Category: browsers

Auto Added by WPeMatico

Exploiting Mistyped URLs

Posted on By infossl
academic papers, browsers, Security technology, Uncategorized

Interesting research: “Hyperlink Hijacking: Exploiting Erroneous URL Links to Phantom Domains“: Abstract: Web users often follow hyperlinks hastily, expecting them to be correctly programmed. However, it is possible those links contain typos or other mistakes. By discovering active but erroneous hyperlinks, a malicious actor can spoof a website or service, impersonating the expected content and … Read More “Exploiting Mistyped URLs” »

Class-Action Lawsuit against Google’s Incognito Mode

Posted on By infossl
browsers, courts, data collection, google, Security technology, Uncategorized

The lawsuit has been settled: Google has agreed to delete “billions of data records” the company collected while users browsed the web using Incognito mode, according to documents filed in federal court in San Francisco on Monday. The agreement, part of a settlement in a class action lawsuit filed in 2020, caps off years of … Read More “Class-Action Lawsuit against Google’s Incognito Mode” »

An Untrustworthy TLS Certificate in Browsers

Posted on By infossl
browsers, certificates, Security technology, tls, trust, Uncategorized

The major browsers natively trust a whole bunch of certificate authorities, and some of them are really sketchy: Google’s Chrome, Apple’s Safari, nonprofit Firefox and others allow the company, TrustCor Systems, to act as what’s known as a root certificate authority, a powerful spot in the internet’s infrastructure that guarantees websites are not fake, guiding … Read More “An Untrustworthy TLS Certificate in Browsers” »

Leaking Passwords through the Spellchecker

Posted on By infossl
browsers, data protection, leaks, passwords, Security technology, Uncategorized

Sometimes browser spellcheckers leak passwords: When using major web browsers like Chrome and Edge, your form data is transmitted to Google and Microsoft, respectively, should enhanced spellcheck features be enabled. Depending on the website you visit, the form data may itself include PII­—including but not limited to Social Security Numbers (SSNs)/Social Insurance Numbers (SINs), name, … Read More “Leaking Passwords through the Spellchecker” »

Facebook Is Now Encrypting Links to Prevent URL Stripping

Posted on By infossl
browsers, encryption, facebook, Security technology, tracking, Uncategorized

Some sites, including Facebook, add parameters to the web address for tracking purposes. These parameters have no functionality that is relevant to the user, but sites rely on them to track users across pages and properties. Mozilla introduced support for URL stripping in Firefox 102, which it launched in June 2022. Firefox removes tracking parameters … Read More “Facebook Is Now Encrypting Links to Prevent URL Stripping” »

Is Microsoft Stealing People’s Bookmarks?

Posted on By infossl
browsers, microsoft, privacy, Security technology, Uncategorized, web privacy

I received email from two people who told me that Microsoft Edge enabled synching without warning or consent, which means that Microsoft sucked up all of their bookmarks. Of course they can turn synching off, but it’s too late. Has this happened to anyone else, or was this user error of some sort? If this … Read More “Is Microsoft Stealing People’s Bookmarks?” »

Browser Tracking Using Favicons

Posted on By infossl
academic papers, browsers, Security technology, tracking, Uncategorized

Interesting research on persistent web tracking using favicons. (For those who don’t know, favicons are those tiny icons that appear in browser tabs next to the page name.) Abstract: The privacy threats of online tracking have garnered considerable attention in recent years from researchers and practitioners alike. This has resulted in users becoming more privacy-cautious … Read More “Browser Tracking Using Favicons” »

Firefox Enables DNS over HTTPS

Posted on By infossl
browsers, childpornography, dns, firefox, https, mozilla, Security technology, securityengineering, terrorism

This is good news: Whenever you visit a website — even if it’s HTTPS enabled — the DNS query that converts the web address into an IP address that computers can read is usually unencrypted. DNS-over-HTTPS, or DoH, encrypts the request so that it can’t be intercepted or hijacked in order to send a user … Read More “Firefox Enables DNS over HTTPS” »

New Ways to Track Internet Browsing

Posted on By infossl
browsers, cookies, Security technology, tracking, web, webprivacy

Interesting research on web tracking: “Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies: Abstract: Nowadays, cookies are the most prominent mechanism to identify and authenticate users on the Internet. Although protected by the Same Origin Policy, popular browsers include cookies in all requests, even when these are cross-site. Unfortunately, these … Read More “New Ways to Track Internet Browsing” »