Chipp.in Tech News and Reviews

Microsoft Edge: scareware blocker is now available

Posted on January 29, 2025January 29, 2025 by Martin Brinkmann

Microsoft has added a new security tool to its Edge browser. Called Scareware Blocker, it is designed to detect and prevent attacks that fall under scareware.

Good to know: Scareware attacks use pressure to get users to do something that they should not. Common types are warnings about viruses found or that data has been leaked or accessed.

The goal of the attack is to gain access to a user’s computer system. Scareware attacks may display phone numbers that are made to look like tech support numbers. When a user calls these numbers, agents at the other end of the line try their best to gain access to the users device, for instance using remote computing.

Scareware often uses a browser’s fullscreen mode to prevent that users go back or run other searches to find out more about what is displayed on their screen.

Tip: long-pressing the ESC-key will always get you out of Fullscreen-mode.

Microsoft Edge: Scareware Blocker

Microsoft announced the new security tool in 2024. It is now available as a preview in Edge.

Here are the key points of the feature:

Scareware Blocker needs to be enabled, at least currently while in preview.
It complements Defender SmartScreen, which blocks known scareware pages and sites already.
The blocker uses machine learning on the local computer to determine whether a webpage is running a Scareware attack potentially.

If Scareware Blocker’s analysis concludes that a webpage is likely running a scam attack, it is existing fullscreen mode automatically and displaying a warning to the user.

A suspicious site is intercepted by Edge. Source: Microsoft

It is possible to select continue to go back, which is useful if it is a false positiv. The close page button enables users to close the page instead. All other options to close the page are also available, as fullscreen mode is no longer active thanks to the intervention of the security feature.

Users may report scareware attacks to Microsoft. This helps Defender SmartScreen “detect scareware outbreaks across multiple machines”. Users may also report false positives to Microsoft.

Microsoft admits that Scareware Blocker won’t detect every scam, but that is true for any security feature or software.

How to enable Scareware Blocker in Microsoft Edge

Enable the feature in the Settings to use its protective functionality.

Note: the feature is only available in Microsoft Edge for Windows at the time of writing.

Here are the steps to enable the feature in Microsoft’s web browser:

Open Microsoft Edge.
Select Menu > Help > About Microsoft Edge to make sure the browser is up to date.
Open Menu > Settings.
Select Privacy, search, and services.
Scroll down to the Security section on the page.
Toggle “Scareware blocker” to enable the feature.

You can repeat the process at any time to disable the security feature again.

0-click attack promises to narrow down a user’s location geographically

Posted on January 28, 2025January 28, 2025 by Martin Brinkmann

Internet users have a few weapons in their arsenal when it comes to disguising their location. Some have good reasons for wanting to do that, from making sure that activity cannot be traced back to them to watching streaming content that is available only in other regions, or paying less for certain goods and services.

Deanonymization attacks try to locate a user through various means. A simple one uses a device’s IP address to find out information about a user.

Deanonymization using Cloudflare

A security research has discovered a new method, one that does not require any user interaction at all. It relies on Cloudflare, which operates one of the largest content distribution networks and certain services, that use Cloudflare for caching.

The main idea behind the attack is this: Cloudflare caches content and there is a way to check cached content on Cloudflare. All you have to do is send a unique file to a user before checking Cloudflare caches for hits. Cloudflare does not cache the unique file in all datacenters, if it is accessed only by a single user.

As a result, you get a hit in a datacenter that is close to the user. Usually, it is the nearest datacenter. Cloudflare operates hundreds of data centers in the world. While that still means that you get a radius of a few hundred kilometers or more, you can still narrow down a user’s location, provided that no other means of disguising the location are used.

The researcher describes the attack using Signal and Discord. In Signal, there are two options. The first sends an image to a user, which requires that the target opens the conversation. If the target has push notifications enabled, this one-click attack turns into a 0-click attack, as the attachment is shown already as part of the notification. All it takes afterwards is to check CloudFlare datacenters to find the one that has cached it (first).

On Discord, users can use custom emojis if they have a Nitro subscription. They can show the custom emoji in their status, which means that anyone opening the profile of the user may have their approximate location checked using Cloudflare.

Combined with GeoGuesser, which is a private Discord bot, it could be used to narrow down a user’s location.

Closing Words

While the attack still means that a radius of several hundred kilometers is returned, it may be possible to combine this attack with others, or use it regularly.. The attack may provide important information on its own, but if done regularly, it could help identify a user who is moving around a lot (e.g. for work).

There is little that users can do to prevent this kind of attack. One option is to disable the auto-accepting of attachments and media, another the use of VPN servers or other means of disguise.

NoBloatBox is another app to take care of preinstalled Windows apps in bulk

Posted on January 27, 2025January 27, 2025 by Martin Brinkmann

When you install Windows or start a PC for the first time that comes preinstalled with Windows, there is a high chance that you have dozens of apps installed already on the system before the first sign in.

Some of these apps are all-time classics, like Notepad or Calculator. Others are not liked nearly as much with some of them consider bloat.

It did not take long for clever developers to create applications designed to remove preinstalled Windows apps. O&O AppBuster is my personal favorite, but there are others.

Remove preinstalled apps with NoBloatBox

NoBloatBox is such an app. It is developed by serial developer Belim and the successor of BloatBox. It is an open source app that is designed and optimized for Windows 11, even though it runs on Windows 10 as well.

When you run the 200 Kilobyte app you may notice that it does not really do much on its own. It uses signature files, which you need to download separately from the GitHub repository. Currently, only a Windows 11 version 24H2 signature file is provided.

It lists the included apps afterwards. You may now select one, some, or even all of them for removal. A click on the remove selected button starts that process.

Apps are not necessarily listed by their name, which makes it difficult to identify specific apps. The removal happens without any user interaction.

It is highly recommended to create a system backup before running NoBloatBox or any application remover or tweaker for Windows.

Verdict

NoBloatBox is an easy to use program to remove preinstalled Windows apps. It is not as easy to use as AppBuster, but that could change in the future. It is a bit of a hassle to download the signature file. A better solution would be to always include the latest version or include an option to download it directly from the program on first start.

It is an early release on the other hand and improvements are said to come in the future. The community-powered approach of these filter lists is interesting, as it opens it up for wider use cases and ensures that the developer has time for actual development.

All in all, one to keep an eye on. For now, I will stick to AppBuster though.

Do you use app uninstallers for Windows? If so, which is your favorite and why?

Windows 11 is getting a better battery indicator on the taskbar finally

Posted on January 26, 2025January 26, 2025 by Martin Brinkmann

When you use a mobile Windows device, you see a battery icon on the taskbar that ideally should indicate the remaining battery live before the device needs to be charged.

Problem is, this icon is so bad on Windows, that it is barely workable. To get a true reading, it is necessary to hover the mouse cursor over the icon or dive deep into the Settings or other apps.

All other major operating systems support detailed battery indicators already. Microsoft is late to the party, but work has begun to change that in the near future.

The latest Developer build of Windows 11 adds an option to enable battery percentages on the taskbar next to the battery indicator. This is how that looks like.

As you can see, Microsoft is also adding a splash of color to the icon. Each color indicates a different state of the battery:

Black — Regular use.
Yellow — Energy saver mode is enabled.
Green — Battery is charging.
Red — Battery is critically low.

The percentage next to the icon displays the load state of the battery. It is not enabled by default, which means that you need to become active and enable it to get the detailed listing.

Here is how that is done:

Open the Start menu.
Select the Settings application.
Go to System > Power & battery.
Enable Battery percentage on the page to display the new information directly on the taskbar.

Microsoft is rolling out the feature to Windows Insiders in the Dev channel currently. Means, it will take some time before regular users will get it. It could be rolled out with the 2025 feature update for Windows 11, but Microsoft has not made such an announcement at this stage.

You can check out Microsoft’s announcement of the feature and the other changes of the release here.

What is your take on this change? If you use a mobile Windows 11 device, will you enable the new indicator once it becomes available?

Google Search: mobile results get simplified URL views

Posted on January 25, 2025January 25, 2025 by Martin Brinkmann

The URL, which is the site address of webpages, offers essential information to Internet users. It allows Internet users to verify that they are on the right website or verify links before they are visited.

The details: Google announced that it is stripping the address of results on Google Search on mobile so that only the domain name is shown.

Here is how this looks like on mobile now:

Google Search on mobile shows the domain name only.

Google Search displays the domain name only from now on. Google reasons that the full URL is not that useful on mobile devices anyway, as it is cut off usually because of limited space on the screen.

The change applies to mobile search only. Desktop users continue to see the full address using breadcrumbs.

Notably, this comes just a week after security researchers uncovered a malvertising campaign on Google Search that allowed threat actors to display fake source domains in Google ads.

Can you still check the address in Google Search on mobile?

Google Search on mobile: display address

Google has not implemented a straightforward option to display the address of a linked resource before visiting it.

A tap on the menu icon next to a result displays various information about the source that Google collected, but not the full address. It is only displayed when you activate the “more about this page” link.

The page that is loaded then displayed the linked URL, but often cut off.

Two workarounds remain at this point:

Long-press on a result to display to display various options. These differ from browser to browser, but they may display the address fully or at least partially.
Use share functionality by long pressing on a link in the search results. You can then share the link or use other options, such as copying the link.

The better option, if you want full addresses shown on mobile, is to switch to another search engine. Most display the full address.

Closing Words

It is true that the full address is usually not displayed on mobiles. While the new results page looks more pleasing to the eye, it strips users of a way to verify the target of a link displayed on Google Search.

Google could at least have added the full address to the summary page that users can open when they tap on the three dots next to a result. It would even be possible to display it on multiple lines, so that it is visible in full.

Alas, no such option has been implemented.

What is your take on this? Do you mind the removal off the information on Google Search? Feel free to leave a comment down below.

Brave Search: raise or discard domains in search for custom results

Posted on January 24, 2025January 24, 2025 by Martin Brinkmann

Brave launched a new search feature today that introduces reranking options. The core idea is to give users of the search engine an option to see more results of websites they like or prefer, and less or nothing at all of sites that they do not like or want to see.

This is especially useful if you come upon sites that you do not value highly regularly, or miss articles or information from a site that you do value.

Brave notes that rerank only applies to the current user. It has no impact on a site’s presence on the search engine, other than for the user who made the change. The feature does not require an account, which is another plus.

Denoted sites do not appear in search results any longer on Brave Search. This works similarly to the extension uBlacklist, which works on Google Search only though.

Raised sites get a new ranking signal that boost their ranking. While they may still not be shown in the first few spots in the results, their rank should be higher than before.

Brave Search’s AI component takes the new signals into account, which means that you should see sites mentioned more often or less there as well.

Good to know: the feature uses Brave Goggles, a feature that Brave introduced in 2022. It allows users to create custom filters that change search result rankings.

How to use the new feature on Brave Search

You can access the new feature after you run a search. Click on the new rerank icon in the top right corner to display the options. There you may:

Raise any listed site to strengthen it in Brave Search.
Discard any site to make sure it won’t show up in the search results anymore.

The listing changes when you switch pages in the results.

There is no option currently to add custom sites. If you want to get rid of a site or promote one, you need to run a search that includes it. The best way to do that is to search for the name of the site, as it will likely appear in the results in that case.

The finetuning applies to any search. If you raise a site, it will rank higher regardless of search term. That’s important to note, as it may catapult sites that cover anything to the top of the results regularly, if you raise them.

A click on the edit button displays options to remove sites again.

Closing Words

Rerank is an excellent feature that may improve Brave Search for users who use it. While I wish it would include an option to add a site manually, it is possible that it will come at a later point.

It is still possible to run default searches using a browser’s private browsing mode.

You can read more about the new feature on the Brave website.

European Consumer Organization renews criticism of Meta’s “pay-or-consent” policy

Posted on January 23, 2025January 23, 2025 by Martin Brinkmann

Meta’s attempt to appease consumer rights organizations in Europe continues to draw sharp criticism from consumer protection groups.

The company introduced a pay-or-consent policy on its main platforms as a response to the European Union’s Digital Markets Act.

The policy gives users of its platforms two options: give Meta consent for advertising and tracking, or pay a monthly subscription fee to avoid that.

The European Data Protection Board rejected Meta’s initial model. Meta launched a second version of its policy in late 2024. While Meta made some adjustments, the underlying principle remained the same. Users still had to choose between ads and being tracked, or a paid subscription.

According to the European Consumer Organization, the second version of Meta’s pay-or-consent model falls short again.

Key Criticisms:

The subscription model appears to be a superficial compliance attempt
Users are not provided a genuine choice about data usage
Meta continues to collect excessive user data
Alternative service options remain fundamentally unequal

The new version of Meta’s pay-or-consent policy fails to address the fundamental problems consumer groups identified in the tech giant’s pay-or-consent initial approach.

Agustín Reyna, Director General of the European Consumer Organisation (BEUC), describes the changes as cosmetic only and that the revised version is not giving users “a fair choice” either.

The new policy breaches EU law in “numerous counts” according to the BEUC.

Using misleading practices and unclear terms and confusing interface design to steer users towards Meta’s preferred option;

Not giving to users the possibility to consent fully freely to their data being processed, while the tech giant does not minimise the data it collects from users;

Meta degrades the service to users who do not consent to the use of their personal data.

BEUC calls on several European Institutions and organizations, including the Irish Data Protection Commission, the PCC-Network and the European Commission, to take action against Meta.

The full report is available here.

Like Clockwork, Netflix is rising prices again

Posted on January 22, 2025January 22, 2025 by Martin Brinkmann

Years ago, I predicted that streaming companies would raise subscription prices regularly, maybe even yearly. Today, news broke that Netflix is raising the price of subscriptions again.

The details:

The new prices affect viewers from the United States, Canada, Portugal, and Argentina.
In the US, the price of a subscription rises between $1 and $2.50, depending on the plan.
The changes take effect on the next billing cycle.

Here is the new price structure in the United States:

Standard with Ads is now $7.99 (up $1)
Standard is now $17.99 (up $2.50)
Premium is now $24.99 (up $2)
Adding an extra member is now $8.99 (up $1)

This is the first price increase since October 2023, when Netflix increase the price of Premium from $19.99 to $22.99 in the United States. It also increased the price of its Basic plan back then, but this plan is no longer available.

There you have it. Disney increased pricing last August already in the United States.

My 2023 article on the matter still stands. I predicted regular price jumps, and more and more ads on the platforms. Ads would bring in revenue, but also make the pricier plans more attractive. It is a page directly out of Google’s playbook on YouTube. Make ads insufferable and you will increase subscriptions to more expensive plans that promise fewer or no ads.

I will continue what I have been doing for years: subscribe to a streaming service for just a month, if they have something that I’m interested in. Do that once a year, and you save a lot of money. Yes, you won’t be the first to watch a new show, but that is not really important to me.

Now it is your turn. Are you subscribed to streaming services? If so, to which and how much do you pay currently for the subscription?

Firefox 134.0.2 is here with a few non-security corrections

Posted on January 21, 2025January 21, 2025 by Martin Brinkmann

Mozilla plans to release a second point update for Firefox 134 later today. Firefox 134.0.2 is another non-security update that addresses a few pressing problems in the browser that had to be fixed early.

Most Firefox installations will be upgraded automatically once the update is released. As this does not happen in real-time, some users may want to trigger the update manually instead.

How to update Firefox: One easy way of doing so is to select Menu > Help > About Firefox. The browser displays the current version and runs a check for updates. It should pick up the latest, download it and install it. A restart is required to complete the process.

Good to know: Firefox 134.0.1, released last week, fixed an issue on YouTube and a crash issue.

Firefox 134.0.2: the changes

The official release notes are not available yet. Mozilla will publish them later today on this page.

Here is a quick overview of the included fixes:

After a crash, the crash reporter was not displayed for some localized builds.
Anchored links in HTML framesets pointing to local files did not work.
Network requests could not be resend in the Developer Tools when debugging extensions.
Data consumption from service works could unexpectedly halt.

Most Firefox users should not be affected by any of these issues, as they apply mostly to edge cases or development related cases.

Suggested course of action: Since the release does not fix any security issues, most users should not feel pressed to install the update immediately.

The next major release happens on February 4th, which is about two weeks from today.

Google Needs to Strengthen Ad Security After Latest Malvertising Incident

Posted on January 20, 2025January 20, 2025 by Martin Brinkmann

A recent incident has shown another security vulnerability in Google’s advertising platform: advertisers can display URLs of legitimate websites in their ads while redirecting clicks to malicious destinations.

This deceptive practice has recently been exploited in a concerning incident. Here is what happened.

The popular macOS package manager Homebrew became the target of cybercriminals in a sophisticated phishing campaign. Developer Ryan Chenkie discovered a fraudulent website being promoted through Google Ads that impersonated the official Homebrew platform.

The attackers employed a classic typosquatting technique, registering the domain “brewe.sh” to mimic Homebrew’s legitimate domain “brew.sh.”.

The cybercriminals booked ads on Google’s advertising platform to lure unsuspecting users into their trap. While the target URL was different, the ad on Google Search showed the address of the legitimate website to searches.

In other words: A glance at the address would show the correct address to searchers. A click on the ad, however, would load the malicious website instead.

The fraudulent site was professionally designed to appear identical to Homebrew’s official website. However, instead of providing legitimate software, it distributed malware through compromised cURL downloads. According to reports, the malware specifically targeted user passwords.

The main takeaway for users: do not trust the address, title, or ad text that Google displays on Google Search. Better yet, use a content blocker to get rid of these ads entirely.

Google has apparently reacted to this particular ad and plans to “stop similar patterns in the future”.

Closing Words

One of the main problems of advertisement on the Internet is that it is regularly abused by cybercriminals. Even Google, with all its money that it earns from advertising, seems uncapable of putting an end to this abuse.

It is a trust issue and the only way of protection is to use content blockers. The added benefit of this is that users save potentially gigabytes of data each month,, speed up browsing on the Internet and improve your privacy.

This is why my website does not have any ads. You can still support me though, for instance by subscribing to my newsletter here.