<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>browsers &#8211; Noise</title>
	<atom:link href="https://noise.getoto.net/tag/browsers/feed/" rel="self" type="application/rss+xml" />
	<link>https://noise.getoto.net</link>
	<description>The collective thoughts of the interwebz</description>
	<lastBuildDate>Sat, 01 Nov 2025 16:01:46 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=6.8.2</generator>
	<item>
		<title>Prompt Injection in AI Browsers</title>
		<link>https://noise.getoto.net/2025/11/11/prompt-injection-in-ai-browsers/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 11 Nov 2025 12:08:48 +0000</pubDate>
				<category><![CDATA[AI]]></category>
		<category><![CDATA[browsers]]></category>
		<category><![CDATA[cyberattack]]></category>
		<category><![CDATA[LLM]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=71125</guid>

					<description><![CDATA[<p><a href="https://www.bleepingcomputer.com/news/security/commetjacking-attack-tricks-comet-browser-into-stealing-emails/">This</a> is why AIs are not ready to be personal assistants:</p>
<blockquote><p>A new attack called ‘CometJacking’ exploits URL parameters to pass to Perplexity’s Comet AI browser hidden instructions that allow access to sensitive data from connected services, like email and calendar.</p>
<p>In a realistic scenario, no credentials or user interaction are required and a threat actor can leverage the attack by simply exposing a maliciously crafted URL to targeted users.</p>
<p>[…]</p>
<p>CometJacking is a prompt-injection attack where the query string processed by the Comet AI browser contains malicious instructions added using the ‘collection’ parameter of the URL...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>New Windows Malware Locks Computer in Kiosk Mode</title>
		<link>https://noise.getoto.net/2024/09/25/new-windows-malware-locks-computer-in-kiosk-mode/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 25 Sep 2024 11:00:29 +0000</pubDate>
				<category><![CDATA[browsers]]></category>
		<category><![CDATA[credentials]]></category>
		<category><![CDATA[Malware]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[windows]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69419</guid>

					<description><![CDATA[<p><a href="https://www.bleepingcomputer.com/news/security/malware-locks-browser-in-kiosk-mode-to-steal-google-credentials/">Clever</a>:</p>
<blockquote><p>A malware campaign uses the unusual method of locking users in their browser’s kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware.</p>
<p>Specifically, the malware “locks” the user’s browser on Google’s login page with no obvious way to close the window, as the malware also blocks the “ESC” and “F11” keyboard keys. The goal is to frustrate the user enough that they enter and save their Google credentials in the browser to “unlock” the computer.</p>
<p>Once credentials are saved, the StealC information-stealing malware steals them from the credential store and sends them back to the attacker...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Exploiting Mistyped URLs</title>
		<link>https://noise.getoto.net/2024/06/10/exploiting-mistyped-urls/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Mon, 10 Jun 2024 11:08:15 +0000</pubDate>
				<category><![CDATA[academic papers]]></category>
		<category><![CDATA[browsers]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=69004</guid>

					<description><![CDATA[<p>Interesting research: “<a href="https://dl.acm.org/doi/10.1145/3589334.3645510">Hyperlink Hijacking: Exploiting Erroneous URL Links to Phantom Domains</a>“:</p>
<blockquote><p><b>Abstract:</b> Web users often follow hyperlinks hastily, expecting them to be correctly programmed. However, it is possible those links contain typos or other mistakes. By discovering active but erroneous hyperlinks, a malicious actor can spoof a website or service, impersonating the expected content and phishing private information. In “typosquatting,” misspellings of common domains are registered to exploit errors when users mistype a web address. Yet, no prior research has been dedicated to situations where the linking errors of web publishers (i.e. developers and content contributors) propagate to users. We hypothesize that these “hijackable hyperlinks” exist in large quantities with the potential to generate substantial traffic. Analyzing large-scale crawls of the web using high-performance computing, we show the web currently contains active links to more than 572,000 dot-com domains that have never been registered, what we term ‘phantom domains.’ Registering 51 of these, we see 88% of phantom domains exceeding the traffic of a control domain, with up to 10 times more visits. Our analysis shows that these links exist due to 17 common publisher error modes, with the phantom domains they point to free for anyone to purchase and exploit for under $20, representing a low barrier to entry for potential attackers...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Class-Action Lawsuit against Google’s Incognito Mode</title>
		<link>https://noise.getoto.net/2024/04/03/class-action-lawsuit-against-googles-incognito-mode/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 03 Apr 2024 11:01:51 +0000</pubDate>
				<category><![CDATA[browsers]]></category>
		<category><![CDATA[courts]]></category>
		<category><![CDATA[data collection]]></category>
		<category><![CDATA[google]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=68718</guid>

					<description><![CDATA[<p>The lawsuit has been <a href="https://www.wired.com/story/google-chrome-incognito-mode-data-deletion-settlement/">settled</a>:</p>
<blockquote><p>Google has agreed to delete “billions of data records” the company collected while users browsed the web using Incognito mode, according to <a href="https://www.documentcloud.org/documents/24527732-brown-v-google-llc-settlement-agreement?responsive=1&#38;title=1">documents filed in federal court</a> in San Francisco on Monday. The agreement, part of a settlement in a class action lawsuit filed in 2020, caps off years of disclosures about Google’s practices that shed light on how much data the tech giant siphons from its users­—even when they’re in private-browsing mode.</p>
<p>Under the terms of the settlement, Google must further update the Incognito mode “splash page” that appears anytime you open an Incognito mode Chrome window after ...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>An Untrustworthy TLS Certificate in Browsers</title>
		<link>https://noise.getoto.net/2022/11/10/an-untrustworthy-tls-certificate-in-browsers/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 10 Nov 2022 15:18:56 +0000</pubDate>
				<category><![CDATA[browsers]]></category>
		<category><![CDATA[certificates]]></category>
		<category><![CDATA[TLS]]></category>
		<category><![CDATA[trust]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=66069</guid>

					<description><![CDATA[<p>The major browsers natively trust a whole bunch of certificate authorities, and some of them are <a href="https://www.washingtonpost.com/technology/2022/11/08/trustcor-internet-addresses-government-connections/">really sketchy</a>:</p>
<blockquote><p>Google’s Chrome, Apple’s Safari, nonprofit Firefox and others allow the company, TrustCor Systems, to act as what’s known as a root certificate authority, a powerful spot in the internet’s infrastructure that guarantees websites are not fake, guiding users to them seamlessly.</p>
<p>The company’s Panamanian registration records show that it has the identical slate of officers, agents and partners as a spyware maker identified this year as an affiliate of Arizona-based Packet Forensics, which public contracting records and company documents show has sold communication interception services to U.S. government agencies for more than a decade...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Leaking Passwords through the Spellchecker</title>
		<link>https://noise.getoto.net/2022/09/26/leaking-passwords-through-the-spellchecker/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Mon, 26 Sep 2022 11:08:57 +0000</pubDate>
				<category><![CDATA[browsers]]></category>
		<category><![CDATA[Data protection]]></category>
		<category><![CDATA[leaks]]></category>
		<category><![CDATA[passwords]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=65898</guid>

					<description><![CDATA[<p>Sometimes browser spellcheckers <a href="https://www.bleepingcomputer.com/news/security/google-microsoft-can-get-your-passwords-via-web-browsers-spellcheck/">leak passwords</a>:</p>
<blockquote><p>When using major web browsers like Chrome and Edge, your form data is transmitted to Google and Microsoft, respectively, should enhanced spellcheck features be enabled.</p>
<p>Depending on the website you visit, the form data may itself include PII­—including but not limited to Social Security Numbers (SSNs)/Social Insurance Numbers (SINs), name, address, email, date of birth (DOB), contact information, bank and payment information, and so on.</p></blockquote>
<p>The solution is to only use the spellchecker options that keep the data on your computer—and don’t send it into the cloud...</p>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Facebook Is Now Encrypting Links to Prevent URL Stripping</title>
		<link>https://noise.getoto.net/2022/07/18/facebook-is-now-encrypting-links-to-prevent-url-stripping/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Mon, 18 Jul 2022 14:49:11 +0000</pubDate>
				<category><![CDATA[browsers]]></category>
		<category><![CDATA[encryption]]></category>
		<category><![CDATA[Facebook]]></category>
		<category><![CDATA[tracking]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=65685</guid>

					<description><![CDATA[<p>Some sites, including Facebook, <a href="https://www.ghacks.net/2022/07/17/facebook-has-started-to-encrypt-links-to-counter-privacy-improving-url-stripping/">add parameters</a> to the web address for tracking purposes. These parameters have no functionality that is relevant to the user, but sites rely on them to track users across pages and properties.</p>
<blockquote><p>Mozilla introduced <a href="https://www.ghacks.net/2022/06/03/firefox-102-query-parameter-stripping-improves-privacy/">support for URL stripping in Firefox 102</a>, which it launched in June 2022. Firefox removes tracking parameters from web addresses automatically, but only in private browsing mode or when the browser’s Tracking Protection feature is set to strict. <a href="https://www.ghacks.net/2022/06/29/firefox-remove-known-tracking-parameters-from-urls-in-all-modes/">Firefox users may enable URL stripping in all Firefox modes...</a></p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>New Browser De-anonymization Technique</title>
		<link>https://noise.getoto.net/2022/07/14/new-browser-de-anonymization-technique/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Thu, 14 Jul 2022 14:31:04 +0000</pubDate>
				<category><![CDATA[browsers]]></category>
		<category><![CDATA[de-anonymization]]></category>
		<category><![CDATA[Privacy]]></category>
		<category><![CDATA[side-channel attacks]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=65665</guid>

					<description><![CDATA[<p>Researchers have a <a href="https://www.wired.com/story/web-deanonymization-side-channel-attack-njit/">new way</a> to de-anonymize browser users, by correlating their behavior on one account with their behavior on another:</p>
<blockquote><p>The findings, which NJIT researchers will present at the Usenix Security Symposium in Boston next month, show how an attacker who tricks someone into loading a malicious website can determine whether that visitor controls a particular public identifier, like an email address or social media account, thus linking the visitor to a piece of potentially personal data.</p>
<p>When you visit a website, the page can capture your IP address, but this doesn’t necessarily give the site owner enough information to individually identify you. Instead, the hack analyzes subtle features of a potential target’s browser activity to determine whether they are logged into an account for an array of services, from YouTube and Dropbox to Twitter, Facebook, TikTok, and more. Plus the attacks work against every major browser, including the anonymity-focused Tor Browser...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Is Microsoft Stealing People’s Bookmarks?</title>
		<link>https://noise.getoto.net/2021/11/17/is-microsoft-stealing-peoples-bookmarks/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 17 Nov 2021 13:53:54 +0000</pubDate>
				<category><![CDATA[browsers]]></category>
		<category><![CDATA[microsoft]]></category>
		<category><![CDATA[Privacy]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[web privacy]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=64518</guid>

					<description><![CDATA[<p>I received email from two people who told me that Microsoft Edge enabled synching without warning or consent, which means that Microsoft sucked up all of their bookmarks. Of course they can turn synching off, but it’s too late.</p>
<p>Has this happened to anyone else, or was this user error of some sort? If this is real, can some reporter write about it?</p>
<p>(Not that “user error” is a good justification. Any system where making a simple mistake means that you’ve forever lost your privacy isn’t a good one. We see this same situation with sharing contact lists with apps on smartphones. Apps will repeatedly ask, and only need you to accidentally click “okay” once.)...</p>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Check What Information Your Browser Leaks</title>
		<link>https://noise.getoto.net/2021/09/28/check-what-information-your-browser-leaks/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 28 Sep 2021 14:51:57 +0000</pubDate>
				<category><![CDATA[browsers]]></category>
		<category><![CDATA[leaks]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=63714</guid>

					<description><![CDATA[These two sites tell you what sorts of information you&#8217;re leaking from your browser.
]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Browser Tracking Using Favicons</title>
		<link>https://noise.getoto.net/2021/02/17/browser-tracking-using-favicons/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Wed, 17 Feb 2021 12:05:03 +0000</pubDate>
				<category><![CDATA[academic papers]]></category>
		<category><![CDATA[browsers]]></category>
		<category><![CDATA[tracking]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<guid isPermaLink="false">https://www.schneier.com/?p=61942</guid>

					<description><![CDATA[<p>Interesting <a href="https://www.cs.uic.edu/~polakis/papers/solomos-ndss21.pdf">research</a> on persistent web tracking using favicons. (For those who don’t know, favicons are those tiny icons that appear in browser tabs next to the page name.)</p>
<blockquote><p><b>Abstract:</b> The privacy threats of online tracking have garnered considerable attention in recent years from researchers and practitioners alike. This has resulted in users becoming more privacy-cautious and browser vendors gradually adopting countermeasures to mitigate certain forms of cookie-based and cookie-less tracking. Nonetheless, the complexity and feature-rich nature of modern browsers often lead to the deployment of seemingly innocuous functionality that can be readily abused by adversaries. In this paper we introduce a novel tracking mechanism that misuses a simple yet ubiquitous browser feature: ...</p></blockquote>]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
		<item>
		<title>Identifying People by Their Browsing Histories</title>
		<link>https://noise.getoto.net/2020/08/25/identifying-people-by-their-browsing-histories/</link>
		
		<dc:creator><![CDATA[Bruce Schneier]]></dc:creator>
		<pubDate>Tue, 25 Aug 2020 11:28:08 +0000</pubDate>
				<category><![CDATA[academicpapers]]></category>
		<category><![CDATA[browsers]]></category>
		<category><![CDATA[identification]]></category>
		<category><![CDATA[Privacy]]></category>
		<guid isPermaLink="false">http://noise.getoto.net/?guid=b75b5c0dee4df714838300e1dfce9a03</guid>

					<description><![CDATA[Interesting paper: &#34;Replication: Why We Still Can't Browse in Peace: On the Uniqueness and Reidentifiability of Web Browsing Histories&#34;: We examine the threat to individuals' privacy based on the feasibility of reidentifying users through distinctive profiles of their browsing history visible to websites and third parties. This work replicates and extends the 2012 paper Why Johnny Can't Browse in Peace:...]]></description>
		
		
		<enclosure url="" length="0" type="" />

			</item>
	</channel>
</rss>

<!--
Performance optimized by W3 Total Cache. Learn more: https://www.boldgrid.com/w3-total-cache/

Object Caching 52/182 objects using Memcached
Page Caching using Disk: Enhanced 
Lazy Loading (feed)
Database Caching using Memcached

Served from: noise.getoto.net @ 2025-12-12 01:07:06 by W3 Total Cache
-->