Skip to main content


Instagram Silently Rolls Out Message Reminders (You Can Turn Then Off!)

Instagram has silently rolled out a new feature that some users might find annoying. We are talking about Message Reminders . An app sending reminders to check missed or unread messages is not a new thing. Some messenger apps like Skype send reminders to users who have not opened incoming messages.  Apparently, Instagram has now got a new, similar feature at least on Android. These reminders come in the form of a notification, similar to any other notifications including direct messages. However, the only difference is even if you cleared an original notification without responding to a message, Instagram will still send you another notification after a period. In our case, we received this new reminder notification around 23 hours after receiving the first (original message) notification. Just to make it clear, reminder notifications are not the same as standard notifications that will not go away even after clearing them or reappear along with other unread messages. These are new not

Exclusive: Web Environment Integrity (Currently) Limited to Android, Testing on Chrome and WebView

Both Chrome and WebView are undergoing Web Environment Integrity (WEI) integration tests, with Android being the only platform currently supported by Google’s recently proposed API, Techtsp is able to report and confirm. As per the codebase we have examined, several developments are happening around WEI. One such development is adding a new storage capability on Android devices, designed to store key-pair identifiers "Environment Integrity Handles" (read attestations), along with calls to the Play Integrity Attester for Android. These “Handles” are 64-bit integer identifiers used within the proposed system. They play a vital role in creating "Integrity Tokens" (read attestation tokens). These cryptographic tokens will be used to carry out integrity checks on web environments, as evidenced by the code we have seen. Interestingly, attentions are being designed in such a way that they can be retrieved even after the browser is closed. Perhaps, Google views this as an

Google Chrome to Add Array Grouping Methods

Google Chrome 117 is adding two new methods to the Object and Map objects: groupBy() and mapGroupBy() . These methods allow developers to group elements in an array based on a common property, such as the first letter of a word or the date an event occurred. The groupBy() method returns a plain object, where the groups are property keys and the values are arrays of elements. The mapGroupBy() method returns a Map object, where the keys are arbitrary values and the values are arrays of elements. The main benefits of these new methods are for web developers to efficiently group elements in arrays based on common properties, simplifying data analysis tasks and making it easier to manipulate and organize data in their applications. This enhanced functionality in JavaScript can result in more efficient and concise code for developers, potentially leading to faster and more feature-rich web applications. It might also allow developers to create more sophisticated data analysis tools on the cl

Google Engineer's Controversial Call to Ignore Criticism Rocks Developer Community

(Photo: Unsplash) Recent remarks from a Google engineer  Rick Byers  have sparked widespread criticism over the openness of dialogue surrounding Google's controversial Web Environment Integrity (WEI) API proposal. With a career spanning 12 years at Google and over 6 years at Microsoft prior to that, Byers is no stranger to complex technical discussions and heated debates. However, it's his latest comments that have touched a raw nerve in the developer community. Byers' controversial remarks centered around his encouragement to the team developing the API to disregard feedback from forums that do not comply with Chromium's code of conduct. "I have encouraged the team working on this [WEI API] to ignore feedback in any forum in which something like Chromium's code of conduct is not being maintained as anything else would be creating an unsafe working environment," Byers said in his comment on a discussion forum. Although Byers' comment was in response t

Is Google's Proposed Web Environment Integrity API A Step Towards Browser Monopoly? Developer Raises Alarm

Google's proposed Web Environment Integrity API has ignited a serious debate within the developer community , with some expressing fears that the new technology could undermine open web standards and user privacy. Jake Rarisma, a developer, is one of the latest voices to express concerns about the potential implications of Google's proposal. "Honestly your proposal scares me and it clearly scares other people too. I've seen this proposal from its first day and yet I am unable to find anyone online who supports this that isn't being paid by Google/Alphabet," wrote Rarisma. Rarisma expressed fear that the new API could be abused to further consolidate Chrome's dominance in the browser market, a situation he described as 'already rather egregious.' He highlighted the potential for technology like WEI to restrict access to certain applications or functionalities, citing his personal experiences with his rooted Pixel phone: "I own a computer and e

Chrome to Remove Support for SHA-1 Signatures in TLS

Google will be removing support for SHA-1 signatures in TLS in a future release of Chrome (version 117). SHA-1 is a hash function that has been known to have collisions, which means that it is possible to create two different pieces of data that have the same SHA-1 hash value. This makes it possible for an attacker to impersonate a TLS server by creating a certificate with a SHA-1 signature that matches the signature of a legitimate certificate. The removal of support for SHA-1 signatures in TLS is a security measure that will help to protect users from this attack. The IETF, the organization that develops the standards for the internet, has deprecated the use of SHA-1 signatures in TLS, and most browsers have already removed support for them. Chrome will continue to support SHA-1 in client certificates and client signatures for now. However, server operators can and should reject SHA-1 from the client when deploying client certificates. This will help to mitigate the risk of client im

Chrome to Remove -webkit-highlight CSS Property

Google will be removing the -webkit-highlight CSS property from Chrome in an upcoming version 117. The property was intended to highlight text, but was never standardized and has no visible effect in Chromium. It was removed from WebKit in 2014 and has been marked as deprecated on MDN. The motivation for the removal is to avoid confusion with the new CSS Highlight Pseudo spec, which provides a more consistent and standardized way to highlight text. The removal will also clean up the code and remove about 1K of memory usage. The -webkit-highlight property is currently used in a single third-party library, but the library developers have been notified of the removal and will be updating their code to use the CSS Highlight Pseudo spec.

Former Google Engineer Speaks Out Against Controversial Web Environment Integrity API Proposal

Photo: Web.Dev Chris Palmer, a former Google engineer involved with Chrome OS Security, has called for a retraction of the Web Environment Integrity API proposal. This comes amidst the ongoing dialogue between Google's engineers and the broader developer community on the potential impacts and implications of the proposed API . Palmer, citing his experience as a 'recent former Chromie,' expressed serious concerns about the API's effect on the openness of the web as a mainstream application platform. He argued that the proposal, while potentially serving publishers' interests, could be neutralized by browser extensions and Dev Tools, which he described as 'incalculably valuable' and non-negotiable. "The web is the open, mainstream application platform. The world really, really needs it to stay that way... Whatever goals publishers might think this serves (although it doesn't), extensions and Dev Tools (and other debuggers) neutralize it. Extensions a

Controversy Swirls Around Google API, Accused of Granting Excessive Control to Site Owners

Google's proposed Web Environment Integrity API has ignited a heated discussion in the developer community, with concerns over privacy and potential misuse. According to an ongoing discussion between Google engineers and developers, the stakes and consequences of this development are being seriously considered. A forum participant ' Morgaine (de la faye)'  previously expressed concerns about the proposed API, arguing that it may grant too much power to site owners, potentially infringing upon the rights of Chrome users. Morgaine mentioned the risks for users of rooted Android devices who might find themselves unfairly locked out of certain websites or functionalities. They referred to RFC 8890, stating, "The Internet Is For End Users," implying that the proposed API might contravene this principle: "I'm not sure how RFC 8890 compliant this proposal is. This seems to create a large power for site owners to dictate & control user behavior. But RFC 8890

Google Engineers Propose New "Web Environment Integrity" API for Chrome Browser

Google engineers intend to prototype the "Web Environment Integrity" API for the Chrome browser. The explainer suggests that the API would carry out integrity checks on web environments, aiming to enhance the overall security and trustworthiness of online interactions. This process involves what the document terms as 'trusted attesters,' third parties capable of providing an 'attester verdict' about the environment's integrity. The document claims that this feature could be particularly useful in circumstances where users must trust the integrity of the web environment. For instance, the document notes that during online gaming, users trust that others are not cheating. Likewise, when using social media websites, users trust that engagement metrics are genuine and not artificially manipulated. Significantly, the draft emphasizes the role of this API in maintaining user privacy. The document points out that in the current scenario, websites are tasked wit