Author: Martin Brinkmann

When I was young, I studied German, History and English at Essen University in Germany. I worked in computer support for several years at the time to help other computer users when they ran into issues. Writing started out as a passion project, as I wanted to help more users and not just the ones that I handled in support. This lead to the founding of Ghacks Technology News in 2005. First, as a side-project, but shortly thereafter as a full-time project as the site's popularity exploded. I sold Ghacks to Softonic some years ago, but stayed on as Editor. You can still read my articles on the site. I do publish on Betanews as well. In recent years, I started to write and publish technology books, including my latest book "Windows 11 From Beginner to Advanced", which is available on Amazon. I'm also a freelance writer for the German publisher Gamestar. Chipp.in is my newest project. I want to use it to talk about my book projects, sell my books directly, and write about technology, as this is what interests me.

Microsoft explains unintentionally why offline accounts are better in Windows

Posted on by Martin Brinkmann

The release of Windows 10 saw a fundamental shift towards Microsoft accounts. While users got to choose between local and Microsoft accounts in Windows 10, it was clear that Microsoft’s intention was to get customers to use online accounts.

It integrated new features into Windows that required an online account. From OneDrive over the synchronization of settings to the ability to restore an account password.

Microsoft shifted into a higher gear with the release of Windows 11. It enforces the creation of a Microsoft account on first setup now for Home and Pro systems.

Many workarounds do not work anymore, but there may still be options to deal with the user-unfriendly behavior. Still, most users may not know about these and that forces them to create the Microsoft account.

It is possible to create local accounts after the initial setup phase and delete the Microsoft account, but Microsoft has scattered warnings across the system in that case.

Microsoft highlights the advantages of local accounts

The support page “Change from a local account to a Microsoft account” on Microsoft’s official support website lists the advantages of both local and Microsoft accounts.

Here is what Microsoft has to say about local accounts (via WinFuture)

A local account is created on the device and doesn’t require Internet connectivity to sign in. It’s independent of other services, and it’s not connected to the cloud. Your settings, files, and applications are limited to that single device

While that is meant to be discouraging, may of the users who prefer local accounts may beg to differ.

The key here is that local accounts are not known to Microsoft. They work offline and files stay on the local system by default. Users may still sync files using first or third-party tools, but this is completely optional.

Wonder about the advantages of using a Microsoft account? Here are the key features of using a Microsoft account, according to Microsoft:

When you sign in to your PC with a Microsoft account, you’re connected to a Microsoft cloud service, and your settings and files can sync across various devices. You can also use it to access other Microsoft services

So, some settings and files sync when a Microsoft account is used. Using a Microsoft account may also give users access to services that require it.

Closing Words

To break it down: if you prefer privacy, you may want to consider using local accounts. If you prioritize convenience, or use multiple Windows devices, you may find that the advantages outweigh the disadvantages.

What about you? Do you prefer local or Microsoft accounts on Windows devices?

Bitwarden Extension causes websites to hang

Posted on by Martin Brinkmann

Just a quick note. Bitwarden’s latest client release seems to cause issues for some users. The update to version 2024.6.0 may cause issues in browsers.

According to reports. websites may hang or stall when loaded while the Bitwarden extension is active.

The issue is causing high CPU usage when some websites are opened. This causes the loading of the website to hang and the browser to freeze entirely in some cases. Crashes may also happen.

Several browsers, including Safari, Chrome, and Edge, and operating systems appear affected by the issue.

Deactivation of the extension restores the status quo. Users who downgraded the client version to the previous one reported that this fixed the issue as well. Desktop users may download previous releases from the official Bitwarden GitHub repository.

A third workaround is to change when Bitwarden’s extension becomes active in the browser. This may not be possible in all browsers. To check it out, right-click on the Bitwarden extension icon in the browser and hover over “This can read and change site data”.

There you switch from “on all sites” to “when you click the extension”.

Bitwarden confirmed that it is investigating the issue at the time. The issue is affecting other projects, including Home Assistant as well.

Closing Words

It is probably only a matter of time before a fixed version is released by Bitwarden. Try one of the workarounds in the meantime.

Google Chrome 126

Google Chrome 126 fixes 21 security issues

Posted on by Martin Brinkmann

Google released a new stable version of its Chrome web browser for all supported platforms. Chrome 126 is a security update first and foremost, but it makes non-security changes to the browser as well.

The security update is available already. Google rolls out these updates over the course of days and weeks. Most Chrome installations are updated automatically, thanks to the built-in updating system.

Desktop users may install the update quicker by opening Menu > Help > About Google Chrome. Chrome displays the installed version on the page that opens and runs a check for updates. The browser will download any new version it finds.

Chrome 126: the security fixes

Google mentions that it has fixed 21 unique security issues in Chrome 126. It lists only externally reported issues on the page. All of these are rated high or lower, and there does not seem to be a(nother) 0-day issue that is affecting the browser at this time.

The security issues rated high type confusion, use after free, heap buffer overflow, and inappropriate implementation issues.

The non-security changes of Chrome 126

Here is an overview of important non-security changes in the new Chrome release:

  • OCR-AI Reader for inaccessible PDF documents that creates a “built-in PDF screen reader”.
  • Beginning to switch to an out-of-process iframe architecture for the PDF viewer. This makes it simpler to add new features to it according to Google.
  • Reactive prefetch on desktop. The feature speeds up navigations and the loading of pages by using a Google-owned service to predict resources that should be prefetched.
  • Tab Group support on iPad.
  • Starting in Chrome 126, Chrome starts to directly support accessibility client software that uses Microsoft Windows’s UI Automation accessibility framework.
  • Search any text or image using Google Lens.

Developers may want to check out the Chrome Status website for development related changes.

Have you tried Google Chrome recently?

DoNotSpy11 Update

DoNotSpy11 update adds option to disable Windows AI features

Posted on by Martin Brinkmann

DoNotspy11 is a long-standing privacy and tweaking application for Windows. The first update of 2024 introduces new features and compatibility with recent Windows releases.

It is a small tool that you may use to modify Windows settings with ease. It addresses one of the main issues that privacy-conscious users have with Windows: the scattering of privacy-related preferences and policies.

Instead of having to use the Control Panel, Settings app, Registry, Group Policy Editor, and some other tools to improve privacy, it delivers everything in a single easy-to-use interface.

Word of Advice: Windows may throw a SmartScreen error when you try to run the program on your device. This is not because it is malicious or faulty. SmartScreen displays also when a program is new.

Another great privacy tool is O&O ShutUp10++, which I reviewed some time ago.

A short DoNotspy11 Intro

DoNotSpy11 displays all applicable privacy tweaks in the interface. It uses color codes to highlight the safety of tweaks. The following colors are used:

  • Blue — These are safe settings that should not have any ill-effects.
  • Orange — It is necessary to read the description, as they may impact other features among other things.
  • Red — Usually not recommended to change.
  • Gray — These settings have not changed since the last use of the application.

The program suggests to create a System Restore point whenever changes are made. This allows you to go back to the previous state in case something does not work anymore. I never ran into this problem while using the app, but a backup option is always welcome.

Just check or uncheck the available options and hit the apply button in the end to make the change. It is easy to undo changes manually or through System Restore points.

DoNotSpy11 1.2.1.0 Changelog

The update introduces ten new tweaks, including a new Windows AI category. It also adds general compatibility with Windows 11 version 23H2 Moment 5 and Windows 11 version 24H2, which will be released later this year.

The final change adds high DPI support, which should improve visuals on high DPI displays.

As for the tweaks, here is what is new:

  1. AI: Disable Recall (Snapshots) (from build 26100)
  2. Apps: Disable Access to Cellular Data
  3. Apps: Disable Access to Eye Tracking
  4. Apps: Disable Access to Motion / Activity
  5. Edge: Disable Control Copilot Access to Browser Context
  6. Edge: Disable Spell Checking Provided by Microsoft Editor
  7. Edge: Disable Website Typo Protection
  8. Edge: Hide App Launcher on Microsoft Edge New Tab Page
  9. Start: Disable Recommended Section
  10. Start: Disable Website Recommendations in Recommended Section

Three tweaks have been updated. The first two add options to disable Copilot and the Copilot taskbar button on Windows 10 devices. The third changes the disable background applications recommendation from blue (safe) to yellow (read comment).

You can check out the full changelog here.

Do you use tweaking tools to improve privacy or other features of Windows devices?

AI

AI is now capable of exploiting 0-Day vulnerabilities without description

Posted on by Martin Brinkmann

A team of security researchers at the University of Illinois published a study back in April 2024 that demonstrated the hacking capabilities of AI.

Using OpenAI’s GPT-4 model, they discovered that exploit code could be generated for 87% of the tested 0-day vulnerabilities.

This figure dropped to 7% if the CVE description was not provided.

Good to known: 0-day vulnerabilities refer to security issues that are very recent. Patches may not be available in all cases, and systems that are not updated are vulnerable to attacks that target these vulnerabilities.

The same research team has now published a new research document: Teams of LLM Agents can Exploit Zero-Day Vulnerabilities

It builds on the previous research. This time, the researchers wanted to find a way to improve the exploiting capabilities of AI if no description of 0-day vulnerabilities was provided.

They managed to create a system that bumped the success rate to 53% using real-world 0-day vulnerabilities that were discovered after the AI model’s data cut-off date.

Using GPT-4, the researchers switched to a team-based approach to compartmentalize attacks. Instead of relying on a single GPT-4 instance for attacks, they developed an architecture that assigned AI agents with different tasks.

The tasks are assigned by a planner AI and controlled by a manager AI. The planner AI launches other AI instances, including the manager AI and AIs for specific tasks.

This approach worked well, as it improved the the capabilities of the AI attacker. The chance of success rose from 7% when using a single AI instance to 53% under the new team-based approach.

Closing Words

AI research that focuses on security is important. Besides demonstrating the capabilities of different AI models, it may also highlight future dangers. Well-funded hackers and criminals may use AI models for illegal activities. These may range from finding new exploits to creating exploits for existing vulnerabilities.

Web-based and App-based AI interactions prevent certain activities, including hacking. This is not the case, however, for self-hosted or created AI models.

What is your take on this? Will we see more exploits that are more widely used in attacks in the future? Or will we see the rise of AI-based Anti-hacking solutions that try to counter their breathren?

VLC Media Player 3.0.21

VLC Media Player 3.0.21 launches with AMD improvements

Posted on by Martin Brinkmann

VideoLAN has released a new version of its cross-platform open source VLC Media Player application. VLC Media Player 3.0.21 is already available on the official distribution server. No official announcement at this point, but this is only a matter of time.

The new version of VLC Media Player comes with a number of improvements and fixes. Notable is improved support for devices with AMD hardware.

The release notes state the following in this regard:

  • Super Resolution scaling with AMD GPUs
  • New AMD VQ Enhancer filter

Super Resolution scaling is an upscaling technology that aims to improve the visual quality and sharpness of videos. It works best on low-quality videos and videos that are badly compressed.

The upscaling feature was available only for NVIDIA and Intel GPUs in previous versions of VLC Media Player. This changes with the new release and levels the playing field in this regard.

As far as other features are concerned, the following ones stick out:

  • The D3D11 HDR option can also turn on/off HDR for all sources regardless of the display
  • Improve subtitles rendering on Apple platforms of notably Asian languages by correcting font fallback lookups
  • Add D3D11 option to use NVIDIA TrueHDR to generate HDR from SDR sources
  • Improve Opus ambisonic support
  • Add support for HTTP content range handling according to RFC 9110

The new release includes a few fixes and updates to libraries next to that:

  • Fix some ASS subtitle rendering issues
  • Fix Opus in MP4 behaviour
  • Fix VAAPI hw decoding with some drivers
  • Fix some HLS Adaptive Streaming not working in audio-only mode
  • Fix regression on macOS causing crashes when using audio devices
  • Fix exposed UPnP directory URL schemes to be compliant with RFC 3986
  • Fix various warnings, leaks and potential crashes
  • Fix security integer overflow in MMS module

You can check out the full release notes here.

Which media player do you use primarily and why?

Microsoft announces changes to Recall in Windows 11 after backlash

Posted on by Martin Brinkmann

When Microsoft announced the AI feature Recall in May, it felt confidence in its AI strategy. Recall, a feature that takes snapshots of the PC screen every five seconds, was designed to be the selling point for a new breed of PCs, that Microsoft calls Copilot+ PCs.

A lot depended on Recall. It was the first major AI feature that Microsoft designed exclusively for this new PC type.

The reveal and the days that followed turned out different. Recall was criticized left and right.

Core points were:

  • Windows 11 activated Recall for users automatically and there was no opt-out option.
  • The Recall database was not properly secured.

This would have made Recall one of the most lucrative target in computing history.

Tip: you can disable Recall in Windows 11 in several ways.

Microsoft announces changes to Recall

Recall new setup with opt-out and opt-in

Today, Microsoft announced a series of changes to Recall that “improve privacy and security safeguards”.

  • The setup experience is changed. Users need to make a decision now to activate Recall or keep it disabled.
  • Windows Hello enrollment is required to enable Recall.
  • Proof of presence is required before users may interact with Recall’s database.
  • Additional security layers, including “just in time” decryption, is also enabled.

Closing words

Microsoft plans to ship the updated version of Recall on June 18th to Windows 11 Insider devices. By then, tinkerers will have another go at the feature to see if it is still possible to gain access to the database.

For a company that announced its new “security first” motto shortly before the reveal of Recall, feedback has been disastrous.

To end on a personal note. I still cannot find a use case for Recall. I do not see how it could help me improve my productivity on Windows PCs. Then again, I’m probably not the target audience for the feature.

What about you? Would you use the safer version of Recall?

DuckDuckGo AI Chat

DuckDuckGo AI Chat: promises anonymous access to AI models

Posted on by Martin Brinkmann

DuckDuckGo has launched AI Chat officially. The feature promises anonymous interactions with several AIs, including GPT 3.5 , Claude 3, or Llama 3.

DuckDuckGo claims that access is free and that all chats are private. The company says that it is anonymizing interactions with the AI models. Furthermore, interactions are not used “for any AI model training”.

Users may communicate with all AIs free of charge. Interactions are, however, limited at this point. DuckDuckGo considers introducing paid plans in the future that increase limits and may give paying customers access to advanced models.

Using DuckDuckGo AI Chat is simple. Visit the startpage of the service and pick one of the available chat models to communicate with. Accept the privacy policy and terms of use on the next page.

The essential points are these:

  • DuckDuckGo is not saving or storing user prompts or outputs.
  • The company says it has agreements with model providers “to further protect” user privacy.

DuckDuckGo says that chats are anonymous and cannot be traced back to individuals. It achieves this by acting as a proxy. The AI communicates with DuckDuckGo, and thus also a DuckDuckGo IP address, and not the user directly.

Using DuckDuckGo AI Chat

AI Chat works as expected. You type and send the typed text to the AI. It will respond to it and DuckDuckGo shows the output from the AI in the interface.

Options to start the chat over and switch to another of the supported AI models are provided on the chat page.

The current limit is not highlighted on the AI Chat page. This means that you never know when you reach such a limit. You could switch to another AI model then to continue your interaction.

Closing Words

DuckDuckGo AI Chat gives you access to four different AI models at the time. If you trust the company’s claims, you get to interact with all of them anonymously. It is an interesting option to test the different AIs.

What about you? Do you use AI models already? If so, which is your favorite and why?

Firefox

Firefox is getting Tab Previews soon

Posted on by Martin Brinkmann

Mozilla has launched support for Tab Previews in Firefox Nightly officially. Firefox displays a thumbnail image of the open webpage on hover once the feature is enabled.

Current versions of Firefox display just the title of the website on hover. Firefox shows just the first few characters of a title on the tab itself by default.

While the title is sufficient for some users, others may prefer to see a preview of the actual web content. This may help identify the right webpage and thus tab when switching tabs in Firefox.

Once enabled, Firefox shows a preview of the webpage on hover.

Firefox users who run the Nightly version may enable Tab Previews in the following way:

  1. Load about:config in the Firefox address bar.
  2. Click on Accept the Risk and Continue.
  3. Search for browser.tabs.cardPreview
  4. Double-click on browser.tabs.cardPreview.enabled to set the value to True, , if it is not true already.
  5. Double-click on browser.tabs.cardPreview.showThumbnails to set the value to True, if it is not true already.
  6. Restart Firefox.

You should get previews now when you hover over a loaded tab in the browser.

Disable tab previews: if you do not like tab previews, you can disable them by setting browser.tabs.cardPreview.enabled to False.

A third preference determines how fast or slow previews are shown. This is browser.tabs.cardPreview.delayMs, which you may also change on about:config. The value is in milliseconds. Reduce the number and previews are shown quicker, or increase it, to get more hover time before tab previews are shown.

Bonus tip: set browser.taskbar.previews.enable to True to show up to 20 thumbnail images of open webpages in Firefox when hovering over the Firefox icon on the taskbar of the operating system. You can change that number by modifying browser.taskbar.previews.max on about:config.

Closing Words

Mozilla will enable Tab Previews in Firefox by default in the future. Good news is that users can disable the feature, if they have no use for it. Will take months before the feature lands in Firefox Stable.

Will you keep tab previews enabled or are you using them already in another browser?

TotalRecall: search Windows 11 Recall data and return results

Posted on by Martin Brinkmann

TotalRecall is a new open source tool for Windows that can be used to run searches across the entire Recall database.

Recall is a new feature of Windows 11 that takes snapshots of the screen every five seconds. It stores them locally and makes them available for processing by the user.

Recall is enabled by default on supported systems. Users may disable Recall, but only after the initial setup. While that may change before public release, and Microsoft would do good to make the change, it is on by default right now.

The feature is officially available only for a batch of ARM64 devices at the time of writing, but it will expand to Intel and AMD hardware soon as well. Plus, there are tools available already to make it work on older ARM devices that do not have a NPU chip.

The data is protected, but unlocked once the user logs in. It is then accessible by the user, but also by System or Admin accounts. In other words, any process that runs as System or Admin may be used to access the data.

It does not take an Einstein to connect the dots here to spot the elephant in the room: malware and spyware will target Recall data. It reveals any activity of the user, with the exception of activity in certain private browsing windows.

Forget tracking, you get a clear picture of a user’s likes, dislikes, webpages, apps, games, documents, financial transactions, online banking, private and public messages on forums and chats, and much more, when you gain access to that data.

TotalRecall

TotalRecall is a third-party tool that makes the data searchable via the command line. Run a search for password, and the tool runs a query to return any user activity associated with the term password.

It saves the search results to a text document on the system. This file provides details on the “captured windows, images, and search results”.

You can limit the search to a specific data range or run it across the entire data.

Here is what the tool does:

TotalRecall copies the databases and screenshots and then parses the database for potentially interesting artifacts. You can define dates to limit the extraction as well as search for strings (that were extracted via Recall OCR) of interest. There is no rocket science behind all this. It’s very basic SQLite parsing.

Closing Words

Microsoft, probably, did not expect to receive that much backlash for Recall. It is anyone’s guess whether Microsoft is going to make adjustments to Recall.

Windows 11 users who buy a laptop that is Recall capable, may want to strongly consider turning it off. While it may be a useful tool in very specific work scenarios, the chance of Recall turning into a nightmare for many Windows users is a real one.