Microsoft publishes first Edge for macOS preview, promises to make it truly “Mac-like”

Microsoft publishes first Edge for macOS preview, promises to make it truly “Mac-like”

One of the most important ways that Microsoft wants to make the new Chromium-based Edge different from the current EdgeHTML-based Edge is in its support for other platforms. The original Edge was, for no good reason, tied to Windows 10, meaning that Web developers on platforms such as Windows 7 or macOS had no way of testing how their pages looked, short of firing up a Windows 10 virtual machine.

The new browser is, in contrast, a cross-platform affair. The first preview builds were published for Windows 10, with versions for Windows 7, 8, and 8.1 promised soon; today, these are joined by builds for macOS.

The macOS version resembles the Windows 10 builds that we’ve seen so far, but it isn’t identical. Microsoft wants to be a good citizen on macOS by producing not just an application that fits the platform’s standards—using the right fonts, icons, spacing, and so on—but which also adapts to Apple’s unique hardware. To that end, the company is working on support for the Touch Bar found on some of Apple’s portable systems, using it for media control, tab switching, or access to bookmarks. Microsoft will also work to ensure that Edge’s support as a Progressive Web App host properly adopts macOS behaviors with regard to interaction with the Dock, app switcher, and Spotlight.

Read 2 remaining paragraphs | Comments

What Chrome’s browser changes mean for your privacy and security

At the risk of sounding too optimistic, 2019 might be the year of the private web browser.

In the beginning, browsers were a cobbled together mess that put a premium on making the contents within look good. Security was an afterthought — Internet Explorer is no better example — and user privacy was seldom considered as newer browsers like Google Chrome and Mozilla Firefox focused on speed and reliability.

Ads kept the internet free for so long but with invasive ad-tracking at its peak and concerns about online privacy — or lack of — privacy is finally getting its day in the sun.

Chrome, which claims close to two-thirds of all global browser market share, is the latest to double down on new security and privacy features after Firefox announced new anti-tracking blockers last month, Microsoft’s Chromium-based Edge promised better granular controls to control your data, and Apple’s Safari browser began preventing advertisers from tracking you from site to site.

At Google’s annual developer conference Tuesday, Google revealed two new privacy-focused additions: better cookie controls that limit advertisers from tracking your activities across websites, and a new anti-fingerprint feature.

In case you didn’t know: cookies are tiny bits of information left on your computer or device to help websites or apps remember who you are. Cookies can keep you logged into a website, but can also be used to track what a user does on a site. Some work across different websites to track you from one website to another, allowing them to build up a profile on where you go and what you visit. Cookie management has long been an on or off option. Switching cookies off mean advertisers will find it more difficult to track you across sites but it also means websites won’t remember your login information, which can be an inconvenience.

Soon, Chrome will prevent cross-site cookies from working across domains without obtaining explicit consent from the user. In other words, that means advertisers won’t be able to see what you do on the various sites you visit without asking to track you.

Cookies that work only on a single domain aren’t affected, so you won’t suddenly get logged out.

There’s an added benefit: by blocking cross-site cookies, it makes it more difficult for hackers to exploit cross-site vulnerabilities. Through a cross-site request forgery attack, it’s possible in some cases for malicious websites to run commands on a legitimate site that you’re logged into without you knowing. That can be used to steal your data or take over your accounts.

Going forward, Google said it will only let cross-site cookies travel over HTTPS connections, meaning they cannot be intercepted, modified or stolen by hackers when they’re on their way to your computer.

Cookies are only a small part of how users are tracked across the web. These days it’s just as easy to take the unique fingerprints of your browser to see which sites you’re visiting.

Fingerprinting is a way for websites and advertisers to collect as much information about your browser as possible, including its plugins and extensions, and your device, such as its make, model and screen resolution, which creates a unique “fingerprint that’s unique to your device. Because they don’t use cookies, websites can look at your browser fingerprint even when you’re in incognito mode or private browsing.

Google said — without giving much away as to how — it “plans” to aggressively work against fingerprinting, but didn’t give a timeline of when the feature will roll out.

Make no mistake, Google is stepping up to the privacy plate, following in the footsteps of Apple, Mozilla and Microsoft. Now that Google’s on board, that’s two-thirds of the internet set to soon benefit.

Microsoft’s plan for Edge: Integrated IE compatibility, better privacy

Microsoft has outlined its plans for the next stage of development for the new Chromium-based Edge browser, and those plans include a trio of new features.

The first is a big nod to enterprise customers: a built-in Internet Explorer mode. Chrome has a number of extensions that accomplish much the same thing—they create a new tab in the browser and use the Internet Explorer 11 engine, rather than the Chrome engine, to draw that tab. For Edge, this capability will be built in.

Enterprises can already create a compatibility list, the Enterprise Mode Site List, which the current Edge browser uses to know which (internal, line-of-business) sites should be shown in Internet Explorer 11. The new Edge will use this same list to determine when to use Internet Explorer.

Read 3 remaining paragraphs | Comments

Windows 10’s “Sets” tabbed windows will never see the light of day

Microsoft's inspiration, evidently.

For two periods last year, those using preview builds of Windows 10 could access to a feature called Sets: a tabbed interface that was eventually to allow tabs to be put in the titlebar of just about any window. These tabs would allow both multiple copies of the same application to be combined—a tabbed Explorer or Command Prompt, say—and multiple disparate windows to be grouped—combining, say, a browser window containing research with the Word window. However, both times the feature was enabled only for a few weeks, so Microsoft could gather data, before disabling it. Sets aren’t in the Windows 10 May 2019 update.

It seems now that Sets are unlikely to ever materialize. Rich Turner, who oversees Microsoft’s revamping of the Windows command-line infrastructure and the Windows Subsystem for Linux tweeted that the interface “is no more.” Having everything tabbed everywhere isn’t going to happen. Adding tabs specifically for command-line windows is, however, “high on [Microsoft’s] to do list.”

There was initially some confusion that the tweet might have meant that some other system-wide approach to tabs was going to be used. But Turner clarified today that the command-line tabs will be purpose-built for command-line windows, not a general feature for the entire operating system.

Read 4 remaining paragraphs | Comments

Facebook makes its first browser API contribution

Facebook today announced that it has made its first major API contribution to Google’s Chrome browser. Together with Google, Facebook’s team created an API proposal to contribute code to the browser, which is a first for the company. The code, like so much of Facebook’s work on web tools and standards, focuses on making the user experience a bit smoother and faster. In this case, that means shortening the time between a click or keystroke and the browser reacting to that.

The first trial for this new system will launch with Chrome 74.

Typically, a browser’s JavaScript engine handles how code is executed and when it will halt for a moment to see if there are any pending input events that it needs to react to. Because even modern JavaScript engines that run on multi-core machines are still essentially single-threaded, the engine can only really do one thing at a time, so the trick is to figure out how to best combine code execution with checking for input events.

“Like many other sites, we deal with this issue by breaking the JavaScript up into smaller blocks. While the page is loading, we run a bit of JavaScript, and then we yield and pass control back to the browser,” the Facebook team explains in today’s announcement. “The browser can then check its input event queue and see whether there is anything it needs to tell the page about. Then the browser can go back to running the JavaScript blocks as they get added.”

Every time the browser goes through that cycle, though, and checks for new events, processes them, a bit of extra time passes. You do this too many times, and loading the page slows down. But if you only check for inputs at slower intervals, the user experience degrades as the browser takes longer to react.

To fix this, Facebook’s engineers created the isInputPending API, which eliminates this tradeoff. The API, which Facebook also brought to the W3C Web Performance Working Group, allows developers to check whether there are any inputs pending while their code is executing.

With this, the code simply checks if there’s something to react to, without having to fully yield control back to the browser and then passing it back to the JavaScript engine.

For now this is just a trial — and since developers have to integrate this into their code, it’s not something that will automatically speed up your browser once Chrome 74 launches. If the trial is successful, though, chances are developers will make use of it (and Facebook surely will do so itself) and that other browser vendors will integrate into through own engines, too.

“The process of bringing isInputPending to Chrome represents a new method of developing web standards at Facebook,” the team says. “We hope to continue driving new APIs and to ramp up our contributions to open source web browsers. Down the road, we could potentially build this API directly into React’s concurrent mode so developers would get the API benefits out of the box. In addition, isInputPending is now part of a larger effort to build scheduling primitives into the web.”

Spy on your smart home with this open source research tool

Researchers at Princeton University have built a web app that lets you (and them) spy on your smart home devices to see what they’re up to.

The open source tool, called IoT Inspector, is available for download here. (Currently it’s Mac OS only, with a wait list for Windows or Linux.)

In a blog about the effort the researchers write that their aim is to offer a simple tool for consumers to analyze the network traffic of their Internet connected gizmos. The basic idea is to help people see whether devices such as smart speakers or wi-fi enabled robot vacuum cleaners are sharing their data with third parties. (Or indeed how much snitching their gadgets are doing.)

Testing the IoT Inspector tool in their lab the researchers say they found a Chromecast device constantly contacting Google’s servers even when not in active use.

A Geeni smart bulb was also found to be constantly communicating with the cloud — sending/receiving traffic via a URL (tuyaus.com) that’s operated by a China-based company with a platform which controls IoT devices.

There are other ways to track devices like this — such as setting up a wireless hotspot to sniff IoT traffic using a packet analyzer like WireShark. But the level of technical expertise required makes them difficult for plenty of consumers.

Whereas the researchers say their web app doesn’t require any special hardware or complicated set-up so it sounds easier than trying to go packet sniffing your devices yourself. (Gizmodo, which got an early look at the tool, describes it as “incredibly easy to install and use”.)

One wrinkle: The web app doesn’t work with Safari; requiring either Firefox or Google Chrome (or a Chromium-based browser) to work.

The main caveat is that the team at Princeton do want to use the gathered data to feed IoT research — so users of the tool will be contributing to efforts to study smart home devices.

The title of their research project is Identifying Privacy, Security, and Performance Risks of Consumer IoT Devices. The listed principle investigators are professor Nick Feamster and PhD student Danny Yuxing Huang at the university’s Computer Science department.

The Princeton team says it intends to study privacy and security risks and network performance risks of IoT devices. But they also note they may share the full dataset with other non-Princeton researchers after a standard research ethics approval process. So users of IoT Inspector will be participating in at least one research project. (Though the tool also lets you delete any collected data — per device or per account.)

“With IoT Inspector, we are the first in the research community to produce an open-source, anonymized dataset of actual IoT network traffic, where the identity of each device is labelled,” the researchers write. “We hope to invite any academic researchers to collaborate with us — e.g., to analyze the data or to improve the data collection — and advance our knowledge on IoT security, privacy, and other related fields (e.g., network performance).”

They have produced an extensive FAQ which anyone thinking about running the tool should definitely read before getting involved with a piece of software that’s explicitly designed to spy on your network traffic. (tl;dr, they’re using ARP-spoofing to intercept traffic data — a technique they warn may slow your network, in addition to the risk of their software being buggy.)

The dataset that’s being harvesting by the traffic analyzer tool is anonymized and the researchers specify they’re not gathering any public-facing IP addresses or locations. But there are still some privacy risks — such as if you have smart home devices you’ve named using your real name. So, again, do read the FAQ carefully if you want to participate.

For each IoT device on a network the tool collects multiple data-points and sends them back to servers at Princeton University — including DNS requests and responses; destination IP addresses and ports; hashed MAC addresses; aggregated traffic statistics; TLS client handshakes; and device manufacturers.

The tool has been designed not to track computers, tablets and smartphones by default, given the study focus on smart home gizmos. Users can also manually exclude individual smart devices from being tracked if they’re able to power them down during set up or by specifying their MAC address.

Up to 50 smart devices can be tracked on the network where IoT Inspector is running. Anyone with more than 50 devices is asked to contact the researchers to ask for an increase to that limit.

The project team has produced a video showing how to install the app on Mac:

Hands-on: First public previews of Chromium-based Edge are now out

There's really no difference between how the Ars front page looks in Edge and Chrome.

Microsoft’s switch to using the Chromium engine to power its Edge browser was announced in December last year, and the first public preview build is out now. Canary builds, updated daily, and Dev builds, updated weekly, are available for Windows 10. Versions for other operating systems and a beta that’s updated every six weeks are promised to be coming soon.

Chromium is the open source browser project run by Google. It includes the Blink rendering engine (Google’s fork of Apple’s WebKit), V8 JavaScript engine, Google’s software-based sandboxing, and the browser user interface. Google builds on Chromium for its Chrome browser, and a number of third-party browsers, including Opera, Vivaldi, and Brave, also use Chromium.

As a result, every Chromium browser offers more or less the same performance and Web compatibility. Indeed, this is a big part of why Microsoft made the switch: the company had grown tired of updating its own EdgeHTML engine to ensure it behaved identically to Chrome and is now offering Chrome-equivalent behavior in the most direct way possible. I’ve been using a version 74 build (which is a little out of date at this point) for the last week, and I have yet to see any difference between Edge and Chromium Dev when it comes to displaying Web pages. In principle, a page could treat Edge differently (it reports its identity as a rather ugly “Edg/74.1.96.14”; I’m presuming the misspelling is an attempt to ensure it isn’t identified as a variation of the current Edge browser), but in general there’s little reason to do so.

Read 5 remaining paragraphs | Comments

Here’s the first official preview of Microsoft’s Chromium-based Edge browser

Microsoft today launched the first official version of its Edge browser with the Chromium engine for Windows 10. You can now download the first developer and canary builds here. The canary builds will get daily updates and the developer builds will see weekly updates. Over time, you’ll also be able to opt in to the beta channel and, eventually, the stable channel.

The company first announced this project last December and the news obviously created quite a stir, given that Microsoft was abandoning its own browser engine development in favor of using an open-source engine — and one that is still very much under the control of Google. With that, we’re now down to two major browser engines: Google’s Chromium and Mozilla’s Gecko.

I used the most recent builds for the last week or so. Maybe the most remarkable thing about using Microsoft’s new Chromium-based Edge browser is how unremarkable it feels. It’s a browser and it (with the exceptions of a few bugs you’d expect to see in a first release) works just like you’d expect it to. That’s a good thing, in that if you’re a Windows user, you could easily use the new Edge as your default browser and would be just fine. On the other hand — at least at this stage of the project — there’s also very little that differentiates Edge with Chromium from Google’s own Chrome browser.

That will change over time, though, with more integrations into the Windows ecosystem. For now, this is very much a first preview and meant to give web and extensions developers a platform for testing their sites and tools.

There are a few points of integration with Microsoft’s other services available already, though. Right now, when you install the Edge preview builds, you get the option to choose your new tab layout. The choices are a very simple new tab layout that only presents a search bar and a few bookmarks and a variation with a pretty picture in the background, similar to what you’d see on Bing. There is, however, also another option that highlights recent news from Microsoft News, with the option to personalize what you see on that page.

Microsoft also says that it plans to improve tab management and other UI features as it looks at how it can differentiate its browser from the rest.

In this first preview, some of the syncing features are also already in place, but there are a few holes here. So while bookmarks sync, extensions, your browsing history, settings, open tabs, addresses and passwords do not. That’ll come in some of the next builds, though.

Right now, the only search engine that’s available is Bing. That, too, will obviously change in upcoming builds.

Microsoft tells me that it prioritized getting a full end-to-end browser code base to users and setting up the engineering systems that will allow it to both push regular updates outside of the Windows update cycle and to pull in telemetry data from its users.

Most of the bugs I encountered where minor. Netflix, though, regularly gave me trouble. While all other video services I tried worked just fine, the Netflix homepage often stuttered and became unresponsive for a few seconds.

That was the exception, though. In using the new Edge as my default browser for almost a week, I rarely ran into similar issues and a lot of things ‘just work’ already. You can read PDFs in the browser, just like you’d expect. Two-factor authentication with a Yubikey to get into Gmail works without an issue. Even complex web apps run quickly and without any issues. The extensions I regularly use, including LastPass, worked seamlessly, no matter whether I installed them from the Google store or Microsoft’s library.

I also ran a few benchmarks and unsurprisingly, Edge and the latest version of Chrome tend to score virtually the same results. It’s a bit too early in the development process to really focus on benchmarks, but the results are encouraging.

With this release, we’re also getting our first official look at using extensions in the new Edge. Unsurprisingly, Microsoft will offer its own extension store, but with the flip of a switch in the settings, you’ll also be able to install and use extensions from third-party marketplaces, meaning the Chrome Web Store. Extension developers who want to add their tools to the Microsoft marketplace can basically take their existing Chrome extensions and use those

Microsoft’s promise, of course, is that it will also bring the new Edge to Windows 7 and Windows 8, as well as the Mac. For now, though, this first version is only available on 64-bit versions of Windows 10. Those are in the works, but Microsoft says they simply aren’t quite as far along as the Windows 10 edition. This first release is also English-only, with localized versions coming soon, though.

While anybody can obviously download this release and give it a try, Microsoft stressed that if you’re not a tech enthusiast, it really isn’t for you. This first release is very much meant for a technical audience. In a few months, though, Microsoft will surely start launching more fully-featured beta versions and by that time, the browser will likely be ready for a wider audience. Still, though, if you want to give it a try, nobody is stopping you today, no matter your technical expertise.