In the wake of Snowden’s revelations, many people have started using VPN services to encrypt their online activities. Until recently, one popular choice was Hola’s free VPN.
Hola has been scrambling to deal with the public backlash over this news, but so far all they’ve done is retroactively update their FAQ, adding statements about what Hola can do with your computer if you’ve installed their software.
Mozilla continues to shovel more features into Firefox. This week we have Firefox 38.0.5, which adds support for Pocket (a ‘save for later’ service) and Reader mode, which provides simplified views of any web page. Version 38.0.5 also fixes a couple of nasty performance and display bugs that were introduced in recent versions. The 38.0.5 release notes provide additional details. No security issues were addressed in this update.
Mozilla is re-evaluating Firefox’s release notes, even going so far as to ask the community for feedback. Now if we can just get them to do something about the total lack of new version announcements. As usual, there was no proper announcement for this new version, although there was a post on the Mozilla blog that discusses Pocket and Reader.
Update 2015Jun10: I recently encountered an article on a site that displays everything as white text on a black background. I can only read a site like that for a few seconds before my eyes start to go blurry, so I decided to try Firefox’s new Reader mode. The near-unreadable text was transformed into beautiful, uncluttered, easy-on-the-eyes text. So apparently my offhand dismissal of Reader mode was a mistake: it’s actually a very useful feature, especially for those of us past a certain age.
Those of you who monitor traffic arriving at your home or work network are no doubt aware that your network is being constantly scanned for vulnerabilities. Brian Krebs rightly points out that much of this scanning activity is not malicious.
A hidden feature in recent versions of Firefox blocks technologies – including cookies – that would otherwise be used to track your activities on the web.
Currently, the Tracking Protection feature can only be enabled via Firefox’s hidden about:config interface. To access this interface, enter about:config in the address bar. You’ll see a large warning message. Click the I’ll be careful button to proceed. In the search box, enter privacy.trackingprotection.enabled. The setting should be listed below, along with its current value. Double-click the line of text to toggle it from false to true.
Tracking Protection doesn’t appear to block ALL cookies, just those that are associated with activity tracking. According to Mozilla’s description of the feature, the default list of blocked resources is based on information from the security provider Disconnect.
Unfortunately, there’s not much available to the user for managing the feature. There’s no easy way to list or modify the resources that will be blocked. All the user sees is a new shield icon at the extreme left end of the address bar, which you can click to see a small dialog:
Firefox Tracking Protection
There’s not much information on the dialog, and the only options available are to close the dialog or Disable protection for this site.
There is a way you can see exactly what resources are being blocked: click the Firefox menu button (the ‘hamburger’ at the right end of the toolbar), then click Developer, then Web Console. As you encounter blocked resources, they will appear in the list at the bottom of the screen. For example: “The resource at “http://www.google-analytics.com/analytics.js” was blocked because tracking protection is enabled.” Unfortunately, there’s usually lots of other information in that list as well.
By default, Tracking Protection blocks useful technologies, including at least two used on this site: Google Analytics and Feedjit. Google Analytics provides invaluable information to site managers, including how many people visit the site, when they visit, how long they stay, and so on. Feedjit is the technology powering the Live Traffic Feed in the sidebar; I’m only using it as an interesting experiment, so it’s not a big deal if it misses some users, but it’s not in any way harmful.
In the final analysis, Tracking Protection is really only useful for the truly paranoid. But if you hate the idea of anyone knowing what you’re doing on the web, you should probably be using Firefox’s Private Browsing mode.
Tracking Protection was apparently added by Mozilla in response to the fact that the Do Not Track feature is not being honoured by all trackers. A post over on VentureBeat provides additional perspective.
On Monday Google announced a new version of Chrome, 43.0.2357.81. This version does not appear to include any security fixes, but it does fix two minor display issues.
A short quiz, provided by anti-malware software maker McAfee, allows you to test your skill at identifying phishing email.
In the quiz, you are presented with ten email samples, and asked to decide whether they are phishing email.
What is phishing? From Wikipedia: “Phishing is the illegal attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.”
Hint: look for links in each of the sample messages. Hover your mouse over each link, and compare the address with the supposed sender. If a link points to a site that’s unrelated to the supposed sender, the email is probably not legitimate.
Up until recently, I recommended BitTorrent Sync (aka BTSync) to anyone who needed a simple way to share files between remote computers. I won’t be doing that any more.
BTSync is now out of its beta period, and the news is bad. It comes in two distinct versions: the paid version, which does what we’ve come to expect but now costs $50 per year per seat, and the free version, which is limited to ten shared folders.
BTSync Pro trial expiry message
This, despite earlier promises that functionality would not be removed from the free version. Some may argue that no actual features have been removed from the free version, but if I was running more than ten shares and suddenly some of them stopped working, it would sure seem like something was missing.
Of particular interest in the expiry message (above) is this: “Folder additions and removals will not be propagated to other devices.” I interpret this to mean that in the free version of BTSync, adding or deleting a folder in an existing share will not result in those changes being propagated to peers. If true, this makes the free version of BTSync almost entirely useless. But in my tests, it appears that folder additions and deletions are in fact still being propagated between peers. Possibly BitTorrent intended to make this change but changed their minds and didn’t update the expiry message.
In any case, while I understand that BitTorrent has the right to try to make money from their software, tricking beta users into using (and testing) your software only to break it – and ask for what is effectively ransom money to keep using it – is not going to win many customers.
I expect BTSync usage numbers to plummet sharply soon. I’ll be looking at alternatives, and if I find something good, I’ll add it here. For now, all I can do is warn everyone: don’t use BitTorrent Sync.
Numerous security vulnerabilities were addressed in the latest release of Google’s web browser, Chrome. If you use Chrome, it should update itself automatically to version 43.0.2357.65.
Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.
Close
Ad-blocker not detected
Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Learn more.
boot13
