NZCity NewsLinks -

All Links

11 Jul 2025

Search

Original Birkin bag shatters record with Ł7m sale
The prototype of the most famous bag in fashion, made for Jane Birkin in 1985, smashes auction records.

Musk’s Grok 4 launches one day after chatbot generated Hitler praise on X
xAI claims new multi-agent model hits top benchmarks as Nazi controversy lingers.

Hundreds of Chrome extensions create a web-scraping botnet
Browser extensions can be just as dangerous as regular apps, and their integration with the tool everyone’s constantly using can make them seem erroneously innocuous. Case in point: a collection of more than 200 extensions for Chrome and other major browsers are being used to “scrape” website content. This essentially turns browser users into a free data center, with capacity sold off for profit. The Secure Annex report (spotted by Ars Technica) is an interesting one, documenting the MellowTel system. Here’s how it works: Step one, a developer of a legitimate extension is offered a tool that integrates a software library into the extension. Step two, this software library utilizes the “unused bandwidth” for a browser in ways that aren’t obvious to the actual PC user. What’s happening is that the extension is using some clever tricks to scan and “scrape” the website behind the scenes, in the same way search engines like Google do… but crucially bypassing some of the basic protections that are in place, like security headers and robots.txt. So not only are the extensions slipping past some of the web’s basic guardrails, they’re doing so while parked on an unsuspecting PC, using up the processing power, bandwidth, and electricity of a user who downloaded a free browser extension. This essentially makes the end user’s browser a “bot,” in the researcher’s words. Step three, that scraped data — extremely valuable in the age of AI training sets, among other useful things — is collected and sold. Step four, the developer of the extension, who may or may not be aware of all of this, gets paid… along with the creator of the software library, of course. Hundreds of Chrome, Edge, and Firefox extensions have been documented using MellowTel, though some have been removed for malware (possibly unrelated to the report) or simply taken out the library in an update. An updated list from researcher John Tucker is available here, along with links to the relevant pages on the Chrome Web Store, Microsoft Edge add-ons repository, and Firefox add-ons repository. Here’s the interesting thing. Though this behavior certainly mimics the processes of a botnet or other malware, it’s not actively malicious… at least in terms that would obviously hold up in court. The user downloaded and installed the browser extension (almost certainly without reading the fine print), the developer included the library. This isn’t too far removed from, say, the advertisements on this very page that are sharing a whole lot more data about you than you might feel comfortable with. The system that enables the scraping is even open source, available for anyone to inspect. That said, this is definitely stepping over an ethical line, in my (totally independent, non-accusatory, and non-culpable) opinion. Gobbling up “unused bandwidth” is a red flag — that’s bandwidth that the user paid for, used or not, and will definitely show up in a bill if you happen to be on a metered connection while mobile. Using someone else’s bandwidth without explicit informed consent, to say nothing of computing power, smacks of the same kind of behavior that had extensions mining cryptocurrency with strangers’ computers. And that’s without considering the security issues. Tucker notes that in addition to the scraping behavior, the extensions gather other data including the computer’s (and thus the user’s) location, and opens potentially unsafe connections to remote web servers to transmit the data. The potential for browser extensions to be malicious or unsafe isn’t new, but this kind of scraping and harvesting behavior is likely to become more common in the future.

This Legion Go S can run SteamOS, and today it’s just $500
I’ve seen a lot of handheld gaming PCs come down the pike since the Steam Deck changed the game…and I wouldn’t buy any of them for myself. That’s because Windows 11 isn’t great for gaming on these little gadgets. But SteamOS is, and now you can install it on some of the competitors, including the new Legion Go S. And today it’s on sale for $499.99 at Best Buy, more than $200 off. So if you haven’t been following along, the Legion Go S is the first non-Valve device that officially supports SteamOS. But it’s not this Legion Go S — the white version comes with Windows 11 installed. It’s also more expensive at $760, which is quite a bit more than originally planned when Trump tariffs took effect. The black version of the handheld is the SteamOS version, and while it was initially planned to cost $500, it now goes for $600. But here’s the fun part. You can just install the free SteamOS on your white Legion Go S, directly from Valve, and turn it into that objectively better version, while also saving some money with this deal. Heck, you technically get a “free” copy of Windows 11 in there, making it even sweeter. This is the base model of the Legion Go S, with a somewhat pokey Ryzen Z2 Go processor and “just” 16GB of RAM and a 512GB SSD. But that’s still $50 cheaper than the Steam Deck with the same storage and RAM, a smaller, lower-resolution screen, and an older CPU. You save money and get a better machine, all you have to do is put in a little elbow grease to make it run a better gaming operating system. Sounds like a fun time to me, but I’m a weirdo who writes for PCWorld. Best Buy is running this sale during Amazon Prime Day, so it seems likely that it won’t stick around forever. Other stores aren’t matching it, but you can get the older, bigger, and more Switch-y Legion Go (sans S) for the same price. It’s also compatible with SteamOS, by the by. Get a SteamOS-compatible Legion Go S handheld for $500View Deal