An anonymous reader quotes a story from the Linux/Open Source news site It's FOSS: While Firefox is still the default web browser in Debian, you can find the Chromium browser in the repositories. Chromium is the open source project upon which Google has built its Chrome web browser. It is also preferred by many Linux users as it provides almost the same features as Google Chrome.

Earlier, Chromium used Google as the default search engine in Debian. However, Debian is going to use DuckDuckGo as the default search engine for Chromium.

It all started when bug report #956012 was filed in April 2020, stating to use DuckDuckGo as the default search engine for the Chromium package. You can see the decision was not taken in any hurry, as the maintainers took more than two years to close the bug report.

The reason for the change goes as stated in the official package update announcement.

Change default search engine to DuckDuckGo for privacy reasons. Set a different search engine under Settings -> Search Engine (closes: #956012).

Slashdot reader storagedude writes: Hackers are stealing cookies from current or recent web sessions to bypass multi-factor authentication (MFA), according to an eSecurity Planet report.

The attack method, reported by Sophos researchers, is already growing in use. The "cookie-stealing cybercrime spectrum" is broad, the researchers wrote, ranging from "entry-level criminals" to advanced adversaries, using various techniques.

Cybercriminals collect cookies or buy stolen credentials "in bulk" on dark web forums. Ransomware groups also harvest cookies and "their activities may not be detected by simple anti-malware defenses because of their abuse of legitimate executables, both already present and brought along as tools," the researchers wrote.

Browsers allow users to maintain authentication, remember passwords and autofill forms. That might seem convenient, but attackers can exploit this functionality to steal credentials and skip the login challenge.

Behind the scenes, browsers use SQLite database files that contain cookies. These cookies are composed of key-value pairs, and the values often contain critical information such as tokens and expiration dates.

Adversaries know the exact name and location of these files for all major browsers such as Chrome, Firefox, and even Brave, on various operating systems. That's why the attack can be scripted. It's not uncommon to find such scripts along with other modules in info-stealing and other malware.

For example, the latest version of the Emotet botnet targets cookies and credentials stored by browsers, which include saved credit cards. According to the Sophos researchers, "Google's Chrome browser uses the same encryption method to store both multi-factor authentication cookies and credit card data."

To gain initial access, attackers can also perform phishing and spear-phishing campaigns to implant droppers that can deploy cookie-stealer malware stealthily.

The cookies are then used for post-exploitation and lateral movements. Cybercriminals can use them to change passwords and emails associated with user accounts, or trick the victims into downloading additional malware, or even deploy other exploitation tools such as Cobalt Strike and Impacket kit.

Users should not use built-in features to save passwords unless the browser encrypts them with, at least, a master password. It's recommended that users uncheck the setting called "remember passwords," and users should probably not allow persistent sessions as well.

Developers can be part of the problem if they don't secure authentication cookies properly. Such cookies must have a short expiration date. Otherwise, the persistent authentication could turn into a persistent threat. You can have great security processes and still get hacked because the cookies do not have the necessary flags (e.g., HttpOnly, Secure attribute). For example, authentication cookies must be sent using SSL/TLS channels. Otherwise the data could be sent in plain text and attackers would only have to sniff traffic to intercept credentials.

Meta, the owner of Facebook and Instagram, has been rewriting websites its users visit, letting the company follow them across the web after they click links in its apps, according to new research from an ex-Google engineer. The Guardian reports: The two apps have been taking advantage of the fact that users who click on links are taken to webpages in an "in-app browser," controlled by Facebook or Instagram, rather than sent to the user's web browser of choice, such as Safari or Firefox. "The Instagram app injects their tracking code into every website shown, including when clicking on ads, enabling them [to] monitor all user interactions, like every button and link tapped, text selections, screenshots, as well as any form inputs, like passwords, addresses and credit card numbers," says Felix Krause, a privacy researcher who founded an app development tool acquired by Google in 2017.

Krause discovered the code injection by building a tool that could list all the extra commands added to a website by the browser. For normal browsers, and most apps, the tool detects no changes, but for Facebook and Instagram it finds up to 18 lines of code added by the app. Those lines of code appear to scan for a particular cross-platform tracking kit and, if not installed, instead call the Meta Pixel, a tracking tool that allows the company to follow a user around the web and build an accurate profile of their interests. The company does not disclose to the user that it is rewriting webpages in this way. No such code is added to the in-app browser of WhatsApp, according to Krause's research. [...] It is unclear when Facebook began injecting code to track users after clicking links. "We intentionally developed this code to honor people's [Ask to track] choices on our platforms," a Meta spokesperson told The Guardian in a statement. "The code allows us to aggregate user data before using it for targeted advertising or measurement purposes. We do not add any pixels. Code is injected so that we can aggregate conversion events from pixels."

They added: "For purchases made through the in-app browser, we seek user consent to save payment information for the purposes of autofill."

"Nineteen new GNU releases in the last month," reads a "July GNU Spotlight" announcement from the Free Software Foundation.

Here's (edited and condensed) descriptions of some of the highlights:

• GNU Datamash (version 1.8) — a command-line program performing basic numeric, textual, and statistical operations on input textual data files (designed to work within standard pipelines).

• GNUnet (version 0.17.2) — a framework for secure peer-to-peer networking. "The high-level goal is to provide a strong foundation of free software for a global, distributed network that provides security and privacy. GNUnet in that sense aims to replace the current internet protocol stack. Along with an application for secure publication of files, it has grown to include all kinds of basic applications for the foundation of a GNU internet."

• GnuTLS (version 3.7.7) — A secure communications library implementing the SSL, TLS and DTLS protocols, provided in the form of a C library.

• Jami (version 20220726.1515.da8d1da) — a GNU package for universal communication that respects the freedom and privacy of its users, using distributed hash tables for establishing communication. ("This avoids keeping centralized registries of users and storing personal data.")

• LibreJS (version 7.21.0) — an add-on for GNU Icecat and other Firefox-based browsers that detects non-trivial and non-free JavaScript code from being loaded without your consent when you browse the web. "JavaScript code that is free or trivial is allowed to be loaded."

• GNU Nettle (version 3.8.1) — a low-level cryptographic library. It is designed to fit in easily in almost any context. It can be easily included in cryptographic toolkits for object-oriented languages or in applications themselves.

• GNU Octave (version 7.2.0) — a high-level interpreted language specialized for numerical computations, for both linear and non-linear applications and with great support for visualizing results.

• R (version 4.2.1) — a language and environment for statistical computing and graphics, along with robust support for producing publication-quality data plots. "A large amount of 3rd-party packages are available, greatly increasing its breadth and scope."

• TRAMP (version 2.5.3) — a GNU Emacs package allowing you to access files on remote machines as though they were local files. "This includes editing files, performing version control tasks and modifying directory contents with dired. Access is performed via ssh, rsh, rlogin, telnet or other similar methods."

Click here to see the other new releases and download information.

The FSF announcement adds that "A number of GNU packages, as well as the GNU operating system as a whole, are looking for maintainers and other assistance."

"Facebook has started to use a different URL scheme for site links," writes the technology blog Ghacks, "to combat URL stripping technologies that browsers such as Firefox or Brave use to improve privacy and prevent user tracking." Some sites, including Facebook, add parameters to the web address for tracking purposes. These parameters have no functionality that is relevant to the user, but sites rely on them to track users across pages and properties. Mozilla introduced support for URL stripping in Firefox 102, which it launched in June 2022. Firefox removes tracking parameters from web addresses automatically, but only in private browsing mode or when the browser's Tracking Protection feature is set to strict. Firefox users may enable URL stripping in all Firefox modes, but this requires manual configuration. Brave Browser strips known tracking parameters from web addresses as well....

It is no longer possible to remove the tracking part of the URL, as Facebook merged it with part of the required web address.

An anonymous reader quotes a report from Wired: [R]esearchers from the New Jersey Institute of Technology are warning this week about a novel technique attackers could use to de-anonymize website visitors and potentially connect the dots on many components of targets' digital lives. The findings (PDF), which NJIT researchers will present at the Usenix Security Symposium in Boston next month, show how an attacker who tricks someone into loading a malicious website can determine whether that visitor controls a particular public identifier, like an email address or social media account, thus linking the visitor to a piece of potentially personal data.

When you visit a website, the page can capture your IP address, but this doesn't necessarily give the site owner enough information to individually identify you. Instead, the hack analyzes subtle features of a potential target's browser activity to determine whether they are logged into an account for an array of services, from YouTube and Dropbox to Twitter, Facebook, TikTok, and more. Plus the attacks work against every major browser, including the anonymity-focused Tor Browser. "If you're an average internet user, you may not think too much about your privacy when you visit a random website," says Reza Curtmola, one of the study authors and a computer science professor at NJIT. "But there are certain categories of internet users who may be more significantly impacted by this, like people who organize and participate in political protest, journalists, and people who network with fellow members of their minority group. And what makes these types of attacks dangerous is they're very stealthy. You just visit the website and you have no idea that you've been exposed."

How this de-anonymization attack works is difficult to explain but relatively easy to grasp once you have the gist. Someone carrying out the attack needs a few things to get started: a website they control, a list of accounts tied to people they want to identify as having visited that site, and content posted to the platforms of the accounts on their target list that either allows the targeted accounts to view that content or blocks them from viewing it -- the attack works both ways. Next, the attacker embeds the aforementioned content on the malicious website. Then they wait to see who clicks. If anyone on the targeted list visits the site, the attackers will know who they are by analyzing which users can (or cannot) view the embedded content. [...] Complicated as it may sound, the researchers warn that it would be simple to carry out once attackers have done the prep work. It would only take a couple of seconds to potentially unmask each visitor to the malicious site -- and it would be virtually impossible for an unsuspecting user to detect the hack. The researchers developed a browser extension that can thwart such attacks, and it is available for Chrome and Firefox. But they note that it may impact performance and isn't available for all browsers.

EU antitrust regulators are investigating the video licensing policy of the Alliance for Open Media (AOM), whose members include Alphabet Google, Amazon, Apple and Meta , the European Commission said on Thursday. Reuters reports: Founded in 2015, the group aims to create a new standard software for streaming higher-quality 4K video on browsers, devices, apps, and gaming, known as AV1. While the AV1 software is not yet adopted widely, Netflix and YouTube have started using it for some customers, and browsers such as Google Chrome and Firefox have started to support the new format. Intel, Huawei, Mozilla, Samsung and Nvidia are also AOM members, according to its website.

In a questionnaire sent to some companies earlier this year and seen by Reuters, the EU watchdog said it was investigating alleged anti-competitive behavior related to the license terms of AV1 by AOM and its members in Europe. "The Commission has information that AOM and its members may be imposing licensing terms (mandatory royalty-free cross licensing) on innovators that were not a part of AOM at the time of the creation of the AV1 technical, but whose patents are deemed essential to (its) technical specifications," the paper said. It said this action may be restricting the innovators' ability to compete with the AV1 technical specification, and also eliminate incentives for them to innovate.

The questionnaire also asked about the impact of an AOM patent license clause in which licensees would have their patent licenses terminated immediately if they launched patent lawsuits asserting that implementation infringes their claims. Companies risk fines of up to 10% of their global turnover for breaching EU antitrust rules.

As noted by a Reddit user and confirmed by Ars Technica, Microsoft's xCloud game streaming looks noticeable worse when running on Linux than Windows. From the report: With the Linux User-Agent, edges are generally less sharp and colors are a little more washed out. The difference is even more apparent if you zoom in on the Forza logo and menu text, which shows a significant reduction in clarity. Interestingly, the dip in quality seems to go away if you enable "Clarity Boost, an Edge-exclusive feature that "provid[es] the optimal look and feel while playing Xbox games from the cloud," according to Microsoft. That's great for Linux users who switched over to Microsoft Edge when it launched on Linux last November. But Linux users who stick with Firefox, Chrome, or other browsers are currently stuck with apparently reduced streaming quality.

That Linux quality dip has led some to speculate that Microsoft is trying to reserve the best xCloud streaming performance for Windows machines in an attempt to attract more users to its own operating system. But using a Macintosh User-Agent string provides streaming performance similar to that on Windows, which would seem to be a big omission if that theory were true. Microsoft also hasn't published any kind of "best on Windows"-style marketing in promoting xCloud streaming, which would seemingly be a key component of trying to attract new Windows users. (The quality difference could be a roundabout attempt to get Linux users to switch to the Edge browser, where Clarity Boost offers the best possible quality. But that still wouldn't fully explain why Windows users on other browsers, without Clarity Boost, also get better streaming quality than their Linux brethren.)

Others have suggested that the downgrade could simply be a bug caused by Microsoft's naive parsing of the User-Agent strings. That's because the User-Agent strings for Android browsers generally identify themselves as some version of Linux ("Linux; Android 11; HD1905," for example). Microsoft's xCloud code might simply see the "Linux" in that string, assume the user is running Android, then automatically throttle the streaming quality to account for the (presumably) reduced screen size of an Android phone or tablet.

Mozilla's latest Firefox browser release has a new feature that prevents sites like Facebook from tracking you across websites. Called Query Parameter Stripping, it automatically removes strings of characters added to the end of an URL.

williamyf writes: Today, Mozilla released Firefox 102.
New features include:
* Tired of too many windows crowding your screen? You can now disable automatic opening of the download panel every time a new download starts. Read more.
* Firefox now mitigates query parameter tracking when navigating sites in ETP strict mode.
* Subtitles and captions for Picture-in-Picture (PiP) are now available at HBO Max, Funimation, Dailymotion, Tubi, Disney+ Hotstar, and SonyLIV. This allows you to view video in a small window pinned to a corner of the screen while navigating between apps or browsing content on the main screen.

But do not get fooled, the most important feature is that this release is an ESR, this is super-important of a host of reasons:

* Firefox ESR is the basis for KaiOS (an evolution of BootToGecko), an OS for Semi-Smart Phones very popular in India (100milion+), SE Asia + Africa (~60Milion), so, whatever made the cut in 102 will define the base capabilities for KaiOS for the next year.

* Firefox ESR is the basis for Thunderbird, so, if you use Thunderbird or a derivative, whatever made the cut in 102 will underpin Thunderbird for the next year.

* Many popular Linux distros (like Debian or Kali) use Firefox ESR as the default browser.

* Many companies and organizations use Firefox ESR as their default browser, and many SW development companies certify Firefox ESR as an alowed browser for their SW.

So, 102 is a very important release, becuase it brings a year of advances to ESR.

At the end of 2008, Firefox was flying high. Twenty percent of the 1.5 billion people online were using Mozilla's browser to navigate the web. In Indonesia, Macedonia, and Slovenia, more than half of everyone going online was using Firefox. "Our market share in the regions above has been growing like crazy," Ken Kovash, Mozilla's data analytics team manager at the time, wrote in a blog post. Almost 15 years later, things aren't so rosy. From a report: Across all devices, the browser has slid to less than 4 percent of the market -- on mobile it's a measly half a percent. "Looking back five years and looking at our market share and our own numbers that we publish, there's no denying the decline," says Selena Deckelmann, senior vice president of Firefox. Mozilla's own statistics show a drop of around 30 million monthly active users from the start of 2019 to the start of 2022. "In the last couple years, what we've seen is actually a pretty substantial flattening," Deckelmann adds.

In the two decades since Firefox launched from the shadows of Netscape, it has been key to shaping the web's privacy and security, with staff pushing for more openness online and better standards. But its market share decline was accompanied by two rounds of layoffs at Mozilla during 2020. Next year, its lucrative search deal with Google -- responsible for the vast majority of its revenue -- is set to expire. A spate of privacy-focused browsers now compete on its turf, while new-feature misfires have threatened to alienate its base. All that has left industry analysts and former employees concerned about Firefox's future. Its fate also has larger implications for the web as a whole. For years, it was the best contender for keeping Google Chrome in check, offering a privacy-forward alternative to the world's most dominant browser.

Mozilla: Starting today, Firefox is rolling out Total Cookie Protection by default to all Firefox users worldwide, making Firefox the most private and secure major browser available across Windows and Mac. Total Cookie Protection is Firefox's strongest privacy protection to date, confining cookies to the site where they were created, thus preventing tracking companies from using these cookies to track your browsing from site to site. Whether it's applying for a student loan, seeking treatment or advice through a health site, or browsing an online dating app, massive amounts of your personal information is online -- and this data is leaking all over the web.

The hyper-specific-to-you ads you so often see online are made possible by cookies that are used to track your behavior across sites and build an extremely sophisticated profile of who you are. Recent stories (including an excellent Last Week Tonight episode) have shown how robust, yet under-the-radar, the data selling economy is and how easy it is for anyone to buy your data, combine it with more data about you and use it for a variety of purposes, even beyond advertising. It's an alarming reality -- the possibility that your every move online is being watched, tracked and shared -- and one that's antithetical to the open web we at Mozilla have strived to build. That's why we developed Total Cookie Protection to help keep you safe online.

Total Cookie Protection works by creating a separate "cookie jar" for each website you visit. Instead of allowing trackers to link up your behavior on multiple sites, they just get to see behavior on individual sites. Any time a website, or third-party content embedded in a website, deposits a cookie in your browser, that cookie is confined to the cookie jar assigned to only that website. No other websites can reach into the cookie jars that don't belong to them and find out what the other websites' cookies know about you -- giving you freedom from invasive ads and reducing the amount of information companies gather about you. This approach strikes the balance between eliminating the worst privacy properties of third-party cookies -- in particular the ability to track you -- and allowing those cookies to fulfill their less invasive use cases (e.g. to provide accurate analytics). With Total Cookie Protection in Firefox, people can enjoy better privacy and have the great browsing experience they've come to expect.

Longtime Slashdot reader Artem S. Tashkinov writes: "In January of 2019, Mozilla joined the University of Edinburgh, Charles University, University of Sheffield and University of Tartu as part of a project funded by the European Union called Project Bergamot," writes Mozilla Speech and AI engineer Andre Natal in a blog post. "The ultimate goal of this consortium was to build a set of neural machine translation tools that would enable Mozilla to develop a website translation add-on that operates locally, i.e. the engines, language models and in-page translation algorithms would need to reside and be executed entirely in the user's computer, so none of the data would be sent to the cloud, making it entirely private..."

The result of this work is the translations add-on that is now available in the Firefox Add-On store for installation on Firefox Nightly, Beta and in General Release. It currently supports 14 languages. You can test the translation engine without installing the add-on.

As Pwn2Own Vancouver comes to a close, a whopping $1,115,000 has been awarded by Trend Micro and Zero Day Initiative. The 15th anniversary edition saw 17 "contestants" attacking 21 targets, reports Hot Hardware — though "the biggest payouts were for serious exploits against Microsoft's Teams utility." While Teams isn't technically a part of Windows, it does come bundled with all new installs of Windows 11, which means that these exploits are practically Windows exploits. Hector "p3rr0" Peralta, Masato Kinugawa, and STAR Labs each earned $150,000 for major exploits of the utility.

Windows 11 itself wasn't spared, though. Marcin Wiazowski and STAR Labs each earned $40,000 for privilege escalation exploits on Microsoft's operating system on day one, and on day two, TO found a similar bug for a $40,000 payout of his own. Day three saw no less than three more fresh exploits against Windows 11, all in the serious privilege escalation category; all three winners pocketed another $40,000....

Other targets attacked at Pwn2Own 2022 included Mozilla Firefox (hacked), Apple Safari (hacked), and Ubuntu Desktop (hacked)... Of course, details of the hacks aren't made public, because they're zero-days, after all. That means that they haven't been patched yet, so releasing details of the exploits could allow malicious actors to make use of the bugs. Details will be revealed 3 months from now, during which time Microsoft, Tesla, Apple, and others should have their software all sewn up.
With all the points totalled, the winner was Singapore-based cybersecurity company Star Labs, which was officially crowned "Master of Pwn" on Saturday. "They won $270,000 and 27 points during the contest," explains the official Twitter feed for Zero Day Initiative (the judges for the event).

A blog post from Zero Day Initiative describes all 21 attacks, including six successful attacks against Windows, three successful attacks against Teams — and four against Ubuntu Desktop.

Microsoft Edge has overtaken Apple's Safari to become the world's second most popular desktop browser, based on data provided by web analytics service StatCounter. MacRumors reports: According to the data, Microsoft Edge is now used on 10.07 percent of desktop computers worldwide, 0.46 percent ahead of Safari, which stands at 9.61 percent. Google Chrome remains in first place with a dominant 66.64 percent share, and Mozilla's Firefox stands in fourth with 7.86 percent. As the default Windows 11 browser, the popularity of Edge has crept up in recent months, with the first concrete signs that it would surpass Safari to take second place coming in February, when it was used on 9.54 percent of desktops globally. Back in January 2021, Safari held a 10.38 percent market share, indicating a gradual slippage in popularity over the last 14 months.

Meanwhile, first-placed Chrome has seen its user base increase incrementally over that time, but perhaps surprisingly, Firefox has leaked users since the beginning of the year, despite regular updates and improvements. That suggests Safari's hold on third place isn't in immediate danger, having lost only 0.23 percent share since February, but things could always change fast if Apple decides to introduce sweeping changes to the way Safari works in macOS 13 later this year. It's a different story when it comes to mobile platforms, notes MacRumors. "In StatCounter's analysis, Edge doesn't even make it into the top six browsers on mobile, but first-placed Chrome commands 62.87 of usage share, with Safari on iPhones and iPads taking a comfortable 25.35 percent in second place, 20.65 percent ahead of third-placed Samsung Internet, with 4.9 percent."

vm shares the blogpost of Mozilla releasing Firefox 100, and outlines some of thoughts: Out of the ashes of Netscape/AOL, Firebird rose as a promising new browser. A significant name change and a hundred releases later, Firefox 100 is still the underdog that keeps on fighting. With my mounting annoyance at all the Google services underpinning Chrome, I've since discovered and used Ungoogled Chromium, Waterfox, LibreWolf, and a handful of other lesser known spins on Chrome or Firefox. On mobile, Brave really does the best job at ad blocking whether you're on iOS or Android but the Mozilla Foundations is probably still the largest dev group fighting the good fight when it comes to both privacy and security enhancements.That's not to say that the Chromium team isn't security savvy -- I only wish they were just a little less Google. Anyhow, tell us about your favorite browser in the comments and have a look at Mozilla's latest release while you're at it.

Fedora project leader Matthew Miller spoke to TechRepublic's Jack Wallen this week, sharing some thoughts on the future of Linux — and on open source in general: Matthew Miller: I think it's a lost cause to try to "sell" our quirky technology interest to people who don't see it already. We need to take a different approach.... I think our message, at its root, has to be around open source.... [W]ith Linux, when you install an open-source distro, you're not just part of a fan community. You're part of a colossal, global effort that makes software more available to everyone, makes that software better and better, and makes the whole world better through sharing... Just by using it you're sharing in this amazing undertaking, part of a move away from scarcity to an economy based on abundance....

Jack Wallen: What's the biggest difference in Linux today vs. Linux of 10 years ago?

Matthew Miller: I think first we have to start with just the amazing ubiquity of it. Ten years ago, it was cute to find a TV that ran Linux. Now, not only is it definitely powering your TV, you've probably got Linux running on your lightbulbs! It's everywhere. And while Linux had pushed proprietary Unix from the server room, ten years ago Windows-based servers were pushing back. The cloud changed that — now, the cloud is Linux, almost completely. (Anything that isn't is a legacy app that it was too much trouble to port!) From tiny devices to the most powerful mainframes and supercomputers: Linux, Linux, Linux....

Jack Wallen: If Linux has an Achilles' heel, what is it?

Matthew Miller: Linux and the whole free and open-source software movement grew up with the rise of the internet as an open communication platform. We absolutely need that to continue in order to realize our vision, and I don't think we can take it for granted.

That's more general than an Achilles' heel, though, so right now let me highlight one thing that I think is troubling: Chrome becoming the dominant browser to the point where it's often the only way to make sites work. Chromium (the associated upstream project) is open source, but isn't really run as a community project, and, pointedly, very very few people run Chromium itself. I'd love to see that change, but I'd also like to see Firefox regain a meaningful presence.
Miller also said Fedora's next release is focused on simplicity. ("When the OS gets in the way, it drops from the conversation I want to have about big ideas to ... well, the boring technical details that people never want to deal with")

And he also shared his thoughts on what Linux needs most. "What I'd really like to see more of are more non-technical contributors. I mean, yes, we can always benefit from more packagers and coders and engineers, but I think what we really need desperately are writers, designers, artists, videographers, communicators, organizers and planners. I don't think big companies are likely to provide those things, at least, not for the parts of the Linux world which aren't their products."

"We need people who think the whole grand project I've been talking about is important, and who have the skills and interests to help make it real."

Europe's Digital Markets Act -- near-finalized legislation to tame the internet's gatekeepers -- contains language squarely aimed at ending Apple's iOS browser restrictions. The Register reports: The Register has received a copy of unpublished changes in the proposed act, and among the various adjustments to the draft agreement is the explicit recognition of "web browser engines" as a service that should be protected from anti-competitive gatekeeper-imposed limitations. Apple requires that competing mobile browsers distributed through the iOS App Store use its own WebKit rendering engine, which is the basis of its Safari browser. The result is that Chrome, Edge, and Firefox on iOS are all, more or less, Safari.

That requirement has been a sore spot for years among rivals like Google, Mozilla, and Microsoft. They could not compete on iOS through product differentiation because their mobile browsers had to rely on WebKit rather than their own competing engines. And Apple's browser engine requirement has vexed web developers, who have been limited to using only the web APIs implemented in WebKit for their web apps. Many believe this barrier serves to steer developers toward native iOS app development, which Apple controls.

The extent to which Apple profits from the status quo has prompted regulatory scrutiny in Europe, the UK, the US, and elsewhere. [...] Now those efforts have been translated into the text of the DMA, which, alongside the Digital Services Act (DSA), defines how large technology gatekeepers will be governed in Europe. [...] In short, when the DMA takes effect in 2024, it appears that Apple will be required to allow browser competition on iOS devices. "The potential for a capable web has been all but extinguished on mobile because Apple has successfully prevented it until now," said Alex Russell, partner program manager on Microsoft Edge who worked previously as Google Chrome's first web standards tech lead. "Businesses and services will be able to avoid building 'apps' entirely when enough users have capable browsers."

"There's a long road between here and there," he added. "Apple has spent enormous amounts to lobby on this, and they aren't stupid. Everyone should expect them to continue to play games along the lines of what they tried in Denmark and South Korea."

Firefox is finally gaining proper AV1 support. Neowin reports: According to an update made to a post on Bugzilla, the Mozilla Foundation is finally ready to add hardware acceleration for the AV1 video format. Developers plan to implement improved AV1 support in the upcoming release of Firefox 100, scheduled to arrive on May 3, 2022. Hardware acceleration for AV1 video brings several noticeable benefits to customers. The standard developed by Alliance for Open Media and initially released in March 2018 offers better video compression than H.264 (about 50%) and VP9 (about 20%). Shifting AV1 video processing from software to hardware improves efficiency and reduces energy consumption, resulting in better battery life on tablets and laptops. Google and Microsoft announced hardware-accelerated AV1 video in Chrome and Edge in late 2020. Mozilla, on the other hand, did not rush to introduce improved AV1 support in Firefox. While it is easy to dunk on Firefox, there is a reason why developers took their time. Hardware-accelerated AV1 video is not something you can add to any computer with Windows 10, and it requires a PC with the most recent and powerful hardware.

Russia has created its own trusted TLS certificate authority (CA) to solve website access problems that have been piling up after sanctions prevent certificate renewals. From a report: The sanctions imposed by western companies and governments are preventing Russian sites from renewing existing TLS certificates, causing browsers to block access to sites with expired certificates. [...] The Russian state has envisioned a solution in a domestic certificate authority for the independent issuing and renewal of TLS certificates. "It will replace the foreign security certificate if it is revoked or expires. The Ministry of Digital Development will provide a free domestic analogue.

The service is provided to legal entities -- site owners upon request within 5 working days," explains the Russian public services portal, Gosuslugi (translated). However, for new Certificate Authorities (CA) to be trusted by web browsers, they first needed to be vetted by various companies, which can take a long time. Currently, the only web browsers that recognize Russia's new CA as trustworthy are the Russia-based Yandex browser and Atom products, so Russian users are told to use these instead of Chrome, Firefox, Edge, etc.