DuckDuckGo is rolling out its web browsing app for Mac users as an open beta test. Designed for privacy, the app was announced back in April as a closed beta, but is now available for all Mac users to try before its official public launch. From a report: The desktop browser includes the same built-in protections we've seen already featured in DuckDuckGo's mobile apps, combining DuckDuckGo's search engine, defenses against third-party tracking, cookie pop-up protection, and its popular one-click data clearing 'Fire Button.' Some additional features have been added to the browser (version 0.30) since its original announcement.

Now users can try Duck Player, a feature that protects users from targeted ads and cookies while watching YouTube content. Ads viewed within the Duck Player will not be personalized, which DuckDuckGo claims actually removed most YouTube ads as a result during testing. YouTube will still register your views, but content watched through Duck Player won't contribute to your YouTube advertising profile. Pinned tabs and a new bookmarks bar have been included to address feedback from early beta testing, as well as a way to view your locally stored browsing history. DuckDuckGo's Cookie Consent Pop-Up Manager is also available which works on about 50 percent of sites (with more to come) to automatically choose the most private option and spare users from the annoying pop-up messages. The app also lets you activate DuckDuckGo Email Protection on the desktop to better protect your inbox with email tracker blocking.

Nearly four years after its last major release, VirtualBox 7.0 arrives with a... host of new features. Chief among them are Windows 11 support via TPM, EFI Secure Boot support, full encryption for virtual machines, and a few Linux niceties. From a report: The big news is support for Secure Boot and TPM 1.2 and 2.0, which makes it easier to install Windows 11 without registry hacks (the kind Oracle recommended for 6.1 users). It's strange to think about people unable to satisfy Windows 11's security requirements on their physical hardware, but doing so with a couple clicks in VirtualBox, but here we are. VirtualBox 7.0 also allows virtual machines to run with full encryption, not just inside the guest OSâ"but logs, saved states, and other files connected to the VM. At the moment, this support only works through the command line, "for now," Oracle notes in the changelog.

This is the first official VirtualBox release with a Developer Preview for ARM-based Macs. Having loaded it on an M2 MacBook Air, I can report that the VirtualBox client informs you, extensively and consistently, about the non-production nature of your client. The changelog notes that it's an "unsupported work in progress" that is "known to have very modest performance." A "Beta Warning" shows up in the (new and unified) message center, and in the upper-right corner, a "BETA" warning on the window frame is stacked on top of a construction-style "Dev Preview" warning sign. It's still true that ARM-based Macs don't allow for running operating systems written for Intel or AMD-based processors inside virtual machines. You will, however, be able to run ARM-based Linux installations in macOS Venture that can themselves run x86 processors using Rosetta, Apple's own translation layer.

An anonymous reader quotes a report from The Register: Modified off-the-shelf drones have been found carrying wireless network-intrusion kit in a very unlikely place. Greg Linares, a security researcher, recently recounted an incident that he said occurred over the summer at a US East Coast financial firm focused on private investment. He told The Register that he was not involved directly with the investigation but interacted with those involved as part of his work in the finance sector. In a Twitter thread, Linares said the hacking incident was discovered when the financial firm spotted unusual activity on its internal Atlassian Confluence page that originated from within the company's network.

The company's security team responded and found that the user whose MAC address was used to gain partial access to the company Wi-Fi network was also logged in at home several miles away. That is to say, the user was active off-site but someone within Wi-Fi range of the building was trying to wirelessly use that user's MAC address, which is a red flag. The team then took steps to trace the Wi-Fi signal and used a Fluke system to identify the Wi-Fi device. "This led the team to the roof, where a 'modified DJI Matrice 600' and a 'modified DJI Phantom' series were discovered," Linares explained. The Phantom drone was in fine condition and had a modified Wi-Fi Pineapple device, used for network penetration testing, according to Linares. The Matrice drone was carrying a case that contained a Raspberry Pi, several batteries, a GPD mini laptop, a 4G modem, and another Wi-Fi device. It had landed near the building's heating and ventilation system and appeared to be damaged but still operable. "During their investigation, they determined that the DJI Phantom drone had originally been used a few days prior to intercept a worker's credentials and Wi-Fi," Linares said. "This data was later hard coded into the tools that were deployed with the Matrice."

According to Linares, the tools on the drones were used to target the company's internal Confluence page in order to reach other internal devices using the credentials stored there. The attack, he said, had limited success and is the third cyberattack involving a drone he's seen over the past two years. "The attackers specifically targeted a limited access network, used by both a third-party and internally, that was not secure due to recent changes at the company (e.g. restructuring/rebranding, new building, new building lease, new network setup or a combination of any of these scenarios)," Linares told The Register. "This is the reason why this temporary network unfortunately had limited access in order to login (credentials + MAC security). The attackers were using the attack in order to access an internal IT confluence server that contained other credentials for accessing other resources and storing IT procedures." [...] While the identity of the attacker has not been disclosed, Linares believes those responsible did their homework. "This was definitely a threat actor who likely did internal reconnaissance for several weeks, had physical proximity to the target environment, had a proper budget and knew their physical security limitations," he said.

Android Developers Blog: Passkeys are a significantly safer replacement for passwords and other phishable authentication factors. They cannot be reused, don't leak in server breaches, and protect users from phishing attacks. Passkeys are built on industry standards and work across different operating systems and browser ecosystems, and can be used for both websites and apps. Passkeys follow already familiar UX patterns, and build on the existing experience of password autofill. For end-users, using one is similar to using a saved password today, where they simply confirm with their existing device screen lock such as their fingerprint. Passkeys on users' phones and computers are backed up and synced through the cloud to prevent lockouts in the case of device loss. Additionally, users can use passkeys stored on their phone to sign in to apps and websites on other nearby devices.

Today's announcement is a major milestone in our work with passkeys, and enables two key capabilities: Users can create and use passkeys on Android devices, which are securely synced through the Google Password Manager. Developers can build passkey support on their sites for end-users using Chrome via the WebAuthn API, on Android and other supported platforms. To try this today, developers can enroll in the Google Play Services beta and use Chrome Canary. Both features will be generally available on stable channels later this year. Our next milestone in 2022 will be an API for native Android apps. Passkeys created through the web API will work seamlessly with apps affiliated with the same domain, and vice versa. The native API will give apps a unified way to let the user pick either a passkey or a saved password. Seamless, familiar UX for both passwords and passkeys helps users and developers gradually transition to passkeys.

For the end-user, creating a passkey requires just two steps: (1) confirm the passkey account information, and (2) present their fingerprint, face, or screen lock when prompted. Signing in is just as simple: (1) The user selects the account they want to sign in to, and (2) presents their fingerprint, face, or screen lock when prompted. A passkey on a phone can also be used to sign in on a nearby device. For example, an Android user can now sign in to a passkey-enabled website using Safari on a Mac. Similarly, passkey support in Chrome means that a Chrome user, for example on Windows, can do the same using a passkey stored on their iOS device. Since passkeys are built on industry standards, this works across different platforms and browsers - including Windows, macOS and iOS, and ChromeOS, with a uniform user experience.

"Apple won a massive reduction in a 1.1 billion euro ($1.1 billion) antitrust fine from French competition regulators," reports CNBC, "in a blow to the ambitions of European authorities to crack down on the dominance of Big Tech companies." The Paris appeals court on Thursday lowered the fine to 371.6 million euros, roughly a third of the value of the original penalty and a reduction of 728.4 million euros, an Apple spokesperson confirmed.According to Reuters, the amount was slashed because the court decided to drop one of the charges related to price fixing, and lower the rate originally used to calculate the fine....

In 2020, the French competition watchdog fined Apple 1.1 billion euros for allegedly pressuring premium resellers into fixing prices of non-iPhone products, such as its Mac and iPad computers, and abusing the economic dependence of its outside resellers. Tech Data and Ingram Micro, two global electronics wholesalers, were also fined 76.1 million euros and 62.9 million euros, respectively. The regulator accused Apple, Tech Data and Ingram Micro of agreeing not to compete and preventing independent resellers from competing with each other, "thereby sterilizing the wholesale market for Apple products."
Apple response, according to Reuters: "While the court correctly reversed part of the French Competition Authority's decision, we believe it should be overturned in full and plan to appeal.

"The decision relates to practices from more than a decade ago that even the (French authority) recognised are no longer in use."

Apple's vice president of procurement, Tony Blevins, has left the company after a TikTok video showed him making a vulgar comment about women at a car show. CNBC reports: An Apple representative confirmed the departure to CNBC, saying, "Tony is leaving Apple." The departure was spurred by a TikTok video posted Sept. 5, according to Bloomberg, which first reported the news. In the video, reviewed by CNBC, Blevins is getting out of an expensive Mercedes-Benz sports car and is asked what he does for a living by Daniel Mac, who has a channel centered around asking people in expensive cars questions. In the video, Blevins responds, "I race cars, play golf and fondle big-breasted women. But I take weekends and major holidays off." The remark appears to be a reference to a similar quote in the movie "Arthur." It was viewed 1.3 million times, according to the TikTok page. "Blevins was a VP at Apple," notes CNBC. "His main role was to negotiate with suppliers to keep the price Apple pays for computer parts down, according to a Wall Street Journal profile of Blevins from 2020."

Apple is bringing Stage Manager, a new multitasking system exclusive to iPads with the M1 chip, to a number of older devices. Engadget reports: Probably the biggest change Apple announced with iPadOS 16 earlier this year is Stage Manager, a totally new multitasking system that adds overlapping, resizable windows to the iPad. That feature also works on an external display, the first time that iPads could do anything besides mirror their screen on a monitor. Unfortunately, the feature was limited to iPads with the M1 chip -- that includes the 11- and 12.9-inch iPad Pro released in May of 2021 as well as the M1-powered iPad Air which Apple released earlier this year. All other older iPads were left out.

That changes with the latest iPadOS 16 developer beta, which was just released. Now, Apple is making Stage Manager work with a number of older devices: it'll work on the 11-inch iPad Pro (first generation and later) and the 12.9-inch iPad Pro (third generation and later). Specifically, it'll be available on the 2018 and 2020 models that use the A12X and A12Z chips rather than just the M1. However, there is one notable missing feature for the older iPad Pro models -- Stage Manager will only work on the iPad's build-in display. You won't be able to extend your display to an external monitor. Apple also says that developer beta 5 of iPadOS 16. is removing external display support for Stage Manager on M1 iPads, something that has been present since the first iPadOS 16 beta was released a few months ago. It'll be re-introduced in a software update coming later this year.

Apple could decide to release its remaining products for 2022, which includes an updated iPad Pro, Mac mini, and 14-inch and 16-inch MacBook Pros, through a press release on its website rather than a digital event, according to Bloomberg's Mark Gurman. MacRumors reports: In his latest Power On newsletter, Gurman said that Apple is currently "likely to release its remaining 2022 products via press releases, updates to its website and briefings with select members of the press" rather than a digital event. Rumors had suggested that Apple was planning a second fall event in October that would focus on the Mac and iPad, but that may no longer be the case. Apple has three things on the roster for the remainder of 2022: an 11-inch and 12.9-inch iPad Pro with the M2 chip, an updated Mac mini with the M2 and yet announced "M2 Pro" chip, and updated 14-inch and 16-inch MacBook Pros.

Apple announced the M2 chip in June for the redesigned MacBook Air and 13-inch MacBook Pro earlier this June at WWDC. Other than the new chip, the updates to the Mac and iPad will be relatively incremental upgrades with no major design changes rumored for the products. Apple has released products via press release in the past, such as the AirPods Max and the original AirPods Pro.

The Document Foundation, the organization that tends the open source productivity suite LibreOffice, has decided to start charging for one version of the software. The Register reports: LibreOffice is a fork of OpenOffice and is offered under the free/open source Mozilla Public License Version 2.0. A Monday missive from the Document Foundation reveals the org will begin charging 8.99 euros for the software -- but only when sold via Apple's Mac App Store. That sum has been styled a "convenience fee ... which will be invested to support development of the LibreOffice project."

The foundation suggests paying up in the Mac App Store is ideal for "end users who want to get all of their desktop software from Apple's proprietary sales channel." Free downloads of LibreOffice for macOS from the foundation's site will remain available and arguably be superior to the App Store offering, because that version will include Java. The foundation argued that Apple does not permit dependencies in its store, so it cannot include Java in the 8.99 euro offering. The version now sold in the App Store supersedes a previous offering provided by open source support outfit Collabora, which charged $10 for a "Vanilla" version of the suite and threw in three years of support. The foundation's marketing officer Italo Vignoli said the change was part of a "new marketing strategy."

"The Document Foundation is focused on the release of the Community version, while ecosystem companies are focused on a value-added long-term supported versions targeted at enterprises," Vignoli explained. "The distinction has the objective of educating organizations to support the FOSS project by choosing the LibreOffice version which has been optimized for deployments in production and is backed by professional services, and not the Community version generously supported by volunteers."

"The objective is to fulfil the needs of individual and enterprise users in a better way," Vignoli added, before admitting "we know that the positive effects of the change will not be visible for some time. Educating enterprises about FOSS is not a trivial task and we have just started our journey in this direction."

Logitech makes some of the most popular webcams in the world, but using them on some of the most popular computers, like the M2 MacBook Air or M1 Pro MacBook Pro, is a less than stellar experience. From a report: Plugging one into any M1 or M2 Mac for a video call isn't an issue, but if you want to tweak in-depth settings or use some of these webcams' highlight features, doing that right now ranges from clumsy to impossible. That's because its most capable webcam software, Logitech Capture, isn't available on computers with Apple silicon. Logitech switched up its software plan for people who use newer Mac laptops and desktops without making much effort to tell anyone. Instead of offering Logitech Capture, its de facto software focused squarely on webcam settings and content creation features, it has two distinct and lesser Mac applications to choose from: Logi Tune and Logitech G Hub.

Tune is a confusing app that lets you toggle settings for Logitech gadgets, with calendar integration added in, for some reason. G Hub was built for gamers who want to tweak RGB lighting and sensitivity settings for gaming-focused products and, now, webcams. Each app's interface looks different and lets you switch different settings, so you've got a choice with which app you use -- too much choice, if you ask me, given how limited the functionality is within each one. But neither offers as many options as Logitech Capture. You can access basic settings, like the ability to zoom in for a tighter crop or make a host of adjustments to the picture settings (or set them to auto settings), but you can't adjust the frame rate or the resolution. What that means is people who own an M1 or M2 Mac cannot utilize its face-tracking feature or switch between horizontal or vertical orientations on a nice, relatively high-end webcam like the $160 Logi StreamCam.

Google has released Chrome 105.0.5195.102 for Windows, Mac, and Linux users to address a single high-severity security flaw, the sixth Chrome zero-day exploited in attacks patched this year. From a report: "Google is aware of reports that an exploit for CVE-2022-3075 exists in the wild," the company said in a security advisory published on Friday. This new version is rolling out in the Stable Desktop channel, with Google saying that it will reach the entire user base within a matter of days or weeks. It was available immediately when BleepingComputer checked for new updates by going into the Chrome menu > Help > About Google Chrome. The web browser will also auto-check for new updates and automatically install them after the next launch.

What's the deal with that supposed 30TB external SSD being sold for just $31.40 on China-based online shopping site AliExpress? It's also listed on Walmart's website for just $39 — but first, listen to cybersecurity researcher calling himself "Ray [REDACTED]". Scammer gets two 512MB Flash drives. Or 1 gigabyte, or whatever. They then add hacked firmware that makes it misreport its size... when you go to WRITE a big file, hacked firmware simply writes all new data on top of old data, while keeping directory (with false info) intact.
Ars Technica goes over the details: On the inside, this "SSD" looks like two small-capacity microSD cards hot glued to a USB 2.0-capable board. This board's firmware has been modified so that each of these cards reports its capacity as "15.0TB" to the operating system, for a total of 30TB, even though the actual capacity of the cards is much lower.... It preserves the directory structure of whatever you're copying, but when it's "copying" your data, it just keeps writing and rewriting over the tiny microSD cards.

Everything will look fine until you go to access a file, only to find that the data isn't there.

Replies to Ray Redacted's thread are full of alternate versions of this scam, including multiple iterations of the hot-glued microSD version and at least one that hid a USB thumb drive inside a larger enclosure. Fake USB storage devices are neither new nor rare, though this one makes spectacularly egregious claims about its price-per-gigabyte. When it comes to buying storage online, common-sense advice is best: stick to name brands, buy from trustworthy sellers.... and know that if a deal seems too good to be true, it almost certainly is.

Polygon reports that during a streaming event, the publisher of the Magic: the Gathering card game promised a new themed set of cards commemorating Doctor Who's 60th anniversary. But that's not their only new set: The Lord of the Rings: Tales from Middle-earth is also releasing in Q3 of 2023, but it will be a fully draftable booster set and legal in modern format of competitive play....

Individual cards portray familiar heroes and villains including Frodo, Gandalf and the Balrog. In order to capture the scale of J.R.R. Tolkien's fantasy battles, the set will also feature new borderless scene cards. Each has a piece of art that can stand alone, but 18 of them will come together to produce a particularly epic scene from the trilogy — such as the Battle of the Pelennor Fields from The Return of the King. The art from Tyler Jacobson, who's provided illustrations for more than 100 Magic cards and for Dungeons & Dragons books including The Wild Beyond the Witchlight, is full of small details including the Dark Tower Barad-dûr in the background.
The article points out that the game publisher has previously published crossover decks for The Walking Dead and Fortnite.

This story is for long-time Slashdot reader tezbobobo, who argued earlier this week that Slashdot's been remiss in its coverage of Magic: the Gathering news: For years I've seen Dungeons & Dragons, Sony Playstation and Nethack show up occassionally on the front page of Slashdot. So where are the rest of the nerd games?

Magic: the Gathering has one of the most loyal and active fanbases, and the creators have been churning out new and interesting cards for decades. Even as it tops the trading card pile, it's made inroads into the digital sphere, with online version in Arena and Magic Online. It's available on PC, Mac, Ipad.

An anonymous reader quotes a report from Ars Technica: Skirting the official macOS system requirements to run new versions of the software on old, unsupported Macs has a rich history. Tools like XPostFacto and LeopardAssist could help old PowerPC Macs run newer versions of Mac OS X, a tradition kept alive in the modern era by dosdude1's patchers for Sierra, High Sierra, Mojave, and Catalina. For Big Sur and Monterey, the OpenCore Legacy Patcher (OCLP for short) is the best way to get new macOS versions running on old Macs. It's an offshoot of the OpenCore Hackintosh bootloader, and it's updated fairly frequently with new features and fixes and compatibility for newer macOS versions. The OCLP developers have admitted that macOS Ventura support will be tough, but they've made progress in some crucial areas that should keep some older Macs kicking for a little bit longer.

[...] First, while macOS doesn't technically include system files for pre-AVX2 Intel CPUs, Apple's Rosetta 2 software does still include those files, since Rosetta 2 emulates the capabilities of a pre-AVX2 x86 CPU. By extracting and installing those files in Ventura, you can re-enable support on Ivy Bridge and older CPUs without AVX2 instructions. And this week, Grymalyuk showed off another breakthrough: working graphics support on old Metal-capable Macs, including machines as old as the 2014 5K iMac, the 2012 Mac mini, and even the 2008 cheese grater-style Mac Pro tower. The OCLP team still has other challenges to surmount, not least of which will involve automating all of these hacks so that users without a deep technical understanding of macOS's underpinnings can continue to set up and use the bootloader. Grymalyuk still won't speculate about a timeframe for official Ventura support in OCLP. But given the progress that has been made so far, it seems likely that people with 2012-and-newer Macs should still be able to run Ventura on their Macs without giving up graphics acceleration or other important features.

The USB Rubber Ducky "has a new incarnation, released to coincide with the Def Con hacking conference this year," reports The Verge. From the report: To the human eye, the USB Rubber Ducky looks like an unremarkable USB flash drive. Plug it into a computer, though, and the machine sees it as a USB keyboard -- which means it accepts keystroke commands from the device just as if a person was typing them in. The original Rubber Ducky was released over 10 years ago and became a fan favorite among hackers (it was even featured in a Mr. Robot scene). There have been a number of incremental updates since then, but the newest Rubber Ducky makes a leap forward with a set of new features that make it far more flexible and powerful than before.

With the right approach, the possibilities are almost endless. Already, previous versions of the Rubber Ducky could carry out attacks like creating a fake Windows pop-up box to harvest a user's login credentials or causing Chrome to send all saved passwords to an attacker's webserver. But these attacks had to be carefully crafted for specific operating systems and software versions and lacked the flexibility to work across platforms. The newest Rubber Ducky aims to overcome these limitations.

It ships with a major upgrade to the DuckyScript programming language, which is used to create the commands that the Rubber Ducky will enter into a target machine. While previous versions were mostly limited to writing keystroke sequences, DuckyScript 3.0 is a feature-rich language, letting users write functions, store variables, and use logic flow controls (i.e., if this... then that). That means, for example, the new Ducky can run a test to see if it's plugged into a Windows or Mac machine and conditionally execute code appropriate to each one or disable itself if it has been connected to the wrong target. It also can generate pseudorandom numbers and use them to add variable delay between keystrokes for a more human effect. Perhaps most impressively, it can steal data from a target machine by encoding it in binary format and transmitting it through the signals meant to tell a keyboard when the CapsLock or NumLock LEDs should light up. With this method, an attacker could plug it in for a few seconds, tell someone, "Sorry, I guess that USB drive is broken," and take it back with all their passwords saved.

Nvidia is upgrading its GeForce Now game streaming service to support 1440p resolution at 120fps in a Chrome or Edge browser. GeForce Now members on the RTX 3080 tier of the service will be able to access the new browser gameplay options today by selecting 1440p on the GeForce Now web version. From a report: Nvidia originally launched its RTX 3080 GeForce Now membership tier last year, offering streams of up to 1440p resolution with 120fps on PCs and Macs or 4K HDR at 60fps on Nvidia's Shield TV. Previously, you had to download the dedicated Mac or Windows apps to access 1440p resolution and 120fps support, as the web version was limited to 1080p at 60fps.

If you're using Zoom on a Mac, it's time for a manual update. The video conferencing software's latest update fixes an auto-update vulnerability that could have allowed malicious programs to use its elevated installing powers, granting escalated privileges and control of the system. From a report: The vulnerability was first discovered by Patrick Wardle, founder of the Objective-See Foundation, a nonprofit Mac OS security group. Wardle detailed in a talk at Def Con last week how Zoom's installer asks for a user password when installing or uninstalling, but its auto-update function, enabled by default, doesn't need one. Wardle found that Zoom's updater is owned by and runs as the root user. It seemed secure, as only Zoom clients could connect to the privileged daemon, and only packages signed by Zoom could be extracted. The problem is that by simply passing the verification checker the name of the package it was looking for ("Zoom Video ... Certification Authority Apple Root CA.pkg"), this check could be bypassed. That meant malicious actors could force Zoom to downgrade to a buggier, less-secure version or even pass it an entirely different package that could give them root access to the system.

This year's major Android update, Android 13, is officially releasing today for Google's Pixel phones, the search giant has announced. From a report: The annual update is getting an official release a little earlier than usual, following Android 12's release last October and Android 11's release in September 2020. The list of updates arriving with this year's version of Android is likely to be familiar if you've been keeping up with Android 13's beta releases. There's the ability to customize non-Google app icons to match your homescreen wallpaper that we saw in Android 13's first developer preview, a new permission to cut down on notification spam, and a new option to limit which of your photos and videos an app can access.

Back in January, we wrote that Google planned to spend this year catching up with Apple's ecosystem integrations, and there's more evidence of this in Android 13's official release. The update includes support for spatial audio with head tracking, which is designed to make sounds appear as though they're coming from a fixed point in space when you move your head while wearing compatible headphones, similar to a feature Apple offers for its AirPods. Today's post doesn't say exactly which headphones this will work with, but Google previously announced it would be updating its Pixel Buds Pro to offer support for spatial audio. Secondly, there's the ability to stream messages from apps including Google Messages directly to a Chromebook, similar to iMessage on the Mac.

Matt Edmondson, a hacker and digital forensics expert, built a Raspberry Pi-powered anti-tracking tool that "scans for nearby devices and alerts you if the same phone is detected multiple times within the past 20 minutes," reports Wired. The device, which can be carried around or placed in a car, consists of parts that cost around $200 in total. From the report: The homemade system works by scanning for wireless devices around it and then checking its logs to see whether they also were present within the past 20 minutes. It was designed to be used while people are on the move rather than sitting in, say, a coffee shop, where it would pick up too many false readings. The anti-tracking tool, which can sit inside a shoebox-sized case, is made up of a few components. A Raspberry Pi 3 runs its software, a Wi-Fi card looks for nearby devices, a small waterproof case protects it, and a portable charger powers the system. A touchscreen shows the alerts the device produces. Each alert may be a sign that you are being tailed. The device runs Kismet, which is a wireless network detector, and is able to detect smartphones and tablets around it that are looking for Wi-Fi or Bluetooth connections. The phones we use are constantly looking for wireless networks around them, including networks they've connected to before as well as new networks.

Edmondson says Kismet makes a record of the first time it sees a device and then the most recent time it was detected. But to make the anti-tracking system work, he had to write code in Python to create lists of what Kismet detects over time. There are lists for devices spotted in the past five to 10 minutes, 10 to 15 minutes, and 15 to 20 minutes. If a device appears twice, an alert flashes up on the screen. The system can show a phone's MAC address, although this is not much use if it's been randomized. It can also record the names of Wi-Fi networks that devices around it are looking for -- a phone that's trying to connect to a Wi-Fi network called Langley may give some clues about its owner. "If you have a device on you, I should see it," he says. In an example, he showed WIRED that a device was looking for a network called SAMSUNGSMART.

To stop the system from detecting your own phone or those of other people traveling with you, it has an "ignore" list. By tapping one of the device's onscreen buttons, it's possible to "ignore everything that it has already seen." Edmondson says that in the future, the device could be modified to send a text alert instead of showing them on the screen. He is also interested in adding the capability to detect tire-pressure monitoring systems that could show recurring nearby vehicles. A GPS unit could also be added so you can see where you were when you were being tracked, he says. [...] Edmondson has no plans to make the device into a commercial product, but he says the design could easily be copied and reused by anyone with some technical knowledge. Many of the parts involved are easy to obtain or may be lying around the homes of people in tech communities. For those interested, Edmondson open-sourced its underlying code and plans to present the research project at the Black Hat security conference in Las Vegas this week.

On Wednesday, Meta announced that the Portal Plus Gen 2 and Portal Go now support Duet Display, an app that can turn a display into a secondary monitor for Macs and PCs. Ars Technica reports: The Portal Plus is the same size as some of the best portable monitors, so it makes sense to repurpose it for that function. Because it's built for video image quality, it has a decent resolution for a portable display -- 2160x1440. Duet Display doesn't require a display to be connected to a computer via a cable, so specific Portals are now portable wireless monitors, too.

At a time when webcams are integrated into many laptops, and USB webcams are easier to find again, many consumers don't need a display dedicated primarily to web calls. But an extra monitor? That's more widely appealing. With the addition of Duet Display, Portal owners have further reason to think about their Portal when they're not on a video call. Meta also gave all Portals with a touchscreen -- namely, the Portal Go, Portal Plus, Portal, and Portal Mini -- a Meta Portal Companion app for macOS. The app enables screen sharing during video calls and provides quick access to video call features, like mute and link sharing in Zoom, Workplace, and BlueJeans.