Tag Archives: safety and security

Making Chrome extensions more private and secure

Every day 4 million Chrome extensions are downloaded, and with more than 250,000 extensions and themes available on the Chrome Web Store, no two Chrome browsers are alike. From productivity and learning tools to entertainment and shopping, extensions on Chrome open up a new world of possibilities that let you customize your experience and help you get things done. We make sure the extensions that our developers build meet your expectations for privacy and security so you can continue to explore and enjoy browsing the web with Chrome. Here's how we’ve improved in 2020 and what’s coming next year:

Stricter privacy rules and more control over your data

In 2021, we’ll change how extensions access data and how permissions work when an extension is installed. You will get to determine which websites the extension can access when you browse the web, instead of letting the extension decide. These updates follow other changes we made this year when we introduced the puzzle icon on the toolbar to make extension controls more visible and granular.

Once you grant an extension permission to access a website's data, that preference can be saved for that domain. You can also still decide to grant an extension access to all the websites you visit, but that is no longer the default.

Gif showing that you will be able to manage the extension’s permissions, so you control which websites it can access as you browse the web. — In 2021, you will be able to manage the extension’s permissions, so you control which websites it can access as you browse the web.

Transparent extensions’ data usage

We’ve also been improving our developer policies to make extensions more transparent. Starting January 18th, every extension will publicly display its “privacy practices” which will use clear visuals and simple language to explain the data they collect and use. We’re also limiting what developers can do with the data they collect.

Image showing user interface for Chrome extension "privacy practices" feature — You will find the new privacy practices overview right on the extension listing.

More security updates to keep you safe

Over the last year, we’ve updated our security practices to help us identify more harmful extensions before they enter the Chrome Web Store. For instance, thanks to our integration with Google Safe Browsing, the number of malicious extensions that Chrome disabled to protect people grew by 81 percent.

Earlier this year we also updated Chrome’s Safety check in Settings to help you quickly confirm if harmful extensions are installed and learn how to remove them. Next year, we’re planning to launch more protections through Enhanced Safe Browsing.

Image showing user interface for Chrome’s Safety check. Image dialogue box reading "2 potentially harmful extensions are off. You can also remove them." — If malicious extensions are installed, Chrome’s Safety check will tell you how to remove them.

Ready to start customizing your experience on Chrome? Check out the extension collections we feature on the Chrome Web Store, including the regularly updated Editor’s Pick, Staying at home, Enhance your gameplay or Personalize Chrome collections. Our priority is to continue developing features that protect your data and keep you safe, while you choose extensions that help you get the best out of Chrome.

Source: The Official Google Blog

Decrypted: How Heather Adkins thinks about security

Heather was hacked and the rest is history.

An 18-year veteran of Google’s security team, Heather Adkins’ interest in security was sparked when the small ISP she worked for in college suffered a data breach. Her reaction to the incident wasn’t exactly typical:

“Most people when they get hacked, panic. There's a sense of fear, and a sense of unknowing. But I did not panic or have any fear—I was really excited! I felt very curious: I wanted to know how the attackers did this, how they managed to bypass our security. And I fell in love with the role.”

In our latest edition of Public Key, Google's director of information security discusses the details of incident detection and response—“the function of security that looks for hackers and kicks them out of the network,” why COVID-19 marks a turning point in her team’s approach to securing people working and learning from home, how medieval history informs her work, and the future of online security.

Public Key

Googlers and academics share their thoughts about our approach to security and how product design, threats to high-risk users, research partnerships and medieval history (yup!) contribute to the ways we protect people online.

View more from Public Key

Source: The Official Google Blog

Public Key: Sharing our approach to security

In asymmetric cryptography, a common system for encrypting data, there are two decryption tools, or “keys.” The first is a private key that only the user knows, and the other is a public key, which is safe to share with everyone.

Public Key is also the name of a new series about our approach to security, across Google. From home offices everywhere, Googlers and academics share their thoughts about how product design, threats to high-risk users, research partnerships, medieval history (yup!) and more, contribute to the ways we protect people online. We want to make sure people aren’t just aware of our automatic protections, but understand the thinking behind them too. That’s always been the case, but at this particular moment in time, it’s especially important.

You can think of this series as a public key, for Google security…on the Keyword. For a peek at what we’ll be covering, watch our video above. And stay tuned for more over the coming weeks.

Public Key

View more from Public Key

Source: The Official Google Blog

Why design is important to security

Security is usually invisible. More often than not, we just protect you automatically and you don’t need to lift a finger. But sometimes, we’ll notify you and suggest that you take action to better secure your information, like check your Account activity after we block a suspicious attempt to sign in. Whether the issue is critical or less serious, getting these notifications right—making sure they’re written clearly and presented in a simple and useful way—is really important. These alerts shouldn’t just keep you safe, but help you feel safe too.

Over the years, we’ve made changes to our notifications that have had a big impact on people’s security. In 2015 for example, we started using Android alerts to notify people about critical issues with their Google Accounts, like a suspected hack. Compared to email, we saw a 20-fold increase in the number of people that engaged with these new notifications within an hour of receiving them.

Today we announced a new type of critical alert that will display within the Google app you’re using. So we thought it was a good time to dive a bit deeper into the thinking behind how we develop useful security notices. In this video, Jonathan Skelker, a product manager who specializes in alerts and notifications, and Niti Arora, a UX designer for Google security, discuss how we think about communicating with users in our products to help them feel safe.

Public Key

View more from Public Key

Source: The Official Google Blog

Public Key

Source: The Official Google Blog

How we keep you safe online every day

Every year, National Cybersecurity Awareness month reminds us all about the importance of creating safe online experiences. Keeping you safe online means continuously protecting the security and privacy of your information. That’s why protections are automatically built into your Google Account and every Google product: Safe Browsing protects more than 4 billion devices, Gmail blocks more than 100 million phishing attempts every day, and Google Play Protect scans over 100 billion apps every day for malware and other issues.

The safety of our products is driven by three core principles: keeping your information secure, treating it responsibly, and putting you in control. We’re continuously putting these principles into practice, and wanted to share our newest security and privacy protections, which you can learn more about in our completely refreshed Safety Center—the single source for all the ways we keep you safe in the products you use every day, and it’s live today in the U.S. and coming soon globally.

Proactively protecting you with high-visibility security alerts

When your security is at risk, time is of the essence. We work to make it easy for you to act fast if we ever detect a serious risk to your Google Account. Over the years, we’ve developed new ways to notify people about these issues and helped significantly improve their security. In 2015 for example, we started using Android alerts to notify people about critical issues with their Google Accounts, like a suspected hack. Following this change, we saw a 20-fold increase in the number of people that engaged with these new notifications within an hour of receiving them, compared to email.

Soon we’ll be introducing a redesigned critical alert and a new way of delivering it. When we detect a serious Google Account security issue, we’ll automatically display an alert within the Google app you’re using and help you address it—no need to check email or your phone’s alerts. The new alerts are resistant to spoofing, so you can always be sure they're coming from us. We’ll begin a limited roll out in the coming weeks and plan to expand more broadly early next year.

Easily control your Google Assistant experience with Guest mode

Every day, Google Assistant helps people get things done in their home, whether it’s suggesting a new recipe you might like or reminding you of your next appointment. But there are times you may not want your Assistant interactions saved to your Google Account. That’s why in the coming weeks, we’ll be introducing Guest mode—a new way to use your Google Assistant on home devices. With an easy voice command, you can turn on Guest mode, and your Assistant interactions while in this mode won’t be saved to your account. You can turn off Guest mode at any time to get the full, personalized Google Assistant experience again. In addition, you always have the ability to go back and delete what you said to the Assistant just using your voice, and we’ve added even more answers to common questions about security and privacy that the Assistant will answer instantly. In fact, we answer more than 3 million privacy and security questions per month, globally.

Safety is built into all our products

Privacy and security have been core to everything we do since our earliest days as a company. Our teams work every day to make Google products safe no matter what you’re doing—browsing the web, managing your inbox, or seeing family on Google Meet. Just this week, we announced our work to protect your information with new security and privacy safeguards for Google Workplace and new password protections in Chrome, as well as Chrome’s progress on the Privacy Sandbox, an initiative to fundamentally enhance privacy on the web. To make it easier to control your privacy, you'll soon be able to directly edit your Location History data in Timeline by adding or editing places you’ve visited with just a few taps, and because Search is the starting point for so many questions, starting today we’ll display your personal security and privacy settings when you ask things like “Is my Google Account secure?”

We're also continuing to work on building technologies that can be used to further protect your privacy across all of our products. For example, this year in an industry first, as part of Android 11 we’ve combined differential privacy and federated learning to train the models that allow for next word prediction in Google’s keyboard Gboard. Federated learning, a technique invented at Google, allows developers to train AI models and make products smarter—for you and everyone else—without your data ever leaving your device. In Android 11, we’ll now generate Smart Replies, including emoji recommendations, from on-device system intelligence, meaning the data is never shared with Gboard or Google.

Protecting your online safety requires constant vigilance and innovation. It starts with building the world’s most advanced security infrastructure and pairing it with responsible data practices and privacy tools that put you in control. We’ll continue to advocate for sensible data regulations around the world, including strong, comprehensive federal privacy legislation in the U.S., and make privacy and security advances that keep you safer online.

Source: The Official Google Blog

Our work to move data portability forward

Editor’s note: Google and the Data Transfer Project recently submitted comments to the Federal Trade Commission (FTC) about data portability. Ahead of tomorrow’s “Data To Go” workshop with the FTC, we’re sharing an overview of our work along with some updates.

When it’s easy for people to move their data to competing products, the pressure is on us to build the products they like best. And that’s how it should be: we want people to use our products and services because they prefer them, not because they feel locked in.

This principle is at the heart of Takeout, our data portability tool that helps people export copies of their data from more than 70 Google products, including Gmail, Drive and Photos. Today there’s an average of more than two million exports per month from Takeout with more than 200 billion files exported in 2019.

People use Takeout for lots of different reasons: backing up their data, getting a bird’s eye view of what’s in their account, or moving their data to a different service without first downloading it onto a device. We first supported direct transfer of data archives in 2016, and since then have launched a scheduled export service, as well as the ability to transfer photos directly from Google Photos to Flickr and Microsoft OneDrive. Today we’re announcing that we’ve added more granular controls, so you can transfer specific albums, rather than your entire library. Millions of photos have already been transferred since we began to roll this out.

Improving data portability through the Data Transfer Project

The principles that underpin Takeout also apply to the Data Transfer Project (DTP), an industry-wide effort that we founded and continue to lead with Microsoft, Twitter, Facebook, and Apple.

In many ways, DTP is an extension of the direct transfer functionality that we’ve had in Takeout for years. It’s an open-source data portability platform that enables people to move their data directly from one service provider to another. This can help people test a new service, or move data if they have slow or metered connections, like a mobile device in an area without access to high-speed broadband. Downloading and re-uploading data can be expensive, if not impossible, under those types of conditions.

Along with our partners in the project, we’ve brought other companies into the fold and moved the project forward. In 2018, Google gave the first public demo of the first prototype of the Data Transfer Project, showing how easy it could be to move cat photos between two services. Last fall, we launched the first publicly-available direct transfer built with Data Transfer Project code, enabling people to move their Google Photos library to Flickr. With the addition of Microsoft OneDrive as a destination earlier this year, and today's announcement of a photo album selection feature, we’re continuing our commitment to making portability more practical and widely available.

People should be able to use their data with the services that they like best, whether they’re made by established companies, upstarts with brand new products, or anything in between. The more services that join the Data Transfer Project, the more practical it becomes for people to try new services—so we encourage companies of all sizes to check it out and get involved. Details on how to participate are on the website. We’re looking forward to continuing our investments in Takeout, the Data Transfer Project, and data portability more broadly for many years to come.

Source: The Official Google Blog

Say hello to safer phone calls

Businesses often rely on phone calls to reach out to new customers and serve existing ones. But here’s the hang-up: customers often don’t answer the call if they don’t recognize the number. They worry it could be spam, or worse, a scam: a 2019 FTC report found that phone calls were the number one way people reported being contacted by scammers. While most people said they hung up on those calls, those who lost money reported a median loss of $1,000. Spam and scam calls erode trust in businesses and increase costs to consumers.

Verified Calls by Google

Verified Calls aims to solve this problem by showing the caller’s name, logo, reason for calling and a verification symbol indicating the business has been authenticated by Google. This is done in a secure way—Google doesn’t collect or store any personally identifiable information after verification.

Verified Calls is a feature on Google’s Phone app, which comes pre-loaded on many Android phones and will be available for download starting later this week on even more Android devices.

Better answer rates

We’ve been piloting Verified Calls for a few months, and the early results indicate that it improves the likelihood of someone answering a call. This in turn helps reduce business costs while identifying relevant calls to people in a trustworthy way. A wide range of businesses and institutions have been using Verified Calls during the pilot. For instance, banks calling to alert a customer about a possible fraudulent transaction can increase answer rates by stating the call reason. A food delivery or logistics company can do the same to make sure customers are available to receive their deliveries.

Verification increases consumer trust

Based on last year’s launch of Verified SMS, which confirms the identity of the business that’s texting you, we learned that verified communication is valuable to both businesses and consumers. A study in the U.S. and Brazil found that Verified SMS increased consumer trust in brands, which significantly improved performance on metrics like likelihood to purchase, brand satisfaction, and likelihood to recommend.

Getting started

Verified Calls is initially rolling out in the U.S., Mexico, Brazil, Spain and India, with more countries to come. Brand and channel partners can get more information on our website. We also have existing partners—including Neustar, Five9, Vonage, Aspect, Bandwidth, Prestus, Telecall, and JustCall—ready to help brands improve their answer rates by using Verified Calls. To understand how Verified Calls works, tune in to our special session at Google Cloud Next ‘20 On Air.

Source: Android

Say hello to safer phone calls

Verified Calls by Google

Verified Calls is a feature on Google’s Phone app, which comes pre-loaded on many Android phones and will be available for download starting later this week on even more Android devices.

Better answer rates

Verification increases consumer trust

Getting started

Source: Android

Say hello to safer phone calls

Verified Calls by Google

Verified Calls is a feature on Google’s Phone app, which comes pre-loaded on many Android phones and will be available for download starting later this week on even more Android devices.