Security & Privacy Archives - Page 4 of 13 - Chipp.in Tech News and Reviews

Brace yourself, OpenAI to introduce ads into its apps

Posted on December 1, 2025December 2, 2025 by Martin Brinkmann

The free AI ride is as good as over. Free meaning no ads in this case. The writing was on the wall: AI processing, infrastructure and upkeep are expensive and companies can only burn through a specific amount of money before investors demand a return on their investment or they run into payment issues.

ChatGPT is probably the most used AI out there. You can use it in apps or on the official website, and it is also found in many third-party apps.

Soon, ChatGPT may introduce advertisement into its Android application, reports Tibor Blaho on X. Hhe user found references to ads in the last Android beta.

Strings, such as AdTarget, SearchAd, or ApiSearchAd were discovered in the beta. While version 1.2025.329 of ChatGPT did not include any ads during tests, the existence of the strings suggests that ads are coming.

It is likely that OpenAI will limit ads to free users, which make the bulk of users right now. Turning on ads could boost the company into the upper-elite of advertising, rivaling the likes of Meta (not Google, for obvious reasons).

It is unclear how ads will look like and if they will be easily distinguishable from the AI’s output to the user’s request.

The question is, what will users do when they encounter ads in ChatGPT? Will they keep on using the software or switch to another, one that does not have ads yet? It will be interesting to see.

Ads may also lead to a credibility problem, especially if the ad highlights a product that the AI also recommended in the answer to the user.

Now You: Do you use an AI right now? If so, which and how is your experience so far? If not, why not? Feel free to leave a comment down below.

Gemini in Gmail may have been enabled by default, and turning it off takes other features with it

Posted on November 22, 2025November 23, 2025 by Martin Brinkmann

If you are using Google’s Gmail email service, you may have stumbled upon Smart Features already, especially if you are using the web-version of the service. Up until recently, Smart Features did not include AI, but this changed in 2025.

Now, Google has baked its AI Gemini into the Smart Features of Gmail. Depending on where you live, Smart Features are enabled by default. Note that while Google claims that Smart Features are not turned on for user in the European Union (Japan, UK and Switzerland are the three other regions), they were in fact enabled in one of my accounts.

So, what do you get with Smart Features?

Automatic email filtering and categorisation.
Smart Compose.
Smart Reply.
Nudges (suggests emails to reply to or follow-up on)
Summary cards above emails.
Grammar, spelling, and auto-correction.

Some of these features are powered by AI nowadays and Gemini, Google’s AI, needs access to your data for the features to work. Google claims that personal data is not used for training and that everything is kept within the boundaries of the account.

However, if you prefer that Gemini does not access your emails at all, your only option is to turn of the Smart Features in Gmail.

Here is how that is done:

Load https://mail.google.com/mail/u/0/#settings/general in a web browser.
Scroll down to Smart Features in Settings under General.
Remove the checkmark of the Smart Features box.
Confirm the removal.
Gmail restarts.

Smart Features should be turned off now.

Note that you may also need to click on “Manage Workspace smart feature settings”, if the account is a Google Workspace account and not just a single Gmail account.

There you can turn off Smart Features for Gmail and other Google products.

Again, when you enable the feature you do not get any auto-corrections anymore as well. That is a trade-off for some, others may use the functionality that their browser provides for that anyway.

Now You: do you use Gmail as your mail provider or another service? Black Friday might be a good option to make a switch, as plenty of deals are live already or will be offered in the coming weeks.

Google is starting to show ads in AI Mode

Posted on November 21, 2025November 21, 2025 by Martin Brinkmann

The number one advertisin company on the Internet seems to have found another place to show you ads. Reports are coming in that more and more users are starting to see ads in AI Mode.

AI Mode? It is a new option in Google Search that you may use to ask Google’s Gemini AI questions and get answers. The mode supports deep search functionality, which Google says is its “most advanced research tool in Google Search”.

Anyway, if you select the mode, you may now also get a good chunk of advertisement according to Bleeping Computer and several other sites and Internet users.

Earlier this year, Google started to show ads in AI Overviews. Unlike AI Mode, which users need to select actively, AI Overviews are attached to regular search results pages on Google Search.

Not all AI chats and modes show advertisement right now. However, there is a very good chance that many will in the not so distant future. These businesses can’t run on love alone and there does not seem to be enough money in selling paid memberships.

So, in the future, you will pay with your data and your eyes on ads when you use the majority of AI chats that will be still around in a year or two.

Speaking of which, if you are subscribed to a Gemini plan, you are still going to see ads in AI Mode and AI Overviews (of course), unless you use a content blocker.

Phishing: Don’t let your eyes deceive you

Posted on October 19, 2025October 19, 2025 by Martin Brinkmann

Phishing is a constant battle and problem on today’s Internet. While it is easy to spot most phishing attacks, if you are experienced, many Internet users fall for these attacks.

The use of AI in attacks helps attackers, even though AI is also used by the developers of security solutions. It is an arms race that has been going on for a long time.

I stumbled upon a new phishing post on LinkedIN recently. It showed a phishing email that looked like it came from noreply@microsoft.com. Upon closer inspection, it came from noreply@rnicrosoft.com.

You may spot the difference easily, but depending on the mail client that you are using, it may not be as easy to figure out that the phishing email does not come from the microsoft.com domain, as the m has been replaced by the two letters r and n.

It is simple, but very effective, especially in an age where everyone seems to be in a hurry.

This goes to show that threat actors do not always have to come up with new sophisticated schemes for their attacks. Sometimes, it is enough to register lookalike-domains by replacing just one or two characters in a domain name.

This goes hand in hand with registering domain names that look like the real deal, but are not, like microsoft-support.com.

What is the best line of defense in those cases? Never, ever, click on links in emails. Also, do not call, text, or interact with anything else in emails. Instead, verify, if you are unsure.

For instance, if you do get a password reset email, but did not request a password reset, it is very likely that this is fake. You could visit the website directly and sign-in to your account to find out, or contact support, if there is any.

Have another tip regarding the threat of phishing? Feel free to leave a comment down below.

Firefox 143.0.3 is out with security fixes and more

Posted on September 30, 2025September 30, 2025 by Martin Brinkmann

Mozilla released a new point update for its Firefox web browser today. Firefox 143.0.3 is a security update that fixes also some non-security issues in the open source browser.

The new update is available already via the browser’s automatic update feature. Existing users may speed up the installation of the update by selecting Menu > Help > About Firefox. This opens a small window in the browser that displays the current version and a check for updates.

Firefox should pick up the update automatically at this point, but you need to restart the browser once to complete the installation. Opening the page again after installation should reveal the new version.

The official security release notes reveal that Mozilla addressed two security vulnerabilities in the release. Both have a severity rating of high. They affect the JavaScript engine and the Canvas2D component of the browser. Mozilla makes no mention of exploits in the wild, but it is still recommended to update quickly.

The non-security release notes list six issues that Mozilla fixed or improved in the release. Probably the most noteworthy is a fix for extension not updating via the add-ons manager of the browser.

Another issue fixes a Firefox crash that could happen when certain extensions are installed. These caused a storage issue that could lead to Firefox crashing on start of the browser.

Firefox users who noticed long delays when opening certain websites may also see improvements after installing Firefox 143.0.3. Mozilla reduced the delays, which happen on certain websites if the network blocks UDP connections.

The three remaining fixes address minor problems in Firefox, such as Firefox View sections not collapsing or expanding as expected. You can check out the full release notes on Mozilla’s website.

Who would have thought? Customers of Samsung fridges are not happy about ads their smart fridges started to show

Posted on September 25, 2025September 25, 2025 by Martin Brinkmann

Do fridges, toasters and other household appliances may come with “smart functionality” or wireless connectivity these days. In the case of some, TVs for instance, the functionality may also be used to display advertisement to users and collect data about users.

Samsung recently announced that its smart fridges would start showing ads. A software update introduced the feature and first reactions of customers are not exactly glowing.

The company introduced the change for some of its Family Hub refrigerators in the United States. This turned the screen of the device into a vehicle for ads. And who does not love ads, especially for items that cost thousands of Dollars?

Techspot reports that the update introduced new Terms of Service and a Privacy Notice that covers the addition of advertisement. Samsung’s smart fridge displays the ads on the fridge’s screen. It appears when the screen is idle, which likely means most of the time and only if users have selected certain themes, including weather, daily board, or color.

Users may enable certain themes to avoid ads for now. If the cover screen is set to art mode, which displays photos, then no ads are shown. A setting to fully disable ads is not provided, but users may block certain ads from reappearing.

You could disconnect the fridge from the network, but might not be able to use most of its functions in that case.

Samsung says that the advertisements “are designed to enhance value for owners”. I’m pretty certain that most owners would beg to differ.

Maybe next time, it would be better to buy a “dumb” fridge or other items, especially if the provided functionality is not adding value or has the chance of being turned into something that is highly annoying or invasive.

Proton launches Emergency Access feature for paid accounts

Posted on August 28, 2025August 28, 2025 by Martin Brinkmann

Proton AG has been quite busy lately. It launched Proton Authenticator, a free open-source two-factor authentication app, and the privacy-friendly AI Lumo in the past month.

Today, the company announced a new feature for paid members. Emergency Access is designed to provide a way into a user’s account under certain circumstances, such as injury or death.

Proton writes in a new blog post:

With our new Emergency Access feature, you can grant permission to trusted contacts to securely access your Proton Account after a set period of time, ensuring nothing important is lost if you’re unable to enter your account due to death or illness.

Proton users may select up to five trusted contacts who may access a user’s account either immediately or after a select wait time that they may set in advance. For this to work, the trusted contacts do need a Proton Account of their own.

When a trusted contact requests access, one of two things happens: if the user set up a wait time, they may approve or deny the request in that period. Once the wait time is over, the request is granted automatically and the trusted contact gains access to the entire account.

For instance, if you set the wait time to four weeks, you have four weeks to allow or deny the request.

Emergency access can be disabled at any time by the account owner. Furthermore, Proton notes that it is applying to the entire Proton account of the user and not just a single application.

Proton users may set up the feature under Recovery > Add emergency contact. There they may add email addresses of their trusted contacts. Proton notes that the emails need to be associated with a Proton account.

Trusted contacts may request emergency access under Settings > Recovery.

Now You: do you have set up emergency options for accounts that support it? Feel free to leave a comment down below.

Starting next year, all Android apps need to be registered by verified developers, even sideloaded ones

Posted on August 26, 2025August 26, 2025 by Martin Brinkmann

Android users have two main options to install apps on their devices. Through Google Play, if the marketplace for apps is installed, or through sideloading. Up until now, releasing apps through Google Play required a verified developer account. This meant that the developer had to verify their identity before apps could be published.

Starting in 2026, developers who do not publish their apps through Google Play will also be required to verify their identity, if they want their apps to be installed on certified Android devices. A certified Android device, in a nutshell is any device with installed Google services.

Google says that it won’t check apps that are registered through the new program but not made available through Google Play. However, developers are required to use a new special Android Developer Console for sideloading.

Furthermore, the verification process requires that developers provide Google with personal information, including their name, address, email, and phone number, and verification of their identity, for instance by providing Google with documentation that confirms the identity.

Google plans to invite select developers of applications from October 2025 onward and enable free registrations from March 2026 on.

The sideloading of apps by unverified developers will be blocked in the countries Brazil, Indonesia, Singapore, and Thailand from September 2026 on. More countries are added to the list starting in 2027.

Google claims that the new process is designed to “better protect users from repeat bad actors”, as it will make it harder for malware actors to quickly release new malicious apps after Google has taken down an app from a developer.

The change will make it difficult for malware creators, as they need a certificate to distribute their malicious apps outside of Google Play. However, it is also giving Google access to additional data and ends the anonymous development and distribution of apps.

Now You: what is your take on this? Good decision by Google to stop malware and threat actors in their tracks, or a move to gain access to even more data and control?

KeePass 2.59 Password Manager supports Arm64 on Windows now

Posted on July 10, 2025July 10, 2025 by Martin Brinkmann

KeePass is one password manager that I’m using regularly on Windows machines for password-related activities. It is a well-designed app that runs locally, but you can extend it with all kinds of plugins and install compatible programs and apps for other operating systems.

A new version of the password manager is now available. KeePass 2.59 is the second release of the year 2025 and it introduces quite a few welcome improvements and changes. First and foremost, if you run Windows on an ARM64 device, like the latest Microsoft Surface Pro devices, then you may install and use the password manager on that device now as well. KeePass 2.59 is therefore the first version of the password manager that supports all architectures that Windows supports.

KeePass 2.59 introduces native implementations of AES-KDF and Argon2 on Windows systems, promising a breathtaking 30-50 times speed increase on systems on which the native support library was not available or disabled. Encrypting and decrypting databases that use the AES algorithm should now also be faster.

Another new feature is a new import and export module for the KeePass KDB-database on Arm64 and Unix-like systems. You find the new option under File > Export in the main KeePass interface. Exports support the default user name and database color now. The root group is now also exported, according to the release notes.

Other than that, support for opening URLs from within KeePass now supports the private modes of the browsers Maxton, SeaMonkey and Yandex, next to the already supported browsers. Also new is that some links are now clickable on Unix-like systems, which may improve handling of them, as you no longer have to use copy and paste for that anymore.

You can check out the remaining changes on the official website. They include several improvements and optimizations for the most part.

Existing users may run the installer to update KeePass to the latest version. A new KeePass 2.59 portable edition is also available for those who prefer it.

Now You: which password manager do you use and why? Feel free to share your thoughts on it in the comment section below.

Security researchers discovered malicious Chrome extensions with more than 2.3 million combined installs

Posted on July 8, 2025July 8, 2025 by Martin Brinkmann

Browser extensions can be very useful. They may help you block ads and other unwanted content, download content from websites, enhance online services, or introduce AI features that you really want to use in the browser.

However, reports about malicious extensions for Google Chrome, and thus all other Chromium-based browsers, appear online in regular intervals. Security is not perfect and users may fall pray to malicious extensions not only on third-party sites but also when they browse the Chrome Web Store.

Security researchers at Koi Security discovered a coordinated malware campaign of 18 extensions for Google Chrome, Microsoft Edge, and other Chromium-based browsers that had over 2.3 million users.

The extensions, among them Color Picker, Eyedropper — Geco colorpick, Free Weather Forecast, or Unlock TikTok, were fully functional according to the developers. These were not “thrown together in a weekend” and obiously scam, but “carefully crafted trojan horses”.

Color Picker, for example, provided color picking functionality. It must have done an okay-job at that, as it had a rating of 4.2 of 5 on the Chrome Web Store, over 800 ratings, and more than 100,000 users.

Interestingly enough, several of the extensions were listed as “featured” on the store, which meant that Google promoted them to users who visited the Store. It is very likely that this gave the featured extensions a significant boost, more eyes on them, more downloads.

A Reddit developer observed an increase of impressions of almost 300 percent after the extension got the coveted featured badge on the Chrome Web Store. While the percentage may vary, it is without a doubt pushing installs.

Browser Hijacking

The extensions provide users with functionality that they claim, but they also run malicious tasks in the background according to Koi Security.

The malware monitors every page you visit, submits it to a remote server along with your unique tracking ID, and may receive redirect URLs from the server.

The malware group introduced the malicious code sometime after the extensions were launched on the Chrome Web Store. The fact that browser extensions are designed to update automatically most of the time helped them. Users did not have to click on anything or fall pray to a sophisticated phishing or social engineering attack to get the malware on their devices.

All they did in the beginning was install a perfectly harmless and working extension for the browser. The malware came later.

Koi Security reported the malware extensions to Google. At the time of writing, some are still available on the Store.

Here are the names and unique IDs, so that you can check them against the installed extensions:

Chrome:

kgmeffmlnkfnjpgmdndccklfigfhajen — [Emoji keyboard online — copy&past your emoji.]
dpdibkjjgbaadnnjhkmmnenkmbnhpobj — [Free Weather Forecast]
gaiceihehajjahakcglkhmdbbdclbnlf — [Video Speed Controller — Video manager]
mlgbkfnjdmaoldgagamcnommbbnhfnhf — [Unlock Discord — VPN Proxy to Unblock Discord Anywhere]
eckokfcjbjbgjifpcbdmengnabecdakp — [Dark Theme — Dark Reader for Chrome]
mgbhdehiapbjamfgekfpebmhmnmcmemg — [Volume Max — Ultimate Sound Booster]
cbajickflblmpjodnjoldpiicfmecmif — [Unblock TikTok — Seamless Access with One-Click Proxy]
pdbfcnhlobhoahcamoefbfodpmklgmjm — [Unlock YouTube VPN]
eokjikchkppnkdipbiggnmlkahcdkikp — [Color Picker, Eyedropper — Geco colorpick]
ihbiedpeaicgipncdnnkikeehnjiddck — [Weather]

Edge:

jjdajogomggcjifnjgkpghcijgkbcjdi — [Unlock TikTok]
mmcnmppeeghenglmidpmjkaiamcacmgm — [Volume Booster — Increase your sound]
ojdkklpgpacpicaobnhankbalkkgaafp — [Web Sound Equalizer]
lodeighbngipjjedfelnboplhgediclp — [Header Value]
hkjagicdaogfgdifaklcgajmgefjllmd — [Flash Player — games emulator]
gflkbgebojohihfnnplhbdakoipdbpdm — [Youtube Unblocked]
kpilmncnoafddjpnbhepaiilgkdcieaf — [SearchGPT — ChatGPT for Search Engine]
caibdnkmpnjhjdfnomfhijhmebigcelo — [Unlock Discord]