Contextual Rephrasing in Google Assistant

Posted by Aurelien Boffy, Senior Staff Software Engineer, and Roberto Pieraccini, Engineering Director, Google Assistant

When people converse with one another, context and references play a critical role in driving their conversation more efficiently. For instance, if one asks the question “Who wrote Romeo and Juliet?” and, after receiving an answer, asks “Where was he born?”, it is clear that ‘he’ is referring to William Shakespeare without the need to explicitly mention him. Or if someone mentions “python” in a sentence, one can use the context from the conversation to determine whether they are referring to a type of snake or a computer language. If a virtual assistant cannot robustly handle context and references, users would be required to adapt to the limitation of the technology by repeating previously shared contextual information in their follow-up queries to ensure that the assistant understands their requests and can provide relevant answers.

In this post, we present a technology currently deployed on Google Assistant that allows users to speak in a natural manner when referencing context that was defined in previous queries and answers. The technology, based on the latest machine learning (ML) advances, rephrases a user’s follow-up query to explicitly mention the missing contextual information, thus enabling it to be answered as a stand-alone query. While Assistant considers many types of context for interpreting the user input, in this post we are focusing on short-term conversation history.

Context Handling by Rephrasing
One of the approaches taken by Assistant to understand contextual queries is to detect if an input utterance is referring to previous context and then rephrase it internally to explicitly include the missing information. Following on from the previous example in which the user asked who wrote Romeo and Juliet, one may ask follow-up questions like “When?”. Assistant recognizes that this question is referring to both the subject (Romeo and Juliet) and answer from the previous query (William Shakespeare) and can rephrase “When?” to “When did William Shakespeare write Romeo and Juliet?”

While there are other ways to handle context, for instance, by applying rules directly to symbolic representations of the meaning of queries, like intents and arguments, the advantage of the rephrasing approach is that it operates horizontally at the string level across any query answering, parsing, or action fulfillment module.

Conversation on a smart display device, where Assistant understands multiple contextual follow-up queries, allowing the user to have a more natural conversation. The phrases appearing at the bottom of the display are suggestions for follow-up questions that the user can select. However, the user can still ask different questions.

A Wide Variety of Contextual Queries
The natural language processing field, traditionally, has not put much emphasis on a general approach to context, focusing on the understanding of stand-alone queries that are fully specified. Accurately incorporating context is a challenging problem, especially when considering the large variety of contextual query types. The table below contains example conversations that illustrate query variability and some of the many contextual challenges that Assistant’s rephrasing method can resolve (e.g., differentiating between referential and non-referential cases or identifying what context a query is referencing). We demonstrate how Assistant is now able to rephrase follow-up queries, adding contextual information before providing an answer.

System Architecture
At a high level, the rephrasing system generates rephrasing candidates by using different types of candidate generators. Each rephrasing candidate is then scored based on a number of signals, and the one with the highest score is selected.

High level architecture of Google Assistant contextual rephraser.

Candidate Generation
To generate rephrasing candidates we use a hybrid approach that applies different techniques, which we classify into three categories:

  1. Generators based on the analysis of the linguistic structure of the queries use grammatical and morphological rules to perform specific operations — for instance, the replacement of pronouns or other types of referential phrases with antecedents from the context.
  2. Generators based on query statistics combine key terms from the current query and its context to create candidates that match popular queries from historical data or common query patterns.
  3. Generators based on Transformer technologies, such as MUM, learn to generate sequences of words according to a number of training samples. LaserTagger and FELIX are technologies suitable for tasks with high overlap between the input and output texts, are very fast at inference time, and are not vulnerable to hallucination (i.e., generating text that is not related to the input texts). Once presented with a query and its context, they can generate a sequence of text edits to transform the input queries into a rephrasing candidate by indicating which portions of the context should be preserved and which words should be modified.

Candidate Scoring
We extract a number of signals for each rephrasing candidate and use an ML model to select the most promising candidate. Some of the signals depend only on the current query and its context. For example, is the topic of the current query similar to the topic of the previous query? Or, is the current query a good stand-alone query or does it look incomplete? Other signals depend on the candidate itself: How much of the information of the context does the candidate preserve? Is the candidate well-formed from a linguistic point of view? Etc.

Recently, new signals generated by BERT and MUM models have significantly improved the performance of the ranker, fixing about one-third of the recall headroom while minimizing false positives on query sequences that are not contextual (and therefore do not require a rephrasing).

Example conversation on a phone where Assistant understands a sequence of contextual queries.

Conclusion
The solution described here attempts to resolve contextual queries by rephrasing them in order to make them fully answerable in a stand-alone manner, i.e., without having to relate to other information during the fulfillment phase. The benefit of this approach is that it is agnostic to the mechanisms that would fulfill the query, thus making it usable as a horizontal layer to be deployed before any further processing.

Given the variety of contexts naturally used in human languages, we adopted a hybrid approach that combines linguistic rules, large amounts of historic data through logs, and ML models based on state-of-the-art Transformer approaches. By generating a number of rephrasing candidates for each query and its context, and then scoring and ranking them using a variety of signals, Assistant can rephrase and thus correctly interpret most contextual queries. As Assistant can handle most types of linguistic references, we are empowering users to have more natural conversations. To make such multi-turn conversations even less cumbersome, Assistant users can turn on Continued Conversation mode to enable asking follow-up queries without the need to repeat "Hey Google" between each query. We are also using this technology in other virtual assistant settings, for instance, interpreting context from something shown on a screen or playing on a speaker.

Acknowledgements
This post reflects the combined work of Aliaksei Severyn, André Farias, Cheng-Chun Lee, Florian Thöle, Gabriel Carvajal, Gyorgy Gyepesi, Julien Cretin, Liana Marinescu, Martin Bölle, Patrick Siegler, Sebastian Krause, Victor Ähdel, Victoria Fossum, Vincent Zhao. We also thank Amar Subramanya, Dave Orr, Yury Pinsky for helpful discussions and support.

Source: Google AI Blog


Announcing v202205 of the Google Ad Manager API

We're pleased to announce that v202205 of the Google Ad Manager API is available starting today, May 17th. This release adds support for CPM sponsorships for ProposalLineItems.

It also updates the ReportService for the upcoming "Ad Exchange Historical" to "Historical" report type conversion. Ad Exchange Historical dimensions and metrics are now available for Historical reports. Because of this change, several Ad Exchange dimensions and metrics have been renamed or replaced in the API.

To migrate, please refer to the migration guide and the reference documentation for v202202 and earlier. The reference documentation has been updated to show which values are deprecated and their replacements. Here’s an example:

Enumeration Description
AD_EXCHANGE_IMPRESSIONS Ad Impressions on mapped Ad Exchange properties. When multiple text ads fill a single display slot it is only counted once, when the top text ad is recognized. In these cases, the Ad Impression is attributed to the top text ad.
Deprecated as part of the "Ad Exchange Historical" to "Historical" report type conversion. Use AD_EXCHANGE_LINE_ITEM_LEVEL_IMPRESSIONS instead.

For the full list of changes, check the release notes. Feel free to reach out to us on the Ad Manager API forum with any API-related questions.

- Chris Seeley, Ad Manager API Team

Mental health resources you can count on

When you or someone you care for is going through a mental health situation, it can feel isolating, overwhelming and distressing. To get through those moments, access to the right resources can make all the difference.

Anxiety and depression increased by 25% across the globe during the first year of the COVID-19 pandemic, and hospitals and doctor groups recently called mental health a national emergency for adolescents. With these issues on the rise, searches for "mental health therapist" and "mental health help" reached record highs this year in the U.S.

Against the backdrop of the global pandemic, geopolitical crises and economic concerns also hit home for many Americans. To help support mental health challenges stemming from these issues, our goal is to surface authoritative information you can trust, create access to helpful resources you need in the moment and show empathy for everyone facing mental health issues. So in recognition of Mental Health Awareness Month in the U.S., here are tools built to support you when you need it most.

Resources for those in crisis

We know that many people turn to Search to get actionable information during a personal crisis, whether it’s related to suicide, sexual assault, substance abuse or domestic violence. In the coming weeks, we’ll update Search to use our AI model MUM to automatically and more accurately detect personal crisis searches in order to show you the most relevant information when you need it.

We’ve also made it easier to access clinically-validated mental health self-assessments from Search for conditions such as depression, anxiety, postpartum depression and post-traumatic stress disorder (PTSD). These self-assessments, frequently used by medical professionals, are meant to help people understand how their self-reported symptoms might map to known mental health conditions.

On YouTube, updates to our crisis response panels better connect you with timely and important resources. For years, YouTube has shown crisis resource panels on certain search queries to connect people with local organizations that can help them through a moment of critical need. Now, crisis resource panels appear on the Watch Page and in search results. The number of topics that display crisis resources in YouTube search results has also expanded to include issues like depression, sexual assault and substance abuse.

A phone screen shows a YouTube video with a panel underneath that has contact information for the National Suicide Prevention Lifeline.

In the past month, searches for "local drug rehab centers near me" reached an all-time high in the U.S. As part of our ongoing commitment to help people find useful and accurate information related to addiction and recovery and to support the newly instituted Fentanyl Awareness Day, our Recover Together resource has a new section. Here you can find more information about the prevalence of fentanyl in illegally-made pills and the importance of naloxone, a legal drug that can reverse overdose from opioids like fentanyl, heroin, morphine and oxycodone.

A desktop screen shows a map that can be used to search for recovery resources.

Building empathy and reducing stigma

Sharing stories about mental health can normalize the issue and reduce stigmas that deter people from getting help. Working with the National Alliance on Mental Illness, YouTube created a guide for creators with tips on how to speak from personal experience, work with experts and use inclusive language.

To listen to supportive community stories and helpful information on mental health, you can watch videos in this playlist on YouTube. For younger audiences, the YouTube Kids app features mental health content on expressing emotions and building coping skills through music, art and more. For more on what YouTube is doing when it comes to mental health, check out this blog.

Personal moments of managing stress

In moments when you need a hand managing your stress levels, Fitbit can help. SelectFitbit devices include a Relax app for deep breathing or an EDA (electrodermal activity) sensor so you can better understand how your body responds to stress — which is especially important as we all cope with the stress of the pandemic. From there, you can take steps to adjust your activity levels, improve your sleep or practice mindfulness to help manage the impact on your wellbeing.

A Fitbit device screen shows the Relax app.

Over the past year in the U.S., searches for “5 minute meditation for anxiety” more than doubled. Using Google Assistant, you can find and play meditations from Calm on your Google Nest display to help relax during the day or fall asleep at night. Just say, "Hey Google, show me meditations from Calm" or "Hey Google, start a meditation."

A Nest Hub screen shows the Calm app experience.

Contributing to community wellbeing

Beyond providing resources to people using our products, we’re also helping organizations and researchers that contribute to mental health.

Since 2019, we've provided $2.7 million and nearly 30 Google.org Fellows to help The Trevor Project use AI to support LGBTQ+ youth in crisis. Most recently, Trevor and a team of Fellows built the AI-powered Crisis Contact Simulator (CCS) that lets volunteer trainees practice realistic conversations with digital youth personas. The Trevor Project recently introduced a new persona to expand their counselor training.

Ask for help when you need it

It is always okay to ask for help — whether that’s going to Google or YouTube with questions you’re not comfortable asking anyone else or opening up to your friends and family or connecting with experts who can help you through the difficult moments. We need to support each other however we can.

Changes to how Smart Bidding strategies are organized for Search campaigns

We previously announced that standard (non-portfolio) TargetCpa and TargetRoas bidding strategies are being replaced by MaximizeConversions (with target_cpa) and MaximizeConversionValue (with target_roas) for Search campaigns (those with advertising_channel_type = SEARCH).

Starting in July 2022, all remaining Search campaigns that use standard TargetCpa and TargetRoas bidding strategies will be converted to MaximizeConversions and MaximizeConversionValue strategies, with the same target_cpa and target_roas settings applied, respectively. The migration of portfolio strategies is planned later in 2023.

With this change there will be no impact to bidding behavior. Using MaximizeConversions with a target_cpa setting will have the same bidding behavior as TargetCpa. Likewise, using MaximizeConversionValue with a target_roas setting will have the same bidding behavior as TargetRoas.

Example

The following sample Campaign object illustrates what a migrated Search campaign’s bidding strategy settings would look like before and after the transition.

Existing campaign using standard TargetCpa

Previously using TargetCpa Now uses MaximizeConversions 
{
  bidding_strategy_type: TARGET_CPA
  target_cpa: {
    target_cpa_micros: 1000000
  }
  ...
}
 
{
  bidding_strategy_type: MAXIMIZE_CONVERSIONS
  maximize_conversions: {
    target_cpa: 1000000
  }
  ...
}



Existing campaign using standard TargetRoas

Previously using TargetRoas Now uses MaximizeConversionValue 
{
  bidding_strategy_type: TARGET_ROAS
  target_roas: {
    target_roas: 2.0
  }
  ...
}
 
{
  bidding_strategy_type: MAXIMIZE_CONVERSION_VALUE
  maximize_conversion_value: {
    target_roas: 2.0
  }
  ...
}


What to do

The Google Ads API already prohibits creating or updating standard (non-portfolio) TargetCpa or TargetRoas bidding strategies for Search campaigns. In July, any code that reads or manages remaining strategies of those types should account for the settings migrating to MaximizeConversions and MaximizeConversionValue.

If you have any questions or need additional help, contact us via the forum or at [email protected].

Adam Ohren, Google Ads API Team

This Googler hopes his team is one day obsolete

I first met Keawe Block a few years ago, and something he said has stuck with me ever since: “In an ideal world, my team wouldn’t exist.” Keawe, who works remotely in Washington state, is the head of all diversity tech recruiting efforts across North America — his team is dedicated to building a more equitable and representative Google.

His team has made major strides over the years, but we know there’s always more to be done. I recently had the chance to catch up with Keawe to learn more about his team’s approach to finding talent and creating community, every day and especially this May — Asian Pacific American Heritage Month.

How did your team start?

Our team started around 10 years ago out of a desire to put an emphasis on building a more representative pipeline for Google. It came out of a need. We didn’t look like the communities that use these products. Our team works to challenge bias within our interview process, to influence systems and process changes to increase equity, and to advocate for candidates that come from historically underrepresented groups

Why motivates you to show up every day?

This work is more than a passion for me — it’s personal. My motivation consists of two parts: First is leading and developing my team by helping them grow and expand their impact, and second is effectively changing the landscape of Google and tech by building a more representative workforce.

These both have immediate and long-term effects. Google has helped create a life for myself and my family that I didn’t think was possible. If I can use my platform to walk others through that path, that’s a win that can potentially have generational impact.

What would you like to see your team work on next?

Over the years the emphasis on diversity, equity and inclusion have expanded across Google and become a part of everyone’s job. More specifically, every recruiter plays a part in building inclusive pipelines and making Google more representative. We intend to educate and share what we’ve learned to the point where our work is no longer needed, because it is embedded in everything everyone does.

Boost the security of your app with the nonce field of the Play Integrity API

Posted by Oscar Rodriguez, Developer Relations Engineer

illustration with a mobile device displaying a security shield with a check mark, flow chart imagery, and Android logo

With the recent launch of the Play Integrity API, more developers are now taking action to protect their games and apps from potentially risky and fraudulent interactions.

In addition to useful signals on the integrity of the app, the integrity of the device, and licensing information, the Play Integrity API features a simple, yet very useful feature called “nonce” that, when correctly used, can further strengthen the existing protections the Play Integrity API offers, as well as mitigate certain types of attacks, such as person-in-the-middle (PITM) tampering attacks, and replay attacks.

In this blog post, we will take a deeper look at what the nonce is, how it works, and how it can be used to further protect your app.

What is a nonce?

In cryptography and security engineering, a nonce (number once) is a number that is used only once in a secure communication. There are many applications for nonces, such as in authentication, encryption and hashing.

In the Play Integrity API, the nonce is an opaque base-64 encoded binary blob that you set before invoking the API integrity check, and it will be returned as-is inside the signed response of the API. Depending on how you create and validate the nonce, it is possible to leverage it to further strengthen the existing protections the Play Integrity API offers, as well as mitigate certain types of attacks, such as person-in-the-middle (PITM) tampering attacks, and replay attacks.

Apart from returning the nonce as-is in the signed response, the Play Integrity API doesn’t perform any processing of the actual nonce data, so as long as it is a valid base-64 value, you can set any arbitrary value. That said, in order to digitally sign the response, the nonce is sent to Google’s servers, so it is very important not to set the nonce to any type of personally identifiable information (PII), such as the user’s name, phone or email address.

Setting the nonce

After having set up your app to use the Play Integrity API, you set the nonce with the setNonce() method, or its appropriate variant, available in the Kotlin, Java, Unity, and Native versions of the API.

Kotlin: 

val nonce: String = ...

// Create an instance of a manager.
val integrityManager =
    IntegrityManagerFactory.create(applicationContext)

// Request the integrity token by providing a nonce.
val integrityTokenResponse: Task<IntegrityTokenResponse> =
    integrityManager.requestIntegrityToken(
        IntegrityTokenRequest.builder()
             .setNonce(nonce) // Set the nonce
             .build())

Java: 

String nonce = ...

// Create an instance of a manager.
IntegrityManager integrityManager =
    IntegrityManagerFactory.create(getApplicationContext());

// Request the integrity token by providing a nonce.
Task<IntegrityTokenResponse> integrityTokenResponse =
    integrityManager
        .requestIntegrityToken(
            IntegrityTokenRequest.builder()
            .setNonce(nonce) // Set the nonce
            .build());

Unity: 

string nonce = ...

// Create an instance of a manager.
var integrityManager = new IntegrityManager();

// Request the integrity token by providing a nonce.
var tokenRequest = new IntegrityTokenRequest(nonce);
var requestIntegrityTokenOperation =
    integrityManager.RequestIntegrityToken(tokenRequest);

Native: 

/// Create an IntegrityTokenRequest object.
const char* nonce = ...
IntegrityTokenRequest* request;
IntegrityTokenRequest_create(&request);
IntegrityTokenRequest_setNonce(request, nonce); // Set the nonce
IntegrityTokenResponse* response;
IntegrityErrorCode error_code =
        IntegrityManager_requestIntegrityToken(request, &response);

Verifying the nonce

The response of the Play Integrity API is returned in the form of a JSON Web Token (JWT), whose payload is a plain-text JSON text, in the following format: 

{
  requestDetails: { ... }
  appIntegrity: { ... }
  deviceIntegrity: { ... }
  accountDetails: { ... }
}

The nonce can be found inside the requestDetails structure, which is formatted in the following manner: 

requestDetails: {
  requestPackageName: "...",
  nonce: "...",
  timestampMillis: ...
}

The value of the nonce field should exactly match the one you previously passed to the API. Furthermore, since the nonce is inside the cryptographically signed response of the Play Integrity API, it is not feasible to alter its value after the response is received. It is by leveraging these properties that it is possible to use the nonce to further protect your app.

Protecting high-value operations

Let us consider the scenario in which a malicious user is interacting with an online game that reports the player score to the game server. In this case, the device is not compromised, but the user can view and modify the network data flow between the game and the server with the help of a proxy server or a VPN, so the malicious user can report a higher score, while the real score is much lower.

Simply calling the Play Integrity API is not sufficient to protect the app in this case: the device is not compromised, and the app is legitimate, so all the checks done by the Play Integrity API will pass.

However, it is possible to leverage the nonce of the Play Integrity API to protect this particular high-value operation of reporting the game score, by encoding the value of the operation inside the nonce. The implementation is as follows:

  1. The user initiates the high-value action.
  2. Your app prepares a message it wants to protect, for example, in JSON format.
  3. Your app calculates a cryptographic hash of the message it wants to protect. For example, with the SHA-256, or the SHA-3-256 hashing algorithms.
  4. Your app calls the Play Integrity API, and calls setNonce() to set the nonce field to the cryptographic hash calculated in the previous step.
  5. Your app sends both the message it wants to protect, and the signed result of the Play Integrity API to your server.
  6. Your app server verifies that the cryptographic hash of the message that it received matches the value of the nonce field in the signed result, and rejects any results that don't match.

The following sequence diagram illustrates these steps:

Implementation diagram for encoding the value of the operation inside the nonce. Steps outlined in the body of the blog.

As long as the original message to protect is sent along with the signed result, and both the server and client use the exact same mechanism for calculating the nonce, this offers a strong guarantee that the message has not been tampered with.

Notice that in this scenario, the security model works under the assumption that the attack is happening in the network, not the device or the app, so it is particularly important to also verify the device and app integrity signals that the Play Integrity API offers as well.

Preventing replay attacks

Let us consider another scenario in which a malicious user is trying to interact with a server-client app protected by the Play Integrity API, but wants to do so with a compromised device, in a way so the server doesn’t detect this.

To do so, the attacker first uses the app with a legitimate device, and gathers the signed response of the Play Integrity API. The attacker then uses the app with the compromised device, intercepts the Play Integrity API call, and instead of performing the integrity checks, it simply returns the previously recorded signed response.

Since the signed response has not been altered in any way, the digital signature will look okay, and the app server may be fooled into thinking it is communicating with a legitimate device. This is called a replay attack.

The first line of defense against such an attack is to verify the timestampMillis field in the signed response. This field contains the timestamp when the response was created, and can be useful in detecting suspiciously old responses, even when the digital signature is verified as authentic.

That said, it is also possible to leverage the nonce in the Play Integrity API, to assign a unique value to each response, and verifying that the response matches the previously set unique value. The implementation is as follows:

  1. The server creates a globally unique value in a way that malicious users cannot predict. For example, a cryptographically-secure random number 128 bits or larger.
  2. Your app calls the Play Integrity API, and sets the nonce field to the unique value received by your app server.
  3. Your app sends the signed result of the Play Integrity API to your server.
  4. Your server verifies that the nonce field in the signed result matches the unique value it previously generated, and rejects any results that don't match.

The following sequence diagram illustrates these steps:

Implementation diagram for assigning a unique value to each response, and verifying that the response matches the previously set unique value. Steps outlined in the body of the blog.

With this implementation, each time the server asks the app to call the Play Integrity API, it does so with a different globally unique value, so as long as this value cannot be predicted by the attacker, it is not possible to reuse a previous response, as the nonce won’t match the expected value.

Combining both protections

While the two mechanisms described above work in very different ways, if an app requires both protections at the same time, it is possible to combine them in a single Play Integrity API call, for example, by appending the results of both protections into a larger base-64 nonce. An implementation that combines both approaches is as follows:

  1. The user initiates the high-value action.
  2. Your app asks the server for a unique value to identify the request
  3. Your app server generates a globally unique value in a way that malicious users cannot predict. For example, you may use a cryptographically-secure random number generator to create such a value. We recommend creating values 128 bits or larger.
  4. Your app server sends the globally unique value to the app.
  5. Your app prepares a message it wants to protect, for example, in JSON format.
  6. Your app calculates a cryptographic hash of the message it wants to protect. For example, with the SHA-256, or the SHA-3-256 hashing algorithms.
  7. Your app creates a string by appending the unique value received from your app server, and the hash of the message it wants to protect.
  8. Your app calls the Play Integrity API, and calls setNonce() to set the nonce field to the string created in the previous step.
  9. Your app sends both the message it wants to protect, and the signed result of the Play Integrity API to your server.
  10. Your app server splits the value of the nonce field, and verifies that the cryptographic hash of the message, as well as the unique value it previously generated match to the expected values, and rejects any results that don't match.

The following sequence diagram illustrates these steps:

implementation diagram for combining both protections. Steps outlined in the body of the blog.

These are some examples of ways you can use the nonce to further protect your app against malicious users. If your app handles sensitive data, or is vulnerable against abuse, we hope you consider taking action to mitigate these threats with the help of the Play Integrity API.

To learn more about using the Play Integrity API and to get started, visit the documentation at g.co/play/integrityapi.

Step into the Meroë pyramids with Google

When you think of pyramids does your mind wander to the Pyramids of Giza in Egypt or the Mayan Temples of Guatemala? Great civilizations built each of these pyramids and inscribed their stories onto the walls of them, offering glimpses into their daily life.


The Pyramids of Meroë in Sudan, while lesser known, are no different. Today, you can explore these stunning pyramids, which are a UNESCO World Heritage site, on Google Arts & Culture.


Over 200 pyramids were constructed in Meroë, the third and final capital of the Kushite Kingdom, an ancient African civilization that ruled the lands of Nubia for over 3000 years. Now you can take a virtual walk through the Pyramids of Meroë and explore the inscriptions using Street View’s panoramic imagery. You can also learn more about the Kushite Kingdom, their royalty and the architecture behind the pyramids in an immersive web experience that’s available in a range of languages including Arabic, English, French, German and Spanish.
 

If you want to get even more up close and personal, you can visualize the pyramids using augmented reality — no matter where you are. You can also listen to acclaimed Sudanese-American poet Emi Mahmood share evocative rhymes that are a beautiful ode to her homeland and to this project that shares Sudan’s rich heritage with others.


We’ve also partnered with the United Nations Economic and Social Council (UNESCO) to bring you more information about Meroë, Gebel Barkal and Napatan region and Sudan’s Sanganeb Marine National Park.

Are you ready to explore? Visit g.co/meroe.



Posted by Mariam Khaled Dabboussi, Product Marketing Manager, Google



 ====

Building a secure world

The following is adapted from remarks delivered by Royal Hansen, Vice President of Engineering for Privacy, Safety and Security during his keynote United in Cyberpower: The Role of Companies in Building a Cybersecure World at Cybersec Europe 2022 in Katowice, Poland.

I believe cybersecurity is one of the top issues facing the world today and I’d like to share a bit about why it’s so important for companies, countries, and communities of all sizes to work together.

This is particularly true right here in Central and Eastern Europe where the Russian invasion of Ukraine has brought these issues into sharp focus. I’m honored to be here today and to get to meet with so many of you who are working on this day in and day out.

As governments in this region and elsewhere in the world tackle this issue we want to ensure we are doing everything we can to support those efforts. Google’s mission has always been about organizing the world's information and making it universally accessible and useful. The work we’re doing to ensure people can get access to quality information–and do so safely–has never been more important than it is today.

Securing users in Ukraine and the broader region

As the Russian invasion of Ukraine unfolded, Google mobilized to help the people of Ukraine and protect the security of our users and services – an area where we are uniquely positioned to help in this conflict.

We have our own specialized teams dedicated to identifying, tracking, and countering threats from government-backed actors.

Russia-backed hacking and influence operations are not new to us; we’ve been tracking and taking action against them for years. To put this into perspective, we’ve seen and worked to disrupt Russian operations targeting the U.S. elections in 2016 and 2017 and campaigns targeting the 2018 Olympic games. In October, we blocked a Russian campaign targeting 14,000 Google users.

And we’ve seen first hand the targeting of Ukraine by Russia. It has been ongoing for years with both espionage and occasional cyber attacks tracked by our teams. As the war intensified, we also saw Russian threat actors shift focus to targets elsewhere in Eastern Europe.

Our Threat Analysis Group (TAG), regularly publishes details on campaigns it detects, and disrupts these efforts to help governments and private sector companies better defend their systems.

We’ve seen threat actors beyond Russia shift their focus and targeting, including a growing number of threat actors using the war as a lure in phishing and malware campaigns. This includes government-backed actors from China, Iran, North Korea, Belarus and financially-motivated, criminal actors using current events as a means for targeting users.

For example, we’ve seen one cyber crime group impersonating military personnel to extort money for rescuing relatives in Ukraine.

In addition to disrupting threats, we are doing everything we can to increase protections for high risk users and organizations in Ukraine. We’ve redoubled our efforts to offer free tools to help – including protecting hundreds of high risk users on the ground with our Advanced Protection Program, and expanding eligibility of Project Shield to include the Ukraine government. Shield is currently protecting over 200 websites in Ukraine from distributed denial of service attacks.

It is in this spirit of action that we are expanding our partnerships and investment in the broader region on cybersecurity.

In fact, this week a delegation of our top security engineers and leaders are on the ground across Eastern Europe to provide hands-on training to high risk groups, deliver security keys and support local businesses as they look to improve their security posture.

To share what we know about the threat, we are engaging in technical exchanges with governments in the region.

We’re providing free tools and expertise to democratic institutions and civil society, such as the Protect Your Democracy Toolkit - which we launched today in partnership with our Jigsaw team.

We’re also investing in, and shaping, the next generation of cybersecurity professionals. For example, Google has committed to provide scholarships for 150,000 people in Europe, the Middle East and Africa through the new Google Career Certificate training.

We’re also helping governments and businesses stay ahead of the threat, including helping government agencies, companies and utilities who rely on outdated hardware and software to replace old systems with better foundations and we are here to build up businesses and governments’ confidence to embrace digital transformation securely.

Google’s approach to security

We believe we are uniquely positioned to help users, organizations, and governments in this region because of our approach to security.

First, we focus on the basics. We bake in security from the beginning instead of bolting it on as an afterthought and we design helpful products that are secure by default for our users. In fact, we are the first consumer tech company to automatically turn on 2 step verification, our version of multifactor authentication, or MFA, for our users. We recommend businesses and governments focus on these fundamentals as well.

Second, we take an open and interoperable approach to security, and we invest to ensure this model of the Internet as a whole is protected. In today’s interconnected environment, our collective security is only as strong as the weakest link. Our business cannot thrive if people don’t feel safe online. That’s why we design solutions that eliminate entire classes of threats from being effective both on our platforms, and across the Internet as a whole.

Finally, and perhaps most importantly – we are looking at the future of cybersecurity and investing in advanced, state-of-the-art capabilities. We know that cyber threats evolve quickly – as soon as a new technology is introduced or adopted, there are threat actors and cyber criminals looking for ways to exploit it. That’s why it’s not enough to just stay a few steps ahead of the threat.

We need to invest in the future of technology, from cutting-edge artificial intelligence capabilities, to advanced cryptography, to quantum computing – our teams are already working on the future of cybersecurity. And we see it as part of our mission to ensure that we open source and share these findings so that organizations and governments can stay ahead of the latest cyber threats.

Security-proofing our tech policies

Our approach enables us to weather online security threats. But advanced capabilities are not enough if government policies inadvertently undermine our ability to protect users.

I support smart tech regulation, which can fuel the vitality of the Internet and ensure technology is meeting society's needs. Unfortunately, some technology regulation is not adequately considering the impact to safety and security efforts online.

For example, some policies seek to limit sharing of data between different services on platforms’ like ours, but overly-broad bans on cross-platform data sharing also have significant implications for the threat intelligence work I mentioned earlier.

The ability to share intelligence on threat actors and their technical signatures helps identify and stop the work of threat actors and cybercriminals. It protects not just one company or two companies, but the Internet as a whole.

To realize the full benefits of technology to society, society must be able to trust that the technology they are using is safe and secure. By ensuring security has a seat at the table in these policy discussions, we can strike this balance and unlock technology’s full potential. Today’s conflict and challenges point to a need for better cooperation and giving technical experts a seat at the table in these policy discussions.

We applaud the Declaration for the Future of the Internet, which calls on governments and industry to protect a future for the Internet that is open, free, global, interoperable, reliable, and secure.

At our core, Google is an Internet company, and our fate is tied to the Internet remaining true to these principles. The internet itself is a multi-stakeholder system, and protecting users and citizens online requires cooperation among us, governments and businesses.

It’s never been more urgent, and our ability to make a difference is greater than anyone anticipated. We all must work together to protect this future, whether that means combating cyber threats, building safe technologies that unlock society’s full potential, or developing responsible technology policies.

We stand ready to partner with governments, businesses, and individual users to see this future secured.

Office spotlight: Chicago

“It almost feels like the first day back at school,” says Rob Biederman as he waits in line for breakfast at the Fulton Market cafe. It’s April 4, and Chicago Googlers like Rob have just started their first official week of hybrid work.

Opened in 2000 with only two employees, the Google Chicago office in the West Loop neighborhood has now grown to more than 1,800 employees across two buildings. In 2021 alone, more than 500 “Nooglers” — what we call new employees — joined the campus.

Chicago Googlers work on all kinds of products and teams. You’ll meet engineers designing Pixel devices and working on Search, Ads and Cloud projects; salespeople helping businesses across North America grow; and folks working across finance, human resources and product management. “It's amazing to now see all the different organizations and product areas represented in Chicago,” says Britton Picciolini, who was the office’s tenth hire in 2002. “It feels like such a great cross section of what we do at Google.”

  • Three Googlers smiling outside at a table. One of the Googlers is holding a phone and the other has a laptop that’s open. The Chicago skyline is in the background.

    Googlers Lauren Guzman, Daniel Muskovitz and Sonya Garg work from the rooftop of Google Chicago’s Fulton Market building.

  • Amy holds a stuffed toy and a digital camera, taking a photo of a brown dog in a red turtleneck sweater. Behind them is a white chair and wooden office desk with a monitor, mouse and keyboard.

    That’s me, Amy (and my pups Hudson and Finn) celebrating #NationalLoveYourPetDay! As a marketing manager for our Employment Brand team, you’ll find me leading projects for our social media channels — like taking photos of the Chicago campus and Googlers working remotely.

  • A large hallway room with white tables, a kitchen space and a black and white picture of a lion statue.

    The Chicago office’s dedicated event space where Googlers can host meetings and events. It includes a 400-person theater and an outdoor mezzanine space.

Every Google office has its own distinctive decor, and the Chicago campus is no exception. As you explore the Fulton Market building, you’ll see painted murals from local graffiti artists on nearly every floor — including a special installation replicating a Chicago viaduct covered in street art. Meanwhile, in the Carpenter building, you’ll find (and smell) pizzas fresh out of the oven, an outdoor terrace with a firepit and a retro game room with a secret entrance — you’ll have to visit to find out where.

  • A hallway with gray, concrete walls covered in art installations. On the left wall are two, light gray hanging chairs with white basket weaves. To the right of the chairs is a tall, green painted monster holding a telescope next to a yellow sun. On the right side is a window and double doors leading to the escalators.

    The 11th floor art installation is one of 16 murals across the Fulton Market building, all created by local street artists.

  • A large staircase leads to three separate floors. A person on the bottom floor looks up towards a kitchen on the next floor, where three Googlers are sitting at tables. A person on the top floor looks down from the balcony.

    The six-story atrium in our Fulton Market building serves as the heart of the office and a way for Googlers to interact between floors.

  • Three people sit at a table and smile at the camera. From left to right is Daniel, George and Yaseline. Daniel is wearing a gray cardigan with blue jeans, George is wearing a blue and yellow striped shirt and blue jeans, and Yaseline is wearing a light brown cardigan and a black tank top.

    Googlers Daniel Johnson, George Martin and Yaseline Muñoz have breakfast in the Fulton Market cafe during the first week of hybrid work.

  • A large archway with four gray chairs in the center, where two Googlers are sitting. Another Googler is sitting at a chair next to large windows overlooking the city. Another employee walks by three arched windows looking out to a hallway.

    The Carpenter building includes a coffee bar with great views — plus a golf simulator, game rooms and several outdoor terraces.

  • A rooftop overlooking the Chicago skyline with a silver train car. Next to the train are silver and green chairs and two silver tables. Around the rooftop is a balcony wall and a set of stairs that lead down to a second platform.

    The Fulton Market rooftop features an ‘L’ train car with tables and chairs for Googlers to work on warmer days.

Whether at the office or at home, Googlers often connect through clubs, cultural celebrations and employee resource groups (ERGs). Google Chicago has more than 16 ERGs focused on personal and professional development. For example, the “Being a Mom @ Google Chicago” ERG launched Mom2Mom mentorship, a program that pairs experienced moms with new moms to help them ease back into work after maternity leave. Meanwhile, to celebrate Chicago’s vibrant music culture, the Chicago Culture Club runs an annual office-wide concert — including a virtual version in 2020 — featuring local musicians and DJs, plus great eats from local food vendors.

Chicago Googlers are also passionate about giving back to their communities. In 2018, we launched the Chicago Contribution Awards, an annual award recognizing outstanding contributions by Chicago Googlers to our office and the local community. In 2021, for Black History Month, the Chicago chapter of the Black Googler Network ERG spotlighted Black small business owners through a virtual storefront experience. And in 2022, our office partnered with Google.org to award a $1M grant to support job training on Chicago’s South and West sides.

  • Six Googlers smiling at the camera outside on the street. All of them are wearing exercise gear, with some wearing a running number attached to their shirts. Three of the Googlers are wearing red and gold medals with red ribbons.

    The Asian Googler Network, an ERG focused on supporting the Asian community at Google, hosted a series of in-person and virtual events in May 2021 to celebrate Asian Pacific American Heritage Month. In partnership with Google.org, the Chicago chapter donated $53,000 to local Asian-focused charities.

  • A DJ booth with two hands adjusting multiple buttons and knobs.

    Googler Ross Bessinger shows off his DJ skills in a virtual office-wide musical event.

  • Three large cardboard boxes lined up next to each other, each filled with backpacks of different sizes and colors. On the white wall behind them is the Google logo with four red stars underneath symbolizing the Chicago flag.

    For the last 11 years, Chicago Googlers have partnered with local organizations to donate school supplies and winter holiday gifts, and raise funds towards essential household supplies for children and families in need across the city.

This is just a peek into the incredible culture at Google Chicago. I moved here in 2016 and can’t even count the number of people who welcomed me with open arms and encouraged me to get involved. Now, I participate in all types of ERG-led events and even write the office’s monthly newsletter to help others embrace all the possibilities that Google Chicago — and the community around us — has to offer.

Interested in learning about job opportunities at Google Chicago? Explore open roles on our Careers site.

Announcing the Black Founders Fund 2022

En Français

Access to capital continues to pose a challenge for businesses in Africa, especially for women. For Evelyn Kaingu, CEO of Lupiya, this challenge represented an opportunity to leverage technology to support an underserved market. Lupiya is the first fully online micro-lending business in Zambia, offering online personal and business loans to marginalized communities with a focus on enabling access for women. Lupiya is an alumnus of the inaugural Google for Startups Black Founders Fund in Africa launched in 2021 and like fellow startups on the continent, is contributing to economic growth using digital technologies.


In 2021, African tech startups collectively raised $4.3 billion - a 2.5x increase from 2020 funding. This growth, however encouraging, does not discount the existence of a significant funding gap for locally-founded African startups as 82% of them report difficulties in accessing funding.


Following Google’s commitment to building a more equitable future, Google for startups launched the inaugural Black Founders Fund in Africa program in 2021 - supporting 50 black-led businesses across the continent. Since then those startups have gone on to raise $73M+ in follow-on funding, hired 518 staff members and grown their revenues.


Today we’re pleased to announce that we will be extending our support in Africa, with a second $4 million Black Founders Fund which will provide 60 startups in Africa with up to $100,000 in equity-free cash awards, paired with up to $200,000 per startup in Google Cloud credits as well as mentorship, technical and scaling support from the best of Google .


This announcement follows the success of inaugural Black Founders Funds in the US, Brazil, Europe and Africa. Over the years, Google for Startups through the Google for Startups Accelerator and Partner programs, has supported over 1,500 startups in Africa, and their success speaks for itself as today 20% of all VC funding deployed on the continent is going to the Google for Startups Africa alumni community.


We invite you to visit the program page at goo.gle/BFFAfrica to read more about the program, eligibility criteria and how to apply. Applications are open from today and close May 31st


Folarin Aiyegbusi, Head of Startup Ecosystem, Sub Saharan Africa





 ==== 






Edition 2022 du programme Black Founders Fund


L’accès au capital reste un problème majeur pour les entreprises en Afrique, en particulier pour les femmes. Evelyn Kaingu, CEO de Lupiya, y a vu une opportunité de tirer parti de la technologie pour venir en aide à un secteur délaissé. Lupiya est la première entreprise de microcrédit entièrement en ligne en Zambie. Elle propose des prêts personnels et commerciaux aux communautés marginalisées, notamment pour les femmes. Lupiya a été créée dans le sillage de Google for Startups Black Africa, lancé en 2021, et comme d’autres start-up du continent, cette société, grâce aux technologies numériques, contribue à la croissance économique de l’Afrique.


En 2021, les startups technologiques africaines ont collectivement levé 4,3 milliards de dollars, soit deux fois et demie plus qu’en 2020. Cette croissance, bien qu’encourageante, ne compense en rien le manque de financement des startups africaines locales, car 82 % d’entre elles font état de difficultés d’accès au capital.


Conformément à l’engagement de Google d’œuvrer pour un avenir plus équitable, Google for startups a lancé le programme Black Founders Fund in Africa en 2021, qui a permis d’accompagner 50 entreprises en Afrique, toutes dirigées par des africains. Depuis, ces entreprises ont levé plus de 73 millions de dollars de financement complémentaire, recruté 518 personnes et développé leur chiffre d’affaires.


Aujourd’hui, nous avons le plaisir d’annoncer que nous allons étendre notre soutien à l’Afrique, avec un deuxième programme Black Founders Fund de 4 millions de dollars, qui permettra à 60 startups africaines de recevoir jusqu’à 100 000 dollars en espèces, sans prise de participation au capital, et jusqu’à 200 000 dollars par startup de crédits Google Cloud . Ces entreprises bénéficieront également d’un mentorat, d’une assistance technique et d’un accompagnement au développement de la part des meilleurs spécialistes de Google .



Cette annonce fait suite au succès des premiers programmes Black Founders Funds lancés aux États-Unis, au Brésil, en Europe et en Afrique. Au fil des ans, Google for Startups, grâce à ses programmes Google for Startups Accelerator et Google Partner, a apporté son soutien à plus de 1 500 startups en Afrique. Pour preuve de leur succès : aujourd’hui, 20 % des fonds de capital-risque déployés sur le continent bénéficient à la communauté des anciens de Google for Startups Africa.


Nous vous invitons à consulter la page du programme sur goo.gle/BFFAfrica pour en savoir plus sur le programme, les critères d’admissibilité et les modalités d’inscription. Les dossiers de candidature peuvent être déposés dès aujourd’hui et jusqu’au 31 mai.



Posté par Folarin Aiyegbusi, Responsable de l’écosystème start-up, Afrique sub-saharienne