Category: Security & Privacy

About Alphonso: a technology that captures audio samples on mobile devices using the built-in microphone

Posted on by Martin Brinkmann

For advertisers, it may seem like the perfect fit. Integrate a technology into mobile apps, games for the most part, that identifies ads playing on television to push similar ads on mobile, even if the mobile is not used actively.

News about such a system comes just days after LG announced the integration of AI into its televisions to determine the emotions and beliefs of viewers.

The startup Alphonso has apparently created the technology and it is already being used in hundreds of apps and games, some of which are available on Google Play or the Apple App Store.

It works by capturing audio samples using the device’s microphone. These are turned into hashes on the user’s device before they are submitted to a remote server. The hashes are checked against a database of hashes of television ad sound samples to find matches.

A report by The New York Times — you need an account to read it, or archive.is — has additional details.

  • Sound can be recorded even if the mobile phone is in a pocket or if the apps are running in the background.
  • Some of the apps are clearly aimed at children (Alphonso told the NYT that it did not approve of that).

Alphonso told the New York Times that the entire process is highlighted in the application’s description and in the privacy policy. Users need to accept these before the technology can start recording anything.

While technically correct, it is clear that many users do not read the description or privacy policy before hitting the install button in the mobile app stores.

The only way to prevent giving your okay to the recording of audio is to read the description and privacy policy carefully before hitting the install button. A search for Alphonoso may be the quickest option in this regard.

Tor Browser 14.5 brings Connection Assist feature to Android

Posted on by Martin Brinkmann

The developers of the anonymizer Tor Browser have released a new version for all supported operating system. The big feature in this release is the introduction of Connection Assist on Android.

The feature, which has been available in Tor Browser for desktop operating systems for quite some time, aims to help users establish a connection to the Tor network if regular connection attempts do not work.

So, if connecting to Tor fails in the browser, for example when you try to connect from a country that blocks this, then Connection Assist kicks in. It uses so-called bridges to establish a connection. Bridges use different techniques to circumvent censorship.

Android users could use bridges previously, but it was not that comfortable to configure and use.

The new feature integrates the functionality seamlessly into the Android client, making it a much better experience for users who require these.

All users should benefit from “more stable and less error-prone connections” as well, according to the release announcement.

Tor Browser 14.5 includes support three new languages as well. These are Belarusian, Bulgarian, and Portuguese (Portugal) and available in the desktop and Android clients.

Tip: Languages can be set under Settings > General > Language and Appearance > Language on desktop or Settings > General > Language on Android.

Here are other noteworthy changes:

  • Tor logs on desktop have been “enhanced to aid readability”. Also, no longer necessary to close and reopen to refresh logs.
  • Quitting Tor Browser on Android does now a “thorough job of ending background processes and clearing recent tasks”.
  • Improvements to the Connection Assist logic in general.

Tor Browser 14.5 includes several known issues which you find listed on the official issues tracker. Make sure you pay the page a visit before upgrading or installing the new version of the web browser.

You can check out the full release notes here.

Latest Rufus release fixes side-loading vulnerability

Posted on by Martin Brinkmann

Rufus, one of my favorite open source tools, is now available in a new version. Rufus 4.7 is a security release that includes new features and non-security fixes.

The developer fixed a side-loading vulnerability in the application that allowed an attacker to load a malicious DLL with escalated privileges.

For this to work, the attacker had to plant the malicious DLL file into the same directory as the Rufus executable. The impact seems low, but it is still good that the issue got fixed.

Here is the info provided on the Rufus Security forum:

A DLL hijacking vulnerability in Rufus 4.6.2208 and earlier versions allows an attacker loading and executing a malicious DLL with escalated privileges (since the executable has been granted higher privileges during the time of launch) due to the ability to inject a malicious cfgmgr32.dll in the same directory as the executable and have it side load automatically. Versions 4.7 and later are not affected by this vulnerability.

So, it is recommended to update Rufus to the latest version to patch the issue.

Note that the internal update finder may not find the update yet. You can download it manually from the project’s GitHub repository in the meantime.

As far as other features are concerned, there are a handful:

  • Ability to detect and download updated DBXs from the official UEFI repository.
  • Support for ztsd compression for disk images added.
  • Exclusion feature in Settings to “ignore disk with a specific GPT GUID”.

There are also some fixes included, which you find listed here.

Gmail’s new end-to-end encryption feature is atrocious for non-Gmail users

Posted on by Martin Brinkmann

Google announced support for end-to-end encrypted emails on Gmail for organizations and later this year for end users last week. This allows Gmail users to encrypt emails so that only the recipient can read them.

Gmail is far from being the first email provider to offer such a feature. Proton Mail, for instance, supported end-to-end encrypted emails from the get-go.

When you read Google’s announcement, you may stumble upon the explainer on how this is implemented. Not technically, but how it works from the user’s perspective.

According to Google, end-to-end encrypted emails on Gmail work differently depending on whether you are a Gmail user or not, and whether an administrator has configured use of the restricted Gmail version for all users.

So, here are the different scenarios when someone sends an encrypted email from Gmail.

  • When the recipient is a Gmail user, the user may read it in their inbox. The email is decrypted when it reaches the inbox and the email can be read.
  • When the recipient is not a Gmail user, they receive an invitation to open the email in a guest Google Workspace account. This allows them to view and reply to the email in a restricted version of Gmail.
  • If S/MIME is configured, Gmail sends the encrypted email via S/MIME.

Google Workspaces administrators may furthermore configure encrypted emails to always require the restricted version of Gmail.

Here is why that is bad

Some emails, all end-to-end encrypted ones, no longer land in your inbox, if you do not use Gmail or when the admin enabled restricted mode. You furthermore need to sign in using an invite link and a pin. Organizations may furthermore limit access to emails by revoking access at any time.

To be fair, this is not all that different from how Proton Mail handles sending encrypted emails to non-Proton users.

Still, if you are not a Gmail user, you may have to read some emails on the Gmail website in the future using the guest account feature of Google Workspaces. This may have severe consquences:

  • When you search emails in your dedicated client or web service, encrypted email content is not included.
  • Filters may not work correctly, as they may only apply to the public part of the email and not the body.
  • Security tools can’t scan the emails.

It is probably only a matter of time before malware campaigns start to use the new feature.

Now You: what is your take on this? Do you use encrypted email already? Feel free to leave a comment down below.

KeePass 2.58

KeePass 2.58 password manager is out

Posted on by Martin Brinkmann

A new version of the password manager KeePass for Windows is now available. KeePass 2.58 is the first release of the password manager in 2025. The last version, KeePass 2.57.1, was released in October 2024.

The update is a smaller one. It introduces a few minor features and changes. Good news is that no security issues needed fixing, which is why this is a non-security update for the password manager.

The list of changes is relatively long, and it may be confusing to navigate the listing. Here is a quick overview of the most important or useful changes in the release:

  • You may now use the keyboard shortcut Ctrl-H to toggle password visibility in report dialogs. Note that this works when viewing passwords in the table-like interface, but seemingly not, when you display a single password.
  • The preview tab of the password generator displays the average estimated quality of the passwords now and has the number of passwords increased to 50.
  • KeePass will abort the preview generation of passwords if the operation is taking too long.
  • User-Agent header for web requests added.
  • On systems with Microsoft Edge uninstalled, the browser no longer appears in the URL(s) menu.

Again, there is more to discover but these look to be the highlights of the release.

How to update KeePass: this is relatively easy. Since there is no integrated update system that you may use to download and install updates, you need to visit the developer website, download the latest release, and install it manually.

If you like winget, you could also run winget upgrade DominikReichl.KeePass to download and install the latest version using the built-in software package manager.

Now it is your turn. What is your favorite password manager right now and why? Feel free to leave a comment down below.

uBlock Origin working in Chrome

More Chrome users are getting “this extension was turned off” notifications

Posted on by Martin Brinkmann

Google has been hard at work to establish Manifest V3 as the new and only set of rules for Chrome extensions. Report suggest that Google has shifted the process into a higher gear and is disabling classic extension support for more Chrome users.

The effect is the following: any extension that is not compatible with Manifest V3 will be disabled. Chrome displays “was turned off” messages to users in that case on start. A check of the extensions management page reveals a similar message: “This extension was turned off because it’s no longer supported”.

Most Chrome users will probably experience this with the popular uBlock Origin extension. It cannot be ported fully to Manifest V3, as Google changed core functionality.

In other words, the change has a very positive effect for Google, as it gets rid of what is probably the most popular content blocker for Chrome.

While there is uBlock Origin Lite by the same developer, it is limited in some regards to the classic version. It is better than no content blocking, but still inferior.

Users who really need to use Chrome can postpone the death of uBlock Origin and other Chrome extensions that are not compatible with Manifest V3 by setting a policy. This will work only until mid-2025 though, unless Google pushes the change back a bit.

Your options

In the end, it may be better to switch to a browser that is still offering support. If you prefer Chromium, you could give Brave or Opera a try. Both companies have pledged to support Manifest V2 extensions, at least some of them, even after Google ends support in Chrome.

Another option is to switch to Firefox or a Firefox fork, like Mullvad Browser. Mozilla said that it is going to support Manifest V2 extensions and V3 extensions at the same time in Firefox. Means, you can run good old uBlock Origin in Firefox without having to worry about it suddenly being turned off.

ThisIsNot11: another open source Windows tweaker for

Posted on by Martin Brinkmann

There is certainly no shortage of tweaking tools for Microsoft’s Windows 11 operating system. If I had to guess, Windows 11 is probably the Microsoft operating system with the largest number of programs of this kind ever.

Serial developer Belim has created a new tool. It is a bit difficult to keep track of all of Belim’s tools. First, because there are so many, and second, because Belim loves to change the names of his tools.

Windows 11 Tweaker: ThisIsNot11

ThisIsNot11 is a small open source tool. Designed as a follow-up tool after using the developer’s FlyBy11 tool to upgrade systems to new Windows 11 versions — even those deemed not compatible — it is quite easy to use. At the same time, it is not as feature-rich as crowd-favorite tweakers such as WinAero Tweaker.

When you run the tool after you have downloaded it, you are asked to give it quick access to the Start menu. It scans installed apps and settings, and bases its suggests on that scan. The app resembles the Windows 11 Start menu, which is intentional according to the developer.

From here on, it is just a matter of selecting tweaks to apply them. For apps, you need to check them and hit the “remove selected” button to uninstall them.

Important tweaks are included. You can use the app to disable advertisement, remove individual apps from the system, hide Copilot and other icons on the taskbar, or enable the full content menu of File Explorer.

All tweaks have a description, which helps identify what they do, especially for regular users who are new to optimizing Windows 11.

Verdict

ThisIsNot11 is a tiny less than 100 kilobyte tool to tweak Windows 11. It is an easy to use tool, which is great for less-experienced users. The app explains the tweaks that it supports well and everything is accessible on a single screen. While you do need to scroll a bit to access all tweaks, it is one of the easiest tools to use.

Part of that comes from the limited number of tweaks that it supports at this stage. If you want to quickly apply many important tweaks, it may be worth a shot. If you want the largest number of tweaks possible in a tool, you need to look elsewhere.

Now you: do you use tweaking tools for Windows? Or do you prefer to apply tweaks manually instead? Feel free to leave a comment down below.

Google Search

Just block third-party cookies

Posted on by Martin Brinkmann

Google is apparently testing a new privacy feature in Chrome that blocks third-party cookies by default in the browsers Incognito mode.

While that is great that Google is introducing the change, most Internet users may want to take matters into their own hands instead.

Why not block third-party cookies altogether? Yes, there is a tiny-tiny chance that some services may not work correctly anymore when you make the change. Most users on the other hand should not notice any ill-effects.

Here is the main benefit: advertisers and sites can no longer use third-party cookies to track you on the Internet.

One of the biggest offenders is Google, as it operates ads and other services on the majority of websites.

While disabling third-party cookies won’t do you much good in regards to Google, as you are using Chrome and therefore likely an open book to Google anyway, it does against many other firms on the Internet that track users for financial gains.

Here is how you disable third-party cookies in Chrome:

  1. Load chrome://settings/cookies in the Chrome address bar. You may also select Menu > Settings > Privacy and security > Third-party cookies to get there manually.
  2. Enable “Block third-party cookies”.
  3. Disable “Allow related sites to see your activity in the group”.

The change is active right away. Use the browser normally and take note of any issues that you may encounter. This can be login related issues or other issues, such as missing functionality on websites.

You may add sites to an allow list. If you notice that a site misbehaves after you switched third-party cookies off, you may add it to the list of exceptions to see if that resolves the issue.

Here is how that is done:

  1. Load chrome://settings/cookies again in the address bar.
  2. Click on the add button under “Sites allowed to use third-party cookies.
  3. Add [*.]domainname to add an exception for the entire site. Replace “domainname” with the name of the actual domain, e.g., chipp.in.

Verify that the change has fixed the issue that you have experienced.

Clearly, you’d also want to install a content blocker to speed up web browsing and improve privacy further.

Chromium’s feature to limit installed extensions is still great

Posted on by Martin Brinkmann

Browser extensions are great. They improve usability and functionality on the Internet. From blocking ads and tracking over creating screenshots to improving password management or games.

All extensions come with a manifest file. This file defines rights and permissions. One of these sets the websites the extension is designed to run on. This can be a single website, part of a domain, or on the entire Internet.

Chromium has a great usability feature to limit the access of extensions. You can use it for the following:

  • Allow an extension to only run on sites you select.
  • Block an extension from running automatically. Make it run only when you want it to.

This may sound complicated, but it can increase privacy or performance significantly. Here is how you use the feature.

Limiting extensions in Chrome and other Chromium-based browsers

Chrome menu to limit extensions

Make sure you have one extension installed. This works in Chrome, Brave, and many other Chromium-based browsers.

  1. Right-click on the icon of the extension in the toolbar of the browser. Some extension icons may not be displayed. You find them when you click on the general extensions icon in that case.
  2. Move the cursor over “This can read and change site data”.
  3. Select one of the following options:
    • When you click the extension: this prevents the extension from running automatically when the website is opened. You need to click on its icon to load it.
    • On “sitename”: this allows the extension to run on the active website.
    • On “all sites”: this allows the extension to run on all websites (it is configured for).

Some notes:

  • Functionality of some extensions may be reduced or not available when you select the click to run option. A prime example for this are ad blockers, which need to run when the site loads.
  • When you select the option to run an extension on a specific site, it is set to “click to run” on any other site you have not picked.
  • You may modify the setting at any time.

The list of allowed sites is manageable. You find it under Chrome menu > Extensions > Details of the extensions.

There you see “site access”, which lists all allowed sites. You may also add new sites there, if you prefer that.

Closing Words

The ability to restrict extension access in Chrome can be mighty useful. While it depends on the installed extensions, it may limit extension access to sites that you want to use the extensions on.

Sometimes, you may need extension functionality on a single site only. With this feature, you can do that exactly.

Mozilla has the feature “under development” apparently, but this has been the case for more than three years. Will it ever be a part of Firefox? I do not know.

What is your take on the feature? Do you use it actively, or is it the first time you hear about it? Let everyone know in the comment section below.

Obscura client macOS

Obscura VPN partners with Mullvad to create two-party VPN service

Posted on by Martin Brinkmann

VPN services offer an excellent way to improve privacy while online. To be precise, good VPN services do, while bad ones either leak your data or sell it outright.

Mullvad is considered to be one of the best when it comes to online privacy. The Sweden-based provider gets audited by third-parties regularly and offers several options to purchase access anonymously.

Mullvad announced this week that it has entered a partnership with Obscura VPN.

The core idea is simple: Obscura VPN uses Mullvad’s servers as exit nodes for its customers. This means, in essence, that the traffic of Obscura VPN customers flows through two independent systems.

In other words, neither Mullvad or Obscura have full control over the data. This may remind you of how Tor operates, or how some VPN services offer multi-hop connections.

The latter pushes the connection through two or more servers in different countries to improve privacy. The difference is that a single VPN provider is in control of all servers.

As for Tor, it uses a three-hop system and comes close to what Obscura offers. Tor is largely operated by volunteers, which means that it can be slow at times and that denial of service attacks happen regularly on top of that.

I published a guide about using multiple VPN services on a single system. It involves virtual systems, which allow you to chain-link as many VPN connections as you like.

Privacy by design, says Obscura

The system that Obscura uses to protect the privacy of users connected to the service. Source: Obscura

Obscura claims that the system that it uses never sees a user’s browsing history while using the VPN. Here is how Obscura explains it on its website:

  • Obscura uses Mullvad for exit hops. This means that it does not know which websites users access.
  • Mullvad operates the exit hops, but it does not know the customer. Obscura says that it is masking a user’s real IP address when traffic is relayed to the exit server.

Obscura is available for $6 per month as a starting offer. The regular price is $8 per month according to the website. Users can pay via Credit Card or Bitcoin over Lightning.

One downside right now is that there appears to be a client for macOS only.

Closing Words

The idea behind Obscura VPN is interesting. Combine two VPN services to increase security. The new company still has to prove itself and pass audits. The app code is open source, which is a good start. Support for additional platforms is a must.

What is your take on this? Do you use a VPN service? Would you use a service that offered Obscura’s system? Please leave a comment down below to let us know.