Tag Archives: safety and security

Protecting users from government-backed hacking and disinformation

Google's Threat Analysis Group (TAG) works to counter targeted and government-backed hacking against Google and our users. This is an area we have invested in deeply for over a decade. Our daily work involves detecting and defeating threats, and warning targeted users and customers about the world’s most sophisticated adversaries, spanning the full range of Google products including Gmail, Drive and YouTube.

In the past, we’ve posted on issues like phishing campaigns, vulnerabilities and disinformation. Going forward, we’ll share more technical details and data about the threats we detect and how we counter them to advance the broader digital security discussion.

TAG tracks more than 270 targeted or government-backed groups from more than 50 countries. These groups have many goals including intelligence collection, stealing intellectual property, targeting dissidents and activists, destructive cyber attacks, or spreading coordinated disinformation. We use the intelligence we gather to protect Google infrastructure as well as users targeted with malware or phishing.

Phishing

We’ve had a long-standing policy to send users warnings if we detect that they are the subject of state-sponsored phishing attempts, and have posted periodically about these before. From July to September 2019, we sent more than 12,000 warnings to users in 149 countries that they were targeted by government-backed attackers. This is consistent (+/-10%) with the number of warnings sent in the same period of 2018 and 2017.

govt backed phishing targets in q3 2019.png

Distribution of government-backed phishing targets in Q3 (Jul-Sep 2019)

Over 90 percent of these users were targeted via “credential phishing emails” similar to the example below. These are usually attempts to obtain the target’s password or other account credentials to hijack their account. We encourage high-risk users—like journalists, human rights activists, and political campaigns—to enroll in our Advanced Protection Program (APP), which utilizes hardware security keys and provides the strongest protections available against phishing and account hijackings. APP is designed specifically for the highest-risk accounts.

In the simple phishing example below, an attacker has sent a phishing email with a security alert lure from “Goolge” suggesting the user secure their account. The user clicks the link, enters their password, and may also get asked for a security code if they have two-factor authentication enabled, allowing the attacker to access their account.

sample gmail lure.png

Sample lure used to phish Gmail users

Threat detection

Last week at CyberwarCon, we presented analysis about previously undisclosed campaigns from a Russia-nexus threat group called “Sandworm” (also known as “Iridium”). It’s a useful example of the type of detailed threat detection work that TAG does. Although much of Sandworm’s activity targeting Ukraine and their attacks against the 2018 Winter Olympics have been covered publicly, some campaigns have not been reported. 

In December 2017, TAG discovered a series of campaigns from Sandworm attempting to deploy Android malware. The first campaign targeted users in South Korea, where Sandworm was modifying legitimate Android applications with malware. They then uploaded these modified apps to the Play Store using their own attacker-controlled developer accounts. During this campaign, Sandworm uploaded eight different apps to the Play Store, each with fewer than 10 total installs. 

malicious apps targeting users in south korea.png

Malicious apps targeting users in South Korea

We also identified an earlier September 2017 Android campaign from Sandworm where they used similar tactics and deployed a fake version of the UKR.net email app on the Play Store. This application had approximately 1,000 total installs. We worked with our colleagues on the Google Play Protect Team to write detections for this malware family, and eliminate it.

In November 2018, we saw evidence that Sandworm shifted from using attacker-controlled accounts to try and upload malicious apps to compromising legitimate developers. Throughout November, Sandworm targeted software and mobile app developers in Ukraine via spear phishing emails with malicious attachments. In at least one case, they compromised an app developer with several published Play Store apps—one with more than 200,000 installs. 

After compromising the developer, Sandworm built a backdoor in one of the legitimate apps and attempted to publish it on the Play Store. They did this by adding their implant code into the application package, signing the package with the compromised developer’s key, and then uploading it to the Play Store. However, the Google Play Protect team caught the attempt at the time of upload. As a result, no users were infected and we were able to re-secure the developer’s account.

Disinformation

TAG is one part of Google and YouTube’s broader efforts to tackle coordinated influence operations that attempt to game our services. We share relevant threat information on these campaigns with law enforcement and other tech companies. Here are some examples that have been reported recently that TAG worked on:

  • TAG recently took action against Russia-affiliated influence operations targeting several nations in Africa. The operations use inauthentic news outlets to disseminate messages promoting Russian interests in Africa. We have observed the use of local accounts and people to contribute to the operation, a tactic likely intended to make the content appear more genuine. Targeted countries included the Central African Republic, Sudan, Madagascar, and South Africa, and languages used included English, French, and Arabic. Activity on Google services was limited, but we enforced across our products swiftly. We terminated the associated Google accounts and 15 YouTube channels, and we continue to monitor this space. This discovery was consistent with recent observations and actions announced by Facebook. 

  • Consistent with a recent Bellingcat report, TAG identified a campaign targeting the Indonesian provinces Papua and West Papua with messaging in opposition to the Free Papua Movement. Google terminated one advertising account and 28 YouTube channels.

Partnerships

TAG works closely with other technology companies—including platforms and specialized security firms—to share intelligence and best practices. We also share threat information with law enforcement. And of course there are multiple teams at Google at work on these issues with whom we coordinate. 

Going forward, our goal is to give more updates on the attacks that TAG detects and stops. Our hope is that shining more light on these actors will be helpful to the security community, deter future attacks, and lead to better awareness and protections among high-risk targets.

Top tips for keeping data safe and secure on Android

Keeping data safe and private is a key priority for Android—and we’ve built a number of features to keep your device secure and give you control. As part of Cybersecurity Awareness Month, here are a few of these features, and our top tips for staying safe on your phone.


Warding off sneaky phishing attacks


Video explaining phishing attacks

Phishing is when a bad actor (we’re talking criminal here, not someone with low-rated movies on Rotten Tomatoes) tricks you into giving them your private information. Phishing can come in the form of a convincing email that looks like it’s from a company or co-worker you know, spam phone calls, and even text messages. 

Typically, these bad actors want to steal credit card numbers, social security numbers, or account login information (usually for financial gain or identity theft), but there may be other pieces of data they’re looking to steal.

Thankfully, you have three important features on your Android device that protect them from phishing:

  • Caller ID & Spam Protection: This shows you when a call you’re receiving may be coming from a suspected spammer.
  • Safe Browsing: This Chrome feature lets you know if you stumble across a website we know to be bad, and will help you quickly get to safety.
  • Phone-as-a-Security-Key: While other forms of on-device two-factor authentication, such as SMS one-time codes and push notifications, can be phished by a remote attacker, Android's built-in security key gives you the strongest form of Google account protection. 

Privacy controls you can depend on

Video explaining Android permissions and privacy controls.

How to protect your privacy with Android

On mobile devices, apps can access a lot of pertinent information such as contacts, web histories, location, photos, and more. This makes apps more useful—for example, helping you navigate to a desired destination in Maps—but you still want to make sure that you control who sees what. 

You can choose how their data is shared with apps and services through a number of different means:

  • Permissions: Apps have to ask you for permission to access certain types of data, like your photos or contacts. To grant or revoke permission, head to Settings > Privacy, if you are using Android 10. For Android Pie and below, head to Settings > Apps & notifications > Advanced > App Permissions.  
  • Location permissions: You can tell an app that it may only access your location when you’re actually using that app, as opposed to “all the time” or “never.”
  • Incognito mode in Google Maps: When you turn on Incognito mode in Maps, your Maps activity on that device, like the places you search for, won’t be saved to your Google Account and won’t be used to personalize your Maps experience.

Keeping bad apps off your device


ASL_ASAP Subheader_10.28.19_01.gif

Bad actors also use potentially harmful applications to steal information. Google Play Protect makes sure these applications stay off your device by automatically scanning your apps to make sure everything is safe. If you do encounter one of these bad apps, Google Play Protect will quickly alert you and instruct you on how to remove the app from your device. 

You can access Google Play Protect by going to the security section of your settings. If you ever want to run a scan manually, you can prompt it to do so there. When it comes to security and privacy on Android, you’re never alone. You have both the underlying, automatic protections and the personalized control you need to keep your information safe and private. Want to learn more? Visit our Security Center today. 

Source: Android


Keeping privacy and security simple, for you

Our goal has always been to create products that are simple, helpful, and intuitive. It’s no different with privacy and security: managing your data should be just as easy as making a restaurant reservation, or using Maps to find the fastest way back home.


Earlier this year, we started rolling out more ways for you to protect your data, including making our controls easier to access, new ways to use Google apps with Incognito mode, and options to automatically delete data like your Location History, searches, and other activity with Google.


Making these controls consistent across our core products will help them become more familiar, and we hope, even easier to use. Today, we’re sharing a few more updates on our progress toward this goal.

Incognito mode arrives in Maps

Incognito mode has been one of our most popular privacy controls since it launched with Chrome in 2008. We added it to YouTube earlier this year, and now we’re rolling it out in Google Maps.

Incognito mode in Maps

When you turn on Incognito mode in Maps, your Maps activity on that device, like the places you search for, won’t be saved to your Google Account and won’t be used to personalize your Maps experience. You can easily turn on Incognito mode by selecting it from the menu that appears when you tap your profile photo, and you can turn it off at any time to return to a personalized experience with restaurant recommendations, information about your commute, and other features tailored to you. Incognito mode will start rolling out on Android this month, with iOS coming soon.

Expanding Auto-delete to YouTube

In May, we announced that you could automatically delete your Location History and Web & App Activity, which includes things you've searched and browsed. We promised to bring this to more products, and now we're bringing Auto-delete to YouTube History. Set the time period to keep your data—3 months, 18 months, or until you delete it, just like Location History and Web & App Activity—and we’ll take care of the rest.
Auto-delete in YouTube History

Control your privacy with your voice in the Assistant

We’re adding new ways to easily understand and manage your data in the Assistant.

First, when you ask questions like “Hey Google, how do you keep my data safe?” the Assistant will share information about how we keep your data private and secure.

We’re also making it easier to control your privacy with simple voice commands. In the coming weeks, you’ll be able to delete Assistant activity from your Google Account just by saying things like “Hey Google, delete the last thing I said to you” or “Hey Google, delete everything I said to you last week.” You won't need to turn on any of these features—they will work automatically when you ask the Assistant for help. If you ask to delete more than a week's worth of data from your account, the Assistant will point you directly to the page in your account settings to complete the deletion. We’re rolling this out in English next week, and in all other languages next month.

Privacy actions in the Assistant

Strengthening your password security

Protecting your privacy online requires strong security, and that’s why we protect your data with one of the world’s most advanced security infrastructures.

Tools like ourSecurity Checkup help users by automatically detecting potential security issues with your Google Account and make it easy for you to add extra protections to keep your account safe, like removing old devices or unused apps that still have access to your account.

But we also want to help protect you across the internet, and a big part of that is helping you remember passwords for your other online accounts. With so many accounts, bad habits like using the same password across multiple services are common, and make all of your accounts as vulnerable as the weakest link. If someone steals your password once, then they could access your information across different services using that same password. 

Our password manager automatically protects your passwords across your different accounts, and today, in time for Cybersecurity Awareness Month, we’re making it much more powerful. We’re introducing the Password Checkup, a new feature that—with one click—tells you if any of your passwords are weak, whether you’ve reused them across multiple sites, or if we've discovered they've been compromised (for example, in a third-party data breach). Find more about the Password Checkup in this post.

Password Checkup

We’re constantly working to improve the products that billions of people use, right now. We’re also looking to the future so that teams at Google, and other organizations, can build new products and develop new engineering techniques, with privacy and security as core principles. In May, we opened the new Google Safety Engineering Center where we expect the number of privacy engineers to double by the end of 2019. We’ve also open-sourced technologies like our differential privacy library, Private Join and Compute and Tensorflow Federated. These will help any institution—from hospitals to governments to nonprofits—find better ways to gain insights from their data while protecting people's privacy.

As technology evolves, so do people's expectations for security and privacy. We look forward to building protections that aim to exceed those expectations, and will continue sharing regular updates about this work.

To stay secure online, Password Checkup has your back

We’ve all been there. Compromising security for convenience, we put our personal information at risk with poor password habits. One in four Americans use common passwords—like Abc123, Password1111, and P@ssw0rd. Sixty-six percent of Americans admit to using the same weak password across multiple sites, which makes all those accounts vulnerable. And every day, new data breaches publicly expose millions of usernames and passwords.

Until passwords become a thing of the past (trust us, we’re working on it), there’s a simple and secure solution: use a password manager, like the one built into your Google Account and Google Chrome. It generates strong, unique passwords for all your online accounts, auto-fills them as you sign in, and helps keep them safe in a central place. 

Today we’re launching the Password Checkup—a new feature built into our password manager that checks the strength and security of all of your saved passwords, tells you if we find they’ve been compromised (for example, in a breach), and gives you personalized, actionable recommendations when needed. 

A built-in password manager in your Google Account

A built-in password manager in your Google Account

With a single click, the Password Checkup tells you if: 


  • Your passwords have been compromised in a third-party breach. We’ve found more than 4 billion usernames and passwords that have been exposed due to third-party breaches. If any of these are yours, attackers could have these passwords and access your information. 

  • Your passwords are being reused across different sites. If someone gets access to a password that you reuse on multiple sites, they can use it to sign into your other accounts as well.

  • Your passwords should be strengthened. Weak passwords can be easily guessed by attackers, putting your personal information at risk. 

This is just one way we help protect you across the internet, not just on Google. The Password Checkup and the password manager are built into your Google Account, along with many other important privacy and security controls. To manage and check all of your saved passwords, you can go directly to passwords.google.com.

Coming soon: Always-on protection with Chrome

The Password Checkup is built from our Chrome extension launched earlier this year, which alerts you if your username or password has been compromised in a third-party data breach. The extension has been downloaded more than 1 million times, with nearly half of those users receiving a warning for a compromised password. Later this year, we’ll build Password Checkup technology directly into Chrome for everyone—so you get real time protection as you type your password without needing to install a separate extension. 

Features like Security Checkup, password manager and now the Password Checkup are all examples of how we're continuously working to make your online experience safer and easier—not just on Google, but across the web. So the next time you’re struggling to remember how many !’s and 1’s you added to your last password, we can help you with that. 

Build security into your next website

If you wanted to send a secret message by mail, would you rather send it in an envelope, or on a postcard? If you send it on a postcard, anyone who saw the postcard on its way to the recipient could read the message, or even make changes to what’s written.

Encryption on a website functions like an envelope, protecting information passed between your website and its visitors so it can’t be snooped on or changed. It’s what keeps your visitors safe from bad actors who may try to alter your site’s content, misdirect traffic, spy on open Wi-Fi networks, and inject malware or tracking. You achieve encryption on a website by installing an SSL (Secure Sockets Layer) certificate. This certificate ensures that the data passed between a web server and a browser remains private. 

To kick off National Cyber Security Awareness Month, we’re highlighting something that many website owners don’t realize—a single page that isn’t encrypted could potentially be used to gain access to the rest of the website. To avoid this, you need encryption on your entire website, not just for pages that are collecting credit card numbers or log-in info. Even unencrypted landing pages that redirect to an HTTPS page can pose risks. A single unprotected page can become a backdoor for bad actors to snoop on the rest of the site. How do you ensure your entire website is encrypted?

Use a top-level domain that is HSTS preloaded. 

The HSTS preload list tells modern browsers which websites  to only load over an encrypted connection. The fastest way to get on this list is to use a top-level domain that’s already on the HSTS preload list, such as .app.dev, or .page. Any website on those extensions gets the security benefits of HSTS preloading from day one, so all you need to do is install your SSL certificate.

Add your website to the HSTS preload list yourself. 

Websites can be individually added to the HSTS preload list by the website owner at hstspreload.org. Keep in mind this can be a slow process because the list is manually built into the browser. That means updates to the list are made as new browser releases come out, which can take months to occur for all browsers.

More people are creating websites than ever before, with 48 percent of the U.S. population planning to create one.  To help make building your secure website a bit easier, we’ve teamed up with some of our registrar partners, who are offering free SSL certificates during the month of October. We’re also kicking off a video series where existing creators will share their tips for launching a website. You can check them out at safe.page/buildsecurely.

Build security into your next website

If you wanted to send a secret message by mail, would you rather send it in an envelope, or on a postcard? If you send it on a postcard, anyone who saw the postcard on its way to the recipient could read the message, or even make changes to what’s written.

Encryption on a website functions like an envelope, protecting information passed between your website and its visitors so it can’t be snooped on or changed. It’s what keeps your visitors safe from bad actors who may try to alter your site’s content, misdirect traffic, spy on open Wi-Fi networks, and inject malware or tracking. You achieve encryption on a website by installing an SSL (Secure Sockets Layer) certificate. This certificate ensures that the data passed between a web server and a browser remains private.

To kick off National Cyber Security Awareness Month, we’re highlighting something that many website owners don’t realize—a single page that isn’t encrypted could potentially be used to gain access to the rest of the website. To avoid this, you need encryption on your entire website, not just for pages that are collecting credit card numbers or log-in info. Even unencrypted landing pages that redirect to an HTTPS page can pose risks. A single unprotected page can become a backdoor for bad actors to snoop on the rest of the site. How do you ensure your entire website is encrypted?

Use a top-level domain that is HSTS preloaded.

The HSTS preload list tells modern browsers which websites  to only load over an encrypted connection. The fastest way to get on this list is to use a top-level domain that’s already on the HSTS preload list, such as .app, .dev, or .page. Any website on those extensions gets the security benefits of HSTS preloading from day one, so all you need to do is install your SSL certificate.

Add your website to the HSTS preload list yourself.

Websites can be individually added to the HSTS preload list by the website owner at hstspreload.org. Keep in mind this can be a slow process because the list is manually built into the browser. That means updates to the list are made as new browser releases come out, which can take months to occur for all browsers.

More people are creating websites than ever before, with 48 percent of the U.S. population planning to create one.  To help make building your secure website a bit easier, we’ve teamed up with some of our registrar partners, who are offering free SSL certificates during the month of October. We’re also kicking off a video series where existing creators will share their tips for launching a website. You can check them out at safe.page/buildsecurely.

Building a more private web

Privacy is paramount to us, in everything we do. So today, we are announcing a new initiative to develop a set of open standards to fundamentally enhance privacy on the web. We’re calling this a Privacy Sandbox. 


Technology that publishers and advertisers use to make advertising even more relevant to people is now being used far beyond its original design intent - to a point where some data practices don’t match up to user expectations for privacy. Recently, some other browsers have attempted to address this problem, but without an agreed upon set of standards, attempts to improve user privacy are having unintended consequences.


First, large scale blocking of cookies undermine people’s privacy by encouraging opaque techniques such as fingerprinting. With fingerprinting, developers have found ways to use tiny bits of information that vary between users, such as what device they have or what fonts they have installed to generate a unique identifier which can then be used to match a user across websites. Unlike cookies, users cannot clear their fingerprint, and therefore cannot control how their information is collected. We think this subverts user choice and is wrong.


Second, blocking cookies without another way to deliver relevant ads significantly reduces publishers’ primary means of funding, which jeopardizes the future of the vibrant web. Many publishers have been able to continue to invest in freely accessible content because they can be confident that their advertising will fund their costs. If this funding is cut, we are concerned that we will see much less accessible content for everyone. Recent studies have shown that when advertising is made less relevant by removing cookies, funding for publishers falls by 52% on average1.


So we are doing something different. We want to find a solution that both really protects user privacy and also helps content remain freely accessible on the web. At I/O, we announced a plan to improve the classification of cookies, give clarity and visibility to cookie settings, as well as plans to more aggressively block fingerprinting. We are making progress on this, and today we are providing more details on our plans to restrict fingerprinting. Collectively we believe all these changes will improve transparency, choice, and control. 


But, we can go further. Starting with today’s announcements, we will work with the web community to develop new standards that advance privacy, while continuing to support free access to content. Over the last couple of weeks, we’ve started sharing our preliminary ideas for a Privacy Sandbox - a secure environment for personalization that also protects user privacy. Some ideas include new approaches to ensure that ads continue to be relevant for users, but user data shared with websites and advertisers would be minimized by anonymously aggregating user information, and keeping much more user information on-device only. Our goal is to create a set of standards that is more consistent with users’ expectations of privacy.


We are following the web standards process and seeking industry feedback on our initial ideas for the Privacy Sandbox. While Chrome can take action quickly in some areas (for instance, restrictions on fingerprinting) developing web standards is a complex process, and we know from experience that ecosystem changes of this scope take time. They require significant thought, debate, and input from many stakeholders, and generally take multiple years. 


To move things forward as quickly as possible, we have documented the specific problems we are trying to solve together, and we are sharing a series of explainers with the web community. We have also summarized these ideas today on the Chromium blog.


We look forward to getting feedback on this approach from the web platform community, including other browsers, publishers, and their advertising partners. Thank you in advance for your help and input on this process - we believe that we must solve these problems together to ensure that the incredible benefits of the open, accessible web continue into the next generation of the internet.

1 Google Ad Manager data; n=500 global publishers; Analysis based on an A/B experiment where cookies are disabled on a randomly selected fraction of each publisher's traffic; May-August 2019. More information available on the Google ads blog.


Building a more private web

Privacy is paramount to us, in everything we do. So today, we are announcing a new initiative to develop a set of open standards to fundamentally enhance privacy on the web. We’re calling this a Privacy Sandbox. 


Technology that publishers and advertisers use to make advertising even more relevant to people is now being used far beyond its original design intent - to a point where some data practices don’t match up to user expectations for privacy. Recently, some other browsers have attempted to address this problem, but without an agreed upon set of standards, attempts to improve user privacy are having unintended consequences.


First, large scale blocking of cookies undermine people’s privacy by encouraging opaque techniques such as fingerprinting. With fingerprinting, developers have found ways to use tiny bits of information that vary between users, such as what device they have or what fonts they have installed to generate a unique identifier which can then be used to match a user across websites. Unlike cookies, users cannot clear their fingerprint, and therefore cannot control how their information is collected. We think this subverts user choice and is wrong.


Second, blocking cookies without another way to deliver relevant ads significantly reduces publishers’ primary means of funding, which jeopardizes the future of the vibrant web. Many publishers have been able to continue to invest in freely accessible content because they can be confident that their advertising will fund their costs. If this funding is cut, we are concerned that we will see much less accessible content for everyone. Recent studies have shown that when advertising is made less relevant by removing cookies, funding for publishers falls by 52% on average1.


So we are doing something different. We want to find a solution that both really protects user privacy and also helps content remain freely accessible on the web. At I/O, we announced a plan to improve the classification of cookies, give clarity and visibility to cookie settings, as well as plans to more aggressively block fingerprinting. We are making progress on this, and today we are providing more details on our plans to restrict fingerprinting. Collectively we believe all these changes will improve transparency, choice, and control. 


But, we can go further. Starting with today’s announcements, we will work with the web community to develop new standards that advance privacy, while continuing to support free access to content. Over the last couple of weeks, we’ve started sharing our preliminary ideas for a Privacy Sandbox - a secure environment for personalization that also protects user privacy. Some ideas include new approaches to ensure that ads continue to be relevant for users, but user data shared with websites and advertisers would be minimized by anonymously aggregating user information, and keeping much more user information on-device only. Our goal is to create a set of standards that is more consistent with users’ expectations of privacy.


We are following the web standards process and seeking industry feedback on our initial ideas for the Privacy Sandbox. While Chrome can take action quickly in some areas (for instance, restrictions on fingerprinting) developing web standards is a complex process, and we know from experience that ecosystem changes of this scope take time. They require significant thought, debate, and input from many stakeholders, and generally take multiple years. 


To move things forward as quickly as possible, we have documented the specific problems we are trying to solve together, and we are sharing a series of explainers with the web community. We have also summarized these ideas today on the Chromium blog.


We look forward to getting feedback on this approach from the web platform community, including other browsers, publishers, and their advertising partners. Thank you in advance for your help and input on this process - we believe that we must solve these problems together to ensure that the incredible benefits of the open, accessible web continue into the next generation of the internet.

1 Google Ad Manager data; n=500 global publishers; Analysis based on an A/B experiment where cookies are disabled on a randomly selected fraction of each publisher's traffic; May-August 2019. More information available on the Google ads blog.


Source: Google Chrome


Google for Chile: Supporting development through tech

Over the last decade, Chile has become known as one of the most connected countries in Latin America, and its population has been an early adopter of new technologies. But the country still has important challenges and opportunities to connect and bring all Chileans closer to technology that can make both their work and home lives easier.

Today we hosted our first Google for Chile, with a group of more than 300 people in Santiago. There, we discussed our ongoing commitment to the digital growth of Chile and Latin America, improving connectivity and creating a safer public cloud. 

Connecting Chile's entrepreneurial force

In Chile and around the world, small and medium businesses increasingly need to be online in order to grow. Google My Business has become one of the best allies for entrepreneurs who want to see their businesses "on the map" and for their customers to find them. The number of verified companies on the platform in Chile has grown by 76% over the past year.

More efficient cities, in the cloud

In Chile, almost 50 percent of drivers use Waze to drive around all types of streets. That means users can serve as a kind of “sensor” in addition to stationary ones like radar and cameras, and cities can learn a lot from their drivers. Now, all the information from the Waze for Cities program will be stored for free for its members on Google Cloud, making it even easier for cities to see movement patterns and measure the effects of interventions. Currently, more than 190 partners across Latin America have joined the program.  

Partners like the Subsecretaría de Transportes de Chile have been using Waze data to improve traffic. They monitor more than 400 road segments to determine the periods with the most traffic. This information is used to program traffic lights, and whenever patterns change (like when traffic piles up or there’s an accident on the road), they can adapt the lights accordingly. 

Keeping Chilean children, teachers and parents safe online

In 2018, we launched Be Internet Awesome, which teaches children to be safe explorers of the online world. In Chile, we have been working with the Education Ministry so teachers and administrators can use our program’s tools. In the coming weeks, teachers using Be Internet Awesome will be able to find a new module—in Spanish—to teach students to think critically about the information they consume online, avoiding misinformation. 

Privacy for all 

New privacy tools are now officially available in Chile. People can now use Android phones as security keys, adding an extra layer of protection to their information. They can also check how data is being used in Maps, Search and the Assistant, by accessing the apps menu and choosing the option “Your data in …” There, you can review and delete your location activity in Maps or your search activity in Search. Soon, the same feature will be accessible on YouTube.

Auto-delete controls for Web and Apps Activity are also now available globally, allowing people to easily manage the amount of time their data is saved. Choose a limit—3 or 18 months—and anything older than that will be automatically deleted on an ongoing basis.

The cloud in Quilicura

The first and only Google data center in Latin America is located in Chile, in the city of Quilicura. Announced in 2012, the data center allows us to provide support to and guarantee the operation of all of our products, not just for Chile but for all of Latin America. 

In September 2018, we announced the expansion of our data center, with an additional investment of US$140 million that will triple the size of the initial structure. And last April we announced the arrival of Curie on the coasts of the Valparaiso Region: Curie is the first submarine fiber optic cable to reach Chile in about 20 years.

How AI is transforming industries in Chile 

At Google, we use artificial intelligence to make our products more useful, from email that is spam-free and easier to write to a digital assistant that understands you when you ask it questions.

Much of the progress made with AI is based on our open source machine learning platform, TensorFlow. In Chile, machine learning is opening up new opportunities in several industries like food, construction and astronomy. Local technology company Odd Industries found potential in using AI with camera footage in the construction sector, letting data reveal what humans can’t see. Artificial intelligence processes images from construction sites and converts them into concrete data, allowing companies to build responsibly and intelligently. 

Working together with industry associations, academic institutions, government officials and our users, I’m excited to find new ways to use technology to help everyone succeed. 

The Advanced Protection Program expands to Chrome

The Advanced Protection Program is our strongest level of protection for the personal Google Accounts of anyone at risk of targeted attacks — like journalists, activists, politicians and business leaders. It offers an evolving list of security offerings to protect our users holistically, across different ways an attacker can try to gain access to their accounts and data.

Starting today, Advanced Protection Program users who have turned on sync in Chrome will automatically start receiving stronger protections against risky downloads across the web, like files containing malware. Advanced Protection users already benefit from malware protections beyond Gmail's standard, industry-leading safeguards. As a result, attackers are shifting their strategies to threaten Advanced Protection users outside of email with linked malware and “drive-by downloads” where users unknowingly download harmful software onto their devices.

To protect our users proactively, attempts to download certain risky files will now show additional warnings, or in some cases even be blocked. While Chrome protects all users against malware, Advanced Protection users will get an even stronger level of protection.

AdvProtection.jpg

Warnings like these will prevent Advanced Protection users from downloading unsafe files

This additional protection is part of a growing list of security offerings for those enrolled in the Advanced Protection Program. Just last week, we announced that Enterprise admins could extend the program’s protections to G Suite, Google Cloud Platform (GCP) and Cloud Identity customers. If you or your organization is interested in enrolling in the Advanced Protection Program, learn more at g.co/advancedprotection.