Author Archives: Parisa Tabriz

Helping every student learn how they learn best

Editor’s note: Today is Global Accessibility Awareness Day. We’re also sharing how we’re partnering with people with disabilitiesto build products and a newAndroid accessibility feature.

I often think about what Laura Allen, a Googler who leads our accessibility and disability inclusion work and is low vision, shared with me about her experience growing up using assistive technology in school. She said: “Technology should help children learn the way they need to learn, it shouldn’t be a thing that makes them feel different in the classroom.”

As someone who has spent years building technology at Google, I’ve thought a lot about how we can create the best possible experience for everyone. A big part of getting that right is building accessibility right into our products — which is especially important when it comes to technology that helps students learn. Ninety-five percent of students who have disabilities attend traditional schools, but the majority of those classrooms lack resources to support their needs. The need for accessible learning experiences only intensifies with the recent rise of blended learning environments.

We want students to have the tools they need to express themselves and access information in a way that works best for them. Here are a few recent ways we’ve built accessibility features directly into our education tools.

  • You can now add alt-text in Gmail. This allows people to add context for an image, making it accessible for people using screen readers and helping them better understand exactly what is being shared.
  • We’ve improved our Google Docs experience with braille support. With comments and highlights in braille, students reading a Google Doc will now hear start and end indications for comments and highlights alongside the rest of the text. This change makes it easier for people using screen readers and refreshable braille displays to interact with comments in documents and identify text with background colors.

We added new features to dictation on Chrome OS. Now you canspeak into any text field on the Chromebook simply by clicking on the mic icon in the status area or pressing Search + d to dictate. The dictation feature can be helpful for students who have trouble writing — whether that's because of dysgraphia, having a motor disability or something else. You can also edit using just your voice. Simply say “new line” to move the cursor to another line, “help” to see the full list of commands, or “undo” to fix any typos or mistakes.

Accessibility in action

We see the helpfulness of these features when they’re in the hands of teachers and students. My team recently spoke with Tracey Green, a teacher of the Deaf and an Itinerant Educational Specialist from the Montreal Oral School for the Deaf (MOSD) in Quebec. Her job is to work with students with hearing loss who attend local schools.

She and Chris Webb, who is a teacher at John Rennie High School and also a Google for Education Certified Innovator and Trainer, have been using Google Classroom to support students throughout distance learning and those who have returned to the classroom. For example, they integrate YouTube videos with automatic captioning and rely on captions in Google Meet. Their efforts to improve access to information during school assemblies kicked off a school-wide, student-led accessibility initiative to raise awareness about hearing loss and related accessibility issues.

Benefiting everyone

One phenomenon that underscores how disability-first features benefit everyone is called the “Curb-cut Effect.” When curbs were flattened to allow access for people with disabilities, it also meant greater access for bikers, skateboarders, and people pushing strollers or shopping carts. Everyone benefitted. Similarly, accessibility improvements like these recent updates to our education tools mean a better experience for everyone.

We see this similar effect time and time again among our own products. Take Live Caption in the Chrome browser for example. Similar to Google Meet captions, Live Caption in Chrome captions any video and audio content on your browser, which can be especially helpful for students who are deaf or hard of hearing. It can also be helpful when people want to read content without noise so they don’t disrupt the people around them.

When we build accessible products, we build for everyone. It’s one of the things I love about working for Google — that we serve the world. There’s a lot of work ahead of us to make sure our products delight all people, with and without disabilities. I’m excited and humbled by technology’s potential to help get us closer to this future.

Stay up-to-date on the latest accessibility features from Google for Education.

100 versions of Chrome later: What we learned along the way

When we introduced Google Chrome back in 2008, our goal was to build a browser that was fast, secure, and easy to use. For over a decade, we’ve worked with the larger ecosystem to drive innovation on the web forward and build a user and developer experience that helps people and developers get things done. We continue this work today.

It’s humbling to know that billions of people around the world turn to Chrome, and we’re constantly challenging ourselves to make it faster, safer, more helpful and more accessible for everyone. Personally, I've been inspired by how we've driven HTTPS adoption, made payments and password management better and helped developers create incredible Chrome extensions. In short, it's amazing to see the thousands of tiny updates from the team that come together to make Chrome better and better.

We recently rolled out the 100th major update for your Chrome browser — and to mark this milestone, I asked some members of the team to share a few of their favorite features and improvements.

Building the fastest browser

Max Christoff, Senior Engineering Director

There’s no such thing as a browser that’s too fast. Speed has shaped our work since Chrome’s launch in 2008. After more than a decade, we’ve continued to find new performance wins by obsessively sweating the engineering details. In the past year and a half alone, we’ve made Chrome an additional 43% faster. But having the fastest browser on the planet doesn’t help if your device runs out of battery or memory, so we’ll continue working to make Chrome more efficient — on all platforms, from low-end phones to high-performance workstations.

Prioritizing your privacy and security

Sabine Borsay and Patrick Nepper, Senior Product Managers, Chrome Trust & Safety

From the beginning, we designed Chrome with your safety and privacy in mind. Chrome comes with a powerful password manager to make signing in safe and seamless across your devices. It will also warn you if your passwords have been compromised and help you fix weak ones with a single tap. Along with providing strong default protections, we try to make privacy controls easy to find, understand and use. After a complete redesign of Chrome’s security and privacy settings two years ago, we have a new guided tour of key privacy controls, so you can make choices that work best for you.

Building a simple, safe and beautiful Chrome

Alex Ainslie, UX Director

Looking back on the past decade, I’m proud of the human-centered work the Chrome team has done to build a browser that’s powerfully simple — that’s shown in features like tab groups and password autofill. Along the way, we’ve published work on usable security, designed a tiny dino game and updated Chrome’s visual design. Chrome’s designers, researchers and writers focus on crafting a browser specifically for each device by taking into account operating system conventions, input methods and hardware capabilities. We want to get the #littlebigdetails right and welcome your bug reports and feedback about how we can make Chrome work better for you.

Designing a more inclusive experience

RK Popkin, Group Product Manager

Looking back, I’m proudest of the work we’ve done to bring the web to more people. Chrome is now the most popular browser for screenreader users, and we use the latest AI advancements to describe pictures across the web for blind and low vision users. We’ve added Live Captions to video/audio content for users who are Deaf or hard of hearing, and our DevTools accessibility tree helps others build better for people with disabilities. Chrome also uses neural machine translation to translate the web in 108 languages — this past month, we translated over 25 billion webpages! We’ve also collaborated with Black and Latino artists to bring their visions to Chrome’s new tab page, giving people a new way to make Chrome reflect themselves. We’re excited to release more collaborations in the future.

Supporting a free and open-source web browser project

Paul Kinlan, Senior Staff Developer Advocate & Lead of Chrome Developer Relations

As a web developer before joining Google, I was fascinated with Chrome because it was the first open source browser project (the project itself is called Chromium) and built on web standards, meaning anyone could contribute and improve it. Today, Chromium powers many of the most popular browsers, including Microsoft Edge and Amazon Silk, while also enabling the web to be built into Android apps, TVs and VR headsets. Thanks to our commitment to shorten the release cycle and ship a new version of Chrome more often, we’re now able to make improvements and fix issues quicker, and projects like Interop 2022 will help enable web developers to build experiences that work everywhere.

Deploying Chrome at work or school

Philippe Rivard, Senior Product Manager, Chrome browser enterprise

People everywhere transitioned to remote work and school during the pandemic, and many of them relied on Chrome to help. What people might not know about is the work that IT teams around the world did to make this seamless and secure, thanks to tools like Chrome Browser Cloud Management. This allowed IT teams to manage Chrome across operating systems, directly from the cloud. I'm proud of the work my team has done to help organizations of all sizes make the most of the web. Now, many organizations are moving to hybrid working models for the foreseeable future, and Chrome will continue to support IT teams as they handle this added complexity.

Helping you search and get things done online

Yana Yushkina, Product Manager, Search in Chrome

We’ve all left too many tabs open in fear of losing valuable info — that's why I’m most excited about Chrome Journeys. This helps you revisit time-intensive research by pulling your previously visited sites based on topic. Or to skip tabs altogether, Chrome Actions helps you jump right to opening a new Doc, translating a page or sharing a site.

Keeping up with content you care about

Janice Wong, Product Manager, Content Discovery

At its core the web is all about content — both the people consuming it, and people creating it. Last year, we made it easier for you to follow and get updates from your favorite web publishers right from Chrome. You can also discover content from new websites that’s relevant and interesting to you in Chrome on Android and iOS. I'm excited to help even more people keep up with their interests and discover new ones from the new tab page.

Thank you for trusting Chrome and for helping us continually improve it via your feedback — here’s to the next 100 milestones!

Extending enterprise zero trust models to the web

For over a decade, Chrome has been committed to advancing security on the web, and we’re proud of the end-user and customer safety improvements we’ve delivered over the years. We take our responsibility seriously, and we continue to work on ways to better protect billions of users around the world, whether it’s driving the industry towards HTTPS, introducing and then advancing the concept of a browser sandbox, improving phishing and malware detection via Safe Browsing improvements or working alongside Google’s Project Zero team to build innovative exploit mitigations. 

To continue our work of making a safer web for everyone, we’ve partnered with Google’s Cloud Security team to expand what enterprises should expect from Chrome and web security. Today the Cloud Security team is announcing BeyondCorp Enterprise, our new zero trust product offering, built around the principle of zero trust: that access must be secured, authorized and granted based on knowledge of identities and devices, and with no assumed trust in the network. With Chrome, BeyondCorp Enterprise is able to deliver customers a zero trust solution that protects data, better safeguards users against threats in real time and provides critical device information to inform access decisions, all without the need for added agents or extra software. These benefits are built right into Chrome, where users are already spending much of their workday accessing the apps and resources they need to be productive, and IT teams can easily manage these controls right through our Chrome Browser Cloud Management offering.

By extending zero trust principles to Chrome, we’re introducing the following advanced security capabilities that will help keep users and their company data safer than ever before:

Enhanced malware and phishing prevention: BeyondCorp Enterprise allows for real-time URL checks and deep scanning of files for malware.

Notification that reads " is dangerous, so Chrome has blocked it."

Sensitive data protection across the web:IT teams can enforce a company’s customized rules for what types of data can be uploaded, downloaded or copied and pasted across sites.

Notification that reads "This file has sensitive or dangerous content. Remove this content and try again.

Visibility and insights: Organizations can get more insights into potential risks or suspicious activity through cloud-based reporting, including tracking of malicious downloads on corporate devices or employees entering passwords on known phishing sites. 

Three bar charts labeled "Chrome high risk users," "Chrome high risk domains," and "Chrome data protection summary."

Including Chrome in your zero trust strategy is critical not only because your employees spend much of the working day in the browser, but also because Chrome is in a unique position to identify and prevent threats across multiple web-based apps. Enhanced capabilities surrounding data protection and loss prevention protects organizations from both external threats and internal leak risks, many of which may be unintentional. We’ve built these capabilities into Chrome in a way that gives IT and security teams flexibility around how to configure policies and set restrictions, while also giving administrators more visibility into potentially harmful or suspicious activities. Naturally, these threat and data protections are also extended to Chrome OS devices, which offer additional proactive and built-in security protections.  

As with many of the major security advances Chrome has introduced in the past, we know it takes time to adopt new approaches. We’re here to help with a solution that is both simple and more secure for IT teams and their users. As you look at 2021 and where your security plans will take you, check out BeyondCorp Enterprise

Chrome will host a webinar on Thursday, January 28, highlighting some of our recent enterprise enhancements, and offering a preview of what’s to come in 2021. We’ll also talk more about the Chrome-specific capabilities of BeyondCorp Enterprise. We hope you can join us!

Source: Google Chrome

Helping families Be Internet Awesome on Safer Internet Day

Editor’s note: This is adapted from remarks Parisa gave today at the Grow with Google NYC Learning Center.

When I was a kid, my brothers and I had to “take turns” using our family computer with slow, dial-up internet access. It wasn’t until college that I got my own computer and cell phone—which was only for making calls. Now, it’s so different for kids who are growing up with access to the web and mobile apps at home and school; most parents are buying smartphones for their kids at 9.5 years old.

With technology at their fingertips, online safety education is so important for young people. We need to put online safety in the same class, literally, as math, science, and history—it’s a fundamental skill in navigating our digital world.  This is why I’m so proud of the work we’ve done with Be Internet Awesome. The idea behind Be Internet Awesome is to make sure the most important people in young people’s lives—their parents and teachers—have the resources to teach online safety and citizenship. 

Since launching in 2017, Be Internet Awesome is now available in over 26 countries, 12 languages, and millions of people around the world have used the program. But we aren’t there yet. Anew Google survey found that 2 out of 3 parents believe conversations about online safety should happen both in the home and in the classroom, but only 4 in 10 parents feel confident enough to talk to their families about online safety. 

Google wants to help, and we couldn't do it without enthusiastic and deeply committed partners. Today we’re announcing a partnership with the National PTA and YMCA to host more than 400 family online safety, citizenship, and digital wellbeing workshops this week across the country to help parents have the tech talk with their kids. The workshops will also help people learn about our Family Link parental controls, YouTube Kids and Digital Wellbeing tools. We’re hosting many of these free workshops right here at the Grow with Google NYC Learning Center alongside a pop-up online safety experience open to the public, and we’re empowering parents and volunteers via YMCA and PTA to help their fellow parents by hosting them across the US. 

Along with these partnerships, we’re expanding Be Internet Awesome to the Netherlands, Indonesia, Nigeria, Kenya, and South Africa. We’re also teaming up with to encourage teachers in over 3,500 classrooms to teach kids about online safety with the Be Internet Awesome Classrooms Rewards Program. And we’re partnering with Scholastic to provide 2 million families with Be Internet Awesome tips and resources for teachers and parents.

Most kids won't know what it's like to wait until college to get a cell phone. So it's even more important that they learn how to make smart choices online at an early age, and Be Internet Awesome can help them get there. We’re excited to kick off these workshops on Safer Internet Day, and continue our work to share these insights for years to come.

Optimistic dissatisfaction with the status quo of security

This article is a condensed version of a keynote speech Parisa gave at Black Hat Conferenceon July 8, 2018.

As I kid, I used to spend hours at the arcade playing whack-a-mole. With a toy mallet in hand, I’d smash as many plastic moles as possible. But the more moles I whacked, the faster they popped up out of their holes.

I haven’t played this arcade game in years, but there have been times when my career in computer security felt like a reality version of whack-a-mole. Computer security issues are emerging at a quickening pace, and everyone’s energy is spent knocking out the same problems over and over and over.

We have to stop taking a whack-a-mole approach to security. Instead, we need to focus our energy on tackling the root causes of bad security, strategically investing in long-arc defense projects, and building out our coalitions beyond security experts.

Tackle the root cause

As the world becomes more dependent on safe and reliable technology, we can no longer be satisfied with isolated security fixes. Instead, we need to identify and tackle the underlying causes of bad security—whether they’re structural, organizational or technical.

Project Zero, a team that formed at Google in 2014, aims to advance the understanding of offensive security and improve defensive strategies. Over the past four years, the team has reported more than 1,400 vulnerabilities in a variety of targets, including operating systems, browsers, antivirus software, password managers, hardware and other popular software. But what's more impressive than that number is the impact we’re seeing across industry in terms of tackling the root causes of bad security.

In the case of Project Zero, the team recognized that vendor response times for fixing critical security reports varied hugely, and it often didn’t tip in favor of the people using the technology. Unfortunately, software vendors don’t always have incentives aligned that prioritize security. To address that underlying problem, Project Zero introduced a consistent 90-day disclosure policy that removed the historical, time-consuming negotiation between security researchers and vendors.

Initially, this deadline-driven approach was controversial. It caused short-term pain for organizations that needed to make structural changes. But sticking to this approach resulted in  vendors investing more in solving root problems that, for whatever reason, weren’t previously addressed. Since the introduction of the deadline-driven disclosure policy, one large vendor doubled the number of security updates released each year, and another vendor improved response time by 40 percent. When it came to the controversial deadline, 98 percent of the security issues Project Zero reported have been fixed within 90 days, up from 25 percent.

Through all of this, Project Zero worked in the open to advance the public’s understanding of exploitation techniques. Ultimately, the team recognized that one individual security researcher isn’t likely to change the behavior of a large vendor, but a larger public response can. The team sought out opportunities for collaboration with other vendors, and people came together, both inside and outside the walls of Google, to analyze and build defenses against exploits discovered in the wild.

Solving the root problems—especially in today’s distraction-driven environments—isn’t always the fastest or easiest route to take, but it builds a foundation for a more secure future.

Celebrate milestones to make progress on strategic projects

To make real security change, we need to commit to long-arc defense efforts, no matter how complex they may be or how long they take to complete. Maintaining momentum for these projects requires strategically picking milestones, communicating them repeatedly and celebrating progress along the way.

In 2014, the Chrome team set out on a mission to drive the adoption of HTTPS on the open web. We wanted the web to be secure by default, instead of opt-in secure. We also wanted to address confusion in our existing network security indicators; users weren’t perceiving the risk of HTTP connections given our lack of a warning. We knew this project would take many years to complete because of the complexity of the web ecosystem and the associated risk of making big changes to browser security warnings.

It's important to remember that nobody owns the web. It’s an open ecosystem of multiple players, each with different incentives and constraints—so projects of this magnitude require wrangling a lot of moving parts. To avoid creating warning fatigue and confusion about the web, we set strategic milestones over a long period and share them publicly.

My job as a manager was to make sure my team believed change was possible and that they stayed optimistic over the entire course of the project. We shared a comprehensive step-by-step strategy and published the plan on our developer wiki for feedback. Our milestone-based plan started out simple and increasingly upped the pressure over time. Internally, we found fun and inexpensive ways to keep team morale high. We kicked off a brainstorming day with a poetry slam—finger snapping included! We made celebratory HTTPS cakes, pies and cookies. We also had a team chat to share updates, challenges and a lot of GIFs.

https cake

Building momentum externally was equally important. When sites made the switch to the more secure HTTPS, we celebrated with the broader community—usually via Twitter. And we published a transparency report that shed light on top sites and their HTTPS status. Hooray for openness!

Since our official announcement of these changes, HTTPS usage has made incredible progress. The web is ultimately more secure today because of a loose coalition of people who were able to stay committed to seeing a long, ambitious project all the way through. Which brings me to my third point...

Build a coalition

As we proactively invest in ambitious defense projects where the benefits aren’t immediately clear, we need to build a strong coalition of champions and supporters.

In 2012, the Chrome team started its Site Isolation effort, a project that mitigated the risk of cross-site data theft on the web. The project turned out to be the largest architecture change and code refactor in the history of Chrome! This was no small task considering Chrome is 10 years old, has more than 10 million lines of C++ code and has hundreds of engineers committing hundreds of changes each day from around the world. The core Site Isolation team was made up of only around 10 people, so building a strong coalition of support for the project outside of the team was critical for its success.

Originally, we thought this project would take a year to complete. Turns out we were off by more than a factor of five! Estimation mistakes like this tend to put a bullseye on a project’s back from upper management—and with good reason. Luckily, the team regularly articulated progress to me and the reasons why it was more work than first anticipated. They also demonstrated positive impact in terms of overall Chrome code health, which benefited other parts of Chrome. That gave me additional cover to defend the project and communicate its value to senior stakeholders over the years.

Aside from management, the team needed allies from partner teams. If other Chrome team members weren’t motivated to help or didn’t respond quickly to questions, emails and code reviews, then this 10-person project could have dragged on forever. The team kept a positive attitude and went out of their way to help others, even if it didn't relate directly to their own project. Ultimately, they conducted themselves as good citizens to build a community of support—a good lesson for all of us. We might be able to find the problems and technical solutions on our own, but we rely on everyone working on technology to help clear the path to a safer future.

We’ll keep finding complex problems to solve as technology evolves, but I’m optimistic that we can continue to keep people safe. It just requires a little bit of change. We need to take a different approach to computer security that doesn’t feel like playing whack-o-mole. So let’s band together—inside and outside of our organizations—and commit to ambitious projects that solve the root problems. And let’s not forget to celebrate our wins along the way! 🎉

Source: Google Chrome