You're currently viewing a stripped down version of our content.
View the full version with proper formatting.
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14
Quote:AdGuard relaunches news digest
Please welcome our new digest!
As companies find more sophisticated ways to harvest and analyze user data, as governments seek more options to control people's online activities, it's becoming more and more important to keep your eye on the ball and understand what happens around. Awareness, inter alia, may help to raise your voice against controversial innovations just in time.
There were times when we published a monthly digest of industry news that had been covered in our blog, but it didn't catch on. Now we want to experiment with a weekly format. In today's article we collected the recent news from the industry of ad blocking, privacy protection, and Web security, which we consider worthy of your time — and also some of the older news that may have went past you back then but still retain their relevance today.
1. Should you go passwordless just yet?"Going passwordless is the next generation of account security", said Microsoft’s CEO Satya Nadella introducing the updated Microsoft Account. Users are offered to remove their password from their account and use "alternative sign-in methods like the Microsoft Authenticator App, physical security keys, and biometrics". If you trust Microsoft enough, you can give it a go.
Actually, people have been talking about a passwordless future for quite a few years by now. Press several times claimed that Google got rid of them: in 2019, in 2021… Yes, passwords are vulnerable and imperfect in so many ways; yes, people are bad at creating them, even worse at remembering them, absolutely awful at updating them and keeping them safe — but alternatives do not seem to be a better answer right now. At least we know nearly everything about password-related problems, but what exactly can go wrong with biometric authentification? A lot, supposedly, but we're just beginning to understand it. We suggest not to rush into passwordless future: we'd rather live for a little longer in the password-oriented present.
2. "Facebook Files" revealing all the dark secrets we already suspected aboutFolks at Wall Street Journal laid hands on some inner documents from Facebook and announced a series of revelatory articles based on these papers and interviews with employees. For all we know (and suspect) about Facebook, let's see if WSJ manages to surprise us and unveil something truly outrageous:- The media giant has built a system that exempts high-profile users from some or all of its rules. It shields millions of VIPs from the company's normal enforcement. Many of them abuse the privilege, posting material including harassment and incitement to violence that would typically lead to sanctions.
- Internal Facebook research showed that Instagram is harmful for a sizable percentage of youngsters, most notably teenage girls, more so than other social-media platforms. In public, Facebook has consistently played down the app's negative effects, including in comments to Congress, and hasn't made its research public or at least available to academics and lawmakers who have requested it. Facebook says the negative effects aren't widespread, and that some of the harmful aspects aren't easy to address.
- Facebook made a heralded change to its algorithm in 2018 designed to improve its platform — and arrest signs of declining user engagement. Staffers warned that the change was having the opposite effect. It was only making Facebook, and those who used it, angrier. Mr. Zuckerberg resisted some fixes proposed by his team because he worried they would lead people to interact with Facebook less.
- Facebook employees find and flag accounts of human traffickers and drug dealers, send alerts to their bosses about organ selling, pornography, and government action against political dissent. Yet nothing happens, nobody cares.
Interestingly (and promisingly), these issues are discussed inside Facebook, many people in the company are not happy with the current state of things and put its policies and practices under heavy criticism.
3. Just reminding you why ads are not goodAdvertising makes you unhappy. Plain and simple — a year and a half ago a research was published that showed exactly that. We doubt a lot has changed since.
Scientists matched the data on annual advertising spendings with what people said about being satisfied with their lives for 27 European countries and for the period of time from 1980 to 2011. Almost a million people had been surveyed, and an inverse connection had been found. The higher was ad spend in a country in any particular year, the less satisfied its citizens were a year or two after that. We all know how ads make us feel like we do not live up to some (artificially created) standards, not keeping up with the Joneses, miss out on something. Here is proof that it has roots in the very human nature, and this nature is being exploited by those who are too eager to sell no matter what.
4. You might be wrong about who's actually eavesdropping on youWe watch a growing consensus on the question of whether apps do secretly listen to your voice interactions with the outer world in order to target ads. People keep coming to the conclusion that they do not.
Yes, we ourselves have written about an experiment that seemed to confirm that the apps indeed do have ears — but apparently they do not after all. Oh no, that's not because the big companies behind those apps realized it was morally wrong — it's just they don’t find it necessary. Too much data to process, unprofitable. Then why do you see an ad of something you've just discussed with your spouse or a sibling offline but never once googled it? Probably because it's relevant to you, and smart robots have figured it out. Besides, probably it has something to do with the frequency illusion (that's a curious psychological phenomenon, give it a read). Algorithms just gathered enough data and processed it the right way to guess what you are discussing even before you express your interest in any action (or in an action you have noticed).
On the other hand, yes, you are being eavesdropped on when you don't expect it. The research found that voice assistants are often triggered by words that just sound like their names or documented commands. And of course, they record what they hear and send the logs to their mother servers to be analyzed and used to improve the techcnology performance, often with the participation of human contractors.
So if you are bothered that someone may be listening to you, your primary concern is the companies that already confess they do.
Please let us know if you like this new format and if you'd like to change anything about it. We'll try to keep it going consistently and to supply you with the most important and interesting news of the week — as well as an odd piece or two about older events that still stay relevant today.
...
Continue Reading
Quote:There is no such thing as balance when it comes to security: discussing the EU's contentious stance on encryptionFirst off, congratulations.
We've won. Well, kind of. Apple officially delayed the implementation of CSAM initiative. The company's statement to the press was in its diplomatically nebulous fashion, but we can dare say, CSAM detection in the way it had been introduced to us was canceled.
Quote:Last month we announced plans for features intended to help protect children from predators who use communication tools to recruit and exploit them, and limit the spread of Child Sexual Abuse Material. Based on feedback from customers, advocacy groups, researchers and others, we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features.
Common sense has prevailed. For now.
How much "additional time" — not specified (though certainly not less than "several months"), what "improvements" — not specified either. And no speculations here, as Apple had described the CSAM detection algorithm as almost perfect and flawless, so who knows what they are going to improve.
Everybody was against it. Consumers, activists, human rights advocates, technology and privacy experts, including us. Now we know that we are not just some privacy fetishists, we had our point: CSAM detection had been loaded by risks, threats, and abuse potential.
Of course, it helped a lot that Apple had a big upcoming event this September. A new iPhone was to be announced, and it had been no good to announce it stuffed with a collection of child porn, even if it looked like a bunch of hashes.
Interim steps for terminal disaster
But not only commercial companies try to get us rid of privacy by appealing to child protection. Governments and international regulatory bodies do it too, and they are not bound by the necessity to think about their profits and balance between gathering more information or gaining control over people, and not scaring customers away.
This summer the European Parliament approved a "temporary regulation" that allows commercial companies that host web-based services to scan users' communications for signs of child abuse without becoming privacy laws violators (specifically, not to risk breaking GDPR rules).
Quote:The results showed that 537 members of European Parliament (MEPs) voted in favor of the bill, with 133 against and 24 abstaining. Despite the result, European lawmakers warned that the rules are "legally flawed" and could crumble in front of a court.
MEPs also decried the pressure they were under to approve the bill, calling it "moral blackmail", the press reported.
"Whenever we asked critical questions about the legislative proposals, immediately the suggestion was created that I wasn't sufficiently committed to fighting child sexual abuse," Dutch MEP Sophia in ‘t Veld said a day before the vote.
So it won't be any EU officials to monitor EU users' messages and emails for illegal content (there also had been audio messages in the first edition of the bill, they were omitted in the final one). It would be the commercial companies, service providers that can't fight the desire to protect kids. The initiative had belonged to the European Commission, and the Parliament passed the bill unusually quickly.
The Parliament tried hard to deliver their position via the media. "Service providers should use the least privacy-intrusive technologies possible", they assure us.
Do we believe them? Hm.
Not much is explained about how exactly the monitoring is designed and implemented. "Online material linked to child sexual abuse is detected using specific technologies that scan content, such as images and text, or traffic data. While hashing technology helps with images and videos, classifiers and artificial intelligence are used to analyze text or traffic data to detect cyber grooming". — clearly, it's left up to the companies to decide the specifics, and the implementations may vary significantly.
The worst of all
The new approach to child protection threatens the very existence of encrypted messaging. Back in May, when Facebook announced its plans to add encryption to the Messenger app, the European Commission warned it that this move would turn the social network into "a haven for the pedophiles".
The new rules will be in action for three years. And the permanent legislation that is now being developed to replace them raises even more concerns. Firstly, it demands that encryption technologies allow scanning texts, images, videos in messages, chats, and emails. Secondly, it implies monitoring not only pornography or abuse, but also grooming — the process of building relationships with children in order to exploit them. This is a quite vague definition, and questions are being asked on whether robots would be able to detect it correctly.
Thirdly, now companies scan for child abuse volunteerly, new laws will make it mandatory.
United Europe divides over encryption
The good news is, officials all over the world have been trying to dig under encrypted messaging for quite a long time by now, but haven't yet found a way to rob us of it. They know all too well it would result in massive outrage and in migration of the actual criminal activity into darknet or less known platforms that are under the radar of regulators. They do not want to kill WhatsApp or even Telegram.
Besides, a united Europe doesn't look so much united when it comes to the opinion on encryption. Privacy is advertised as one of the main values of the European culture and politics. But child protection and the fight against terrorism are as well! No wonder there are signs of some regulatory schizophrenia. Just a few examples:
2017: "A European Parliament committee is proposing that end-to-end encryption be enforced on all forms of digital communications to protect citizens", BBC reports.
2020: "The terrorist attack in Vienna is used in the EU Council of Ministers to enforce a ban on secure encryption for services such as WhatsApp, Signal and many others in the rapid-boiling process. This emerges from an internal document dated November 6th from the German Council Presidency to the delegations of the member states in the Council", directly contradicting the previous statement.
2021: The proposal called for the creation of a "balance" between "security through encryption and despite encryption". The proposal called on EU member states to "join forces with the tech industry" to jointly create this balance, and to define and establish a regulatory framework as well as innovative approaches and best practices to respond to these challenges.
The last sentence of the quote above sounds like a plan for the next 30 years or so. EU institutions usually don't work very fast, especially when there is no consensus between them and with the nation.
...
Continue Reading
Quote:Objects in Manifest V3 are closer than they appear — and it's not good news
Finally, we have a timeline for the inevitable doomsday. Google clarified the timeline for introducing Manifest V3. January 2022 will mark the end of all new Chrome browser extension submissions that still employ Manifest V2, and after January 2023 these extensions will stop working, period.
What is MV3 and how bad is it?
For those out of the loop: Manifest V3 is a name for the new upcoming browser extension API, essentially a large set of changes that will determine the next generation of Chrome browser extensions. We've already mentioned Manifest V3 in our blog a few times, and rarely in a positive way. The goal, as it's stated by Google developers, is to "make extensions more secure, as well as performant". Security concerns are always listed as one of the main reasons behind Manifest V3, with claims that Chrome browser extensions possess too much browser and activity access. Which is not false — extensions indeed can do quite powerful stuff, and not always to the benefit of their user. But is dumbing them down a proper solution?
Unfortunately, this "dumbing down" is bound to commence. Chrome devs decided to solve the security problem by stripping extensions of access rights to web requests and, therefore, of many useful capabilities. Nearly all browser extensions as you know them today will be affected in some way: the more lucky ones will "only" experience problems, some will get crippled, and some will literally cease to exist. Where's AdGuard ad blocker extension on this scale of digital punishment?
Manifest V3 and AdGuard
First of all, let us tell you about our immediate plans. We're currently overhauling the entire thing in order to move it to a new, better filtering engine. The first beta version is coming very soon, but it's not too late to join the fun: just install our beta Chrome extension. On a sad note, it will be rendered useless for users of Chromium-based browsers after January 2023. All the benefits will remain for other browsers' users to enjoy, though. -based browsersAnd if you're a user of an AdGuard desktop or mobile app, why are you even reading this? You're completely fine and have nothing to worry about.
Second of all, in aticipation of Manifest V3 we're already working on a prototype for the new ad blocker extension, and let me tell you — it's hard. Manifest V3 is still raw, some things just don't yet work the way they were designed to. But we'll manage, as we always do, so hopefully you'll be able to compare the quality of the old and the new extensions soon. Will it become worse? Almost undeniably, but not by too much. The real victims in this transition are filter developers — most filter lists are maintained by single developers, who more often than not work on filters for free in their spare time. It will be not feasible for many of them to single-handedly rework the entire list to match the Manifest V3 requirements. We already discussed this threat in one of our previous articles.
What'll happen after 2023? Our bet is that Firefox will keep extensions made with Manifest V2 in their store, for a while at least. There probably is a point somewhere in the future when Mozilla will move to something else, whatever it will turn out to be. And the rest of the Chromium-based browsers will start migrating to Manifest V3. Even the ones that express their readiness to stick to MV2 and support backwards compatibility won't be able to do that forever.
There is a small ray of hope represented by the W3C workgroup, where browser and browser extension developers discuss all kinds of possible improvements.
At the very least it provides a feeling of being listened to and heard, but such things rarely work fast. It's unclear when we'll see any real positive changes.
Meanwhile, our advice is to go and block some ads — you never know when you'll get deprived of this opportunity.
...
Continue Reading
Quote:AdGuard for Windows version 7.8 from December 16, 2021
We once again reviewed GitHub repo and realized that we had been working for almost six months on version 7.7. And less than two months on version 7.8.
Yes, there were fewer tasks in this version, but we did a good job on improving everything: Browsing Security, network drivers, CoreLibs and DNSLibs, other minor features, and – hopefully – your user experience.
[Enhancement] Browsing Security
Browsing Security is a module that blocks requests to malicious and phishing websites. You might have seen a nice looking banner caringly stating "AdGuard has blocked access to this page": that's what Browsing Security does. Now it's working a way better: requests for information about malicious domains are not sent to a server, but to a periodically updated database stored locally on your computer. This is faster and safer.
[Enhancement] WFP and TDI network drivers
We've also updated and enhanced our network drivers for Windows – WFP and TDI. Both have been helpful, among other things, to improve compatibility with other applications.
Other good stuff
And of course, there is no release without updating CoreLibs, our main filtering engine, and DNSLibs. Meet their new versions: more flexible, more powerful. As always: minor bugs have been fixed. As always: perfection has no limits.
Hope that your holidays will be safer with AdGuard.
Quote:It's time to release AdGuard v3.6.5 for Android. The biggest thing about this version is the enhanced Browsing Security module which now blocks requests to malicious and phishing sites better and faster! No less important point is that we’ve updated CoreLibs and DNSLibs to make the app perform more reliably, and fixed various minor bugs. Hope you will enjoy AdGuard v3.6.5 for Android!- [Enhancement] Enhanced Browsing Security module
With the implementation of new Safe Browsing API v2, Browsing Security module responsible for blocking requests to malicious and phishing sites has become more effective. The upgraded version of this module makes browsing the Internet safer than ever and leaves no chance for the malicious code to be executed.
Changelog- [Fixed] Keenetic app compatibility issue with AdGuard #4035
- [Fixed] Cosmote Greek carrier VoWiFi blocking #3821
- [Enhancement] Add 360 browser to the list of browsers #4040
- [Enhancement] Updated CoreLibs to v1.8.274 #4061
- [Enhancement] Updated DnsLibs to v1.6.70 #4051
Quote:AdGuard v2.7 for Mac released
Enhanced Browsing Security module and other improvements
Christmas is almost here and AdGuard has brought you a small gift, just to turn your holiday mood mode on! Unwrap AdGuard v2.7 for Mac and enjoy the enhanced Browsing Security module, social login for license activation, option to choose filter update check period, and some other improvements! Let's take a closer look at all the new (or updated) features implemented in this release.
More effective Browsing Security module
Now, thanks to the upgraded Browsing Security module, the Internet will become a safer space! We’ve worked hard to enhance this mechanism which is responsible for blocking requests to malicious and phishing sites — and we’ve succeeded!
Previously, AdGuard searched an online database of known malware sites to verify the security of the pages you visited. This process would always take some time, which could be enough to execute the malicious code.
With the implementation of the new Safe Browsing API v2, AdGuard does lookups offline (and contacts the server from time to time to update the database), so it can immediately block a harmful site, giving you the highest level of protection.
Read more about how the Browsing Security module works in our knowledge base.
Social login for license activation
To activate a valid AdGuard license on your device, you need to log in to your account. Just open the app on your Mac and enter your username and password. Don't feel like typing? Not a problem: you can now use social login and sign in to your AdGuard account via Google, Facebook, or Apple account if the same email address was used for registration. Just click the icon and your AdGuard license will be automatically activated on your device.
Add option to choose filter update check period
This long-awaited feature is finally here! Now you can choose how often AdGuard will check for filter updates (or you can do it manually, as before).
There were no other significant changes. Just to mention, we’ve also updated CoreLibs and DNSLibs to make the app perform more reliably and to implement new filtering functionality, and fixed various minor bugs. Hope that you'll like the new version.
As always, the complete list of changes can be seen on GitHub.
Quote:AdGuard v4.3 for iOS: the new era in Safari ad blocking
In iOS 15 Apple has added the support for so-called Safari Web Extensions. This is truly a revolutionary change, no need to tone it down. Safari has become the first iOS browser to support browser extensions that we all know and love. Yes, the extensions in Safari are somewhat limited in their capabilities compared to their desktop counterparts, but it should not take away from Apple and the team that worked on this innovation.
What it means for you
Ok, but how will this change impact AdGuard ad blocker? After all, AdGuard uses Content Blocking API to block ads in Safari that — or rather, has been using it up until now. Web Extensions open the door to a completely new world filled with new opportunities.
The thing is, due to their "declarative" nature regular content blocking rules are quite narrow in terms of what you can achieve with them. The obvious example is blocking YouTube ads in Safari: it's a hard and non-trivial task, up to the point that we had had to add a special shortcut that needed to be prompted manually every time you opened YouTube.
Forget about that like it's never happened. We added a new module to AdGuard called "Advanced Protection", and it's called like that for a reason. It takes advantage of, well, advanced filtering rules (like CSS rules, selectors, and scriptlets) and therefore can deal even with the complex ads, like the aforementioned YouTube variety. And it will do so without any manual input. It just works!
This is one of the biggest level-ups in the history of AdGuard for iOS. Web extensions open so many new avenues, we actually felt like a kid in a candy shop.
Hopefully, you share our enthusiasm! So what are you waiting for? Go and show them ads who's boss! The update is already available in the app, or you can download AdGuard for iOS anew from the AppStore.
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14