Third party cookies to be disabled in Chrome by 2024
Massive vulnerability in Windows certificate verification, patch imminent
Norwegians outline all the data being collected & shared by apps you think are private
Music suitable for listening to while you use a computer
Cheap SanDisk 64GB flash drive, Senheiser HD 6XX headphones, Tile Sport Bluteooth tracker, Canon EOS M6 kit, Ryzen 9 3900X CPU
Google announced that over the next two years it will phase out support for third party cookies in Chrome. These are the particularly nasty cookies that allow advertisers to track users across the internet that Safari and Firefox have already disabled support for. I reckon the reason why Google is comfortable doing this is because most advertisers have moved on from third party cookie tracking to more advanced stuff like fingerprinting. If anything, it probably benefits Google that advertisers are forced to use some other tracking method so the quality of advertisements improves, meaning more money for Google.
Microsoft has released a patch for a significant vulnerability discovered by the NSA that would "allow an attacker to spoof a certificate, making it look like it came from a trusted source". According to Arstechnica, the "vulnerability is in the component of Windows' cryptography library that validates X.509 certificates, somehow bypassing the chain of trust used to validate the certificate" - this has implications like being able to do man-in-the-middle attacks for HTTPS websites, fake signed emails and pretend that a piece of malware is a legit app. No reports of the exploit being used in the wild, but its only a matter of time.
The Norwegian Consumer Council has discovered that apps containing very private information, like dating apps and period trackers are sending way more data than you think to ad-tech companies, who are then sharing that data with anyone that pays for it. For example, Grindr sends your GPS co-ordinates, IP address, "relationship type" and your Advertising ID to a company called Braze, who then shares that info with other companies like Dominos and AT&T. Braze also sucks in data to "personal questions" from OkCupid that are then linked to your Advertising ID. I knew this kinda shit was happening, but the scale of it outlined in the Norwegian report (the table on page 7) surprised me.
Most of you are back at work by now, sitting at your computer, hopefully doing something constructive. Some of you are unfortunately in open plan offices and use noise cancelling headphones to drown out your annoying colleagues. If you're struggling for tunes to listen to whilst also managing to work, Music For Programming might be of assistance. They are a "series of mixes intended for listening while '+task+' to aid concentration and increase productivity (also compatible with other activities)". I listened to the Datassette playlist whilst writing today's issue and it was alright.
SanDisk Ultra 64GB USB 3.0 flash drive - $12 at Harvey Norman
Sennheiser HD 6XX open back headphones - $279 at Addicted to Audio
Tile Sport Bluetooth tracker - $24.95 at JB Hi-Fi
Canon EOS M6 digital camera with 15-45mm lens - $524.31 on Amazon AU
AMD Ryzen 9 3900X CPU - $598.59 from FTC Computers eBay store
🎶 Seasons (Waiting On You) - Future Islands
😁 The Sizzle is curated by Anthony "@decryption" Agius and emailed every weekday afternoon. Join us on Slack and chat with other Sizzle subscribers.
The Sizzle is created on Wathaurong land and acknowledges the traditional owners of country throughout Australia, recognising their continuing connection to land, water and community. I pay my respect to them and their cultures and to elders both past and present.