open source and cybersecurity news

May 4, 2023

Chrome Removes Secure Website Lock Icon, Algorithmic Surveillance, AI Job Loss, Edge Leaks URLs, Software Supply Chain

In this Episode:

Episode Transcription:

Pokie Huang: 

Hey, it’s 5:05 on Thursday, May 4th, 2023. From the Sourced Podcast Network in New York city, this is your host Pokie Huang. Stories in today’s episode come from Edwin Kwan in Sydney. Australia. Olimpiu Pop in Transylvania, Romania, Trac Bannon in Camp Hill, Pennsylvania, Katy Craig in San Diego, California, Derek Weeks in Bethesda, Maryland and Marcel brown in St. Louis, Missouri. 

Let’s get to it.

Edwin Kwan: 

This is Edwin Kwan reporting from Auckland, New Zealand. 

Google recently announced that the lock icon that is used to indicate that the website connection is using https will be removed from the Chrome browser. They say that it is no longer needed as more than 99% of all web pages loaded on Chrome are over https.

They also say that it provides a misunderstanding that the website is secure and safe. There are potential harmful consequences from that, as most malicious websites would use https. And hence will also display the lock icon. 

The misunderstanding is so pervasive that many organizations, including the FBI, have published guidance, informing users that the lock icon is not an indicator of website safety, 

Even though the log icon will be removed, Google Chrome will continue to alert users of insecure http connections.

Olimpiu Pop: 

A late vote on a Tuesday in late March, 2024 sealed the faith in algorithm video surveillance in France. The law was adopted by a large majority too, and I thought that the meetings Macron had lately with the Xi Jinping were useless. 

Atypical to the French Latin spirit that tends to delay, the law took effect immediately and will remain in place until the end of 2024. According to the approved text, any event counting more than 300 participants will, in theory, fall under the scope of algorithmic surveillance. 

Next year, the French capital will be hosting multiple large scale sporting, recreational, and cultural events. But the biggest of them all are the Olympic Games. The legislators supported their decision by stating that algorithm driven smart cameras will be capable of detecting crowd surges, fires, and abandoned bags, but also unusual or risky behavior. 

While France’s privacy watchdog ,CNIL, insisted that facial recognition should be off the table in order to support the bill, the opponents say that any data that identifies a person by their physical attributes are by definition biometric.

Noemie Levain, a legal advisor of the digital rights group La Quadrature du Net declared: 

“This is a massive surveillance tool that allows police to analyze our behavior and to decide who is normal and who is suspicious based on their own stereotypes. It can detect what the police wanted to detect. 

Even though it was dubbed the Olympic Security Law , it will be used throughout next year at various events including the Rugby World Cup. 

Concerns about the law came from members of the European Parliament in Brussels as well. According to Levain, a lot of European members of Parliament are willing to ban massive biometric surveillance, so we hope the European values and European vision of liberties will win and that France will realize it is an isolated country. 

So if Italy said a categoric “No!” to AI until it is better regulated, France is the European country that has the least to say against AI. Hopefully the EU will remain the same safe haven it was for its citizens, whether born or adopted. 

The full episode and resources are available on This was Olimpiu Pop reporting from blossoming in Transylvania where Spring has finally arrived.

Tracy Bannon: 

Just how many jobs are going to be replaced by AI? There are sensational estimates and many people are truly concerned. About a month ago, Goldman announced a prediction that AI could lead to 300 million layoffs in the US and in Europe. Digging deeper, what they actually found is that based on occupational tasks for the US and Europe, that maybe two thirds of current jobs are going to be exposed to some kind of AI automation.

There was both mockery and emotion when the forecast came out. Hello, this is Trac Bannon reporting from Camp Hill, Pennsylvania. 

Many pundits, many research organizations and many social media watchers are trying to estimate or guesstimate what the future holds when it comes to layoffs or reduction in workforce based on generative AI as applied to our work. The problem is that the early projections appear to be slight of hand or monkey math. 

A recent example highlights this. Dropbox has announced that they will lay off 16% of the company. However they’re building out their AI division. Is it a fair assertion to say then that 16% are being laid off because of AI automations? Not exactly. 

The actual statement of strategic business planning is “the cuts will allow the company to build out its AI division.” Separately, Bloomberg reported that IBM’s CEO Arvind Krishna may pause hiring because they’re thinking about roles that could be replaced with artificial intelligence in the coming years, not today. 

This is a more rational sign and quite frankly, smart planning. A short pause to realign hiring strategy. We do need to keep our finger on the pulse of the decisions by these industry leaders. Keep in mind that IBM has added 7,000 workers in the first quarter. So clearly humans will be in the picture now. We hope in the future. 

Those folks who are normally part of back office functions, such as human resources may see a slowing. If you allow there to be an extrapolation and forecast, conceivable estimates are that 8,000 jobs could be lost, replaced, or dramatically changed. That’s right. The term is dramatically change in the role.

All this being said, AI assistance is expected to save Big Blue nearly 2 billion by the end of 2024 when it comes to repeatable, mundane tasks. Yet, who are we to believe? Mathematician? Pollster? Pundit? At a minimum, we know that massive changes are on the horizon. Will this be similar to when vinyls were replaced with cassettes that were eventually replaced with CDs and now exist on our online streaming media collections?

Perhaps contrived, but perhaps something to think about. 

Bottom line is that we all need to understand the basics of what AI is and what it is not. We need to experiment with the tools available to us, to understand what could help us in our day-to-day jobs. And perhaps even take those recommendations forward to our leaders so we can focus on solving bigger challenges together.

Clearly, the impact of AI on our future gives us all something to noodle on.

Katy Craig: 

Last week, Reddit users discovered that the latest version of Microsoft Edge appears to be sending the full URLs of nearly every page visited by users to the Bing API website, alarming the online community as it could potentially lead to privacy issues. 

This is Katy Craig in San Diego, California.

Upon learning of these reports, Microsoft promptly initiated an investigation into the matter. According to the Verge, Microsoft Edge now includes a creator follow feature, which is enabled by default. The feature was intended to notify Bing when users visit specific pages such as YouTube, the Verge, and Reddit.

However, it seems that this feature isn’t working as intended, sending almost every domain visited by users to Bing. As Microsoft investigates these reports, it’s crucial for users to be aware of potential privacy risks and take proactive measures to protect their online privacy. 

Here are some tips you can follow.

Use privacy focused browsers. Consider using browsers known for their commitment to user privacy, such as Mozilla, Firefox, or Brave. 

Adjust browser settings. Tweak your browser settings to maximize privacy protection, including disabling features that may compromise your data.

 Be cautious with ads. If an ad seems too good to be true or is promoting something that’s not relevant to the site you’re visiting, it might be best to avoid clicking on it.

This is Katy Craig. Stay safe out there.

Derek Weeks: 

74% of professionals surveyed agreed that traditional application security solutions, including software composition analysis, static application security testing, and dynamic application security testing are ineffective at protecting companies from modern software supply chain threats. This is according to a new survey just released from Reversing Labs.

I’m Derek Weeks reporting from Bethesda, Maryland. 

Having been one of the early leaders in defining the software supply chain security market, this is no surprise to me. Today’s market is crowded with vendors promoting point solutions that highlight and sometimes resolve one or a couple of issues tied to software supply chain security. 

DevOps.Com invited me and other security industry leaders to participate in a panel discussion earlier this week about software supply chain security.

One of the recommendations that arose in this discussion from several of us on the panel was first getting a better understanding of your software supply chains. Yes, you have more than one many. Development platform engineering and security pros can’t yet visualize their software supply chains end to end and have not mapped them out.

Those that do, are enlightened. 

The first thing they find is that it is not fully contained inside their walls. Code repositories live on the internet. As many developers download code packages and containers as their businesses employ. There are no checks at the front door. There’s no equivalent of a procurement department that evaluates what is flowing through your software supply chains, as would be in normal physical software supply chains in the manufacturing industries. 

In software supply chains, the supplier base is global. The variety of supply and frequency of change in it would boggle your mind. So where should you start? 

Mapping out your software supply chain to truly understand it is an important first step. Visibility aids understanding. Understanding, helps you prioritize. Prioritization helps you address the biggest issues first. 

On your next lunch break with colleagues or in your next team meeting, why don’t you take a stab at mapping out your software supply chains… on paper or perhaps on a whiteboard. You might be surprised at what you uncover. Then it’s up to you to determine what to do next.

Marcel Brown: 

This is Marcel Brown, the most trusted name in technology, traveling through hyperspace to bring you today’s technology history for May 4th. 

May the Fourth be with you. 

Speaking of Star Wars, did you know that all three original Star Wars movies were released in the month of May? When you ask? Stay tuned this month to find out.

And now, today’s tech history.

May 4th, 1995. German company, Escom AG purchases the rights to the name, patents and intellectual property of Commodore Electronics, which had declared bankruptcy in 1994. 

Commodore was a pioneer in the personal computing industry holding some impressive records, such as having the best selling computer in history with the Commodore 64, which the Guinness Book of Records estimates about 30 million units were sold over the course of 10 years, from 1982 to 1992, the first computer company to have over 50% of the home PC market and the first computer company to make over $1 billion in sales. They also created some of the most innovative computers in the early PC market, such as the first multimedia computer, the Amiga.

Unfortunately for Commodore, as it was with many early PC companies, the juggernaut of the IBM compatible PC combined with poor management was their ultimate undoing. 

May 4th, 2000. The Love Letter computer virus, aka the I Love You, bug spreads to personal computers running Windows around the world In just six hours. Spreading through email, the virus entices victims to open the message with the subject of, I Love You.

About 2.5 to 3 million PCs will become infected. The cost of system downtime is later estimated at 8.7 billion. It is thought to be the fastest moving and most widespread virus in history. Thanks Microsoft. 

Also, notable events that happened on May 4th. In 1927, the Academy of Motion, picture Arts and Sciences was incorporated. And in 1959, the first annual Grammy Awards were held. Both things made possible through technology. I have spoken. 

That is your technology history for today. For more, tune in tomorrow and visit my website This is the way.

Pokie Huang: 

That’s it for today’s open source and cybersecurity updates. For direct links to all stories and resources mentioned in today’s episode, go to, where you can listen to our growing library of over 100 episodes. You can also download the transcript of all episodes for easy reference.

5:05 is a Sourced Networks Production with updates available Monday through Friday on your favorite audio streaming platform. Just search for “It’s 5:05!”. And please consider subscribing while you’re there. 

Thank you to Edwin Kwan, Olimpiu Pop, Trac Bannon, Katy Craig, Derek Weeks and Marcel Brown for today’s contributions.

The Executive Producer and the editor is Mark Miller. The sound engineer is Pokie Huang. Music for today’s episode is by Blue Dot Sessions. We use Descript for spoken text editing and Audacity to layer in the soundscapes. The show distribution platform is provided by This is Pokie Huang. See you tomorrow… at 5:05.



Leave the first comment