DuckDuckGo takes aim at Google Chrome but insists it isn't going to fork Google's Chromium project upon which Chrome, Edge, and others are built. Privacy-focused search engine DuckDuckGo has offered a first look at its forthcoming desktop "browsing app" that promises simple default privacy settings. DuckDuckGo CEO Gabriel Weinberg details its desktop browser in a blog post recapping its milestones for 2021, including 150 million downloads of its all-in-one privacy apps for iOS and Android, and Chromium extensions. Weinberg attempts to distinguish the DuckDuckGo desktop browser from the likes of Chromium-based Brave and Mozilla Firefox by arguing it is not a "privacy browser". Instead, it's just a browser that offers "robust privacy protection" by default and works across search, browsing, email, and more. "It's an everyday browsing app that respects your privacy because there's never a bad time to stop companies from spying on your search and browsing history," writes Weinberg. Weinberg offers a few clues about the internals underpinning the DuckDuckGo desktop browser or "app" as he calls it, but also leaves out a lot of details. He says it won't be based on Chromium, the open-source project underpinning Google Chrome, Microsoft Edge, Brave, Vivaldi, and about 30 other browsers. "Instead of forking Chromium or anything else, we're building our desktop app around the OS-provided rendering engines (like on mobile), allowing us to strip away a lot of the unnecessary cruft and clutter that's accumulated over the years in major browsers," explains Weinberg. It's not clear what desktop OS-provided rendering engines he's referring to but it's not a trivial task to build a desktop browser without Chromium's Blink rendering engine. Just ask Microsoft, which launched its Chromium-based Edge browser last year. Apple meanwhile uses WebKit for Safari on desktop and requires all non-Safari browsers on iOS, including Chrome, to use WebKit for iOS. ZDNet has asked DuckDuckGo for clarification, but DuckDuckGo's communications manager Allison Johnson has provided some details to The Verge about the rendering engines. "macOS and Windows both now offer website rendering APIs (WebView/WebView2) that any application can use to render a website. That's what we've used to build our app on the desktop," said Johnson. Microsoft's implementation of WebView2 in Windows allows developers to embed web technologies such as HTML, CSS, and JavaScript in native Windows apps. WebView2 on Windows uses Microsoft Edge as the rendering engine to display websites in those apps. "We're building the desktop app from the ground up around the OS-provided rendering APIs. This means that anything beyond website rendering (e.g., tabs & bookmark management, navigation controls, passwords, etc.) we have to build ourselves," said Johnson. So, the DuckDuckGo browser rendering will rely on Edge/Chromium for Windows, and Safari/Webkit on macOS, The Verge notes. Johnson highlighted that approach isn't forking Chromium. A clear example of forking a project is Google's creation of Blink, where it used the open-source code behind the WebKit rendering engine (that Google and Apple had previously maintained), and then built its own web-rendering engine for Chromium. However DuckDuckGo releases its new desktop browser, Weinberg assures that "compared to Chrome, the DuckDuckGo app for desktop is cleaner, way more private, and early tests have found it significantly faster too!" Follow this and more by visiting OUR FORUM.

Suspicions about the integrity of Huawei products among US government officials can be attributed in part to a 2012 incident involving a Huawei software update that compromised the network of a major Australian telecom company with malicious code, according to a report published by Bloomberg. The report, based on interviews with seven former officials, some identified and some not, says that Optus, a division of Singapore Telecommunications Ltd., had its systems compromised through a malicious update in 2012 – a claim the company disputes. "The update appeared legitimate, but it contained malicious code that worked much like a digital wiretap, reprogramming the infected equipment to record all the communications passing through it before sending the data to China, [the sources] said," Bloomberg's report explains. After several days, the snooping code reportedly deleted itself, but Australia's intelligence services decided China's intelligence services were responsible, "having infiltrated the ranks of Huawei technicians who helped maintain the equipment and pushed the update to the telecom’s systems." Australian intelligence is said to have shared details about the incident with American intelligence agencies, which subsequently identified a similar attack from China using Huawei hardware in the US. The report seeks to provide an evidentiary basis for efforts by the US and other governments to shun Huawei hardware amid global 5G network upgrades and to give that business to non-Chinese firms. Notably absent is any claim that Huawei leadership knew of this supposed effort to subvert Optus' network. "Bloomberg didn’t find evidence that Huawei’s senior leadership was involved with or aware of the attack," the report says. In short, the claim is that China's intelligence agencies compromised an Australian network by placing agents within Huawei, ongoing risk for any number of prominent global technology firms. China has denied "Australia's slander." It's perhaps worth noting that The Register is unaware of any nation owning up to recent intelligence activities. Even Russian President Vladimir Putin, faced with compelling evidence unearthed by investigative news service Bellingcat of the FSB's attempt to poison political opposition leader Alexey Navalny, denied that Russian agents had anything to do with Navalny's near-fatal poisoning. But the statement from China's Ministry of Foreign Affairs is unusual in that it suggests mutual guilt more than wounded innocence: "Australia’s slander on China carrying out cyberattacks and espionage penetration is purely a move like a thief crying to catch a thief." Even so, Huawei's guilt or innocence as it applies to helping China spy is largely irrelevant. As far as the US is concerned, Huawei can't be trusted because the Chinese government could, in theory, make demands the company could not refuse. The feds are worried about precrime, to use the terminology of Philip K. Dick's Minority Report, a story about a police unit that apprehends people predicted to commit crimes. The US Federal Communications Commission recently used future concerns, alongside past behavior and secret accusations, to ban another Chinese firm from operating in the US. In October, the FCC announced that China Telecom Americas could no longer do business in America. The agency said it based its decision [PDF] partly on classified evidence provided by national security agencies. But it also said "the totality of the extensive unclassified record alone" was sufficient to justify its decision. The agency concluded that China Telecom Americas could potentially be forced to comply with Chinese government requests and company officials have demonstrated a lack of candor and trustworthiness to US officials. And trust is key. The changeable nature of software and the possibility of concealed hardware functions make it inherently risky to accept IT systems from untrusted sources. The risk can be mitigated through source code inspection, auditing, and other precautions, but not completely. Go in-depth by visiting OUR FORUM.