#77: Should you eat that Cookie?

Posted on May 23, 2025 (Updated May 22, 2025) by ewand

As Sesame Street moves to Netflix, we might be reminded that cookies are often ravenously delicious even if you’re left counting the empty calories.

Web users might be familiar with a different kind of cookie, signified less like a tasty snack and more an annoying pop-up. Non-Californian American browsers might be less susceptible to this kind of nonsense, but European users have – in the name of “privacy” – been compelled to deal with prompts before they can see a site they’ve clicked on. Like just about any T&Cs or software licensing EULAs, most people just want to get rid of the prompt as quickly as possible so might be drawn to the most-prominent “Accept” button.

It can be pretty eye-opening if you do pay attention – many sites potentially share the way you browse with thousands of third parties. Dive into the more advanced settings on each of the se prompts and you might be able to enable and disable individual “partners” or tweak exactly which kind of information is being tracked. But who’s got time for that?

Mmmmm. Cookies.

Back in the mid 1990s, when the web was taking shape, telecoms company MCI was developing an early e-commerce application with Netscape, but didn’t want their web server to have to track every stage of incomplete transactions. So, the developers took an idea that had been previously used, called a “magic cookie”, as a way of temporarily storing a block of data on the user’s computer. Thus, the HTTP Cookie, aka web cookie and so on, became a standard in 1997.

In general, cookies are supposed to make browsing the web more seamless – when you go to a website, a cookie from a previous visit could be used to continue a previous process or remember some preference you had – like how many items you want in a list or how to sort it – without needing to log in.

But cookies give website developers a raft of ways to silently track users, while also opening the door to all kinds of nefarious behaviours either on behalf of the site owners or unknown 3^rd party players.

Look in your browser settings and you’ll see various ways where you can control the usage of cookies, and see what sites have put on your machine…

A screenshot of a computer

AI-generated content may be incorrect.

Visiting a single site, you can see what cookies are in use, and individually inspect, disable or delete them.

A screenshot of a computer

AI-generated content may be incorrect.

Using addins to stop foul play

Even if you are a trusting soul, it makes sense to use some common addins to limit what 3^rd parties can see and know about you while browsing the web. Popular tools that might reduce tracking, cookies and block ads include Privacy Badger, I Don’t Care About Cookies, uBlock Origin and many more.

A screenshot of a computer

AI-generated content may be incorrect.

Most of these kind of tools will give you the option to “whitelist” a website, in case turning off all its tracking and cookies actually breaks the site, so there’s little risk in using the well-known ones. Be very careful of any unsolicited add-ons trying to install themselves via popups or any other means.

Check out the EFF’s “Cover Your Tracks” page as well – it gives you a report on how well tied down (through addins or configuration) your browser really is.

Should you Accept, or Reject All?

Most of the time, the options are straightforward, even if the Accept button is more prominent; many sites will let you Reject cookies and will still work more-or-less intact. There are both temporary cookies that only live as long as your session, and persistent ones which stay on your computer so you can be identified next time you show up. There are a few different types typically used:

· Functional – these are used to track things like your basic preferences on the site, what country you are in and so on. There should be nothing to fear here but if you use an addin or a browser setting to completely block cookies, the site might just not work.

· Performance or analytical – these track how you use the website, and are generally anonymised so just provide the site owner with a way of improving their service.

· Advertising – usually a mix of 3^rd party sites which track what you do, across different sites. That’s why if you’re shopping for something one minute, you start to see adverts for the same kind of thing on different websites. Do you want to have your browsing patterns exposed to potentially thousands of advertisers so they can foist more stuff at you?

You could try disabling third-party cookies as one way of avoiding advert spam.

In Google Chrome:

A screenshot of a search box

AI-generated content may be incorrect.

In Microsoft Edge:

A screenshot of a computer

AI-generated content may be incorrect.

There is a school of thought which says you’d be better off rejecting as much as you can when asked for what to allow, in conjunction with anti-tracking and ad-blocking addins. Some sites will still make you jump through multiple hoops to individually disable lots of options to effectively “Reject All”.

A screenshot of a computer

AI-generated content may be incorrect.

Some sites just won’t let you get by without either Accepting everything or by paying for a subscription; your choices then are to accept their meddling oversight, pay their toll, or just don’t look at their pages.

A screenshot of a website

AI-generated content may be incorrect.

#76: What might have been, Microsoft?

Posted on May 22, 2025 (Updated May 22, 2025) by ewand

Firstly, sympathy goes out to the 3% of Microsoft workers who are leaving sooner than planned – best of luck in whatever comes next, and remember the old saying that when you step out from under the umbrella, you might realise it wasn’t actually raining.

Let’s not shed too many tears for the world’s most valuable company: Microsoft Corp is doing “not bad”. Back in Redmond, those AI chips won’t buy themselves and that shiny new office Campus (with such world-beating things as public transport to reach it) might expect everyone who is nominally based there to be physically present a bit more often, even while publicly saying that’s not the plan.

(by market capitalization, at time of writing, investments can go down as well as up, blah blah blah).

Microsoft has been successfully riding the AI hype wave, with the largest revenue source being a solid second-place in the public cloud market. They also have the benefit of other well-established and highly profitable businesses like Office/Microsoft 365, Xbox and LinkedIn. Oh yes, and Windows.

Coulda Woulda Shoulda

But what of all the others that could have been contenders? Well, proof that dominance in one market does not always translate into outright success in an adjacent one, there’s …

Windows Phone 7 Launch Round-up | Windows Central

In many ways, Microsoft led the early Smartphone wave, alongside some long-forgotten players like Symbian; the idea that the millions of Windows developers could use the same tools and languages to write applications for the growing range of Windows-based handheld devices was quite a compelling one.

Sadly, the devices were a bit too limited in capability in the days of Windows CE software (also, a bit too clunky for small form factors), and application distribution was finicky. Microsoft wanted to shackle everything to “Windows”, even charging OEMs a per-device license model to buy the software, just like on the PC.

The early Pocket PC Phone and “Microsoft Smartphone” era ultimately hit the skids when Apple’s iPhone arrived with better hardware, a stoic resistance to the mobile operators calling the shots, and eventually, with easy-to-distribute apps.

Windows Phone 7 was an attempt to tear up the existing ecosystem and take a leaf from Apple’s (and increasingly, Android’s) book – and even though it grew from Windows Phone 7 through Windows Phone 8.x and the short-lived Windows 10 Mobile, there was no room in the market. Some fans still bemoan its death and there are tools to try to replicate some of the nicer bits of WinPhone on Android. Sometimes, even the best don’t win – see BetaMax vs VHS. And Windows Phone was V2000. RIP.

Could it have succeeded or even survived? Not really. Although the app model was almost an accidental afterthought by Apple, by the time Windows Phone 7 was due to launch, Android was already established – especially outside of the US – as the alternative. Even if Microsoft had almost perfect execution, it would still have been waiting for Google and/or Apple to drop the ball.

The entire Windows App model was predicated on the same apps being written for phones, tablets and desktops/laptops – leaving aside that people don’t really want giant touch-first apps on their desktop. Remove the phone platform and the whole raison d’être of the UWP model fell apart.

There are many other “Killed by Microsoft” topics previously covered on ToW – some in #24: Googly Embalmer, and others from years ago, 350 – Killing me Softly, part I (and part 2).

One recent high-profile closure is…

Yep. If you have the Skype app already, you’ll be told to use Teams and going to web.skype.com redirects straight away to a Teams web login page. The web UX for Skype is fairly recent – previewed in 2018 and launched 6 months later.

In fact, Skype was still being actively updated until only a few months ago – see the blog here, and the 2023 post celebrating 20 years since Skype arrived. It’s certainly more active than some other official blogs, like OneNote – which has tumbleweed blowing through by comparison, if you take out the “wooohooo, Copilot!” type posts.

Skype’s 1:1 video calling should have been a USP when people started having mobiles with forward-facing cameras, but it was outmanoeuvred by Apple’s FaceTime and WhatsApp.

Skype was a big-deal acquisition by Microsoft – costing $8.5B back in 2011, and the company’s largest to date. The then-popular MSN Messenger service was killed a couple of years later, trying to migrate to users to Skype, but that was the beginning of the end for the consumer messaging business which has now been ceded to Facebook, WhatsApp et al.

Where would we be now, if these plans had worked out? Running around with Surface Phone Copilot+ Mobile 15 Edition devices, using MSN (it’s back after all) Video Messenger to keep in touch with our friends?

#75: Mind your P@assw0rds

Posted on May 9, 2025 by ewand

Be honest: when you sign up for some website, do you just use the same email address / password? If so, you’re not alone – around three-quarters of people reuse the same passwords, even though most know they really shouldn’t.

A CyberNews study of over 19 billion exposed passwords shows that many are weak and easy to guess, too – the most popular passwords for the last 15 years are, basically, “123456” and “password”. Some of the more high-profile security breaches have come about directly because of weak and compromised credentials.

ToW has talked about passwords a bit in the distant past – #620, #656 in the old days, and most recently, #33 – Securing your Microsoft Account (MSA). If you haven’t done so already, go right now to that last link and set up Multifactor Autthentication (MFA) on your Microsoft Account.

Authenticator being Edged out

Like Google Chrome, Firefox and pretty much every modern browser, Microsoft’s Edge can offer to generate nice complex passwords for you. It also has a password store which can automatically fill your usernames & passwords next time you revisit websites, so you don’t need to remember them or write them down, and synchronise them between different devices logged in with the same ID.

A screenshot of a computer screen

AI-generated content may be incorrect.

In shock news bordering on marginal enshittification, Microsoft has decided to remove a useful component of the Authenticator app that it prefers to use for managing 2FA/MFA on its various types of logins.

Thus far, if you have Authenticator set up with your Microsoft Account or an Entra ID, you can sync your passwords from the PC and be able to review them in the app, just as you would by going to Settings / Passwords options in the desktop Edge browser (or entering edge://wallet/passwords into the address bar).

A screen shot of a phone

AI-generated content may be incorrect.

This means that it can be handy to find a username/password when you’re mobile, in case you need to enter it manually, but also it allows Authenticator to provide an “autofill service” for other apps on your device, not just web pages. When you get unceremoniously signed out of an app just because it’s been automatically updated, the autofill service can recover and re-enter your username and password.

It’s this bit that is being yanked from Authenticator – for reasons unknown, other than “Microsoft is streamlining autofill”. Maybe nobody uses it? Maybe Microsoft would prefer anyone who does use Edge on their PC and who wants to access passwords while mobile, to be compelled to use Edge on their Phone also?

Similarly, Payment info that is synced from browser to Authenticator will be removed in July 2025.

A screenshot of a phone

AI-generated content may be incorrect.

The workaround (other than moving to a completely different password management system) is indeed to switch autofill provider on your phone to use Edge instead (having first installed it and synced it with your ID, if you haven’t already). In mitigation, the mobile versions of the browser are pretty good, and if you do use Edge on the PC or Mac, it makes sense to sync stuff across to your phone as well.

The password autofill is pretty much indistinguishable when using Edge in place of Authenticator. The UX for password management, however, isn’t so good (go into mobile Edge, Settings, and look for Passwords) but maybe that’s the price of progress?

#74: ZoomIt joins the other ’toys

Posted on May 8, 2025 by ewand

There’s a long history of people building cool add-ons and tools for Windows. From “Tiny Elvis” which amazed Win3.1 users, to a whole suite of tech-nerd extensions called Winternals, offering stuff that could peer under the hood of the then-new Windows NT system. Some were officially produced – the Microsoft Plus! pack for Win95, or numerous Resource Kit tools spring to mind.

Microsoft internal teams released a free set of utilities called PowerToys for Windows 95: some background to the developments came out 20 years ago.

A new PowerToys package appeared more recently for Windows 10 and 11 – it’s a free collection of numerous utilities which extend Windows in some way. Some have featured in previous ToWs – #647 and #15 among them (the former being Old Testament before the Great Reset, the latter being in the new world).

PowerToys is updated regularly on GitHub (see details on https://aka.ms/powertoysresleasenotes) and gets bug fixes for some of the tools, or periodically, whole new additions. After 5 years, it’s still “Preview” and has reached v0.90.1. Perhaps that version number is asymptotic, in that it will never actually be 1.0.

There are currently 25+ tools ranging from occasionally useful things like Find My Mouse to larger, previously separate utilities which might be used every day, like Mouse without Borders.

Look on the system tray for the colourful PowerToys icon and left-click on it to get the Quick access menu (currently non-customizable, which is a bit odd – like, how often do you need to edit your Hosts file? ).

Double-click on the PowerToys system tray icon and you’ll get a more expansive dialog, allowing you to enable or disable individual utilities and get a reminder of what the keystroke is to invoke it.

Don’t fall asleep

One of those occasionally handy tools that, when enabled, has its own system tray icon, is Awake.

It shows up as a coffee cup in the System tray and can be used to over-ride any compulsion your PC has to go to sleep or even blank the screen. Handy if you’re downloading something from a slow network and you need to keep the PC active, or you want to keep the machine available for remote access etc.

Another use case is when using PIP/split-screen modes on large monitors, things can get a bit unpredictable if the primary input disappears through power saving schemes. Setting a longer timeout for the “Keep awake” will mean the screen doesn’t blank so quickly, until you revert to normal and let the machine’s power plan take over.

Zoom Zoom!

A recent addition to PowerToys is ZoomIt (not to be confused with the metadirectory services company which was a forerunner to Microsoft Identity Manager).

If you’ve ever watched Azure CTO and all round technical fellow Mark Russinovich present at a major conference, you’ve almost certainly seen him using ZoomIt. In a nutshell, you can zoom into a static grab of the screen, using the mouse or trackpad to smoothly zoom in and out. It lets you annotate highlights using the mouse – Mark would do this to underline some part of a demo he was giving, showing where something has changed or where a command should be entered.

As well as zooming on a static view, it can also zoom into a live part of the screen too (which might be handy for doing precision mousing), plus some other neat presenter-friendly tricks like having a full-screen countdown timer.

ZoomIt was originally built by Mark’s company Winternals, which became SysInternals, and was acquired by Microsoft in 2006. The tool is available standalone from PowerToys if you prefer, alongside many other technical utilities.