Hotstar, India's largest video streaming service with more than 300 million users, disabled support for Apple's Safari web browser last week to mitigate a security flaw that allowed unauthorized usage of its platform, TechCrunch reports, citing sources. From the report: As users began to complain about not being able to use Hotstar on Safari, the company's official support account asserted that "technical limitations" on Apple's part were the bottleneck. "These limitations have been from Safari; there is very little we can do on this," the account tweeted Friday evening. Sources at Hotstar told TechCrunch that this was not an accurate description of the event. Instead, company's engineers had identified a security hole that was being exploited by unauthorized users to access and distribute Hotstar's content -- including the premium catalog. Hotstar, which assumes the global record for most concurrent views on a live event, is operated by Star India, a media conglomerate in India that was part of 20th Century Fox that Disney acquired earlier this year.

An anonymous reader quotes a report from Ars Technica: iOS 13 will introduce Dark Mode to iPhones, iPads, and iPods for the first time. Apple brought Dark Mode to Macs via macOS Mojave last year, to much fanfare. As was the case there, Dark Mode doesn't actually change anything about the interface -- just the aesthetics. Apple showed Dark Mode running on the company's first-party apps for news, calendar, messages, and more. Dark Mode may also save battery life on devices with emissive OLED displays -- savings like that were discovered in our own tests comparing Android devices with LCD and OLED displays. But we'll have to test the new OS to be sure.

Every iOS update brings changes to key apps made by Apple itself, and most of the apps included with a new installation of iOS have seen some changes. Mail now allows you to mute certain conversations. Maps has a new, easier way of accessing saved locations. The upgrade to Apple Maps will bring far more detail to the overhead view of roads and landmarks, with this rolling out to the entire United States by the end of 2019 and "select countries" next year. Reminders has seen a ground-up interface overhaul, with natural-language processing similar to what's seen in third-party apps -- you'll be able to type the relevant details and Reminders will understand when and where the reminder should be set for. Apple is also adding a swipe-typing ability to its iOS keyboard for the first time, replicating something that has been available in third-party keyboards for years. Notes will have a new gallery view and support for shared folders. Safari will have new options to change text sizing, with per-website settings. The iPad's multitasking UI has also been overhauled, bringing a new window-based experience and an easier way to switch between apps in Slide Over mode. You'll also be able to plug thumb drives into newer iPads with USB-C.

Onstage at WWDC, Apple announced that iPad's software will now exist inside its own vertical OS. The new iPadOS doesn't look dramatically different from iOS 12, but the name change undoubtedly makes it easier for Apple to introduce functionality to iPads that won't exist in any capacity on the iPhone. Here's is the list of features it offers: 1. Chances are the best update is that desktop sites are now the default in Safari, hallelujah!!
2. You'll be able to bring widgets to the home screen that are just a swipe away. You'll also be able to fit more app icons on each screen.
3. Changes in iPadOS include an update to the Files app which will allow you share folders in iCloud drive, there's a new column view and you'll be able to grab files from USB-C flash drives.
4. You'll be able to bring up multiple windows of the same app, which wasn't previously possible and there are a lot of small interface changes that make it easier to multi-task with your larger screen real estate.
5. Apple Pencil latency is dropping from 20ms to 9ms, Apple is bringing a PencilKit developer API so that third-party app developers can integrate some new controls.

An anonymous reader quotes a report from Thurrott: Microsoft started testing a new Microsoft Edge browser based on Chromium a little while ago. The company has been releasing new canary and dev builds for the browser over the last few weeks, and the preview is actually really great. But if you watch YouTube quite a lot, you will face a new problem on the new Edge. It turns out, Google has randomly disabled the modern YouTube experience for users of the new Microsoft Edge. Users are now redirected to the old YouTube experience, which lacks the modern design as well as the dark theme for YouTube, as first spotted by Gustave Monce. And when you try to manually access the new YouTube from youtube.com/new, YouTube simply asks users to download Google Chrome, stating that the Edge browser isn't supported. Ironically, the same page states "We support the latest versions of Chrome, Firefox, Opera, Safari, and Edge." The change affects the latest versions of Microsoft Edge Canary and Dev channels. It is worth noting that the classic Microsoft Edge based on EdgeHTML continues to work fine with the modern YouTube experience.

Few home-grown Google products have been as successful as Chrome. Launched in 2008, it has more than 63% of the market and about 70% on desktop computers, according to StatCounter data. Mozilla's Firefox is far behind, while Apple's Safari is the default browser for iPhones. Microsoft's Internet Explorer and Edge browsers are punchlines. From a report: Google won by offering consumers a fast, customizable browser for free, while embracing open web standards. Now that Chrome is the clear leader, it controls how the standards are set. That's sparking concern Google is using the browser and its Chromium open-source underpinnings to elbow out online competitors and tilt entire industries in its favor. Most major browsers are now built on the Chromium software code base that Google maintains. Opera, an indie browser that's been used by techies for years, swapped its code base for Chromium in 2013. Even Microsoft is making the switch this year. That creates a snowball effect, where fewer web developers build for niche browsers, leading those browsers to switch over to Chromium to avoid getting left behind.

This leaves Chrome's competitors relying on Google employees who do most of the work to keep Chromium software code up to date. Chromium is open source, so anyone can suggest changes to it, but the majority of programmers who approve contributions are Google employees, and any major disagreements get settled by a small circle of senior Google employees. Chrome is so ascendant these days that web developers often don't bother to test their sites on competing browsers. Google services including YouTube, Docs and Gmail sometimes don't work as well on rival browsers, sending frustrated users to Chrome. Instead of just another ship slicing through the sea of the web, Chrome is becoming the ocean.

An anonymous reader writes: For more than a year, mobile browsers like Google Chrome, Firefox, and Safari failed to show any phishing warnings to users, according to a research paper published this week. "We identified a gaping hole in the protection of top mobile web browsers," the research team said. "Shockingly, mobile Chrome, Safari, and Firefox failed to show any blacklist warnings between mid-2017 and late 2018 despite the presence of security settings that implied blacklist protection." The issue only impacted mobile browsers that sued the Google Safe Browsing link blacklisting technology. The research team -- consisting of academics from Arizona State University and PayPal staff -- notified Google of the problem, and the issue was fixed in late 2018. "Following our disclosure, we learned that the inconsistency in mobile GSB blacklisting was due to the transition to a new mobile API designed to optimize data usage, which ultimately did not function as intended," researchers said.

Google is set to launch new tools to limit the use of tracking cookies, a move that could strengthen the search giant's advertising dominance and deal a blow to other digital-marketing companies, WSJ reported Monday, citing people familiar with the matter. [Editor's note: the link may be paywalled; alternative source.] From the report: After years of internal debate, Google could as soon as this week roll out a dashboard-like function in its Chrome browser that will give internet users more information about what cookies are tracking them and offer options to fend them off, the people said. This is a more incremental approach than less-popular browsers, such as Apple's Safari and Mozilla's Firefox, which introduced updates to restrict by default the majority of tracking cookies in 2017 and 2018, respectively. Google's move, which could be announced at its developer conference in Mountain View, Calif., starting Tuesday, is expected to be touted as part of the company's commitment to privacy -- a complicated sell, given the torrent of data it continues to store on users -- and press its sizable advantage over online-advertising rivals.

tedlistens writes: One of the most common techniques people think can help hide their activity is the use of an "incognito" mode in a browser," writes Michael Grothaus at Fast Company. But "despite what most people assume, incognito modes are primarily built to block traces of your online activity being left on your computer -- not the web. Just because you are using incognito mode, that doesn't mean your ISP and sites like Google, Facebook, and Amazon can't track your activity."

However, there's still a way to brew your own, safer "incognito mode." It's called browser compartmentalization. Grothaus writes: "The technique sees users using two or even three browsers on the same computer. However, instead of switching between browsers at random, users of browser compartmentalization dedicate one browser to one type of internet activity, and another browser to another type of internet activity.
Specifically, the article recommends one browser for sites you need to log into, and another for random web surfing and any web searches. "By splitting up your web activity between two browsers, you'll obtain the utmost privacy and anonymity possible without sacrificing convenience or the ease of use of the websites you need to log in to." It recommends choosing a privacy-focused browser like Brave, Firefox, Apple's Safari, or Microsoft's Edge. "As for Chrome: It's made by Google, whose sole aim is to know everything you do online, so it's probably best to stay away from Chrome if you value your privacy."

The article is part of a series titled "The Privacy Divide," which explores "misconceptions, disparities, and paradoxes that have developed around our privacy and its broader impacts on society."

9to5Mac has learned of several new features expected to be included in iOS 13. From the report: Dark Mode: There will be a system-wide Dark Mode that can be enabled in Settings, including a high contrast version, similar to what's already available on macOS. Speaking of macOS, iPad apps that run on the Mac using Marzipan will finally take advantage of the Dark Mode support on both systems.
Multitasking: There are many changes coming to iPad with iOS 13, including the ability for apps to have multiple windows. Each window will also be able to contain sheets that are initially attached to a portion of the screen, but can be detached with a drag gesture, becoming a card that can be moved around freely, similar to what an open-source project called "PanelKit" could do. These cards can also be stacked on top of each other, and use a depth effect to indicate which cards are on top and which are on the bottom. Cards can be flung away to dismiss them.
Undo gesture: With iOS 13, Apple is introducing a new standard undo gesture for text input on the iPad. The gesture starts as a three-finger tap on the keyboard area, sliding left and right allows the user to undo and redo actions interactively.
Safari improvements: Safari on iOS 13 for the iPad will automatically ask for a desktop version of websites when necessary, preventing a common issue where websites will render their iPhone version even when running on an iPad with a big screen. YouTube is notorious for this behavior, forcing users to rely on a 'Request Desktop Site' button.
Font management: Font management is getting a major upgrade on iOS 13. It will not be necessary to install a profile to get new fonts into the system anymore. Instead there will be a new font management panel in Settings. A new standard font picker component will be available for developers and the system will notify the user when they open a document that has missing fonts.
Smarter Mail: The upgraded Mail app will be able to organize messages into categories such as marketing, purchases, travel, "not important" and more, with the categories being searchable. Users will also be able to add messages to a "read later" queue similar to third-party email apps. Improved multiple item selection: The focus on productivity on iOS continues with the inclusion of new gestures to allow for the selection of multiple items in table views and collection views, which make up for most of the user interfaces found in apps that list large amounts of data. Users will be able to drag with multiple fingers on a list or collection of items to draw a selection, similar to clicking and dragging in Finder on the Mac.
New Volume HUD and other changes: Other features to come with iOS 13 include a redesigned Reminders app, which is also coming to the Mac, a new volume HUD, better "Hey Siri" rejection for common mistaken noises such as laughter and crying babies, better multilingual support for keyboards and dictation, and expanded in-app printing controls. Apple is expected to officially unveil the next major iPhone and iPad OS at its annual Worldwide Developers Conference on June 3rd.

It's a browser feature few users will have heard of, but forthcoming versions of Chrome, Safari and Opera are in the process of removing the ability to disable a long-ignored tracking feature called hyperlink auditing pings. From a report: This is a long-established HTML feature that's set as an attribute -- the ping variable -- which turns a link into a URL that can be tracked by website owners or advertisers to monitor what users are clicking on. When a user follows a link set up to work like this, an HTTP POST ping is sent to a second URL which records this interaction without revealing to the user that this has happened. It's only one of several ways users can be tracked, of course, but it's long bothered privacy experts, which is why third-party adblockers often include it on their block list by default.

Until now, an even simpler way to block these pings has been through the browser itself, which in the case of Chrome, Safari and Opera is done by setting a flag (in Chrome you type chrome://flags and set hyperlink auditing to 'disabled'). Notice, however, that these browsers still allow hyperlink auditing by default, which means users would need to know about this setting to change that. It seems that very few do.

x_t0ken_407 quotes BleepingComputer: A HTML standard called hyperlink auditing that allows sites to track link clicks is enabled by default on Safari, Chrome, Opera, and Microsoft Edge, but will soon have no way to disable it. As it is considered a privacy risk, browsers previously allowed you to disable this feature. Now they are going in the opposite direction.

Hyperlink auditing is an HTML standard that allows the creation of special links that ping back to a specified URL when they are clicked on. These pings are done in the form of a POST request to the specified web page that can then examine the request headers to see what page the link was clicked on.
The article concludes that "Firefox and Brave win the award" for people who want this click-tracking capability disabled -- since "only Brave and Firefox currently disable it by default, and do not appear to have any plans on enabling it in the future."

A research duo who hacked a Tesla were the big winners at the annual Pwn2Own white hat security contest, reports ZDNet. "The duo earned $375,000 in prize money, of the total of $545,000 awarded during the whole three-day competition... They also get to keep the car." Team Fluoroacetate -- made up of Amat Cama and Richard Zhu -- hacked the Tesla car via its browser. They used a JIT bug in the browser renderer process to execute code on the car's firmware and show a message on its entertainment system... Besides keeping the car, they also received a $35,000 reward. "In the coming days we will release a software update that addresses this research," a Tesla spokesperson told ZDNet today in regards to the Pwn2Own vulnerability.

Not coincidentally, Team Fluoroacetate also won the three-day contest after earning 36 "Master of Pwn" points for successful exploits in Apple Safari, Firefox, Microsoft Edge, VMware Workstation, and Windows 10... [R]esearchers also exploited vulnerabilities in Apple Safari, Microsoft Edge, VMware Workstation, Oracle Virtualbox, and Windows 10.

Cybersecurity firm Kaspersky Lab has filed an antitrust complaint against Apple with the Russian Federal Antimonopoly Service relating to the company's App Store distribution policy. From a report: Kaspersky's complaint is specifically to do with Apple's removal of the Kaspersky Safe Kids app. In a blog post on the Kaspersky website, the firm says it received notice from Apple last year that the app, which had been in the App Store for three years, did not meet App Store guidelines owing to the use of configuration profiles. Kaspersky was told by Apple that it would need to remove these profiles for the app to pass review and remain in the App Store, but the Russian firm had argued this action essentially crippled the app. "For us, that would mean removing two key features from Kaspersky Safe Kids: app control and Safari browser blocking." The first allows parents to specify which apps kids can't run based on the App Store's age restrictions, while the second allows the hiding of all browsers on the device so that web pages can only be accessed in the Kaspersky Safe Kids app's built-in secure browser.

An anonymous reader quotes a report from Motherboard: Now, for Pi Day (March 14), music software programmer Canton Becker has crafted a million-hour song based on Pi that unfolds generatively on a virtual tape deck. Titled "Shepard's Pi," the song combines two of Becker's favorite infinities: Pi, and an auditory illusion called a Shepard tone, which he describes as an "unsettling sonic illusion of a pitch that climbs or descends forever, never reaching a top or a bottom." Found at PiSongs.com, users can tune into "Shepard's Pi" in real time with a custom virtual tape deck. The track itself evolves moment to moment, but the synthesized and sampled tones will be familiar to anyone who has ever listened to the electronic music of Kraftwerk, Tangerine Dream, Aphex Twin, and Global Communication. Far from being a mere gimmick, it is a highly evocative and transporting piece of electronic music, alternately ambient, glitchy, and interestingly rhythmic. The 58,999 GB MP3 file needed to be distributed via a webpage or app, so Becker "started hacking away at the basic algorithm in the programming languages PHP and Javascript," reports Motherboard. "In between coding marathons, Becker composed and recorded the loops and samples that would form the basis of the song. He experimented with sounds that would work well together regardless of being stacked one upon the other."

"When users hit 'play' on the virtual tape deck, the algorithm actually 'performs' the piece," the report says. "This way, the 114-year song can fit in just one gigabyte of space, which is mostly comprised of the digits of Pi. The virtual tape deck was also a solution to a built-in quirk of browsers such as Chrome, Safari, and Firefox -- users must click on a webpage to trigger a sound." From start to finish, the song lasts 999,999 hours, "a limitation imposed by only considering the first one billion digits of Pi."

Microsoft this week revamped Skype's browser-based client with a slew of new features. From a report: The Seattle company this week announced the rollout of a major Skype for Web update, which introduces high-definition video calling, a redesigned notifications panels, a revamped media gallery, and more. It's available on any PC running Windows 10 and Mac OS X 10.12 or higher with the latest versions of Google Chrome or Microsoft Edge. The bulk of the new capabilities debuted in preview last October, but they're available widely starting this week. Skype for Web does not support Safari, Firefox, and Opera browsers, Microsoft has confirmed.

The World Wide Web Consortium (W3C) today declared that the Web Authentication API (WebAuthn) is now an official web standard. From a report: First announced by the W3C and the FIDO Alliance in February 2016, WebAuthn is now an open standard for password-free logins on the web. It is supported by W3C contributors, including Airbnb, Alibaba, Apple, Google, IBM, Intel, Microsoft, Mozilla, PayPal, SoftBank, Tencent, and Yubico. The specification lets users log into online accounts using biometrics, mobile devices, and/or FIDO security keys. WebAuthn is supported by Android and Windows 10. On the browser side, Google Chrome, Mozilla Firefox, and Microsoft Edge all added support last year. Apple has supported WebAuthn in preview versions of Safari since December.

In the release notes for Safari 12.1, the new version of Apple's browser installed in iOS 12.2, Apple says that it is removing support for the "Do Not Track" feature, which is now outdated. From a news writeup: "Removed support for the expired Do Not Track standard to prevent potential use as a fingerprinting variable," the release note reads. The same feature was also removed from Safari Technology Preview today, Apple's experimental macOS browser, and it is not present in the macOS 10.14.4 betas. According to Apple, Do Not Track is "expired" and support is being eliminated to prevent its use as, ironically, a fingerprinting variable for tracking purposes. It is entirely up to the advertising companies to comply with the "Do Not Track" messaging, and it has no actual function beyond broadcasting a user preference.

A reader shares a report from Ars Technica's Peter Bright: With Microsoft's decision to end development of its own Web rendering engine and switch to Chromium, control over the Web has functionally been ceded to Google. That's a worrying turn of events, given the company's past behavior. Chrome itself has about 72 percent of the desktop-browser market share. Edge has about 4 percent. Opera, based on Chromium, has another 2 percent. The abandoned, no-longer-updated Internet Explorer has 5 percent, and Safari -- only available on macOS -- about 5 percent. When Microsoft's transition is complete, we're looking at a world where Chrome and Chrome-derivatives take about 80 percent of the market, with only Firefox, at 9 percent, actively maintained and available cross-platform.

The mobile story has stronger representation from Safari, thanks to the iPhone, but overall tells a similar story. Chrome has 53 percent directly, plus another 6 percent from Samsung Internet, another 5 percent from Opera, and another 2 percent from Android browser. Safari has about 22 percent, with the Chinese UC Browser sitting at about 9 percent. That's two-thirds of the mobile market going to Chrome and Chrome derivatives. In terms of raw percentages, Google won't have quite as big a lock on the browser space as Microsoft did with Internet Explorer -- Internet Explorer 6 peaked at around 80 percent, and all versions of Internet Explorer together may have reached as high as 95 percent. But Google's reach is, in practice, much greater: not only is the Web a substantially more important place today than it was in the early 2000s, but also there's a whole new mobile Web that operates in addition to the desktop Web. Google has deployed proprietary technology and left the rest of the industry playing catch-up, writes Peter. The company has "tried to push the Web into a Google-controlled proprietary direction to improve the performance of Google's online services when used in conjunction with Google's browser, consolidating Google's market positioning and putting everyone else at a disadvantage."

YouTube has been a particular source of problems. One example Peter provides has to do with a hidden, empty HTML element that was added to each YouTube video to disable Edge's hardware accelerated video decoding: "For no obvious reason, Google changed YouTube to add a hidden, empty HTML element that overlaid each video. This element disabled Edge's fastest, most efficient hardware accelerated video decoding. It hurt Edge's battery-life performance and took it below Chrome's. The change didn't improve Chrome's performance and didn't appear to serve any real purpose; it just hurt Edge, allowing Google to claim that Chrome's battery life was actually superior to Edge's. Microsoft asked Google if the company could remove the element, to no avail."

With the news earlier today that Microsoft is embracing Chromium for Edge browser development on the desktop, VentureBeat decided to see what the other browser companies had to say about the decision. From the report: Google largely sees Microsoft's decision as a good thing, which is not exactly a surprise given that the company created the Chromium open source project. "Chrome has been a champion of the open web since inception and we welcome Microsoft to the community of Chromium contributors. We look forward to working with Microsoft and the web standards community to advance the open web, support user choice, and deliver great browsing experiences."

Mozilla meanwhile sees Microsoft's move as further validation that users should switch to Firefox. "This just increases the importance of Mozilla's role as the only independent choice. We are not going to concede that Google's implementation of the web is the only option consumers should have. That's why we built Firefox in the first place and why we will always fight for a truly open web." Mozilla regularly points out it develops the only independent browser -- meaning it's not tied to a tech company that has priorities which often don't align with the web. Apple (Safari), Google (Chrome), and Microsoft (Edge) all have their own corporate interests.

Opera thinks Microsoft is making a smart move, because it did the same thing six years ago. "We noticed that Microsoft seems very much to be following in Opera's footsteps. Switching to Chromium is part of a strategy Opera successfully adopted in 2012. This strategy has proved fruitful for Opera, allowing us to focus on bringing unique features to our products. As for the impact on the Chromium ecosystem, we are yet to see how it will turn out, but we hope this will be a positive move for the future of the web."

In an interview with Axios on HBO Apple CEO Tim Cook explained the decision to use Google as the default search engine on Apple products. This decision, which enables Apple to make up to $9 billion a year, has baffled some, considering Google's business model of making money off of users' data -- something Apple has spoken out against numerous times. From a report: "I think their search engine is the best," Cook said in the interview. He followed up by diving into privacy features Apple has implemented in its Safari browser. "Look at what we've done with the controls we've built in," Cook stated. "We have private Web browsing. We have an intelligent tracker prevention. What we've tried to do is come up with ways to help our users through their course of the day. It's not a perfect thing. I'd be the very first person to say that. But it goes a long way to helping." Google pays Apple to have its search engine be the primary one on iPhones and other Apple devices.