Read more of this story at Slashdot.

Enlarge (credit: Fitbit)

Google's continued abuse of the Fitbit brand is continuing with the shutdown of the web dashboard. Fitbit.com used to be both a storefront and a way for users to get a big-screen UI to sift through reams of fitness data. The store closed up shop in April, and now the web dashboard is dying in July.

In a post on the "Fitbit Community" forums, the company said: "Next month, we’re consolidating the Fitbit.com dashboard into the Fitbit app. The web browser will no longer offer access to the Fitbit.com dashboard after July 8, 2024." That's it. There's no replacement or new fitness thing Google is more interested in; web functionality is just being removed. Google, we'll remind you, used to be a web company. Now it's a phone app or nothing. Google did the same thing to its Google Fit product in 2019, killing off the more powerful website in favor of an app focus.

Dumping the web app leaves a few holes in Fitbit's ecosystem. The Fitbit app doesn't support big screens like tablet devices, so this is removing the only large-format interface for data. Fitbit's competitors all have big-screen interfaces. Garmin has a very similar website, and the Apple Watch has an iPad health app. This isn't an improvement. To make matters worse, the app does not have the features of the web dashboard, with many of the livid comments in the forums on Reddit calling out the app's deficiencies in graphing, achievement statistics, calorie counting, and logs.

Read 1 remaining paragraphs | Comments

Surprisingly quietly, in the middle of Apple’s WWDC, Google’s ChromeOS team has made a rather massive announcement that seems to be staying a bit under the radar. Google is announcing today that it is replacing many of ChromeOS’ current relatively standard Linux-based subsystems with the comparable subsystems from Android.

To continue rolling out new Google AI features to users at a faster and even larger scale, we’ll be embracing portions of the Android stack, like the Android Linux kernel and Android frameworks, as part of the foundation of ChromeOS. We already have a strong history of collaboration, with Android apps available on ChromeOS and the start of unifying our Bluetooth stacks as of ChromeOS 122.

↫ Prajakta Gudadhe and Alexander Kuscher on the Chromium blog

The benefits to Google here are obvious: instead of developing and maintaining two variants of the Linux kernel and various related subsystems, they now only have to focus on one, saving money and time. It will also make it easier for both platforms to benefit from new features and bugfixes, which should benefit users of both platforms quite a bit.

As mentioned in the snippet, the first major subsystem in ChromeOS to be replaced by its Android counterpart is Bluetooth. ChromeOS was using the BlueZ Bluetooth stack, the same one used by most (all?) Linux distributions today, which was initially developed by Qualcomm, but has now switched over to using Fluoride, the one from Android.

According to Google, Fluoride has a number of benefits over BlueZ. It runs almost entirely in userspace, as opposed to BlueZ, where more than 50% of the code resides in the kernel. In addition, Fluoride is written in Rust, and Google claims it has a simpler architecture, making it easier to perform testing. Google also highlights that Fluoride has a far larger userbase – i.e., all Android users – which also presents a number of benefits.

Google performed internal tests to measure the improvements as a result from switching ChromeOS from BlueZ to Fluoride, and the test results speak for themselves – pairing is faster, pairing fails less often, and reconnecting an already paired device fails less often. With Bluetooth being a rather problematic technology to use, any improvements to the user experience are welcome.

At the end of Google’s detailed blog post about the switch to Fluoride, the company notes that it intends for the project as whole – which is called Project Floss – to be a standalone open source project, capable of running on any Linux distribution.

↫ Russ Lindsay, Abhishek Pandit-Subedi, Alain Michaud, and Loic Wei Yu Neng on the chromeOS dev website

We aspire to position Project Floss as a standalone open source project that can reach beyond the walls of Google’s own operating system in a way where we can maximize the overall value and agility of the larger Bluetooth ecosystem. We also intend to support the Linux community as a whole with the goal that Floss can easily run on most Linux distributions.

If Fluoride can indeed deliver tangible, measurable benefits in Bluetooth performance on Linux desktops, I have no doubt quite a few distributions will be more than willing to switch over. Bluetooth is used a lot, and if Fedora, Ubuntu, Arch, and so on, can improve the Bluetooth experience by switching over, I’m pretty sure they will, or at least consider doing so.

The zero-day is tagged as CVE-2024-32896 and described as an elevation of privilege issue in Pixel Firmware.

The post Google Warns of Pixel Firmware Zero-Day Under Limited, Targeted Exploitation appeared first on SecurityWeek.

Read more of this story at Slashdot.

Enlarge / The Pixel 8. (credit: Google)

Google's June Android update is out, and it's bringing a few notable changes for Pixel phones. The most interesting is that the Pixel 8a, Pixel 8, and Pixel 8 Pro are all getting DisplayPort Alt Mode capabilities via their USB-C ports. This means you can go from USB-C to DisplayPort and plug right into a TV or monitor. This has been rumored forever and landed in some of the Android Betas earlier, but now it's finally shipping out to production.

The Pixel 8's initial display support is just a mirrored mode. You can either get an awkward vertical phone in the middle of your wide-screen display or turn the phone sideways and get a more reasonable layout. You could see it being useful for videos or presentations. It would be nice if it could do more.

Alongside this year-plus of display port rumors has been a steady drum beat (again) for an Android desktop mode. Google has been playing around with this idea since Android 7.0 in 2016. In 2019, we were told it was just a development testing project, and it never shipped to any real devices. Work around Android's desktop mode has been heating up, though, so maybe a second swing at this idea will result in an actual product.

Read 3 remaining paragraphs | Comments

Enlarge / He isn't using an iPhone, but some people talk to Siri like this.

On Monday, Apple premiered "Apple Intelligence" during a wide-ranging presentation at its annual Worldwide Developers Conference in Cupertino, California. However, the heart of its new tech, an array of Apple-developed AI models, was overshadowed by the announcement of ChatGPT integration into its device operating systems.

Since rumors of the partnership first emerged, we've seen confusion on social media about why Apple didn't develop a cutting-edge GPT-4-like chatbot internally. Despite Apple's year-long development of its own large language models (LLMs), many perceived the integration of ChatGPT (and opening the door for others, like Google Gemini) as a sign of Apple's lack of innovation.

"This is really strange. Surely Apple could train a very good competing LLM if they wanted? They've had a year," wrote AI developer Benjamin De Kraker on X. Elon Musk has also been grumbling about the OpenAI deal—and spreading misconceptions about it—saying things like, "It’s patently absurd that Apple isn’t smart enough to make their own AI, yet is somehow capable of ensuring that OpenAI will protect your security & privacy!"

Read 19 remaining paragraphs | Comments

Read more of this story at Slashdot.

Microsoft and Google will provide free or low-cost cybersecurity tools and services to rural hospitals in the United States at a time when health care facilities are coming under increasing attack by ransomware gangs and other threat groups. For independent rural and critical access hospitals, Microsoft will provide grants and as much as 75% discounts..

The post Microsoft, Google Come to the Aid of Rural Hospitals appeared first on Security Boulevard.

Enlarge / Google Pay is dead! (credit: Aurich Lawson / Ars Technica)

Google has killed off the Google Pay app. 9to5Google reports Google's old payments app stopped working recently, following shutdown plans that were announced in February. Google is shutting down the Google Pay app in the US, while in-store NFC payments seem to still be branded "Google Pay." Remember, this is Google's dysfunctional payments division, so all that's happening is Google Payment app No. 3 (Google Pay) is being shut down in favor of Google Payment app No. 4 (Google Wallet). The shutdown caps off the implosion of Google's payments division after a lot of poor decisions and failed product launches.

Google's NFC payment journey started in 2011 with Google Wallet (apps No. 1 and No. 4 are both called Google Wallet). In 2011, Google was a technology trailblazer and basically popularized the idea of paying for something with your phone in many regions (with the notable exception of Japan). Google shipped the first non-Japanese phones with the feature, fought carriers trying to stop phone payments from happening, and begged stores to get new, compatible terminals. Google's entire project was blown away when Apple Pay launched in 2014, and Google's response was its second payment app, Android Pay, in 2015. This copied much of Apple's setup, like sending payment tokens instead of the actual credit card number. Google Pay was a rebrand of this setup and arrived in 2018.

The 2018 version of Google Pay was a continuation of the Android Pay codebase, which was a continuation of the Google Wallet codebase. Despite all the rebrands, Google's payment apps were an evolution, and none of the previous apps were really "shut down"—they were in-place upgrades. Everything changed in 2021 when a new version of Google Pay was launched, which is when Google's payment division started to go off the rails.

Read 6 remaining paragraphs | Comments

Microsoft and Google Cybersecurity Plans for Rural Hospitals

• Nonprofit pricing and discounts of up to 75% on Microsoft's security products for independent Critical Access Hospitals and Rural Emergency Hospitals.
• Larger rural hospitals already equipped with eligible Microsoft solutions will receive free advanced security suites for free.
• Free Windows 10 security updates for participating rural hospitals for at least one year.
• Cybersecurity assessments and training are being made free to hospital employees to help them better manage system security.

“Cyber-attacks against the U.S. healthcare systems rose 130% in 2023, forcing hospitals to cancel procedures and impacting Americans’ access to critical care. Rural hospitals are particularly hard hit as they are often the sole source of care for the communities they serve and lack trained cyber staff and modern cyber defenses. President Biden is committed to every American having access to the care they need, and effective cybersecurity is a part of that. So, we’re excited to work with Microsoft to launch cybersecurity programs that will provide training, advice and technology to help America’s rural hospitals be safe online.”

Plans Are Part of Broader National Effort

Read more of this story at Slashdot.

Enlarge (credit: Getty Images | Justin Sullivan )

Google has achieved its goal of avoiding a jury trial in one antitrust case after sending a $2.3 million check to the US Department of Justice. Google will face a bench trial, a trial conducted by a judge without a jury, after a ruling today that the preemptive check is big enough to cover any damages that might have been awarded by a jury.

"I am satisfied that the cashier's check satisfies any damages claim," US District Judge Leonie Brinkema said after a hearing in the Eastern District of Virginia on Friday, according to Bloomberg. "A fair reading of the expert reports does not support" a higher amount, Brinkema said.

The check was reportedly for $2,289,751. "Because the damages are no longer part of the case, Brinkema ruled a jury is no longer needed and she will oversee the trial, set to begin in September," according to Bloomberg.

Read 12 remaining paragraphs | Comments

Google announced that it will reduce the amount of personal data it is storing by automatically deleting old data from “Timeline”—the feature that, previously named “Location History,” tracks user routes and trips based on a phone’s location, allowing people to revisit all the places they’ve been in the past.

In an email, Google told users that they will have until December 1, 2024 to save all travels to their mobile devices before the company starts deleting old data. If you use this feature, that means you have about five months before losing your location history.

Moving forward, Google will link the Location information to the devices you use, rather than to the user account(s). And, instead of backing up your data to the cloud, Google will soon start to store it locally on the device.

As I pointed out years ago, Location History allowed me to “spy” on my wife’s whereabouts without having to install anything on her phone. After some digging, I learned that my Google account was added to my wife’s phone’s accounts when I logged in on the Play Store on her phone. The extra account this created on her phone was not removed when I logged out after noticing the tracking issue.

That issue should be solved by implementing this new policy. (Let’s remember, though, that this is an issue that Google formerly considered a feature rather than a problem.)

Once effective, unless you take action and enable the new Timeline settings by December 1, Google will attempt to move the past 90 days of your travel history to the first device you sign in to your Google account on. If you want to keep using Timeline:

• Open Google Maps on your device.
• Tap your profile picture (or initial) in the upper right corner.
• Choose Your Timeline.
• Select whether to keep you want to keep your location data until you manually delete it or have Google auto-delete it after 3, 18, or 36 months.

In April of 2023, Google Play launched a series of initiatives that gives users control over the way that separate, third-party apps stored data about them. This was seemingly done because Google wanted to increase transparency and control mechanisms for people to control how apps would collect and use their data.

With the latest announcement, it appears that Google is finally tackling its own apps.

Only recently, Google agreed to purge billions of records containing personal information collected from more than 136 million people in the US surfing the internet using its Chrome web browser. But this was part of a settlement in a lawsuit accusing the search giant of illegal surveillance.

It’s nice to see the needle move in the good direction for a change. As Bruce Schneier pointed out in his article Online Privacy and Overfishing:

“Each successive generation of the public is accustomed to the privacy status quo of their youth. What seems normal to us in the security community is whatever was commonplace at the beginning of our careers.”

This has led us all to a world where we don’t even have the expectation of privacy anymore when it comes to what we do online or when using modern technology in general.

If you want to take firmer control over how your location is tracked and shared, we recommend reading How to turn off location tracking on Android.

We don’t just report on privacy—we offer you the option to use it.

Privacy risks should never spread beyond a headline. Keep your online privacy yours by using Malwarebytes Privacy VPN.

Read more of this story at Slashdot.

Cybersecurity Clinics Aim At Building Resilient Workforce

• Tougaloo College
• Turtle Mountain Community College
• University of Hawai’i Maui College
• Cyber Center of Excellence (CCOE), San Diego State University (SDSU), California State University San Marcos (CSUSM) and National University
• West Virginia State University
• Dakota State University
• University of North Carolina Greensboro
• University of Arizona
• Franklin Cummings Tech
• Spelman College
• NSI CTC - HUSB
• Northeastern State University in Oklahoma
• Trident Technical College
• Eastern Washington University
• The University of Texas at El Paso

• University of Texas at San Antonio
• UC Berkeley
• Rochester Institute of Technology
• Massachusetts Institute of Technology
• Stillman College
• Indiana University
• University of Nevada, Las Vegas
• The University of Alabama
• University of Georgia
• University of Texas at Austin

Clinics Attempt to Focus on Diversity and Inclusivity

Enlarge (credit: Getty Images)

On Tuesday, a group of former OpenAI and Google DeepMind employees published an open letter calling for AI companies to commit to principles allowing employees to raise concerns about AI risks without fear of retaliation. The letter, titled "A Right to Warn about Advanced Artificial Intelligence," has so far been signed by 13 individuals, including some who chose to remain anonymous due to concerns about potential repercussions.

The signatories argue that while AI has the potential to deliver benefits to humanity, it also poses serious risks that include "further entrenchment of existing inequalities, to manipulation and misinformation, to the loss of control of autonomous AI systems potentially resulting in human extinction."

They also assert that AI companies possess substantial non-public information about their systems' capabilities, limitations, and risk levels, but currently have only weak obligations to share this information with governments and none with civil society.

Read 8 remaining paragraphs | Comments

Enlarge / Pixel devices. (credit: Google)

Google has changed its repair policy in response to criticism from repair advocate Louis Rossmann. Rossmann dug through the Google Store's "Service & Repair Program Terms & Conditions" for its first-party mail-in repair service and found the same style of onerous bans on third-party parts that Samsung was recently caught using. Section D, article 4 of the terms include the rather incredible line "Unauthorized Parts: You will not send in a Device containing non-Google-authorized parts – if You do, Your Device will not be returned to you." That's right, according to the terms, Google would keep a device sent in for repair, and you wouldn't get it back.

We asked Google for a comment on Rossmann's video, and a spokesperson says the terms will be updated:

If a customer sends their Pixel to Google for repair, we would not keep it regardless of whether it has non-OEM parts or not. In certain situations, we won't be able to complete a repair if there are safety concerns. In that case, we will either send it back to the customer or work with them to determine next steps. Customers are also free to seek the repair options that work best for them. We are updating our Terms and Conditions to clarify this.

That sounds a lot more reasonable.

Read 4 remaining paragraphs | Comments

Enlarge (credit: Aurich Lawson | Getty Images)

Last month, we looked into some of the most incorrect, dangerous, and downright weird answers generated by Google's new AI Overviews feature. Since then, Google has offered a partial apology/explanation for generating those kinds of results and has reportedly rolled back the feature's rollout for at least some types of queries.

But the more I've thought about that rollout, the more I've begun to question the wisdom of Google's AI-powered search results in the first place. Even when the system doesn't give obviously wrong results, condensing search results into a neat, compact, AI-generated summary seems like a fundamental misunderstanding of how people use Google in the first place.

Reliability and relevance

When people type a question into the Google search bar, they only sometimes want the kind of basic reference information that can be found on a Wikipedia page or corporate website (or even a Google information snippet). Often, they're looking for subjective information where there is no one "right" answer: "What are the best Mexican restaurants in Santa Fe?" or "What should I do with my kids on a rainy day?" or "How can I prevent cheese from sliding off my pizza?"

Read 13 remaining paragraphs | Comments

We warned you. As of June 3, Google is following through on its threat to kill ad blockers. Privacy-focused Chrome extensions are living on borrowed time; developers must upgrade to the less capable “Manifest V3” API.

The post Google Hates Ad Blockers: Manifest V3 Push Starts Today appeared first on Security Boulevard.

Enlarge (credit: Getty Images | Alexander Koerner)

Google apparently accidentally posted a big stash of internal technical documents to GitHub, partially detailing how the search engine ranks webpages. For most of us, the question of search rankings is just "are my web results good or bad," but the SEO community is both thrilled to get a peek behind the curtain and up in arms since the docs apparently contradict some of what Google has told them in the past. Most of the commentary on the leak is from SEO experts Rand Fishkin and Mike King.

Google confirmed the authenticity of the documents to The Verge, saying, “We would caution against making inaccurate assumptions about Search based on out-of-context, outdated, or incomplete information. We’ve shared extensive information about how Search works and the types of factors that our systems weigh, while also working to protect the integrity of our results from manipulation.”

The fun thing about accidentally publishing to the GoogleAPI GitHub is that, while these are sensitive internal documents, Google technically released them under an Apache 2.0 license. That means anyone who stumbled across the documents was granted a "perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license" to them, so these are freely available online now, like here.

Read 5 remaining paragraphs | Comments

If, for some reason, you’re still using Chrome or one of the browsers that put a little hat on Chrome and call it a different browser, the time you’re going to want to consider switching to the only real alternative – Firefox – is getting closer and closer. Yesterday, Google has announced that the end of Manifest V2 is now truly here.

Starting on June 3 on the Chrome Beta, Dev and Canary channels, if users still have Manifest V2 extensions installed, some will start to see a warning banner when visiting their extension management page – chrome://extensions – informing them that some (Manifest V2) extensions they have installed will soon no longer be supported. At the same time, extensions with the Featured badge that are still using Manifest V2 will lose their badge.

This will be followed gradually in the coming months by the disabling of those extensions. Users will be directed to the Chrome Web Store, where they will be recommended Manifest V3 alternatives for their disabled extension. For a short time after the extensions are disabled, users will still be able to turn their Manifest V2 extensions back on, but over time, this toggle will go away as well.

↫ David Li on the Chromium blog

In case you’ve been asleep at the wheel – and if you’re still using Chrome, you most likely are – Manifest V3 will heavily limit what content blockers can do, making them less effective at things like blocking ads. In a move that surprises absolutely nobody, it’s not entirely coincidental that Manifest V3 is being pushed hard by Google, the world’s largest online advertising company. While Google claims all the major content blockers have Manifest V3 versions available, the company fails to mention that they carry monikers such as “uBlock Origin Lite”, to indicate they are, well, shittier at their job than their Manifest V2 counterparts.

I can’t make this any more clear: switch to Firefox. Now. While Firefox and Mozilla sure aren’t perfect, they have absolutely zero plans to phase out Manifest V2, and the proper, full versions of content blockers will continue to work. As the recent leaks have made very clear, Chrome is even more of a vehicle for user tracking and ad targeting than we already knew, and with the deprecation of Manifest V2 from Chrome, Google is limiting yet another avenue for blocking ads.

OSNews has ads, and they are beyond my control, since our ads are managed by OSNews’ owner, and not by me. My position has always been clear: your computer, your rules. Nobody has any right to display ads on your computer, using your bandwidth, using your processor cycles, using your pixels. Sure, it’d be great if we could earn some income through ads, but we’d greatly prefer you become a Patreon (which removes ads) or make an individual donation to support OSNews and keep us alive that way instead.

Enlarge / The Google "G" logo surrounded by whimsical characters, all of which look stunned and surprised. (credit: Google)

On Thursday, Google capped off a rough week of providing inaccurate and sometimes dangerous answers through its experimental AI Overview feature by authoring a follow-up blog post titled, "AI Overviews: About last week." In the post, attributed to Google VP Liz Reid, head of Google Search, the firm formally acknowledged issues with the feature and outlined steps taken to improve a system that appears flawed by design, even if it doesn't realize it is admitting it.

To recap, the AI Overview feature—which the company showed off at Google I/O a few weeks ago—aims to provide search users with summarized answers to questions by using an AI model integrated with Google's web ranking systems. Right now, it's an experimental feature that is not active for everyone, but when a participating user searches for a topic, they might see an AI-generated answer at the top of the results, pulled from highly ranked web content and summarized by an AI model.

While Google claims this approach is "highly effective" and on par with its Featured Snippets in terms of accuracy, the past week has seen numerous examples of the AI system generating bizarre, incorrect, or even potentially harmful responses, as we detailed in a recent feature where Ars reporter Kyle Orland replicated many of the unusual outputs.

Read 11 remaining paragraphs | Comments

Enlarge / Someone really likes Google Chrome. (credit: Isaac Bowen / Flickr)

Google Chrome will be shutting down its older, more capable extension system, Manifest V2, in favor of exclusively using the more limited Manifest V3. The deeply controversial Manifest V3 system was announced in 2019, and the full switch has been delayed a million times, but now Google says it's really going to make the transition: As previously announced, the phase-out of older Chrome extensions is starting next week.

Google Chrome has been working toward a plan for a new, more limited extension system for a while now. Google says it created "Manifest V3" extensions with the goal of "improving the security, privacy, performance, and trustworthiness of the extension ecosystem."

Other groups don't agree with Google's description, like the Electronic Frontier Foundation (EFF), which called Manifest V3 "deceitful and threatening" back when it was first announced in 2019, saying the new system "will restrict the capabilities of web extensions—especially those that are designed to monitor, modify, and compute alongside the conversation your browser has with the websites you visit." It has a whole article out detailing how Manifest V3 won't help security.

Read 6 remaining paragraphs | Comments

Enlarge (credit: Getty Images)

On Thursday, several major tech companies, including Google, Intel, Microsoft, Meta, AMD, Hewlett-Packard Enterprise, Cisco, and Broadcom, announced the formation of the Ultra Accelerator Link (UALink) Promoter Group to develop a new interconnect standard for AI accelerator chips in data centers. The group aims to create an alternative to Nvidia's proprietary NVLink interconnect technology, which links together multiple servers that power today's AI applications like ChatGPT.

The beating heart of AI these days lies in GPUs, which can perform massive numbers of matrix multiplications—necessary for running neural network architecture—in parallel. But one GPU often isn't enough for complex AI systems. NVLink can connect multiple AI accelerator chips within a server or across multiple servers. These interconnects enable faster data transfer and communication between the accelerators, allowing them to work together more efficiently on complex tasks like training large AI models.

This linkage is a key part of any modern AI data center system, and whoever controls the link standard can effectively dictate which hardware the tech companies will use. Along those lines, the UALink group seeks to establish an open standard that allows multiple companies to contribute and develop AI hardware advancements instead of being locked into Nvidia's proprietary ecosystem. This approach is similar to other open standards, such as Compute Express Link (CXL)—created by Intel in 2019—which provides high-speed, high-capacity connections between CPUs and devices or memory in data centers.

Read 5 remaining paragraphs | Comments

Enlarge

Earlier this month, Google Cloud experienced one of its biggest blunders ever when UniSuper, a $135 billion Australian pension fund, had its Google Cloud account wiped out due to some kind of mistake on Google's end. At the time, UniSuper indicated it had lost everything it had stored with Google, even its backups, and that caused two weeks of downtime for its 647,000 members. There were joint statements from the Google Cloud CEO and UniSuper CEO on the matter, a lot of apologies, and presumably a lot of worried customers who wondered if their retirement fund had disappeared.

In the immediate aftermath, the explanation we got was that "the disruption arose from an unprecedented sequence of events whereby an inadvertent misconfiguration during provisioning of UniSuper’s Private Cloud services ultimately resulted in the deletion of UniSuper’s Private Cloud subscription." Two weeks later, Google Cloud's internal review of the problem is finished, and the company has a blog post up detailing what happened.

Google has a "TL;DR" at the top of the post, and it sounds like a Google employee got an input wrong.

Read 5 remaining paragraphs | Comments

Read 4 remaining paragraphs | Comments

Enlarge (credit: Jose A. Bernat Bacete | Moment)

Google needs to pump the brakes when it comes to tracking sensitive information shared with DMV sites, a new lawsuit suggests.

Filing a proposed class-action suit in California, Katherine Wilson has accused Google of using Google Analytics and DoubleClick trackers on the California DMV site to unlawfully obtain information about her personal disability without her consent.

This, Wilson argued, violated the Driver’s Privacy Protection Act (DPPA), as well as the California Invasion of Privacy Act (CIPA), and impacted perhaps millions of drivers who had no way of knowing Google was collecting sensitive information shared only for DMV purposes.

Read 22 remaining paragraphs | Comments

Source: www.bleepingcomputer.com – Author: Bill Toulas Over 90 malicious Android apps were found installed over 5.5 million times through Google Play to deliver malware and adware, with the Anatsa banking trojan seeing a recent surge in activity. Anatsa (aka “Teabot”) is a banking trojan that targets over 650 applications of financial institutions in Europe, the US, the […]

La entrada Over 90 malicious Android apps with 5.5M installs found on Google Play – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.darkreading.com – Author: Dark Reading Staff 1 Min Read Source: dpa picture alliance via Alamy Stock Photo Google has released an update from its Chrome team for a high-severity security flaw, tracked as CVE-2024-5274, that actively exists in the wild. The bug is classified as critical and is a type confusion vulnerability in the […]

La entrada Google Discovers Fourth Zero-Day in Less Than a Month – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

But Google results are a zero-sum game. If the search engine sends traffic to one site, it has to take it from another, and the effects on the losers in this Reddit equation are just as dramatic. “Google’s just committing war on publisher websites,” Ray says. “It’s almost as if Google designed an algorithm update to specifically go after small bloggers. I’ve talked to so many people who’ve just had everything wiped out,” she says.

A number of website owners and search experts who spoke to the BBC said there’s been a general shift in Google results towards websites with big established brands, and away from small and independent sites, that seems totally disconnected from the quality of the content.

↫ Thomas Germain at the BBC

These stories are coming out left, right, and centre now – and the stories are heartbreaking. Websites that publish truly quality content with honest, valuable, real reviews are now not only having to combat the monster of Google’s own creation – SEO spam websites – but also Google itself, who has started downranking them in favour of fucksmith on Reddit. Add to that the various “AI” boxes and answers Google is adding to its site, and the assault on quality content is coming from all angles.

I don’t look at our numbers or traffic sources, since I don’t want to be influenced by any of that stuff. I don’t think OSNews really lives or dies by a constant flow of Google results, but if we do, there’s really not much I can do about it anyway. Google Search once gaveth, and ever since that fateful day it’s mostly been Google Search taketh. I can’t control it, so I’m not going to worry about it. All I can do is keep the site updated, point out we really do need your support on Patreon and Ko-Fi – to keep OSNews running, and perhaps maybe ever going ad-free entirely – and hope for the best.

I do feel for the people who still make quality content on the web, though – especially people like the ones mentioned in the linked BBC article, who set up an entire business around honest, quality reviews of something as mundane as air purifiers. It must be devastating to see all you’ve worked for destroyed by SEO spam, fucksmith on Reddit, and answers from an “AI” high on crack.

Enlarge / The now-normal "AI" results versus the old-school "Web" results. (credit: Ron Amadeo / Google)

If you're tired of Google's AI Overview extracting all value from the web while also telling people to eat glue or run with scissors, you can turn it off—sort of. Google has been telling people its AI box at the top of search results is the future, and you can't turn it off, but that ignores how Google search works: A lot of options are powered by URL parameters. That means you can turn off AI search with this one simple trick! (Sorry.)

Our method for killing AI search is defaulting to the new "web" search filter, which Google recently launched as a way to search the web without Google's alpha-quality AI junk. It's actually pretty nice, showing only the traditional 10 blue links, giving you a clean (well, other than the ads), uncluttered results page that looks like it's from 2011. Sadly, Google's UI doesn't have a way to make "web" search the default, and switching to it means digging through the "more" options drop-down after you do a search, so it's a few clicks deep.

Check out the URL after you do a search, and you'll see a mile-long URL full of esoteric tracking information and mode information. We'll put each search result URL parameter on a new line so the URL is somewhat readable:

Read 6 remaining paragraphs | Comments

Source: securityaffairs.com – Author: Pierluigi Paganini Google fixes eighth actively exploited Chrome zero-day this year, the third in a month Google rolled out a new emergency security update to fix another actively exploited zero-day vulnerability in the Chrome browser. Google has released a new emergency security update to address a new vulnerability, tracked as CVE-2024-5274, […]

La entrada Google fixes eighth actively exploited Chrome zero-day this year, the third in a month – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

• CVE-2024-0519: Out-of-bounds memory access in V8
• CVE-2024-2886: Use-after-free in WebCodecs (presented at Pwn2Own 2024)
• CVE-2024-2887: Type confusion in WebAssembly (presented at Pwn2Own 2024)
• CVE-2024-3159: Out-of-bounds memory access in V8 (presented at Pwn2Own 2024)
• CVE-2024-4671 - Use-after-free in Visuals
• CVE-2024-4761 - Out-of-bounds write in V8
• CVE-2024-4947 - Type confusion in V8

Opera Rolled-Out Update to Fix Chrome Zero-Day

Dear Opera Users! The latest stable release of Opera – 110.0.5130.39, incorporates a crucial 0-day fix for CVE-2024-5274, enhancing user security. This update ensures safer browsing for everyone.

Enlarge / This is fine. (credit: Getty Images)

If you use Google regularly, you may have noticed the company's new AI Overviews providing summarized answers to some of your questions in recent days. If you use social media regularly, you may have come across many examples of those AI Overviews being hilariously or even dangerously wrong.

Factual errors can pop up in existing LLM chatbots as well, of course. But the potential damage that can be caused by AI inaccuracy gets multiplied when those errors appear atop the ultra-valuable web real estate of the Google search results page.

"The examples we've seen are generally very uncommon queries and aren’t representative of most people’s experiences," a Google spokesperson told Ars. "The vast majority of AI Overviews provide high quality information, with links to dig deeper on the web."

Read 18 remaining paragraphs | Comments

Source: go.theregister.com – Author: Team Register A Google security bigwig has had enough of federally mandated phishing tests, saying they make colleagues hate IT teams for no added benefit. Matt Linton leads Google’s security response and incident management division. Tasked with rolling out phishing exercises every year, he believes tests should be replaced by the […]

La entrada Google guru roasts useless phishing tests, calls for fire drill-style overhaul – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Enlarge (credit: Getty Images)

Bing, Microsoft's search engine platform, went down in the very early morning today. That meant that searches from Microsoft's Edge browsers that had yet to change their default providers didn't work. It also meant that services relying on Bing's search API—Microsoft's own Copilot, ChatGPT search, Yahoo, Ecosia, and DuckDuckGo—similarly failed.

Services were largely restored by the morning Eastern work hours, but the timing feels apt, concerning, or some combination of the two. Google, the consistently dominating search platform, just last week announced and debuted AI Overviews as a default addition to all searches. If you don't want an AI response but still want to use Google, you can hunt down the new "Web" option in a menu, or you can, per Ernie Smith, tack "&udm=14" onto your search or use Smith's own "Konami code" shortcut page.

If dismay about AI's hallucinations, power draw, or pizza recipes concern you—along with perhaps broader Google issues involving privacy, tracking, news, SEO, or monopoly power—most of your other major options were brought down by a single API outage this morning. Moving past that kind of single point of vulnerability will take some work, both by the industry and by you, the person wondering if there's a real alternative.

Read 11 remaining paragraphs | Comments

Read 1 remaining paragraphs | Comments

Last week, Google unveiled a new little feature in Google Search, called “Web”. Residing alongside the various other options like “All”, “Images”, “Video”, and so on, its goal is to effectively strip Google Search results from everything we generally don’t like, and just present a list of actual links to actual websites. It turns out it’s quite simple to set this as your default search “engine” in your browser, so somebody made a website to make that process a little easier.

On May 15th Google released a new “Web” filter that removes “AI Overview” and other clutter, leaving only traditional web results. Here is how you can set “Google Web” as your default search engine.

↫ TenBlueLinks.org

It’s important to note that this is not some separate search engine, and that no data is flowing any differently than when using regular Google. All this does is append the parameter UDM=14 to the URL, which loads the option “Web”.

From Slashdot:

Apple and Google have launched a new industry standard called “Detecting Unwanted Location Trackers” to combat the misuse of Bluetooth trackers for stalking. Starting Monday, iPhone and Android users will receive alerts when an unknown Bluetooth device is detected moving with them. The move comes after numerous cases of trackers like Apple’s AirTags being used for malicious purposes.

Several Bluetooth tag companies have committed to making their future products compatible with the new standard. Apple and Google said they will continue collaborating with the Internet Engineering Task Force to further develop this technology and address the issue of unwanted tracking.

This seems like a good idea, but I worry about false alarms. If I am walking with a friend, will it alert if they have a Bluetooth tracking device in their pocket?

This week on the Lock and Code podcast…

The irrigation of the internet is coming.

For decades, we’ve accessed the internet much like how we, so long ago, accessed water—by traveling to it. We connected (quite literally), we logged on, and we zipped to addresses and sites to read, learn, shop, and scroll. 

Over the years, the internet was accessible from increasingly more devices, like smartphones, smartwatches, and even smart fridges. But still, it had to be accessed, like a well dug into the ground to pull up the water below.

Moving forward, that could all change.

This year, several companies debuted their vision of a future that incorporates Artificial Intelligence to deliver the internet directly to you, with less searching, less typing, and less decision fatigue. 

For the startup Humane, that vision includes the use of the company’s AI-powered, voice-operated wearable pin that clips to your clothes. By simply speaking to the AI pin, users can text a friend, discover the nutritional facts about food that sits directly in front of them, and even compare the prices of an item found in stores with the price online.

For a separate startup, Rabbit, that vision similarly relies on a small, attractive smart-concierge gadget, the R1. With the bright-orange slab designed in coordination by the company Teenage Engineering, users can hail an Uber to take them to the airport, play an album on Spotify, and put in a delivery order for dinner.

Away from physical devices, The Browser Company of New York is also experimenting with AI in its own web browser, Arc. In February, the company debuted its endeavor to create a “browser that browses for you” with a snazzy video that showed off Arc’s AI capabilities to create unique, individualized web pages in response to questions about recipes, dinner reservations, and more.

But all these small-scale projects, announced in the first month or so of 2024, had to make room a few months later for big-money interest from the first ever internet conglomerate of the world—Google. At the company’s annual Google I/O conference on May 14, VP and Head of Google Search Liz Reid pitched the audience on an AI-powered version of search in which “Google will do the Googling for you.”

Now, Reid said, even complex, multi-part questions can be answered directly within Google, with no need to click a website, evaluate its accuracy, or flip through its many pages to find the relevant information within.

This, it appears, could be the next phase of the internet… and our host David Ruiz has a lot to say about it.

Today, on the Lock and Code podcast, we bring back Director of Content Anna Brading and Cybersecurity Evangelist Mark Stockley to discuss AI-powered concierges, the value of human choice when so many small decisions could be taken away by AI, and, as explained by Stockley, whether the appeal of AI is not in finding the “best” vacation, recipe, or dinner reservation, but rather the best of anything for its user.

“It’s not there to tell you what the best chocolate chip cookie in the world is for everyone. It’s there to help you figure out what the best chocolate chip cookie is for you, on a Monday evening, when the weather’s hot, and you’re hungry.”

Tune in today to listen to the full conversation.

Show notes and credits:

Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 4.0 License
http://creativecommons.org/licenses/by/4.0/
Outro Music: “Good God” by Wowa (unminus.com)

Listen up—Malwarebytes doesn’t just talk cybersecurity, we provide it.

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being with our exclusive offer for Malwarebytes Premium for Lock and Code listeners.

This is not a joke: Google will now let you perform a “web” search. It’s rolling out “web” searches now, and in my early tests on desktop, it’s looking like it could be an incredibly popular change to Google’s search engine.

The optional setting filters out almost all the other blocks of content that Google crams into a search results page, leaving you with links and text — and Google confirms to The Verge that it will block the company’s new AI Overviews as well.

↫ Sean Hollister at The Verge

I hate what the web has become.

Apple and Google have rolled out a new mobile feature that warns users of unwanted trackers moving with them.

The post Unwanted Tracking Alerts Rolling Out to iOS, Android appeared first on SecurityWeek.

Google has patched another Chrome zero-day:

On Thursday, Google said an anonymous source notified it of the vulnerability. The vulnerability carries a severity rating of 8.8 out of 10. In response, Google said, it would be releasing versions 124.0.6367.201/.202 for macOS and Windows and 124.0.6367.201 for Linux in subsequent days.

“Google is aware that an exploit for CVE-2024-4671 exists in the wild,” the company said.

Google didn’t provide any other details about the exploit, such as what platforms were targeted, who was behind the exploit, or what they were using it for.

It’s a hell of a time to have a conscience if you work in tech. The ongoing Israeli assault on Gaza has brought the stakes of Silicon Valley’s military contracts into stark relief. Meanwhile, corporate leadership has embraced a no-politics-in-the-workplace policy enforced at the point of the knife.

Workers are caught in the middle. Do I take a stand and risk my job, my health insurance, my visa, my family’s home? Or do I ignore my suspicion that my work may be contributing to the murder of innocents on the other side of the world?  

No one can make that choice for you. But I can say with confidence born of experience that such choices can be more easily made if workers know what exactly the companies they work for are doing with militaries at home and abroad. And I also know this: those same companies themselves will never reveal this information unless they are forced to do so—or someone does it for them. 

For those who doubt that workers can make a difference in how trillion-dollar companies pursue their interests, I’m here to remind you that we’ve done it before. In 2017, I played a part in the successful #CancelMaven campaign that got Google to end its participation in Project Maven, a contract with the US Department of Defense to equip US military drones with artificial intelligence. I helped bring to light information that I saw as critically important and within the bounds of what anyone who worked for Google, or used its services, had a right to know. The information I released—about how Google had signed a contract with the DOD to put AI technology in drones and later tried to misrepresent the scope of that contract, which the company’s management had tried to keep from its staff and the general public—was a critical factor in pushing management to cancel the contract. As #CancelMaven became a rallying cry for the company’s staff and customers alike, it became impossible to ignore. 

Today a similar movement, organized under the banner of the coalition No Tech for Apartheid, is targeting Project Nimbus, a joint contract between Google and Amazon to provide cloud computing infrastructure and AI capabilities to the Israeli government and military. As of May 10, just over 97,000 people had signed its petition calling for an end to collaboration between Google, Amazon, and the Israeli military. I’m inspired by their efforts and dismayed by Google’s response. Earlier this month the company fired 50 workers it said had been involved in “disruptive activity” demanding transparency and accountability for Project Nimbus. Several were arrested. It was a decided overreach.  

Google is very different from the company it was seven years ago, and these firings are proof of that. Googlers today are facing off with a company that, in direct response to those earlier worker movements, has fortified itself against new demands. But every Death Star has its thermal exhaust port, and today Google has the same weakness it did back then: dozens if not hundreds of workers with access to information it wants to keep from becoming public. 

Not much is known about the Nimbus contract. It’s worth $1.2 billion and enlists Google and Amazon to provide wholesale cloud infrastructure and AI for the Israeli government and its ministry of defense. Some brave soul leaked a document to Time last month, providing evidence that Google and Israel negotiated an expansion of the contract as recently as March 27 of this year. We also know, from reporting by The Intercept, that Israeli weapons firms are required by government procurement guidelines to buy their cloud services from Google and Amazon. 

Leaks alone won’t bring an end to this contract. The #CancelMaven victory required a sustained focus over many months, with regular escalations, coordination with external academics and human rights organizations, and extensive internal organization and discipline. Having worked on the public policy and corporate comms teams at Google for a decade, I understood that its management does not care about one negative news cycle or even a few of them. Management buckled only after we were able to keep up the pressure and escalate our actions (leaking internal emails, reporting new info about the contract, etc.) for over six months. 

The No Tech for Apartheid campaign seems to have the necessary ingredients. If a strategically placed insider released information not otherwise known to the public about the Nimbus project, it could really increase the pressure on management to rethink its decision to get into bed with a military that’s currently overseeing mass killings of women and children.

My decision to leak was deeply personal and a long time in the making. It certainly wasn’t a spontaneous response to an op-ed, and I don’t presume to advise anyone currently at Google (or Amazon, Microsoft, Palantir, Anduril, or any of the growing list of companies peddling AI to militaries) to follow my example. 

However, if you’ve already decided to put your livelihood and freedom on the line, you should take steps to try to limit your risk. This whistleblower guide is helpful. You may even want to reach out to a lawyer before choosing to share information. 

In 2017, Google was nervous about how its military contracts might affect its public image. Back then, the company responded to our actions by defending the nature of the contract, insisting that its Project Maven work was strictly for reconnaissance and not for weapons targeting—conceding implicitly that helping to target drone strikes would be a bad thing. (An aside: Earlier this year the Pentagon confirmed that Project Maven, which is now a Palantir contract, had been used in targeting drone attacks in Yemen, Iraq, and Syria.) 

Today’s Google has wrapped its arms around the American flag, for good or ill. Yet despite this embrace of the US military, it doesn’t want to be seen as a company responsible for illegal killings. Today it maintains that the work it is doing as part of Project Nimbus “is not directed at highly sensitive, classified, or military workloads relevant to weapons or intelligence services.” At the same time, it asserts that there is no room for politics at the workplace and has fired those demanding transparency and accountability. This raises a question: If Google is doing nothing sensitive as part of the Nimbus contract, why is it firing workers who are insisting that the company reveal what work the contract actually entails?  

As you read this, AI is helping Israel annihilate Palestinians by expanding the list of possible targets beyond anything that could be compiled by a human intelligence effort, according to +972 Magazine. Some Israel Defense Forces insiders are even sounding the alarm, calling it a dangerous “mass assassination program.” The world has not yet grappled with the implications of the proliferation of AI weaponry, but that is the trajectory we are on. It’s clear that absent sufficient backlash, the tech industry will continue to push for military contracts. It’s equally clear that neither national governments nor the UN is currently willing to take a stand. 

It will take a movement. A document that clearly demonstrates Silicon Valley’s direct complicity in the assault on Gaza could be the spark. Until then, rest assured that tech companies will continue to make as much money as possible developing the deadliest weapons imaginable. 

William Fitzgerald is a founder and partner at the Worker Agency, an advocacy agency in California. Before setting the firm up in 2018, he spent a decade at Google working on its government relation and communications teams.

We’ve been on the lookout for the arrival of the ChromeOS App Mall for a few months now. First discovered back in March, the new App Mall is arriving to do one, simple task: put the apps users want in one place to be found a Chromebook.

While we have access to web apps, PWAs, Android apps and Linux apps on Chromebooks, it’s not always clear how to go about finding them. Should you install the web version or the Play Store version? Which Play Store apps install a PWA versus an Android app? Where should you go to find the right one for you?

↫ Robby Payne at Chrome Unboxed

ChromeOS definitely needs a more unified, single place to find applications, and this seems like exactly what’s happening here.