EFF's "Deeplinks" blog has published nearly two dozen "2016 in Review" posts over the last nine days, one of which applauds 2016 as "a great year for adoption of HTTPS encryption for secure connections to websites." An anonymous reader writes: In 2016 most pages viewed on the web were encrypted. And over 21 million web sites obtained security certificates -- often for the first time -- through Let's Encrypt. But "a sizeable part of the growth in HTTPS came from very large hosting providers that decided to make HTTPS a default for sites that they host, including OVH, Wordpress.com, Shopify, Tumblr, Squarespace, and many others," EFF writes. Other factors included the support of Transport Layer Security (TLS) 1.3 by Firefox, Chrome, and Opera.
Other "2016 in Review" posts from EFF include Protecting Net Neutrality and the Open Internet and DRM vs. Civil Liberties. Click through for a complete list of all EFF "2016 in Review" posts.

Designer Ilya Birman writes: I understand why rendering a complicated layout may be slow. Or why executing a complicated script may be slow. Actually, browsers are rather fast doing these things. If you studied programming and have a rough idea about how many computations are made to render a page, it is surprising the browsers can do it all that fast. But I am not talking about rendering and scripts. I am talking about everything else. Safari may take a second or two just to open a new blank tab on a 2014 iMac. And with ten or fifteen open tabs it eventually becomes sluggish as hell. Chrome is better, but not much so. What are they doing? The tabs are already open. Everything has been rendered. Why does it take more than, say, a thousandth of a second to switch between tabs or create a new one? Opening a 20-megapixel photo from disk doesn't take any noticeable amount of time, it renders instantaneously. Browsers store their stuff in memory. Why can't they just show the pixels immediately when I ask for them? [...] Unfortunately, modern browsers are so stupid that they reload all the tabs when you restart them. Which takes ages if you have a hundred of tabs. Opera was sane: it did not reload a tab unless you asked for it. It just reopened everything from cache. Which took a couple of seconds. Modern browsers boast their rendering and script execution performance, but that's not what matters to me as a user. I just don't understand why programmers spend any time optimising for that while the Chrome is laughably slow even by ten-years-old standards.Do you agree with Birman? If yes, why do you think browsers are generally slow today?

Earlier this month, Opera announced a new interesting feature with Opera 43 developer that predicts the website you're about to go to. The company explains: There are two ways we can predict what page the user will soon load. When the current page tells us so, and when we can determine from the users actions that they are about to load something. Pages can use the tag, and for instance Google uses that for search results if they are pretty sure of what you will load next. When someone writes in the address bar they are humanly slow. Sometimes it is obvious what they will write after just 1-2 characters but they will just keep writing or arrowing through suggestions for millions or billions of wasted clock cycles. We expect this feature to results in an average of 1 second faster loads from the address bar. The company insists that this feature saves time and energy without compromising the security. What's your thought?

Opera web browser's 'Turbo Mode' is designed to speed up browsing. As a side effect, it also bypasses website blocks, something popular with pirates. However, it appears that the company has been in talks to integrate a blacklist which could stop access to blocked domains. From a report on TorrentFreak: It transpires that earlier this year, Opera's owners were approached by Russian telecoms watchdog Roskomnadzor who aired concerns about the browser's ability to unblock banned sites. It was suggested that Opera should introduce some kind of filtering/blacklist mechanism to disallow blocked sites from accessing 'Turbo Mode.' Russian publication Kommersant says that it was able to confirm the nature of the discussions with sources within Opera. And according to Roskomnadzor's Vadim Ampelonsky, a meeting took place between the parties early in the fall. Ampelonsky says that discussion surrounded the technical issues of keeping blocked sites inaccessible when 'Turbo Mode' is activated. Representatives from Opera reportedly confirmed that this kind of filtering is possible. "We are ready to periodically send a list of sites to enter into such a filter at the conclusion of a bilateral agreement [with Opera]," Ampelonsky says, adding that discussions continue.

Reader dryriver writes: There is no shortage of internet websites these days that peddle "information", "knowledge", "analysis", "explanations" or even supposed "facts" that don't hold up to even the most basic scrutiny -- one quick trip over to Wikipedia, Snopes, an academic journal or another reasonably factual/unbiased source, and you realize that you've just been fed a triple dose of factually inaccurate horsecrap masquerading as "fact". Unfortunately, many millions of more naive internet users appear to frequent sites daily that very blatantly peddle "untruths", "pseudo-facts" or even "agitprop-like disinformation", the latter sometimes paid for by someone somewhere. No small number of these more gullible internet users then wind up believing just about everything they read or watch on these sites, and in some cases cause other gullible people in the offline world to believe in them too. Now here is an interesting idea: What if your internet browser -- whether Edge, Firefox, Chrome, Opera or other -- was able provide an "information accuracy rating" of some sort when you visit a certain URL. Perhaps something like "11,992 internet users give this website a factual accuracy rating of 3.7/10. This may mean that the website you are visiting is prone to presenting information that may not be factually accurate." You could also take this 2 steps further. You could have a small army of "certified fact checkers" -- people with scientific credentials, positions in academia or similar -- provide a rolling "expert rating" on the very worst of these websites, displayed as "warning scores" by the web browser. Or you could have a keyword analysis algorithm/AI/web crawler go through the webpage you are looking at, try to cross-reference the information presented to you against a selection of "more trusted sources" in the background, and warn you if information presented on a webpage as "fact" simply does not check out. Is this a good idea? Could it be made to work technically? Might a browser feature like this make the internet as a whole a "more factually accurate place" to get information from?That's a remarkable idea. It appears to me that many companies are working on it -- albeit not fast enough, many can say. Google, for instance, recently began adding "Fact check" to some stories in search results. I am not sure how every participating player in this game could implement this in their respective web browsers though. Then there is this fundamental issue: the ability to quickly check whether or not something is indeed accurate. There's too much noise out there, and many publications and blogs report on things (upcoming products, for instance) before things are official. How do you verify such stories? If the NYTimes says, for instance, Apple is not going to launch any iPhone next year, and every website cites NYTimes and republishes it, how do you fact check that? And at last, a lot of fake stories circulate on Facebook. You may think it's a problem. Obama may think it's a problem, but does Facebook see it as a problem? For all it care, those stories are still generating engagement on its site.

According to multiple reports, Web of Trust, one of the top privacy and security extensions for web browsers with over 140 million downloads, collects and sells some of the data of its users -- and it does without properly anonymizing it. Upon learning about this, Mozilla, Google and Opera quickly pulled the extension off their respective extension stores. From a report on The Register: A browser extension which was found to be harvesting users' browsing histories and selling them to third parties has had its availability pulled from a number of web browsers' add-on repositories. Last week, an investigative report by journalists at the Hamburg-based German television broadcaster, Norddeutscher Rundfunk (NDR), revealed that Web of Trust Services (WoT) had been harvesting netizens' web browsing histories through its browser add-on and then selling them to third parties. While WoT claimed it anonymised the data that it sold, the journalists were able to identify more than 50 users from the sample data it acquired from an intermediary. NDR quoted the data protection commissioner of Hamburg, Johannes Caspar, criticising WoT for not adequately establishing whether users consented to the tracking and selling of their browsing data. Those consent issues have resulted in the browser add-on being pulled from the add-on repositories of both Mozilla Firefox and Google Chrome, although those who have already installed the extension in their browsers will need to manually uninstall it to stop their browsing being tracked.

Opera has long advertised its free VPN service Opera Max to customers. But it looks like, the company isn't pleased with users keeping its servers at work at all times. Over the last few days, according to a report on AndroidPolice, Opera Max has introduced ads on its apps, as well as links to sponsored apps. But the company is not done yet. It now requires a user to go back to the app and "add time" to the free VPN service every 12 hours if they wish to continue the service. Adding time doesn't cost anything, but it will subject users to an ad on each occasion.

For the first time ever, secure HTTPS encryption was used for over half the pageloads served to Mozilla users, representing a big milestone for encryption. TechCrunch reports on the telemetry data tweeted by the Head of Let's Encrypt: Mozilla, which is one of the organizations backing Let's Encrypt, was reporting that 40% of page views were encrypted as of December 2015. So it's an impressively speedy rise...

The Let's Encrypt initiative, which exited beta back in April, is doing some of that work by providing sites with free digital certificates to help accelerate the switch to HTTPS. According to [co-founder Josh] Aas, Let's Encrypt added more than a million new active certificates in the past week -- which is also a significant step up. In the initiative's first six months (when still in beta) it only issued around 1.7 million certificates in all.
The "50% HTTPS" figure is just a one-day snapshot, and it's from "only a subset of Firefox users who are running Mozilla's telemetry browser...not default switched on for most Firefox users (only for users of pre-release Firefox builds)." But the biggest caveat is it's only counting Firefox users, which in July represented just 7.7% of web surfers (according to Statista), behind both Chrome (49.5%) and Safari (13.68%) -- but also ahead of Internet Explorer (5.4%) and Opera (5.99%).

An anonymous reader writes from a report via Softpedia: A security bug in Google's V8 JavaScript engine is indirectly affecting around one in 16 Android devices, impacting smartphone models from all major vendors, such as LG, Samsung, Motorola, and Huawei. Despite this bug being public for more than a year, only in August 2016 have Chinese security researchers discovered that the V8 issue also affected a whole range of Android-related products where the older V8 engine versions had been deployed. Affected products included Google Chrome Mobile, Opera Mobile, apps that use the WebView component (Gmail, Facebook, Twitter, WeChat, etc.) and apps that deploy the Tencent X5.SDK (a bunch of Chinese apps). It is estimated that around one in 16 Android devices is vulnerable to this issue, nicknamed BadKernel. The flaw leads to a RCE on Android devices, allowing attackers to take full control over one's smartphone. Despite BadKernel being discovered in August 2016, because all research was only published in Chinese, most E.U. and U.S. users have no clue they might be affected. One of the best ways to protect yourself, as noted in the report, is to keep your apps and operating system updated. You can view this list via Trustlook's website to see if your device is affected. There's also a dedicated BadKernel security scanner you can download from the Play Store to check for the vulnerability.

Earlier this year, Microsoft announced that it had sold Nokia's remaining feature phone business to FIH Mobile, a subsidiary of Foxconn, for $350 million. Today, Microsoft unveiled the Nokia 216 feature phone, dispelling rumors that it would stop making Nokia phones. The Verge reports: The new Nokia 216 is one of the most basic phones that Microsoft manufactures, and it will be available in India next month for around $37. It includes a 2.4-inch QVGA display, with 0.3-megapixel cameras at the front and rear, running on the Series 30 OS with the Opera mini browser. It even has a headphone jack. It's easy to understand why Microsoft continues to create feature phones, as the company still sells millions of them every month. Microsoft previously hoped that feature phone users would create a Microsoft account and become part of the Microsoft ecosystem, but it's not clear whether the millions of feature phone users ever actually did that. Microsoft hinted earlier this year that it's planning to kill off its Lumia smartphones, and recent rumors have suggested that the Lumia brand will die off toward the end of the year.

Earlier this year, Microsoft said that its Edge browser was more power efficient than Google's Chrome, a claim that Google refuted with its own findings. But the debate isn't over. An anonymous reader writes: Microsoft is at it again -- touting Edge as the most battery-efficient browser on Windows 10. The company has rerun its battery tests from the previous quarter using the latest versions of the major browsers, open-sourced its lab test on GitHub, and published the full methodology. But this time, Microsoft says it also replicated one of Google's tests to show that Edge lasts longer than Chrome, Firefox, and Opera.

An anonymous reader writes: Someone broke into Opera's servers. The Opera browser has a handy feature for synchronizing browsing data across different devices. Unfortunately, some of the passwords and login information used to enable the feature may have been stolen from Opera's servers. Opera's sync service is used by around 1.7 million people each month. Overall, the browser has 350 million users. The Norwegian firm told its users that someone had gained access to the Opera sync system, and "some of our sync users' passwords and account information, such as login names, may have been compromised." As a result, Opera had to reset all the passwords for the feature, meaning users will need to select new ones.

Frederic Lardinois, writing for TechCrunch: Earlier this year, Opera launched its free and unlimited VPN service for iOS; today it is bringing the same functionality to Android. Like the iOS version, the Android app is based on Opera's acquisition of SurfEasy in 2015 and allows you to surf safely when you are on a public network. While Opera's marketing mostly focuses on safety, Opera VPN also allows you to appear as if you are in the U.S., Canada, Germany, Singapore and The Netherlands, so it's also a way to route around certain geo-restrictions without having to opt for a paid service. In addition to its VPN features, the service also allows you to block ad trackers. Somewhat ironically, though, the app itself will show you some pretty unintrusive ads. "The Opera VPN app for Android sets itself apart from other VPNs by offering a completely free service; without a data limit, no log-in required, advanced Wi-Fi protection features and no need for a subscription," says Chris Houston, the president of Opera's SurfEasy VPN division, in today's announcement.

An anonymous reader writes from a report via Softpedia: "Researcher Jerry Decime revealed details about a security vulnerability that allows an attacker to gain a Man-in-the-Middle position and intercept HTTPS traffic thanks to flaws in the implementation of proxy authentication procedures in various products," reports Softpedia. The flaw can be used to collect user credentials by tricking victims into re-authenticating, sending data to a third-party. Multiple software vendors deploy applications that can handle proxy connections. Until now, Apple, Microsoft, Oracle, and Opera have acknowledged their products are affected. Lenovo said this bug does not impact its software. Other software vendors that are still evaluating the FalseCONNECT bug and may be affected include multiple Linux distros, Cisco, Google, HP, IBM, Juniper, Mozilla, Nokia, OpenBSD, SAP, Sony, and others.

In his latest column for The Verge, renowned journalist Walt Mossberg argues that TVs -- their UI, execution, underlying technologies, and remote -- are still too complicated. In the latest weekly, he has shared the experience of buying a new TV, setting it up, and the first few days of getting through it. The modern set, Smart TV for most, comes with a plethora of proprietary and standard features. But only a handful of people actually know what these features are -- and how they differ in the models offered by the same company. Mossberg says folks at Best Buy were of little use when explaining these features, but did a good job making false claims such as "you have to buy a sound bar because the TV doesn't have good speakers" even when that wasn't necessarily the case. Now Mossberg, having pioneered tech journalism as it is known today, knows a thing or two about TVs, but for a general consumer, it is an unnecessary thing that could spoil the experience, and make a bigger dent in their TV budget than it should have. But buying the TV wasn't the worst part. Following are excerpts from his column: But learning to use the TV is a whole other story. The Bean Bird (assistive cartoon feature) setup process was pretty straightforward, but it gets you going just enough to start watching something. Tweaking all of the TV's many features, including common ones like picture tones and uncommon ones like zooming in on a part of the picture or using a built-in web browser, takes hours. You must wade through menus containing scores of choices. And some controversial features common to modern TVs are buried deep in these menus. For instance, while I like motion smoothing others strongly dislike it -- it's sometimes known as the "soap opera effect." If you don't like it, the LG's interface doesn't make it at all easy to understand what's happening to your picture or what setting to adjust to turn it off. It's not even called motion smoothing in the menus -- LG calls it "TruMotion." The user interface is also somewhat confusing. There are at least three ways, for instance, to change inputs and at least two to bring up quick settings. The menu for launching apps like Netflix, inputs, and more appears to have a million icons in it and marches for what seems like miles across the bottom of the screen. So you have to edit it, which takes a bunch of time.Mossberg also found issues with the way the remote was designed to execute. "For instance, it's supposed to become a "universal" remote, controlling all your connected set-top boxes, but I can only get it to control some, but not all, of the basic features of my cable box, a TiVo Bolt. And its voice search is pathetic -- far worse than the one on the latest Apple TV."

Firefox's voice and videoconferencing add-on was described as "the first global communications system built directly into a browser" -- but things change. An anonymous Slashdot reader writes: An entry on Mozilla's issue tracker opened on July 17 reveals ongoing efforts from Mozilla engineers to remove the Hello system add-on from default Firefox installations starting with version 49, set for public release on September 13, 2016. Mozilla added Hello to Firefox in version 34, released on December 1, 2014, and from the beginning, it was part of the browser's core code, but was moved in December 2015 into a separate add-on, one that came pre-installed with Firefox, making Hello its first ever system add-on.

Mozilla plans to remove Hello from the codebases of Firefox Beta 49, Firefox Developer Edition 50, and Firefox Nightly 51. Based on the currently available information, the deadline for the Hello code removal operations is for this Monday, August 1, after which the first Firefox builds with no Hello integration will be available for testing, and will ship out in the fall with the stable release.
The article suggests this may have been a space-saving measure, "since Mozilla is focused on rebuilding Firefox's code from scratch to keep up with speedier competitors like Chrome, Opera, and Vivaldi."

The $1.24 billion takeover of Opera Software by a Chinese consortium of internet firms has failed, Opera said on Monday. The deal did not receive the required regulatory approval in time of a final deadline. But they will be doing some business. The consortium will now acquire only certain parts of Opera's consumer business, including its mobile and desktop browsers, for $600 million on an enterprise value basis. Tech.eu reports: What will not be acquired by the consortium is: Opera Mediaworks, Apps & Games and Opera TV. In 2015, Opera says these business units combined delivered revenues of $467 million. The company will report second-quarter results on August 31, 2016.

An anonymous reader writes from a report via PCWorld: Microsoft made the bold claim on Wednesday that its Edge browser was the only browser of the big four browsers -- Chrome, Firefox, and Opera -- to play Netflix content at a 1080p resolution. PCWorld tested the four browsers and found this claim to be valid. The other three browsers capped out at a 720p resolution. Microsoft has been trying to boost Edge's reputation. Microsoft recently claimed that its Edge browser is more power-efficient than Chrome. (Opera later denied those claims.) This is the latest bold claim to come from Microsoft in regard to its Edge browser. Microsoft has even publicized a Netflix support document to show that Netflix streams at 1080p on Internet Explorer and Edge, and 720p on the other browsers. PCWorld used the "secret Netflix menus" that were first unearthed by Reddit users (Ctrl+Alt+Shift+D) to display the resolution and bitrate and confirm that Microsoft's claims are true. "In a blog post, Microsoft claimed Microsoft Edge was built to take advantage of platform features in Windows 10, including the PlayReady Content Protection and the media engine's Protected Media Path," reports PCWorld. "The company said it is working with the Open Media Alliance to develop next-generation media formats, codecs, and other technologies for UltraHD video, and with chipset companies to develop Enhanced Content Protection that moves the protected media path into peripheral hardware for an even higher level of security, and one that could be used to protect 4K media."

An anonymous reader writes: According to the makers of the Opera browser, Microsoft's recent claim that its Windows 10 Edge browser is more power-efficient than Chrome are erroneous. Running its own tests with Opera, Edge and Chrome, the company finds that Opera runs 22% faster (with a battery life of 3hr 55m) than Edge (3hrs 12m). In Microsoft's own tests, Google's Chrome browser was the first to completely exhaust the battery, closely followed by Firefox and Opera. In May, Opera added a power-saving mode, but any advantage it can be verified to have in the energy-efficiency stakes may be more due to the native adblocking feature it introduced this year.

An anonymous reader writes: It's no secret that Google's Chrome browser eats up a considerable amount of memory (and by extension, battery). On Monday, Microsoft announced that its Edge browser has succeeded on that front. Citing several tests, Microsoft claims Edge browser is a better choice for portable device owners. The company took four identical laptops running Windows 10 to see which of the four most popular browsers would be most efficient when it comes to battery life. Interestingly, Chrome was the first to kill the laptop in the video streaming test at 4 hours and 19 minutes. Firefox closely followed its rival at 5 hours and 9 minutes, while Opera (running on the same tech as Chrome) managed to hit 6 hours and 18 minutes. In Microsoft's tests, it was found that Edge was best of the bunch when it came to enjoying a video online, lasting for 7 hours and 22 minutes. That's worked out to be 70% longer than Chrome.In a blog post, Microsoft wrote: "We designed Microsoft Edge from the ground up to prioritize power efficiency and deliver more battery life, without any special battery saving mode or changes to the default settings. Our testing and data show that you can simply browse longer with Microsoft Edge than with Chrome, Firefox, or Opera on Windows 10 devices."