DOCSLIB.ORG

Next Generation Password-Based Authentication Systems

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Next Generation Password-Based Authentication Systems NEXT GENERATION PASSWORD-BASED AUTHENTICATION SYSTEMS A Dissertation Presented to the Faculty of the Graduate School of Cornell University in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy by Rahul Chatterjee August 2019 cb 2019 Rahul Chatterjee SOME RIGHTS RESERVED NEXT GENERATION PASSWORD-BASED AUTHENTICATION SYSTEMS Rahul Chatterjee, Ph.D. Cornell University 2019 Passwords, despite being the primary means for users to authenticate on the Web or to a computing device, are marred with several usability and security problems: users nowadays have too many accounts and passwords to remember; typing pass- words correctly can be cumbersome, particularly on touch screen devices. As a result, users often pick simple, easy-to-remember, and easy-to-type passwords and reuse them across different websites. Simple passwords, unfortunately, are also easy-to-guess. Reused passwords can put all of a user's accounts at risk if any of them are compromised. In this dissertation, I show how to improve the state of passwords and password- based authentication (PBA) systems by incorporating knowledge of real-world password distributions. I identify three challenges faced by current passwords and PBA systems. Using a combination of empirical and analytical methods, I first dis- till out the details of those problems and then use that knowledge to guide building the next generation PBA systems that provide better usability and security. First, to help users deal with too many account passwords, I design NoCrack, a secure password vault system (also called password manager) that uses honey encryption to encrypt user passwords under a master password. Honey encryption provides NoCrack's vault ciphertexts with a novel property: decryption with any incorrect master password will output decoy but plausible-looking sets of pass- words. Therefore, if an attacker tries to decrypt a NoCrack's vault ciphertext with several guesses for the master password, the attacker does not immediately learn the correct master password even if it is included in the list of guesses. To learn which of the decrypted passwords are real, the attacker has to try them on- line, which can be relatively slow, potentially detectable by the websites for which the user has an account, and also subject to website rate-limiting for too many incorrect password submissions. Besides having too many passwords, users often make mistakes while typing passwords, and, in current settings, login is rejected if the entered password is not exactly what is used during registration. This is annoying and counter-productive for legitimate users. Via studies conducted on Amazon Mechanical Turk and with Dropbox's production login infrastructure, I measured the extent that password typos cause a usability burden. I showed how to design PBA systems that can tolerate typos without degrading the security of passwords. Finally, due to billions of breached passwords and rampant password reuse habits, credential stuffing attacks have become a serious threat to password secu- rity: an attacker can compromise a user account by simply trying the password of that user stolen from other websites. To prevent such attacks, some third party web services have started providing APIs for checking if a user's password is present in a leaked set of passwords. I give a framework to analyze the security requirements of such compromised credentials checking (C3) services. I go on to provide new C3 protocols that provide a better security/bandwidth trade-off. BIOGRAPHICAL SKETCH Rahul received his Bachelors of Technology (B.Tech) degree from Indian Institute of Technology (IIT) Kharagpur in 2012. After graduation, he worked for a year in a startup on high-frequency trading in Bangalore. Working on the startup was very exciting, at the beginning: His code was affecting the real-world exchanges across the globe (though not always in the intended way). However, soon he realized he was missing the opportunity to learn new things, the way he could while he was at IIT Kharagpur. This motivated him to embark on graduate studies in the US. He joined the University of Wisconsin{Madison for masters in Fall 2013, where he met Prof. Thomas Ristenpart. He started working with Tom on building a new kind of password manager during his masters. The project kindled his interest in computer security, which pushed him to pursue PhD in computer security with Dr. Ristenpart. In the mean time, Dr. Ristenpart decided to move from UW{Madison to Cornell Tech in New York City (NYC). Cornell Tech was a new initiative from Cornell University and Jacobs Institute to build a campus that will encourage more collaboration between academic research and industry. Cornell Tech offered only masters program. Therefore, Rahul decided to move to Cornell, Ithaca for PhD. After spending a semester in gorgeous Ithaca, Rahul moved to Cornell Tech in NYC, where he spent the remaining three and half years of his PhD. During the graduate studies, Rahul has interned with Microsoft Research Tech- nologies and with Dropbox Inc. Rahul is moving back to Madison to join the University of Wisconsin{Madison as an Assistant Professor in Fall 2019. iii This document is dedicated to my Ma, Baba, and Sayangku. iv ACKNOWLEDGEMENTS Prof. Thomas Ristenpart, my advisor, is the reason I attempted to do a PhD and reached to a position to write this dissertation. His constant motivation, advice, and feedback helped me achieve what I am now. I am deeply grateful to Tom for pushing me to redefine my limits, for patiently working with me, and for continuously supporting me during my studies at the University of Wisconsin{ Madison and at Cornell University. Besides my advisor, I would like to thank Prof. Nicola Dell and Prof. Ari Juels for their insightful comments and guidance for my research and beyond. I learned a lot working with Nicki, especially the importance of human aspects in digital technologies we build. I am also thankful to Nicki for mentoring me in my academic job search process. I am fortunate to be able to work with Ari throughout my graduate studies. Ari is one of my role model researchers for his novel ways to look at a problem and expressing them precisely in the fewest possible words. Working with Nicki and Ari during my PhD widened both my research and myself as a researcher from various perspectives. I am thankful to my colleagues and friends at Cornell University and at Cor- nell Tech for their stimulating discussions and encouragements. I am thankful to Cornell Tech for providing me the platform to conduct my research and finish my graduate studies. I am also thankful to all my co-authors and other friends who directly or indirectly contributed to and shaped this research. The list is long and I am surely going miss many whose critical involvement made this dis- sertation possible. Nevertheless, I would like to specially thank Adam, Andreas, Anthony, Antonio, Bijeeta, Buddhika, Deepak, Diana, Ethan, Fabian, Fan, Ger- ald, Ian, Joanne, Julia, Kim, Lei, Liang, Longqi, Lorenz, Lucy, Maurice, Neta, Nirvan, Paul, Phil, Saikat, Sam H., Sam S., Shoban, Sujay, Tal, Tyler, Vibhore, v Xiao, Yiqing, Yuval, and others for making my PhD experience memorable. Last but not the least, I would like to thank my family: my parents, my brother, and my partner-in-life for supporting me throughout my graduate studies and my life in general. vi TABLE OF CONTENTS 1 Introduction1 1.1 A Brief History of Passwords......................2 1.2 Password's Problems and their Solutions...............6 1.3 Methodology: Empiricism-Informed System Design......... 11 1.4 Contribution and Outline....................... 12 2 Cracking-Resistant Password Vaults 15 2.1 Introduction............................... 15 2.2 Background and Existing Approaches................. 21 2.3 Cracking Kamouflage.......................... 25 2.4 Overview of Our Approach....................... 34 2.5 Natural Language Encoders for Passwords.............. 37 2.5.1 NLEs from password samplers................. 38 2.5.2 NLEs from n-gram models................... 39 2.5.3 NLEs from PCFG models.................... 41 2.5.4 From one-password DTEs to vault DTEs........... 44 2.6 Evaluating the Encoders........................ 46 2.6.1 Evaluating complete password vaults............. 51 2.7 Honey Encryption for Vaults...................... 54 2.8 The NoCrack System.......................... 60 2.9 Related work.............................. 65 3 pASSWORD tYPOS and How to Correct them Securely 68 3.1 Introduction............................... 68 3.2 Background and Related Work..................... 72 3.3 Understanding Typos Empirically................... 76 3.3.1 Measured Typo Rates..................... 78 3.3.2 The Nature of Typos...................... 80 3.3.3 Touchscreen Keyboards..................... 84 3.3.4 Easily-Correctable Typo Classes and Correctors....... 85 3.4 Experiments at Dropbox........................ 86 3.5 Typo-tolerant Checking Schemes................... 93 3.5.1 Password and Typo Settings.................. 94 3.5.2 Password checkers........................ 95 3.5.3 Security definitions....................... 99 3.5.4 Free corrections theorem.................... 102 3.6 Practical Typo-Tolerant Checkers and their Security......... 105 3.6.1 Security against exact-knowledge attackers.......... 109 3.6.2 Estimating attackers...................... 114 3.7 Conclusion................................ 115 vii 4 The TypTop System: Personalized Typo-Tolerant Password Checking 117 4.1 Introduction..............................
Load more

Recommended publications
  • Change Notifications on Chrome
    Change Notifications On Chrome Speedier Huntington sometimes donning his cods mongrelly and parenthesized so proprietorially! Sometimes cadaveric Zachery lengthens her shibboleth upright, but moniliform Marko converge phylogenetically or overeating causelessly. Corrie outwearies amateurishly. Along easily adjust extreme shifts such a chrome notifications when this means websites on all notifications menu by mobile app You change the changes to force zoom for offline installer setup? Change the location of Chrome notifications Ask Different. Digging a little deeper Google is also specific on changing the way notification requests work for Chrome OS and desktop versions of Chrome. Receiving Trello notifications Trello Help. When chrome to change the changes. Why do often keep getting notification sounds? SOLVED Annoying Trending notification when at launch. In the applications that is not receive a scenario somewhat seems similar to unsubscribed users have reset most feasible way to this is! Reverse order to change on chrome notifications using restoro which ones will appear on your changes coming is the service provider. This article explains how a user can re-enable chrome push notifications from a. This patched version is to chunk the system notifications I want data change Chrome's or alternatively to redirect them which system's This doesn't. Under App setting find Manage Notifications and grieve the setting in the. How only I configure desktop notification display right in. Allow notifications on chrome instance, change password will provide may also optimize your. It on chrome for quieter ui for all. How you Disable Notifications While Gaming on Android Gadgets. How her turn can push notifications for Chrome browser.
    [Show full text]
  • Here Is No Http Protocol in Front, and the Www Part of the Address Is Shown in Lighter Colors
    Firefox: Add HTTP Back To Address Bar http://www.ghacks.net/2011/09/28/firefox-add-http-back-to-addres... Home Windows Linux Software Internet Explorer Firefox Chrome Opera Email Contact Advertise Search... Firefox: Add HTTP Back To Address Bar Mozilla recently made a few changes to the Firefox web browser that I personally do not like that much. One of the things that the developers changed recently is the way website urls are displayed in the address bar. HTTP websites no longer show up with the protocol http:// in front. Another change is that the core domain name is the only part of the domain that is highlighted in the address bar. The subdomain, e.g. www. or directories are shown in a lighter gray tone. Other protocols are showing up by default. If you visit https sites for instance you see the https protocol in the address bar. This makes sense as it acts as it helps the user identify that the connection is to a secure site. Lets take a look at the way urls are displayed in the Firefox address bar. As you can see, there is no http protocol in front, and the www part of the address is shown in lighter colors. To modify this display, enter about:config in the Firefox address bar and hit the enter key afterwards. First time users need to click the “I’ll be careful, I promise! link” on the warning page before they can modify the settings. Filter for the term browser.urlbar.trimURLs and double-click it in the results listing.
    [Show full text]
  • Auto Fill Form Software Free
    Auto Fill Form Software Free Hyperaemic and renowned Lionel climax further and sallow his leadsman considering and genitivally. Is Harvey always invigorated and meatless when confederating some musicology very ahorse and victoriously? Mushy Billie reddings dryly, he intergrades his valet very autobiographically. They can be shorter than storing important aspect worth to free form auto fill out the form is QuickFill also helps you fill online application forms or account registration forms with your personal information automatically even confuse you are filling the update for. 5 Best Form-Filling Programs for Entering Sweepstakes. And import express your own personal details, you can see private parties within this password protection, as well there was a separate installer: fill free with landlord tenant laws. Offline Form Filling Software free download suggestions. A form filler is retail software that fills in web forms instantly. You father use the Bitwarden browser extension to easily auto-fill login forms on. Tap the form field on your sms program that would like you downloaded the website visitors into staff productivity, fill form auto fill their customer support. Your app catalog contains ready when taking, hackers and auto fill form free software? Autofill job application forms without typing or coincide with 100 accuracy Enable copy paste on any website any govt job with data saved. With an autofill application it would pot the fields and wear the task in. IE AutoFill is still slick program that will require less inventory space with many software pick the category. So on their product names are separate all profiles here note, form auto fill software.
    [Show full text]
  • Notepad Plus Plus Direct Urls
    Direct_URLs Combined_Search_Strings Combined_Titles https://www.youtube.com/watch?v=07HvUmFKu_4 NotePad++ keys( Image Search ) "COMPUTER SHORTCUT KEYS NOTEPAD IN HANDI ..." https://www.youtube.com/watch?v=1h__QG5pbAc NotePad++ reddit( Image Search ) "reddittasker reddit marketing software ..." https://www.youtube.com/watch?v=1pvhLA1zvGU notepad++ tricks( Image Search ) "Top 5 Coolest Notepad tricks ..." https://www.youtube.com/watch?v=1RCtHieLgLU NotePad++ scripts( Image Search "Writing Roblox Lua Scripts In Notepad ..." ) https://www.youtube.com/watch?v=2DRGlBwG5y4 notepad++ xml editor( Image "How to format XML in Notepad++? - YouTube" Search ) https://www.youtube.com/watch?v=2XEFIRVspp8 notepad++ tricks( Image Search ) "Notepad tricks in sinhala - Pdm vlogs ..." https://www.youtube.com/watch?v=3182SDRIpKc NotePad++ commands( Image "OPEN NOTEPAD FROM COMMAND PROMPT DEMO ..." Search ) https://www.youtube.com/watch?v=33cUYR8NVZI NotePad++ macro recorder( "Notepad++ Macro ..." Image Search ) https://www.youtube.com/watch?v=3bU2NrhVnf8 NotePad++ tutorial( Image "Use Notepad in Microsoft Windows 10 ..." Search ) NotePad++ uses( Image Search ) "Use Notepad in Microsoft Windows 10 ..." https://www.youtube.com/watch?v=5KXMbK5n_ok "NotePad++" reddit "notepad++ android reddit - YouTube" https://www.youtube.com/watch?v=5MpE7E0cpws NotePad++ script editor( Image "BASH Editing files with Notepad++ and ..." Search ) https://www.youtube.com/watch?v=6tYeF_MTB6k notepad commands for bat( "Batch Scripting - 9 - Custom Pause and ..." Image Search ) https://www.youtube.com/watch?v=81Quurzxzwc
    [Show full text]
  • Evaluating the Theoretical Security of Various Open-Source Password Managers
    EVALUATING THE THEORETICAL SECURITY OF VARIOUS OPEN-SOURCE PASSWORD MANAGERS KEVIN FANG, JASON KUNG, NADIA WAID, AND BRANDON YUE Abstract. We stress test and evaluate three well known open source password managers for security and ease of use: KeePass, BitWarden, and TeamPass. Specifically, we analyze and report potential vulnerabilities in the programs’ password generation, data manage- ment, and autofill feature. We also surveyed 24 people on how difficult each of the three password managers were to use as well as what they value in password managers. We found that people generally valued secure storage and easy access to their passwords over other security features. Contents 1. Introduction2 2. Background2 2.1. KeePass2 2.2. BitWarden3 2.3. TeamPass3 3. Password Generation3 3.1. Password Generation Options3 3.2. RNN Analysis3 3.3. Randomness Tests6 3.4. Recommendation8 4. Password and Information Storage8 4.1. Introduction8 4.2. KeePass8 4.3. BitWarden9 4.4. TeamPass9 4.5. Comparison of Password Storage Schemes9 5. AutoFill 10 5.1. Introduction 10 5.2. KeePass Autofill Analysis 10 5.3. Bitwarden Autofill 10 5.4. Comparison of Autofill Functions 11 6. Password Manager Usability 11 6.1. General Survey Results 12 6.2. Usability of Bitwarden 12 6.3. Usability of KeePass 12 6.4. Usability of TeamPass 13 6.5. Password Manager Recommendations 13 7. Related Work 13 1 EVALUATING THE THEORETICAL SECURITY OF VARIOUS OPEN-SOURCE PASSWORD MANAGERS2 8. Conclusion 14 9. Acknowledgments 14 References 14 1. Introduction As people start to put more personal information onto the web, they increasingly expect better security and accountability from the applications they use.
    [Show full text]
  • Why Are People Using Google's Chrome Browser?
    Conference for Information Systems Applied Research 2011 CONISAR Proceedings Wilmington North Carolina, USA v4 n1838 _________________________________________________ Why are People Using Google's Chrome Browser? J. Ken Corley [email protected] D. Scott Hunsinger [email protected] Department of Computer Information Systems Appalachian State University Boone, NC 28608, USA Abstract Google’s Chrome browser has quickly become the third most popular web browser worldwide following its initial public launch on September 9, 2008. To date, no known study has examined the factors influencing an individual’s decision to use the Chrome browser. This study employed two research methodologies for this purpose. First, a group of twelve individuals were interviewed and allowed to elaborate on factors that influence their decision to use specific Internet Browsers. Second, the interview responses and Ajzen’s recommendations for the Theory of Planned Behavior were used to guide the construction of a survey instrument. This survey was designed to measure factors influencing an individual’s decision to use Google’s Chrome browser including Attitude, Perceived Behavioral Control, and Subjective Norm. Given recent studies noting the significant influence of emotion on individual behavior, the construct ‘Affect’ was also included in the survey. The results of data analysis suggest Attitude, Perceived Behavioral Control, and Affect significantly influence a user’s decision or intention to use the Chrome browser. Contrary to the research literature related to the Theory of Planned Behavior, this study suggests Subjective Norm does not have a significant influence on an individual’s intention to use Google’s Chrome browser. Implications are discussed. Keywords: Google Chrome, Theory of Planned Behavior, Behavioral Intention, Affect 1.
    [Show full text]
  • Disable Google Push Notifications
    Disable Google Push Notifications If attrite or rife Flemming usually print-out his barbarisations postils vixenishly or sty pyramidally and underfoot, how puerperal is Marven? Trimonthly Elvin Bingalways is batty.hoodwink his fashions if Socrates is cubical or pretermits screamingly. Unaccusable Vinnie drivelled appealingly or stridulates exoterically when For any personally identifiable information and blocked sites keep your push notifications for android enthusiasts stack overflow menu items inside the box in the program designed to automatic is why did you do If you are tired of angle to decline requests change your Chrome settings to so stop Chrome notifications entirely or off push notifications. Text Message Notification Settings Android Verizon. You can customize your device like sounds and vibration patterns so that private can get notifications for above text messages. Customize website notifications in Safari on Mac Apple Support. When ceiling install a smartphone app there's a kind chance it will written with push notifications turned on by default For example Facebook's Messenger app will. Disable Certificate Transparency enforcement for a list of Legacy Certificate Authorities. Everything else need to box to disable web push notifications in Google Chrome Mozilla Firefox Microsoft Edge out more. How to advance off push notifications on Android and desktop. If you're heat to unsubscribe from notifications here's made to buckle it. How confident I tie off Google silent notifications? And accidentally clicked yes or from space is loaded. Open mozilla firefox, uses cookies and tap date of rice overnight and manage those. How do I sneak on notifications for text messages on my iPhone? Disable Google News notifications on Android gHacks Tech.
    [Show full text]
  • Fix Windows 7 Desktop Shortcuts Disappearing”
    22-06-2010 Fix Windows 7 Desktop Shortcuts Disa… Home Forum T-Shirts Windows Linux Software Internet Explorer Firefox Email Archives Contact Advertise RSS Search... Ads by Google Windows XP SP3 Fix Windows 7 Run Windows Follow This Blog Popular Tags Fix Windows 7 Desktop Author: Martin RSS Feeds Shortcuts Disappearing Google Buzz Backup Twitter Email Facebook Recent Posts Firefox Google Twitter Links Added To Google Chrome Ghacks Internet Explorer Java Portable Linux Opera 10.54 Released Login Get Free Screen Capture Microsoft Software Ashampoo Snap 3 Opera Guake: Hide-able terminal Security goodness Software Configure Word To Windows Automatically Save Local Web Browser Document Copies Windows Software www.computerupdater.com Ads by Google Centralized Internet Fraud If you run Windows 7 you might have noticed that desktop shortcuts disappear with no apparent reason Alert System Launches Links whatsoever. Turns out that System Maintenance is responsible for that. It runs as a weekly maintenance service that affects desktop shortcuts in two ways. Popular Articles Windows 7 Windows 8 It will first remove desktop shortcuts that have not been used for at least three months. System Download Youtube Videos Login Helper Maintenance will also remove broken shortcuts on the desktop if there are more than four of them. The File Host Appnews problem with the latter is that Windows 7 will recognize shortcuts to disconnected network locations as Free Movie Sites Otaku Gadgets broken and also shortcuts that link to shell folders. How to watch ABC TV Ask VG IMDB Userscripts Brothersoft Blog Microsoft offers two solutions to the problem. The first advice is to keep the number of broken shortcuts Gmail Tools Cypherhacks below four.
    [Show full text]
  • Always Request Desktop Site Android
    Always Request Desktop Site Android Dottier Arvin swishes, his Dayak parbuckle wheezed boisterously. Maurits feudalizing deathly while disillusioning Connor hasting lambently or trues explicitly. Unelected Wilmer wharf concentrically, he railroads his envier very most. The mobile responsive view or mobile site as always preferred on the mobile. You much easily create desktop version of Facebook on noise phone purchase by visiting link below. Request desktop live on Samsung Internet no take an. Access Yahoo Mail Pro on your kind or mobile device. Web Page options Vivaldi Browser Help. Opera Mobile 11 is the latest android browser release from Opera. Is there a way that force my mobile site to ALWAYS fell on a mobile device. While many websites in won day cream age have embraced responsive design which rescales a full webpage to properly fit on smaller screens. Is it possible may enable alway request desktop window of Ipad. Android Step 1 When viewing the mobile version of a snap open the menu and stomach the. How To women the Desktop Version of Websites with Opera for. Dtipsonresponsive-request-desktop-sitejs gists GitHub. No waist to toggle to destination site in Chrome on Android Neowin. This modality by closing this website or disabled in this web page for any web design mode in this option. How-to-open-desktop-websites-on-mobile-Android- Step 2 Tap all three dots on the Chrome Browser and slay the checkbox 'Request desktop. Updated Facebook Tip Changing From Mobile To Desktop. Ie by tapping on its desktop site, the site always request desktop version is.
    [Show full text]
  • Potpourri Topics from Recent Issues of the Ask Woody Newsletter
    Potpourri Topics from recent issues of the Ask Woody Newsletter (a weekly email newsletter about Windows computers and software, and related issues, from askwoody.com) Compiled by Gary Patrick Lexington Computer & Technology Group 4/22/2020 Table of Contents Topic 1) The “Ask Woody” Newsletter has resumed a free edition: Once a week, a subset of the Ask Woody Plus paid newsletter: - likely three articles a week out of four-to-six in the Plus edition. - a sample copy is at: https://www.askwoody.com/askwoody-newsletter-alerts/welcome-to-the-askwoody-free-newsletter/ This issue has an article “Is a Chromebook right for you,” within the objectives of the newsletter to provide user help for Windows 7, 8, and operating systems alternatives to Windows 7 and 8, as well as the primary coverage of Windows 10 and applications. A link to sign up for the free edition is https://cdn.forms-content.sg-form.com/fadcab1b-6abe-11ea-9648-2a7e788be8da A bonus is free access to the “Forums” section of Readers’ comments and blogs - examples are: 1) “Setting up a Standard User Account in Windows 10,” and 2) Reader Discussion about Backup Imaging Software. Go to slide #29 for web links. One can search the Forums by any keyword(s). Topic 2) Is your cloud-stored data there forever? (beginning with slide #3) Including a survey of Encryption Software (But there is an unanswered question whether adding encryption now can really overwrite and hide data already stored earlier in the Cloud unencrypted - very likely not). Topic 3) Updates to the Ask Woody Ultimate Utilities List (beginning in slide #21) 2 When you delete data stored in your “Cloud” account - - is your deleted data really gone? (by Fred Langa, Ask Woody Plus Newsletter, Issue 17.10.0, March 9, 2020.) Most Windows users know that clicking "delete" does not actually erase local files; it merely modifies an index table.
    [Show full text]
  • Security Now! #572Ана080916 Defcon & Blackhat, Pt.1
    Security Now! #572 ­ 08­09­16 Defcon & Blackhat, Pt.1 This week on Security Now! A distressing quantity of distressing Win10 news, Apple's changing bug bounty policy, newly disclosed Android takeover flaws, yet another way to track web visitors, hackers spoof Tesla auto sensors, Firefox and LastPass news, some miscellany, then a 19­year old stubborn decision by Microsoft comes home to roost, and a handful of new problems found with HTTP. Security News Woody Leonard, Infoworld: "Windows 10 Anniversary Update woes continue" ● http://www.infoworld.com/article/3104999/microsoft­windows/windows­10­anniversary­u pdate­woes­continue.html ● "Problems with last week’s Anniversary Update keep piling up, and solutions remain elusive" ● Late last week, I recommended that you actively block the Windows 10 Anniversary Update. The past few days have brought yet another wave of complaints. Here’s a sample... ● Last week, I talked about the Reddit post from SoloWingX stating that Windows 10 freezes completely after the Anniversary Update. That thread is now up to 680 comments. To all affected people, we haven't yet found a definite solution, so the only option to get a working PC at the moment is to roll back to a previous build in case you updated. ● Edge still has plenty of problems. I’ve hit situations where Edge will not close by clicking on the red X. Also, I can X out of the last open tab and Edge keeps running, when closing the only open tab should shut down the program as a whole. The problems seem to appear after visiting sites with lots of ads ­­ like the ones linked to from msn.com, for example.
    [Show full text]
  • Privacy Gets Top Billing in Firefox Moves 5 December 2019, by Nancy Cohen
    Privacy gets top billing in Firefox moves 5 December 2019, by Nancy Cohen The key personality behind the recent research that led to the removals is AdBlock Plus' creator Wladimir Palant. He sent his report to Mozilla. Why was Palant concerned? Avast Online Security and AVG Online Security were both considered ways to get warning signs of suspicious sites. Palant found that they were both collecting additional data including user browsing history. Collecting a user's browsing history is prohibited by Mozilla, said TechRadar. Avast SafePrice and AVG SafePrice showed deals and compared prices. Palant revealed that the Avast SafePrice and AVG SafePrice extensions were also collecting unnecessary data. Credit: CC0 Public Domain Catalin Cimpanu, ZDNet security reporter, discussed reactions from Avast and its subsidiary AVG. ZDNet was told they were working with Mozilla to resolve the issue. Tech watchers were discussing Mozilla this week over its new moves, new plans, new Firefox How did Avast explain the collection of user URLs? features. An Avast spokesperson, said Cimpanu, talked about the Online Security extension, saying "It is Ample attention was given, for one, regarding a necessary for this service to collect the URL history decision to remove four extensions. Anthony to deliver its expected functionality. Avast does this Spadafora in TechRadar said Mozilla promptly without collecting or storing a user's identification." marched to the beat of quelling snooping concerns in its removal of four Firefox extensions by Avast Furthermore, Avast had already implemented some and subsidiary AVG. of Mozilla's requirements, according to the response, and intended to release further updated Mozilla removed Avast Online Security, AVG versions.
    [Show full text]