Tag Archives: browser

Technology

The PalmPilot Returns, This Time In Your Browser

Leave a comment

The PalmPilot doesn’t seem to get much retrocomputing love, but maybe it should. After all, it might not have been the very first handheld, but it was probably the most successful, and that ultimately led to the era of the smartphone. Whether you miss your old Palm applications, or never got to experience them the first time around, fear not. You can now relive them in all their glory in your browser thanks to the Internet Archive project.

There are over 500 applications and games all running in a browser-based emulator. Some of the programs don’t seem to work well, and some don’t make sense in the context of a virtual environment. But many work fine, and if you want the classic apps, just open up anything and press the home button. If you want a review of the Palm IIIe PDA from 1999, check out [VWestlife’s] video, below.

The Grafitti handwriting recognition system was state-of-the-art for the day. The key was the system could more easily recognize printing if it were mostly single strokes that always worked the same way. For example, the “A” had no crossbar and the “F” was missing the bottom horizontal line. As much as possible, you make letters with a single stroke and there was only one way to form each letter. Good times!

What was high tech back then you can now build out of spare parts. If you happen to have a Palm, you might consider giving it a much-needed backlight.

Read original article here

Technology

Why The Browser Company’s Darin Fisher thinks it’s time to reinvent the browser

Leave a comment

Darin Fisher has built a lot of web browsers. A lot of web browsers. He was a software engineer at Netscape early in his career, working on Navigator and then helping turn that app into Firefox with Mozilla. Then, he went to Google and spent 16 years building Chrome and ChromeOS into massively successful products. Last year, he left Google for Neeva, where he worked on ways to build a browser around the startup’s search engine. And now, he’s leaving Neeva to join The Browser Company and work on Arc, one of the hottest new browsers on the market.

Arc, which has been in an invite-only beta for more than a year, is trying to rethink the whole browser UI. It has a sidebar instead of a row of tabs, offers a lot of personalization options, and is meant for people who live their computing life in a browser (which is increasingly most people). CEO Josh Miller often talks about building “the internet computer,” too, and using the browser as a way to make the internet more useful.

Fisher has been an advisor to The Browser Company for a while, but Monday is his first official day at the company as a software engineer. Ahead of his new gig, Fisher and I got on a call to talk about why he thinks browsers are due for a reinvention — and why he thinks a startup is the best place to do it.

The answer starts with the browser’s defining feature: tabs. Fisher doesn’t hate tabs — in fact, he helped popularize them. But he hates that using a modern browser involves opening a million of them, not being able to find them again, and eventually just giving up and starting all over again. “I remember when tabbed browsing was novel,” Fisher says, “and helped people feel less cluttered because you don’t have as many windows.” But now, “even when I use Chrome,” Fisher says, “I get a bunch of clutter. At some point, I just say, ‘Forget it, I’m not even going to bother trying to sort through all these tabs. If it’s important, I’ll open it again.’” Browsers need better systems for helping you manage tabs, not just open more of them.

Fisher’s stance is not exactly controversial, and few would disagree with the idea that there are bound to be better ways to organize a browser. But it’s really hard to make changes to any app once it hits a certain level of scale and maturity. Just look at Safari on iOS, Fisher says: when Apple moved the URL bar from the top of the screen to the bottom, users freaked out. “But why was [Apple] motivated to do that? Well, you’re on a phone, and your thumbs are at the bottom, not the top. And so you want to access the tabs, the URL bar — having all the controls down at the bottom is a lot more convenient.” It was better, but it was different, and different is bad. Fisher’s team at Google once ran a similar test on Chrome, he says, to similar ends. “It was hard to make that change because users struggled to make that change.” 

But the even more intractable problem, at least for the Chrome team, is that building a great web browser isn’t Google’s only goal. Chrome exists in large part to put a search engine front and center, which Fisher describes to me as like “a brick wall” for all kinds of browser innovation. “Anything we did that helps you get back to what you were doing, it means you weren’t searching, right?” Fisher says. Better tab management means less searching; sending you straight to the page you want means fewer search results and fewer ad impressions. Making you close your tabs and reopen them all the time isn’t just acceptable for Chrome; it’s a victory. Fisher and his team had lots of UI ideas and new features, but “all these good ideas die on the floor.”

What the iPhone did for native apps, Arc hopes to do for web apps

The best way to improve the browser, Fisher ultimately decided, is to just start from scratch. Arc is full of new ideas about how web browsers can work: it combines bookmarks and tabs into one app switcher-like concept; it makes it easy to search among your open tabs; it has built-in tools for taking notes and making shareable mini websites. The experience can be jarring because it’s so different, but Fisher says that’s part of what he’s excited about. “This is not stuff people haven’t talked about before,” he says, “but actually putting it together and focusing on it and thinking about the small steps that go a long way, I think that’s where there’s so much opportunity.”

The last couple of years have been boom times for browser lovers in general. Some developers are beginning to sour on making apps for every platform and are turning back to making web apps, while users are looking for new ways to manage their online lives across devices and platforms. As a result, a number of companies have been vying to replace Chrome and Safari with their own ideas. Brave doesn’t mess with the UI but is trying to rethink the privacy and business models for browsers; Sidekick is turning the browser into an app switcher a la the iPhone’s homescreen; DuckDuckGo is building a desktop browser to go along with its privacy-focused search engine. Most of these browsers are built on the same Chromium infrastructure that powers Chrome, which means they can implement new ideas without breaking the web.

Fisher likes to compare a browser to an operating system, which matches with The Browser Company’s idea that Arc isn’t just a browser but rather an iOS-like system for the open web. “It has task management UI, it has UI for creating and starting a journey, but there’s so much more in between,” he says. What the iPhone did for native apps, Arc hopes to do for web apps. Fisher says he’s interested in improving the way files move around the internet, for instance, finding a better way than the constant downloading and uploading we all do all day. He likes that Arc has a picture-in-picture mode that works by default, pulling your YouTube video out when you switch tabs. All these make the web feel more connected and cohesive rather than just a bunch of tabs in a horizontal line.

This is, by the way, another idea that is decidedly not new. ChromeOS, which Fisher also helped create, was also an attempt to make a desktop OS from the browser. “But what ChromeOS didn’t do,” he says, “is really reimagine how you experienced the web. It’s still just the Chrome browser.” It put a browser on the desktop without really considering how the two should interact. Another Google project, the Fuchsia operating system, aimed much higher — combining Android and ChromeOS into a fully native and connected system — but hasn’t yet really panned out.

Mobile is another place Fisher says browsers have woefully underserved their users and may turn out to be an even trickier problem to solve. “The experience of using a mobile device is very much as if somebody took a Netscape browser and just shrunk it down onto a phone.” Managing tabs is even worse on mobile, and there’s practically nothing in the way of tools that help people quickly move between things and find information. 

In some ways, though, mobile represents an even harder surface on which to make progress. Because Apple and Google so tightly control their operating systems, there’s no way to build a Chromium browser and ship it to people’s smartphones. Android and iOS are both so focused on native apps that they seem to have largely left the browser behind. But here, too, there’s energy in the other direction. As Apple, in particular, continues to lock down the OS and try to extract even more revenue from developers and users, the web is an increasingly useful solution. Microsoft built game streaming that works in Safari; you can pay for apps in a browser without giving Apple 30 percent. 

There are plenty of big, thinky ideas in Fisher’s head about how to make browsers better and change the internet in the process, but there’s also a lot of low-hanging fruit. On mobile, in particular, he says, “there are so many opportunities because the starting point is so archaic.” He’s vague on the details of his plans — and The Browser Company hasn’t really started working on a mobile browser yet anyway — but says that’s a big focus for him going forward.

a:hover]:text-black [&>a]:shadow-underline-gray-63 [&>a:hover]:shadow-underline-black text-gray-63″>Image: The Browser Company / David Pierce

Most immediately, he says he’s eager to find simple ways to make the internet work better for people. We have to be able to do better than windows full of tabs, right? Fisher uses the phrase “don’t boil the ocean” a bunch of times during our conversation while explaining a lot of low-touch ways to make the internet more usable: personalizing things so your browser feels more like it’s yours; improving sync so you can access all your stuff everywhere; making things easier to find and move between; adding more tools so you can take notes or save things without needing a whole separate app. 

The Browser Company is already working on a lot of the things Fisher is interested in. That’s why he says he joined the company and joined it as a software engineer rather than a big-shot exec. He wants to muck around in the codebase, to build things himself as Arc goes from invite-only Mac app to cross-platform operating system in the coming months. There are a lot of new ideas in the app, many of which are bad and some of which might change everything. That’s Fisher’s sweet spot. “There’s lots of challenges and obstacles for Arc to be successful, and I’m eager to go work on those problems,” he says.

In talking to Fisher, it’s clear that he sees an opportunity to finally build the browser he’s been wanting to build for years. With none of the shackles of Chrome’s market share or Google’s business model and none of the cruft that inevitably comes with decades of things working pretty much the same way, he’s free to try new things in new ways. Some of which he’s been thinking about for decades.

Read original article here

Technology

Major New Google Chrome Security Bug: You Need to Update Your Browser ASAP

Leave a comment

If you’re using Google Chrome or a Chromium-based browser — whether on MacOS, Windows or Linux — it’s time to check for a critical security update. On Friday, Google released a Chrome update to patch a significant vulnerability that is actively being exploited in ongoing cyberattacks. Google urged users on all operating systems to update Chrome as soon as possible.  

The security lapse involves a collection of back-end libraries called Mojo, which are used by Chromium-based browsers, including Opera, Brave and Microsoft Edge. The zero-day vulnerability is classified as high severity and has been labeled CVE-2022-307. Google’s update patch fixes the vulnerability and updates your current version of Chrome to version 105.0.5195.102. 

If you haven’t applied a recent update — or if your updates aren’t automatically enabled — here’s how to check your version of Chrome and get updated quickly. 

Read more: Change These Browser Settings to Boost Your Privacy

How to update Chrome on Android 

By default, Android phones and tablets are set to allow Google Chrome to automatically check for and install updates. If you’ve disabled this setting, you can easily reenable it by opening your Play Store app, selecting Google Chrome, then tapping the three-dot menu on the app’s Play Store page to open your update settings. 

Here’s how to check whether your Google Chrome app is updated in Android. 

1. Open your Play Store app. In the top right corner, tap your profile icon. 

2. Tap Manage apps & device to bring up the Overview tab.

3. The second option on the Overview tab will either say All apps up to date or Updates available. If you see Updates Available, tap it.

4. In the list of apps that appears, find Google Chrome. Beside the app’s name, tap Update.

How to update Chrome on iPhone or iPad

For App Store users, Google Chrome should be automatically set to search for and install app updates. Here’s how to manually check whether updates have been applied. 

1. Open the App Store app on your iPhone or iPad.

2. Tap Profile Properties in the top right corner (that’s your circular profile icon). This will open a screen labelled Account. Scroll down to Available Updates.

3. Search for Google Chrome. If Chrome is listed, tap Update to install the latest browser updates. You may be asked to provide the App Store with your Apple ID and password. If so, supply them and the updates will begin downloading and installing. 

If Chrome isn’t listed under Available Updates, you can also go to Google Chrome in the App Store. If an option to update Chrome appears, you can tap the button to begin updating. Alternately, you can update Google Chrome from within the iPhone Chrome app itself. 

1. Open Chrome, and in the bottom right corner of the app, tap the three-dot More menu. 

2. From the screen that pops up, scroll all the way to the right to find, and then tap, Settings.

3. Scroll down to Safety Check and tap it. In the new Safety Check menu that shows up, tap Check now. From here, Chrome will begin updating if a newer version is available. 

How to update Chrome on desktop

Whether you’re using MacOS or Windows, your Google Chrome update process is the same. Here’s how to check for updates and get them installed quickly. 

1. On your computer or laptop, open Google Chrome and click on the More menu found in the top right corner of the browser (it looks like three dots, stacked vertically).

2. Here you’ll be able to see if an update has recently been released. If you see a green icon, an update was released less than two days ago. An orange icon means there’s been a pending update for four days now. And a red icon means an update has been waiting for you for at least a week. 

3. Near the bottom of the More menu, click Help and then click About Google Chrome

4. In the new screen that opens, click the Update Google Chrome button. Can’t find the button? Great. That means you’re already up to date. 

5. If you’ve clicked the Update Google Chrome button, finish by clicking Relaunch

Chrome will now restart and you’ll be totally up to date.

Read original article here

Technology

TikTok Browser Can Track Users’ Keystrokes, According to New Research

Leave a comment

The web browser used within the TikTok app can track every keystroke made by its users, according to new research that is surfacing as the Chinese-owned video app grapples with U.S. lawmakers’ concerns over its data practices.

The research from Felix Krause, a privacy researcher and former Google engineer, did not show how TikTok used the capability, which is embedded within the in-app browser that pops up when someone clicks an outside link. But Mr. Krause said the development was concerning because it showed TikTok had built in functionality to track users’ online habits if it chose to do so.

Collecting information on what people type on their phones while visiting outside websites, which can reveal credit card numbers and passwords, is often a feature of malware and other hacking tools. While major technology companies might use such trackers as they test new software, it is not common for them to release a major commercial app with the feature, whether or not it is enabled, researchers said.

“Based on Krause’s findings, the way TikTok’s custom in-app browser monitors keystrokes is problematic, as the user might enter their sensitive data such as login credentials on external websites,” said Jane Manchun Wong, an independent software engineer and security researcher who studies apps for new features.

She said TikTok’s in-app browser could “extract information from the user’s external browsing sessions, which some users find overreaching.”

In a statement, TikTok, which is owned by the Chinese internet firm ByteDance, said Mr. Krause’s report was “incorrect and misleading” and that the feature was used for “debugging, troubleshooting and performance monitoring.”

“Contrary to the report’s claims, we do not collect keystroke or text inputs through this code,” TikTok said.

Mr. Krause, 28, said he was unable to ascertain whether keystrokes were actively being tracked, and whether that data was being sent to TikTok.

The research could raise questions for TikTok in the United States, where government officials have scrutinized whether the popular app could endanger U.S. national security by sharing information about Americans with China. Although debate in Washington about the app had receded under the Biden administration, new concerns have boiled over in recent months after revelations from BuzzFeed News and other news outlets about TikTok’s data practices and ties to its Chinese parent.

Apps sometimes use in-app browsers to prevent people from visiting malicious sites or to make online browsing easier with the auto-filling of text. But while Facebook and Instagram can use in-app browsers to track data like what sites a person visited, what they highlighted and which buttons they pressed on a website, TikTok goes further by using code that can track each character entered by users, Mr. Krause said.

A spokesman for Meta, the parent company for Facebook and Instagram, declined to comment.

Mr. Krause said he carried out the research on TikTok only on Apple’s iOS operating system and noted that the keystroke tracking would only occur within the in-app browser.

As with many apps, TikTok offers few chances for people to click away from its service. Instead of redirecting to mobile web browsers like Safari or Chrome, an in-app browser appears when users click on ads or links embedded within the profiles of other users. These are often the moments people enter key information like credit card details or passwords.

In a CNN interview in July, Michael Beckerman, a TikTok policy executive, denied that the company logs users’ keystrokes but acknowledged monitoring their patterns, such as typing frequency, to safeguard against fraud.

Mr. Krause said he feared those tools had “very similar architectures” and could be repurposed to track keystroke content.

“The problem is they have infrastructure set up to do this stuff,” he said.

Read original article here

Technology

TikTok’s In-App Browser Reportedly Capable of Monitoring Anything You Type

Leave a comment

TikTok’s custom in-app browser on iOS reportedly injects JavaScript code into external websites that allows TikTok to monitor “all keyboard inputs and taps” while a user is interacting with a given website, according to security researcher Felix Krause, but TikTok has reportedly denied that the code is used for malicious reasons.

Krause said TikTok’s in-app browser “subscribes” to all keyboard inputs while a user interacts with an external website, including any sensitive details like passwords and credit card information, along with every tap on the screen.

“From a technical perspective, this is the equivalent of installing a keylogger on third party websites,” wrote Krause, in regards to the JavaScript code that TikTok injects. However, the researcher added that “just because an app injects JavaScript into external websites, doesn’t mean the app is doing anything malicious.”

In a statement shared with Forbes, a TikTok spokesperson acknowledged the JavaScript code in question, but said it is only used for debugging, troubleshooting, and performance monitoring to ensure an “optimal user experience.”

“Like other platforms, we use an in-app browser to provide an optimal user experience, but the Javascript code in question is used only for debugging, troubleshooting and performance monitoring of that experience — like checking how quickly a page loads or whether it crashes,” the statement said, according to Forbes.

Krause said users who wish to protect themselves from any potential malicious usage of JavaScript code in in-app browsers should switch to viewing a given link in the platform’s default browser if possible, such as Safari on the iPhone and iPad.

“Whenever you open a link from any app, see if the app offers a way to open the currently shown website in your default browser,” wrote Krause. “During this analysis, every app besides TikTok offered a way to do this.”

Facebook and Instagram are two other apps that insert JavaScript code into external websites loaded in their in-app browsers, giving the apps the ability to track user activity, according to Krause. In a tweet, a spokesperson for Facebook and Instagram parent company Meta said that the company “intentionally developed this code to honor people’s App Tracking Transparency (ATT) choices on our platforms.”

Krause said he created a simple tool that allows anyone to check if an in-app browser is injecting JavaScript code when rendering a website. The researcher said users simply need to open an app they wish to analyze, share the address InAppBrowser.com somewhere inside the app (such as in a direct message to another person), tap on the link inside the app to open it in the in-app browser, and read the details of the report shown.

Apple did not immediately respond to a request for comment.



Read original article here

Technology

Update Google Chrome Browser to Patch New Zero-Day Exploit Detected in the Wild

Leave a comment

Google on Monday shipped security updates to address a high-severity zero-day vulnerability in its Chrome web browser that it said is being exploited in the wild.

The shortcoming, tracked as CVE-2022-2294, relates to a heap overflow flaw in the WebRTC component that provides real-time audio and video communication capabilities in browsers without the need to install plugins or download native apps.

Heap buffer overflows, also referred to as heap overrun or heap smashing, occur when data is overwritten in the heap area of the memory, leading to arbitrary code execution or a denial-of-service (DoS) condition.

“Heap-based overflows can be used to overwrite function pointers that may be living in memory, pointing it to the attacker’s code,” MITRE explains. “When the consequence is arbitrary code execution, this can often be used to subvert any other security service.”

Credited with discovering and reporting the flaw on July 1, 2022, is Jan Vojtesek from the Avast Threat Intelligence team. It’s worth pointing out that the bug also impacts the Android version of Chrome.

As is usually the case with zero-day exploitation, details pertaining to the flaw as well as other specifics related to the campaign have been withheld to prevent further abuse in the wild and until a significant chunk of users are updated with a fix.

CVE-2022-2294 also marks the resolution of the fourth zero-day vulnerability in Chrome since the start of the year –

Users are recommended to update to version 103.0.5060.114 for Windows, macOS, and Linux and 103.0.5060.71 for Android to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.

'+n+'...
'+a+"...
"}s+="",document.getElementById("result").innerHTML=s}}),t=!0)})}); //]]>

Read original article here