"Google has revealed plans to initially warn Chrome users about 'insecure' downloads and eventually block them outright," reports The Verge. The warnings will begin in April: "Today we're announcing that Chrome will gradually ensure that secure (HTTPS) pages only download secure files," Joe DeBlasio of the Chrome security team wrote in a blog post. "Insecurely-downloaded files are a risk to users' security and privacy. For instance, insecurely-downloaded programs can be swapped out for malware by attackers, and eavesdroppers can read users' insecurely-downloaded bank statements."

Beginning with Chrome 82, due for release in April, Chrome will warn users if they're about to download mixed content executables from a secure website. Then, when version 83 is released, those executable downloads will be blocked and the warning will be applied to archive files. PDFs and .doc files will get the warning in Chrome 84, with audio, images, text, and video files displaying it by version 85. Finally, all mixed content downloads — a non-secure file coming from a secure site — will be blocked as of the release of Chrome 86. Right now, Google is estimating an October release for that build of the popular web browsing.

Epic Games CEO Tim Sweeney opened a game event in Las Vegas today with a call to make the industry more open and liberate it from the monopolistic practices of platform owners such as Google and Apple. From a report: In a talk about his vision for games in the next decade, Sweeney alternated between criticizing all of the big players in the game industry to criticizing specific players with examples of how their behavior isn't good for consumers or for competition. [...] Sweeney called Android a "fake open system" for putting up barriers in front of users when Epic Games wanted to enable players to sideload Fortnite directly from the Epic Games site, rather than through the Google Play store. Sweeney said that Google put up "scary" pop-ups in front of users about the risks of sideloading (viruses, malware) and other steps that users had to engage in order to get Fortnite on Android. Epic also had in "tough discussions" with Sony, Microsoft, and Nintendo to make Fortnite available as a crossplay title (meaning you can play against people on other systems, and your progress, items, and so on are available regardless of device) across the platforms.

One of the principles that Sweeney argued for was that "gamers should be free to engage in any game with their friends anyplace they want without any unnecessary friction." He said that the platforms have been too balkanized, and Microsoft lost a whole decade of progress as it tried and failed to make its Windows marketplace more like Apple's closed system. Microsoft has since backed off on that. Gamers and game vendors should be "free of lockdown." He drew a comparison to Visa and Mastercard and the global credit card payment system, where vendors charge 2.5% to 3.5% fees for transactions, while store vendors such as Steam, Apple, and Google charge 30%. He said the global payments industry is proof that highly profitable companies can arise from just taking the 2.5% to 3.5% cut.

French authorities on Friday said tech giant Apple has agreed to pay $27.4 million for failing to inform users that software updates to older iPhone models could slow down the device, according to French media. From a report: Le Parisien reported it was the highest fine for fraud ever imposed by the consumer watchdog. The crackdown comes two years after Apple admitted its iOS software slowed down the performance of older phones -- in particular, devices with shorter battery life.

Makers of productivity suite Basecamp have announced Hey, an email product they plan to release this spring. Basecamp founder and CEO, Jason Fried shared the vision for what they are calling a much-improved approach to email in an open letter today on the Hey website: You started getting stuff you didn't want from people you didn't know. You lost control over who could reach you. You were forced to inherit other people's bad communication habits. Then an avalanche of automated emails amplified the clutter. And Gmail, Outlook, Yahoo, Apple, and all the others just let it happen. Now email feels like a chore, rather than a joy. Something you fall behind on. Something you clear out, not cherish. Rather than delight in it, you deal with it. Your relationship with email changed, and you didn't have a say.

So good news, the magic's still there. It's just obscured -- buried under a mess of modern day bad habits and neglect. Some from people, some from machines, a lot from email systems. It deserves a dust off. A renovation. Modernized for the way we email today. With HEY, we've done just that. It's a redo, a rethink, a simplified, potent reintroduction of email. A fresh start, the way it should be. For web, iOS, and Android. HEY is our love letter to email, and we're sending it to you. Over 12,000 people have requested early access to Hey since yesterday, said David Heinemeier Hansson, founder of Basecamp, and creator of Ruby on Rails.

Google Maps has a new look on iOS and Android today to celebrate turning 15 on February 8. The app icon is all-new -- a less playful icon with a multi-colored location pin, set on a white background -- and many features that were previously hidden within the hamburger menu have moved into front-and-center tabs along the bottom. From a report: There are also several new features that integrate shopping, reservations, and Google Lens, and Google Translate. Google says the Maps app redesign makes it more useful -- to help people better plan their trips -- but as I was briefly walked through each of the new features, I couldn't shake the fact that the app is still doing too much. Instead of trimming the fat, Google is doubling down with more features. Maybe it's time Maps went on a diet. Google has always been stronger at rolling out useful features than making software good-looking. But too many features at the expense of functional design is a big loss for users who have no choice but to accept a poorer experience. I'm not saying the new Google Maps app is bad, I'm just saying it still feels bloated because Google has integrated so many of its other services into it and may never return back to a simple maps app. Simplicity is arguably better. Fun trivia: Google Maps wasn't supposed to be unveiled the day it did, and even then it was going to be in beta -- but a reader guessed the URL correctly and posted it on Slashdot.

An anonymous reader quotes a report from Ars Technica: With no fanfare or public announcement, Apple has launched a mobile version of its Web-based interface for accessing iCloud services like Notes, Reminders, and Photos. Located at icloud.com just like the desktop version, this mobile site works on the default browsers for both iOS and Android devices (with some caveats for the latter) and has a more limited scope than users already saw on the desktop Web. That smaller scope starts with the Web apps that are available: the mobile version only offers Photos, Notes, Find iPhone, and Reminders. By contrast, the desktop version also offers Mail, Contacts, Calendar, iCloud Drive, Pages, Numbers, Keynote, and Find Friends. It's possible Apple will add more apps to mobile Web over time.

The first couple of months of each year, Microsoft typically reorgs something. This time around, it's the Experiences and Devices unit under Executive Vice President Rajesh Jha where a lot of the changes are happening. From a report: The biggest and boldest move in the February 5 reorg being announced internally today involves the Windows Experience (client) and the hardware teams. Microsoft is going to roll up these two businesses into a single team, known as Windows + Devices -- reporting to Chief Product Officer Panos Panay, I've confirmed with a person familiar with the changes who asked not to be named. The move takes effect on February 25. Corporate Vice President Joe Belfiore, who currently heads the Windows Experience business under Jha, is going to move over to the Office side of the house. Belfiore and Ales Holecek will be leading the Office Experience Group (OXO) team as a product/engineering team. Belfiore will continue to lead EPIC (Essential Products Inclusive Community), which includes the mobile apps on Android and iOS and Microsoft News.

An anonymous reader quotes a report from VentureBeat: Google today launched Chrome 80 for Windows, Mac, Linux, Android, and iOS. The release includes autoupgrading mixed content to HTTPS, SameSite cookie changes, quieter permission UI for notifications, and more developer features. This release thus beefs up security for the world's most popular browser and begins cracking down on cross-site cookies. You can update to the latest version now using Chrome's built-in updater or download it directly from google.com/chrome. With over 1 billion users, Chrome is both a browser and a major platform that web developers must consider. In fact, with Chrome's regular additions and changes, developers often have to stay on top of everything available -- as well as what has been deprecated or removed. Among other things, Chrome 80 has started deprecating FTP support by disabling it by default for non-enterprise clients.

Amazon's Ring doorbell has rolled out a new update that lets users add and remove shared users on an account, restrict third-party access, view two-factor authentication settings, and (perhaps, most importantly) opt out of all video request notifications from law enforcement. Mashable reports: Uncovered in reporting by Motherboard and Gizmodo in 2019, the scale of Amazon's Neighbor Portal program is much larger than originally believed -- and its various affiliations with law enforcement has raised alarming ethical questions. In the new update, users will be able to see an "Active Law Enforcement Map" clarifying which local institutions are part of the Neighbor Portal network. They will also be able to disable requests for video from officials, whether or not they have received one in the past. (This feature was available previously, but an account had to have received one request for the opt-out option to appear.)

That said, Ring is suggesting users allow video request notifications -- citing specific instances where such evidence helped solve criminal cases. According to Ring's official press release, the control center update will be made available to all Android and iOS users within "the next few days." Per the same release, this is the first of numerous security and privacy updates planned for the system.

From a report: I'll just pay a little more attention to the Android bit: a total of $80 billion paid out to Android developers, which is significantly less than the $155 billion Apple has paid out via the iOS App Store. Even if you account for Google allowing developers to use their own payment methods and made a bunch of other caveats, I suspect you can't avoid the truth. The vast majority of phones on Earth run Android, and yet it is almost surely the case that there's more money for developers in iPhone apps. That's always been the conventional wisdom, but Google's own numbers all but confirm it.

"The WireGuard VPN protocol will be included into the next Linux kernel as Linus Torvalds has merged it into his source tree for version 5.6," reports TechRadar:
While there are many popular VPN protocols such as OpenVPN, WireGuard has made a name for itself by being easy to configure and deploy as SSH... The WireGuard protocol is a project from security researcher and kernel developer Jason Donenfeld who created it as an alternative to both IPsec and OpenVPN. Since the protocol consists of around just 4,000 lines of code as opposed to the 100,000 lines of code that make up OpenVPN, it is much easier for security experts to review and audit for vulnerabilities.

While WireGuard was initially released for the Linux kernel, the protocol is now cross-platform and can be deployed on Windows, macOS, BSD, iOS and Android.
Ars Technica notes that with Linus having merged WireGuard into the source tree, "the likelihood that it will disappear between now and 5.6's final release (expected sometime in May or early June) is vanishingly small." WireGuard's Jason Donenfeld is also contributing AVX crypto optimizations to the kernel outside the WireGuard project itself. Specifically, Donenfeld has optimized the Poly1305 cipher to take advantage of instruction sets present in modern CPUs. Poly1305 is used for WireGuard's own message authentication but can be used outside the project as well — for example, chacha20-poly1305 is one of the highest-performing SSH ciphers, particularly on CPUs without AES-NI hardware acceleration.

Other interesting features new to the 5.6 kernel will include USB4 support, multipath TCP, AMD and Intel power management improvements, and more.

Due to a U.S. government ban on sales to Huawei, Google revoked its license for popular apps last spring (including Gmail and the Play Store). But this week Huawei executive Fred Wangfei suggested that even if that ban is lifted, Huawei would continue developing its own app ecosystem instead to avoid the possibility of future political complications.

The vice president of risk management and partner relations at Huawei later called those remarks "incorrect," while elsewhere Huawei issued a slightly different statement -- that "An open Android ecosystem is still our first choice, but if we are not able to continue to use it, we have the ability to develop our own." But BGR was already noting that Huawei "is ready to invest $3 billion this year to incentivize more than 4,000 developers to improve its Huawei Mobile Services system. Another billion is reserved for marketing purposes."

And Android Authority suggests Huawei should stick to its original statement. "Maybe it's time for Huawei to go all-in on Harmony OS and do what it can to bring a viable alternative to Android and iOS..."
If there's any company today that has the financial resources and raw talent necessary to bring in a viable third choice for smartphone operating systems, it's Huawei... Sure, it would be a long-term investment and there would inevitably be short-term losses as the company tries to find its footing and develop Harmony OS to have its own identity. But it would prevent something like the Huawei ban from happening to the company again as well as further the company's ambitions as not only a smartphone manufacturer but as a technology creator....

Huawei would have major difficulties in encouraging wide adoption of Harmony OS for one major reason: it's Huawei. The Huawei ban exists because the United States government doesn't trust Huawei and there are numerous (as yet unproven) accusations against the company related to espionage, IP theft, fraud, and even violations of international treaties... Huawei is already in a bad situation. It's going to need to dig itself out of the hole it's in regardless, so why not use this opportunity to turn lemons into lemonade and develop Harmony OS as a viable third option on the way?

Maybe the industry needs a shake-up... Maybe a new operating system is just the kind of fire OEMs need to turn the market around. Maybe a real, potent threat that the billions of people who use Android and iOS just might jump ship to something else would scare companies into taking some real risks.

As I said earlier, there aren't too many companies out there right now that could do this, but Huawei could.

Over the course of a year, Apple took down 805 apps in mainland China by its own account. From a report: In Apple's latest transparency report accounting for the first half of 2019, the iPhone maker said it removed 288 apps from China's iOS App Store for both legal and policy violations. The Apple Transparency Report goes out twice a year and details requests received from government agencies and private parties worldwide. The report lists government requests to access information on accounts and devices, but the last two reports also include the number of apps Apple removed that period. When it comes to why those apps are removed, though, Apple is tight-lipped. The reports cite two reasons for app removals: Platform violations, which covers gambling apps (gambling is illegal in China), and legal violations, which according to Apple usually means apps with pornography (also illegal in China) and other illegal content.

[...] The total number of apps missing from the App Store because of government censorship is hard to know. GreatFire has used its tool applecensorship.com to identify 2,678 apps that aren't available inside the mainland China App Store. But this number doesn't paint the full picture. Records of missing apps are only generated when people search for them on the website. And there's no information on whether apps were taken down because of a government request, a decision from Apple or the app makers' choice. Many of the apps recorded were never listed on the mainland China App Store. But the list does provide some insight, like the fact that the 149 unavailable news apps is more than in any other country. "We know that app store removals are happening more often in China," said GreatFire's Karen Reilly. "We know that many of these apps are news sources. We know that many of these apps are VPNs and other software that everyday people use to protect their privacy."

John Gruber: Ten years ago today, Steve Jobs introduced the iPad on stage at the Yerba Buena theater in San Francisco. [...] Ten years later, though, I don't think the iPad has come close to living up to its potential. [...] Software is where the iPad has gotten lost. iPadOS's "multitasking" model is far more capable than the iPhone's, yes, but somehow Apple has painted it into a corner in which it is far less consistent and coherent than the Mac's, while also being far less capable. iPad multitasking: more complex, less powerful. That's quite a combination.

Consider the basic task of putting two apps on screen at the same time, the basic definition of "multitasking" in the UI sense. To launch the first app, you tap its icon on the homescreen, just like on the iPhone, and just like on the iPad before split-screen multitasking. Tapping an icon to open an app is natural and intuitive. But to get a second app on the same screen, you cannot tap its icon. You must first slide up from the bottom of the screen to reveal the Dock. Then you must tap and hold on an app icon in the Dock. Then you drag the app icon out of the Dock to launch it in a way that it will become the second app splitting the display. But isn't dragging an icon out of the Dock the way that you remove apps from the Dock? Yes, it is -- when you do it from the homescreen.

So the way you launch an app in the Dock for split-screen mode is identical to the way you remove that app from the Dock. Oh, and apps that aren't in the Dock can't become the second app in split screen mode. What sense does that limitation make? On the iPhone you can only have one app on screen at a time. The screen is the app; the app is the screen. This is limiting but trivial to understand. [...] On iPad you can only have two apps on screen at the same time, and you must launch them in entirely different ways -- one of them intuitive (tap any app icon), one of them inscrutable (drag one of the handful of apps you've placed in your Dock). And if you don't quite drag the app from the Dock far enough to the side of the screen, it launches in "Slide Over", an entirely different shared-screen rather than split-screen mode. The whole concept is not merely inconsistent, it's incoherent. How would anyone ever figure out how to split-screen multitask on the iPad if they didn't already know how to do it?

[...] As things stand today, I get a phone call from my mom once a month or so because she's accidentally gotten Safari into split-screen mode when tapping links in Mail or Messages and can't get out. I like my iPad very much, and use it almost every day. But if I could go back to the pre-split-screen, pre-drag-and-drop interface I would. Which is to say, now that iPadOS has its own name, I wish I could install the iPhone's one-app-on-screen-at-a-time, no-drag-and-drop iOS on my iPad Pro. I'd do it in a heartbeat and be much happier for it. The iPad at 10 is, to me, a grave disappointment. Not because it's "bad", because it's not bad -- it's great even -- but because great though it is in so many ways, overall it has fallen so far short of the grand potential it showed on day one. To reach that potential, Apple needs to recognize they have made profound conceptual mistakes in the iPad user interface, mistakes that need to be scrapped and replaced, not polished and refined. I worry that iPadOS 13 suggests the opposite -- that Apple is steering the iPad full speed ahead down a blind alley. Further reading: The iPad's original software designer and program lead look back on the device's first 10 years.

ProtonVPN open sourced its code this week, ZDNet reports: On Tuesday, the virtual private network (VPN) provider, also known for the ProtonMail secure email service, said that the code backing ProtonVPN applications on every system -- Microsoft Windows, Apple macOS, Android, and iOS -- is now publicly available for review in what Switzerland-based ProtonVPN calls "natural" progression.

"There is a lack of transparency and accountability regarding who operates VPN services, their security qualifications, and whether they fully conform to privacy laws like GDPR," the company says. "Making all of our applications open source is, therefore, a natural next step." Each application has also undergone a security audit by SEC Consult, which ProtonVPN says builds upon a previous partnership with Mozilla...

The source code for each app is now available on GitHub (Windows, macOS, Android, iOS). "As a community-supported organization, we have a responsibility to be as transparent, accountable, and accessible as possible," ProtonVPN says.

"Going open source helps us to do that and serve you better at the same time."
They're also publishing the results of an independent security audit for each app. "As former CERN scientists, publication and peer review are a core part of our ethos..." the company wrote in a blog post. They also point out that Switzerland has some of the world's strongest privacy laws -- and that ProtonVPN observes a strict no-logs policy.

But how do they feel about their competition? "Studies have found that over one-third of Android VPNs actually contain malware, many VPNs suffered from major security lapses, and many free VPN services that claimed to protect privacy are secretly selling user data to third parties."

Just days after EA announced that its mobile Tetris games will shut down on April 21st, new Tetris developer N3twork released an officially licensed version of the popular puzzle game for both Android and iOS. From a report: The new N3twork app isn't the 100-player Tetris Royale app that the developer is also working on; rather, it's an extremely basic mobile Tetris game. "We're launching Tetris with a traditional solo gameplay mode, but we want fans to know that we've got so much more in store for them, and this is just the foundation of an incredible Tetris app experience we're building at N3twork," commented CEO Neil Young. Unlike EA's old app, there's a single mode (for classic Tetris) and a handful of alternative skins. There are also ads, although a single-time $4.99 purchase will remove those. It's not exactly a groundbreaking iteration of the series, but if you just want to play some Tetris on your commute, it'll get the job done.

The future of the next 46 billion devices. From a report: "What do you think is the biggest hardware business at Microsoft?" asked Microsoft CEO Satya Nadella last week during a private media event. "Xbox," answered a reporter who had been quizzing Nadella on how the company's hardware products like Surface and Xbox fit into the broader ambitions of Microsoft. "No, it's our cloud," fired back Nadella, explaining how Microsoft is building everything from the data centers to the servers and network stack that fit inside. As the reporter pushed further on the hardware point, a frequent question given Microsoft's focus on the cloud, Nadella provided us with the best vision for the modern Microsoft that moves well beyond the billion-or-so Windows users that previously defined the company.

"The way I look at it is Windows is the billion user install base of ours. We continue to add a couple of hundred million PCs every year, and we want to serve that in a super good way," explained Nadella. "The thing that we also want to think about is the broader context. We don't want to be defined by just what we achieved. We look at if there's going to be 50 billion endpoints. Windows with its billion is good, Android with its 2 billion is good, iOS with its billion is good -- but there is 46 billion more. So let's go and look at what that 46 billion plus 4 [billion] looks like, and define a strategy for that, and then have everything have a place under the sun."

An anonymous reader quotes a report from Motherboard: BlackVue is a dashcam company with its own social network. With a small, internet-connected dashcam installed inside their vehicle, BlackVue users can receive alerts when their camera detects an unusual event such as someone colliding with their parked car. Customers can also allow others to tune into their camera's feed, letting others "vicariously experience the excitement and pleasure of driving all over the world," a message displayed inside the app reads. Users are invited to upload footage of their BlackVue camera spotting people crashing into their cars or other mishaps with the #CaughtOnBlackVue hashtag. But what BlackVue's app doesn't make clear is that it is possible to pull and store users' GPS locations in real-time over days or even weeks. Motherboard was able to track the movements of some of BlackVue's customers in the United States.

Ordinarily, BlackVue lets anyone create an account and then view a map of cameras that are broadcasting their location and live feed. This broadcasting is not enabled by default, and users have to select the option to do so when setting up or configuring their own camera. Motherboard tuned into live feeds from users in Hong Kong, China, Russia, the U.K, Germany, and elsewhere. BlackVue spokesperson Jeremie Sinic told Motherboard in an email that the users on the map only represent a tiny fraction of BlackVue's overall customers. But the actual GPS data that drives the map is available and publicly accessible. By reverse engineering the iOS version of the BlackVue app, Motherboard was able to write scripts that pull the GPS location of BlackVue users over a week long period and store the coordinates and other information like the user's unique identifier. One script could collect the location data of every BlackVue user who had mapping enabled on the eastern half of the United States every two minutes. Motherboard collected data on dozens of customers. Following the report, BlackVue said their developers "have updated the security measures" to prevent this sort of tracking.

Motherboard confirmed that previously provided user data stopped working, and they said they have "deleted all of the data collected to preserve individuals' privacy."

Most modern iPhones running iOS 13 can now be used as a built-in phone security key for Google apps. 9to5Google reports: A built-in phone security key differs from the Google Prompt, though both essentially share the same UI. The latter push-based approach is found in the Google Search app and Gmail, while today's announcement is more akin to a physical USB-C/Lightning key in terms of being resistant to phishing attempts and verifying who you are. Your phone security key needs to be physically near (within Bluetooth range) the device that wants to log-in. The login prompt is not just being sent over an internet connection.

With an update to the Google Smart Lock app on iOS this week, "you can now set up your phone's built-in security key." According to one Googler today, the company is leveraging the Secure Enclave found on Apple's A-Series chips. Storing Touch ID, Face ID, and other cryptographic data, it was first introduced on the iPhone 5s, though that particular device no longer supports iOS 13. Anytime users enter a Google Account username and password, they'll be prompted to open Smart Lock on their nearby iPhone to confirm a sign-in. There's also the option to cancel with "No, it's not me." This only works when signing-in to Google with Chrome, while Bluetooth on both the desktop computer and phone needs to be enabled as the devices are locally communicating the confirmation request and verification.

In light of this week's rumor that a Pro Mode -- which will supposedly boost performance on Macs with Catalina operating system -- may be coming, long time developer and Apple commentator Marco Arment makes the case for a Low Power Mode on macOS. He writes: Modern hardware constantly pushes thermal and power limits, trying to strike a balance that minimizes noise and heat while maximizing performance and battery life. Software also plays a role, trying to keep everything background-updated, content-indexed, and photo-analyzed so it's ready for us when we want it, but not so aggressively that we notice any cost to performance or battery life. Apple's customers don't usually have control over these balances, and they're usually fixed at design time with little opportunity to adapt to changing circumstances or customer priorities.

The sole exception, Low Power Mode on iOS, seems to be a huge hit: by offering a single toggle that chooses a different balance, people are able to greatly extend their battery life when they know they'll need it. Mac laptops need Low Power Mode, too. I believe so strongly in its potential because I've been using it on my laptops (in a way) for years, and it's fantastic. I've been disabling Intel Turbo Boost on my laptops with Turbo Boost Switcher Pro most of the time since 2015. In 2018, I first argued for Low Power Mode on macOS with a list of possible tweaks, concluding that disabling Turbo Boost was still the best bang-for-the-buck tweak to improve battery life without a noticeable performance cost in most tasks.

Recently, as Intel has crammed more cores and higher clocks into smaller form factors and pushed thermal limits to new extremes, the gains have become even more significant. [...] With Turbo Boost disabled, peak CPU power consumption drops by 62%, with a correspondingly huge reduction in temperature. This has two massive benefits: The fans never audibly spin up. [...] It runs significantly cooler. Turbo Boost lets laptops get too hot to comfortably hold in your lap, and so much heat radiates out that it can make hands sweaty. Disable it, and the laptop only gets moderately warm, not hot, and hands stay comfortably dry. I haven't done formal battery testing on the 16-inch, since it's so difficult and time-consuming to do in a controlled way that's actually useful to people, but anecdotally, I'm seeing similar battery gains by disabling Turbo Boost that I've seen with previous laptops: significantly longer battery life that I'd estimate to be between 30-50%.