Chrome users with something to hide have heretofore been required to sign in to Google to keep their omnibox searches hidden from prying eyes -- but today's Chrome 25 beta update changes that. Now all searches are automatically encrypted, whether you're signed in or not. It's certainly not the first browser to implement such a security feature -- Firefox 14 switched to HTTPS for all searches last year -- but it's a welcome change all the same. With web voice recognition and security whitelists on the docket as well, the latest version of Chrome is setting up to be quite the must-have, especially for those who want to keep their Justin Bieber search results to themselves.
Source: Chromium Blog
Who'd have thought those tiny reminders of the site you're browsing could bite your backside? Apparently Mozilla did, and with its latest nightly Firefox build it has expunged favicons from their eternal perch just left of the URL. The problem is that instead something friendly -- like Google's famous "g" -- nefarious sites can use a padlock or similar image, making you think you're on a secure SSL page. So, starting from mid-July you'll see a generic globe for standard websites, green padlocks for SSL sites with validation, and gray padlocks for SSL sites without it. Take note that (so far) tabs will keep their favicons, so those of us with 43 sites open at the same time will still know where in the web we are.
Firefox deems favicons risky, banishes them from address bar originally appeared on Engadget on Tue, 24 Apr 2012 10:19:00 EDT. Please see our terms for use of feeds.
Permalink
Mozilla Dev Blog | 
TNW | Email this | Comments 
Back in September of 2010 Google started experimenting with a new Chrome feature called False Start, which cut the latency of SSL handshakes by up to 30 percent. While the delay in forging a secure connection never seemed like a major concern for most, the pause (which could be several hundred milliseconds long) before a browser starts pulling in actual content was too much to swallow for Mountain View engineers. The tweak to SLL was a somewhat technical one that involved packaging data and instructions normally separated out -- reducing the number of round trips between a host and a client before content was pulled in. Unfortunately, False Start has proven incompatible with a number of sites, in particular those that rely on dedicated encryption hardware called SSL Terminators. Chrome used a blacklist to track unfriendly sites, but maintaining that repository proved more difficult than anticipated and became quite unwieldy. Despite reportedly working with over 99 percent of websites Adam Langley, a Google security researcher, has decided that False Start should be retired with version 20 of the company's browser. The change will likely go unnoticed by most users, but it's always a shame to see efforts to make the web as SPDY as possible fail.
Google puts False Start SSL experiment down, nobody notices originally appeared on Engadget on Thu, 12 Apr 2012 22:44:00 EDT. Please see our terms for use of feeds.
PermalinkArs Technica | Imperial Violet | Email this | Comments