Microsoft Allots Special Status to Web Browsers in Windows 8, Google Confirms Metro Version of Chrome is Under Development

Microsoft, which has been making a lot of noise about the “no-compromise” development mantra of Windows 8, has been forced to make another compromise. Realizing that the new WinRT APIs are too restrictive for modern web browsers, Microsoft has created a special application class for web browsers.

nullWinRT or Windows Runtime is the new programming model that Metro apps will be using. WinRT applications can be developed using Visual C#, C++ etc. as well as web technologies like HTML, CSS, and JavaScript. WinRT is a sandboxed API that is more secure and power efficient than the classical Win32 API. The expectation is that WinRT will go a long way towards solving Windows’ malware problem. Unfortunately, Microsoft has already been forced to make compromises for the sake of practicality.

Windows Phone, which has received widespread critical acclaim, has had a very visible influence on Windows 8. Unfortunately, not everything that works in a smartphone is conducive to a desktop OS. The restrictive nature of Windows Phone has deterred developers such as Opera from supporting the platform. No one made a big fuss about it since Microsoft has a fairly small smartphone market share. However, if Windows 8 were to do the same thing, anti-trust proceedings would be all but certain. Moreover, Microsoft itself executes Internet Explorer Metro with elevated privileges.

The solution proposed by Microsoft is far from ideal, but compromises never are. The Metro version of a browser will be dependent on the classical version. Hence, a user will have to download and install the browser through a classical installer package. This means that third party web browsers won’t be available in the Windows Store. This is a fairly significant limitation, since ARM devices will only support the new Metro interface, and sideloading of apps will be disabled. Another restriction is that only the browser that the user sets as default will be able to run in the new Metro mode.

Firefox had already confirmed that it intends to release a Metro-fied edition. Now, a Google rep has informed Mashable that Chrome for Windows 8 is also under development. “Our goal is to be able to offer our users a speedy, simple, secure Chrome experience across all platforms, which includes both the desktop and Metro versions of Windows 8,” the rep said. “To that end we’re in the process of building a Metro version of Chrome along with improving desktop Chrome in Windows 8 such as adding enhanced touch support.”

Google Chrome Finally Hacked

After managing to remain unscathed for four consecutive years, Google Chrome has finally been breached, and Google is rewarding the hacker with $60,000. Google Chrome’s security features were bypassed successfully by hackers in both Pwn2Own and Pwnium.

Google-Chrome-PwnedPwn2Own is an annual hacking fest sponsored by HP, which challenges hackers to breach fully patched web browsers and operating systems. Google Chrome was the only browser that couldn’t be hacked for the past four years. This year, it was the first to fall. A team from the French security firm VUPEN, lead by its co-founder and head of research Chaouki Bekrar, managed to take complete control of a fully patched 64-bit Windows 7 (SP1) machine within five minutes by using two zero-day exploits. VUPEN also claims to have zero-day exploits for Internet Explorer, Firefox, and Safari.

This year, Google is also running its own competition called Pwnium, which has a total bounty of $1 million. Google decided against sponsoring Pwn2Own, since its new rules don’t compel hackers to responsibly disclose vulnerabilities to the software developer. VUPEN itself intends on selling the exploits to its clients. Sergey Glazunov, a Russian university student, managed to bypass Google Chrome’s sandbox feature in Pwnium.

The breaches mean that Google will no longer be able to tout its clean record. However, Chrome developers aren’t mourning. While announcing the contest, Chris Evans and Justin Schuh from Chrome’s security team had explained that they have a big learning opportunity when they receive full end-to-end exploits. “Not only can we fix the bugs, but by studying the vulnerability and exploit techniques we can enhance our mitigations, automated testing, and sandboxing”.

How To Hide Facebook Timeline? Use IE7

recently rolled out the Facebook Timeline to all users. Unfortunately, it does not have any option for users to disable it making several users angry about the fact.

Facebook Timeline

Now there are several scripts and User styles which will allow you to disable the Facebook Timeline. However, most of them require you to perform several actions before you can get back to your old profile. Also, the same solution won’t work for all the browser. So, if you are looking for a simple solution to disable Facebook Timeline with minimal efforts, here is what you can do.

Please note: This trick will only disable Facebook Timeline for yourself. It will not hide your Facebook Timeline from your friends and they will still be able to view it.

The Easiest Solution – Use Internet Explorer 7. Facebook Timeline is not supported on IE7 and probably won’t be in the future too. If you don’t want to browse your profile or your friends profile with Facebook Timeline, just use Internet Explorer 7.

If you use browsers like , or you can still mimic your browser string as Internet Explorer 7 and fool Facebook into believing that you are using IE7 thus disabling or removing the Facebook Timeline for you. You can use the following , and tricks to fool Facebook.

For all purposes below, the user agent string for IE7 is given below:

Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)

Firefox Users – Install the User Agent Switcher add-on and follow the instructions given at this link to add a new IE7 user agent to the add-on and then use the user agent while browsing Facebook.

Google Chrome Users – Create a new shortcut for Google Chrome and name it Facebook or something. Once you have done that, edit the shortcut and add -user-agent="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)" to it. Once you have done that, use the shortcut while you are browsing Facebook and the timeline will be disabled. (Find Instructions for creating and editing the Chrome shortcut)

Safari Users – Enable Develop mode in Safari by going to Preference -> Advanced and selecting the check box next to "Show Develop menu in menu bar". Once you have done that, select the "User Agent" sub-menu from the Develop menu and select "Internet Explorer 7.0" from the available options.

Internet Explorer Users – If you are using IE7, you don’t need to do anything. If not, you can make use of an IE Add-on called UA Pick. Instructions on changing your user-agent in IE at this link.

Opera users have it a little bit tougher since you will have to modify Opera configuration data so I will leave it out for now and will add that information as a separate post later on and link it from here. In the meantime, you can always use one of the browsers mentioned above.

Opera Mini Next Goes Social

Even though smartphones rule the roost in MWC, Opera Software hasn’t forgotten about its dumb phone users. Opera Mini Next 7, which was unveiled earlier today, introduces many of the conveniences of a smartphone to J2ME powered budget handsets.


Typically, Opera has dedicated its entire new tab page to speed dials, which are visual bookmarks that provide one click access to a user’s favorite websites. However, Opera Mini 7 features something called “Smart Page”. Speed dials are still there; however, they are now tucked away in a separate tab, and like its more abled sibling, Opera Mini now supports an unlimited number of speed dials. The Smart Page itself is an amalgamation of content from various places around the web, including social networks. Check out the video below to get an idea about how Smart Page works.

Opera’s CEO Lars Boilesen explained the rationale behind the new start page in the press release.

“When people think of using social networks on the go, they often imagine a smartphone with the latest apps installed. At Opera, we know that’s not the way a majority of mobile phone owners access their social networks. That’s why we’ve made ‘ordinary’ phones smarter, by making it easier to use the most popular social networks right in the first screen of Opera Mini for feature phones. Just because you’re on a more basic phone, doesn’t mean you can’t be a active social networker.”


Unfortunately, Smart Page is restricted to only J2ME, BlackBerry and Symbian S60 devices for now. Opera Mini for smartphones like iOS and Android also received an update. However, on smartphones the focus was more on improving rendering and performance than adding new features.


The preview release of Opera Mini 7 is available at

Opera Mobile 12 Introduces Hardware Acceleration and Enhanced HTML5 Support

Opera Mobile for Android has been updated to introduce many of the shiny new features of Opera 11.6 and 12 to the mobile platform. The most visible change is the new “Infinite Speed Dial”, which supports bookmaking of as many websites as you want. Previously, you were limited to only 9 speed dials (visual bookmarks) in Opera Mobile. However, the biggest enhancements in Opera Mobile 12 are all under the hood improvements.


Opera Mobile 12 features the Ragnarök HTML5 parser that was introduced in its desktop counterpart a few months back. Opera promises better web apps and increased compatibility with websites with the new parser. Native webcam support and device orientation detection specifications of HTML5 have also been implemented. As a result, Opera Mobile 12 now scores a whopping 354 points on Chrome for Android, which supports only ICS (Ice Cream Sandwich), and Safari for iOS score 343 and 305 points respectively. Head over to to check out the fancy new capabilities of Opera Mobile 12 and compare it with your mobile browser.

Opera Mobile 12 also does WebGL, which even Chrome for Android doesn’t support. WebGL is a graphics library that leverages the GPU (graphics processing unit) of a device to render complex 3D graphics in a web browser. “Opera have contributed significantly to the development of the WebGL specification and now Opera Mobile is playing a leading role in the roll-out of GPU-accelerated WebGL on Android,” said Neil Trevett, Khronos president and vice president of mobile content at NVIDIA.


Opera has always focused on trying to be available on as many platforms and in as many form factors as possible. In that spirit, Opera has also released lab builds of Opera Mobile that are optimized for MIPS and Intel architectures. MIPS is expected to be powering several low-cost Android tablets in the coming months. On the other hand, Intel is desperate to challenge ARM’s dominance in the mobile market, and will have a number of device launches across the budget spectrum in 2012. “Intel looks forward to a bright future with Android on Intel Atom processors,” remarked Doug Fisher, Vice President of the Software and Services Group and General Manager of the Systems Software Division at Intel.

Opera Mobile 12 for Android is available for download from the Market.

Microsoft: Google Breaches P3P Policy, But They Let Facebook "Do It"

Update: See statement from Google at the end of the post

There has been a lot of hoopla about Google breaching privacy and circumnavigating settings in Safari. They have definitely been circumspect at what they are doing but a new report from Microsoft which says that Google did similar things with IE9 as well. Well, here’s the catch, there is nothing illegal Google did and Microsoft just let off the hook with it.

Let’s get to the start of where Microsoft is accusing Google:

By default, IE blocks third-party cookies unless the site presents a P3P Compact Policy Statement indicating how the site will use the cookie and that the site’s use does not include tracking the user. Google’s P3P policy causes Internet Explorer to accept Google’s cookies even though the policy does not state Google’s intent.

Well for starters, P3P is outdated and no longer under development. It is a age old policy which many websites including both Google and Facebook choose to ignore or not follow at all and mind you there is nothing legally wrong with it.

Google and Facebook authentication both have fake P3P policies in the HTTP headers that link to a webpage that explains why they don’t support it:

As you can see from the above, Facebook does not have a P3P policy and Google chooses to ignore it altogether. Now, both these approaches are different but they do the same thing; allow these websites to access third-party cookies because they don’t follow the P3P policies.

P3P also known as Platform for Privacy Preferences was started out by W3C in 2006 and the final draft was published in 2007. However, after P3P 1.1, W3C also effectively suspended all work on P3P as is evident from This means that the technology in question Microsoft has been using to gather information against Google was no longer developed for 5 years or more.

After a successful Last Call, the P3P Working Group decided to publish the P3P 1.1 Specification as a Working Group Note to give P3P 1.1 a provisionally final state.

The P3P Specification Working Group took this step as there was insufficient support from current Browser implementers for the implementation of P3P 1.1. The P3P 1.1 Working Group Note contains all changes from the P3P 1.1 Last Call. The Group thinks that P3P 1.1 is now ready for implementation. It is not excluded that W3C will push P3P 1.1 until Recommendation if there is sufficient support for implementation.

On the other hand, P3P keeps being the basis of a number of research directions in the area of privacy world wide. One might cite the PRIME Project as well as the Policy aware Web. Many other approaches also follow the descriptive metadata approach started by P3P. Such projects are invited to send email to <[email protected]> to be listed here.

This puts a big question mark, because Microsoft provided evidence against Google using this outdated technology which several companies and browser no longer honor.

So all in all, Microsoft is more than happy to give the same information to Facebook (because they are their partners) while dishing out hate to Google? This is definitely not the best way for a company which hardly follows W3C standards for web coding and CSS to accuse others of circumnavigating things which are outdated.

Google’s Statement Regards to Microsoft Accusations by Rachel Whetstone, Senior Vice President of Communications and Policy, Google

Microsoft omitted important information from its blog post today.

Microsoft uses a “self-declaration” protocol (known as “P3P”) dating from 2002 under which Microsoft asks websites to represent their privacy practices in machine-readable form. It is well known – including by Microsoft – that it is impractical to comply with Microsoft’s request while providing modern web functionality. We have been open about our approach, as have many other websites.

Today the Microsoft policy is widely non-operational. A 2010 research report indicated that over 11,000 websites were not issuing valid P3P policies as requested by Microsoft.

Google also goes on to suggest that this has been around since 2002. You’ll find the entire statement from Google below:

For many years, Microsoft’s browser has requested every website to “self-declare” its cookies and privacy policies in machine readable form, using particular “P3P” three-letter policies.
Essentially, Microsoft’s Internet Explorer browser requests of websites, “Tell us what sort of functionality your cookies provide, and we’ll decide whether to allow them.” This didn’t have a huge impact in 2002 when P3P was introduced (in fact the Wall Street Journal today states that our DoubleClick ad cookies comply with Microsoft’s request), but newer cookie-based features are broken by the Microsoft implementation in IE. These include things like Facebook “Like” buttons, the ability to sign-in to websites using your Google account, and hundreds more modern web services. It is well known that it is impractical to comply with Microsoft’s request while providing this web functionality.
Today the Microsoft policy is widely non-operational.
In 2010 it was reported:

Browsers like Chrome, Firefox and Safari have simpler security settings. Instead of checking a site’s compact policy, these browsers simply let people choose to block all cookies, block only third-party cookies or allow all cookies…..

Thousands of sites don’t use valid P3P policies….
A firm that helps companies implement privacy standards, TRUSTe, confirmed in 2010 that most of the websites it certifies were not using valid P3P policies as requested by Microsoft:

Despite having been around for over a decade, P3P adoption has not taken off. It’s worth noting again that less than 12 percent of the more than 3,000 websites TRUSTe certifies have a P3P compact policy. The reality is that consumers don’t, by and large, use the P3P framework to make decisions about personal information disclosure.

A 2010 research paper by Carnegie Mellon found that 11,176 of 33,139 websites were not issuing valid P3P policies as requested by Microsoft.
In the research paper, among the websites that were most frequently providing different code to that requested by Microsoft: Microsoft’s own and websites.
Microsoft support website
The 2010 research paper “discovered that Microsoft’s support website recommends the use of invalid CPs (codes) as a work-around for a problem in IE.” This recommendation was a major reason that many of the 11,176 websites provided different code to the one requested by Microsoft.
Google’s provided a link that explained our practice.
Microsoft could change this today
As others are noting today, this has been well known for years.

  • Privacy researcher Lauren Weinstein states: “In any case, Microsoft’s posting today, given what was already long known about IE and P3P deficiences in these regards, seems disingenuous at best, and certainly is not helping to move the ball usefully forward regarding these complex issues.”
  • Chris Soghoian, a privacy researcher, points out: “Instead of fixing P3P loophole in IE that FB & Amazon exploited …MS did nothing. Now they complain after Google uses it.”
  • Even the Wall Street Journal says: “It involves a problem that has been known about for some time by Microsoft and privacy researchers….”

Smooth Scrolling Comes to Google Chrome in Chrome 19

has seen tremendous growth since it was released 2 years ago. It has competed with browsers like and Internet Explorer by adding new features which have drawn users towards it. However, one of the most requested feature that has been missing in Google Chrome has been smooth scrolling.

Google Chrome Logo

Smooth Scrolling allows users to browse webpages in a single flow without continuous jumps in the display. The lack of this feature made scrolling in Chrome a bad experience if not worse. However, the wait for Smooth Scrolling might be over in a few months because Google has now included the Smooth Scrolling feature in the development version of Google Chrome (v19.0.1041.0 dev-m).

With the introduction of this feature, scrolling in Chrome has become less jumpy and maintains a single flow when you are scrolling from top to bottom or vice versa. The feature might be rolled out with the stable version of Google Chrome in near future, so you might have to wait a month or two before you can start using it.

If you are using the dev version, you will have to enable the Smooth Scroll feature in about:flags before you can use it. Head over to about:flags and enable "Smooth Scrolling". This feature is available for Windows, Linux and Chrome OS only so Mac OS X users won’t be able to use it yet.

Mozilla Reveals Firefox’s Roadmap for 2012

Yesterday, we reported that Mozilla is working on a Metro-fied version of Firefox for Windows 8. Today, we are going to take a look at some of the other major stuff Mozilla has in store for Firefox fans in 2012. The Firefox roadmap, which was published yesterday, offers a pretty detailed look at all the major new features that are planned for Firefox. Here are the features that appealed to us the most.

  • Chrome Migration: Firefox can already import user data (such as cookies, history, and bookmarks) from Internet Explorer, Opera, and Safari. The only notable exception is Chrome, which is currently the most popular browser after Internet Explorer. However, this will be fixed soon with the addition of support for data migration from Chrome.
  • Add-ons Sync: Firefox Sync (previously Weave) is a perfectly capable sync tool; however, it has one major limitation. It can’t sync add-ons. Again, this will also be fixed soon.


  • New Tab Page: Opera’s speed dial has really really caught on, and almost all major browsers have already implemented it in some form. The only one that is yet to properly utilize the default tab page is Firefox. There are quite a few extensions that do a great job of plugging this shortcoming, but Mozilla will baking in speed dial like visual bookmarks soon.
  • Home Tab: In addition to adding a new tab page, Firefox will also get a new “Home” tab that will essentially behave like a pinned tab. It will be a locally hosted, highly personalized and customizable page that will provide quick access to websites, downloads, and apps.
  • Panel Based Download Manager: Currently Firefox’s Download Manager exists as a separate window. Most other browsers like Chrome and Opera offer a much more integrated experience. In the future, Firefox will allow management of downloads from any existing tab, through a panel.
  • Firefox Share: Social media is now mainstream, and millions of users regularly share and discover content through services like Facebook, Twitter, Tumblr and Pinterest. Although extensions and bookmarklets are available for sharing content on various social media websites; Mozilla hopes that offering a single, integrated location for sharing and commenting on links will improve user experience.
  • Log into Firefox: An evolved version of the Firefox Account Manager feature that we had first seen a couple of years back will finally make it into Firefox. Users will be able to automagically sign into various connected accounts by simply logging into Firefox Sync.
  • Integrated Translation: Firefox will be taking a leaf out of Chrome’s book, and automatically translate foreign language websites.
  • Add-on Performance Indicator: Faulty add-ons have long been a cause of headache for users, as one bad add-on can bring Firefox on its knees. Mozilla wants to empower users by providing stats on the performance impact of each add-on. We imagine that this will be similar to what Internet Explorer 10 does.
  • Firefox Focus: Users will be able to manually trigger a special “Focus” mode that will strip away advertisements and redundant formatting from webpages, and present the actual content in an easy to read format. This feature will be similar to Instapaper or Safari Reader.
  • IonMonkey: IonMonkey is Firefox’s next-gen JavaScript that is expected to be introduced towards the end of the year. Although, all modern browsers have outstanding JavaScript performance, IonMonkey should bring tangible performance benefits.
  • Inline PDF Viewer: Firefox will be getting out of the box support for PDF document rendering. Instead of relying on plug-ins, Firefox will be opening PDF files inline using a JavaScript library.

Head over to the roadmap webpage for the full list of planned new features, as we have only covered the more exciting ones. One thing that is clear is that there’s plenty in store for Firefox in 2012. However, a rather disappointing aspect is that most of the new features planned for Firefox are simply stuff that we have already seen in other browsers. If Mozilla really wants to turn the tides and outsmart Chrome, it will probably have to be more innovative.

Mozilla Announces Firefox on Metro for a Touchscreen Optimized Browsing Experience

FirefoxMozilla took way too long to bring Firefox to smartphones, and suffered as a result. It had a go in 2004 with Minimo, but users had to wait until 2011 to get a version of Firefox Mobile that wasn’t slow as a cow and didn’t crash on a whimsy. Not wanting to repeat its earlier mistake, Mozilla has begun working on a Metro-fied version of Firefox for Windows 8 months ahead of the release of Microsoft’s next major operating system.

Firefox on Metro will be a full-screen, touch optimized app built on top of the same Gecko engine that powers Firefox classic. It’s still early days for the project, and Mozilla isn’t providing a lot of information. However, here is what we do know.

  • The feature goal here is a new Gecko based browser built for and integrated with the Metro environment.
  • Firefox on Metro, like all other Metro apps will be full screen, focused on touch interactions, and connected to the rest of the Metro environment through Windows 8 contracts.
  • Firefox on Metro will bring all of the Gecko capabilities to this new environment and the assumption is that Mozilla be able to run Firefox as a Medium integrity app so that it can access all of the win32 Firefox Gecko libraries avoiding a port to the new WinRT API for the bulk of the code.
  • Firefox on Metro is a full-screen App with an Appbar that contains common navigation controls (back, reload, etc.,) the Awesomebar, and some form of tabs.
  • Firefox will have to support three “snap” states — full screen, ~1/6th screen and ~5/6th screen depending on how the user “docks” two full screen apps. The UI will to adjust to show the most relevant content for each size.
  • In order to provide users with access to other content, other apps, and to Firefox from other content and apps, it will integrate with the share contract, the search contract, the settings contract, the app to app picking contract, the print contract, the play to contract, and possibly a couple more. Firefox on Metro will be a source for some, a target for some, and both for some.
  • Mozilla might offer a live tile with user-centric data like friends presence or other Firefox Home information updates
  • Ideally Mozilla will like to be able to create secondary tiles for Web-based apps hosted in Firefox’s runtime.

Mozilla is hoping that Microsoft will allow it to run Firefox as a medium integrity app (like Internet Explorer 10 Metro App). Medium integrity apps typically have more privileges and can load old school Win32 libraries. This will make Mozilla’s task simpler. Even then, Firefox on Metro is expected to hit alpha and beta stages only in the second half of the year. A preview should be ready by the second quarter of 2012.

Chrome 17 Arrives with Pre-fetching and a Host of Security Fixes

ChromeAs per schedule, the stable release of Google Chrome 17 is here. The biggest new feature is omnibox pre-rendering. Google already tries to autocomplete URLs for you as you begin typing in the omnibox, which is Google’s fancy way of referring to Chrome’s addressbar. However, in the latest version, Google will also begin to load the suggested URL in the background, if it believes that you are very likely to visit that website. This creates an illusion of speed by loading the website in advance. The technique itself is not new. In fact, Google’s infamous Web Accelerator heavily relied on pre-fetching to speed up web browsing, and Chrome already pre-fetches some of the search results on

While pre-fetching of content is a great feature for most consumers, it does have its share of disadvantages. If you have a tight data cap, the last thing you want is your browser to waste your bandwidth by loading pages you might not even want to visit. It will also create headaches for webmasters by registering fake hits that will increase bandwidth and server resource consumption, besides messing up analytics. Netscape had earlier experimented with pre-fetching, but it allowed the webmasters to be in control.

The other major new feature is called “Safe Browsing”. Going forward, Google will cross check all downloaded executables against a whitelist of publishers and files. If it doesn’t find a match, it will attempt to determine if the download is safe or not by leveraging a complicated machine learning algorithm. It is worth nothing that this feature sends data about the file along with your IP address to Google. After two weeks, any personally identifiable information (such as IP address) is deleted, and only the file URL is retained on Google’s servers.

Chrome 17 also fixes a grand total of 20 security vulnerabilities. Google awarded a total of $10,500 to security researchers for the discovery of these potential security threats. You can learn more about the security issues patched by Google over here.

The new release can be downloaded from However, Chrome users on the stable channel should be automatically updated to the Chrome 17 during their next browsing session.