Ernesto, writing for TorrentFreak: With help from iknowwhatyoudownload we looked at over 25 million logged BitTorrent connections on a single day last week. This reveals that more than two-thirds (68.6%) of these were using uTorrent's desktop version. The vast majority of these users were updated to the most recent 3.5.5 release, but dozens of older versions are in use as well. Although no longer officially supported, there are also hundreds of thousands of people who still use uTorrent for Mac.

The most popular Mac client, however, appears to be Transmission. This is a notable change compared to a decade ago when its market share was much lower. Although Transmission also has a beta Windows release, that userbase is believed to be relatively small. Below is an overview of all software with at least 0.1% market share -- which translates to roughly 25,000 logged connections.

A sizeable number of Mac users are experiencing occasional system crashes after updating to macOS Catalina version 10.15.4, released a few weeks ago. From a report: The crashing issue appears to be most prominent when users attempt to make large file transfers. In a forum post, SoftRAID described the issue as a bug and said that it is working with Apple engineers on a fix for macOS 10.15.5, or a workaround. "SoftRAID said the issue extends to Apple-formatted disks: There is a serious issue with 10.15.4. It shows up in different scenarios, even on Apple disks but is more likely when there are lots of IO threads. We think it is a threading issue. So while SoftRAID volumes are hit the hardest (it's now hard to copy more than 30GB of data at a time), all systems are impacted by this. In our bug report to Apple, we used a method to reproduce the problem with ONLY Apple formatted disks. Takes longer to reproduce, but that is more likely to get a faster fix to the user base."

Part of America's Department of Homeland Security, the Cybersecurity and Infrastructure Security Agency (CISA) "has advised users to update Google Chrome as new high-rated security vulnerabilities have been found," reports Forbes: In an April 1 posting, CISA confirmed that Google Chrome version 80.0.3987.162 "addresses vulnerabilities that an attacker could exploit to take control of an affected system," be that Windows, Mac or Linux. It went on to state that it "encourages" users and administrators to apply the update. It's not just CISA that is warning about the need to update Google Chrome. The Center for Internet Security (CIS) is a non-profit entity that works to safeguard both private and public organizations against cyber threats. In a multi-state information sharing and analysis center (MS-ISAC) advisory, it has also warned of multiple vulnerabilities in Google Chrome.

The most severe of these could allow an attacker to achieve arbitrary code execution within the context of the browser... All it would take for an attacker to exploit the vulnerabilities is to get the user to visit, by way of a phishing attack or even redirection from a compromised site, a maliciously crafted web page.
Beside three high-rated vulnerabilities, Forbes reports that "a further five security vulnerabilities were discovered by the Google internal security team using a combination of internal audits and fuzzing."

Zoom's troubled year just got worse. From a report: Now that a large portion of the world is working from home to ride out the coronavirus pandemic, Zoom's popularity has rocketed, but also has led to an increased focus on the company's security practices and privacy promises. Hot on the heels of two security researchers finding a Zoom bug that can be abused to steal Windows passwords, another security researcher found two new bugs that can be used to take over a Zoom user's Mac, including tapping into the webcam and microphone. Patrick Wardle, a former NSA hacker and now principal security researcher at Jamf, dropped the two previously undisclosed flaws on his blog Wednesday, which he shared with TechCrunch. The two bugs, Wardle said, can be launched by a local attacker -- that's where someone has physical control of a vulnerable computer. Once exploited, the attacker can gain and maintain persistent access to the innards of a victim's computer, allowing them to install malware or spyware.

iFixit tore apart the updated MacBook Air and found that Apple made a few changes making for a more repairable notebook than the last generation. All in all, the new 2020 MacBook Air got a 4/10 repairability score from iFixit, which is one point higher than the previous-gen model which scored 3/10. 9to5Mac reports: iFixit highlights in its full teardown that the update to the reliable Magic Keyboard only added 0.5mm to the thick end of the new MacBook Air... a more than worth it trade-off: "More than anything, that 0.5 mm illustrates the sheer unnecessary-ness of the five painful years that Mac fans spent smashing on unresponsive butterfly keyboards. Knowing that Apple's thinnest-and-lightest notebook accommodates a scissor-switch keyboard so gracefully makes us wonder what it was all for. We understand as well as anyone the urge to fix things, but Apple's insistence on reworking and re-reworking the troubled butterfly design came at such a high cost -- financially, environmentally, and to the Mac's reputation -- and for what? We'll probably never know all the factors that led to the creation and persistence of the butterfly keyboard, but this Magic keyboard is a reminder that sometimes the difference between usable and unusable, or repairable and unrepairable, can be as small as half a millimeter."

Past the keyboard update, iFixit found a nice improvement to how Apple has implemented the trackpad cable: "Where last year the trackpad cables were trapped under the logic board, they are now free to be disconnected anytime -- meaning trackpad removal can happen as soon as the back cover comes off. And since the battery rests under these same cables, this new configuration also greatly speeds up battery removal by leaving the logic board in place. That's two very tasty birds, one stone, for those of you counting. This is one of those happy (but all too rare) occasions where we can identify a hardware change from Apple that's squarely aimed at improving serviceability in the existing design. Sometimes they do listen!"

Apple today officially released versions 13.4 of iOS, iPadOS, and tvOS to the public, alongside macOS 10.15.4 and watchOS 6.2. While many of their improvements are minor, there are a few standout features across the updates. From a report: One of the most noteworthy additions is a dramatic expansion of iPadOS 13's prior trackpad and mouse support, which was limited solely to an Accessibility option before evolving to full system-wide support across all iPad models capable of running iPadOS 13.4. Now, keyboard-trackpad hybrids (such as the upcoming Magic Keyboard for iPad), standalone trackpads, and standalone mice can create a cursor that highlights and selects on-screen text and objects, paving the way for more Mac-like apps on Apple's tablets. Another major improvement is cross-platform support for a new universal app purchase option, enabling a single app developed using Apple's shared Catalyst framework to be purchased and run across Macs, iPhones, iPads, and Apple TVs. This feature went live for developers yesterday, and it uses the iOS App Store as the base for universal apps. Standalone Mac App Store app listings will likely need to be abandoned for the transition to universal apps.

Remember how Apple closed all of its stores outside China? It's preventing some customers from picking up their repaired devices, according to 9to5Mac: As we noted last week, Apple Stores remained partially open for two days following the shutdown announcement. During this time, Apple contacted customers with pending device repairs and asked them to come pick up their products. Inevitably, some customers missed this opportunity. An Apple spokesperson told Business Insider that there's no way for customers who missed the two-day pickup period to get their devices:

Some customers did not pick up their devices within the two-day pickup period, and those devices are still in Apple Stores, the spokesperson said. Unfortunately for those who missed the pickup window, there's no way for them to get their devices until Apple Stores re-open, the spokesperson said....

It's also important to note that devices sent offsite for repair, whether it be iPhone, iPad, Mac, or Apple Watch, are still being returned to customers via shipment. In a normal scenario, Apple would ship the repaired devices back to retail stores, then customers would come pick them up. During the Apple Store shutdown, however, devices are being shipped directly from repair centers to customers instead.

An anonymous reader quotes a report from The Wall Street Journal: New York City is working with the hospitality industry to possibly convert entire hotels into hospitals for patients without the novel coronavirus, in an effort to increase capacity at medical facilities as the outbreak grows. The city's emergency management commissioner, Deanne Criswell, said in an interview Wednesday that hotels could be vital as New York City needs more beds to treat those with Covid-19. The hotels would be for "those non-Covid patients who are really minor but need care," she said. It couldn't be determined how many beds would be immediately available for these patients or how much the city would pay hotels.

The city currently uses hotels for some quarantine, and could use them to house health-care workers who need places to stay, Ms. Criswell said. With the city's tourism industry hit by the virus, many hotels are now empty, she added. New York City has 1,339 confirmed cases of the virus as of Wednesday afternoon, with 10 deaths. City officials also hope to turn the Jacob K. Javits Convention Center in Manhattan into a large hospital, using federal medical stations, according to Ms. Criswell. Mayor Bill de Blasio said earlier this week the city had an additional 1,300 beds by reopening closed hospitals and other facilities, including Roosevelt Island's Coler hospital, a city hospital that was no longer in use. A recently built nursing home in Brooklyn will also be used to hold 600 beds, and two Bronx hospitals with more than 100 beds will also be available, according to Mr. de Blasio. To make more space, the city is also discharging patients that can leave hospitals, canceling elective surgeries, and building more capacity within hospitals. Earlier today, the U.S. and Canada announced it will suspend non-essential travel between the two countries to prevent the spread of the virus. This comes two days after Canada closed its borders to non-citizens with exceptions for U.S. citizens, air crews and diplomats.

The U.S. is also ordering Fannie Mae and Freddie Mac to suspend foreclosures and evictions for at least 60 days.

Mozilla today launched Firefox 74 for Windows, Mac, and Linux. Firefox 74 includes stricter rules for add-ons, TLS 1.0 and TLS 1.1 disabled by default, and a handful of developer features.

According to code seen by 9to5Mac, Apple is set to roll out rich system-wide support for mouse cursors with iOS 14. From a report: Apple added rudimentary compatibility with external mice in iOS 13 Accessibility settings, but iOS 14 (iPadOS 14) will make it mainstream. The iOS 14 build also referenced two new Smart Keyboard models in development. The changes coming to the software will bring most of the cursor features you recognize from a Mac desktop experience to iOS. One difference may be that the pointer disappears automatically after a few seconds of not touching the connected mouse or trackpad, a concession to the touch-first experience of the iPad. It would reappear when the user attempts to move the cursor again.

This includes support for multiple pointers depending on what is being hovered over, like switching from a standard arrow pointer to a pointing hand when hovering over links. It is possible these APIs could then automatically translate over to Mac apps using Catalyst, which currently lacks an API for changing mouse cursor type. Apple is also developing support for Mac-like gesture, like tap with two fingers to right-click.

"New academic research published last month looked at the phone-home [telemetry] features of six of today's most popular browsers and found that the Brave browser sent the smallest amount of data about its users back to the browser maker's servers," reports ZDNet: The research, conducted by Douglas J. Leith, a professor at Trinity College at the University of Dublin, looked at Google Chrome, Mozilla Firefox, Apple Safari, Brave, Microsoft Edge (the new Chromium-based version), and the Yandex Browser.

"In the first (most private) group lies Brave, in the second Chrome, Firefox, and Safari, and in the third (least private) group lie Edge and Yandex...." [T]he professor found evidence that Chrome, Firefox, and Safari all tagged telemetry data with identifiers that were linked to each browser instance. These identifiers allowed Google, Mozilla, and Apple to track users across browser restarts, but also across browser reinstalls...

[T]he most intrusive phoning-home features were found in the new version of Microsoft Edge and the official Yandex Browser. According to Prof. Leith, both used unique identifiers that were linked to the device's hardware, rather than the browser installation. Tracking users by hardware allows Microsoft and Yandex to follow users across installations and potentially link browser installs with other apps and online identities. The professor said that Edge collected the hardware UUID of the user's computer, an identifier that cannot be easily changed or deleted without altering a computer's hardware. Similarly, Prof. Leith also found that Yandex transmitted a hash of the hardware serial number and MAC address to its backend servers.

"As far as we can tell this behaviour [in Edge and Yandex] cannot be disabled by users," the professor said.
The article also points out that Brave was the only browser that didn't use search autocomplete functionality to collect and send back information on a user's visited web pages. (Even though this can be disabled in Firefox, Chrome, and Safari, it's on by default.)

But Edge and Yandex "also sent back information about visited web pages that did not appear to be related to the search autocomplete feature, suggesting the browsers had other ways to track users' browsing habits."

J. Fergus, writing for Input: Someone finally did it. We can now follow who we want on our own terms and get that information chronologically. Fraidycat is an app and browser extension that allows just that. Though it launched in November 2019, Fraidycat recently got a massive update, widening its compatibility and adding a dark mode. The open-source tool, brought to you by Kicks Condor, is available for Linux, Mac, and Windows in addition to Mozilla Firefox and Chrome as an extension. Fraidycat definitely pulls from RSS feeds more easily, but it also works on Twitter, Instagram, and SoundCloud. You drop the link to the account you'd like to follow -- from Medium bloggers to Twitch streamers to vision board Pinterest-ers -- and set how frequently you'd like to see their posts. Label it, hit save, and posts will appear as often as you'd like. The recent update notably folds Kickstarter into the mix and collapses Twitter threads for readability.

Malware developers are always trying to outdo each other with creations that are stealthier and more advanced than their competitors'. At the RSA Security conference last week, a former hacker for the National Security Agency demonstrated an approach that's often more effective: stealing and then repurposing a rival's code. From a report: Patrick Wardle, who is now a security researcher at the macOS and iOS enterprise management firm Jamf, showed how reusing old Mac malware can be a smarter and less resource-intensive approach for deploying ransomware, remote access spy tools, and other types of malicious code. Where the approach really pays dividends, he said, is with the repurposing of advanced code written by government-sponsored hackers. "There are incredibly well-funded, well-resourced, very motivated hacker groups in three-letter agencies that are creating amazing malware that's fully featured and also fully tested," Wardle said during a talk titled "Repurposed Malware: A Dark Side of Recycling." "The idea is: why not let these groups in these agencies create malware and if you're a hacker just repurpose it for your own mission?" he said.

To prove the point, Wardle described how he altered four pieces of Mac malware that have been used in in-the-wild attacks over the past several years. The repurposing caused the malware to report to command servers belonging to Wardle rather than the servers designated by the developers. From there, Wardle had full control over the recycled malware. The feat allowed him to use well-developed and fully featured applications to install his own malicious payloads, obtain screenshots and other sensitive data from compromised Macs, and carry out other nefarious actions written into the malware.

Mozilla will add a new security sandbox system to Firefox on Linux and Firefox on Mac. The new technology, named RLBox, works by separating third-party libraries from an app's native code. From a report: This process is called "sandboxing," and is a widely used technique that can prevent malicious code from escaping from within an app and executing at the OS level. RLBox is an innovative project because it takes sandboxing to the next level. Instead of isolating the app from the underlying operating system, RLBox separates an app's internal components -- namely its third-party libraries -- from the app's core engine. This technique prevents bugs and exploits found inside a third-party library from impacting another project that uses the same library.

Ming-Chi Kuo is out with a new analyst note today and the most interesting part of his forecast is that Apple will release its first Mac with an ARM processor in the first half of 2021. From a report: Kuo is predicting that one of Apple's new products to be released within the next 12-18 months will be a Mac with an in-house processor, instead of using an Intel CPU. There have been growing reports over the last couple of years about Apple making the switch to a custom-designed ARM processor for its Macs and today's report gives a concrete timeframe for when to expect that launch, which has actually held true since Kuo's prediction back in 2018. Since the coronavirus outbreak, Kuo highlights that Apple has been "more aggressive" with its funding for research, development, and production of 5nm process chips that are expected to show up in the first Macs with ARM CPUs. That's because 5nm chips will be integral to iPhone, iPad later this year, as well as Macs come 2021.

Alphabet's appeal against a multibillion-dollar fine for alleged anticompetitive behavior by its Google unit risks backfiring after a European Union court floated the prospect of increasing the fine (Warning: source paywalled; alternative source), rather than scrapping it. The Wall Street Journal reports: In a surprise twist Friday at the end of a three-day hearing, one of five judges on the panel said the EU's General Court has the power to increase the $2.6 billion fine, levied in 2017, if it finds that the sum was insufficient to deter the company from further anticompetitive behavior. "The fine of ~$2.6 billion was described as eye-catching, but it is a small amount of cash in your hands," Judge Colm Mac Eochaidh said in court. "Did that level of fine deter you from repeating your behavior?" he asked Google's counsel. Increasing a fine has only one precedent in the court's history, according to Mr. Mac Eochaidh, when German chemicals giant BASF SE was ordered to pay ~$58,000 in 2007 on top of an initial ~$38 million fine for participating in a chemicals cartel.

Christopher Thomas, a counsel for Google, dismissed the idea that the fine was warranted and said the company takes the entire antitrust process "with extreme seriousness." Google disputes the findings of the commission that it had willingly or negligently squeezed competitors out of its shopping searches. The prospect of raising the fine was described as theoretical by the panel's presiding judge. Still, it sent Google lawyers scrambling for arguments, with one sitting on the floor outside the courtroom frantically researching how to contest such a move. If Google loses the case, it has the right to appeal to the bloc's highest court, the European Court of Justice.

According to cybersecurity software company Malwarebytes' latest State of Malware report, the amount of malware on Macs is outpacing PCs for the first time ever. Recode reports: Windows machines still dominate the market share and tend to have more security vulnerabilities, which has for years made them the bigger and easier target for hackers. But as Apple's computers have grown in popularity, hackers appear to be focusing more of their attention on the versions of macOS that power them. Malwarebytes said there was a 400 percent increase in threats on Mac devices from 2018 to 2019, and found an average of 11 threats per Mac devices, which about twice the 5.8 average on Windows.

Now, this isn't quite as bad as it may appear. First of all, as Malwarebytes notes, the increase in threats could be attributable to an increase in Mac devices running its software. That makes the per-device statistic a better barometer. In 2018, there were 4.8 threats per Mac device, which means the per-device number has more than doubled. That's not great, but it's not as bad as that 400 percent increase. Also, the report says, the types of threats differ between operating systems. While Windows devices were more prone to "traditional"; malware, the top 10 Mac threats were adware and what are known as "potentially unwanted programs."

Mozilla today released Firefox 73 for Windows, Mac, Linux, and Android. Firefox 73 includes a default zoom level setting, a readability backplate option, and a handful of developer features.

Speaking with journalists after winning his first Oscar for Best Adapted Screenplay, Jojo Rabbit and Thor: Ragnarok director Taika Waititi had other things on his mind. When asked what he thought writers should be demanding in the next round of discussions with producers, Waititi put Apple's controversial laptop keyboards on blast. A report adds: "Apple needs to fix those keyboards," he said. "They are impossible to write on -- they've gotten worse. It makes me want to go back to PCs. Because PC keyboards, the bounce-back for your fingers is way better. Hands up who still uses a PC? You know what I'm talking about. It's a way better keyboard. Those Apple keyboards are horrendous." "I've got some shoulder problems," Waititi continued. "I've got OOS [Occupational Overuse Syndrome, a term used in New Zealand for RSI] -- I don't know what you call it over here, this sort of thing here (gestures to arm), that tendon which goes down your forearm down into the thumb? You know what I'm talking about, if you guys are ever writing. And what happens is you open the laptop and you're like this (makes uncomfortable hunched-over-laptop pose) -- we've just got to fix those keyboards. The WGA needs to step in and actually do something." Tech columnist John Gruber adds: I've been saying for years now that Apple has done severe reputational harm to the MacBook brand, which effectively is the Mac brand for most people, especially writers. Yes, there's a new keyboard with scissor-switch mechanisms in the 16-inch MacBook Pro. It's a pleasure to type on. But we're still months away from the rest of the MacBook lineup being updated to use that new keyboard. And that's a presumption on my part, that all MacBooks will get the new keyboard sooner rather than later. It certainly wouldn't make any sense if they didn't -- but the whole butterfly-switch saga has never made any sense.

An anonymous reader quotes a report from VentureBeat: Google today launched Chrome 80 for Windows, Mac, Linux, Android, and iOS. The release includes autoupgrading mixed content to HTTPS, SameSite cookie changes, quieter permission UI for notifications, and more developer features. This release thus beefs up security for the world's most popular browser and begins cracking down on cross-site cookies. You can update to the latest version now using Chrome's built-in updater or download it directly from google.com/chrome. With over 1 billion users, Chrome is both a browser and a major platform that web developers must consider. In fact, with Chrome's regular additions and changes, developers often have to stay on top of everything available -- as well as what has been deprecated or removed. Among other things, Chrome 80 has started deprecating FTP support by disabling it by default for non-enterprise clients.