Google to Use Page Speed as Ranking Factor for Mobile Search

Found on eWEEK on Thursday, 18 January 2018
Browse Internet

Generally, websites with fast loading pages will get a higher ranking in search results than those of the same quality content but with slower page speeds. Google will apply the speed-ranking factor to all mobile pages regardless of the technology used to build the page.

More recently, the company began rolling out mobile-first indexing under which it has begun using the mobile version of a website's content first when indexing pages for search. Prior to the shift, Google's search engine crawlers looked at the desktop content first for site indexing.

Google needs to treat all versions of a website equally; websites need to load fast on mobile and desktop devices. That should make webmasters think before adding tons of external resources; some websites come with several dozens of trackers, and once you turn off Javascript those pages load an order of magnitude faster.

HTML5 may as well stand for Hey, Track Me Longtime 5. Ads can use it to fingerprint netizens

Found on The Register on Wednesday, 17 January 2018
Browse Internet

HTML5 is a boon for unscrupulous web advertising networks, which can use the markup language's features to build up detailed fingerprints of individual netizens without their knowledge or consent.

But what’s needed is a fundamental rethink, with features that ensure tracking-free browsing, just as private browsing doesn’t record session data on a local workstation. Some kind of warning, similar to the HTTPS icon, would also be useful.

Leaving tracking unpatched will end up as a risk for every Internet user.

Facebook Now Prioritizing Friends' Posts Over News Items

Found on eWEEK on Friday, 12 January 2018
Browse Internet

The social network will use its analytics to publish on an automated basis what it assumes its users would rather see; for example, a post about a friend’s trip to Italy will get preferential treatment over, say, a coupon from The Gap or a Wall Street Journal news item about a change in U.S. immigration policy.

Thus, the social network is now more heavily pre-editing the information it presents to you. It has done this previously but ranked news items from businesses, brands and media outlets in a more evenly distributed fashion with items from friends and family members.

Yes, your little social bubble just got even smaller.

FBI says it can't unlock 8,000 encrypted devices, demands backdoors for America's 'public safety'

Found on The Register on Tuesday, 09 January 2018
Browse Internet

Speaking at the International Conference on Cyber Security in New York today, Wray complained that in the past year the Feds have seized 7,775 devices that they can't unlock and decrypt. He said the situation was ridiculous, and called on the technology industry to find a solution.

What Wray wants is a secure form of encryption that contains a flaw that only law enforcement can find and exploit. Trouble is, scumbags will no doubt find and leverage it, too.

Good luck with that. That's not how it works, and a "flaw" like that will never exist.

WhatsApp rings in the New Year with global outage

Found on Venturebeat on Monday, 01 January 2018
Browse Internet

The crowdsourced website DownDetector found the largest concentration of outages in portions of England, Germany, and virtually all of the Netherlands, as well as parts of Italy, Spain, and Central Europe.

Outages were also reported in many major cities around the world, from Rio de Janeiro to Kuala Lumpur, Tel Aviv, Dubai, Mumbai, and Toronto.

A really good start for 2018.

Web Trackers Exploit Flaw in Browser Login Managers to Steal Usernames

Found on Bleeping Computer on Thursday, 28 December 2017
Browse Internet

This type of abusive behavior is possible because of a design flaw in the login managers included with all browsers, login managers that allow browsers to remember a user's username and password for specific sites and auto-insert it in login fields when the user visits that site again.

Princeton researchers say they recently found two web tracking services that utilize hidden login forms to collect login information.

Letting the browser store all your passwords has never been a good idea because it opens you to all sorts of attacks, not to mention that, in case you mess up your profile, you're in a world of tears. The first thing to do after a browser install is to disable its password manager so you are not at the risk of being tracked and having your login information stolen.

How Email Open Tracking Quietly Took Over the Web

Found on Wired on Monday, 11 December 2017
Browse Internet

The tech is pretty simple. Tracking clients embed a line of code in the body of an email—usually in a 1x1 pixel image, so tiny it's invisible, but also in elements like hyperlinks and custom fonts. When a recipient opens the email, the tracking client recognizes that pixel has been downloaded, as well as where and on what device.

According to OMC's data, a full 19 percent of all “conversational” email is now tracked. That’s one in five of the emails you get from your friends. And you probably never noticed.

Every email client should block the loading of remote content by default; it has been abused by spammers for well over a decade now. Displaying email as plain text rather than ugly html also serves its purpose.

Keylogger Found on Nearly 5,500 Infected WordPress Sites

Found on Bleeping Computer on Thursday, 07 December 2017
Browse Internet

The malicious script is being loaded from the "" domain, which is not affiliated with Cloudflare in any way, and logs anything that users type inside form fields as soon as the user switches away from an input field.

The script is also dangerous when left to run on the frontend. While on most WordPress sites the only place it could steal user data is from comment fields, some WordPress sites are configured to run as online stores. In these instances, attackers can log credit card data and personal user details.

It does not appear to be much different than those other plugins which send all your interaction to remote servers, so some marketing companies can replay your browser session,

WebAssembly Will Finally Let You Run High-Performance Applications in Your Browser

Found on IEEE on Sunday, 03 December 2017
Browse Internet

Imagine that all your programs and data were stored in the cloud and that even computationally intensive applications like multimedia editing ran just as well in your browser as they would if they had been installed locally.

Looking back to the original dream of allowing the Web to run all manner of programs just as well as if they had been installed locally, my colleagues and I can see there is still a lot of work left to do. But with WebAssembly, we’re happy to be one giant step closer to that goal.

Javascript is already bad enough because naturally, it is abused to shovel all sorts of malware and advertisments onto the user's browser. Many websites load noteably faster with Javascript disabled (and are even better to navigate). Now imagine unsigned, random binaries running inside your browser. At least for now there are solutions like javascript.options.wasm and javascript.enabled.

Facebook’s New Captcha Test: 'Upload A Clear Photo of Your Face'

Found on Wired on Wednesday, 29 November 2017
Browse Internet

According to a screenshot of the identity test shared on Twitter on Tuesday and verified by Facebook, the prompt says: “Please upload a photo of yourself that clearly shows your face. We’ll check it and then permanently delete it from our servers.”

“You Can’t Log In Right Now. We’ll get in touch with you after we’ve reviewed your photo. You’ll now be logged out of Facebook as a security precaution.”

Just about three weeks ago, the same company asked users to upload their private porn; and now they want clear shots of your face. What a "coincidence"...