by Paul Arnote (parnote)
'Five Eyes' Government Spy Agencies Give Tech Giants Ultimatum
Many of us have never heard of the term "Five Eyes" used in relation to government spy agencies. Well, that is until TechCrunch reported in early September about a memo from the "Five Eyes" countries that was quietly released.
So, just who are the "Five Eyes" countries, often referred to as FVEY? While you might think that the group points to a particular intelligence organization in each country, au contraire. That particular group is comprised of several spy/intelligence agencies of the United States, the United Kingdom, Canada, Australia, and New Zealand. These include the NSA, FBI, CIA, MI5, MI6 and GCHQ, among others listed here. The rest of the Wikipedia entry on FVEY is not only quite revealing, but quite troubling, as well.
The memo attempts to make the case for backdoor access to private and encrypted data from the tech giants. Amidst the language used, they gush forth on understanding the need for encryption, pontificate about their understanding of the need to protect the privacy of common citizens, blabber on about the need to protect their citizens, and wax on about "appropriate oversight."
While the language of the memo might seem innocent and very respectful of citizen's rights to privacy, just wait until you read the last paragraph of the memo. Contained therein is a not-so-subtle, non-veiled threat to get the backdoor access to the data they desire, come hell or high water.
Here's the final paragraph of the memo:
"Should governments continue to encounter impediments to lawful access to information necessary to aid the protection of the citizens of our countries, we may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions."
These are the same intelligence agencies (and governments) who routinely circumvent the restrictions and "appropriate oversights" put into place by their respective legislative bodies. They have the other four agencies or governments collect the data that the one is "restricted" from gathering on their citizens, and then sharing that "restricted" data with the fifth agency or government. It definitely is not keeping within the spirit of the restrictions and "appropriate oversights" placed into the laws governing their behavior.
So, given their track record (not to mention the data breaches they've been victims of), do these guys sound like good, trusted "stewards" of your private data?
Even more troubling is their desire to collect all data that is collectible. Instead of performing investigations the old fashioned way, they want to simply sit back in an easy chair and browse through every bit of data they can vacuum up.
Personally, if given the choice between a false sense of security (for example, the NSA's mass collection of its citizens private data or metadata has NEVER netted or revealed any terrorist plots in the past 17 years since it has been doing so ... at least, legally) and freedom, I'll choose freedom. Every. Single. Time. It is, quite simply, worth the "risk" to live my life free and as I choose. Die having lived a free, happy and fulfilling life, or die scared, afraid and cowering from every "threat," real or perceived? Now you know my answer.
Google Chrome Gets Long Overdue Update
Despite having become the most popular web browser on the planet, Google Chrome has looked pretty much the same for much of the past decade, ever since it was first released. But on September 4, Google Chrome 69 was released, celebrating its 10th birthday. This is considered a major release, and provides not only come cosmetic changes, but also applies some security fixes and adds some new features.
Probably the first thing Chrome fans will notice is that the trapezoid shaped tabs that have been present since Chrome's initial release have been replaced with rectangular tabs with rounded-off corners. Closely following will be users noticing how utterly sparse and minimalist the Chrome window looks.
Chrome also adds password management to its repertoire. Chrome's password manager will help make unique passwords for each website you visit (that wants, needs or asks for them), and stores them in the cloud. Of course, you have to be logged into your Google account in order to save your passwords. There are also reports that Chrome's password manager will not allow you to use the same password across multiple sites, which from a security standpoint, is an excellent decision.
Going hand in hand with our next topic in Short Topix, Google Chrome 69 will start weaning users off of Flash. Most browsers now ask for your permission to run Flash content, and Google Chrome is no different. Except starting with Chrome 69, it will not remember your preferences, even if you visit the same site every day or several times a day.
Users can also use the Omnibox (known as the address bar in every other browser) to search for information more quickly. You can type, for example, "current weather in Des Moines" and get the current weather conditions in Des Moines, IA. Or, as another example, you can type "Royals-Twins game score" to get the most recent score of the Kansas City Royals and Minnesota Twins baseball game. Or, as in the example above, just type the word "weath" in the Omnibox (the remaining "er" letters of the word will autofill), and the current conditions for your location will be displayed, along with other web-based resources for you to check out.
Some of the changes are OS-specific changes, like utilizing native Win10 notifications, and two finger swiping on Windows computers via the touchpad or touchscreen.
Over the past 10 years, and especially over the past five years, Google Chrome has taken considerable heat for being a memory and storage HOG (Sou-Weee!), increased battery drain on laptops, weak ad blocking (don't forget that Google's primary source of revenue is serving up ads to you), and general privacy concerns (there are multiple reports of Chrome "phoning home" to Google with everything you do). There are (at the time this article was written) no reports whether or not those deficiencies have been addressed.
There are some "under the hood" changes, as well, though. Most importantly, Chrome 69 addresses some 40 security vulnerabilities, including seven that were marked "high." Google offered a bounty to anyone who could find the bugs. They put their money behind it, paying out over $31,000 to researchers who discovered 16 of the 40 patched bugs.
Not everyone is happy, and the Chrome 69 rollout didn't happen as smoothly as the Chrome team would have liked. According to an article on the Digital Trends website, users are reporting websites that are dimmed or grayed out, Chrome downloading SWF files instead of playing them, lagging when scrolling, websites that simply won't load, sync issues, crashes and freezes, problems logging in, displaying the wrong language, not saving passwords, and crashing when opening tabs or bookmarks.
Additionally, users aren't too happy about how Chrome 69 is now hiding not only the http:// and https:// part of a web address (the address bar displays "Not Secure" with the former, and a "padlock" with the latter, just to the left of the displayed URL), but it's also now hiding the "www." part of the web address, as well. Some users feel like it's Google's attempt to push their AMP (accelerated mobile pages) technologies to replace URLs. Google even admits to looking for a replacement for URLs. Google has temporarily backed off from obscuring the http://, https:// and www parts of the URL, thanks in part to user pushback. Don't fear ... they plan to implement their changes at a later date.
I was able to confuse Chrome 69, with ease. Entering just "pclinuxos.com" in the Omnibox, Chrome 69 connected me with the unsecure http:// version of the page. The "Not Secure" message was displayed to the left of the URL. But, when I entered "https://www.pclinuxos.com" in the Omnibox, I was immediately connected to the secure version of the PCLinuxOS homepage. The "padlock" was displayed to the left of the URL. So, it would seem that Chrome 69 still isn't connecting to the preferred https:// version of a site, over the more insecure http:// version. That's odd, since Google has been a HUGE proponent of https:// over http://.
Still not enough for you? You won't have long to wait. A new version of Google Chrome comes out every six to seven weeks. Google Chrome 70 is expected to be released the week of October 14. As for me, it'll not be enough until the deficiencies listed previously are addressed in a serious way.
Adobe Officially Killing Flash by End of 2020
The angels have sung HALLELUJAH from up on high! Flash is dead! Flash is dead! Flash is dead!
Well, not quite yet. But, the end is definitely near. And it's way, way, way overdue. Adobe Flash, that scourge of the internet since 1996, is being killed off by Adobe at the end of 2020.
In the beginning, Flash was fun and exciting. There literally wasn't anything else like it, or that possessed its capabilities. But it soon lost its luster. Too many security vulnerabilities to count, too many bugs, and too many crashes all doomed it to its final resting place. At one point, it seemed there was another Flash update every single week to address yet another of its shortcomings. For some users (like myself), the frustration with Flash caused avoidance of any website that relied on its use. Besides the constant stream of faux paus from Flash, Apple started the "fall from grace" for Adobe Flash when they refused to support Flash on iOS when it was released. Since then, Flash's appeal has been on a rapid, meteoric descent.
HTML5, WebGL and WebAssembly have matured to the point that only about 5% of websites now use Flash to play music and/or videos. Both Google and Netflix have embraced HTML5 as the new standard for delivering their content that might have otherwise used Flash.
Adobe made their announcement on their blog back in 2017, but I've only recently learned of it. I have been waiting for this announcement for a very long time, so I'm not sure how I missed its announcement 15 months ago. You can read the announcement here, but below is a couple of relevant paragraphs from that announcement (just in case you want just the highlights).
"But as open standards like HTML5, WebGL and WebAssembly have matured over the past several years, most now provide many of the capabilities and functionalities that plugins pioneered and have become a viable alternative for content on the web. Over time, we've seen helper apps evolve to become plugins, and more recently, have seen many of these plugin capabilities get incorporated into open web standards. Today, most browser vendors are integrating capabilities once provided by plugins directly into browsers and deprecating plugins.
Given this progress, and in collaboration with several of our technology partners -- including Apple, Facebook, Google, Microsoft and Mozilla -- Adobe is planning to end-of-life Flash. Specifically, we will stop updating and distributing the Flash Player at the end of 2020 and encourage content creators to migrate any existing Flash content to these new open formats."
Adobe was begged for years to open source the Adobe Flash code, or at least the portions that weren't proprietary and protected. The open source community felt that they could help end the endless stream of security issues, performance issues and bugs. But, it has been theorized (and unofficially verified by former Adobe employees) that the Adobe Flash code was an unmitigated mess, and that by open sourcing the Adobe Flash code, it would have exposed Adobe's ineptitude at maintaining a proper code base and proper coding practices. In short, it would have most likely been an embarrassment to Adobe had it open sourced the Adobe Flash code.
However, had they open sourced the code, Adobe Flash might have been fun -- and relevant -- again. Had they open sourced the code, they could have exited on a high note, rather than the lowly plague it is currently viewed as. Just maybe, had they open sourced the code, Flash might have been able to continue, right alongside the other, newer technologies.
Block Ad Trackers From Following You On Firefox
Are you tired of targeted advertising when you browse the web? How about slow web performance? What about unchecked data collection by ad trackers? Well, if you fit into any of these categories -- or all three -- some new features in upcoming releases of Firefox are for you.
The features, already in the Firefox Nightly build, work to speed up page loads by blocking trackers that slow down webpage loading, strip cookies and block storage access from third party tracking content, and prevent/remove cross-site tracking.
Users can expect to start seeing these new features make their way to the mainstream release of Firefox, starting with Firefox Quantum 63. Others may not show up until Firefox Quantum 65. An August 30, 2018 Mozilla blog post contains all the details. The first enhancement will come to Firefox Quantum 63, provided that the "shield study" beta testers perform during the month of September shows what the Mozilla Firefox developers are certain it will, that automatically blocks third party trackers that slow webpage load times.
Here is the blog post:
Anyone who isn't an expert on the internet would be hard-pressed to explain how tracking on the internet actually works. Some of the negative effects of unchecked tracking are easy to notice, namely eerily-specific targeted advertising and a loss of performance on the web. However, many of the harms of unchecked data collection are completely opaque to users and experts alike, only to be revealed piecemeal by major data breaches. In the near future, Firefox will -- by default -- protect users by blocking tracking while also offering a clear set of controls to give our users more choice over what information they share with sites.
Over the next few months, we plan to release a series of features that will put this new approach into practice through three key initiatives:
Improving page load performance
Tracking slows down the web. In a study by Ghostery, 55.4% of the total time required to load an average website was spent loading third party trackers. For users on slower networks the effect can be even worse.
Long page load times are detrimental to every user's experience on the web. For that reason, we've added a new feature in Firefox Nightly that blocks trackers that slow down page loads. We will be testing this feature using a shield study in September. If we find that our approach performs well, we will start blocking slow-loading trackers by default in Firefox 63.
Removing cross-site tracking
In the physical world, users wouldn't expect hundreds of vendors to follow them from store to store, spying on the products they look at or purchase. Users have the same expectations of privacy on the web, and yet in reality, they are tracked wherever they go. Most web browsers fail to help users get the level of privacy they expect and deserve.
In order to help give users the private web browsing experience they expect and deserve, Firefox will strip cookies and block storage access from third-party tracking content. We've already made this available for our Firefox Nightly users to try out, and will be running a shield study to test the experience with some of our beta users in September. We aim to bring this protection to all users in Firefox 65, and will continue to refine our approach to provide the strongest possible protection while preserving a smooth user experience.
Mitigating harmful practices
Deceptive practices that invisibly collect identifiable user information or degrade user experience are becoming more common. For example, some trackers fingerprint users -- a technique that allows them to invisibly identify users by their device properties, and which users are unable to control. Other sites have deployed cryptomining scripts that silently mine cryptocurrencies on the user's device. Practices like these make the web a more hostile place to be. Future versions of Firefox will block these practices by default.
Why are we doing this?
This is about more than protecting users -- it's about giving them a voice. Some sites will continue to want user data in exchange for content, but now they will have to ask for it, a positive change for people who up until now had no idea of the value exchange they were asked to make. Blocking pop-up ads in the original Firefox release was the right move in 2004, because it didn't just make Firefox users happier, it gave the advertising platforms of the time a reason to care about their users' experience. In 2018, we hope that our efforts to empower our users will have the same effect.
How to Manually Enable the Protections
Do you want to try out these protections in Firefox Nightly? You can control both features from the Firefox Nightly Control Center menu, accessible on the left-hand side of the address bar. In that menu you'll see a new "Content Blocking" section. From there, you can:
- Enable the blocking of slow-loading trackers or cross-site tracking through third-party cookies by clicking "Add Blocking..." next to the respective option.
- In the "Content Blocking" preferences panel:
- Click the checkbox next to "Slow-Loading Trackers" to improve page load performance.
- Click the checkbox next to "Third-Party Cookies" and select "Trackers (recommended)" to block cross-site tracking cookies.
- You can disable these protections by clicking the gear icon in the control center and unchecking the checkboxes next to "Slow-Loading Trackers" and "Third-party Cookies".
Google Is Pulling The Plug On Inbox
Like many Google services that came before it ... Picasa, iGoogle, Google Wave, Google Buzz, Google URL shortener, etc., etc. ... the list marches onward for over a mile ... Inbox is having its plug pulled at the end of March, 2019.
Originally launched on October 22, 2014 on an invitation-only basis, and released to the public on May 28, 2015, Inbox was a playground for the Gmail team to work on new features, some of them probably a bit too "radical" for the typical Gmail user. Most of the new features Inbox delivered have already been migrated to Gmail. The remaining Inbox features that haven't yet been migrated to Gmail will most likely be introduced to Gmail users well before Google shutters the Inbox service.
With many of Inbox's new features having already found their way into the newly revised/enhanced Gmail, Google wants to focus solely on Gmail. Smart Compose is one Inbox feature that has found its way to the new Gmail. One Inbox feature, though, that hasn't been seen in the new Gmail is the "trip bundles." This feature gathers all your flight, hotel, event and car rental information into a single bundle, making it easier to access that information quickly. There is some speculation that Google plans to bring bundles to Gmail shortly after the first of the year, plenty of time before Inbox puts out the closed sign.
Strangely, it does seem that Google appears to be willing to introduce new, experimental features directly into Gmail. It makes more sense to use Inbox for the purpose it was intended (as a test bed for new Gmail features), and to roll them out there first to work out any bugs and niggles with Inbox's smaller user base, rather than to roll them out to the over 1 billion Gmail users en masse.
Many users have already commented that they are going to miss Inbox's clean user interface, as well as its handy features. Of course, features like the bundles make security and privacy concerned individuals very nervous, for obvious reasons. Meanwhile, Google has provided a guide of sorts to help users move from Inbox to Gmail.
Microsoft Bullies Chrome, Firefox Users With FUD
Let's just imagine that you're a Windows 10 user. Who knows ... maybe some of you dual boot PCLinuxOS with Windows 10. Maybe others of you run Windows 10 in VirtualBox. Or, maybe some of you are forced (perhaps at gunpoint) to use Windows 10 at your place of employment.
Well, Microsoft has sunk to a new low. They have been testing a new popup message (like there aren't enough in Windows, already) for their upcoming October 2018 update for Windows 10. Whenever a user tries to install a rival web browser (rather than using Microsoft Edge), users will get a scary warning message, pictured above.
The message appears whenever a user attempts to install the Mozilla Firefox or Google Chrome web browser/browsers, according to an article at The Verge. I know many PCLinuxOS users have multiple web browsers installed simultaneously. Linux is about choice, after all. I have five web browsers installed, myself ... Firefox, Chrome, Midori, Opera, and Slimjet.
There are many reasons to install "rival browsers" in Windows 10 (or any other OS, for that matter). First, Microsoft doesn't necessarily have the best reputation for putting out a secure, feature-packed, fast browser. Eleven-plus releases of the buggy, security nightmare Internet Explorer should make users nervous and skeptical. But users may already have used and installed a rival browser on another computer, and they want to sync their activities and bookmarks across multiple machines and platforms. Some may use a rival browser on their mobile device, where Edge won't/can't run. So, it makes sense to use something that can sync data across devices and platforms.
What Microsoft probably doesn't realize is that this tactic makes them look desperate, at least to informed users. It makes it seem that Microsoft will stoop to untold, lowly levels to keep or maintain their share of the browser market and their (lowly) position in the browser wars. To the many, many uninformed users, it may cause panic and doubts about installing a rival browser.
Shameful, Microsoft! This is just shameful behavior, and even you, Microsoft, should feel ashamed to have sunk to such a low level. Just to even consider this action is asinine, at best.
User reaction must have been bad among testers, because Microsoft has stated (at the last minute) that the warning will not be appearing in the October 2018 Windows 10 update, after all. So, Windows 10 users have been spared yet another Windows annoyance ... for the time being. But, I wouldn't be the least bit surprised to see the "warning" ... or another similar to it ... appear at a later date, in a later update.