A security loophole that would allow someone to add extra steps to the counter on your Fitbit monitor might seem harmless. But researchers say it points to the broader risks that come with technology's embedding into the nooks of our lives. John Markoff, writes for the NYTimes: On Tuesday, a group of computer security researchers at the University of Michigan and the University of South Carolina will demonstrate that they have found a vulnerability that allows them to take control of or surreptitiously influence devices through the tiny accelerometers that are standard components in consumer products like smartphones, fitness monitors and even automobiles. In their paper, the researchers describe how they added fake steps to a Fitbit fitness monitor and played a "malicious" music file from the speaker of a smartphone to control the phone's accelerometer. That allowed them to interfere with software that relies on the smartphone, like an app used to pilot a radio-controlled toy car. "It's like the opera singer who hits the note to break a wine glass, only in our case, we can spell out words" and enter commands rather than just shut down the phone, said Kevin Fu, an author of the paper, who is also an associate professor of electrical engineering and computer science at the University of Michigan and the chief executive of Virta Labs, a company that focuses on cybersecurity in health care. "You can think of it as a musical virus."

ZDNet's Networking blog calls Firefox "the default web browser for most Linux distributions" and "easily the most popular Linux web browser" (with 51.7% of the vote in a recent survey by LinuxQuestions, followed by Chrome with 15.67%). But is it the fastest? An anonymous reader writes: ZDNet's Networking blog just ran speed tests on seven modern browsers -- Firefox, Chrome, Chromium, Opera (which is also built on Chromium), GNOME Web (formerly Epiphany), and Vivaldi (an open-source fork of the old Opera code for power-users). They subjected each browser to the JavaScript test suites JetStream, Kraken, and Octane, as well as reaction speed-testing by Speedometer and scenarios from WebXPRT, adding one final test for compliance with the HTML5 standard.

The results? Firefox emerged "far above" the other browsers for the everyday tasks measured by WebXPRT, but ranked near the bottom in all of the other tests. "Taken all-in-all, I think Linux users should look to Chrome for their web browser use," concludes ZDNet's contributing editor. "When it's not the fastest, it's close to being the speediest. Firefox, more often than not, really isn't that fast. Of the rest, Opera does reasonably well. Then, Chromium and Vivaldi are still worth looking at. Gnome Web, however, especially with its dreadful HTML 5 compatibility, doesn't merit much attention."
The article also reports some formerly popular Linux browsers are no longer being maintained, linking to a KDE forum discussion that concludes that Konqueror and Rekonq "are both more or less dead."

Rumors were true. Nokia did launch its 3310 handset at MWC. It's been almost 17 years since the 3310 first came out. In that time the Nokia brand has been bought, sold, and stripped for parts. From a report on Wired: The 3310 is still very much a feature phone. It has a web browser, but only barely -- it's a dumbed-down version of Opera, basically there for emergency tweeting. It exists for you to make phone calls, send texts the way you did a decade ago (T9 FTW!), and play Snake. The 3310 weighs less than three ounces, and its battery lasts an absurd 31 days in standby time, or up to 22 hours of talk time. The new 3310 has a camera, for one thing, a 2-megapixel shooter. It also has a 2.4-inch, 240x320 screen, which is hilariously small and low-res but still a huge improvement over the original. It is priced at 49 Euros ($51). Also at the event, Sony announced that it is not done with putting a 4K screen on smartphones. From a report on The Verge: The XZ Premium has the world's first 4K HDR (2,160 x 3,840, High Dynamic Range) display in a smartphone. Sony has the latest and best Qualcomm chip while others are still offering the Snapdragon 820 and 821, but the Xperia XZ Premium won't be out until late spring or just ahead of the summer. Hell, the demo units shown off ahead of MWC weren't running anywhere close to final software -- so Sony is pre-announcing its new flagship device by a long margin. Other notable features include water resistance, rated to IP65 and IP68, a thinner profile at 7.9mm, and MicroSD storage expandability. The phone's battery is a reasonable 3,230mAh, and there's a fingerprint sensor integrated into the side-mounted power button as usual.

Google has uploaded its Chrome for iOS code into the open-source Chromium repository. In other words, Chrome for iOS has now been open-sourced like Chrome for other platforms, letting anyone examine, modify, and compile the project. From a report: Chromium is the open-source Web browser project that shares much of the same code as Google Chrome, and new features are often added there first. Google intended for Chromium to be the name of the open-source project, while the final product name would be Chrome, but developers have taken the code and released versions under the Chromium name. Eventually, many browser makers started using it as a starting point; Opera, for example, switched its browser base to Chromium in 2013. Since its inception, Chromium was a desktop-only affair. That changed in May 2015 with the open-sourcing of Chrome for Android.

Catalin Cimpanu, writing for BleepingComputer: An unknown third-party has leaked the source code of the old Opera Presto browser engine on GitHub, and later on Bitbucket, two services for hosting and sharing source code online. Opera Presto is the layout engine at the heart of the old Opera browser. Opera Software used Presto between Opera 7 and Opera 14 and replaced Presto with Blink, Chrome's layout engine, in Opera 15, released in May 2013. Despite its removal from the company's main product, Opera engineers continued to use Opera Presto for the Opera Mini and Opera Mobile browsers. According to timestamps, the Opera Presto source code was first uploaded on GitHub but was taken down last Friday, on January 13, after Opera's lawyers filed a DMCA request.

An anonymous reader quotes a report from BleepingComputer: A team of researchers from universities across the U.S. has identified different fingerprinting techniques that can track users when they use different browsers installed on the same machine. Named "cross-browser fingerprinting" (CBF), this practice relies on new technologies added to web browsers in recent years, some of which had been previously considered unreliable for cross-browser tracking and only used for single browser fingerprinting. These new techniques rely on making browsers carry out operations that use the underlying hardware components to process the desired data. For example, making a browser apply an image to the side of a 3D cube in WebGL provides a similar response in hardware parameters for all browsers. This is because the GPU card is the one carrying out this operation and not the browser software. According to the three-man research team led by Assistant Professor Yinzhi Cao from the Computer Science and Engineering Department at Lehigh University, the following browser features could be (ab)used for cross-browser fingerprinting operations: [Screen Resolution, Number of CPU Virtual Cores, AudioContext, List of Fonts, Line, Curve, and Anti-Aliasing, Vertex Shader, Fragment Shader, Transparency via Alpha Channel, Installed Writing Scripts (Languages), Modeling and Multiple Models, Lighting and Shadow Mapping, Camera and Clipping Planes.] Researchers used all these techniques together to test how many users they would be able to pin to the same computer. For tests, researchers used browsers such as Chrome, Firefox, Edge, IE, Opera, Safari, Maxthon, UC Browser, and Coconut. Results showed that CBF techniques were able to correctly identify 99.24% of all test users. Previous research methods achieved only a 90.84% result.

Opera today announced it's launching a new browser called Opera Neon. From a report on Engadget:It's a separate "concept" browser that shows where software could go. It's much more visual, with an uncluttered look, tabs and shortcuts as bubbles and a side control bar that largely gets out of your way. However, the real fun starts when you want to juggle multiple sites -- this is more of an intelligent desktop than your usual web client. If you want to have two pages running side by side, it's relatively easy: you drag one of your open tabs to the top of the window, creating a split view much like what you see in Windows or the multi-window modes on mobile devices. Also, Neon acknowledges that your browser can frequently double as a media player. You can listen to tunes in the background, or pop out a video in order to switch websites while you watch. These aren't completely novel concepts all by themselves, but it's rare to see all of them in a browser at the same time.

An anonymous reader quotes Bleeping Computer: Browser autofill profiles are a reliable phishing vector that allow attackers to collect information from users via hidden form fields, which the browser automatically fills with preset personal information and which the user unknowingly sends to the attacker when he submits a form... Finnish web developer Viljami Kuosmanen has published a demo on GitHub... A user looking at this page will only see a Name and Email input field, along with a Submit button. Unless the user looks at the page's source code, he won't know that the form also contains six more fields named Phone, Organization, Address, Postal Code, City, and Country. If the user has an autofill profile set up in his browser, if he decides to autofill the two visible fields, the six hidden fields will be filled in as well, since they're part of the same form, even if invisible to the user's eye.

Browsers that support autofill profiles are Google Chrome, Safari, and Opera. Browsers like Edge, Vivaldi, and Firefox don't support this feature, but Mozilla is currently working on a similar feature.

EFF's "Deeplinks" blog has published nearly two dozen "2016 in Review" posts over the last nine days, one of which applauds 2016 as "a great year for adoption of HTTPS encryption for secure connections to websites." An anonymous reader writes: In 2016 most pages viewed on the web were encrypted. And over 21 million web sites obtained security certificates -- often for the first time -- through Let's Encrypt. But "a sizeable part of the growth in HTTPS came from very large hosting providers that decided to make HTTPS a default for sites that they host, including OVH, Wordpress.com, Shopify, Tumblr, Squarespace, and many others," EFF writes. Other factors included the support of Transport Layer Security (TLS) 1.3 by Firefox, Chrome, and Opera.
Other "2016 in Review" posts from EFF include Protecting Net Neutrality and the Open Internet and DRM vs. Civil Liberties. Click through for a complete list of all EFF "2016 in Review" posts.

Designer Ilya Birman writes: I understand why rendering a complicated layout may be slow. Or why executing a complicated script may be slow. Actually, browsers are rather fast doing these things. If you studied programming and have a rough idea about how many computations are made to render a page, it is surprising the browsers can do it all that fast. But I am not talking about rendering and scripts. I am talking about everything else. Safari may take a second or two just to open a new blank tab on a 2014 iMac. And with ten or fifteen open tabs it eventually becomes sluggish as hell. Chrome is better, but not much so. What are they doing? The tabs are already open. Everything has been rendered. Why does it take more than, say, a thousandth of a second to switch between tabs or create a new one? Opening a 20-megapixel photo from disk doesn't take any noticeable amount of time, it renders instantaneously. Browsers store their stuff in memory. Why can't they just show the pixels immediately when I ask for them? [...] Unfortunately, modern browsers are so stupid that they reload all the tabs when you restart them. Which takes ages if you have a hundred of tabs. Opera was sane: it did not reload a tab unless you asked for it. It just reopened everything from cache. Which took a couple of seconds. Modern browsers boast their rendering and script execution performance, but that's not what matters to me as a user. I just don't understand why programmers spend any time optimising for that while the Chrome is laughably slow even by ten-years-old standards.Do you agree with Birman? If yes, why do you think browsers are generally slow today?

Earlier this month, Opera announced a new interesting feature with Opera 43 developer that predicts the website you're about to go to. The company explains: There are two ways we can predict what page the user will soon load. When the current page tells us so, and when we can determine from the users actions that they are about to load something. Pages can use the tag, and for instance Google uses that for search results if they are pretty sure of what you will load next. When someone writes in the address bar they are humanly slow. Sometimes it is obvious what they will write after just 1-2 characters but they will just keep writing or arrowing through suggestions for millions or billions of wasted clock cycles. We expect this feature to results in an average of 1 second faster loads from the address bar. The company insists that this feature saves time and energy without compromising the security. What's your thought?

Opera web browser's 'Turbo Mode' is designed to speed up browsing. As a side effect, it also bypasses website blocks, something popular with pirates. However, it appears that the company has been in talks to integrate a blacklist which could stop access to blocked domains. From a report on TorrentFreak: It transpires that earlier this year, Opera's owners were approached by Russian telecoms watchdog Roskomnadzor who aired concerns about the browser's ability to unblock banned sites. It was suggested that Opera should introduce some kind of filtering/blacklist mechanism to disallow blocked sites from accessing 'Turbo Mode.' Russian publication Kommersant says that it was able to confirm the nature of the discussions with sources within Opera. And according to Roskomnadzor's Vadim Ampelonsky, a meeting took place between the parties early in the fall. Ampelonsky says that discussion surrounded the technical issues of keeping blocked sites inaccessible when 'Turbo Mode' is activated. Representatives from Opera reportedly confirmed that this kind of filtering is possible. "We are ready to periodically send a list of sites to enter into such a filter at the conclusion of a bilateral agreement [with Opera]," Ampelonsky says, adding that discussions continue.

Reader dryriver writes: There is no shortage of internet websites these days that peddle "information", "knowledge", "analysis", "explanations" or even supposed "facts" that don't hold up to even the most basic scrutiny -- one quick trip over to Wikipedia, Snopes, an academic journal or another reasonably factual/unbiased source, and you realize that you've just been fed a triple dose of factually inaccurate horsecrap masquerading as "fact". Unfortunately, many millions of more naive internet users appear to frequent sites daily that very blatantly peddle "untruths", "pseudo-facts" or even "agitprop-like disinformation", the latter sometimes paid for by someone somewhere. No small number of these more gullible internet users then wind up believing just about everything they read or watch on these sites, and in some cases cause other gullible people in the offline world to believe in them too. Now here is an interesting idea: What if your internet browser -- whether Edge, Firefox, Chrome, Opera or other -- was able provide an "information accuracy rating" of some sort when you visit a certain URL. Perhaps something like "11,992 internet users give this website a factual accuracy rating of 3.7/10. This may mean that the website you are visiting is prone to presenting information that may not be factually accurate." You could also take this 2 steps further. You could have a small army of "certified fact checkers" -- people with scientific credentials, positions in academia or similar -- provide a rolling "expert rating" on the very worst of these websites, displayed as "warning scores" by the web browser. Or you could have a keyword analysis algorithm/AI/web crawler go through the webpage you are looking at, try to cross-reference the information presented to you against a selection of "more trusted sources" in the background, and warn you if information presented on a webpage as "fact" simply does not check out. Is this a good idea? Could it be made to work technically? Might a browser feature like this make the internet as a whole a "more factually accurate place" to get information from?That's a remarkable idea. It appears to me that many companies are working on it -- albeit not fast enough, many can say. Google, for instance, recently began adding "Fact check" to some stories in search results. I am not sure how every participating player in this game could implement this in their respective web browsers though. Then there is this fundamental issue: the ability to quickly check whether or not something is indeed accurate. There's too much noise out there, and many publications and blogs report on things (upcoming products, for instance) before things are official. How do you verify such stories? If the NYTimes says, for instance, Apple is not going to launch any iPhone next year, and every website cites NYTimes and republishes it, how do you fact check that? And at last, a lot of fake stories circulate on Facebook. You may think it's a problem. Obama may think it's a problem, but does Facebook see it as a problem? For all it care, those stories are still generating engagement on its site.

According to multiple reports, Web of Trust, one of the top privacy and security extensions for web browsers with over 140 million downloads, collects and sells some of the data of its users -- and it does without properly anonymizing it. Upon learning about this, Mozilla, Google and Opera quickly pulled the extension off their respective extension stores. From a report on The Register: A browser extension which was found to be harvesting users' browsing histories and selling them to third parties has had its availability pulled from a number of web browsers' add-on repositories. Last week, an investigative report by journalists at the Hamburg-based German television broadcaster, Norddeutscher Rundfunk (NDR), revealed that Web of Trust Services (WoT) had been harvesting netizens' web browsing histories through its browser add-on and then selling them to third parties. While WoT claimed it anonymised the data that it sold, the journalists were able to identify more than 50 users from the sample data it acquired from an intermediary. NDR quoted the data protection commissioner of Hamburg, Johannes Caspar, criticising WoT for not adequately establishing whether users consented to the tracking and selling of their browsing data. Those consent issues have resulted in the browser add-on being pulled from the add-on repositories of both Mozilla Firefox and Google Chrome, although those who have already installed the extension in their browsers will need to manually uninstall it to stop their browsing being tracked.

Opera has long advertised its free VPN service Opera Max to customers. But it looks like, the company isn't pleased with users keeping its servers at work at all times. Over the last few days, according to a report on AndroidPolice, Opera Max has introduced ads on its apps, as well as links to sponsored apps. But the company is not done yet. It now requires a user to go back to the app and "add time" to the free VPN service every 12 hours if they wish to continue the service. Adding time doesn't cost anything, but it will subject users to an ad on each occasion.

For the first time ever, secure HTTPS encryption was used for over half the pageloads served to Mozilla users, representing a big milestone for encryption. TechCrunch reports on the telemetry data tweeted by the Head of Let's Encrypt: Mozilla, which is one of the organizations backing Let's Encrypt, was reporting that 40% of page views were encrypted as of December 2015. So it's an impressively speedy rise...

The Let's Encrypt initiative, which exited beta back in April, is doing some of that work by providing sites with free digital certificates to help accelerate the switch to HTTPS. According to [co-founder Josh] Aas, Let's Encrypt added more than a million new active certificates in the past week -- which is also a significant step up. In the initiative's first six months (when still in beta) it only issued around 1.7 million certificates in all.
The "50% HTTPS" figure is just a one-day snapshot, and it's from "only a subset of Firefox users who are running Mozilla's telemetry browser...not default switched on for most Firefox users (only for users of pre-release Firefox builds)." But the biggest caveat is it's only counting Firefox users, which in July represented just 7.7% of web surfers (according to Statista), behind both Chrome (49.5%) and Safari (13.68%) -- but also ahead of Internet Explorer (5.4%) and Opera (5.99%).

An anonymous reader writes from a report via Softpedia: A security bug in Google's V8 JavaScript engine is indirectly affecting around one in 16 Android devices, impacting smartphone models from all major vendors, such as LG, Samsung, Motorola, and Huawei. Despite this bug being public for more than a year, only in August 2016 have Chinese security researchers discovered that the V8 issue also affected a whole range of Android-related products where the older V8 engine versions had been deployed. Affected products included Google Chrome Mobile, Opera Mobile, apps that use the WebView component (Gmail, Facebook, Twitter, WeChat, etc.) and apps that deploy the Tencent X5.SDK (a bunch of Chinese apps). It is estimated that around one in 16 Android devices is vulnerable to this issue, nicknamed BadKernel. The flaw leads to a RCE on Android devices, allowing attackers to take full control over one's smartphone. Despite BadKernel being discovered in August 2016, because all research was only published in Chinese, most E.U. and U.S. users have no clue they might be affected. One of the best ways to protect yourself, as noted in the report, is to keep your apps and operating system updated. You can view this list via Trustlook's website to see if your device is affected. There's also a dedicated BadKernel security scanner you can download from the Play Store to check for the vulnerability.

Earlier this year, Microsoft announced that it had sold Nokia's remaining feature phone business to FIH Mobile, a subsidiary of Foxconn, for $350 million. Today, Microsoft unveiled the Nokia 216 feature phone, dispelling rumors that it would stop making Nokia phones. The Verge reports: The new Nokia 216 is one of the most basic phones that Microsoft manufactures, and it will be available in India next month for around $37. It includes a 2.4-inch QVGA display, with 0.3-megapixel cameras at the front and rear, running on the Series 30 OS with the Opera mini browser. It even has a headphone jack. It's easy to understand why Microsoft continues to create feature phones, as the company still sells millions of them every month. Microsoft previously hoped that feature phone users would create a Microsoft account and become part of the Microsoft ecosystem, but it's not clear whether the millions of feature phone users ever actually did that. Microsoft hinted earlier this year that it's planning to kill off its Lumia smartphones, and recent rumors have suggested that the Lumia brand will die off toward the end of the year.

Earlier this year, Microsoft said that its Edge browser was more power efficient than Google's Chrome, a claim that Google refuted with its own findings. But the debate isn't over. An anonymous reader writes: Microsoft is at it again -- touting Edge as the most battery-efficient browser on Windows 10. The company has rerun its battery tests from the previous quarter using the latest versions of the major browsers, open-sourced its lab test on GitHub, and published the full methodology. But this time, Microsoft says it also replicated one of Google's tests to show that Edge lasts longer than Chrome, Firefox, and Opera.

An anonymous reader writes: Someone broke into Opera's servers. The Opera browser has a handy feature for synchronizing browsing data across different devices. Unfortunately, some of the passwords and login information used to enable the feature may have been stolen from Opera's servers. Opera's sync service is used by around 1.7 million people each month. Overall, the browser has 350 million users. The Norwegian firm told its users that someone had gained access to the Opera sync system, and "some of our sync users' passwords and account information, such as login names, may have been compromised." As a result, Opera had to reset all the passwords for the feature, meaning users will need to select new ones.