Chipp.in Tech News and Reviews

Opera One: first look at the new dynamic themes feature of the browser

Posted on August 21, 2024August 21, 2024 by Martin Brinkmann

Opera Software has launched a new Opera One developer update that introduces a new feature in the browser.

Called Dynamic Themes, it is adding animation to themes in the Opera browser.

Opera explains:

The new dynamic Themes are built using the Shaders technology and are rendered using your device’s GPU. You can configure each Theme using the configuration page’s multi-dimensional color picker – meaning you can play with endless combinations to find your favorites.

The initial version launched with three dynamic themes:

Classic
Aurora – dark mode theme.
Polar Winds – light mode theme.

The Classic theme is the only one that has not shaders. As such, it should have “zero impact” on the computer’s performance, according to Opera. The two other themes do use shaders.

Here is how Aurora looks like:

And here is Polar Winds:

Note that you can customize the theme when you select it. Here is how that works:

Make sure you have the latest Opera Developer build installed.
Open a new tab in the browser.
Click on the “Easy Setup” icon in the browser’s address bar.
Select Choose Theme.

Here you get to choose one of the three themes. Remember, the only one supporting light and dark mode is the classic theme.

Once you have picked a theme you are taken to the configuration screen. Here you can modify certain parameters and use a slider to pick a color theme.

Other options may include disabling animations, or, in the case of Polar Winds, keyboard and browser sounds. The classic theme gives you options to set a custom wallpaper.

Opera saves the custom themes automatically and displays them as options whenever you launch easy setup again. It is an easy way to switch between different themes in the browser.

To make things even easier, you may also use the keyboard shortcut Alt-Shift-T to switch between the last ten theme configurations on Windows (Alt-Shift-T on Mac).

Opera plans to launch more themes before the feature gets released to stable builds.

What is your take on sound, animations, and other visuals in web browsers? Is that something you like and (would) use, or turned off immediately instead? Let us know in the comments below.

WhatsApp: set an optional username and Pin for protection against unwanted messages

Posted on August 20, 2024August 20, 2024 by Martin Brinkmann

WhatsApp is working on a new feature that is intended to improve the privacy of its users. The main idea adds two new features to the messaging service:

Let users create a username, which they then may share with others instead of their phone number.
Add a Pin to the username to block unwanted messages to that username.

Any WhatsApp user may contact any other user on the platform currently. All that is required for that is a phone number. While the contacted user has the option to block any further messages or communication attempts, it is still a major nuisance.

WhatsApp users who want to communicate with someone on WhatsApp need to hand out their phone number to do so currently. This may not be a problem for someone trusted, but it could very well end in disaster for others.

Did you know? WhatsApp is also working on limiting spam messages by blocking messages from unknown accounts that exceed a certain limit.

The optional username addresses this. Instead of handing out the phone number, you could create and then hand out the username only. This protects the phone number, but still allows others to communicate with you on WhatsApp.

The pin adds a second layer of protection. While completely optional, it will prompt anyone for the pin when trying to contact WhatsApp users using their username.

WhatsApp users who pick a popular or common name for their username may want to add a pin, as spammers may start to send messages to these names in the hope that they have been created by someone on the platform.

WABetaInfo reports that the feature is in testing in the latest Beta version of WhatsApp. Not every beta tester is given access to new features and it may take some time before a feature is rolled out to more users.

There is also the chance that a feature is never making it into stable WhatsApp. Only time will tell if and when we are going to see the new username and pin option.

Closing Words

Adding a username option to WhatsApp makes a lot of sense from a user’s privacy point of view. WhatsApp is no longer just used to communicate with friends or family. Even in some of those cases, you may prefer not to hand out your phone number.

What is your take on this new feature? Would you create a username, if WhatsApp would launch it? Feel free to leave a comment down below.

Oh look, Google ads are again used to scam Google Search users

Posted on August 19, 2024August 19, 2024 by Martin Brinkmann

Threat actors have launched another malvertising campaign on Google Search. While that is not really anything to write about anymore in this day and age, this time is special.

Not only did the threat actors manage to plant scam ads on Google, they did furthermore impersonate Google’s entire product line and used Google domains for the scams. If that is not something to write about.

The story comes from Malwarebytes. Security researchers at Malwarebytes discovered the campaign.

Here are the details:

The campaign was run on Google Search.
The threat actor used Google’s Looker Studio service to show the google.com domain as the address.
The ads targeted Google {product}, e.g., Google Translate or Google Flights.

Even after Malwarebytes reported the ads to Google, ads that impersonated official Google products continued to show up on Google Search.

Locker Studio is a service by Google that creates “interactive dashboards and beautiful reports” from data.

The scammers used the service to display a copy of the Google Search homepage. The homepage is just an image with a hidden link. When the victim clicks on the image, the link is triggered.

The user is then redirected to fake Microsoft or Apple alert pages. These go into full screen mode and play a recording according to Malwarebytes. The alerts suggest that something is not right.

They display a number to call for support and also a form to type the Microsoft account name and password.

Calls land in overseas call centers that try to scam the callers into purchasing gift cards or logging into their bank accounts to pay for the support.

The URL used in this case is on a Microsoft Azure domain, which is designed to instill further trust.

Closing Words

There is not much to like about ads nowadays. They slow down web browsing, use additional bandwidth, collect data about users, and may be distracting. If that is not enough, they may also push ads, as seen over and over again.

The only thing that is positive about ads is, in my opinion, that they allow certain services or publications to exist. There are not viable alternatives. While subscriptions are picking up, this won’t work for everyone as users seem to be fed up already with the ever increasing list of services that is asking for a monthly or yearly payments.

More safeguards need to be in place to prevent blatant abuses like the one discovered by Malwarebytes.

What is your take on this? Feel free to leave a comment down below.

Brand Love: Google’s unethical attempt to get only positive Pixel reviews

Posted on August 18, 2024August 18, 2024 by Martin Brinkmann

Influencers play an important role in marketing today. They tend to have a certain reach that makes cooperations with them attractive to companies.

It should not come as a surprise that influencers get offers to test devices. Companies send them the devices free of charge in the hope that they get a review by the influencer in question.

This cooperation should not come with any requirements, or only light requirements, such as disclosing that the device was not paid for.

Reports suggest that Google has altered the terms for influencers recently. To get a new Pixel device for testing, influencers had to acknowledge and agree to the following:

By opting into this program, do you acknowledge that you are expected to feature the Google Pixel device in place of any competitor mobile device? Please note that if it appears other brands are being preferred over the Pixel, we will need to cease the relationship between the brand and the creator.

In other words, Google tried to influence reviews of influencers with the new terms.

At least some YouTubers who joined “Team Pixel” in the past have quit citing that the new terms were not giving them the editorial freedom that they needed and their audiences deserved.

The Verge asked Google about the new terms and Google said that they “missed the mark” and that “it has been removed”.

Still, the agreement was in place for a time and it seems likely that the participating influencers would make sure that their reviews and takes on the new Pixel devices would not violate it.

All in all, it is a new low. It is good to see that some influencers decided to quit the program because of the changes.

Do you check out what creators or influencers have to say about a certain device before you make a buying decision? Or do you get your information from elsewhere instead? Feel free to leave a comment down below.

WhatsApp: the end of Spam? New feature is a tiny step towards that goal

Posted on August 17, 2024August 17, 2024 by Martin Brinkmann

WhatsApp is working on a new feature that will block messages from unknown accounts. Before you get too excited about it, there is a big but coming up soon.

If you are using WhatsApp, you may have experienced your fair share of spam. Be it messages from unknown accounts or even calls.

Over the past couple of weeks, I received a significant number of spam calls and also messages. The chat messages promised work, money, a girlfriend, and other things.

It is simple to block interactions with certain accounts on WhatsApp once they try to reach out to you. There are not that many options to block spam before it reaches your device though.

Soon, WhatsApp users will have another weapon in their arsenal to fight spam before it reaches the user’s device. (via WABetaInfo)

The details:

A new option to block unknown account messages is being tested in the WhatsApp beta.
It blocks messages from unknown accounts, but only if they “exceed a certain volume”.
Not every beta tester has the feature at this point.

In other words: If WhatsApp notices a certain amount of spam from a particular user, it will block that user’s ability to send more spam.

WhatsApp does not say how it detects spam messaging attempts. It is possible that it is using spam reports by users for that. This would mean, and here comes the aforementioned but, that spam will still land on user devices.

Not necessarily as much as before, as WhatsApp will pull the plug on the account’s ability to send messages once the threshold is reached.

Even if WhatsApp uses an automated system, it still means that spam will land on user devices, albeit less than before presumably.

Closing Words

All in all, it is a welcome new option that may reduce spam on the platform. It appears that the feature is disabled by default. You may need to enable it under Settings > Privacy > Advanced.

Do you use WhatsApp? Did you receive spam in the past? Would you enable the new feature once it becomes available? Let us know in the comments below.

A first look at Google’s new Weather app

Posted on August 16, 2024August 16, 2024 by Martin Brinkmann

Google announced several new Pixel devices this week as well as new AI and services, some of them exclusive at the time of writing.

The company’s main announcement on its official The Keyword website focuses more on software and services, and less on the hardware of the Pixel devices.

Among the new features is a “better weather app” that uses AI to give “super accurate weather forecasts” and “custom AI weather reports”.

The app is available for Pixel devices, but APK files are available already that can be installed on non-Pixel Android devices. The main restriction is that it requires Android 14.

Some of the advertised features, mostly those linked to KI, do not appear to work at the time of writing. I tried the app on a Samsung Galaxy A55 5G device and it worked. Other users claimed that the app was crashing on them, which some fixed by clearing the cache.

The app is basic at the time of writing and on non-Pixel devices. Weather data comes from weather.com.

You can add multiple locations to it and every location is shown on the startpage. A tap opens more details for the selected location.

Here you get:

Warnings
Hourly Forecast
10-day Forecast
Sunrise & Sunset
Wind speed and direction
UV Index
Air Quality Index (for some locations)
Visibility
Humidity
Pressure.

You can move the items around using drag & drop.

It lacks the weather background for the selected location and the weather map.

A tap on 10-day Forecast opens another page with additional details for the selected day and the period as a whole.

The app has a few widgets that you can place on the screen. At least one of is dynamic, but there are others that you may display.

I have not received any notifications, warnings, or AI reports at the time of writing. Maybe that is reserved for Pixel devices or accounts that are subscribed to Google Gemini in one form or another.

Closing Words

Google’s new Weather app is limited when you run it on a non-Pixel 9 device. It is likely that it may come to older devices, but that some features, mostly those powered by AI, may not come to older devices.

You can download the latest version from APK Mirror to give it a try.

Do you use a weather app on your mobile devices? If so, which app do you use and why? Feel free to leave a comment down below.

Windows 11: Device Encryption will be enabled automatically in these cases

Posted on August 15, 2024August 15, 2024 by Martin Brinkmann

The next feature update for Windows 11 enables automatic device encryption for users of the operating system. This happens automatically in the background and for most users, but there are exceptions.

What is Device Encryption and how does it differ from BitLocker Drive Encryption?

Device Encryption is based on BitLocker, Microsoft’s encryption technology. It is an automatic system that will encrypt the Windows partition and other fixed drives.

In other words: most drives that are internal will be encrypted by Device Encryption.

Encryption protects data on the drives to prevent unauthorized access.

BitLocker Drive Encryption on the other hand is only available for Pro, Enterprise, and Education editions of Windows. It gives administrators control over the technology and needs to be enabled manually.

The change in Windows 11 24H2

Starting with the release of Windows 11, version 24H2, Windows 11 will encrypt drives automatically using Device Encryption in the following cases:

During first sign-in with a Microsoft account, or work or school account.
During first set up of the device, if a Microsoft account is used.

Windows 11 will start the encrypting of the drives immediately in the background.

Windows users who create a local account during set up won’t have their drives encrypted. Microsoft notes here that it is possible to do that manually though.

Note: Microsoft is making it harder and harder to set up Windows without a Microsoft account. It is still possible, but most users are probably unaware of this.

Enabling or disabling Device Encryption manually

You need to sign-in with an administrator account to manage Device Encryption. Also, it is possible that the feature is not supported on the device.

Here is how to find out and manage it:

Select Start and then Settings to open the Settings app.
Go to Privacy & security > Device Encryption.

If you do not see Device Encryption on the page, it is either unavailable on the device or you are signed-in with a standard user account.

Device Encryption offers a simple toggle to turn the feature on or off.

How to find out why Device Encryption is now available

Here is a step-by-step guide on finding out why Device Encryption is not supported.

Open the Start menu.
Type System Information.
Select Run as adminstrator.
Scroll down to Automatic Device Encryption Support or Device Encryption support.
Hover over the entry to see the reason why it is not supported.

What is your take on Device Encryption? Do you use BitLocker encryption on your devices? Let us know in the comments below.

Beyond hardware: these Pixel 9 features launch with the phones

Posted on August 14, 2024August 14, 2024 by Martin Brinkmann

Google announced this year’s Pixel upgrade on its Made by Google event yesterday. As Google puts it, these are the most powerful Pixel devices ever. They are also the most expensive ones.

You find information about the hardware features of the four Pixel devices — Pixel 9, Pro, Pro XL, and Fold — on numerous sites. Check out Android Police’s or Android Central’s coverage, if you are interested in that.

Google’s main blog post on the Keyword website mentions hardware improvements just in passing. Just a few paragraphs that detail improvements over previous Pixel devices.

The majority of text is reserved for software improvements, mostly AI. The clear focus is software, therefore.

Here are the highlights:

Gemini Live — Deeper interactions with Google’s Gemini AI. Available for Gemini Advanced subscribers. Free for one year for Pixel 9 Pro, Pro XL, and Pro Fold buyers (sorry Pixel 9 buyers, no love for your).

Pixel Studio — Is an image generator that uses the “on-device diffusion model” with a text-to-image model that in the cloud. (Not available in all languages or countries, no further info on that).

Pixel Screenshots — Exclusive app for Pixel 9 that makes screenshots searchable using AI. You may later interact with the app to retrieve information. May include links and other information. (Not available in all languages or countries, no further info on that).

Improved Weather app — Google promises “super accurate weather forecasts” and custom AI weather reports. Also more customization options.

Camera improvements — The cameras get several new features and improvements:

AI-powered camera experience — Optimizes HDR+, exposure, tone mapping, sharpening, contrast, and more.
Super Res Zoom Video — Supports up to 20x super resolution zoom in Night Sight Video or Video Boost. Uses the telephoto camera with “advanced machine learning”. Only available on Pixel 9 Pro and Pro XL.
Add Me — Uses AI to merge multiple photos into a single one. One application for this is that you may add the photographer to a scene.
Reimagine Magic Editor — Change images using a text box, e.g., by removing objects or people, changing the sky, or placing new objects.
Auto frame in Magic Editor — Helps frame a photo that has been taken already.
Night Sight in Panorama — Panorama mode is now also available in low-light conditions.
Zoom Enhance — This one allows you to zoom in even more using AI. Only available on Pixel 9 Pro, Pro XL, and Pro Fold.
Video Boost — upgrades video to 8K resolution.
Move anything — Allows you to move objects or people in a photo.

Clear Calling and Call Notes — Clear calling improves the audio quality of calls according to Google. Call Notes on the other hand creates private summaries and full transcripts of phone calls. Everyone is informed about the recording. (only for calls that are at least 30 seconds long. Not available in all languages or countries, no further info on that).

Satellite SOS — known from Apple, this adds an emergency option to Pixel 9 devices to call for help, even when there is no cellular service. (Only available in the U.S., free for the first 2 years).

There you have it, these are the main features that Google announced. Google does not say which of these require Internet connectivity or what data is transferred for the services that require it.

Does this sound interesting to you? Do you plan to buy a Pixel 9 device, or will you skip those? Feel free to leave a comment down below.

Three year old Malvertising Campaign is still going strong

Posted on August 13, 2024August 13, 2024 by Martin Brinkmann

One of the most important skills of any Internet user is the ability to distinguish between advertising and organic links. A core reason for that is that advertising is regularly abused for malvertising campaigns.

Malvertising refers to ads that in one way or another attack the user or the user’s device. A simple example is a download ad that pushes a malicious file onto the user’s system.

Security researchers at ReasonLabs have discovered a malvertising campaign that has been around for at least three years.

The details:

Polymorphic campaign that installs Chrome and Edge extensions on endpoints.
Uses multiple attacks, including search hijacking, stealing private data, or executing commands on the user’s device.
At least 300,000 users fell victim to the campaign until now.

How the attack works

The attackers use advertising to push malicious downloads. They use fake download sites for legitimate applications such as YouTube, VLC, or Roblox FPS Unblocker.

Users who fall for this, you guessed it, download a malicious payload to their systems. Here is what happens next:

The executable creates a scheduled task, which is designed to run a PowerShell script.
The PowerShell script downloads a payload from a remote server and runs it on the user’s machine.
It then begins to make changes to the user’s system:
- Adds policies to enforce the installation of Chrome and Edge installations from the Store (which are malicious).
- Some versions of the script uninstall browser updates.
- Tampers with browser .lnk file to load another extension for communication with a control server and stealing search queries.
- Communicate with command center for status reports and the next stage of execution.

The script blocks uninstallation of the installed extensions, even when Developer Mode of the browser is set to on. Users will also see the “your browser is managed by your organization” message.

The blog post offers a deep dive, which interested or affected users may check out. There is also a section on removing the malware from infected hosts.

This involves:

Removing the scheduled tasks.
Removing the planted Registry keys.
Deleting the malicious files.

Closing Words

The security researchers note that many of the used domains, extensions, and scripts are not detected as malicious at the time of writing. Google and Microsoft were notified according to the blog post.

Which brings us right back to the beginning. Ads are not easily distinguishable from organic results in many cases. Google, for instance, displays a simple “sponsored” text above ads. They look exactly like organic results in any other way.

While experienced users may not have any problems differentiating between the two, less tech-savvy users fall for these.

So, if you want to improve security, you better take a good look at links before you click. If you want to be safer, do not click on ads 🙂

Android Apps: Exodus reveals trackers and permissions before installation

Posted on August 12, 2024August 12, 2024 by Martin Brinkmann

Much of what happens during the installation of an Android app happens in the background. While Android may highlight permissions that an app requires, it stays silent when it comes to privacy.

Many apps include trackers and may also contain ads, but ad-free apps may still have trackers.

If you are particularly worried about tracking, you may find the free service Exodus useful. It is available as a web-based version that you can launch from any modern web browser.

To get started, type the name of an Android app in the search field at the top. You can type partial names and pick the app from the list of results. Other options are to type the apps’ unique handle or full Google Play URL.

The number of trackers and permissions is returned then. Select trackers to look through the list of trackers that the application references. Trackers are classified based on their purposes, e.g., advertisement, identification, or analytics.

Exodus uses colors to highlight the number of trackers and permissions. Green apps use 0 trackers and permissions. Yellow apps less than 5, and red apps more than 5.

A click reveals the total number of analyzed apps that use the particular tracker.

Note that Exodus does not decompile applications. It performs a “static analysis of APKs and compares Java class names with a list of trackers”.

In other words, there is a chance that trackers do get overlooked.

As far as permission go, these are also shown on the profile page of the app on the Exodus website.

Another useful feature is the ability to have new apps scanned. You need to supply the full Google Play Store or F-Droid URL for that.

The application will be analyzed, if it is unknown to Exodus. The makers note that apps with geographic restrictions cannot be scanned.

Verdict

Exodus, all in all, is a useful service. It highlights if an application uses trackers. If you do not want to be tracked, you may want to give it a try. Most Android apps use tracking in one form or another though.

Do you use services like Exodus to analyze apps before you install them? Or do you use something else to block trackers? Let us know in the comments.