Tag Archives: safety and security

Making privacy personal with Files by Google

In many places around the world, sharing a personal device with spouses, siblings or children is often a cultural expectation, especially for women. Sharing a device can be beneficial, but it comes with the risk that others might access your personal files.


As part of Google’s research, we hear the perspectives of people like Shaina—a woman in Bangladesh whose children use her phone after school, both to learn and to play. Shaina worries that her important files could be accidentally shared or deleted. For Rashid, a father in India, the lack of privacy means he can’t keep his identity documents on his phone, even if he needs them for job applications. 


Building privacy features that make sense for different needs is a top priority for us as we continue to work towards a more inclusive internet. To keep personal content more safe, we're launching Safe Folder, a new feature in Files by Google.

How Safe Folder works


Safe Folder is a secure, 4-digit PIN-encrypted folder that protects your important documents, images, videos and audio files from being opened or accessed by others. The folder is securely locked as soon as you switch away from the Files app, so none of its contents can be accessed when the app is in the background. As a security assurance, it will ask for your PIN again on reentry.  Even people that don't share devices can benefit from keeping the most important files safe.
File Safe Folder gif

Managing files for 150 million people


We launched the Files app in 2017 to help people free up space, manage content and share files. We wanted to help people who live in countries such as India, Nigeria and Brazil and often run out of space on a daily basis. Now, more than 150 million people around the world regularly use Files each month, reducing the stress of managing content on their phones.


Files Safe Folder gif 2

And for the things you no longer need on your phone? Files can continue to help you with that. Since launch, the app has:


  • Deleted over 1 trillion files of digital clutter, which would take over 30,000 years if you were to manually remove a duplicate, old meme or junk file every second.

  • Saved 400+ petabytes of space on people’s phones—around 1,400 years of nonstop HD video recording.

  • Freed about 12GB of space every second, equivalent to 5,000 photos per second, allowing you to save more photos that mean a lot to you.  

The Safe Folder feature will start rolling out in beta for Files by Google today and we’ll gradually expand its availability to more people over the following weeks. You can get the app at g.co/getfiles to keep your content safe, free up space and make your phone feel like new.

One percent of Googlers get to visit a data center, but I did

For years I’ve wondered what it’s like behind the protected walls of a Google data center, and I’m not alone. In my job at Google, I spend my days working with developers. Our data centers are crucial to the work that they do, but most have never actually set foot inside a data center. And until recently, neither had I. I went on a mission to find answers to common questions like: Why are visits so tightly restricted? How secure is a Google data center? How do we meet regulatory requirements? Here's what I found out.

To keep our customers' data safe, we need to make sure the physical structure of the data center is absolutely secure. Each data center is protected with six layers of physical security designed to thwart unauthorized access. Watch the video above to follow my journey through these layers to the core of a data center, and read on to learn even more.

“Least privilege” is the rule to live by

badge swipe

There are two rules strictly enforced at all Google data centers. The “least privilege” protocol is the idea that someone should have only the bare minimum privileges necessary to perform their job. If your least privilege is to enter Layer 2, you won’t have luck moving to Layer 3. Each person’s access permissions are checked at badge readers that exist at every access point in a data center facility. Authorization measures happen everywhere using this protocol. 


Another rule exists that prevents a vehicle or individual closely following another to gain entry into a restricted area without a badge swipe. If the system detects a door open for too long, it immediately alerts security personnel. Any gate or door must close before the next vehicle or person can badge in and gain access.

Two security checks: badge first, then circle lock

circle lock

You’ve probably seen dual-authentication when you try to sign into an account and a one-time password is sent to your phone. We take a similar approach at the data centers to verify a person’s identity and access. At some layers in the data center, you’re required to swipe your badge, then enter a circle lock, or tubular doorway. You walk into a special "half portal" that checks your badge and scans your eyes to gain access to the next layer of the data center. It prevents tailgating because only one person is allowed in the circle lock at a time.

Shipments are received through a secure loading dock

The facility loading docks are a special section of Layer 3, used to receive and send shipments of materials, such as new hardware. Truck deliveries must be approved for access to Layer 3 to enter the dock. For further security, the loading dock room is physically isolated from the rest of the data center, and guard presence is required when a shipment is received or sent.

All hard drives are meticulously tracked

hard drive

Hard drive tracking is important to the security of your data because hard drives contain encrypted sensitive information. Google meticulously tracks the location and status of every hard drive within our data centers—from acquisition to destruction—using barcodes and asset tags. These asset tags are scanned throughout a hard drive's lifecycle in a data center from the time it’s installed to the time it's removed from circulation. Tracking hard drives closely ensures they don’t go missing or end up in the wrong hands.


We also make sure hard drives are properly functioning by doing frequent performance tests. If a component fails to pass a performance test, it’s deemed no longer usable. To prevent any sensitive information from living on that disk, we remove it from inventory to be erased and destroyed in Layer 6, Disk Erase. There, the disk erase formatter uses a multi-step process that wipes the disk data and replaces each bit of data with zeros. If the drive can’t be erased for any reason, it’s stored securely until it can be physically destroyed. 

Layered security extends into the tech itself

Our layered security approach isn’t just a physical safeguard for entering our data centers. It’s also how we protect the hardware and software that live in our data centers. At the deepest layer, most of our server boards and networking equipment are custom-designed by Google. For example, we design chips, such as the Titan hardware security chip, to securely identify and authenticate legitimate Google hardware. 

At the storage layer, data is encrypted while it travels in and out of the data center and when it’s stored at the data center. This means whether data is traveling over the internet moving between Google’s facilities, or stored on our servers, it’s protected. Google Cloud customers can even supply their own encryption keys and manage them in a third-party key management system deployed outside Google’s infrastructure. This defense-in-depth approach helps to expand our ability to mitigate potential vulnerabilities at every point

To learn more about our global data centers, visit our Data and Security page. We will also be sharing more about our security best practices during the upcoming Google Cloud Next ’20: OnAir event.

Keeping your private information private

Privacy is at the heart of everything we do, whether it’s keeping Meet video calls secure, protecting you from security threats, or being the first major company to decide not to make general purpose facial recognition commercially available and create clear AI Principles that prohibit use of our tools for surveillance.

As we design our products, we focus on three important principles: keeping your information safe, treating it responsibly, and putting you in control. Today, we are announcing privacy improvements to help do that, including changes to our data retention practices across our core products to keep less data by default.

 

Treating your information responsibly 

We believe that products should keep your information for only as long as it's useful and helpful to you—whether that’s being able to find your favorite destinations in Maps or getting recommendations for what to watch on YouTube. 


That’s why last year we introduced auto-delete controls, which give you the choice to have Google automatically and continuously delete your Location History, search, voice and YouTube activity data after 3 months or 18 months. We continue to challenge ourselves to do more with less, and today we’re changing our data retention practices to make auto-delete the default for our core activity settings


Here’s how it works: Starting today, the first time you turn on Location History—which is off by default—your auto-delete option will be set to 18 months by default. Web & App Activity auto-delete will also default to 18 months for new accounts. This means your activity data will be automatically and continuously deleted after 18 months, rather than kept until you choose to delete it. You can always turn these settings off or change your auto-delete option. 


If you’ve already had Location History and Web & App Activity turned on, we won’t be changing your settings. But we will actively remind you about the auto-delete controls through in-product notifications and emails, so you can choose the auto-delete setting that works for you.

02_Google_Safety_AutoDelete_GIF_24fps_JR_007.gif

As we introduce default retention to more products, we’re guided by the principle that products should keep information only for as long as it’s useful to you. For example, we're bringing this to YouTube, where auto-delete will be set to 36 months by default if you create a new account or turn on your YouTube History for the first time. This improves upon current industry practice and ensures that YouTube can continue to make relevant entertainment recommendations based on what you’ve watched or listened to in the past—like letting you know if your favorite series has released another season, or when your favorite artist drops a new album. Current users can still choose the 3 or 18 months auto-delete option. Default retention periods will not apply to other products like Gmail, Drive and Photos, which are designed to safely store your personal content.


As always, we don’t sell your information to anyone, and we don’t use information in apps where you primarily store personal content—such as Gmail, Drive, Calendar and Photos—for advertising purposes, period.

Control on your terms

Privacy is personal, which is why we’re always working to give you control on your terms—whether that’s helping you manage your settings with proactive tools in your Google Account, or making those settings easier to find in our products. Today we’re announcing updates to many of our privacy tools.


  • Google Account controls directly from Search:We’re making it easier to access key Google Account controls from Search. Soon, when you’re signed into your Google Account, you’ll be able to search for things like “Google Privacy Checkup” and “Is my Google Account secure?” and a box only visible to you will show your privacy and security settings so you can easily review or adjust them.
03_Google_Safety_Search_Onebox_Still_Blog_JR_007_2.png

  • Easier access to Incognito mode:We’re also making it easier to access Incognito mode in our most popular apps, by long-pressing on your profile picture in Search, Maps and YouTube. It’s available today on the Google App for iOS, and coming soon to Android and other apps. We’re also working to make it possible to stay in Incognito mode across Google apps, like Maps and YouTube, and will have more to share soon.

04_Google-Safety_Incognito_Search_GIF_12fps_JR_002.gif
  • More proactive privacy controls:Each year, more than 200 million people visit Privacy Checkup. We’re adding proactive recommendations, including guided tips to help you manage your privacy settings.

Proactively protecting your information

Protecting your privacy starts with the world’s most advanced security. We provide automatic protections across all of our products, including Safe Browsing, which protects more than 4 billion devices from phishing and malware every day, and Google Play Protect, which scans your apps before, during and after download to help keep your devices safe.


Five years ago we launched Security Checkup, an easy, one stop shop for securing your Google Account. In one click we'll give you a snapshot of your Account security and offer personalized recommendations to help keep your data safe. In the coming weeks, Password Checkup, our tool that checks if passwords saved to your Google Account have been compromised, will become a core part of Security Checkup.


More than 100 million people have used Password Checkup, and they’ve seen a 30 percent reduction in breached credentials—it's been an incredibly effective way of keeping people safe not just on Google, but across the web. Like the other elements of Security Checkup, we'll provide the information you need to secure any at-risk accounts, automatically. Now that it's been integrated into Google Account and Chrome, we'll be sunsetting the Password Checkup Chrome extension in the coming months.
05_Google_SCU _ Password Manager Integration.png

Investing in privacy-preserving technologies

Being a responsible steward of your data means keeping it private. That’s why we continue to make advances in privacy-preserving technologies and invest in thousands of privacy engineers to make our protections stronger across Google products. For example, differential privacy powers our COVID-19 Community Mobility Reports, which helps public health authorities combat COVID-19 by using location data in a privacy-preserving way. It’s also used in Google Maps, so you can see how busy a restaurant is, in real time, without ever knowing who is at the restaurant. This year, in an industry first, we’ve used both differential privacy and federated learning, a technique we invented, to train the models that underpin Gboard. This successfully combines some of the most advanced methods to further protect your privacy.


Just as we open sourced Chromium to help make the open web better, we open sourced our differential privacy library to make it easier to build privacy into products across the industry. Now we’re expandingit to new programming languages including Java and Go, and releasing additional tools to help developers use machine learning to enhance privacy protections.

Our work continues

As we make privacy and security advances in our own products, we continue to advocate for sensible data regulations around the world, including strong, comprehensive federal privacy legislation in the U.S. To help inform this work, we’ve published a regulatory framework based on privacy laws and models around the world, such as Europe’s General Data Protection Regulation, and our own experience building privacy-first tools. 


While policymakers continue their work, we will continue ours—by challenging ourselves to make helpful products with less data, and raise the bar on privacy for everyone.

Keeping your private information private

Privacy is at the heart of everything we do, whether it’s keeping Meet video calls secure, protecting you from security threats, or being the first major company to decide not to make general purpose facial recognition commercially available and create clear AI Principles that prohibit use of our tools for surveillance.

As we design our products, we focus on three important principles: keeping your information safe, treating it responsibly, and putting you in control. Today, we are announcing privacy improvements to help do that, including changes to our data retention practices across our core products to keep less data by default.

 

Treating your information responsibly 

We believe that products should keep your information for only as long as it's useful and helpful to you—whether that’s being able to find your favorite destinations in Maps or getting recommendations for what to watch on YouTube. 


That’s why last year we introduced auto-delete controls, which give you the choice to have Google automatically and continuously delete your Location History, search, voice and YouTube activity data after 3 months or 18 months. We continue to challenge ourselves to do more with less, and today we’re changing our data retention practices to make auto-delete the default for our core activity settings


Here’s how it works: Starting today, the first time you turn on Location History—which is off by default—your auto-delete option will be set to 18 months by default. Web & App Activity auto-delete will also default to 18 months for new accounts. This means your activity data will be automatically and continuously deleted after 18 months, rather than kept until you choose to delete it. You can always turn these settings off or change your auto-delete option. 


If you’ve already had Location History and Web & App Activity turned on, we won’t be changing your settings. But we will actively remind you about the auto-delete controls through in-product notifications and emails, so you can choose the auto-delete setting that works for you.

02_Google_Safety_AutoDelete_GIF_24fps_JR_007.gif

As we introduce default retention to more products, we’re guided by the principle that products should keep information only for as long as it’s useful to you. For example, we're bringing this to YouTube, where auto-delete will be set to 36 months by default if you create a new account or turn on your YouTube History for the first time. This improves upon current industry practice and ensures that YouTube can continue to make relevant entertainment recommendations based on what you’ve watched or listened to in the past—like letting you know if your favorite series has released another season, or when your favorite artist drops a new album. Current users can still choose the 3 or 18 months auto-delete option. Default retention periods will not apply to other products like Gmail, Drive and Photos, which are designed to safely store your personal content.


As always, we don’t sell your information to anyone, and we don’t use information in apps where you primarily store personal content—such as Gmail, Drive, Calendar and Photos—for advertising purposes, period.

Control on your terms

Privacy is personal, which is why we’re always working to give you control on your terms—whether that’s helping you manage your settings with proactive tools in your Google Account, or making those settings easier to find in our products. Today we’re announcing updates to many of our privacy tools.


  • Google Account controls directly from Search:We’re making it easier to access key Google Account controls from Search. Soon, when you’re signed into your Google Account, you’ll be able to search for things like “Google Privacy Checkup” and “Is my Google Account secure?” and a box only visible to you will show your privacy and security settings so you can easily review or adjust them.
03_Google_Safety_Search_Onebox_Still_Blog_JR_007_2.png

  • Easier access to Incognito mode:We’re also making it easier to access Incognito mode in our most popular apps, by long-pressing on your profile picture in Search, Maps and YouTube. It’s available today on the Google App for iOS, and coming soon to Android and other apps. We’re also working to make it possible to stay in Incognito mode across Google apps, like Maps and YouTube, and will have more to share soon.

04_Google-Safety_Incognito_Search_GIF_12fps_JR_002.gif
  • More proactive privacy controls:Each year, more than 200 million people visit Privacy Checkup. We’re adding proactive recommendations, including guided tips to help you manage your privacy settings.

Proactively protecting your information

Protecting your privacy starts with the world’s most advanced security. We provide automatic protections across all of our products, including Safe Browsing, which protects more than 4 billion devices from phishing and malware every day, and Google Play Protect, which scans your apps before, during and after download to help keep your devices safe.


Five years ago we launched Security Checkup, an easy, one stop shop for securing your Google Account. In one click we'll give you a snapshot of your Account security and offer personalized recommendations to help keep your data safe. In the coming weeks, Password Checkup, our tool that checks if passwords saved to your Google Account have been compromised, will become a core part of Security Checkup.


More than 100 million people have used Password Checkup, and they’ve seen a 30 percent reduction in breached credentials—it's been an incredibly effective way of keeping people safe not just on Google, but across the web. Like the other elements of Security Checkup, we'll provide the information you need to secure any at-risk accounts, automatically. Now that it's been integrated into Google Account and Chrome, we'll be sunsetting the Password Checkup Chrome extension in the coming months.
05_Google_SCU _ Password Manager Integration.png

Investing in privacy-preserving technologies

Being a responsible steward of your data means keeping it private. That’s why we continue to make advances in privacy-preserving technologies and invest in thousands of privacy engineers to make our protections stronger across Google products. For example, differential privacy powers our COVID-19 Community Mobility Reports, which helps public health authorities combat COVID-19 by using location data in a privacy-preserving way. It’s also used in Google Maps, so you can see how busy a restaurant is, in real time, without ever knowing who is at the restaurant. This year, in an industry first, we’ve used both differential privacy and federated learning, a technique we invented, to train the models that underpin Gboard. This successfully combines some of the most advanced methods to further protect your privacy.


Just as we open sourced Chromium to help make the open web better, we open sourced our differential privacy library to make it easier to build privacy into products across the industry. Now we’re expandingit to new programming languages including Java and Go, and releasing additional tools to help developers use machine learning to enhance privacy protections.

Our work continues

As we make privacy and security advances in our own products, we continue to advocate for sensible data regulations around the world, including strong, comprehensive federal privacy legislation in the U.S. To help inform this work, we’ve published a regulatory framework based on privacy laws and models around the world, such as Europe’s General Data Protection Regulation, and our own experience building privacy-first tools. 


While policymakers continue their work, we will continue ours—by challenging ourselves to make helpful products with less data, and raise the bar on privacy for everyone.

Keeping your private information private

Privacy is at the heart of everything we do, whether it’s keeping Meet video calls secure, protecting you from security threats, or being the first major company to decide not to make general purpose facial recognition commercially available and create clear AI Principles that prohibit use of our tools for surveillance.

As we design our products, we focus on three important principles: keeping your information safe, treating it responsibly, and putting you in control. Today, we are announcing privacy improvements to help do that, including changes to our data retention practices across our core products to keep less data by default.

 

Treating your information responsibly 

We believe that products should keep your information for only as long as it's useful and helpful to you—whether that’s being able to find your favorite destinations in Maps or getting recommendations for what to watch on YouTube. 


That’s why last year we introduced auto-delete controls, which give you the choice to have Google automatically and continuously delete your Location History, search, voice and YouTube activity data after 3 months or 18 months. We continue to challenge ourselves to do more with less, and today we’re changing our data retention practices to make auto-delete the default for our core activity settings


Here’s how it works: Starting today, the first time you turn on Location History—which is off by default—your auto-delete option will be set to 18 months by default. Web & App Activity auto-delete will also default to 18 months for new accounts. This means your activity data will be automatically and continuously deleted after 18 months, rather than kept until you choose to delete it. You can always turn these settings off or change your auto-delete option. 


If you’ve already had Location History and Web & App Activity turned on, we won’t be changing your settings. But we will actively remind you about the auto-delete controls through in-product notifications and emails, so you can choose the auto-delete setting that works for you.

02_Google_Safety_AutoDelete_GIF_24fps_JR_007.gif

As we introduce default retention to more products, we’re guided by the principle that products should keep information only for as long as it’s useful to you. For example, we're bringing this to YouTube, where auto-delete will be set to 36 months by default if you create a new account or turn on your YouTube History for the first time. This improves upon current industry practice and ensures that YouTube can continue to make relevant entertainment recommendations based on what you’ve watched or listened to in the past—like letting you know if your favorite series has released another season, or when your favorite artist drops a new album. Current users can still choose the 3 or 18 months auto-delete option. Default retention periods will not apply to other products like Gmail, Drive and Photos, which are designed to safely store your personal content.


As always, we don’t sell your information to anyone, and we don’t use information in apps where you primarily store personal content—such as Gmail, Drive, Calendar and Photos—for advertising purposes, period.

Control on your terms

Privacy is personal, which is why we’re always working to give you control on your terms—whether that’s helping you manage your settings with proactive tools in your Google Account, or making those settings easier to find in our products. Today we’re announcing updates to many of our privacy tools.


  • Google Account controls directly from Search:We’re making it easier to access key Google Account controls from Search. Soon, when you’re signed into your Google Account, you’ll be able to search for things like “Google Privacy Checkup” and “Is my Google Account secure?” and a box only visible to you will show your privacy and security settings so you can easily review or adjust them.
03_Google_Safety_Search_Onebox_Still_Blog_JR_007_2.png

  • Easier access to Incognito mode:We’re also making it easier to access Incognito mode in our most popular apps, by long-pressing on your profile picture in Search, Maps and YouTube. It’s available today on the Google App for iOS, and coming soon to Android and other apps. We’re also working to make it possible to stay in Incognito mode across Google apps, like Maps and YouTube, and will have more to share soon.

04_Google-Safety_Incognito_Search_GIF_12fps_JR_002.gif
  • More proactive privacy controls:Each year, more than 200 million people visit Privacy Checkup. We’re adding proactive recommendations, including guided tips to help you manage your privacy settings.

Proactively protecting your information

Protecting your privacy starts with the world’s most advanced security. We provide automatic protections across all of our products, including Safe Browsing, which protects more than 4 billion devices from phishing and malware every day, and Google Play Protect, which scans your apps before, during and after download to help keep your devices safe.


Five years ago we launched Security Checkup, an easy, one stop shop for securing your Google Account. In one click we'll give you a snapshot of your Account security and offer personalized recommendations to help keep your data safe. In the coming weeks, Password Checkup, our tool that checks if passwords saved to your Google Account have been compromised, will become a core part of Security Checkup.


More than 100 million people have used Password Checkup, and they’ve seen a 30 percent reduction in breached credentials—it's been an incredibly effective way of keeping people safe not just on Google, but across the web. Like the other elements of Security Checkup, we'll provide the information you need to secure any at-risk accounts, automatically. Now that it's been integrated into Google Account and Chrome, we'll be sunsetting the Password Checkup Chrome extension in the coming months.
05_Google_SCU _ Password Manager Integration.png

Investing in privacy-preserving technologies

Being a responsible steward of your data means keeping it private. That’s why we continue to make advances in privacy-preserving technologies and invest in thousands of privacy engineers to make our protections stronger across Google products. For example, differential privacy powers our COVID-19 Community Mobility Reports, which helps public health authorities combat COVID-19 by using location data in a privacy-preserving way. It’s also used in Google Maps, so you can see how busy a restaurant is, in real time, without ever knowing who is at the restaurant. This year, in an industry first, we’ve used both differential privacy and federated learning, a technique we invented, to train the models that underpin Gboard. This successfully combines some of the most advanced methods to further protect your privacy.


Just as we open sourced Chromium to help make the open web better, we open sourced our differential privacy library to make it easier to build privacy into products across the industry. Now we’re expandingit to new programming languages including Java and Go, and releasing additional tools to help developers use machine learning to enhance privacy protections.

Our work continues

As we make privacy and security advances in our own products, we continue to advocate for sensible data regulations around the world, including strong, comprehensive federal privacy legislation in the U.S. To help inform this work, we’ve published a regulatory framework based on privacy laws and models around the world, such as Europe’s General Data Protection Regulation, and our own experience building privacy-first tools. 


While policymakers continue their work, we will continue ours—by challenging ourselves to make helpful products with less data, and raise the bar on privacy for everyone.

Keeping your private information private

Privacy is at the heart of everything we do, whether it’s keeping Meet video calls secure, protecting you from security threats, or being the first major company to decide not to make general purpose facial recognition commercially available and create clear AI Principles that prohibit use of our tools for surveillance.

As we design our products, we focus on three important principles: keeping your information safe, treating it responsibly, and putting you in control. Today, we are announcing privacy improvements to help do that, including changes to our data retention practices across our core products to keep less data by default.

 

Treating your information responsibly 

We believe that products should keep your information for only as long as it's useful and helpful to you—whether that’s being able to find your favorite destinations in Maps or getting recommendations for what to watch on YouTube. 


That’s why last year we introduced auto-delete controls, which give you the choice to have Google automatically and continuously delete your Location History, search, voice and YouTube activity data after 3 months or 18 months. We continue to challenge ourselves to do more with less, and today we’re changing our data retention practices to make auto-delete the default for our core activity settings


Here’s how it works: Starting today, the first time you turn on Location History—which is off by default—your auto-delete option will be set to 18 months by default. Web & App Activity auto-delete will also default to 18 months for new accounts. This means your activity data will be automatically and continuously deleted after 18 months, rather than kept until you choose to delete it. You can always turn these settings off or change your auto-delete option. 


If you’ve already had Location History and Web & App Activity turned on, we won’t be changing your settings. But we will actively remind you about the auto-delete controls through in-product notifications and emails, so you can choose the auto-delete setting that works for you.

02_Google_Safety_AutoDelete_GIF_24fps_JR_007.gif

As we introduce default retention to more products, we’re guided by the principle that products should keep information only for as long as it’s useful to you. For example, we're bringing this to YouTube, where auto-delete will be set to 36 months by default if you create a new account or turn on your YouTube History for the first time. This improves upon current industry practice and ensures that YouTube can continue to make relevant entertainment recommendations based on what you’ve watched or listened to in the past—like letting you know if your favorite series has released another season, or when your favorite artist drops a new album. Current users can still choose the 3 or 18 months auto-delete option. Default retention periods will not apply to other products like Gmail, Drive and Photos, which are designed to safely store your personal content.


As always, we don’t sell your information to anyone, and we don’t use information in apps where you primarily store personal content—such as Gmail, Drive, Calendar and Photos—for advertising purposes, period.

Control on your terms

Privacy is personal, which is why we’re always working to give you control on your terms—whether that’s helping you manage your settings with proactive tools in your Google Account, or making those settings easier to find in our products. Today we’re announcing updates to many of our privacy tools.


  • Google Account controls directly from Search:We’re making it easier to access key Google Account controls from Search. Soon, when you’re signed into your Google Account, you’ll be able to search for things like “Google Privacy Checkup” and “Is my Google Account secure?” and a box only visible to you will show your privacy and security settings so you can easily review or adjust them.
03_Google_Safety_Search_Onebox_Still_Blog_JR_007_2.png

  • Easier access to Incognito mode:We’re also making it easier to access Incognito mode in our most popular apps, by long-pressing on your profile picture in Search, Maps and YouTube. It’s available today on the Google App for iOS, and coming soon to Android and other apps. We’re also working to make it possible to stay in Incognito mode across Google apps, like Maps and YouTube, and will have more to share soon.

04_Google-Safety_Incognito_Search_GIF_12fps_JR_002.gif
  • More proactive privacy controls:Each year, more than 200 million people visit Privacy Checkup. We’re adding proactive recommendations, including guided tips to help you manage your privacy settings.

Proactively protecting your information

Protecting your privacy starts with the world’s most advanced security. We provide automatic protections across all of our products, including Safe Browsing, which protects more than 4 billion devices from phishing and malware every day, and Google Play Protect, which scans your apps before, during and after download to help keep your devices safe.


Five years ago we launched Security Checkup, an easy, one stop shop for securing your Google Account. In one click we'll give you a snapshot of your Account security and offer personalized recommendations to help keep your data safe. In the coming weeks, Password Checkup, our tool that checks if passwords saved to your Google Account have been compromised, will become a core part of Security Checkup.


More than 100 million people have used Password Checkup, and they’ve seen a 30 percent reduction in breached credentials—it's been an incredibly effective way of keeping people safe not just on Google, but across the web. Like the other elements of Security Checkup, we'll provide the information you need to secure any at-risk accounts, automatically. Now that it's been integrated into Google Account and Chrome, we'll be sunsetting the Password Checkup Chrome extension in the coming months.
05_Google_SCU _ Password Manager Integration.png

Investing in privacy-preserving technologies

Being a responsible steward of your data means keeping it private. That’s why we continue to make advances in privacy-preserving technologies and invest in thousands of privacy engineers to make our protections stronger across Google products. For example, differential privacy powers our COVID-19 Community Mobility Reports, which helps public health authorities combat COVID-19 by using location data in a privacy-preserving way. It’s also used in Google Maps, so you can see how busy a restaurant is, in real time, without ever knowing who is at the restaurant. This year, in an industry first, we’ve used both differential privacy and federated learning, a technique we invented, to train the models that underpin Gboard. This successfully combines some of the most advanced methods to further protect your privacy.


Just as we open sourced Chromium to help make the open web better, we open sourced our differential privacy library to make it easier to build privacy into products across the industry. Now we’re expandingit to new programming languages including Java and Go, and releasing additional tools to help developers use machine learning to enhance privacy protections.

Our work continues

As we make privacy and security advances in our own products, we continue to advocate for sensible data regulations around the world, including strong, comprehensive federal privacy legislation in the U.S. To help inform this work, we’ve published a regulatory framework based on privacy laws and models around the world, such as Europe’s General Data Protection Regulation, and our own experience building privacy-first tools. 


While policymakers continue their work, we will continue ours—by challenging ourselves to make helpful products with less data, and raise the bar on privacy for everyone.

Online resources for kids and families during COVID-19

As families continue to face the new realities of juggling work, school, and play at home, online tools can make the adjustment a bit smoother. We’re all spending more of our time on our devices, and Google has many products and programs to help families create healthy digital habits and help them stay safe online. From internet safety resources to parental controls, our products help families find and manage quality content and apps, tools for distance learning and virtual field trips. And behind the scenes, our teams work every day to protect our users and make our products safer for everyone.

Helping families and educators with distance learning resources 

Families and educators are relying on digital platforms to provide access to online learning and educational tools during COVID-19. Our G Suite for Education tools can be used from any device and help more than 120 million teachers and students around the world work and learn together. To support distance learning, Google is offering premium Meet video conferencing features free for schools through September 30, 2020. 

In March, we launched a new Teach from Home hub for teachers with information and resources so that they can keep teaching, even as many schools closed due to COVID-19. This hub includes tutorials, step-by-step guides, and inspiration for distance learning during school closures.

Our teams are working to provide opportunities for families to learn together at home, including the new YouTube Learn at Home families site, virtual field trips and explorations through Google Arts & Culture, and the global roll-out of our AI-enabled reading app, Read Along

We created a dedicated Distance Learning Fund through Google.org to help educators and parents access tools and resources needed to provide learning opportunities for students. The Fund supports Khan Academy, Wide Open Schools by Common Sense Media, and DonorsChoose.

Helping families discover quality content for kids

Even outside school hours and virtual classrooms, kids are spending more time online so we’re helping parents find quality, age-appropriate content. The new Kids tab on Google Play makes it easier for parents to find enriching and engaging apps for their children. Teacher Approved apps must meet Play’s Designed for Families security and privacy requirements, and are reviewed and curated by teachers to identify fun and inspiring apps kids will love, with or without an educational focus. The Teacher Approved program launched in the U.S. in early April, and will be rolling out globally later in the year.  

YouTube Kids

https://www.youtube.com/kids/

offers a more contained environment for kids to explore their interests and curiosity. The app empowers parents to customize their child’s experience, including the content available to watch and how long they can use the app. Kids can access a range of helpful playlists on YouTube Kids right now, such as Healthy Habits, Learning and Indoor Activities. YouTube Kids is available in 79 countries on desktop, mobile and Smart TVs.

Teaching kids how to be safe online and build healthy tech habits

We’ve continued to help families navigate technology, from helping parents set digital ground rules to providing resources for teaching kids how to be safer online.

The Family Link app from Google helps parents create healthy habits for their child or teen as they learn, play, and explore online. Parents can keep an eye on screen time with daily limits and a bedtime on Android and Chromebook devices. They can also help guide their child to better content with download approvals, per-app time limits and content filters. And SafeSearch is on by default for supervised child accounts, helping to filter explicit search results. 

Be Internet Awesome teaches kids about digital literacy and online safety. The program offers free resources for educators and families to learn about these topics with a family guide and pledge, online safety coloring book, and simple online tips. The program features an interactive game, Interland, that reinforces internet safety concepts for kids in a fun and engaging way. It’s available globally in over 28 countries and 15 languages.

We’ve also partnered with other tech companies and The Global Partnership to End Violence Against Children (EVAC) to create a Public Service Announcement that helps parents keep their children safe online across platforms by providing resources on how to talk to kids about online risks, stay involved in their digital world, know who they’re connecting with, and use privacy and security settings. EVAC’s site dedicated to these resources includes information on how to block and report suspicious individuals to Google and other tech companies. We’re also working with industry partners, child protection nonprofits, and experts on other initiatives to improve child safety across the broader digital ecosystem. 

Online classes, quality content, and collaboration tools are important ways to stay connected from home, and we’re proud of the work our Security and Trust & Safety teams do to ensure families can enjoy these, and all Google products, more safely.

Spot the scam, stop the scammers

According to the Federal Trade Commission (FTC), people reported $1.9 billion lost to scams in 2019. Every minute, more than $3,600 disappeared from wallets and bank accounts in response to made-up stories of urgently overdue tax payments, bogus contest winnings, or a smooth-talking online suitor who suddenly needs some gift cards. A high-pressure phone call or exciting message can overcome many people’s judgment, especially if they are caught  at a vulnerable moment.

As the record-high scam reports keep coming, we’re providing support to the Cybercrime Support Network to help people identify scams before they fall victim to them through a new program called Scam Spotter. It simplifies expert advice with three golden rules—remember to refer to these rules when you receive a suspicious phone call or message to figure out if it’s a scam:

  • Slow it down: Are they telling you it’s urgent? Take your time and ask questions to avoid being rushed into a bad situation.
  • Spot check: Are they claiming to be from a specific institution? Do your own research to double check the details you’re getting. 
  • Stop! Don’t send: Are they asking you to go to the store and get gift cards? If you think a payment feels fishy, it probably is.

Just because COVID-19 has disrupted everyone’s life, it doesn’t mean the scammers have taken a break. In fact, scammers have exploited the pandemic with alarming speed, taking advantage of fear and uncertainty. More than $40 million in fraud losses have been reported to the FTC related to a myriad of COVID-19 complaints. While the stories are new—invented stimulus packages, phoney charities, romantic interests who now have an uncle in the ICU—the same three golden rules apply equally well:

Scam Free Golden Rules.jpg

While people ages 25-40 are most likely to be scammed, research shows it’s seniors who stand to lose the most, with their median losses more than double the average. As one of the architects of the Internet and an executive sponsor of the “Greyglers,” an internal group that promotes awareness of age diversity and issues related to age, I feel obligated to try to help my fellow Americans stay safe.  It will take a cross-generational effort. Please consider sharing ScamSpotter.org the next time you talk to the seniors in your life. Maybe you can both take the quiz and compare your scores, too.

Scammer Quiz Device.png

If we learn how to spot the bad actors, we can spend our time focusing on those moments that matter. And to the seniors out there, remember: of course the Internet is for us, we invented it!

Spot the scam, stop the scammers

According to the Federal Trade Commission (FTC), people reported $1.9 billion lost to scams in 2019. Every minute, more than $3,600 disappeared from wallets and bank accounts in response to made-up stories of urgently overdue tax payments, bogus contest winnings, or a smooth-talking online suitor who suddenly needs some gift cards. A high-pressure phone call or exciting message can overcome many people’s judgment, especially if they are caught  at a vulnerable moment.

As the record-high scam reports keep coming, we’re providing support to the Cybercrime Support Network to help people identify scams before they fall victim to them through a new program called Scam Spotter. It simplifies expert advice with three golden rules—remember to refer to these rules when you receive a suspicious phone call or message to figure out if it’s a scam:

  • Slow it down: Are they telling you it’s urgent? Take your time and ask questions to avoid being rushed into a bad situation.
  • Spot check: Are they claiming to be from a specific institution? Do your own research to double check the details you’re getting. 
  • Stop! Don’t send: Are they asking you to go to the store and get gift cards? If you think a payment feels fishy, it probably is.

Just because COVID-19 has disrupted everyone’s life, it doesn’t mean the scammers have taken a break. In fact, scammers have exploited the pandemic with alarming speed, taking advantage of fear and uncertainty. More than $40 million in fraud losses have been reported to the FTC related to a myriad of COVID-19 complaints. While the stories are new—invented stimulus packages, phoney charities, romantic interests who now have an uncle in the ICU—the same three golden rules apply equally well:

Scam Free Golden Rules.jpg

While people ages 25-40 are most likely to be scammed, research shows it’s seniors who stand to lose the most, with their median losses more than double the average. As one of the architects of the Internet and an executive sponsor of the “Greyglers,” an internal group that promotes awareness of age diversity and issues related to age, I feel obligated to try to help my fellow Americans stay safe.  It will take a cross-generational effort. Please consider sharing ScamSpotter.org the next time you talk to the seniors in your life. Maybe you can both take the quiz and compare your scores, too.

Scammer Quiz Device.png

If we learn how to spot the bad actors, we can spend our time focusing on those moments that matter. And to the seniors out there, remember: of course the Internet is for us, we invented it!

Helping you avoid COVID-19 online security risks

As people around the world are staying at home due to COVID-19, many are turning to new apps and communications tools to work, learn, access information, and stay connected with loved ones. 


While these digital platforms are helpful in our daily lives, they can also introduce new online security risks. Our Threat Analysis Group continually monitors for sophisticated, government-backed hacking activity and is seeing new COVID-19 messaging used in attacks, and our security systems have detected a range of new scams such as phishing emails posing as messages from charities and NGOs battling COVID-19, directions from “administrators” to employees working from home, and even notices spoofing healthcare providers. Our systems have also spotted malware-laden sites that pose as sign-in pages for popular social media accounts, health organizations, and even official coronavirus maps. During the past couple of weeks, our advanced, machine-learning classifiers have seen 18 million daily malware and phishing attempts related to COVID-19, in addition to more than 240 million COVID-related spam messages. 


To protect you from these risks, we've built advanced security protections into Google products to automatically identify and stop threats before they ever reach you. Our machine learning models in Gmail already detect and block more than 99.9 percent of spam, phishing and malware. Our built-in security also protects you by alerting you before you enter fraudulent websites, scanning apps in Google Play before you download, and more. But we want to help you stay secure everywhere online, not just on our products, so we’re providing these simple tips, tools and resources.

Know how to spot and avoid COVID-19 scams

With many of the COVID-19 related scams coming in the form of phishing emails, it’s important to pause and evaluate any COVID-19 email before clicking any links or taking other action. Be wary of requests for personal information such as your home address or bank details. Fake links often imitate established websites by adding extra words or letters to them—check the URL’s validity by hovering over it (on desktop) or with a long press (on mobile). Keep these tips handy and learn more at g.co/covidsecuritytips.
Helping you avoid COVID-19 online security risks

Use your company’s enterprise email account for anything work-related

Working with our enterprise customers, we see how employees can put their company’s business at risk when using their personal accounts or devices. Even when working from home, it’s important to keep your work and personal email separate. Enterprise accounts offer additional security features that keep your company’s private information private. If you’re unsure about your company’s online security safeguards, check with your IT professionals to ensure the right security features are enabled, like two-factor authentication.

Secure your video calls on video conferencing apps

The security controls built into Google Meet are turned on by default, so that in most cases, organizations and users are automatically protected. But there are steps you can take on any video conferencing app to make your call more secure:

  • If your meetings use short, numeric codes, turn on the password or PIN feature. The extra layer of verification will help ensure only the invited attendees gain access to the meeting.

  • When sharing a meeting invite publicly, be sure to enable the “knocking” feature so that the meeting organizer can personally vet and accept new attendees before they enter the meeting.

  • If you receive a meeting invite that requires installing a new video-conferencing app, always be sure to verify the invitation—paying special attention to potential imposters—before installing.

Install security updates when notified

When working from home, your work computer may not automatically update your security technology as it would when in the office and connected to your corporate network. It’s important to take immediate action on any security update prompts. These updates solve for known security vulnerabilities, which attackers are actively seeking out and exploiting.

Use a password manager to create and store strong passwords

With all the new applications and services you might be using for work and school purposes, it can be tempting to use just one password for all. In fact, 66 percent of Americans admit to using the same password across multiple accounts. To keep your private information private, always use unique, hard-to-guess passwords. A password manager, like the one built into Android, Chrome, and your Google Account can help make this easier.

Protect your Google Account

If you use a Google Account, you can easily review any recent security issues and get personalized recommendations to help protect your data and devices with the Security Checkup. Within this tool, you can also run a Password Checkup to learn if any of your saved passwords for third party sites or accounts  have been compromised and then easily change them if needed.


You should also consider adding two-step verification (also known as two-factor authentication), which you likely already have in place for online banking and other similar services to provide an extra layer of security. This helps keep out anyone who shouldn’t have access to your accounts by requiring a secondary factor on top of your username and password to sign in. To set this up for your Google Account, go to g.co/2SV. And if you’re someone who is at risk of a targeted attack—like a journalist, activist, politician or a high profile healthcare professional—enroll in the Advanced Protection Program, our strongest security offering, at g.co/advancedprotection.

Help your kids stay safe online

With schools closed around the world, kids are online more than ever before. You can help your kids learn how to spot scams with the educational material at Be Internet Awesome and within the interactive learning game, Interland. You can also use Family Link to create age-appropriate accounts, control your kids’ app downloads, and monitor their activity.

Our teams continue to monitor the evolving online security threats connected to COVID-19 so that we can keep you informed and protected. For more tips to help you improve your online security, visit our Safety Center.