Tootfinder

Guard [.] io says a new era of scam complexity is on the way because AI-powered browsers can interact with phishing pages and malicious prompts without human detection.
https://guard.io/labs/scamlexity-we-put-agentic-ai-browsers-to-t…

"Scamlexity": When Agentic AI Browsers Get Scammed
We Put Agentic AI Browsers to the Test - They Clicked, They Paid, They Failed

»AI Browsers Can Be Tricked Into Paying Fake Stores in PromptFix Attack:
The PromptFix attack tricks AI browsers with fake CAPTCHAs, leading them to phishing sites and fake stores where they auto-complete purchases.«
In addition to this fraud and theft, AI fake will certainly become the new propaganda network. This is how people can shirk responsibility.
🤨

AI Browsers Can Be Tricked Into Paying Fake Stores in PromptFix Attack
Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

I was told that `aria-label` now always auto-translates in browsers. The evidence was meh. So I tested and updated:
https://adrianroselli.com/2019/11/aria-label-does-not-translate.html#Update07
Still nope.
Safari only knows 21 la…

aria-label Does Not Translate
As of my 25 July 2025 update at the end of this post, aria-label auto-translation support is less spotty than when I first wrote this post, but still unreliable. It does, actually. Sometimes. One of the big risks of using ARIA to define text content is that it often gets…

I just realised I had been using Firefox long before Chrome was even a twinkle in Google's eye. 🦊
#Browsers #Firefox

I hate it that without even noticing, I've somehow managed to agree to this option being on 😡 ->
How to stop Microsoft Edge from monitoring your Chrome browser history and settings
https://www.pocnetwork.net/tips/how-to-sto

How to stop Microsoft Edge from monitoring your Chrome browser history and settings | Poc Network // Tech
It shouldn't be surprising that any company might be interested in spying on you. Analytics is one of the many ways these companies thrive by learning everything they can about their customers. Including their browsing habits within other browsers, which is exactly what Microsoft Edge browser does. You'd think a browser would be limited to

#XSLT is a programming language for apologising that browsers have removed RSS readers.

Eine Runde Internet-Geschichte, frisch von der Gulaschprogrammiernacht: "Kein Quantum Trost: Wie ein Firefox an einer Chromium-Vergiftung zugrunde ging." Darin: ein unterhaltsamer, historischer Abriss der Geschichte des Web-Browsers von @… Enjoy:

A researcher says 245 extensions on nearly 1M devices are overriding security protections to turn browsers into engines that scrape websites for a paid service (Dan Goodin/Ars Technica)
https://arstechnica.com/security/2025/

Browser extensions turn nearly 1 million browsers into website-scraping bots
Extensions load unknown sites into invisible Windows. What could go wrong?

Chrome für Android: Adressleiste lässt sich nach unten verschieben
Wer möchte, kann die Adressleiste des Chrome-Browsers auf dem Android-Handy nun auch nach unten verlegen. Das lange angekündigte Update ist nun verfügbar.

WAMI: Compilation to WebAssembly through MLIR without Losing Abstraction
Byeongjee Kang, Harsh Desai, Limin Jia, Brandon Lucia
https://arxiv.org/abs/2506.16048

WAMI: Compilation to WebAssembly through MLIR without Losing Abstraction
WebAssembly (Wasm) is a portable bytecode format that serves as a compilation target for high-level languages, enabling their secure and efficient execution across diverse platforms, including web browsers and embedded systems. To improve support for high-level languages without incurring significant code size or performance overheads, Wasm continuously evolves by integrating high-level features such as Garbage Collection and Stack Switching. However, existing compilation approaches either lack…

weee… I can finally stop serving WebP images! 🥳
Just in time when I have to start worrying about JPEG XL. 🤪
https://caniuse.com/avif

Protect your privacy – browsers and search engines
 
Surveillance has always been a core part of fascist regimes. This is still true today, but is even more dangerous due to new data aggregation and AI technologies. The Internet sites you visit and the things you search for become a part of the larger surveillance database of your activities. You can take action now to reduce the risk to yourself, your friends and your loved ones while you browse the Internet. You should start now …

For people doing web perf
Links? Links! - Infrequently Noted
#rss

I tried DuckDuckDo again these days for no reason in special. To my surprise, the search experienced there is much better than Google's. Not only there is less crap in the page, the results seemed even more relevant. It feels as good as old Google.
DuckDuckGo is now the default search engine in my personal browsers.

OpenAI is preparing to launch a new AI-powered web browser that could significantly shake up the digital landscape dominated by Alphabet's Google Chrome.
https://www.computing.co.uk/news/2025/ai/openai-perplexity-b…

OpenAI, Perplexity browsers present direct challenge to Google Chrome's dominance
OpenAI is preparing to launch a new AI-powered web browser that could significantly shake up the digital landscape dominated by Alphabet's Google Chrome.

I dislike many decisions Google has made lately. The decision to deprecate XSLT in browsers isn't one of them.

This interested me because of my history with XSLT and how the WHATWG ‘discussion’ to remove it devolved:
https://www.igalia.com/chats/xslt-liam
WHATWG issue:

RIP XSLT? | Igalia
Igalia is an open source consultancy specialised in the development of innovative projects and solutions. Our engineers have expertise in a wide range of technological areas, including browsers and client-side web technologies, graphics pipeline, compilers and virtual machines. We have the most WPE, WebKit, Chromium/Blink and Firefox expertise found in the consulting business, including many reviewers and committers. Igalia designs, develops, customises and optimises GNU/Linux-based solutions f…

Sources: Perplexity talked with The Browser Co. and Brave about buying them, offering ~$1B for Brave; OpenAI also discussed an acquisition with The Browser Co. (The Information)
https://www.theinformation.com/articles/wild-chrome-bid-perplexity-hunting-bro…

Before Wild Chrome Bid, Perplexity Had Been Hunting for Browsers
Perplexity made headlines this week when the artificial intelligence startup said it had offered to buy Google’s Chrome, the world’s largest internet browser, for a price amounting to nearly double its valuation. While that acquisition seems unlikely to transpire, the company has been on the ...

According to the TidBITS article “A Roundup of Vertical Tab Support in Mac Web Browsers” <https://tidbits.com/2023/06/05/a-roundup-of-vertical-tab-support-in-mac-web-browsers/>, Safari supports vertical tabs since version 16.
I did not know it!
I don’t seem to be able to get the Safari vertical tabs to work though.
I can see the list of tabs in the Sidebar.
I also have the tabs displays horizontally at the top of the window (in both Separate or Compact mode).
I was expecting no tabs at the top when using vertical tabs. Is that not what you’d expect when thinking about vertical tabs?

Dia: Neuer KI-Browser der Arc-Macher geht in die Betaphase
Die Macher des Arc-Browsers haben ihren zweiten Browser als Betaversion freigegeben. Bei Dia liegt der Fokus auf KI. 
https://www.

Ladybird
#browsers

When I'm on the road and set up Airplay from my Mac on the random “smart” TV in the hotel/Airbnb/etc, about half the time my browsers lose the ability to play video. Searching the Internet turns up many similar problems, but not this one. Happens all the time. This just a well-known fail?
#MacOS #airplay

Anubis verifies that any visitor to a site is a human using a browser as opposed to a bot.
🍿One of the ways it does this is by making the browser do a type of cryptographic math with JavaScript or other subtle checks that browsers do by default but bots have to be explicitly programmed to do.
This check is invisible to the user, and most browsers since 2022 are able to complete this test.
In theory, bot scrapers could pretend to be users with browsers as well, but the ad…

The Open-Source Software Saving the Internet From AI Bot Scrapers
Anubis, which block AI scrapers from scraping websites to death, has been downloaded almost 200,000 times.

Caught in the Game: On the History and Evolution of Web Browser Gaming
#history

Navigating Cookie Consent Violations Across the Globe
Brian Tang, Duc Bui, Kang G. Shin
https://arxiv.org/abs/2506.08996 https://arxi…

Navigating Cookie Consent Violations Across the Globe
Online services provide users with cookie banners to accept/reject the cookies placed on their web browsers. Despite the increased adoption of cookie banners, little has been done to ensure that cookie consent is compliant with privacy laws around the globe. Prior studies have found that cookies are often placed on browsers even after their explicit rejection by users. These inconsistencies in cookie banner behavior circumvent users' consent preferences and are known as cookie consent violation…

from my link log —
Bootstrapping HTTP/1.1, HTTP/2, and HTTP/3.
https://www.netmeister.org/blog/http-123.html
saved 2025-05-29 http…

Bootstrapping HTTP/1.1, HTTP/2, and HTTP/3
How do we get from HTTP/1.1 all the way to 11... I mean, to HTTP/3? Let's look at the path browsers take.

Scala.js
#scala

Howdy! 🤓 How do you all handle native #CSS Nesting at the moment? Are you using it already? And if so, are you just targeting newer browsers that support it? Or are you using PostCSS, for example?
Asking for a friend who has reduced his build process to the max (nothing but a little esbuild script) and is now hesitating to add PostCSS again… 😉

\texttt{WebANNS}: Fast and Efficient Approximate Nearest Neighbor Search in Web Browsers
Mugeng Liu, Siqi Zhong, Qi Yang, Yudong Han, Xuanzhe Liu, Yun Ma
https://arxiv.org/abs/2507.00521

\texttt{WebANNS}: Fast and Efficient Approximate Nearest Neighbor Search in Web Browsers
Approximate nearest neighbor search (ANNS) has become vital to modern AI infrastructure, particularly in retrieval-augmented generation (RAG) applications. Numerous in-browser ANNS engines have emerged to seamlessly integrate with popular LLM-based web applications, while addressing privacy protection and challenges of heterogeneous device deployments. However, web browsers present unique challenges for ANNS, including computational limitations, external storage access issues, and memory utiliz…

Wow, #Subway. Just wow.
Tried on two browsers.

@… @… @… still not relevant, even MS Edge has nowadays tracking blockers built-in. All browsers except Chrome.

How to Favicon in 2025: Three files that fit most needs
It’s time to rethink how we cook a set of favicons for modern browsers and stop the icon generator madness. Frontend developers currently have to deal with 20 static PNG files just to display a tiny website logo in a browser tab or on a touchscreen. Read on to see how to take a smarter approach and adopt a minimal set of icons that fits most modern needs.
🖌️

How to Favicon in 2025: Three files that fit most needs—Martian Chronicles, Evil Martians’ team blog
Prefer SVG over PNG, trust browsers to downscale, drop obscure formats—the ultimate, exhaustive guide to favicons for modern web. Includes steps for static HTML and Webpack.

Researchers found that both #Meta snd #Yandex link(ed) IDs between browsers and their native apps by local communication on #Android devices.
E.g. the

I have nothing useful to add, except that this used to be a feature of some browsers.
https://toot.cat/@jamey/114960843294349709

It would benefit all #Firefox-based browsers if #TorBrowser implemented privacy-preserving #VerticalTabs.
(Size-adjustable sidebars inevitably resize the viewport, resulting in odd wid…

Unpopular opinion (yes, I know y'all going to ban me now): #Microsoft #Teams is not the worst videoconferencing tool I've used at dayjob.
#Slack: tested screen sharing before the job interview using the browser. During the interview it turned out that the test mode is different than the actual "huddle", and had to install the app real quick.
#Google Meet: "Meet doesn't work on your browser". Tells me to install one of the support browsers, e.g. #Firefox. Except that I'm using Firefox. 🤦
#Zoom: "install our app".
Teams: miraculously just worked.

Der Arc Browser war zwei Jahre lang mein Standardbrowser, bis ihr lascher Umgang mit Security-Issues mich zu einem Wechsel führte. Das war wohl ein guter Entscheid …
Letter to Arc members 2025 https://browsercompany.substack.com/p/letter-to-arc-members-2025…

The @… recently released version 3 of the #PNG spec more than 2 decades after version 2 was released in 2003. The new spec largely makes official various extensions already in use like animated PNGs, HDR support, and EXIF metadata, so many browsers and graphics apps already largely suppo…

File Input within a Dialog cause Dialog to close when File Input is cancelled
I'm confused why is this a thing?
#webdev #browsers #firefox

I get why browsers don’t support native markdown — then where would all the ads and tracking go? But it kind of makes me want to make a minimal little browser that registers for mdtp:// and just renders markdown fetched via http. Probably wouldn’t be viable without the ability to detect the presence of an installed app that handles it and a graceful fallback path, sadly.

You probably know I get frowny when browser makers lie about support or pretend their late implementation of a feature is somehow new, so I am suffering from a bunch of confirmation bias (and validation) here:
“Safari at WWDC '25: The Ghost of Christmas Past”
https://infrequently.org/2025…

Safari at WWDC '25: The Ghost of Christmas Past
Alex Russell on browsers, standards, and the process of progress.

My understanding is that Apple allows others browsers using their own engine on iOS. Is that correct?
If it is correct, does any of the currently available browsers use their own engine (and not the Webkit one)?

WebChoreArena: Evaluating Web Browsing Agents on Realistic Tedious Web Tasks
Atsuyuki Miyai, Zaiying Zhao, Kazuki Egashira, Atsuki Sato, Tatsumi Sunada, Shota Onohara, Hiromasa Yamanishi, Mashiro Toyooka, Kunato Nishina, Ryoma Maeda, Kiyoharu Aizawa, Toshihiko Yamasaki
https://arxiv.org/abs/2506.01952

WebChoreArena: Evaluating Web Browsing Agents on Realistic Tedious Web Tasks
Powered by a large language model (LLM), a web browsing agent operates web browsers in a human-like manner and offers a highly transparent path toward automating a wide range of everyday tasks. As web agents become increasingly capable and demonstrate proficiency in general browsing tasks, a critical question emerges: Can they go beyond general browsing to robustly handle tasks that are tedious and complex, or chores that humans often avoid doing themselves? In this paper, we introduce WebChore…

Minor cleanup on my #Linux laptop. Removed Chrome from the list of apps installed. Browsers are #vivaldi, #tor and

If you’re asking yourself … How to Favicon in 2025?!?, this post by @… has you covered:
https://evilmartians.com/chronicles/ho

How to Favicon in 2025: Three files that fit most needs—Martian Chronicles, Evil Martians’ team blog
Prefer SVG over PNG, trust browsers to downscale, drop obscure formats—the ultimate, exhaustive guide to favicons for modern web. Includes steps for static HTML and Webpack.

HTML is Dead, Long Live HTML
Rethinking DOM from first principles
Cover Image: Browsers are in a very weird place. While WebAssembly has succeeded, even on the server, the client still feels largely the same as it did 10 years ago.
🌐 https://acko.net/blog/html-is-dead-long-live…

HTML is Dead, Long Live HTML
Rethinking DOM from first principles

Researchers detail a technique Meta uses to glean some of its logged-in users' browsing histories from Chromium-based browsers on Android via web identifiers (Dan Goodin/Ars Technica)
https://arstechnica.com/security/2025/06/headline-to-come/

Meta and Yandex are de-anonymizing Android users’ web browsing identifiers
Abuse allows Meta and Yandex to attach persistent identifiers to detailed browsing histories.

A Systematization of Security Vulnerabilities in Computer Use Agents
Daniel Jones, Giorgio Severi, Martin Pouliot, Gary Lopez, Joris de Gruyter, Santiago Zanella-Beguelin, Justin Song, Blake Bullwinkel, Pamela Cortez, Amanda Minnich
https://arxiv.org/abs/2507.05445

A Systematization of Security Vulnerabilities in Computer Use Agents
Computer Use Agents (CUAs), autonomous systems that interact with software interfaces via browsers or virtual machines, are rapidly being deployed in consumer and enterprise environments. These agents introduce novel attack surfaces and trust boundaries that are not captured by traditional threat models. Despite their growing capabilities, the security boundaries of CUAs remain poorly understood. In this paper, we conduct a systematic threat analysis and testing of real-world CUAs under adversa…

It’s interesting to see where browsers tap out when counting stuff.
When I was testing heading levels, I found Firefox & Safari go to 2,147,483,647 while Chromium only goes up to 9.
https://mastodon.social/@Meyerweb/114988548324732580

Drove through the Blackwall Tunnel to Greenwich and back to Islington yesterday.
South of the river it's all 30MPH speed limits and everything feels too fast and scary compared to the sedate and pedestrian-friendly 20MPH limits in the north.
Since I last went through it, it seems the Blackwall tunnel has added a toll.
The TFL website for setting up to pay the tolls is absolutely awful. Failed in Librewolf, Failed in Firefox. Failed because VPN. Took me four attempts in three different browsers to get it to take payment card details.
Demands *no* special characters in the password?!? And doesn't even tell you what the specific problem with the password is, just "doesn't meet the rules above"
Uses awful validation questions like "mothers maiden name". Bad enough practice to use them at all, but the "memorable date" question restricts to ddmmyy format so you can't even put in a date from outside this century.
For some reason asks for a PIN and and Password both!? Pointless. Then actually refuses the login form if you supply both!?

Setting up the auto-payment doesn't seem to have covered the charges added to the registration plate yesterday, so had to do the payment-details entering yet again to deal with yesterday's charges.
Email validation message contains the link only in the HTML of the email, not the text version, so viewed in Mutt it has no link.
And this all seems to be separate from the Dartford Crossing charge, which had a less crappy but still pretty crappy signup.
Good god council programmers suck at web-dev.
#driving #london #tfl #blackwallTunnel #greenwich

Legion, a security operations center that uses AI to detect threats within users' computer browsers, emerges from stealth with a $38M seed and Series A (Alexandra Sternlicht/Fortune)
https://fortune.com/2025/07/30/legion-cybersecurity-st…

Cybersecurity upstart Legion emerges from stealth with $38 million from Accel, Coatue, and others
This also marks the U.S. launch of VC firm Picture Capital, who co-led the round.

🛠️ Supports multiple browsers: #Firefox #Chrome #TorBrowser #Edge