Safety & Security Safety & Security
- Nest’s commitments to privacy and securityon June 29, 2021 at 5:00 pm
Two years ago Nest shared our commitments to privacy to give you a better understanding of how our products work in your home. Today, we’re publishing new security commitments and putting it all in one place: Nest’s new Safety Center. The Safety Center is meant to give you a clear picture of the work we do each day to build trustworthy products and create a safer and more helpful home.Our new security commitments include standards Google has long held as well as updates that are specific to Nest’s connected home devices and services. Finally, we want to acknowledge the way this technology is evolving — for example, our recent announcements on Matter and our work on Project Connected Home over IP ). That’s why we’ve updated a small section in our privacy commitments to better reflect our focus on openness. Here are the details:We will validate our Google Nest devices using an independent security standard. Google Nest connected smart home devices introduced in 2019 or later are now validated using third-party, industry-recognized security standards, like those developed by the Internet of Secure Things Alliance (ioXt). And we publish the validation results so you can see how our products hold up according to those standards. Before new products launch we’ll assess them against these standards to make sure they’re meeting or exceeding them.We invest in security research to keep raising our standards.Google Nest participates in the Google vulnerability reward program. This provides monetary rewards for security researchers outside of Google who test our products and tell the Nest Security team about any vulnerabilities they find. This helps the Nest Security team learn about and get ahead of vulnerabilities, keeping Nest devices in your home more secure for the long run.We help protect your account security as the first step in safety.Your Google Account is your way into your Nest devices, and we take account security seriously. That’s why we help keep your Google Account secure with tools and automatic protections like suspicious activity detection, Security Checkup and two-step verification.We issue critical bug fixes and patches for at least five years after launch. We work hard to respond to the ever-changing technology and security landscape by building many lines of defense, including providing automatic software security updates that address critical issues known to Google Nest.We use verified boot to protect your devices. All our devices introduced in 2019 and after use verified boot, which checks that the device is running the right software every time it restarts. This helps make sure that no one has access to your account or control of your devices without your permission.We give you visibility into which devices are connected to your account.All the devices that you’re signed into will show up in your Google Account device activity page. That way, you can make sure your account is connected only to the devices it should be.A helpful home is a safe home, and Nest’s new safety center is part of making sure Nest products help take care of the people in your life and the world around you.
- Safer learning with Google for Educationon June 29, 2021 at 4:00 pm
When the Google for Education team designs products, we put the safety, security and privacy needs of our users first. This means keeping schools’ data safer with built-in security features that provide automated protection, compliance visibility and control, to ensure a private, safe and secure learning environment. We aim to support and protect the entire education community, and particularly teachers and students, so they can focus on what matters most: teaching and learning.Everything we build is guided by three important principles:Secure by default: Protecting your privacy starts with the world’s most advanced security. Even before you set up security controls for your school’s digital environment specific to your needs, our built-in security is automatically protecting you from threats, like ransomware. Private by design: We uphold responsible data practices designed to respect your privacy. Our products can be used in compliance with the most rigorous data privacy standards, including FERPA, COPPA and GDPR. Google does not use data from Google Workspace for Education Core Services for advertising purposes, and users’ personal information is never sold.You’re in control: You own your data in Core Workspace Services, which means that you retain full intellectual property rights over your customer data, and you control who can download it, and when. You can get real-time alerts so you can act immediately if an incident occurs, and customize the security dashboard to get reports on your security status at any time. Introducing new features to provide more visibility and controlTo help admins and teachers as they build safe digital learning environments, we’re adding additional features to provide more visibility and control. We are also updating ourprivacy notice to to make it easier for teachers, parents and students to understand what information we collect and why we collect it. Nothing is changing about how your information is processed. Rather, we’ve improved the way we describe our practices and privacy controls with a simpler structure and clearer language.Tailor access based on ageWe’re launching a new age-based access setting to make it easier for admins to tailor experiences for their users based on age when using Google services like YouTube, Photos and Maps. Starting today, all admins from primary and secondary institutions must indicate which of their users, such as their teachers and staff, are 18 and older using organizational units or groups in Admin Console. After September 1, 2021, students who are under 18 will see changes in their experience across Google products. For example, after September 1, students designated as under 18 in K-12 domains can view YouTube content assigned by teachers, but they won’t be able to post videos, comment or live stream using their school Google account. Administrators should ensure that Google Takeout is turned on so that end users can download their data, like previously uploaded videos, using Google Takeout.If admins don’t make a selection by September 1, primary and secondary institutions users will all default to the under-18 experience, while higher-education institutions users will default to the 18-and-older experience. These age-based settings are not locked and admins can always adjust them according to the age of their users.New default experiences for Chrome users in K-12 institutionsMany schools already have policies in place for SafeSearch, SafeSites, Guest Mode and Incognito Mode, and we are updating their defaults to ensure a safer web browsing experience for K-12 institutions. Now, SafeSearch and SafeSites will be on by default, and Guest Mode and Incognito Mode will be off by default. Admins can still change each of these policies on Chrome OS for individual organization units, for example allowing the use of Guest Mode for users in their domain. The Google for Education team is committed to creating tools and services that are secure by default and private by design, all the while giving you complete control over your environment.
- 6 new features on Android this summeron June 15, 2021 at 4:00 pm
From keeping your account password safe to scheduling text messages to send at the right moment, we’re constantly rolling out new updates to the 3 billion active Android devices around the world. Today, we’re welcoming summer with six updates for your Android that focus on safety — so you’re protected at every turn.1. Android Earthquake Alerts System is rolling out globallyLast year, we embarked on a mission to build the world’s largest earthquake detection network, based on technology built into Android devices. With this free system, people in affected areas can get alerts seconds before an earthquake hits, giving you advance notice in case you need to seek safety. We recently launched the Android Earthquake Alerts System in New Zealand and Greece. Today, we’re introducing the Android Earthquake Alerts System in Turkey, the Philippines, Kazakhstan, Kyrgyz Republic, Tajikistan, Turkmenistan and Uzbekistan.We are prioritizing launching Earthquake Alerts in countries with higher earthquake risks, and hope to launch in more and more countries over the coming year.2. Star what’s important with the Messages app10:25With tons of messages from family, friends, colleagues and others, it’s easy for information to get lost. Now, you can star a message on your Messages app to keep track of what’s important, and easily find it later without scrolling through all of your conversations. Just tap and hold your message, then star it. And when you want to revisit a message, like your friend’s address or the photo from your family reunion, tap on the starred category. Starred messages will start to roll out more broadly over the coming weeks.3. Find the perfect Emoji Kitchen sticker at the perfect timeIn May, we introduced a new section in your recently used Emoji Kitchen stickers so you can quickly get back to the ones you use most frequently. Soon you’ll also start to see contextual suggestions in Emoji Kitchen once you’ve typed a message. These will help you discover the perfect emoji combination at the exact moment you need it.Contextual Emoji Kitchen suggestions are available in Gboard beta today and are coming to all Gboard users this summer for messages written in English, Spanish and Portuguese on devices running Android 6.0 and above.4. Access more of your favorite apps with just your voice10:25Ask Google to open or search many of your favorite apps using just your voice — you can say things like, “Hey Google, pay my Capital One bill” to jump right into the app and complete the task or “Hey Google, check my miles on Strava” to quickly see your weekly progress right on the lock screen. See what else you can do by saying “Hey Google, shortcuts.” 5. Improved Password Input and gaze detection on Voice AccessBuilt with and for people with motor disabilities, and helpful for those without, Voice Access gives you quick and efficient phone and app navigation with just your voice.With gaze detection, now in beta, you can ask Voice Access to work only when you are looking at the screen — so you can naturally move between talking to friends and using your phone. Voice Access now has enhanced password input. When it recognizes a password field, it will let you input letters, numbers and symbols. For example, you can say “capital P a s s w o r d” or names of symbols (like “dollar sign” to input a $), so it’s faster to safely enter your password.6. More customization and new app experiences on Android AutoYou can now customize more of your Android Auto experience for easier use, like personalizing your launcher screen directly from your phone and manually setting dark mode. It’s also easier to browse content with new tabs in your media apps, a “back to top” option and an A to Z button in the scroll bar. And, if it’s your first time using Android Auto, you can now get started faster in your car with a few simple taps.We’ve also added new app experiences to help enhance your drive. EV charging, parking and navigation apps are now available to use in Android Auto. Plus, we’ve improved the messaging experience, so you can access your favorite messaging apps from the launcher screen. You can easily read and send new messages directly from apps like WhatsApp or Messages — now available globally. These Android Auto features are available on phones running Android 6.0 or above, and when connected to your compatible car.
- Our commitments for the Privacy Sandboxon June 11, 2021 at 6:00 am
We all expect a more private and secure web. The Privacy Sandbox initiative aims to help build it by developing new digital advertising tools to protect people’s privacy and prevent covert tracking, while supporting a thriving ad-funded web. From the start of this project, we have been developing these tools in the open, and sought feedback at every step to ensure that they work for everyone, not just Google. As many publishers and advertisers rely on online advertising to fund their websites, getting this balance right is key to keeping the web open and accessible to everyone. So when the United Kingdom’s Competition and Markets Authority (CMA) announced its formal investigation of the Privacy Sandbox in January, we welcomed the opportunity to engage with a regulator with the mandate to promote competition for the benefit of consumers. This process has also recognized the importance of reconciling privacy and competition concerns. In a first-of-its-kind review involving converging regulatory authorities and expertise, the United Kingdom’s privacy regulator, the Information Commissioner’s Office (ICO), is working collaboratively with, and providing direct input to, the CMA on Google’s approach.Today we are offering a set of commitments — the result of many hours of discussions with the CMA and more generally with the broader web community — about how we’ll design and implement the Privacy Sandbox proposals and treat user data in Google’s systems in the years ahead. The CMA is now asking others in the industry for feedback on these commitments as part of a public consultation, with a view to making them legally binding. If the CMA accepts these commitments, we will apply them globally. The commitmentsConsultation and collaboration Throughout this process, we will engage the CMA and the industry in an open, constructive and continuous dialogue. This includes proactively informing both the CMA and the wider ecosystem of timelines, changes and tests during the development of the Privacy Sandbox proposals, building on our transparent approach to date. We will work with the CMA to resolve concerns and develop agreed parameters for the testing of new proposals, while the CMA will be getting direct input from the ICO. No data advantage for Google advertising products Google has always had policies and practices to safeguard the use of people’s data. And we have explicitly stated that once third-party cookies are phased out, we will not build alternate identifiers to track individuals as they browse across the web, nor will we use such identifiers in our products. Building on this principle, the commitments confirm that once third-party cookies are phased out, our ads products will not access synced Chrome browsing histories (or data from other user-facing Google products) in order to track users to target or measure ads on sites across the web. Further, our ads products will also not access synced Chrome browsing histories or publishers’ Google Analytics accounts to track users for targeting and measuring ads on our own sites, such as Google Search. No self-preferencingWe will play by the same rules as everybody else because we believe in competition on the merits. Our commitments make clear that, as the Privacy Sandbox proposals are developed and implemented, that work will not give preferential treatment or advantage to Google’s advertising products or to Google’s own sites. What’s nextWe appreciate the CMA’s thoughtful approach throughout the review and their engagement with the difficult trade-offs that this process inevitably involves. We also welcome feedback from the public consultation and will continue to engage with the CMA and with the industry on this important topic. We understand that our plans will be scrutinized, so we’ll also continue to engage with other regulators, industry partners and privacy experts as well. We believe that these kinds of investments in privacy will create more opportunity, not less. The Privacy Sandbox seeks a way forward that improves people’s privacy online while ensuring that advertisers and publishers of all sizes can continue to succeed.
- How Google supports today’s critical cybersecurity effortson June 8, 2021 at 1:00 pm
The past six months have seen some of the most widespread and alarming cyber attacks against our digital infrastructure in history — against public utilities, private sector companies, government entities and people living in democracies around the world. Attacks by nation-states and criminals are increasingly brazen and effective, penetrating even widely used products and services that are supposed to keep you safe.We are deeply concerned by these trends. Security is the cornerstone of our product strategy, and we’ve spent the last decade building infrastructure and designing products that implement security at scale: every day Gmail blocks more than 100 million phishing attempts that never reach you. Google Play Protect scans over 100 billion apps for malware and other issues. We strive to deliver the most trusted cloudin the industry. And we have dedicated teams like Project Zero who focus on finding and fixing vulnerabilities across the web to make the internet safer for all of us. Our security-first approach builds on awareness of an evolving threat environment, industry-wide information sharing, and the leadership of the international security community. We welcome growing efforts by governments around the world to address cybersecurity challenges. The recent cyber attacks create an opportunity to improve international cooperation and collaboration on areas of common concern. In the United States, we are committed to supporting the most recent White House Cybersecurity Executive Order, which makes critical strides to improve America’s cyber defenses in three key areas: Modernization and security innovation One of the most promising aspects of the U.S. government’s approach is to set agencies and departments on a path to modernize security practices and strengthen cyber defenses across the federal government. We strongly support modernizing computing systems, making security simple and scalable by default, and adopting best practices like zero trust frameworks. As we saw with SolarWinds and the Microsoft Exchange attacks, proprietary systems and restrictions on interoperability and data portability can amplify a network’s vulnerability, helping attackers scale up their efforts. Being tied to a single legacy system also keeps public sector agencies and businesses from taking advantage of the latest cloud-based security solutions. Modern systems create the ability to make frequent security updates and changes safely, a critical part of cyber-defense for both the government and private sector. If we are going to solve big security problems, we need to move beyond security band-aids to eliminating entire classes of vulnerabilities, like the risk of clicking on bad links. Secure software developmentThe U.S. government’s call to action to secure software development practices could bring about the most significant progress on cybersecurity in a decade and will likely have a significant long-term impact on government risk postures. At Google, we’ve emphasized securing the software supply chain and we’ve long built technologies and advocated for standards that enhance the integrity and security of software. We continue to work with the U.S. Commerce Department on these issues and support their effort to develop and share best practices. Public-private partnershipsIn the last few weeks, ransomware attacks have targeted our schools, hospitals, oil pipelines and food supply. Meaningful improvement in cybersecurity will require the public and private sectors to work together in areas like sharing information on cyber threats; developing a comprehensive, defensive security posture to protect against ransomware; and coordinating how they identify and invest in next-generation security tools. We are committed to advancing our collective cybersecurity. We have had to block many attacks, including some from nation-states. Those experiences have given us insights into what works in practice, so our government and private-sector customers don’t have to tackle these issues on their own or depend on the same enterprise technology that created the issues in the first place. Governments need industry-wide support and we are ready and willing to do our part.We look forward to expanding our work with the United States and other governments, as well as with private sector partners, to develop security technologies and standards that make us all safer.
- Fix your passwords in Chrome with a single tapon May 18, 2021 at 5:42 pm
Memorizing passwords is hard. That’s why many of us use the same password across multiple sites. But this practice poses a huge risk, since it only takes one password breach to expose your account data from many different sites.Not only that: changing passwords is itself a tedious task. You have to navigate to the site, sign in, find the account settings, open the password page — and then save it. Rinse and repeat on all your favorite sites, and that’s a lot of work.The good news is that Chrome comes with a strong password manager built-in. It’s been checking the safety of your passwords for a while now. And starting today, whenever Chrome detects a breach, it can also fix any compromised passwords quickly, and safely.Warning you about stolen passwords — and fixing them, tooGoing forward, Chrome will help you change your passwords with a single tap. On supported sites, whenever you check your passwords and Chrome finds a password that may have been compromised, you will see a “Change password” button from Assistant. When you tap the button, Chrome will not only navigate to the site, but also go through the entire process of changing your password. Going forward, Chrome will help you change compromised passwords automatically.Importantly, you can control the entire experience and choose to go through the change password process manually from the start, or at any point during the process. And even if a site isn’t supported yet, Chrome’s password manager can always help you create strong and unique passwords for your various accounts.Building on Duplex on the Web technologyUnder the hood, Chrome is using Duplex on the Web to power this feature. We first introduced this technology in 2019 so that Google Assistant could help you complete tasks on the web, like buying movie tickets. Since then, we’ve expanded to even more tasks, now helping millions of people every week order food and check in to flights. Powered by Duplex on the Web, Assistant takes over the tedious parts of web browsing: scrolling, clicking and filling forms, and allows you to focus on what’s important to you. And now we’re expanding these capabilities even further by letting you quickly create a strong password for certain sites and apps when Chrome determines your credentials have been leaked online. Expanding to more sites and apps soonAutomated password changes are rolling out gradually in Chrome on Android, to users who sync their passwords. It’s starting in the U.S., and will become available on more sites and more countries in the coming months. Hallo from Munich Password generation, password leak checks, automated password changes and many more safety features were developed at the Google Safety Engineering Center (GSEC), a hub of privacy and security product experts and engineers based in Munich, which opened in 2019. GSEC is home to the engineering teams who work to deliver the safest personal browser experience to everyone, and we look forward to bringing more new features to strengthen the privacy and security of Chrome in 2021.
- More ways we’re making every day safer with Googleon May 18, 2021 at 5:40 pm
Every day, we focus on making sure you’re in control of your data by building products that are secure by default and private by design. At this year’s I/O, we’re introducing new features and technologies to keep you safer with Google.Putting you in control of your dataPrivacy is personal. That’s why we make it easy for you to choose thesettings that are right for you — whether that’s one place to manage settings in your Google Account, Auto-Delete options, or controls that appear in context when you’re using our products. We announced a number of new controls today: Quick delete in Search.We’re introducing a new, “quick delete” option to delete the last 15 minutes of your Search history with a single tap from the Google Account Menu.A passcode protected Locked Folder in Photos.Have you ever handed your phone to show someone a photo, but worried they might scroll to a personal or sensitive image — like a photo of your passport or a surprise gift? “Locked Folder” is a new feature in Google Photos — a passcode-protected space where select photos can be saved separately. These photos won’t show up as you scroll through your grid or in shared albums. This feature is coming to Google Pixels first, and more Android devices throughout the year.Location History reminders in your Maps Timeline.Now, when you see places you’ve visited in your Timeline, we’ll remind you that it’s because you turned on Location History — which you can easily turn off right there in your Timeline. Image of new “quick delete” option in Search.New “quick delete” option in Search.Image of the new Locked Folder in PhotosThe new Locked Folder in PhotosImage of Location History reminders in your Maps Timeline Location History reminders in your Maps Timeline.We’re also introducing new, industry-leading transparency and permission features on Android 12. The new OS includes a Privacy Dashboard where you will see a timeline of when apps accessed your camera, microphone, or device location. We’ve also added indicators that show when your camera or microphone are in use, as well as easy toggles to disable access to both across your device. And you can now choose to share your approximate location with an app instead of a precise one. Building products that are secure by defaultAs recent high-profile third-party security incidents show, your information isn’t private if it’s not secure. With AI-driven technologies that protect billions of users around the world, our products are secure by default: every day, we block 100 million phishing attempts and 15 billion spam messages in Gmail and encrypt 4 billion photos. And Safe Browsing on Chrome and most other browsers helps keep the rest of the Internet secure, automatically protecting more than 4 billion devices.One of the biggest security risks is still the continued reliance on passwords — they’re often easy to crack, used across multiple sites, or stolen in phishing attacks. That’s why we’ve been working towards a password-free future — focusing on safer ways to authenticate your identity and building multiple layers of protection into your Google Account, like automatic enrollment in 2-step verification.But because passwords are still required for most online accounts, we’ve also continued to improve our Password Manager, built directly into Chrome, Android and now iOS, to help you create, remember, save and auto-fill passwords across the web. Today, we announced new enhancements to Password Manager:A new tool that makes it easy to import passwords from other password managers.Deeper integrations with Chrome and Android to seamlessly fill your passwords across sites and apps, regardless of whether you’re on desktop or on mobile.Password Alerts that automatically warn you if we detect one of your saved passwords has been compromised via a third party breach.A smart way to fix compromised passwords in Chrome with a simple tap. For supported sites and apps, whenever Password Manager finds a password that may have been compromised, you’ll see a “change password” button from Assistant. When you tap the button, the Assistant will not only navigate to the site, but also go through the entire process of changing your password. This feature is available on Android devices and will be rolling out to more sites and apps in the future.An image of Chrome Assistant quick fixA new way to fix compromised passwords in Chrome.An image of a tool to import passwords to Password ManagerA new tool to import passwords from other password managers to Password Manager.An image of Password Alerts Password Alerts.Making our products private by designWe’ve pioneered new computing technologies like Federated Learning (invented by Google researchers in 2016) that make it possible to deliver helpful experiences while protecting individual data and privacy. We’ve also led on DifferentialPrivacy, which powers some of our most helpful features and products, from our COVID-19 Community Mobility Reports to traffic predictions in Maps, without revealing individual user data. And this expertise guides our work on broader industry initiatives, like the open-source Privacy Sandbox.Now, we’re continuing that work with Android’s Private Compute Core, which keeps your information safe and private for a number of popular AI-driven features like Live Caption (which displays captions based on audio), Now Playing (which tells you the song that’s playing) and Smart Reply (which suggests short responses to messages and emails). For these features, the audio and language processing happens exclusively on your device. Like the rest of Android, Private Compute Core is open source — it’s fully inspectable and verifiable by the security community.We’ll continue our work to make every day safer with Google with new controls, advanced security, and privacy-preserving technologies.
- Telegraphing the future of securityon May 17, 2021 at 10:00 am
This week at the annual RSA Conference, we will hear from industry leaders on a wide range of issues, from the supply chain security crisis to breach disclosure notifications. While it’s important to talk about where we have been and what is happening in the industry right now, it is equally as important to think about where we need to go.At Google, that means creating a safer Internet that is more secure for the next billion users. In order to create a safer Internet, our engineers, technologists and product teams look at what we know today and think about how it will change tomorrow – from analyzing trends in attacker methods, to shifts in the threat landscape, to new technologies – and we use those insights to chart the path ahead. We recently asked security experts across Google to telegraph the future of security, here’s a glimpse at their insights:What do you think the biggest security challenge will be in 10 years? “Shifting the focus of security from the technical hygiene of code and configuration to self defending data will save time and resources while unlocking rapid and safe innovation. Defense in depth and the control design we have learned from engineering methodologies will finally catch up to the dynamic nature of software. The better analogies will become biological – the immune system or the combination of organ systems like circulatory and respiratory. Independent and constantly evolving but stronger operating together in the same superorganism.”- Royal Hansen, Vice President, Security “Developing a global, unified framework for operating in cyberspace will be the biggest security challenge we face in 10 years. Data points to the positive effects of standards on innovation and collaboration, specifically through increased interoperability and reduced information inequality. We need to rethink how digital security standards are developed and operationalized, with an emphasis on the root challenge we seek to solve.” – Camille Stewart, Global Head of Product Security Strategy, Google“Securing open source software will be the biggest security challenge we face in 10 years.Over the next decade, the heavy use of open source software by billions of devices that fall into the ‘Internet of Things’ category, will cause the number of vulnerabilities to scale dramatically and outpace our ability to fix them before they are exploited.For too long it has been assumed that open source software is inherently more secure due to its openness – the thought that multiple people were using it, reviewing it and verifying it. That mindset must shift. “ – Vint Cerf, Chief Internet Evangelist “Complexity will be the greatest challenge we face.So much of what we have to secure are systems made up of other systems. All of those seams increase the opportunity for attacks. This will only ring more true in 10 years when there are projected to be over 25 billion connected devices.” – Toni Gidwani, Security Engineering Manager, Threat Analysis GroupWhere do you think the security industry will be in 10 years?“Phishing will no longer be a successful attack vector for bad actors. Passwords will be a thing of the past as we see widespread adoption of a secure by default framework.Our advancements in authentication and verification technology will completely transform how users sign in to their accounts, moving from a sea of passwords to continuous, device-based authentication that seamlessly connects us to our content wherever we are.” – Mark Risher, Director of Product Management, Identity and User Security“Security will be nearly invisible for all users and many of the standalone security tools will disappear. This will be a result of advanced security technologies being built into devices and platforms by default, instead of bolted on as an afterthought. We will also see computing platforms based on simpler, similar models that will make them easier to protect, update and support – leading to democratization of security operations and ultimately breaking down the security talent shortage problem.”- Sunil Potti, Vice President and General Manager of Cloud Security“In 10 years, Private Computing will be ubiquitous. Most folks are aware of end-to-end encryption in private messaging and documents — this allows users to retain exclusive control over their private information and reduces risk from breaches and attacks, including ransomware. But the same concept applies to most aspects of personal digital technology, from home healthcare to photos to your private social network feeds. Delivering helpful, delightful, and safe user experiences – within the Private Computing model – is arguably the most important challenge for the tech world to embrace, today.” – Dave Kleidermacher, Vice President, Engineering, Android Security & PrivacyIf you could make one immediate change to security what would it be?“Risk transparency – organizations need real-time business context for security data. Mapping security issues to business context to determine a risk level is a time consuming process. This delay ultimately leaves organizations at more risk for a security incident. The good news is that change is on the horizon. Cloud makes risk transparency easier today, from well-lit security paths, declarative approaches like configuration as code and more precise inventories and diagnostics.”- Phil Venables, Chief Information Security Officer at Google Cloud“Expedite IT modernization across governments globally to keep pace with the evolving threat landscape. Achieving this would improve productivity, increase costs savings, enhance performance and ensure security every step of the way. Rather than continuing to invest in outdated security models, it’s time governments around the world explored options like a multi-vendor ecosystem and zero-trust security principles that allow for flexibility and innovation.”- Jeanette Manfra, Director for Risk and Compliance at Google Cloud“Build security and digital literacy into the curriculum of every school program globally. We need to solve the lack of understanding of the complex digital ecosystems in which we live our lives and address the cybersecurity skills and talent gap.” – Mark Johnston, Head of Security at Google Cloud , Asia- Pacific“If I could make an immediate change to security, I’d have end user security and privacy be a requirement for all devices. There aren’t exceptions made for early versions or the less expensive product, security and privacy is a requirement, just like seat belts in cars.” – Maddie Stone, Security Researcher, Project Zero
- A simpler and safer future — without passwordson May 6, 2021 at 1:00 pm
You may not realize it, but passwords are the single biggest threat to your online security – they’re easy to steal, they’re hard to remember, and managing them is tedious. Many people believe that a password should be as long and complicated as possible – but in many cases, this can actually increase the security risk. Complicated passwords tempt users into using them for more than one account; in fact, 66% of Americans admit to using the same password across multiple sites, which makes all those accounts vulnerable if any one falls. In 2020, searches for “how strong is my password” increased by 300%. Unfortunately, even the strongest passwords can be compromised and used by an attacker – that’s why we invested in security controls that prevent you from using weak or compromised passwords. At Google, keeping you safe online is our top priority, so we continuously invest in new tools and features to keep your personal information safe, including your passwords. On World Password Day, we’re sharing how we are already making password management easier and safer, and we’re providing a sneak peek at how our continued innovation is creating a future where one day you won’t need a password at all. Keeping your Google sign in saferOne of the best ways to protect your account from a breached or bad password is by having a second form of verification in place – another way for your account to confirm it is really you logging in. Google has been doing this for years, ensuring that your Google Account is protected by multiple layers of verification.Today we ask people who have enrolled in two-step verification (2SV) to confirm it’s really them with a simple tap via a Google prompt on their phone whenever they sign in. Soon we’ll start automatically enrolling users in 2SV if their accounts are appropriately configured. (You can check the status of your account in our Security Checkup). Using their mobile device to sign in gives people a safer and more secure authentication experience than passwords alone.We are also building advanced security technologies into devices to make this multi-factor authentication seamless and even more secure than a password. For example, we’ve built our security keys directly into Android devices, and launched our Google Smart Lock app for iOS, so now people can use their phones as their secondary form of authentication. Keeping your passwords safer everywhere For as long as passwords remain a part of your digital life, through the apps you use and the websites you access, we will continue to innovate and develop new products and technologies that make managing them easy, and most importantly secure by default.Our Password Manager, built directly into Chrome, Android and now iOS, uses the latest security technology to protect your passwords across all the sites and apps you use. It makes it easier to create and use complex and unique passwords, without the need to remember or repeat them. Every time you go to a site or sign in to an app while logged into your Google Account, Password Manager can automatically populate your secure password. Password Manager is also integrated into our single-click Google Security Checkup — which tells you if any of your passwords have been compromised, if you are reusing passwords across different sites, and the strength of your passwords. We also automatically inform you if your password has been compromised, so you can make a quick and easy change to keep your information safe. We’ve recently launched our new Password Import feature which allows people to easily upload up to 1,000 passwords at a time from various third party sites into our Password Manager (for free). By taking this step you can ensure that all of your passwords are protected by our advanced security and privacy technology. Features like Password Import, Password Manager and Security Checkup — combined with authentication products like Sign-in with Google — reduce the spread of weak credentials. All are examples of how we’re working to make your online experience safer and easier—not just on Google, but across the web. One day, we hope stolen passwords will be a thing of the past, because passwords will be a thing of the past, but until then Google will continue to keep you and your passwords safe. Visit our Safety Center to learn all the ways we’re making every day safer online.NOTE: The automatic 2SV enrollment will not impact organizations on Google Workspace. Organizations on Google Workspace will continue to have the choice of enrolling their users in 2SV via the admin console.
- Introducing Android Earthquake Alerts outside the U.S.on April 28, 2021 at 5:00 pm
In a natural disaster or emergency, every second counts. For example, when it comes to earthquakes, studies show that more than 50% of injuries can be prevented if users receive an early warning, and have the critical seconds needed to get to safety. That’s why last year, we launched the Android Earthquake Alerts System, which uses sensors in Android smartphones to detect earthquakes around the world. The free system provides near-instant information to Google Search about local seismic events when you search “Earthquake near me.”Today we’re announcing an expansion of the Android Earthquake Alerts System that uses both the detection and alerts capabilities, bringing these alerts to Android users in countries that don’t have early warning alert systems. We’re introducing the Android Earthquake Alerts System in Greece and New Zealand, where Android users will receive automatic early warning alerts when there is an earthquake in their area. Users who do not wish to receive these alerts can turn this off in device settings.We launched alerting in August 2020, in partnership with the United States Geological Survey (USGS) and powered by ShakeAlert®, which made alerts available for Android users in California. This feature recently expanded to users in Oregon and will be rolling out in Washington this May. Early warning alerts in New Zealand and Greece work by using the accelerometers built into most Android smartphones to detect seismic waves that indicate an earthquake might be happening. If the phone detects shaking that it thinks may be an earthquake, it sends a signal to our earthquake detection server, along with a coarse location of where the shaking occurred. The server then takes this information from many phones to figure out if an earthquake is happening, where it is and what its magnitude is.New Zealand and Greece will be the first countries to take advantage of both the detection and alert capabilities of the Android Earthquake Alerts System. Through this system, we hope to provide people with the advance notice they need to stay safe.
- How fact checkers and Google.org are fighting misinformationon March 31, 2021 at 2:00 pm
Misinformation can have dramatic consequences on people’s lives — from finding reliable information on everything from elections to vaccinations — and the pandemic has only exacerbated the problem as accurate information can save lives. To help fight the rise in misinformation, Full Fact, a nonprofit that provides tools and resources to fact checkers, turned to Google.org for help. Today, ahead of International Fact Checking Day, we’re sharing the impact of this work.Every day, millions of claims, like where to vote and COVID-19 vaccination rates, are made across a multitude of platforms and media. It was becoming increasingly difficult for fact checkers to identify the most important claims to investigate.We’re not just fighting an epidemic; we’re fighting an infodemic. Fake news spreads faster and more easily than this virus and is just as dangerous. Tedros Adhanom Director General of the World Health OrganizationLast year, Google.org provided Full Fact with $2 million and seven Googlers from the Google.org Fellowship, a pro-bono program that matches teams of Googlers with nonprofits for up to six months to work full-time on technical projects. The Fellows helped Full Fact build AI tools to help fact checkers detect claims made by key politicians, then group them by topic and match them with similar claims from across press, social networks and even radio using speech to text technology. Over the past year, Full Fact boosted the amount of claims they could process by 1000x, detecting and clustering over 100,000 claims per day — that’s more than 36.5 million total claims per year!The AI-powered tools empower fact checkers to be more efficient, so that they can spend more time actually checking and debunking facts rather than identifying which facts to check. Using a machine learning BERT-based model, the technology now works across four languages (English, French, Portuguese and Spanish). And Full Fact’s work has expanded to South Africa, Nigeria, Kenya with their partner Africa Check and Argentina with Chequeado. In total in 2020, Full Fact’s fact checks appeared 237 million times across the internet. If you’re interested in learning more about how you can use Google to fact check and spot misinformation, check out some of our tips and tricks. Right now more than ever we need to empower citizens to find reliable authoritative information, and we’re excited about the impact that Full Fact and its partners have had in making the internet a safer place for everyone.
- Today, we #ShareTheMicInCyberon March 19, 2021 at 1:00 pm
We know diverse security teams are more innovative, produce better products and enhance an organization’s ability to defend against cyber threats. This is part of why Googler Camille Stewart cofounded #ShareTheMicInCyber, an initiative that pairs Black security practitioners with prominent allies who lend their social media platforms to the practitioners for a day. The goal is to break down barriers, engage the security community and promote sustained action to eradicate systemic racism.Today, cybersecurity and privacy practitioners across Google and industry are elevating the voices and expertise of Black women who specialize in cybersecurity and privacy as part of #ShareTheMicInCyber’s Women’s History Month campaign. I’m honored to #ShareTheMicinCyber with a few of the Black women security and privacy practitioners I work alongside everyday at Google.Camille Stewart, Head of Security Policy, Google Play + Android“I work in this space to empower people in and through technology by translating and solving the complex challenges that lie at the intersection of technology, security, society and the law. Security is core to everything we do here. As creators of technology, we work to be intentional about how we build and educate users on safety and security. To do this effectively, we must be more intentional about diversity. More often than not, I am the only woman and only person of color in meetings where decisions are being made. To make truly inclusive technology and combat abuse, we need a diverse workforce.I believe technical and policy mitigations to cybersecurity challenges will never reach their full potential until systemic racism is addressed and diverse voices are reflected among our ranks at all levels. That’s why I co-founded #ShareTheMicInCyber. ”Brooke Pearson, Program Manager for Chrome Privacy Sandbox “I work in security and privacy to protect people and their personal information. It’s that simple.At Google, we’re tackling some of the world’s biggest security and privacy problems, and everyday my work impacts billions of people around the world. Most days, that’s pretty daunting, but it’s also humbling and inspiring.If we want to encourage people to engage in more secure behavior, we have to make it easy to understand, easy to act on and inclusive. I’m proud to work for a company that promotes active allyship and has stepped forward in such a prominent way to support Black women security and privacy professionals through the #ShareTheMicInCyber campaign.”Michee Smith, Product Manager, Privacy, Safety & Security“Protecting user data is core to our mission. We build privacy into everything we do, which is why I am so passionate about my job. I work on products that make it easier for users to understand and control what happens with their data. My interest in this work was sparked when I learned how nuanced and technical these topics are, and how much they impact people.For me, relationships and representation in tech really matter. Oftentimes, people of color don’t see people who look like us in these roles and on stages. There’s a sense of gratitude, belonging and relief to see someone who looks like you. I want to show up to help others imagine themselves in similar roles — that’s why I’m a huge fan of #ShareTheMicInCyber. This initiative is lifting people and communities up and creating an echo chamber that can be heard beyond cyber to the technology industry as a whole.”Esther Ndegwa, Program Manager Security, Privacy, Safety & Security“My passion for security lies in the challenges the industry faces — especially with regard to the evolving expectations and requirements we face to protect data wherever it is. The right place to start is to ensure we define our principles through policy.To get security right requires diverse thinking, drawn from different backgrounds and perspectives. I often encourage minority professionals in technology, who are starting off their career, to explore opportunities in security. For me, nothing resonates more than hearing someone tell their story and #ShareTheMicInCyber has created a much needed platform for amplifying those stories. While there is still work to be done to make the security industry more diverse, I believe that having conversations like these makes a big difference.”I encourage you to follow, share, and retweet #ShareTheMicInCyber on Twitter and LinkedIn, today, March 19. By strengthening our commitment to racial equity and inclusion we can build safer and more secure products for everyone.If you are interested in participating or learning more about #ShareTheMicInCyber, you can visit the site.
- Our efforts to fight child sexual abuse onlineon February 24, 2021 at 6:00 pm
Across Google and YouTube, we are always working to protect our users from harmful content, especially the kind of horrific, illegal content referred to as child sexual abuse material (CSAM). Since our earliest days, we’ve been committed to fighting online child sexual exploitation and abuse both on our platforms and in the broader online ecosystem. We have invested in the teams, tools, and resources to deter, remove, and report this kind of content, and to help other companies do so. But we know this issue cannot be solved by any one company alone, and we’re committed to tackling it with others in our industry and partners who are dedicated to protecting children around the world. Today, we’re sharing more information about our work, including new efforts to combat this abuse, and how we’re supporting organizations that are committed to protecting kids online.How we identify and remove CSAMWe identify and report CSAM with a combination of specialized, trained teams of people and cutting-edge technology. We use both hash-matching software like CSAI Match (a technology developed by YouTube engineers to identify re-uploads of previously identified child sexual abuse in videos) and machine learning classifiers that can identify never-before-seen CSAM imagery. These tools allow us to proactively scan our platforms for potential CSAM and identify potentially abusive content so that it can be removed and reported — and the corresponding accounts disabled — as quickly as possible. A crucial part of our efforts to tackle this kind of abuse is working with the National Center for Missing and Exploited Children (NCMEC), the U.S.-based reporting center for CSAM. NCMEC tracks reports from platforms and individuals and then sends those reports to law enforcement agencies around the world.New insights into our work to fight CSAMWe recently launched a new transparency report on Google’s Efforts to Combat Online Child Sexual Abuse Material, where we detail the number of reports we made to NCMEC in the first and second half of 2020. The report also provides data around our efforts on YouTube, how we detect and remove CSAM results from Google Search, and how many accounts are disabled for CSAM violations across our services. We also include information on the number of “hashes” of newly identified CSAM we share with NCMEC. These hashes (unique digital fingerprints) help other platforms identify CSAM automatically at scale. Contributing to the NCMEC hash database is one of the most important ways we, and others in the industry, can help in the effort to combat CSAM because it helps reduce the recirculation of this material and the associated re-victimization of children who have been abused.Working to combat CSAM across the internetBecause CSAM is an issue that spans beyond any one platform, in 2018 we developed and launched the Content Safety API. Using AI classifiers we built for our own products, the API helps organizations classify and prioritize the most likely CSAM content for review. Today, the API is being used by NGOs like SaferNet Brazil and companies including Facebook and Yubo. Along with CSAI Match, these tools are offered free-of-charge for qualifying organizations and companies. In 2020, the Content Safety API was used by our partners to classify more than 2 billion images, helping them identify the small fraction of violative content faster and with more precision. We encourage organizations who are interested to apply to use CSAI Match or Content Safety API. For many years, we’ve had dedicated teams working to prevent access to CSAM on google.com by de-indexing and reporting illegal sites and filtering autocompletes for search terms associated with CSAM. Last summer, we redesigned and expanded a feature we’ve been running since 2013 where users who enter CSAM-related queries are shown a prominent message that CSAM is illegal and instructions on how to report this content to their local authorities. We also provide information about local resources to connect users with NGOs that support children or families who may have been victims of abuse. We’re already seeing an impact from these efforts: hundreds of thousands of users each month are clicking through to the reporting hotlines we surface, including the Internet Watch Foundation in the UK, the Canadian Center for Child Protection and Te Protejo in Colombia. And, crucially, we’ve seen when these warning boxes are shown, we’re less likely to see follow-up searches seeking similar material. We will be expanding this feature over the course of this year. Supporting organizations to fight CSAM globallyThe scale and complexity of fighting CSAM online means we must take a global and multi-stakeholder approach. That’s why we’re working together across industry and with leading child safety organizations like the WeProtect Global Alliance, Thorn, the Global Partnership to End Violence Against Children. And we continue to work to empower and support organizations that are creating real and lasting change for children. For example, we’ve funded a three-year Google Fellow at NCMEC to modernize and integrate their systems. We’ve also extended our Ad Grants program to qualifying child protection nonprofits during the pandemic, providing funding and campaign help for organizations like the INHOPE hotline network and ECPAT International. Since 2003, we’ve given almost $90 million in Ad Grants to global child protection organizations. We also supported the Five Country Ministerial Forum Voluntary Principles to Counter Child Sexual Exploitation and Abuse and collaborated across industry to produce a practical guide for companies considering applying these principles. This builds on our work on Project Protect as part of the Technology Coalition. Working together, we can make meaningful progress in the global fight against CSAM.
- Your Android is now even safer — and 5 other new featureson February 23, 2021 at 5:00 pm
It wasn’t all that long ago that we introduced Android users to features like Emoji Kitchen and auto-narrated audiobooks. But we like to stay busy, so today we’re highlighting six of the latest Google updates that will make Android phones more secure and convenient — for everyone.1. Keep your accounts safe with Password Checkup on AndroidPassword Checkup notification screenOn Android, you can save passwords to your Google account, making it quicker and easier to sign into your apps and services using Autofill. Your login credentials are one of your first lines of defense against intruders, so we’ve integrated Password Checkup into devices running Android 9 and above. This feature lets you know if the password you used has been previously exposed and what to do about it.Now when you enter a password into an app on your phone using Autofill with Google, we’ll check those credentials against a list of known compromised passwords — that is, passwords that have potentially already been stolen and posted on the web. If your credentials show up on one of these lists, we’ll alert you and guide you to check your password and change it. Learn more on our support page about changing unsafe passwords. And you can find additional information about how this product works in this blog post.We’re passionate about building defense into every detail on Android, from downloading apps to browsing the web to choosing where and when you share your data. Learn more about how Android keeps you safe.2. Use schedule send in Messages to write a text now and send it laterClick on the image above to learn how to schedule a text to send at your chosen date and timeOver half a billion people across the world use Messages to seamlessly and safely connect with family, friends and others every month. To continue improving the way you communicate and help you stay in touch, we’re starting to roll out schedule send in Messages for phones running Android 7 and newer. Having loved ones in another time zone or on a different schedule can sometimes make it difficult to send a text at an appropriate time. With schedule send, you can compose a message ahead of time when it’s convenient for you, and schedule it to send at the right moment. Just write your message as you normally would, then hold and press the send button to select a date and time to deliver your message. Download Messages or update to the latest version to schedule your next text.3. No need to look at your screen, with TalkBackClick on the image above to see how to start and stop media with Talkback gestures For those who are blind or have trouble seeing the display, the new version of TalkBack, Android’s screen reader, is now available. Using spoken feedback and gestures, TalkBack makes Android even more accessible and opens up a full phone experience without needing to look at your screen. We worked closely with the blind and low vision communities on this revamp of TalkBack to incorporate the most popularly requested features including: more intuitive gestures, a unified menu, a new reading control menu and more. Get TalkBack today by downloading or updating your Android accessibility apps in the Google Play Store.4. Get more done hands-free with Google AssistantUse Google Assistant to send a text, even when your phone is lockedWe want to give you more ways to use your phone hands-free — so you can do things like use your voice to make calls, set timers or alarms and play music. Now, the latest updates to Google Assistant make it easier to get things done on your phone without needing to be right next to it.Assistant now works better even when your phone is locked or across the room with new cards that can be read with just a glance. Just say “Hey Google, set an alarm” or “Hey Google, play pop music on Spotify.” To get the most out of Assistant when your phone is locked, simply turn on Lock Screen Personal Results in Assistant setting and say “Hey Google ” to send text messages and make calls.5. Come to the dark side with dark theme in Google Maps San Francisco on Google Maps dark themeThese days, we’re all experiencing a bit of screen fatigue. With dark theme in Google Maps soon expanding to all Android users globally, you can give your eyes a much-needed break and save on battery life. Simply head to your Settings, tap on Theme and then on “Always in Dark Theme” to lower the lights when you’re navigating, exploring, or getting things done with Maps. Change your mind? Just tap on “Always in Light Theme” to switch it back.6. A better drive with Android AutoStay entertained with voice-activated games on your display with Android AutoAndroid Auto’s new features help you enjoy the drive more. With custom wallpapers, you can now select from a variety of car-inspired backgrounds to personalize your car display. For longer drives, you and your passengers can stay entertained with voice-activated games like trivia and “Jeopardy!” Just say, “Hey Google, play a game” to get started. We’ve also launched shortcuts on the launch screen. These provide convenient access to your contacts and even allow you to use Assistant to complete tasks like checking the weather or remotely adjusting the thermostat by simply tapping on the icon on your car display, just as you would on your phone. For cars with wider screens, you can do more with a split-screen that features a real-time view of Google Maps and media controls. And if you have family and friends coming along for the ride, you can now set a privacy screen to control when Android Auto appears on your car display. These Android Auto features will be available in the coming days on phones running Android 6.0 or above, and when connected to your compatible car.
- Safer Internet Dayon February 9, 2021 at 2:00 pm
- Furthering our support for election securityon February 9, 2021 at 2:00 pm
Last year at the start of the U.S. 2020 election season, we announced our collaboration with Defending Digital Campaigns (DDC), a nonprofit and nonpartisan organization, to give any eligible Federal campaign access to free Titan Security Keys—the strongest form of two-factor authentication. This collaboration is a part of our Advanced Protection Program, which protects high-risk individuals who have access to high visibility and sensitive information, such as election officials, campaigns, activists and journalists. In the lead up to the 2020 elections, DDC distributed more than 10,000 Titan Security key bundles to more than 140 U.S. Federal campaigns.Today we’re expanding our support for DDC to provide eligible campaigns and political parties, committees, and related organizations with knowledge, training and resources to defend themselves from security threats—now at both the Federal and state level. Here’s how:Expanding security support to eligible state campaigns:We’re expanding our collaboration with DDC to include state campaign security support alongside our existing federal campaign efforts.Support virtual security training in all 50 states: To help spread awareness and educate all persons involved in the campaign ecosystem, we’re collaborating with DDC to bring non-partisan virtual security training to all 50 states by the end of 2021. These trainings are designed to inform and educate state campaign officials, staff and others in the political sector, to understand the basics of protecting their organizations, keeping their information safe, and using built-in and widely available security tools.Deploy an election security help desk and “best practices” knowledge base:We understand that security can be complex and that questions are inevitable. That’s why we will be supporting DDC to deploy a cybersecurity “help desk” to help eligible campaigns with cybersecurity-related questions and product implementation support. This will include, but not be limited to, support for our Advanced Protection Program and Titan Security Keys and other Google security products and services. DDC is also building out an online knowledge base to easily access security best practices, including steps to protect your accounts, frequently asked questions and more.We continue to recommend that everyone associated with political campaigns enroll in our Advanced Protection Program, which is free, bundles the strongest Google Account security options together, and proactively protects against new and evolving threats. Advanced Protection is available for both personal and Workspace accounts—we recommend campaign members enroll both types of accounts in the program.In addition to our continued work with DDC for campaigns, we’re also supporting a new cybersecurity training initiative for elected officials and their staff. Cybersecurity for State Leaders, driven by the National Cybersecurity Center and supported by Google, aims to educate state lawmakers and staff on ways to strengthen their defenses against digital attacks. The training will be conducted in all 50 states over the course of 2021, through a series of virtual seminars throughout the year.Keeping everyone safe online remains our top priority and we look forward to continuing our work in 2021 to make sure campaigns and elected officials around the world stay safe online. Through our network of global Google Safety Engineering Centers (GSEC) we will also further expand our reach to bring Google’s strongest security protections to those who need it most around the world.
- Making every day safer with Googleon February 9, 2021 at 2:00 pm
People around the world use Google products every day to help with things big and small — whether it’s teaching an online class full of students using our Workspace apps or paying for coffee withGoogle Pay. Keeping you safe online means continuously protecting the security and privacy of your information. The safety of our products is driven by three core principles: treating your information responsibly, protecting it with world-class security and keeping you in control. Today, as we celebrate Safer Internet Day, we’re sharing the progress we’ve made to create a safer internet, and how we’ll continue to innovate so that every day you’re safer with Google. How we keep you safe in the products you use every dayIn 2020, an Ipsos survey found that more than50% of Americans said they had become more concerned about their online safety than ever before. And we saw this reflected in what people searched for in 2020:People were searching how to strengthen their online security.Searches for “online safety tips” increased by 250% in 2020, and searches for “how strong is my password” increased by 300% in 2020.People were searching for reassurance about their online behaviors. “Is shopping online safe” was searched twice as much in 2020 than 2019. The most common inputs for searches of “Is [blank] online safe” in 2020 were: “Is ordering online safe,” “Is using a debit card online safe” and “Is buying online safe.”We understand your concerns, and that’s why we provide automatic protections across all of our products to ensure no matter what you’re doing — browsing the web, managing your inbox or seeing family on Meet — we’re keeping you safe. And security has been core to making these services safe: Safe Browsing protects more than four billion devices, Gmail blocks more than 100 million phishing attempts every day and Google Play Protect scans over 100 billion apps every day for malware and other issues. We also help keep your data safe with customized recommendations in Security Checkup, an easy, personalized way to secure your Google Account. And Password Checkup helps to keep you and your passwords safe not just on Google, but across the web — since launch in 2019, we’ve seen a 30% reduction in breached credentials. Together with Stanford, Google explored what factors make someone targeted by email scams. We found that multiple factors correlate with higher risk: where you live, what devices you use and whether your information appeared in previous third-party data breaches. You can read more about this research on the Cloud blog.Google Fi VPN exits beta on Android and will expand to iPhone Today, Google Fi announced that the Fi VPN for Android is exiting beta and is expanding to iPhone, which means you can get the benefits of the VPN on all phones while also getting a faster, stronger connection across your apps and services. The Fi VPN helps you stream, browse and download on an encrypted, private connection — so you can have peace of mind knowing that websites can’t use your IP address to track your location, and you’re shielded from hackers even while you’re using unsecure networks, like public Wi-Fi. Bringing election security support with Advanced Protection Program to U.S. statesAs we have in previous elections, in the many months leading up to U.S. Election Day 2020, we’ve made it a priority to equip campaigns with the tools they need to strengthen their own security, protect themselves against digital attacks and reach voters. We helped Defending Digital Campaigns (DDC) distribute more than 10,000 Advanced Protection kits to more than 140 Federal campaigns ahead of the 2020 elections. Today we announced we’re expanding our collaboration with DDC to extend beyond federal campaign efforts to include security training and tools for state Parties and campaigns. Our Advanced Protection Program delivers the strongest protections available against phishing and account hijacking and is specifically designed for the highest-risk accounts.In addition to our continued work with DDC, we’re also announcing the launch of a new cybersecurity training initiative, Cybersecurity for State Leaders, driven by the National Cybersecurity Center and supported by Google. This program aims to educate state lawmakers and staff on ways to strengthen their defenses against digital attacks. The training will be conducted in all 50 states over the course of 2021, with a targeted focus on state legislators and their staff.We have been at the forefront of keeping people safe online for the last 21 years, and we plan to keep it that way. Check out our top five safety tips and visit our Safety Center to learn all the ways Google helps you stay safe online, every day.
- Building a safer internet, from Europe to Africaon February 9, 2021 at 9:00 am
Whether searching for answers in Antwerp or Abidjan, people expect Google services to be designed with their safety in mind. And that’s especially true for the one third of the world’s internet-connected population who reside in the countries of Europe, the Middle East and Africa. That’s why the region is also home to a steadily growing number of Google investments in digital safety, and teams who specialize in keeping the internet more secure.A second global safety hub in EuropeIn 2019, we opened the first Google Safety Engineering Center (GSEC) in Munich, acknowledging Europe’s role as a global hub of privacy and security engineering at Google. There, we’ve developed popular privacy tools like Privacy Checkup, a raft of security protections in our Chrome browser and techniques, such as differential privacy, which help add state-of-the-art anonymization into core Google products. Last month, we opened another GSEC, this time in Dublin, which will be a hub for Google experts tackling the spread of illegal and harmful content, and a place where we can share this work with policymakers, researchers and regulators. Like our work on privacy, content safety is a priority that we reinforce with concrete action, led by experts in the field.Keeping people’s information safeWhen people trust us with their personal information, it’s our responsibility to keep it safe. And we know people are worried about threats like hacking and COVID-19-related scams, and increasingly demanding that companies keep their private information private. Searches for “phishing” reached record levels in the UK, Italy and Spain last year, and in Germany, searches for “how secure is my password” doubled from 2019 to 2020.It’s clear that in order for the open web to sustain its continued growth as the most important place for independent creation and commerce, its privacy and security practices must keep up with changing expectations. That’s why we recently joined outside experts from Euroconsumers, a group of five national consumer organizations representing more than 1.5 million people, in releasing a new joint report that spotlighted related concerns among internet users in Italy, Belgium, Spain and Portugal. As many as 69% of respondents told us they think the amount of personal data collected online makes it difficult for them to protect their privacy, with 21% feeling in control of what personal data is collected about them.In initiatives like our partnership with Euroconsumers and our brick-and-mortar investments in GSEC, our goal is both understanding and follow-through: informing improvements that we actually build. Our teams at GSEC Munich have already rolled out new tools and a redesign of Chrome’s privacy and security settings, making it easier to manage cookies and the most sensitive website permissions. And, like many, we are encouraged by promising progress so far in the Privacy Sandbox, an open initiative introduced by Chrome to support a privacy-first future for web advertising — one that can promote growth in the web in Europe and beyond.Helping people with knowledge and trainingsBut safety and privacy tools also aren’t worth anything without supporting people in using them, which is why we back our safety engineering efforts with significant funding for local and grassroots programs to promote safety best practices. So, today we are announcing a new partnership with Injaz Al-Arab, a non-profit organization that aims to empower young people with digital skills, so that we can deliver safety trainings at scale to students across the UAE, Egypt, Saudi Arabia, Qatar and Morocco.Helping innovative nonprofits and social enterprises with Google’s resources has long been the focus of Google.org, which last year used the occasion of Safer Internet Day to announce the $1,000,000 Africa Online Safety Fund. Today, we’re announcing the recipients: 26 groups across nine countries in Africa who have been selected to develop and scale new and existing projects combating online vulnerabilities, disinformation and extremism. We know these kinds of efforts can bear fruit. Take a look at some of the stories we’ve shared today of the 29 grant recipients of the Google.org Impact Challenge for Safety in Europe. We’re proud of these efforts and see it as core to our safety mission to support brilliant organizations in all regions of the world. To learn more about our resources to help keep you and your family safer, please visit the Google Safety Center.
- Wear a mask, wash your hands, don’t reuse your password!on February 9, 2021 at 1:00 am
Parenting was especially challenging in 2020. Our families needed to learn new habits like social distancing, wearing masks and frequently washing our hands. As a large part of our everyday lives moved online, it was necessary to teach our children to take extra precautions as well.I am part of a team at Google that teaches online safety habits to people from all walks of life. Parents have always been concerned for the digital safety of their families, and with online learning becoming the main mode of school for many, this might be even more of a concern.We worked with our Trust Research team to survey parents all over Asia-Pacific (Australia, Hong Kong, India, Indonesia, Japan, Malaysia, the Philippines, Singapore, Taiwan, Thailand and Vietnam) and Latin America (Argentina, Brazil, Colombia and Mexico) and found that parents with children attending school online were more concerned about online safety than ones whose children attended school in-person.As a father of three kids who use the internet in very different ways, instilling safe habits can be a challenge. So today, on Safer Internet Day, I would like to share some tips to address the top three parental concerns when it comes to keeping our children safe online. 1. Protect their digital identities.The privacy and security of their children’s information was the top concern of parents we surveyed. Parents cited concerns around scams or hacking of their child’s accounts. Here are some simple ways to safeguard your kids’ information: Teach your children how to choose strong passwords that cannot be easily guessed. Avoid simple passwords that use names, birthdates or even favourite cartoon characters. It is also useful to stick to platforms that have a strong reputation for user safety. For instance, using an email service like Gmail comes with built-in safety filters to detect phishing emails, blocking 99.9% of phishing attacks from ever reaching your inbox.2. Know who they talk to.Social isolation is a difficult outcome of the COVID-19 pandemic, and our children connect with their friends online, whether through messaging apps or voice chat while playing games. It is important for parents to be aware that these channels can also be used by ill-intentioned strangers to reach out to our children. Just as in real life, it is important to be aware of who our children talk to online. Try to talk to your kids about the games they play or the videos they watch, and also the people they play with online. I always remind my kids to come to me immediately if they face any situation online that makes them feel uncomfortable. More than 70% of parents in Asia-Pacific were not very confident that their children would come to them if they encountered unsafe situations online. In fact, more than a third of the parents we interviewed had never spoken to their children about online safety. We need to work hard to reassure our children that we are here to guide and protect them. When assessing if a game is suitable for your child, it is important to check not only the content of the game, but also whether the app allows online communications with others. Some multiplayer games allow only a few options for social interaction, like a thumbs up rather than a text chat. This reduces risks of unwanted social interactions by quite a lot.3. Offer appropriate content at the appropriate age.The fear of children encountering inappropriate content has long been among the top concerns of parents in surveys. There are family safety features that parents can use to help guard their children from content that may not be suitable for their age. However, we learned that only about half (52%) of parents we surveyed are using these features. Here are some features that you can start using today: Turning on SafeSearch on Google helps filter out explicit content in Google’s search results for all searches, including images, videos and websites. SafeSearch is designed to help block explicit results like pornography from Google search results.Manage your child’s device by creating a Google account for your child and using Family Link. This allows you to add filters on Google Search, block websites or only give access to the ones you allow or track the location of your child if they have their own device.Many parental controls are available on YouTube Kids. You are able to limit screen time, only show videos that you approve or select suitable content based on the age of your child.Some other time-tested tips include allowing children to use the internet only in common areas in the home such as the living room. But the tough part is leading by example!I hope these tips are helpful for you and your families. If you are interested in learning more about online safety, you can also check out a new resource that we’ve launched together with the ASEAN Foundation: the ASEAN Online Safety Academy, where we have tips for parents and kids, as well as learning sessions on navigating topics such as misinformation or cyberbullying. At the end of the day, the core of our parenting journey lies in the relationships we build with our children. They require our guidance on the internet as much as they do in the real world. Tiring as 2020, and now 2021, has been, I am grateful that I have had more time with my family and to appreciate what each of them brings to my life.Let’s work together to make the internet a safe place for our children to learn, create and explore.
- Extending enterprise zero trust models to the webon January 26, 2021 at 5:00 pm
For over a decade, Chrome has been committed to advancing security on the web, and we’re proud of the end-user and customer safety improvements we’ve delivered over the years. We take our responsibility seriously, and we continue to work on ways to better protect billions of users around the world, whether it’s driving the industry towards HTTPS, introducing and then advancing the concept of a browser sandbox, improving phishing and malware detection via Safe Browsing improvements or working alongside Google’s Project Zero team to build innovative exploit mitigations. To continue our work of making a safer web for everyone, we’ve partnered with Google’s Cloud Security team to expand what enterprises should expect from Chrome and web security. Today the Cloud Security team is announcing BeyondCorp Enterprise, our new zero trust product offering, built around the principle of zero trust: that access must be secured, authorized and granted based on knowledge of identities and devices, and with no assumed trust in the network. With Chrome, BeyondCorp Enterprise is able to deliver customers a zero trust solution that protects data, better safeguards users against threats in real time and provides critical device information to inform access decisions, all without the need for added agents or extra software. These benefits are built right into Chrome, where users are already spending much of their workday accessing the apps and resources they need to be productive, and IT teams can easily manage these controls right through our Chrome Browser Cloud Management offering.By extending zero trust principles to Chrome, we’re introducing the following advanced security capabilities that will help keep users and their company data safer than ever before:Enhanced malware and phishing prevention: BeyondCorp Enterprise allows for real-time URL checks and deep scanning of files for malware.Sensitive data protection across the web:IT teams can enforce a company’s customized rules for what types of data can be uploaded, downloaded or copied and pasted across sites.Visibility and insights: Organizations can get more insights into potential risks or suspicious activity through cloud-based reporting, including tracking of malicious downloads on corporate devices or employees entering passwords on known phishing sites. Including Chrome in your zero trust strategy is critical not only because your employees spend much of the working day in the browser, but also because Chrome is in a unique position to identify and prevent threats across multiple web-based apps. Enhanced capabilities surrounding data protection and loss prevention protects organizations from both external threats and internal leak risks, many of which may be unintentional. We’ve built these capabilities into Chrome in a way that gives IT and security teams flexibility around how to configure policies and set restrictions, while also giving administrators more visibility into potentially harmful or suspicious activities. Naturally, these threat and data protections are also extended to Chrome OS devices, which offer additional proactive and built-in security protections. As with many of the major security advances Chrome has introduced in the past, we know it takes time to adopt new approaches. We’re here to help with a solution that is both simple and more secure for IT teams and their users. As you look at 2021 and where your security plans will take you, check out BeyondCorp Enterprise. Chrome will host a webinar on Thursday, January 28, highlighting some of our recent enterprise enhancements, and offering a preview of what’s to come in 2021. We’ll also talk more about the Chrome-specific capabilities of BeyondCorp Enterprise. We hope you can join us!