Cross-Industry Giants Unite for Speedometer 3.0 browser benchmark

Since its inception in 2014 by the WebKit team, Speedometer has served as an essential barometer for browser engines, propelling performance enhancements to meet the escalating demands for more dynamic and seamless online experiences.

Its latest release, Speedometer 3.0, developed through the collective efforts of leading tech giants Apple, Google, Microsoft, and Mozilla, offers a refined tool to gauge web application responsiveness by emulating real-user interactions on web pages and ushers a new era for browser performance testing.

Thanks to the collaboration of the major browser engines (Blink, Gecko, and WebKit), it introduces a superior methodology for measuring performance alongside a more encompassing set of tests that mirror the complexities of the modern Web.

We often blame our Internet connection for bad “speed experiences” but it can also be from the browser, or the various extensions added. Having a good benchmark can also serve to show whether adding or removing some extensions would make any significant difference.

On my Linux PC my Brave Beta browser scored 5.83 whilst Edge Dev scored 9.45. This gives me something to work with now whilst trying a few optimisations out.

At the end of the linked article is a link to the browser benchmark itself, if you want to try it out.

See https://linuxiac.com/cross-industry-giants-unite-for-speedometer-3-0/
#Blog, #benchmark, #browsers, #technology

The Sad Reality: Firefox 123 is out with broken site reporting tool

Users of the Firefox web browser may report broken sites to Mozilla. The main idea behind the feature is to help Mozilla address compatibility issues in Firefox.

Firefox has a much smaller userbase than the Chromium-based browsers. Multiple companies, including Google and Microsoft, find and deal with compatibility issues in the Chromium source.

The new reporting tool involves the Firefox community. Select Firefox Menu > Report broken site to open the reporting tool. Select a reason, e.g., site slow or not working, ad blockers, or sign-in or sign-out and hit the send button. You may add text to the report, which you should do to provide additional details that describe the issue that you experience on the site.

Mozilla announces the new website compatibility reporter in the following way: “Having any issues with a website on Firefox, yet the site seems to be working as expected on another browser? You can now let us know via the Web Compatibility Reporting Tool! By filing a web compatibility issue, you’re directly helping us detect, target, and fix the most impacted sites to make your browsing experience on Firefox smoother.”

This is a bit sad that the web is becoming so dominated by Chromium based browsers, that Firefox users have to suffer. This reminds me very much of the old Internet Explorer days, when companies often developed specifically for that browser. It breaks compatibility, and the web really does need to have open standards adhered to in order to be future-proof and allow competition.

Any business surely wants to allow the maximum possible number of customers to view and interact with their site? The problem is that executives rarely understand this, and devs just want to get their job done ASAP.

This reporting tool looks like it is going to alert the Firefox team, so that they can attempt to “make Firefox” work with the reported site (in other words, bending Firefox to work with some non-standard implementation).

See https://www.ghacks.net/2024/02/20/firefox-123-is-out-with-broken-site-reporting-tool/
#Blog, #browsers, #interoperability, #technology

Wow...
Not too surprising for those who know well, #GoogleIsEvil since it abolished the policy "don't be evil".

Google settles $5 billion privacy lawsuit over tracking people using ‘incognito mode’

#Internet #browsing #privacy #Google #browsers #Chrome #tracking

Thorium Browser claims to be the fastest browser on Earth

They claim an 8-38% improvement over vanilla Chrome. It is not a completely de-Googled browser, but their focus has been on improving performance as well as a number of patches to restrict what is passed back to Google and generally improve security and privacy.

I know Firefox (and Tor and derivatives) do achieve the latter, but they mostly do not achieve the fastest performance, and sometimes websites don’t work well for them (not Firefox’s fault, but the website devs who are not designing to be compatible with open web standards).

They have also created a number of their own Chrome extensions, which seem quite unique.

See https://thorium.rocks/
#Blog, #browsers, #opensource, #technology

Meanwhile, in the #GoogleIsEvil department....

Google gets its way, bakes a user-tracking ad platform directly into Chrome

Chrome now directly tracks users, generates a "topic" list it shares with advertisers

#Google #Chrome #browser #privacy #evil #spyware #browsers #Internet

Google gets its way, bakes a user-tracking ad platform directly into Chrome

Chrome now directly tracks users, generates a "topic" list it shares with advertisers.

Researchers show how Chrome extensions can steal plaintext passwords for popular sites such as Gmail, Cloudflare, Facebook, etc

In case one thinks this is just for three or four websites, the research measurements showed that from the top 10k websites (as per Tranco), roughly 1,100 are storing user passwords in plain text form within the HTML DOM. Another 7,300 websites from the same set were deemed vulnerable to DOM API access and direct extraction of the user’s input value.

The researchers explain that the problem concerns the systemic practice of giving browser extensions unrestricted access to the DOM tree of sites they load on, which allows accessing potentially sensitive elements such as user input fields. Given the lack of any security boundary between the extension and a site’s elements, the former has unrestricted access to data visible in the source code and may extract any of its contents.

It certainly needs a fix, and the vulnerability lies with a user installing an extension that deliberately exploits this weakness. So only using reputable extensions will help. But certainly, two other improvements are needed: The Manifest V3 protocol (that many Chromium-based browsers adopted, not just Chrome itself), should have some security boundary between the extensions and the web pages, and of course most importantly, websites should not be storing their passwords in the HTML DOM in plain text.

See https://www.bleepingcomputer.com/news/security/chrome-extensions-can-steal-plaintext-passwords-from-websites/
#Blog, #browsers, #security, #technology

France’s browser-based website blocking proposal will set a disastrous precedent for the open internet

https://blog.mozilla.org/netpolicy/2023/06/26/france-browser-website-blocking/

In a well-intentioned yet dangerous move to fight online fraud, France is on the verge of forcing browsers to create a dystopian technical capability. Article 6 (para II and III) of the SREN Bill would force browser providers to create the means to mandatorily block websites present on a government provided list. Such a move will overturn decades of established content moderation norms and provide a playbook for authoritarian governments that will easily negate the existence of censorship circumvention tools.

#censorship #security #privacy #freedom #liberty #web #website #websites #web-browsers #browsers #mozilla #firefox #france

Which Browser Offers the Best Privacy Protection? No, Google Chrome is not on the List

Each website visit yields valuable data, sold to marketers so targeted ads can follow us around the web — unless you’re using the right browser. But what’s the best browser for privacy? There are myriad options other than Chrome or Safari if you’re concerned about online privacy and security.

If you aren’t mindful of your browsing data, you should be. We use our browsers for everything from banking to social media to email to online shopping, and a lot of sensitive data gets shared. We should be mindful of where that information is going, who can see it, and how (or if) our data is stored.

Because our data is the main source of profit for big tech, they’re incentivised to collect as much of it as possible, which they then sell to advertisers. Marketers then target us with ads, which follow us around the web for days or weeks at a time. Privacy-focused browsers can cut most or all of that intrusive data collection out of the online experience.

Even with cookies blocked, browser fingerprinting can still create a snapshot of your online behaviour. In the wrong hands, that can be used to identify or impersonate you, even though companies claim to anonymise collected user data. Even if bad actors don’t get into your bank account, they may get enough info to commit identity theft.

The best browsers for privacy depends on your needs and know-how, but Firefox, Tor, and Epic all offer unique features and functions that will help keep your data private online. Test drive each to learn which is best for you and for which situations.

See https://www.howtogeek.com/892396/which-browser-offers-the-best-privacy-protection/
#Blog, #browsers, #privacy, #technology

Mullvad browser : The Tor Project’s new privacy-focused browser doesn’t use the Tor network, but VPNs instead

The Mullvad browser’s main goal is to make it harder for advertisers and other companies to track you across the internet. It does this by working to reduce your browser’s “fingerprint,” a term that describes all the metadata that sites can collect to uniquely identify your device. Your fingerprint can be made up of simple things, like what browser and operating system you’re using, to more invasive info, like what fonts and extensions you have installed, and what input / output devices your browser has access to.

It’s possible to configure a browser like FireFox, which Mullvad browser (and the Tor Browser) is based on, to have similar protections. However, doing so would require at least some level of technical savvy, as you have to know which switches to flip and have the confidence that you’ve caught everything.

According to Pavel Zoneff, a spokesperson for The Tor Project, Mullvad browser is very similar to the Tor Browser, it just connects to the internet through a VPN rather than the Tor network. (It doesn’t have to be Mullvad’s VPN either; if you use another service you trust, or if you have made your own then you can use that.) Mullvad browser also doesn’t offer the Tor browser’s censorship circumnavigation user experience, access to onion sites or services, or “circuit isolation and the integration with new-identity.” But again, if you don’t know what those things are, it’s probably not a huge concern.

See https://www.theverge.com/2023/4/3/23665477/mullvad-browser-tor-vpn-privacy-browser
#Blog, #browsers, #Mullvadbrowser, #privacy, #technology, #tor

We need browser profile primary password logins to help prevent session hijacking

Seeing what happened this week to the Linus Tech Tips YouTube channel made me realise how well we have secured in transit data, password managers, etc (LastPass was also hacked via an end user session) but we appear to have the session data left wide open on our local machines.

I see that Firefox and Edge have profile logins, but mainly to protect the login passwords. Most Chromium based browsers do have profiles, but do not even appear to have any form of login attached to them.

Surely not just the logins can be protected, and we could have 1st party and session cookie access also protected behind a profile password? Whenever you start up your browser the first time, you are prompted for the profile primary password to unlock access to passwords, extension data, and cookies? In this way, if some bad (or good) actor stole your session data (the session data would be in use and unlocked), they’d still be prompted for a password before being able to actually use it on a freshly started browser elsewhere?

Maybe this is not the best way to do it, but clearly some improvement is needed to protect against this form of data hijacking.
#Blog, #browsers, #security, #sessionhijacking, #technology

#RIP Internet Explorer

Full story: Microsoft’s Internet Explorer is dead

#microsoft #internetexplorer #browsers #Internet

Microsoft’s Internet Explorer is dead

Some online grew nostalgic about the web browser that launched in 1995. Others lamented its lack of speed and wished it good riddance.

Guard those Cookies! They're all in one barrel, eh?

https://www.theverge.com/2022/6/14/23166537/firefox-privacy-total-cookie-protection-default

#technology #browsers #Firefox

Firefox boosts privacy by giving "total cookie protection" to all users by default

It’s the latest salvo against invasive user tracking by Big Tech.

June 15: It's the end of the Internet Explorer era | ZDNet

Microsoft is ending support for IE 11 on June 15, as planned. Here's which versions will no longer get security updates and what Microsoft says will happen next.

Of course, no one in the Fediverse would use IE. But it's a happy ending to an era that lasted far too long.

#technology #tech #Windows #Microsoft #internet #browsers #IE #InternetExplorer

https://www.zdnet.com/article/june-15-its-the-end-of-the-internet-explorer-era/

June 15: It's the end of the Internet Explorer era

Microsoft is ending support for IE 11 on June 15, as planned. Here's which versions will no longer get security updates and what Microsoft says will happen next.

Has anyone done a privacy study of Vivaldi in comparison to Chrome or Firefox? I've been using Vivaldi for a while, and like it's performance, but I'm not sure what is a reliable source of information regarding it's take on privacy.
#browsers #chrome #vivaldi

Apple’s grip on iOS browser engines disallowed under latest draft EU rules, in the interests of true competition

Apple requires that competing mobile browsers distributed through the iOS App Store use its own WebKit rendering engine, which is the basis of its Safari browser. The result is that Chrome, Edge, and Firefox on iOS are all, more or less, Safari.

Apple’s browser engine requirement has vexed web developers, who have been limited to using only the web APIs implemented in WebKit for their web apps. Many believe this barrier serves to steer developers toward native iOS app development, which Apple controls.

“The potential for a capable web has been all but extinguished on mobile because Apple has successfully prevented it until now,” said Russell. “Businesses and services will be able to avoid building ‘apps’ entirely when enough users have capable browsers.” “There’s a long road between here and there,” he said. “Apple has spent enormous amounts to lobby on this, and they aren’t stupid. Everyone should expect them to continue to play games along the lines of what they tried in Denmark and South Korea.”

See https://www.theregister.com/2022/04/26/apple_ios_browser/

#technology #browsers #apple #competition #EU
#Blog, ##apple, ##browser, ##competition, ##eu, ##technology

Apple’s grip on iOS browser engines disallowed under latest draft EU rules, in the interests of true competition

Apple requires that competing mobile browsers distributed through the iOS App Store use its own WebKit rendering engine, which is the basis of its Safari browser. The result is that Chrome, Edge, and Firefox on iOS are all, more or less, Safari.

Apple’s browser engine requirement has vexed web developers, who have been limited to using only the web APIs implemented in WebKit for their web apps. Many believe this barrier serves to steer developers toward native iOS app development, which Apple controls.

“The potential for a capable web has been all but extinguished on mobile because Apple has successfully prevented it until now,” said Russell. “Businesses and services will be able to avoid building ‘apps’ entirely when enough users have capable browsers.” “There’s a long road between here and there,” he said. “Apple has spent enormous amounts to lobby on this, and they aren’t stupid. Everyone should expect them to continue to play games along the lines of what they tried in Denmark and South Korea.”

See https://www.theregister.com/2022/04/26/apple_ios_browser/

#technology #browsers #apple #competition #EU
#Blog, ##apple, ##browser, ##competition, ##eu, ##technology

● NEWS ● #ManuelMatuzovic #Browsers ☞ Web Security Basics: XSS https://www.matuzo.at/blog/2022/web-security-basics-xss/

Web Security Basics: XSS

An introduction to Cross Site Scripting and XSS prevention.

● NEWS ● #TroyHunt #Browsers ☞ How Everything We're Told About Website Identity Assurance is Wrong https://www.troyhunt.com/how-everything-were-told-about-website-identity-assurance-is-wrong/

How Everything We're Told About Website Identity Assurance is Wrong

I have a vehement dislike for misleading advertising. We see it every day; weight loss pills, make money fast schemes and if you travel in the same circles I do, claims that extended validation (EV) certificates actually do something useful: Why...

● NEWS ● #JaakkoKeränen #Browsers ☞ Our Old Friend, the Data URL https://gmi.skyjake.fi/gemlog/2022-02_our-old-friend-the-data-url.gmi

The Best Private #Browsers for #GMULinux • Tux Machines ⇨ http://www.tuxmachines.org/node/159066 #GNU #Linux #TuxMachines