Security News

It turns out, this header, now being returned by GitHub sites, is actually meant for website owners to opt-out of Google FLoC tracking. BleepingComputer also noticed the entire github.com domain had this header set, indicating GitHub did not want its visitors to be included in Google FLoC's "Cohorts" when visiting any GitHub page.

How Firefox showed the hand to a widely abused online tracking trick. Why reading from one part of your computer's memory can paradoxically let you write to another part.

The "Problem child" that Firefox just addressed is a lesser-known JavaScript variable called window. Specifying an existing tab name in the target of the link means that we can re-use the second tab for our new content, so that the example.com page opens up in the same NEWTAB tab, replacing the Naked Security content and avoiding the creation of a third tab.

Mozilla this week released Firefox 88 in the stable channel with patches for a dozen vulnerabilities and with improved user privacy, obtained through isolating the window. Name property has been available for websites to store whatever data they choose to, but such data has often been allowed to leak between sites, essentially allowing for the tracking of users across the pages they visit.

Microsoft has disabled Google's controversial FLoC browser-based tracking feature in their Chromium-based Microsoft Edge browser. This month, Google began testing a new tracking platform called Federated Learning of Cohorts, or FLoC, that places users in anonymous buckets, or cohorts, based on their interest and browsing behavior.

Google's FLoC mechanism for ad personalisation, currently being trialled in the Chrome browser, has been rejected as privacy-invasive tracking by other browser makers including Vivaldi and Brave. FLoC is part of what Google calls the Privacy Sandbox initiative, a proposal to "Support business models that fund the open web in the absence of tracking mechanisms like third-party cookies," according to now-retired Chrome engineering director Justin Schuh and product manager Marshall Vale in January.

Last month, Google announced plans to roll out a new privacy-focused feature called Federated Learning of Cohorts for the Chrome browser and ad serving websites. FLoC has been criticized by the Electronic Frontier Foundation and outright rejected by makers of Vivaldi and Brave browsers for its debatable claim of being a privacy-preserving technology.

DuckDuckGo has launched a new browser extension for Chrome that will prevent FLoC, a new tracking technique used by Google to support web advertising without identifying users. Privacy browser DuckDuckGo has launched a new extension for Chrome that's designed to block Google's new algorithm for tracking users' browsing activity for ad selection.

New research into 5G architecture has uncovered a security flaw in its network slicing and virtualized network functions that could be exploited to allow data access and denial of service attacks between different network slices on a mobile operator's 5G network. As the name indicates, the idea is to "Slice" the original network architecture in multiple logical and independent virtual networks that are configured to meet a specific business purpose, which, in turn, dictates the quality of service requirements necessary for that slice.

Eliminating third-party cookies will not stop companies from tracking web users, says DuckDuckGo, which claims it can help with its desktop browser extensions and mobile apps. In a blog post on Tuesday, the privacy-focused search biz explains that the much discussed plan by Google to eliminate third-party cookies in Chrome by the end of 2022, and related restrictions already implemented in browsers like Brave, Firefox, and Safari, will have a limited effect on marketers' online tracking efforts.