WhatsApp is rolling out long-overdue username privacy feature

Posted on by Martin Brinkmann

If you use the popular messaging service WhatsApp, you know that you can only add contacts to the service with a phone number. Don’t have the number registered to a WhatsApp account? Then you can’t add the contact to the app.

Clearly, having to share your phone number is not always a good idea. While you may not have any issues sharing it with close friends or family, giving it to others is another matter.

It is a privacy and security issue. Other messengers support usernames, which do not reveal critical information to a third-party.

WhatsApp started to work on usernames about three years ago, but the Meta-owned app is just about to start rolling the feature out to a first batch of users, reports WABetaInfo.

You can add a username in the settings. Once you do, you may share the username with others to get them to add you to the messenger. Good news is that you can further protect the username with a code, which others need to provide when they try to add you.

However, there are quite a few limitations regarding usernames. Here are noteworthy ones:

  • The username can be between 3 and 23 characters in length.
  • It needs to start with a letter, and can only contain letters, numbers, underscore, and a period.
  • It can’t be a domain name or start with www.
  • It can’t be taken, if someone on Instagram or Facebook picked it already. The user who picked it can get it on WhatsApp.

Support for usernames is a welcome addition. While some Internet users prefer to use other messaging clients, those who offer more privacy, WhatsApp’s users will certainly benefit from the feature.

No official ETA or confirmation by Meta at this point though. Might take months or even longer before the feature lands for most users.

VeraCrypt developer claims that Microsoft has terminated his account

Posted on by Martin Brinkmann

VeraCrypt is a popular cross-platform encryption software that is available for Windows, Linux and macOS. It is one of the successors of TrueCrypt and can be used to encrypt hard drives, including system drives, and to create data containers on drive that are encrypted.

The developer of the application, Mounir Idrassi, published a project update on Sourceforge a few days ago. There, he explained why the project had been silent for the past few months.

According to his description, Microsoft terminated the account that he used to sign Windows drivers and the bootloader. This affects the Windows version of the encryption software, as updates can’t be signed anymore because of this. The Linux and macOS versions of the software are not affected by this.

To make matters worse, a screenshot with a message by Microsoft suggests that an appeal is not available. It is unclear what that means for the project. While a solution may be found eventually, likely through enough outside pressure to get a Microsoft representative to look at the case, it is certainly problematic when a company that operates its own encryption software — Microsoft with BitLocker — is blocking a competitor from releasing updates for his.

Report: Windows has a new 0-day vulnerability called BlueHammer

Posted on by Martin Brinkmann

The next Windows Patch Day is just a week away and it is unclear whether it will include a fix for a recently disclosed 0-day vulnerability.

The new security vulnerability has been disclosed on GitHub, including proof of concept code to exploit the issue. However, there is no explanation how the issue works.

Well-known security researcher Will Dormann commented on the issue and confirmed that it is working. He admitted that it “may not be 100%” reliable though. It seems that frustration with MSRC, the Microsoft Security Research Center, and how it operates, was the reason for the public disclosure of the vulnerability. Whether that is true or not can’t be verified though.

So, what do we know about the vulnerability so far?

  • What it is: “BlueHammer” is an unpatched zero-day Local Privilege Escalation (LPE) vulnerability affecting Microsoft Windows.
  • Impact: It allows a local attacker with limited, low-level user access to escalate their permissions to SYSTEM or elevated administrator rights. This effectively grants the attacker full control over the compromised machine.
  • Current Status: Microsoft has not yet released an official patch or mitigation, making it a true zero-day.

Security experts (such as Will Dormann) describe it as a flaw that combines a TOCTOU (Time-of-Check to Time-of-Use) vulnerability with path confusion. At a high level, it appears to weaponize Windows Defender-related interfaces (the leaked source code contains files like windefend.idl and windefend_c.c). By bypassing the system’s original validation, a local attacker can gain access to the Security Account Manager (SAM) database, which stores local account password hashes, ultimately allowing them to spawn SYSTEM-level shells.

Good news is that the flaw is a local privilege escalation, which means that attackers can’t exploit it to hack into Windows PCs remotely. However, if they were to gain access to a Windows system, they could use it to expand access or even take over a system completely.

How to batch test archives on Windows

Posted on by Martin Brinkmann

File archives serve plenty of purposes. They compress one or multiple files and folders and make them available as a single file; ideal for distribution and storage.

Many backup tools, for instance, support compressing backups to save storage space.

But how do you ensure that the archives are not corrupt? There are several options, including generating hashes and running verifiers.

However, if you have not created hashes in first place or find this too time consuming or unmanageable, you could test the archives directly using archivers.

PeaZip is an open source archiver for several operating systems. Version 11.0 was released recently and it includes a batch testing option.

Throw any number of support archive formats at the app and it will check each archive. It does so automatically and the only exception to that is when it encounters a password protected archive, as it will prompt for the password in that case.

You get a full list of results in the end that you can go through to find any archives that are damaged.

PeaZip supports all major archive formats. To name a few: ZIP, 7z, BR, TAR, ZipX, RAR, APK, CAB, ISO, and ACE.

Here is how you run the test:

  1. Download and install the latest version of the archiver. You can download a portable version or use winget install -e peazip to install it from the command line.
  2. Open the application and use the file manager to navigate to the folder with the archives that you want to test.
  3. Select them all, for instance by holding down Ctrl and left-clicking on each archive, using Ctrl-A, or right-clicking and picking “select all” from the context menu.
  4. Right-click on the selection and select More > Test to start the verification process.

PeaZip tests one archive after another, displaying results in a separate window. You could move all archives into a single folder to make this operation easier, or switch folders to continue testing archives.

All in all, this is a straightforward option to batch test archives on Windows (or any other of the supported operating systems).

Windows 11 Insiders may finally be getting better testing access

Posted on by Martin Brinkmann

One of the most frustrating experiences as a Windows Insider is the Controlled Rollout feature in my experience. You sign up to beta test Windows 11 versions and instead of getting all features ready for testing, Microsoft is limiting access to new features.

While you can enable the features with the ViVeTool, doing so requires more steps and is not super comfortable. Still, it is the only reliable option to enable features that are on “roll out” immediately on a Windows 11 system.

Serial leaker Phantom of Earth discovered a hidden feature in recent Insider builds of Windows 11 that should make things easier for users.

Microsoft is apparently working on integrating its own “ViVeTool-like” interface in the Settings. This means that testers can enable certain features, that are on rollout, directly there.

The full functionality is unknown at this point. Will all features be listed there or only handpicked ones by Microsoft? We do not know at this point. There is also the chance that Microsoft is having a change of heart at one point.

Also, it appears that the change targets Insider versions only and not stable builds. Stable Windows 11 users who want to enable some features directly will therefore still have to use the ViVeTool to do so.

If done right, it could improve testing certain Windows 11 features and changes for many testers.

Would you trust AI to handle your email inbox?

Posted on by Martin Brinkmann

It was inevitable. Google is rolling out new AI functionality on its Gmail service to personal Google accounts. Called AI Inbox, it is designed to “help you manage a busy inbox”, says Google.

What that means? AI is scanning emails to identify the ones that require immediate attention. The feature has its own entry point on Gmail. When you activate AI Inbox, you get two different sections:

  • Suggested To-dos: Here, the AI lists incoming emails that need your immediate attention or action. High-priority tasks are identified and the AI explains to you in bold, what you need to do.
  • Catch-up Topics: This offers summaries of “important updates across projects and topics”, especially if they are scattered in different email threads or unrelated emails.

Google is limiting the feature currently to English-language users from the United States who are subscribed to Google AI Ultra, which costs 275 Euros per month currently (three month 50 percent introductory offer may be available).

You also need to enable smart features in Gmail to make use of it. Smart Features refers to a bundle of features, including translations, Smart Compose, or personalized search.

The Pros and Cons of letting AI handle your inbox

While there are certain pros to letting AI handle your email inbox, such as saving time, prioritization, or tone and grammar help, there are significant downsides.

Besides privacy and security concerns, there is the risk of missing important emails or of costly mistakes that the AI may make when it starts to hallucinate.

Privacy aside, the best way for users who want to make use of AI to tame their inbox is to use it as a helper, not the ultimate tool on autopilot. This is true for most AI solutions and services nowadays: you always have to verify that the AI did not miss something or introduced something that should not be there or that does not exist in the first place.

Would I use AI Inbox? I would not and the reason could not be simpler: I have no desire to give AI access to my emails because of privacy. Add a medium-sized inbox to that, and I do not have a need for any AI functionality at the time of writing.

I can see AI Inbox as a useful addition in certain cases, for instance, when so many emails arrive in an inbox that humans can’t keep anymore or when someone needs AI because of a packed day and little time to manage emails.

What is your take on this? Would you use AI features on Gmail or your email service? Or do you plant to stay away from them?

Google Chrome update patches another 0-day vulnerability

Posted on by Martin Brinkmann

Google released a security update for its Chrome web browser that fixes 21 distinct security issues, including a 0-day issue that is exploited in the wild.

You know the drill: If you run Chrome or have it installed, update asap to close the vulnerabilities and protect your systems from potential attacks.

My preferred way of updating the browser is to run winget upgrade google.chrome.exe from the command line. You can also start it, select Menu > Help > About Google Chrome.

The 21 vulnerabilities have a severity of high or medium. The 0-day vulnerability is CVE-2026-5281, which Google describes as a “Use after free in Dawn”.

  • Use after free describes memory corruption vulnerabilities that occurs when a program attempts to access sections of computer memory that have already been released back to the system.
  • Dawn is a WebGPU implementation.

The official description of the vulnerability is the following:

Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.

The new versions of the browser after installation of the update:

  • Chrome for Windows: 146.0.7680.177 or 146.0.7680.178
  • Chrome for Mac: 146.0.7680.177 or 146.0.7680.178
  • Chrome for Linux: 146.0.7680.177
  • Chrome for Android: 146.0.76380.177

A new Windows team promises to bring native apps to the operating system

Posted on by Martin Brinkmann

A new team at Microsoft plans to release 100 percent native apps for the Windows operating system. Announced by Rudy Huyn on X, the focus of the apps is a meaningful user experience.

Hyun does not mention whether the team will work on making existing apps 100 percent native or if it will work on new apps that may ship with the operating system at one point in time.

The development is a major shift from Microsoft’s recent heavy reliance on web-based wrappers and Progressive Web Apps (PWAs).

Here is why this is important:

  • For years, Microsoft has favored web-based apps over native code. These apps are often seen as slow, memory-hungry, and less-optimized than native apps.
  • It is another confirmation that Microsoft is trying to steer the wheel around. Apps are fundamental and attempts to make them better could improve the perception of the operating system.
  • Focus on quality. Hyun mentions that he is looking for developers with “strong product thinking”, regardless of platform that they have experience on. This could be an indicator that Microsoft might work on polishing the user experience.

While little is know about the project, apart from what Huyn mentioned on X, it could be another puzzle piece of Microsoft’s redemption attempt.

Since the information is scarce, pretty much everything surrounding this new project is unknown, including when we can expect the first releases and whether these will replace existing apps that may not be 100 percent native or be entirely new apps.

Android

Google outlines the new flow for sideloading Android apps

Posted on by Martin Brinkmann

Depending on who you ask, sideloading apps is either the best thing ever when it comes to application ecosystems or the worst thing. Those in favor argue that it allows for an open environment that is not limited by a specific store or developer. Opponents point out that sideloading is often used to install malware on devices of unsuspecting users.

To address this issue, Google announced changes to sideloading on Android some time ago. It did not cut off sideloading altogether, something that was on the table, but decided to introduce a new installation flow on devices that run Android.

This new workflow deliberately takes time and effort. Google says that this prevents certain common scenarios where users may be pressured or installations happen remotely.

Here is the new workflow:

  1. Enable Developer Mode: Android users need to enable developer mode before they can sideload apps. Google says that this prevents “prevents accidental triggers or “one-tap” bypasses”.
  2. Confirmation: A check to make sure that no one is asking the owner of the device to make the change.
  3. Restart and reauthentication: This is done to cut-off remote access or active phone calls.
  4. Waiting period: A 24 hour wait period before the owner can confirm that sideloading should be activated.
  5. Installation: Users may enable sideloading for a seven day period or indefinitely, according to Google.

These steps are designed as hurdles that users have to overcome. It may reduce the number of unwanted sideloaded installations on Android. Experienced users still have to complete the necessary steps before they can unlock sideloading on their devices (again). It is annoying, but Google makes it sound as if this could be a one-time process. If that is indeed the case, experienced users might want to complete the necessary steps immediately after the new system is introduced on their devices to avoid any issues later on.

Now it is your turn. What is your take on the changes? Important to protect the masses from unwanted installations or overreach? Feel free to leave a comment down below.

Microsoft pauses update KB5079391 for Windows 11 to investigate an issue

Posted on by Martin Brinkmann

This month, Microsoft promised to steer development towards improving the quality and usability of its Windows operating system. The first Windows update after the announcement could serve as an example for what is wrong with the operating system.

The distribution of KB5079391, released on March 26, had to be halted by Microsoft to investigate an installation error.

The company writes:

Some devices might encounter the following error while installing this update:

“Some update files are missing or have problems. We’ll try to download the update again later. Error code: (0x80073712)”

The availability of the optional update for Windows 11 has been limited by Microsoft as a consequence to investigate the underlying cause. Microsoft says that it will provide information about the issue once it has discovered the root cause of the error message.

Beta updates

The issue highlights the fragile nature of the operating system. Optional updates, which are beta releases of the following month’s cumulative update, should not be installed by the majority of Windows users.

In fact, there are only a few exceptions to the rule:

  • Major issues: When a major issue is fixed that affects users significantly.
  • Testing: When new features need to be evaluated.

Other than that, it is usually better to wait for the release of the cumulative updates, as these are the releases that are considered more stable. However, here, I also advice to wait with the installation, as bugs and issues are common and may affect operations.

In any event, creating a system backup before installing any updates is highly recocmmended.