March 1 Tech News roundup: Firefox confuses users with new policy, Google Pixel Watch 3 gets a new feature, New scam uses real mails from PayPal

Firefox users are confused by Mozilla’s Terms of Use update

Mozilla updated the Terms of Use of Firefox this week, and it raised some serious questions about the privacy of the browser. A clause in the policy revealed that content uploaded by the user would give the organization a free license and access to the data, and that it would be used to help users navigate, experience and interact with online content as you indicate. Users were confused by what Mozilla meant by “indicate”, and whether this meant their data was being sold.

It was just a misunderstanding caused by poor wording, which was quickly addressed by Mozilla. The organization clarified that the new terms were only added to update the legal minutia around terms like “sells” which are defined too broadly. Mozilla reiterated that it does not sell or buy data about users, and that it does not take ownership of any data from the user. The processing of data is related to how a user operates Firefox, such as visiting web pages, uploading images, etc., which is normal usage for a browser.

FDA approves Loss of Pulse Detection for Google’s Pixel Watch 3

Google will soon roll out a life-saving feature for the Pixel Watch 3 in the U.S. The feature is called Loss of Pulse Detection, and it has been available in 14 Countries since last year. But, it has not been available for users in the U.S. That’s because it hadn’t been approved by the FDA, until now. The FDA has given the nod to Google to add support for the Loss of Pulse Detection feature in the U.S.

Google says that the potentially life-saving feature uses a combination of AI, sensors on the watch, and signal-processing algorithms to detect whether the wearer’s pulse has stopped. The Pixel Watch 3 will trigger the motion sensor on the device, while an AI checks for signs and asks the users if they are OK. If the user fails to respond, a loud alarm is played along with a countdown. When the user does not respond to any of these, the watch begins an emergency procedure to alert medical services. This feature, along with others such as fall detection, can help those in need and save their lives.

LibreOffice patches security vulnerability in Windows version

The open source office software suite, LibreOffice, has confirmed the existence of a new security issue that affects users on Windows. Attackers could potentially use an exploit to launch malicious files, when a user opens a link contained in a LibreOffice document. The security flaw has a high severity rating, and LibreOffice versions 24.8 to 24.8.4 are affected by the vulnerability.

Users can open links in documents by using the Ctrl key while clicking links. The software normally prevents launching executable files that are opened from links. But the security flaw is related to the ShellExecute function that Windows uses to open apps. According to the official statement from the developers, the mechanism could be bypassed by hackers who may use non-file URLs that could be misinterpreted as a file path by Windows. The  security bug has been patched in LibreOffice 24.8.5, and users should update to the new version to protect themselves from attacks. The vulnerability does not affect Linux or macOS versions of LibreOffice.

Watch out for PayPal Phishing scam that uses real emails

Though scams targeting PayPal users are not particularly new, scammers are getting smarter. A new phishing attack has been spotted by users who say that the email that they received was from a real PayPal address. Oddly enough, this method has been used before by hackers who impersonated legitimate emails from the company.

The email used in the new PayPal phishing scam claims that a new address has been added to the user’s account, and includes information about shipment changes related to the purchase of a MacBook M4 Max. It also contains a phone number from PayPal support. A user who could be wary of such scams would probably check the email address to verify the sender is real. Hackers have abused PayPal’s gift address system that allows a user to add more details in the second address field. This lets a hacker create a message such as the MacBook details used in this scam.

PayPal will deliver the email to the linked account, and the scammers use redirects from the original email to be forwarded to other users via mailing lists and automated systems. These scareware tactics could trick PayPal users into calling the phone number received in such mails, which can further lead to installation of malware. Users should avoid opening links and attachments in suspicious mails, and instead check their PayPal account via the official website to see something is wrong.

Google to end SMS verification for Gmail

Google is planning to phase out SMS based 2-step verifications for users. A report has revealed that the company wants users to migrate to a QR-based system. This shouldn’t come as a surprise as Google has been enabling 2-step verifications for accounts that do not have a phone number, since last year.

The switch away from SMS verification is to improve the security for users, because codes delivered via SMS are in plain text, which is not encrypted, and can be viewed by anyone, or even be intercepted by hackers. This could potentially lead to accounts being taken over by scammers, and used for phishing attacks. Google’s QR Code system will require users to scan an image displayed on the screen using their mobile phone’s camera. So users will not need to input a verification code manually, and because a phone number is not involved in the process, this eliminates the risk of phishing attacks. Google plans to roll out the change in the first half of 2025.

Android System SafetyCore is scanning images on your phone

Android System SafetyCore is an app that was silently installed by Google on Android devices. The app was included as part of the October 2024 security updates. The company had originally announced that it had introduced “Sensitive Content Warnings” to allow users to choose whether they want to see or send a message that may contain nudity.

According to the company, the feature is optional and scans images for adult content. It then warns them about the content when using Google Messsages. While Google says that the feature uses on-device scanning to detect the images, users are skeptical about the nature of the process. It is pre-enabled for users who are under the age of 18, but adult accounts do not have the option enabled. There is a way to uninstall the Android System SafetyCore app.

Users have criticized Google for automatically scanning their images, claiming that it was behaving like a spyware app. The lack of transparency from the company has also drawn criticism from users who are concerned about the privacy of their photos.