An anonymous reader shares a report: Nvidia's $1,599 GeForce RTX 4090 is an incredibly powerful graphics card, but its performance comes at the cost of high power draw. Like a few of the RTX 3000-series cards, Nvidia uses a new kind of 16-pin 12VHPWR power connector to supply all that power to the card -- you can plug up to four 8-pin GPU power cables into the 12VHPWR adapter, which then plugs into the connector on the GPU, saving some board space.

But at least two RT 4090 users are now reporting that their 12VHPWR connectors have overheated and melted during use. These complaints are sourced from Reddit (via Tom's Hardware), so take them with a grain of salt -- we don't know the exact configuration of either user's PC setup. The specific model of graphics card (a Gigabyte RTX 4090 Gaming OC for one user, an Asus RTX 4090 TUF Gaming OC Edition for the other), the power supply, and any number of other factors could have contributed to the connectors overheating.

An anonymous reader quotes a report from Ars Technica: Generically, passkeys refer to various schemes for storing authenticating information in hardware, a concept that has existed for more than a decade. What's different now is that Microsoft, Apple, Google, and a consortium of other companies have unified around a single passkey standard shepherded by the FIDO Alliance. Not only are passkeys easier for most people to use than passwords; they are also completely resistant to credential phishing, credential stuffing, and similar account takeover attacks.

On Monday, PayPal said US-based users would soon have the option of logging in using FIDO-based passkeys, joining Kayak, eBay, Best Buy, CardPointers, and WordPress as online services that will offer the password alternative. In recent months, Microsoft, Apple, and Google have all updated their operating systems and apps to enable passkeys. Passkey support is still spotty. Passkeys stored on iOS or macOS will work on Windows, for instance, but the reverse isn't yet available. In the coming months, all of that should be ironed out, though.

Passkeys work almost identically to the FIDO authenticators that allow us to use our phones, laptops, computers, and Yubico or Feitian security keys for multi-factor authentication. Just like the FIDO authenticators stored on these MFA devices, passkeys are invisible and integrate with Face ID, Windows Hello, or other biometric readers offered by device makers. There's no way to retrieve the cryptographic secrets stored in the authenticators short of physically dismantling the device or subjecting it to a jailbreak or rooting attack. Even if an adversary was able to extract the cryptographic secret, they still would have to supply the fingerprint, facial scan, or -- in the absence of biometric capabilities -- the PIN that's associated with the token. What's more, hardware tokens use FIDO's Cross-Device Authentication flow, or CTAP, which relies on Bluetooth Low Energy to verify the authenticating device is in close physical proximity to the device trying to log in. "Users no longer need to enroll each device for each service, which has long been the case for FIDO (and for any public key cryptography)," said Andrew Shikiar, FIDO's executive director and chief marketing officer. "By enabling the private key to be securely synced across an OS cloud, the user needs to only enroll once for a service, and then is essentially pre-enrolled for that service on all of their other devices. This brings better usability for the end-user and -- very significantly -- allows the service provider to start retiring passwords as a means of account recovery and re-enrollment."

In other words: "Passkeys just trade WebAuthn cryptographic keys with the website directly," says Ars Review Editor Ron Amadeo. "There's no need for a human to tell a password manager to generate, store, and recall a secret -- that will all happen automatically, with way better secrets than what the old text box supported, and with uniqueness enforced."

If you're eager to give passkeys a try, you can use this demo site created by security company Hanko.

An anonymous reader quotes a report from Reuters: The Republican National Committee (RNC) filed a lawsuit against Alphabet's Google on Friday for allegedly sending its emails to users' spam folders. The U.S. political committee accuses the tech giant of "discriminating" against it by "throttling its email messages because of the RNC's political affiliation and views," according to a lawsuit filed in U.S. District Court in California. "Google has relegated millions of RNC emails en masse to potential donors' and supporters' spam folders during pivotal points in election fundraising and community building," the RNC said in the lawsuit. Google rejected the claims.

Spam filters on email services typically weed out unsolicited "spam" messages and divert them to a separate folder. The RNC said that for most of the month, nearly all of its emails end up in users' inboxes but at the end of the month, which is an important time for fund-raising, nearly all of their emails end up in spam folders. "Critically, and suspiciously, this end of the month period is historically when the RNC's fundraising is most successful," the lawsuit said, adding that it does not matter whether the email is about donating, voting or community outreach. The committee said the "discrimination" had been going on for about 10 months despite its best efforts to work with Google. It said the alleged routing of its emails to spam folders had eaten up revenue and that more money would be lost in coming weeks as midterm elections loom. "As we have repeatedly said, we simply don't filter emails based on political affiliation. Gmail's spam filters reflect users' actions," Google spokesperson Jose Castaneda said in a statement. "We provide training and guidelines to campaigns, we recently launched an FEC-approved pilot for political senders, and we continue to work to maximize email deliverability while minimizing unwanted spam," he said, referring to the Federal Election Commission.

Further reading: US Approves Google Plan To Let Political Emails Bypass Gmail Spam Filter

PayPal has announced today that passkeys are being added as a new, password-less login method to secure PayPal accounts for iPhone, iPad, and Mac users on PayPal.com, with plans to expand passkeys to other platforms as they add support. From a report: PayPal passkeys are rolling out to US customers today and will be available to "additional countries" in early 2023. Passkeys are a new type of login credential that replaces passwords with cryptographic key pairs. They are resistant to phishing attempts and are designed to avoid sharing passkey data between platforms, addressing the weakness of current password-based authentication.

Passkeys are supported by Apple, Google, and Microsoft, who have pledged to bring the FIDO Alliance standard to their respective OSes. Reusing passwords across online accounts leaves users open to hacking and other vulnerabilities, but remembering individual login details is no easy task without a secure password manager. A study from Verizon shows that over 2.6 billion records were hacked in 2017, with 81 percent estimated to have been caused by password stealing and guessing.

The Federal Trade Commission plans to take the rare step of bringing individual sanctions against the CEO of alcohol delivery company Drizly for data privacy abuses, following allegations that the company's security failures under his watch exposed the personal information of about 2.5 million customers. From a report: The proposed order will follow Drizly CEO James Cory Rellas to future businesses, requiring him to implement a security program at any companies he runs that collect information from more than 25,000 people. The order will also apply to the company itself, which is now a subsidiary of the ride-hailing service Uber. Under the terms of the FTC action, Rellas and Drizly will have to destroy unnecessary data, implement new data controls and train employees about cybersecurity.

In singling out Rellas, the FTC signaled it could use a wider range of tools to address data privacy abuses under the leadership of chair Lina Khan, who was widely expected to bring tougher oversight of the tech industry. The inclusion of Rellas follows a push from Democrats to more aggressively penalize individual executives involved in major data privacy breaches. Democrats on the commission previously criticized the agency's record-setting settlement with Facebook over the Cambridge Analytica data scandal because it did not name Facebook CEO Mark Zuckerberg.

Earlier this year, Microsoft announced that it would be releasing new hardware to encourage more developers to start using and supporting the Arm version of Windows. Dubbed "Project Volterra," all we knew about it at the time was that it would use an unnamed Qualcomm Snapdragon processor and NVMe-based storage, that it would support at least two monitors, and that it would have a decent number of ports. Today, Microsoft is putting Volterra out into the world, complete with a snappy new name: the Windows Dev Kit 2023. From a report: The Dev Kit 2023 will use a Snapdragon 8cx Gen 3 -- essentially the same chip as the Microsoft SQ3 in the new 5G version of the Surface Pro 9 -- plus 512GB of storage and a whopping 32GB of RAM for the surprisingly low price of $599.

We don't know exactly how fast the 8cx Gen 3 will be (Qualcomm says "up to 85 percent faster" CPU performance than the 8cx Gen 2, which would put it somewhere below but within spitting distance of modern Core i5 laptop CPU). But 512GB of storage and 32GB of memory should make the Dev Kit 2023 useful as a development and testing environment. Microsoft says the box can connect to up to three monitors simultaneously using its two USB-C ports and mini DisplayPort and that up to two of those displays can be 4K screens running at 60 Hz. Three USB-A ports, gigabit Ethernet, Wi-Fi 6, and Bluetooth 5.1 round out the connectivity options.

Bruce66423 writes: Britain's data watchdog has fined the construction group Interserve $4.9m after a cyber-attack that enabled hackers to steal the personal and financial information of up to 113,000 employees. The attack occurred when Interserve ran an outsourcing business and was designated a "strategic supplier to the government with clients including the Ministry of Defence." Bank account details, national insurance numbers, ethnic origin, sexual orientation and religion were among the personal information compromised. The Information Commissioner's Office (ICO) said Interserve Group broke data protection law because the company failed to put appropriate measures in place to prevent the cyber-attack, which happened two years ago. Interserve's system failed to stop a phishing email that an employee downloaded, while a subsequent anti-virus alert was not properly investigated.

The attack led to 283 systems and 16 accounts being compromised, uninstalled Interserve's anti-virus system and encrypted all current and former employees' information. The ICO said Interserve used outdated software systems and protocols, had a lack of adequate staff training and insufficient risk assessments. "This data breach had the potential to cause real harm to Interserve's staff, as it left them vulnerable to the possibility of identity theft and financial fraud," said John Edwards, the UK information commissioner. "Leaving the door open to cyber-attackers is never acceptable, especially when dealing with people's most sensitive information. The biggest cyber-risk businesses face is not from hackers outside of their company but from complacency within their company."

Gartner, the prestigious tech research and consulting firm, has released its annual predictions for "strategic tech trends" in the coming year.

Forbes offers a summary. Some highlights: Digital Immune Systems. [A]ntiquated development and testing approaches are no longer sufficient for delivering robust and resilient business-critical solutions that also provide a superior user experience. A Digital Immune System combines several software engineering strategies such as observability, automation, and extreme testing to enhance the customer experience by protecting against operational and security risks. By 2025, Gartner predicts that organizations that invest in building digital immunity will increase end-user satisfaction through applications that achieve greater uptime and deliver a stronger user experience.

Applied Observability. The path to data-driven decision making includes a shift from monitoring and reacting to data to proactively applying that data in an orchestrated and integrated way across the enterprise. Doing so can shorten the time it takes to reach critical decisions while also facilitating faster, more accurate planning. Gartner notes observable data as an organization's "most precious monetizable asset" and encourages leaders to seek use cases and business capabilities in which this data can deliver competitive advantage.
"By 2025, Gartner predicts that 50% of CIOs will have performance metrics tied to the sustainability of the IT organization," Forbes writes. But they also note that Gartner is predicting platform engineering — "a curated set of reusable self-service tools, capabilities, and processes" to speed up and optimize development. "Gartner predicts that by 2026, 80% of software engineering organizations will establish platform teams."

They're also predicting "adaptive" AI that can change after being deployed. But Forbes summarizes Gartner's related prediction, that AI leaders "increasingly must bake governance, trustworthiness, fairness, reliability, efficacy and privacy into AI operations" to improve adoption and user acceptance. This will include tools that "make AI models easier to interpret and explain while improving overall privacy and security."

PC Magazine offers this summary of a related prediction from Gartner: "By 2025, without sustainable AI practices, AI will consume more energy than the average European country, offsetting any environmental gains that AI creates by 25%."

Gartner also predicts a phasing out of marketing that uses social media sites' data about individuals — and that fully virtual workspaces "will account for 30% of the investment growth in metaverse technologies and will 'reimagine' the office experience through 2027," writes PC Magazine: [Gartner Fellow Daryl Plummer] said people need to reimagine how work will be done. He said that few people want to go back to the office full-time, but that virtual participants in calls often feel like second-class citizens. A fully immersive world is an answer to this, he said, with the interactive experience more important than information exchange. He believes metaverse experiences will be where people collaborate in ways they couldn't do in the office, blurring the line between home and work.

By 2025, "labor volatility" will cause 40% of organizations to report a material business loss, forcing a shift in talent strategy from acquisition to resilience. Plummer talked about revamping the way talent is valued. He said people don't want to do just one thing, but want to be "versatilists," which makes them more valuable to the company and less likely to leave.

Iran has one nuclear power plant. The email system of the company operating it was just breached, according to Iran's civil nuclear arm. The Associated Press reports: An anonymous hacking group claimed responsibility for the attack on Iran's Atomic Energy Organization, demanding Tehran release political prisoners arrested in the recent nationwide protests. The group said it leaked 50 gigabytes of internal emails, contracts and construction plans related to Iran's Russian-backed nuclear power plant in Bushehr and shared the files on its Telegram channel. It was unclear whether the breached system contained classified material.

The hack comes as Iran continues to face nationwide unrest...

Computer science professor Moshe Y. Vardi is the Senior Editor of Communications of the ACM.

And he's concerned about the state of cybersecurity today: In 2017, I wrote: "So here we are, 70 years into the computer age and after three ACM Turing Awards in the area of cryptography (but none in cybersecurity), and we still do not seem to know how to build secure information systems." What would I write today? Clearly, I would write: "75 years," but I would not change a word in the rest of the sentence....

The slow progress in cybersecurity is leading many to conclude the problem is not due to just a lack of technical solution but reflects a market failure, which disincentivizes those who may be able to fix serious security vulnerabilities from doing so. As I argued in 2020, the computing fields tend to focus on efficiency at the expense of resilience. Security usually comes at a cost in terms of performance, a cost that market players seem reluctant to pay. To discuss the market-failure issue and how to address it, the Computing Community Consortium organized in August this year a visioning workshop on Mechanism Design for Improving Hardware Security. The opening talk was given by Paul Rosenzweig, an attorney who specializes in national security law. He argued that technological development is founded, at the end, on human behavior.

So, the key to good cybersecurity is to incentivize humans. Thus, the answer lies in the economics of cybersecurity, which is, mostly, a private domain with lots of externalities, where prices do not capture all costs.... As the philosopher Helen Nissenbaum pointed out in a 1996 article, while computing vendors are responsible for the reliability and safety of their product, the lack of liability results in lack of accountability. She warned us more than 25 years ago about eroding accountability in computerized societies. The development of the "move-fast-and-break-things" culture in this century shows that her warning was on the mark....

If we want to address the cyber-insecurity issue, we should start by welcoming liability into computing.
Thanks to long-time Slashdot reader shanen for sharing the article

The Washington Post spotlights millions of workers newly allowed to work remotely since the pandemic — including the head of Block's global policy partnerships who moved to a tiny town in Michigan to be closer to her grandfather. And on the plus side, there's a 34-year-old who "has spent the last two years jet-setting across Spain, Italy, Greece and her motherland of Romania. She's also thrown herself into road cycling..."

Remote workers say they enjoy connecting with nature, exploring the world and spending more time with family, noting that their outlook on work has changed forever. But it's not rosy all the time: Some say their new lifestyles have introduced complications like time-zone coordination, a different approach to connecting with colleagues, slow internet connectivity, the fear of missing out in-person, and sorting out international health care and travel restrictions....

Mike Cannon-Brookes, co-founder and co-CEO of Australian software company Atlassian, moved to a farm two hours south of the company's Sydney headquarters.... "We decided that ... nobody had to come back to an office," he said. "That reduced pressure." For Cannon-Brookes, allowing his employees to work from anywhere seemed to make the most sense. But he admits Atlassian had to do a lot of retooling to make the policy functional. It had to adjust salaries based on location, coordinate time zones so that teams could work together, create moments for in-person interactions and recruit in areas it hadn't explored. While it's still working social connection, Atlassian now has a larger hiring pool and happier employees, he says. And many got to be with family. "There's a number of people who've sent beautiful, tearful messages, especially older employees who have worked awhile and realized how unusual this is," he said.

Atlassian software developer Christina Bell, 27, says the change allowed her to keep her job to spend time with her grandmother, who was diagnosed with cancer, in her homeland of New Zealand. "We went to the beach, did puzzles together, had quality time," she said of her grandmother who was an early supporter of her engineering interests. "In a good twist of events, my nana is in remission, and she's still with us a year and a half later. I'm making the most of our time." Quality time with family is a common thread among several workers who moved thanks to new work policies....

Some workers found relief leaving their cities for nature. That was the case for Naomi Barnett of Spotify and Helen Prowse of Block.... Tempe, Ariz., resident Devin Miller, who works in Yelp's people operations department, says the permanent shift to remote work made room for a new ritual: occasionally working from a cabin in the mountainous town of Pinetop-Lakeside, Ariz. There, he can watch a herd of elk parade across the front yard and take a conference call from a swinging hammock — assuming his internet signal isn't weak. "It's a total refresh for both of us," he said, referring to his partner.

"Being stuck in our house put a lot of pressure on our relationship."

First released in 1998, the BSD-licensed software Zeek (originally named "Bro") is about to get more widely adopted, writes long-time Slashdot reader skinfaxi: Zeek, the open source network security monitoring platform, is being integrated into Windows and "is now deployed on more than one billion global endpoints," according to an announcement from Corelight.
From Corelight's press release: Corelight, the leader in open network detection and response, today announced the integration of Zeek, the world's most popular open source network security monitoring platform, as a component of Microsoft Windows and Defender for Endpoint. The integration will help security teams respond to the most challenging attacks by providing "richer signals for advanced threat hunting, complete and accurate discovery of IoT devices, and more powerful detection and response capabilities."

Originally created by Corelight co-founder and chief scientist Dr. Vern Paxson while at Lawrence Berkeley National Laboratory, Zeek transforms network traffic into compact and high-fidelity logs, file content, and behavioral analytics to accelerate security operations. Vital funding for Zeek came initially from the National Science Foundation and the US Department of Energy's Office of Science. As adoption increased, Corelight was founded to provide a financial model and corporate sponsor for the project....

"Microsoft is strongly committed to supporting open source projects and ecosystems," said Rob Lefferts, corporate vice president for Microsoft. "We're proud to be working with Zeek and are thrilled to bring this level of network intelligence and monitoring to our customers."

"This is an amazing development for Zeek and its community of contributors and users," said Paxson. "I never imagined that the tool I developed for network monitoring would find broader application in defending endpoints — but that's part of the creative magic of open source development.

"We are grateful for Microsoft's contributions and support, and we are excited that the project's impact, and that of the community of contributors, will increase so dramatically."

French police said Friday they're investigating multiple cuts to fiber-optic cables in France's second-largest city. Operators said the cables link Marseille to other cities in France and Europe and that internet and phone services were severely disrupted. From a report: The disruptions in Marseille were a taste of what analysts warn could be far larger problems in other cases if cables are systematically attacked. The vulnerability of fiber-optic cables, especially those underwater, and other key infrastructure was highlighted by the sabotage last month in the Baltic Sea of natural gas pipelines from Russia. The damage in the city in southern France also appeared to resemble suspected acts of sabotage to other cables in the country earlier this year. French cable operator and internet service provider Free said its repair teams were mobilized before dawn Wednesday to deal with "an act of vandalism on our fiber infrastructure." It said the attacks were simultaneous and on multiple spots of its fiber network near Marseille. Photos that Free published on Twitter showed multiple cables completely severed in their concrete housings buried in the ground. It said the cuts led to major disruptions to its network and phone services in the Marseille area.

The Biden administration said it will launch a cybersecurity labeling program for consumer Internet of Things devices starting in 2023 in an effort to protect Americans from "significant national security risks." TechCrunch reports: Inspired by Energy Star, a labeling program operated by Environmental Protection Agency and the Department of Energy to promote energy efficiency, the White House is planning to roll out a similar IoT labeling program to the "highest-risk" devices starting next year, a senior Biden administration official said on Wednesday following a National Security Council meeting with consumer product associations and device manufacturers. Attendees at the meeting included White House cyber official Anne Neuberger, FCC chairwoman Jessica Rosenworcel, National Cyber Director Chris Inglis and Sen. Angus King, alongside leaders from Google, Amazon, Samsung, Sony and others.

The initiative, described by White House officials as "Energy Star for cyber," will help Americans to recognize whether devices meet a set of basic cybersecurity standards devised by the National Institute of Standards and Technology (NIST) and the Federal Trade Commission (FTC). Though specifics of the program have not yet been confirmed, the administration said it will "keep things simple." The labels, which will be "globally recognized" and debut on devices such as routers and home cameras, will take the form of a "barcode" that users can scan using their smartphone rather than a static paper label, the administration official said. The scanned barcode will link to information based on standards, such as software updating policies, data encryption and vulnerability remediation.

The Federal Aviation Administration is investigating the cause of mysterious GPS interference that, over the past few days, has closed one runway at the Dallas-Fort Worth International Airport and prompted some aircraft in the region to be rerouted to areas where signals were working properly. From a report: The interference first came to light on Monday afternoon when the FAA issued an advisory over ATIS (Automatic Terminal Information Service). It warned flight personnel and air traffic controllers of GPS interference over a 40-mile swath of airspace near the Dallas-Fort Worth airport. The advisory read in part: "ATTN ALL AIRCRAFT. GPS REPORTED UNRELIABLE WITHIN 40 NM OF DFW." An advisory issued around the same time by the Air Traffic Control System Command Center, meanwhile, reported the region was "experiencing GPS anomalies that are dramatically impacting" flights in and out of Dallas-Fort Worth and neighboring airports. It went on to say that some of the airports were relying on the use of navigation systems that predated GPS.

Microsoft says that an unspecified amount of customer data, including contact info and email content, was recently left exposed to potential access over the internet as a result of a server configuration error. From a report: Cybersecurity vendor SOCRadar, which reported the data leak to Microsoft, said in a blog post that data belonging to more than 65,000 companies was affected. Microsoft, however, said in its own post that SOCRadar "has greatly exaggerated the scope of this issue." Microsoft didn't disclose specifics around the number of companies whose data may have been exposed in the leak or the amount of data involved. The server misconfiguration was reported on Sept. 24, and the impacted server was "quickly secured" after that, according to Microsoft. Due to the configuration error, there was a potential that certain "business transaction data" could have been accessed without a need for authentication, Microsoft said. The data corresponds to "interactions between Microsoft and prospective customers," including around the planning and implementation of Microsoft services, the company said in its post.

What secrets does the inside of the Pixel Watch hold? iFixit -- Google's new repair partner -- tore down Google's first self-branded smartwatch to see exactly how this thing was put together. From a report: Like us, iFixit came away with strong "first generation" vibes. The good news is that it does not look impossible to replace the display. The usual bit of heat and prying pops the top off, but the less-than-ideal layout means you'll have to remove the battery, too, since the connector is buried under the soft battery pouch. A display replacement is a real concern here, considering the entire top half of the watch is glass. If you bang the watch against something or drop it, there's a good chance you'll shatter the all-glass corners. [...] iFixit took a good amount of time in the four-minute video to call Google's internal construction "ugly." After cracking open the front, iFixit's Sam Goldheart noted, "Right away, it's obvious we're in Android country. The silver battery pouch and Kapton tape are almost a shock after all our Apple teardowns," later adding that the welds holding together the haptic feedback buzzer were "kind of ugly."

An anonymous reader shares a report: We've said it before, and we'll say it again: USB-C is confusing. A USB-C port or cable can support a range of speeds, power capabilities, and other features, depending on the specification used. Today, USB-C can support various data transfer rates, from 0.48Gbps (USB 2.0) all the way to 40Gbps (USB4, Thunderbolt 3, and Thunderbolt 4). Things are only about to intensify, as today the USB Implementers Forum (USB-IF) published the USB4 Version 2.0 spec. It adds optional support for 80Gbps bidirectional bandwidth as well as the optional ability to send or receive data at up to 120Gbps.

The USB-IF first gave us word of USB4 Version 2.0 in September, saying it would support a data transfer rate of up to 80Gbps in either direction (40Gbps per lane, four lanes total), thanks to a new physical layer architecture (PHY) based on PAM-3 signal encoding. For what it's worth, Intel also demoed Thunderbolt at 80Gbps but hasn't released an official spec yet. USB4 Version 2.0 offers a nice potential bump over the original USB4 spec, which introduced optional support for 40Gbps operation. You just have to be sure to check the spec sheets to know what sort of performance you're getting. Once USB4 Version 2.0 products come out, you'll be able to hit 80Gbps with USB-C passive cables that currently operate at 40Gbps, but you'll have to buy a new cable if you want a longer, active 80Gbps.

Germany's cybersecurity chief has been fired after allegations of being excessively close to Russia through an association he helped set up. The BBC reports: Arne Schonbohm had led the Federal Cyber Security Authority (BSI) -- charged with protecting government communications -- since 2016. German media have accused him of having had links with people involved with Russian intelligence services. The interior ministry is investigating allegations made against him. But it confirmed he had been fired with immediate effect.

Mr Schonbohm had come under scrutiny after his potential links to a Russian company through a previous role were highlighted by Jan Bohmermann, the host of one of Germany's most popular late-night TV shows. Before leading the BSI, Mr Schonbohm had helped set up and run the Cyber Security Council Germany, a private association which advises business and policymakers on cybersecurity issues. He is said to have maintained close ties to the association and attended their 10th anniversary celebrations in September. One of the association's members was a cybersecurity company called Protelion, which was a subsidiary of a Russian firm reportedly established by a former member of the KGB honored by President Vladimir Putin. Protelion was ejected from the association last weekend, and Cyber Security Council Germany says the allegations of links to Russian intelligence are untrue.

DuckDuckGo is rolling out its web browsing app for Mac users as an open beta test. Designed for privacy, the app was announced back in April as a closed beta, but is now available for all Mac users to try before its official public launch. From a report: The desktop browser includes the same built-in protections we've seen already featured in DuckDuckGo's mobile apps, combining DuckDuckGo's search engine, defenses against third-party tracking, cookie pop-up protection, and its popular one-click data clearing 'Fire Button.' Some additional features have been added to the browser (version 0.30) since its original announcement.

Now users can try Duck Player, a feature that protects users from targeted ads and cookies while watching YouTube content. Ads viewed within the Duck Player will not be personalized, which DuckDuckGo claims actually removed most YouTube ads as a result during testing. YouTube will still register your views, but content watched through Duck Player won't contribute to your YouTube advertising profile. Pinned tabs and a new bookmarks bar have been included to address feedback from early beta testing, as well as a way to view your locally stored browsing history. DuckDuckGo's Cookie Consent Pop-Up Manager is also available which works on about 50 percent of sites (with more to come) to automatically choose the most private option and spare users from the annoying pop-up messages. The app also lets you activate DuckDuckGo Email Protection on the desktop to better protect your inbox with email tracker blocking.