Merry Christmas and Happy New Year, folks! Better late than never. We hope that the year that has come is going to be less challenging than the previous few ones. Cheers.
But we already know that these hopes are in vain. The web is becoming more complicated and dangerous, advertising and tracking become more sophisticated, data leaks become large-scale. It's not all doom and gloom, there are a number of positive trends too — for example, cybersecurity experts say that there is no need to pay for an antivirus anymore. Software vendors generally have good built-in protection suits, and what's more important, the evil guys now do not quite need viruses to abuse you.
An advice of the year and of all the years: use complicated passwords, change them every now and then, and turn two-factor authentication on. You can stay safe for years taking no measures, but then it happens just once, and you'd be sorry for a long time (not so much because of losing money, but rather because of knowing that you could have easily avoided it by not being lazy and stu… well, mistaken). By the way, check out this article if you want to know how exactly passwords are stolen.
Good news everyone — Google's campaign against ad blocking extensions that we'd already warned you about met strong resistance again. Well, okay, to be clear, Google are not actually fighting ad blockers but rather limiting the capabilites of browser extentions, which sounds like a reasonable move from the security point of view, but would also maim or kill oh so many existing extentions. The Electronic Frontier Foundation, well known for advocating online privacy and security, has called Google to review their plans on the notorious Manifest v3. If Google still wants not to be viewed as "evil" by the public, they will at least take some time before introducing Manifest v3.
And Google has got a good reason to think before depriving users of ad blockers: Multiple ad blockers topped Firefox's list of the most popular and innovative add-on browser extensions of 2021.
Another surprise: people yearn for security, or at least for a feeling of safety. Brave browser reported reaching 1% share of the browser market with 50 million active monthly users. We've already written about their new privacy-oriented search engine.
In its turn, the privacy-focused search engine DuckDuckGo reported growing by almost 47% in 2021. It now has a market share of 34.6 billion search queries and 100 million search users per day. They have recently released a browser of their own, and now they are announcing a service called Email Protection "that strips email trackers and allows you to protect your actual email address".
Here is a story about unexpected consequences: the encrypted messenger called Signal decided to implement anonymous cryptocurrency payments. What could be more security- and privacy-oriented? The problem is, experts say, crypto has a bad reputation, and such a feature would attract regulators' attention. You know them regulators, they spoil all the fun all the time. We do not actually know if it is good or bad that a secure messenger is afriad to attract regulators' attention. The most important thing is, people seem to be sure that end-to-end encryption is in real danger, and everybody must be careful not to "provoke" governments to forbid it.
Current and former Signal employees told me they were worried about what that combination would bring to the app. Anonymous transactions would likely attract criminals, they told me, and that in turn would attract regulatory scrutiny. Given that end-to-end encryption already faces legal challenges around the globe, they said, Signal's addition of anonymous payments was a needless provocation. And it could give more ammunition to lawmakers who want to end encryption as we know it.
A few days ago the founder and CEO of Signal stepped down and was replaced by Brian Acton, a co-founder of WhatsApp. Looks like there is now one secure messenger less.
Mobile apps positioned as a calculator or calendar actually spy on you and gather your data, warns a respected news outlet The New York Times. Wow! Never happened before! Oh wait, it was happening all the time that mobile apps existed. Well, they say there appeared a new generation of data harvesting apps that record keystrokes, conversations, location, and all that. They actually describe themselves as "stalkerware": it's implied that you, for example, steal your parther's phone and install what looks like an innocuous calculator. But that same app is listed in Google Play store as a literal "keylogger". Yes, Google distributes keyloggers, no one cares apparently. Beware, do not lose control over your devices, pay attention to apps that you do not remember installing.
Quite a grim article on Techcrunch on how you have no privacy at all at work. The company admin can read all your direct messages in Slack, company-provided gadgets are monitored, HR protects company's interests, not yours — but all of that is not a reason to quit. And we are just reminding: there is such thing as a VPN.
And to round things out, here's some security-related fun:
After infecting themselves with their own custom remote access trojan (RAT), an Indian-linked cyber-espionage group has accidentally exposed its operations to security researchers.
Ok, just one more short one. Even if it's not strictly security-related, it's still fun. Two cops were so obsessed by chasing a rare pokemon in Pokemon Go that they ignored a robbery in progress.
Well, that's it. Stay safe.