaming. Their approach is different than what Microsoft or Google has built, but Facebook highlights a shared central challenge: dealing with Apple. From a report: Facebook is not building a console gaming competitor to compete with Stadia or xCloud; instead, the focus is wholly on mobile games. Why cloud stream mobile games that your device is already capable of running locally? Facebook is aiming to get users into games more quickly and put less friction between a user seeing an advertisement for a game and actually playing it themselves. Users can quickly tap into the title without downloading anything, and if they eventually opt to download the title from a mobile app store, they'll be able to pick up where they left off. Facebook's service will launch on the desktop web and Android, but not iOS due to what Facebook frames as usability restrictions outlined in Apple's App Store terms and conditions.

[...] For a user downloading a lengthy single-player console epic, the short pitstop is an inconvenience, but long-time Facebook gaming exec Jason Rubin says that the stipulations are a non-starter for what Facebook's platform envisions, a way to start playing mobile games immediately without downloading anything. "It's a sequence of hurdles that altogether make a bad consumer experience," Rubin tells TechCrunch.

This week the Verge reported: If you ask Chrome to delete all cookies and site data whenever you quit the browser, it's reasonable to expect that this policy applies to all websites. Recently, though, a bug in the browser meant data wasn't being removed for two sites in particular: Google and YouTube.

This problem was first documented by iOS developer Jeff Johnson on his blog. Johnson found that in Chrome version 86.0.4240.75, "local storage" data for Google.com and YouTube.com stuck around even after restarting the browser. We've been able to replicate similar behavior... The Register notes that Chrome's behavior could allow Google to stash cookie-style data as site data, allowing it to track users even when they think they're being careful by deleting their cookie and site data every time they close the browser.

In a statement, Google said it was aware of the issue and was working on a fix... At least one of the affected sites, YouTube, appears to have already been fixed. After we upgraded the Chrome browser to version 86.0.4240.111, YouTube's local storage data seems to successfully purge after a restart, although the data from Google.com still sticks around.

The Washington Post reports: App developers are defying Apple in record numbers, according to a new coalition of companies aimed at breaking the iPhone maker's tight grip over its mobile software and the way it governs the App Store. The Coalition for App Fairness, which launched last month and counts as members video-game giant Epic Games, dating company Match Group and music streaming service Spotify, says the original group of 13 companies has grown to 40, and it has received more than 400 requests to join.

"The outpouring of interest we've received has exceeded our expectations," Sarah Maxwell, a spokeswoman for the coalition, said in an emailed statement. "As we bring on new members and hear their stories, it's evident that too many developers have been unable to make their voices heard." The soaring membership of the coalition represents a remarkable shift in thinking, as companies and individual developers take the risky step of speaking out in an effort to change the way Apple operates...

Developers say they worried that complaining about Apple would hurt their ability to get apps and updates approved. The company's App Store Review Guidelines once contained a warning for developers who might consider protesting Apple's policies: "If your app is rejected, we have a Review Board that you can appeal to. If you run to the press and trash us, it never helps," the guidelines once stated, according to a securities filing...

The Coalition for App Fairness aims to sway lawmakers to take action against Apple, either through new legislation or legal action. More freedom on iOS would lead to more innovation, app developers say.

An anonymous reader quotes a report from TechCrunch: Amazon has launched a new program that directly pays consumers for information about what they're purchasing outside of Amazon.com and for responding to short surveys. The program, Amazon Shopper Panel, asks users to send in 10 receipts per month for any purchases made at non-Amazon retailers, including grocery stores, department stores, drug stores and entertainment outlets (if open), like movie theaters, theme parks and restaurants. Amazon's own stores, like Whole Foods, Amazon Go, Amazon Four Star and Amazon Books do not qualify.

Program participants will take advantage of the newly launched Amazon Shopper Panel mobile app on iOS and Android to take pictures of paper receipts that qualify or they can opt to forward emailed receipts to receipts@panel.amazon.com to earn a $10 reward that can then be applied to their Amazon Balance or used as a charitable donation. Amazon says users can then earn additional rewards each month for every survey they complete. The optional surveys will ask about brands and products that may interest the participant and how likely they are to purchase a product. Other surveys may ask what the shopper thinks of an ad. These rewards may vary, depending on the survey. The program is currently opt-in and invite-only for U.S. consumers only.

The report also notes that Amazon "will delete any sensitive information from the receipts users upload, like prescription information." Importantly, Amazon "doesn't delete users' personal information, instead storing it in accordance with its existing Privacy Policy. It will allow users to delete their previously uploaded receipts, if they choose."

Last month, Amazon announced a gaming platform called Luna that lets users play games via the cloud. The company is rolling out early access today, starting with a library of 50 games and support for Mac, PC, Fire TV, and iOS devices. The Verge's Chaim Gartenberg shares what it's like so far and how it compares to other streaming services out there like Microsoft xCloud and Google Stadia. Here's an excerpt from his report: The biggest question for Luna -- like any cloud gaming service -- is performance. For cloud gaming to work well, companies like Amazon need to rapidly deliver compressed video frames that respond to your button presses even if internet bandwidth dips and even if your house isn't located right next to an Amazon server farm. Amazon recommends a minimum connection speed of 10 Mbps for Luna, but your home's internal network also matters. We tested Luna on a variety of devices in two different Verge editors' homes across two different coasts with a variety of internet speeds and connection types. So far, 10 Mbps doesn't seem like nearly enough. We found that we needed a connection of at least 25 Mbps in order to have a consistently playable stream, with more bandwidth obviously being better. My colleague Sean Hollister limited his router to 10 Mbps, 15 Mbps, and 20 Mbps, but he'd still get stretches of choppy video.

The best performance (of course) came from a PC with a wired Ethernet connection and controller, with no other family members streaming video in the house. Playing Bloodstained: Ritual of the Night on that solid of a connection was virtually indistinguishable from the game running natively. (Switching back and forth, you can tell it takes oh-so-slightly longer to swing a sword, but it felt perfectly playable.) Admittedly, there are few benefits to actually using Luna to stream the game on a capable PC. On the other hand, Metro: Exodus, one of the most graphically intensive games available to stream, looked and played decidedly worse streamed to a web browser than it does on a capable gaming PC. Honestly, it doesn't look great in either Luna or Stadia, but at least Stadia could keep up with a mouse and keyboard. Luna's mouse was extremely laggy.

Using wireless connections introduces a lot more variables into Luna's performance. If you have a steady, strong Wi-Fi connection, Luna works pretty well, with little to no lag, smooth HD video, and responsive enough gameplay to enjoy even fast-paced platformers like Sonic Mania on an iPhone with a paired Bluetooth controller. But when Luna has a bad connection, it's rough. For some reason, Amazon doesn't seem to degrade the quality of video streaming when connection speeds are bad; it just tries to power on through by dropping frames until speeds pick up. I also ran into issues where audio started to lag behind what was otherwise smooth gameplay, presumably due to a sluggish connection. Right now, it seems that Luna's performance is almost entirely dependent on having good internet. Further reading: iOS Web App, Game Library, and App Functionality

Marvel Entertainment has announced that it is halving the wait time for fans choosing to read releases on its digital subscription Marvel Unlimited, with titles now appearing on the service just three months after print release. The change takes effect immediately. From a report: Marvel Unlimited launched in 2007, and offers access to the publisher's digital library of titles -- currently numbering more than 27,000 issues -- for either a monthly or annual subscription fee. The service is available as an iOS, Android and web app.

Last month Eric Raymond suggested Microsoft might be moving to a Linux kernel that emulates Windows. ZDNet contributing editor Steven J. Vaughan-Nichols argued such a move "makes perfect sense", and open source advocate Jack Wallen even suggested Microsoft abandon Windows altogether for a new distro named Microsoft Linux.

It eventually drew the attention of Canonical's engineering manager for Ubuntu on WSL, who published a blog post with his own personal thoughts. Its title? "No, Microsoft is not rebasing Windows to Linux." The NT kernel in Windows offers a degree of backward compatibility, long-term support, and driver availability that Linux is just now approaching. It would cost millions of dollars to replicate these in Linux. Microsoft has plenty of paying customers to continue supporting Windows as-is, some for decades. Windows is not a drain on Microsoft that would justify the expense of rebasing to Linux for savings, as Raymond has argued... It is unclear if the Windows user space could even be rebased from NT to the Linux kernel and maintain the compatibility that Windows is known for, specifically what enterprise clients with mission-critical applications are paying to get....

Microsoft has doubled down on Windows in recent years. Microsoft has invested in usability, new features, and performance improvements for Windows 10 that have paid off. These improvements, collaborations with OEMs, and the Surface helped revitalize a PC market that at one point looked in danger of falling to iPads and Chromebooks... Internal reorganizations in 2018 and 2020 show that the future of the Surface and Windows are now inextricably linked. Windows powers the Xbox and we are in a resurgence of mostly Windows-based PC gaming. Microsoft also has ideas for Windows 10X, the next operating system concept following Windows 10 (that I think we will get in gradual pieces), with future hardware like the Surface Neo in mind...

The much more interesting question is not whether Microsoft is planning to rebase Windows to Linux, but how far Windows will go on open source. We are already seeing components like Windows Terminal, PowerToys, and other Windows components either begin life as or go open source. The more logical and realistic goal here is a continued opening of Windows components and the Windows development process, even beyond the Insiders program, in a way that benefits other operating systems...

Raymond is correct in one key part of his blog. I do think the era of the desktop OS wars is ending. We are entering a new era where your high-end workstation will run multiple operating systems simultaneously, like runtimes, and not necessarily all locally. The choice will not really be Windows or Linux, it will be whether you boot Hyper-V or KVM first, and Windows and Ubuntu stacks will be tuned to run well on the other. Microsoft contributes patches to the Linux kernel to run Linux well on Hyper-V and tweaks Windows to play nicely on KVM. The best parts of Ubuntu will come to Windows and the best open source parts of Windows will come to Ubuntu, thanks to an increasing trend towards open source across Microsoft.

The key take-away though is that open source has won. And Raymond can be proud of helping to articulate the case for the open source development model when he did.
The post also explores "the reasons why I think this fantasy this keeps cropping up on Slashdot and Hacker News," calling the idea "a long-held fantasy for open source and Linux advocates."

But instead he concludes "Neither Windows nor Ubuntu are going anywhere. They are just going to keep getting better through open source."

Google has added a new feature that lets you figure out what song is stuck in your head by humming, whistling or singing -- a much more useful version of the kind of song-matching audio feature that it and competitors like Apple's Shazam have offered previously. From a report: As of today, users will be able to open either the latest version of the mobile Google app, or the Google Search widget, and then tap the microphone icon, and either verbally ask to search a song or hit the 'Search a song button' and start making noises. The feature should be available to anyone using Google in English on iOS, or across over 20 languages already on Android, and the company says it will be growing that user group to more languages on both platforms in the future. Unsurprisingly, it's powered behind the scenes by machine learning algorithms developed by the company. Google says that it's matching tech won't require you to be a Broadway star or even a choir member -- it has built-in abilities to accommodate for various degrees of musical sensibility, and will provide a confidence score as a percentage alongside a number of possible matches. Clicking on any match will return more info about both artist and track, as well as music videos, and links that let you listen to the full song in the music app of your choice.

Apple has poached a key member of Google's Project Zero, a hacking team at Google that has found dozens of critical vulnerabilities in Apple's iOS and other critical Apple software. From a report: Last year, Apple and Google fought over a series of vulnerabilities that Project Zero discovered in iOS, with Apple suggesting that Google was overselling the vulnerabilities. About a year later, Brandon Azad announced on Twitter at the beginning of October that he was leaving Google's elite team of hackers to join Apple. "My teammates at Project Zero have been among the kindest and smartest people I've met, and I've learned so much from them," Azad wrote. "I'll really miss working alongside everyone on the team. Thank you all for these wonderful experiences, and keep on hacking!" Azad has been widely considered one of the best iPhone hackers who didn't work for Apple, being named by Apple in countless security advisories, and presenting highly technical findings on Apple's products at major cybersecurity conferences around the world. Last year, Motherboard profiled Project Zero and revealed that Apple had been trying to poach a colleague of Azad, Ian Beer.

A recently released tool is letting anyone exploit an unusual Mac vulnerability to bypass Apple's trusted T2 security chip and gain deep system access. The flaw is one researchers have also been using for more than a year to jailbreak older models of iPhones. But the fact that the T2 chip is vulnerable in the same way creates a new host of potential threats. Worst of all, while Apple may be able to slow down potential hackers, the flaw is ultimately unfixable in every Mac that has a T2 inside. From a report: In general, the jailbreak community haven't paid as much attention to macOS and OS X as it has iOS, because they don't have the same restrictions and walled gardens that are built into Apple's mobile ecosystem. But the T2 chip, launched in 2017, created some limitations and mysteries. Apple added the chip as a trusted mechanism for securing high-value features like encrypted data storage, Touch ID, and Activation Lock, which works with Apple's "Find My" services. But the T2 also contains a vulnerability, known as Checkm8, that jailbreakers have already been exploiting in Apple's A5 through A11 (2011 to 2017) mobile chipsets. Now Checkra1n, the same group that developed the tool for iOS, has released support for T2 bypass.

On Macs, the jailbreak allows researchers to probe the T2 chip and explore its security features. It can even be used to run Linux on the T2 or play Doom on a MacBook Pro's Touch Bar. The jailbreak could also be weaponized by malicious hackers, though, to disable macOS security features like System Integrity Protection and Secure Boot and install malware. Combined with another T2 vulnerability that was publicly disclosed in July by the Chinese security research and jailbreaking group Pangu Team, the jailbreak could also potentially be used to obtain FileVault encryption keys and to decrypt user data. The vulnerability is unpatchable, because the flaw is in low-level, unchangeable code for hardware. "The T2 is meant to be this little secure black box in Macs -- a computer inside your computer, handling things like Lost Mode enforcement, integrity checking, and other privileged duties," says Will Strafach, a longtime iOS researcher and creator of the Guardian Firewall app for iOS. "So the significance is that this chip was supposed to be harder to compromise -- but now it's been done."

Project xCloud, the Microsoft game-streaming service that comes packed as a bonus in certain Xbox Game Pass subscription plans, may finally have a path to working on Apple's range of iOS devices -- well after a public row between the tech giants that put the possibility into question. From a report: The news comes from a report by Business Insider, which claimed that an internal Microsoft meeting on Wednesday included a vote of confidence from Xbox chief Phil Spencer. "We absolutely will end up on iOS," Spencer reportedly said about getting its streamed Project xCloud game content onto iOS devices in "2021." Previously, Apple shot down existing versions of both Project xCloud (which has since been rolled into the "Xbox Game Pass" app) and Google Stadia as iOS apps. Their public statements hinged on "reviewing" the games included in the subscription against App Store guidelines, though the issue could also stem from in-app purchases within both Xbox and Stadia's offerings. Eventually, Apple offered a revised stance on such apps, but this onerous "approval for every separate game" proposal comes with its own headaches, as opposed to a clear path toward a simple subscription service (as you'll find in popular iOS media apps like Netflix and Amazon Video).

Epic Games "did not win its preliminary injunction in its antitrust action against Apple, which would have forced Apple to allow Fortnite back onto the iPhone, iPad, and Mac," reports BGR, calling it "the decision we warned you about a few weeks ago." Gonzalez Rogers hinted during the injunction relief hearing a few weeks ago that she wasn't inclined to side with Epic when it comes to Fortnite. She pointed out at the time that Epic lied in its business relationship with Apple. "You did something, you lied about it by omission, by not being forthcoming. That's the security issue. That's the security issue!" Gonzalez Rogers told Epic. "There are a lot of people in the public who consider you guys heroes for what you guys did, but it's still not honest...."

Epic engineered a huge PR stunt to turn gamers against Apple over the expected Fortnite ban and then sued Apple for anti-competitive practices at the same time. Even if the antitrust case might have merit on its own, this doesn't change the fact that Epic breached its contract... The judge clarified that Epic has breached a contract unilaterally and cannot claim that it did it because of monopoly concerns. Judge Rogers also said that Epic's failure to show it's willing to work with Apple and the court to have the game reinstated proves that Epic isn't necessarily concerned with the well-being of iOS users. "Epic Games cannot simply exclaim 'monopoly' to rewrite agreements giving itself unilateral benefit..."
Epic did receive some good news in the ruling. "Epic Games is grateful that Apple will continue to be barred from retaliating against Unreal Engine and our game development customers," the company said in a statement which was quoted by Thurrott.com. "We will continue developing for Apple's platforms and pursue all avenues to end Apple's anti-competitive behavior."

And the same site also quotes Apple's own statement on the ruling. "We are grateful that the Court recognized that Epic's actions were not in the best interests of its own customers and that any problems they may have encountered were of their own making when they breached their agreement."

An anonymous reader quotes a report from TechCrunch: China now has a tool that lets users access YouTube, Facebook, Twitter, Instagram, Google, and other internet services that have otherwise long been banned in the country. Called Tuber, the mobile browser recently debuted on China's third-party Android stores, with an iOS launch in the pipeline. The landing page of the app features a scrolling feed of YouTube videos, with tabs at the bottom that allow users to visit other mainstream Western internet services.

While some celebrate the app as an unprecedented "opening up" of the Chinese internet, others quickly noticed the browser comes with a veil of censorship. YouTube queries for politically sensitive keywords such as "Tiananmen" and "Xi Jinping" returned no results on the app, according to tests done by TechCrunch. Using the app also comes with liabilities. Registration requires a Chinese phone number, which is tied to a person's real identity. The platform could suspend users' accounts and share their data "with the relevant authorities" if they "actively watch or share" content that breaches the constitution, endangers national security and sovereignty, spreads rumors, disrupts social orders, or violates other local laws, according to the app's terms of service.