Tag Archives: safety and security

The Advanced Protection Program expands to Chrome

The Advanced Protection Program is our strongest level of protection for the personal Google Accounts of anyone at risk of targeted attacks — like journalists, activists, politicians and business leaders. It offers an evolving list of security offerings to protect our users holistically, across different ways an attacker can try to gain access to their accounts and data.

Starting today, Advanced Protection Program users who have turned on sync in Chrome will automatically start receiving stronger protections against risky downloads across the web, like files containing malware. Advanced Protection users already benefit from malware protections beyond Gmail's standard, industry-leading safeguards. As a result, attackers are shifting their strategies to threaten Advanced Protection users outside of email with linked malware and “drive-by downloads” where users unknowingly download harmful software onto their devices.

To protect our users proactively, attempts to download certain risky files will now show additional warnings, or in some cases even be blocked. While Chrome protects all users against malware, Advanced Protection users will get an even stronger level of protection.

AdvProtection.jpg

Warnings like these will prevent Advanced Protection users from downloading unsafe files

This additional protection is part of a growing list of security offerings for those enrolled in the Advanced Protection Program. Just last week, we announced that Enterprise admins could extend the program’s protections to G Suite, Google Cloud Platform (GCP) and Cloud Identity customers. If you or your organization is interested in enrolling in the Advanced Protection Program, learn more at g.co/advancedprotection.

Source: Google Chrome


Protecting private browsing in Chrome

Chrome’s Incognito Mode is based on the principle that you should have the choice to browse the web privately. At the end of July, Chrome will remedy a loophole that has allowed sites to detect people who are browsing in Incognito Mode. This will affect some publishers who have used the loophole to deter metered paywall circumvention, so we’d like to explain the background and context of the change.

Private browsing principles

People choose to browse the web privately for many reasons. Some wish to protect their privacy on shared or borrowed devices, or to exclude certain activities from their browsing histories. In situations such as political oppression or domestic abuse, people may have important safety reasons for concealing their web activity and their use of private browsing features.

We want you to be able to access the web privately, with the assurance that your choice to do so is private as well. These principles are consistent with emerging web standards for private browsing modes

Closing the FileSystem API loophole

Today, some sites use an unintended loophole to detect when people are browsing in Incognito Mode. Chrome’s FileSystem API is disabled in Incognito Mode to avoid leaving traces of activity on someone’s device. Sites can check for the availability of the FileSystem API and, if they receive an error message, determine that a private session is occurring and give the user a different experience.  

With the release of Chrome 76 scheduled for July 30, the behavior of the FileSystem API will be modified to remedy this method of Incognito Mode detection. Chrome will likewise work to remedy any other current or future means of Incognito Mode detection.

Publisher impact and strategies

The change will affect sites that use the FileSystem API to intercept Incognito Mode sessions and require people to log in or switch to normal browsing mode, on the assumption that these individuals are attempting to circumvent metered paywalls. 

Unlike hard paywalls or registration walls, which require people to log in to view any content, meters offer a number of free articles before you must log in. This model is inherently porous, as it relies on a site’s ability to track the number of free articles someone has viewed, typically using cookies. Private browsing modes are one of several tactics people use to manage their cookies and thereby "reset" the meter count.

Sites that wish to deter meter circumvention have options such as reducing the number of free articles someone can view before logging in, requiring free registration to view any content, or hardening their paywalls. Other sites offer more generous meters as a way to develop affinity among potential subscribers, recognizing some people will always look for workarounds.  We suggest publishers monitor the effect of the FileSystem API change before taking reactive measures since any impact on user behavior may be different than expected and any change in meter strategy will impact all users, not just those using Incognito Mode.

Our News teams support sites with meter strategies and recognize the goal of reducing meter circumvention, however any approach based on private browsing detection undermines the principles of Incognito Mode. We remain open to exploring solutions that are consistent with user trust and private browsing principles.


Source: Google Chrome


Protecting private browsing in Chrome

UPDATE (1/7/2020): With the Chrome 80 release scheduled for early February 2020, Chrome plans to address two additional loopholes which could be used to detect Incognito Mode sessions. With the first fix (Chromium issue #990592), Chrome will handle permanent file system requests similarly to temporary requests. With the second fix (Chromium issue #1017120), Chrome will no longer provide a fixed data storage limit in Incognito Mode and will instead dynamically allocate the quota based on available memory.

Chrome’s Incognito Mode is based on the principle that you should have the choice to browse the web privately. At the end of July, Chrome will remedy a loophole that has allowed sites to detect people who are browsing in Incognito Mode. This will affect some publishers who have used the loophole to deter metered paywall circumvention, so we’d like to explain the background and context of the change.


Private browsing principles

People choose to browse the web privately for many reasons. Some wish to protect their privacy on shared or borrowed devices, or to exclude certain activities from their browsing histories. In situations such as political oppression or domestic abuse, people may have important safety reasons for concealing their web activity and their use of private browsing features.

We want you to be able to access the web privately, with the assurance that your choice to do so is private as well. These principles are consistent with emerging web standards for private browsing modes


Closing the FileSystem API loophole

Today, some sites use an unintended loophole to detect when people are browsing in Incognito Mode. Chrome’s FileSystem API is disabled in Incognito Mode to avoid leaving traces of activity on someone’s device. Sites can check for the availability of the FileSystem API and, if they receive an error message, determine that a private session is occurring and give the user a different experience.  

With the release of Chrome 76 scheduled for July 30, the behavior of the FileSystem API will be modified to remedy this method of Incognito Mode detection. Chrome will likewise work to remedy any other current or future means of Incognito Mode detection.


Publisher impact and strategies

The change will affect sites that use the FileSystem API to intercept Incognito Mode sessions and require people to log in or switch to normal browsing mode, on the assumption that these individuals are attempting to circumvent metered paywalls. 

Unlike hard paywalls or registration walls, which require people to log in to view any content, meters offer a number of free articles before you must log in. This model is inherently porous, as it relies on a site’s ability to track the number of free articles someone has viewed, typically using cookies. Private browsing modes are one of several tactics people use to manage their cookies and thereby "reset" the meter count.

Sites that wish to deter meter circumvention have options such as reducing the number of free articles someone can view before logging in, requiring free registration to view any content, or hardening their paywalls. Other sites offer more generous meters as a way to develop affinity among potential subscribers, recognizing some people will always look for workarounds.  We suggest publishers monitor the effect of the FileSystem API change before taking reactive measures since any impact on user behavior may be different than expected and any change in meter strategy will impact all users, not just those using Incognito Mode.

Our News teams support sites with meter strategies and recognize the goal of reducing meter circumvention, however any approach based on private browsing detection undermines the principles of Incognito Mode. We remain open to exploring solutions that are consistent with user trust and private browsing principles.

Source: Google Chrome


More information about our processes to safeguard speech data

We’re focused on building products that work for everyone, and as part of this, we invest significant resources to ensure that our speech technology works for a wide variety of languages, accents and dialects. This enables products like the Google Assistant to understand your request, whether you’re speaking English or Hindi. 

As part of our work to develop speech technology for more languages, we partner with language experts around the world who understand the nuances and accents of a specific language. These language experts review and transcribe a small set of queries to help us better understand those languages. This is a critical part of the process of building speech technology, and is necessary to creating products like the Google Assistant. 

We just learned that one of these language reviewers has violated our data security policies by leaking confidential Dutch audio data. Our Security and Privacy Response teams have been activated on this issue, are investigating, and we will take action. We are conducting a full review of our safeguards in this space to prevent misconduct like this from happening again.

We apply a wide range of safeguards to protect user privacy throughout the entire review process. Language experts only review around 0.2 percent of all audio snippets. Audio snippets are not associated with user accounts as part of the review process, and reviewers are directed not to transcribe background conversations or other noises, and only to transcribe snippets that are directed to Google. 

The Google Assistant only sends audio to Google after your device detects that you’re interacting with the Assistant—for example, by saying “Hey Google” or by physically triggering the Google Assistant. A clear indicator (such as the flashing dots on top of a Google Home or an on-screen indicator on your Android device) will activate any time the device is communicating with Google in order to fulfill your request. Rarely, devices that have the Google Assistant built in may experience what we call a “false accept.” This means that there was some noise or words in the background that our software interpreted to be the hotword (like “Ok Google”). We have a number of protections in place to prevent false accepts from occurring in your home.  

Building products for everyone is a core part of our DNA at Google. We hold ourselves to high standards of privacy and security in product development, and hold our partners to these same standards. We also provide you with tools to manage and control the data stored in your account. You can turn off storing audio data to your Google account completely, or choose to auto-delete data after every 3 months or 18 months. We’re always working to improve how we explain our settings and privacy practices to people, and will be reviewing opportunities to further clarify how data is used to improve speech technology. Visit your account to review or change your settings, and view (and, if you choose, delete) all the activity that's stored with your account.

Helping kids learn to evaluate what they see online

Editor’s Note: This week we're launching six new media literacy activities for Be Internet Awesome, designed to help kids analyze and evaluate media as they navigate the internet. The new activities were developed in collaboration with experts Anne Collier, executive director of The Net Safety Collaborative, and Faith Rogow, PhD, co-author of The Teacher’s Guide to Media Literacy and a co-founder of the National Association for Media Literacy Education.

As a reading specialist and former high school English teacher, I’ve witnessed technology enhance our lives in and out of the classroom. But that comes with lots of challenges, like learning to communicate responsibly, being kind online and deciphering what is real and what is fake. We need the right tools and resources to help kids make the most of technology, and while good digital safety and citizenship resources exist for families, more can be done for media literacy. I’ve worked alongside dozens of educators who believe that media literacy is essential to safety and citizenship in the digital age, but agree that it’s a topic that can be tough to cover.

Fortunately, the new media literacy lessons developed for Be Internet Awesome make it easy and fun for kids to learn key skills for evaluating what they see online. These lessons complement the program’s digital safety and citizenship topics, which help kids explore the online world in a safe, confident manner.

Be Internet Awesome is like an instruction manual for making smart decisions online. Kids today need a guide to the internet and media just as they need instruction on other topics. We need help teaching them about credible sources, the power of words and images and more importantly, how to be smart and savvy when seeing different media while browsing the web.

All of these resources are not only available for classrooms, but also free and easily accessible for families as well. They’re in both English and in Spanish, along with eight other languages, and if you’d like to get some hands-on training as well, Google is partnering with the YMCA and National PTA across multiple cities to host online safety workshops.

I encourage parents to take advantage of these resources and the new activities on media literacy. Let’s not only teach kids, but also inspire, educate and empower families to make tech work better for them as well.

Update on Project Strobe: New policies for Chrome and Drive

Third-party apps and websites create services that millions of people use to get things done and customize their online experience. To make this ecosystem successful, people need to be confident their data is secure, and developers need clear rules of the road. That’s why last year we announced Project Strobe, a root-and-branch review of third-party developer access to your Google account and Android device data.

As a result of our review, we implemented new policies across Gmail and Android to better protect your data. For example, with changes to SMS and Call Log permissions for Android apps, the number of apps with access to this sensitive information has decreased by more than 98 percent. These apps are still able to deliver core services to people just by switching to permissions that access less sensitive data, or by eliminating minor functionality in their apps.

Today, we’re announcing additional changes as a result of Project Strobe, including new policies for Chrome extensions and the Drive API. Here’s what’s new:

Trustworthy Chrome Extensions

There are more than 180,000 extensions in the Chrome Web Store, and nearly half of all Chrome desktop users actively use extensions to customize Chrome and their experience on the web—helping them keep track of to-dos or find shopping deals online. This ability to improve and personalize online experiences depends on a vibrant community of Chrome browser developers.

Last October, we shared our intention to ensure that all Chrome extensions are trustworthy by default. Today, as part of Project Strobe, we’re continuing that effort with additional Chrome Web Store policies. Specifically:

  1. We’re requiring extensions to only request access to the appropriate data needed to implement their features. If there is more than one permission that could be used to implement a feature, developers must use the permission with access to the least amount of data. While this has always been encouraged of developers, now we’re making this a requirement for all extensions.

  2. We’re requiring more extensions to post privacy policies, including extensions that handle personal communications and user-provided content.Our policies have previously required any extension that handles personal and sensitive user data to post a privacy policy and handle that data securely. Now, we’re expanding this category to include extensions that handle user-provided content and personal communications. Of course, extensions must continue to be transparent in how they handle user data, disclosing the collection, use and sharing of that data.

We’re announcing these changes in advance of the official policy rollout this summer to give developers the time needed to ensure their extensions will be in compliance. Developers can learn more about these changes in our FAQ.

Tightening the Drive API

Last fall we updated our user data policy to provide additional guidelines and restrictions for apps seeking to access your Gmail data. Today we’re announcing plans to extend the same policy to Google Drive, which will give you more control over what data third-party apps can access in Drive.

When you connect third-party apps, Drive gives you one central place to keep all your files and helps you easily collaborate with others. With this updated policy, we’ll limit apps that use Google Drive APIs from broadly accessing content or data in Drive. This means we’ll restrict third-party access to specific files and be verifying public apps that require broader access, such as backup services.

These changes will go into effect early next year. Visit the Cloud blog for more details.

Our top priority is to protect user data and keep it safe, while continuing to enable developers to build features that people want and need. As we continue the work of Project Strobe, we’ll also work with our developer partners to give them appropriate time to adjust and update their apps and services.

.App: bringing more people online securely

Posted by Ben Fried, VP, CIO, & Chief Domains Enthusiast

Celebrating 100 of our favorite .app websites. See the list here.

A year ago, we launched .app, the first open top-level domain (TLD) with built-in security through HSTS preloading. Since then, hundreds of thousands of people have registered .app domains, and we want to take a moment to celebrate them.

People are making more websites and apps than ever before. A recent survey we conducted with The Harris Poll found that nearly half (48%) of U.S. respondents plan to create a website in the near future. And a lot of people, especially students, are already building on the web. Over a third (34%) of 16-24 year olds who’ve already created a website did so for a class project.

Having a meaningful domain name helps students turn their projects into reality. Take Ludwik Trammer, creator of shrew.app, who said: “The site started as a project for my graduate Educational Technology class at Georgia Tech. Getting the perfect domain gave me the initial push to turn it into the real deal (instead of making a prototype, publishing a scientific paper on it, and forgetting it).”

Helping creators launch their sites securely

With so many new creators, it’s essential that everyone does their part to make the internet safer. That’s why Google Registry designed .app to be secure by default, meaning every website on .app requires a HTTPS connection to ensure a secure connection to the internet.

HTTPS helps keep you and your website visitors safe from bad actors, who may exploit connections that aren’t secure by:

  • intercepting or altering the site’s content
  • misdirecting traffic
  • spying on open Wi-Fi networks
  • injecting ad malware or tracking

“As a social application, data protection is paramount. As cyber attacks increase, the security benefits a .app domain brings was a key factor for us. We also believe that a .app domain is significantly more descriptive than a .com domain, meaning users can find us more easily! All in all it was a no brainer for us switching to .app.”

-Daneh Westropp, Founder, pickle.app

There's still work to be done. One out of two people don’t know the difference between HTTP and HTTPS. Many major browsers (like Chrome) warn users in the URL bar when content is "not secure," but there’s every website creator still has a shared responsibility to keep their users safe.

.App is year in, and we’re happy to see so many people using it to build secure websites and connect with the world. You can read more stories from .app owners here and get your own .app name at get.app. If you’re one of the millions of people planning to build a website, we hope you’ll join us in making the internet safer and take the steps to securely launch your website.

A global hub for privacy engineering, in the heart of Europe

Last week at I/O, our annual developer conference in California, I shared how we’re working to build a more helpful Google for everyone. Keeping people safe online, and their information private and secure, is a big part of how we do this. We believe that privacy and safety must be equally available to everyone in the world, and we bring that to life with products that empower everyone with clear and meaningful choices around their data.

To build on that commitment, this week, we’re officially opening the Google Safety Engineering Center (GSEC) in Munich, Germany. We’re growing our operations and doubling the number of privacy engineers in Munich to more than 200 by the end of 2019, making Germany a global hub for Google’s cross-product privacy engineering efforts. The team will work hand-in-hand with privacy specialists in Google offices across Europe and globally, and the products built there will be used around the world.

It’s no accident that we’re building our privacy hub in the heart of Europe, and in a country that in many ways reflects how Europeans think about online safety, privacy and security. Many of our privacy products have been built in Munich, including Google Account, a central place where you can control your privacy when you use Google products. Today, more than 20 million people visit Google Account every day to review their settings, using tools like Privacy Checkup, which provides a quick and easy walk-through of your privacy settings.

Our Munich-based privacy engineers have also made it easier for you to make decisions about your data by making privacy controls easy to find, without ever leaving the app. This capability is already in Search, and we’re rolling it out to Maps, the Assistant and YouTube, too.  

Building privacy and security into the core of our products doesn’t just mean keeping people safe while using Google’s products—it also means keeping people safe when they browse the web. Munich is also home to engineering teams who have built our privacy and security features into the Chrome browser—like enhanced password management and tools and improvements for our cookie controls.

This is a major milestone in our investments in Europe. Since 2007, we’ve grown in Munich to more than 750 people, hailing from more than 60 countries. We’ll continue to invest in all parts of our operation, including the GSEC team. This year’s expansion will take us beyond 1,000 employees for the first time, making the office a true global hub not only for privacy engineering, but for research and product development, as well.

We’re also working to empower more organizations to do this important work with a new Google Impact Challenge on Safety. It’s a 10 million euro grant fund to support nonprofits, universities, academic research institutions, for-profit social enterprises and other organizations that are already working across Europe on a range of safety issues, from keeping young people safe online to addressing hate crimes in their communities.

These announcements mark a significant step forward in making privacy and security a reality for everyone, and we’re excited our teams in Munich are leading the way.

At I/O ’19: Building a more helpful Google for everyone

Today, we welcomed thousands of people to I/O, our annual developer’s conference. It’s one of my favorite events of the year because it gives us a chance to show how we’re bringing Google’s mission to life through new technological breakthroughs and products.

Our mission to make information universally accessible and useful hasn’t changed over the past 21 years, but our approach has evolved over time. Google is no longer a company that just helps you find answers. Today, Google products also help you get stuff done, whether it’s finding the right words with Smart Compose in Gmail, or the fastest way home with Maps.

Simply put, our vision is to build a more helpful Google for everyone, no matter who you are, where you live, or what you’re hoping to accomplish. When we say helpful, we mean giving you the tools to increase your knowledge, success, health, and happiness. I’m excited to share some of the products and features we announced today that are bringing us closer to that goal.

Helping you get better answers to your questions

People turn to Google to ask billions of questions every day. But there’s still more we can do to help you find the information you need. Today, we announced that we’ll bring the popular Full Coverage feature from Google News to Search. Using machine learning, we’ll identify different points of a story—from a timeline of events to the key people involved—and surface a breadth of content including articles, tweets and even podcasts.

Sometimes the best way to understand new information is to see it. New features in Google Search and Google Lens use the camera, computer vision and augmented reality (AR) to provide visual answers to visual questions. And now we’re bringing AR directly into Search. If you’re searching for new shoes online, you can see shoes up close from different angles and even see how they go with your current wardrobe. You can also use Google Lens to get more information about what you’re seeing in the real world. So if you’re at a restaurant and point your camera at the menu, Google Lens will highlight which dishes are popular and show you pictures and reviews from people who have been there before. In GoogleGo, a search app for first-time smartphone users, Google Lens will read out loud the words you see, helping the millions of adults around the world who struggle to read everyday things like street signs or ATM instructions.

Google Lens: Urmila’s Story

Google Lens: Urmila’s Story

Helping to make your day easier

Last year at I/O we introduced our Duplex technology, which can make a restaurant reservation through the Google Assistant by placing a phone call on your behalf. Now, we’re expanding Duplex beyond voice to help you get things done on the web. To start, we’re focusing on two specific tasks: booking rental cars and movie tickets. Using “Duplex on the Web,” the Assistant will automatically enter information, navigate a booking flow, and complete a purchase on your behalf. And with massive advances in deep learning, it’s now possible to bring much more accurate speech and natural language understanding to mobile devices—enabling the Google Assistant to work faster for you.

We continue to believe that the biggest breakthroughs happen at the intersection of AI, software and hardware, and today we announced two Made by Google products: the new Pixel 3a (and 3a XL), and the Google Nest Hub Max. With Pixel 3a, we’re giving people the same features they love on more affordable hardware. Google Nest Hub Max brings the helpfulness of the Assistant to any room in your house, and much more.

Building for everyone

Building a more helpful Google is important, but it’s equally important to us that we are doing this for everyone. From our earliest days, Search has worked the same, whether you’re a professor at Stanford or a student in rural Indonesia. We extend this approach to developing technology responsibly, securely, and in a way that benefits all.

This is especially important in the development of AI. Through a new research approach called TCAV—or testing with concept activation vectors—we’re working to address bias in machine learning and make models more interpretable. For example, TCAV could reveal if a model trained to detect images of “doctors” mistakenly assumed that being male was an important characteristic of being a doctor because there were more images of male doctors in the training data. We’ve open-sourced TCAV so everyone can make their AI systems fairer and more interpretable, and we’ll be releasing more tools and open datasets soon.

Another way we’re building responsibly for everyone is by ensuring that our products are safe and private. We’re making a set of privacy improvements so that people have clear choices around their data. Google Account, which provides a single view of your privacy control settings, will now be easily accessible in more products with one tap. Incognito mode is coming to Maps, which means you can search and navigate without linking this activity with your Google account, and new auto-delete controls let you choose how long to save your data. We’re also making several security improvements on Android Q, and we’re building the protection of a security key right into the phone for two-step verification.

As we look ahead, we’re challenging the notion that products need more data to be more helpful. A new technique called federated learning allows us to train AI models and make products smarter without raw data ever leaving your device. With federated learning, Gboard can learn new words like “zoodles” or “Targaryen” after thousands of people start using them, without us knowing what you’re typing. In the future, AI advancements will provide even more ways to make products more helpful with less data.

Building for everyone also means ensuring that everyone can access and enjoy our products, including people with disabilities. Today we introduced several products with new tools and accessibility features, including Live Caption, which can caption a conversation in a video, a podcast or one that’s happening in your home. In the future, Live Relay and Euphonia will help people who have trouble communicating verbally, whether because of a speech disorder or hearing loss.

Project Euphonia: Helping everyone be better understood

Project Euphonia: Helping everyone be better understood

Developing products for people with disabilities often leads to advances that improve products for all of our users. This is exactly what we mean when we say we want to build a more helpful Google for everyone. We also want to empower other organizations who are using technology to improve people’s lives. Today, we recognized the winners of the Google AI Impact Challenge, 20 organizations using AI to solve the world’s biggest problems—from creating better air quality monitoring systems to speeding up emergency responses.

Our vision to build a more helpful Google for everyone can’t be realized without our amazing global developer community. Together, we’re working to give everyone the tools to increase their knowledge, success, health and happiness. There’s a lot happening, so make sure to keep up with all the I/O-related news.

Source: Android


Privacy that works for everyone

Whether it’s delivering search results in the correct language or recommending the quickest route home, data can make Google products more helpful to you. And you should be able to understand and manage your data—and make privacy choices that are right for you. That’s why easy-to-use privacy features and controls have always been built into our products. At I/O, we announced a number of additional privacy and security tools across our products and platforms: 

Making it easier to control your data

One-tap access to your Google Account from all our major products
Privacy controls should be easy to find and use. A few years ago, we introduced Google Account to provide a comprehensive view of the information you’ve shared and saved with Google, and one place to access your privacy and security settings. Simple on/off controls let you decide which activity you want to save to your account to make Google products more helpful. You can also choose which activities or categories of information you want to delete.

As the number of Google products has grown, we’re making it even easier to find these controls. Today you’ll see your Google Account profile picture appear in the top right corner across products like Gmail, Drive, Contacts and Pay. To quickly access your privacy controls, just tap on your picture and follow the link to your Google Account. The prominent placement of your profile picture also makes it easier to know when you’re signed into your Google Account. We’re bringing this one-tap access to more products this month, including Search, Maps, YouTube, Chrome, the Assistant and News.

MEGA.gif

Easily manage your data in Search, Maps and the Assistant
Last year, we made it easier for you to make decisions about your data directly within Search. Without leaving Search, you can review and delete your recent Search activity, get quick access to the most relevant privacy controls in your Google Account, and learn more about how Search works with your data. Now we’re making it easier to manage your data in Maps, the Assistant and YouTube (coming soon). For example, you'll be able to review and delete your location activity data directly in Google Maps, and then quickly get back to your directions.

Auto-delete now available for Web & App Activity, coming soon to Location History
Last week we announced a new control that lets you choose a time limit for the amount of time your Location History and Web & App Activity data will be saved—3 or 18 months. Any data older than that will be automatically and continuously deleted from your account if you choose. This new control is available today for Web & App Activity and coming next month to Location History.

Bringing Incognito mode to Google apps
Since launching more than a decade ago, Incognito mode in Chrome has given you the choice to browse the internet without your activity being saved to your browser or device. As our phones become the primary way we access the internet, we thought it was important to build Incognito mode for our most popular apps. It’s available in YouTube and coming soon to Maps and Search. Tap from your profile picture to easily turn it on or off. When you turn on Incognito mode in Maps, your activity—like the places you search or get directions to—won’t be saved to your Google Account.

InCognito Mode.gif

Building stronger privacy controls into our platforms
We also made announcements today about privacy across our platforms and products: Android Q is bringing privacy to the forefront of Settings and creating more transparency and control around location. Chrome announced plans to more aggressively restrict fingerprinting across the web and improve cookie controls. Finally, we announced plans to give users more visibility into the data used to personalize ads and the companies involved in the process for the ads that Google shows on our own properties and those of our publishing partners.

Doing more for users with less data

Federated learning makes products more helpful while keeping data on your device
Advances in machine learning are making our privacy protections stronger. One example is federated learning, a new approach to machine learning. It allows developers to train AI models and make products smarter—for you and everyone else—without your data ever leaving your device. These new AI techniques allow us to do more with less data.

Gboard, Google’s keyboard, now uses federated learning to improve predictive typing as well as emoji prediction across tens of millions of devices. Previously, Gboard would learn to suggest new words for you, like “zoodles” or “Targaryen”, only if you typed them several times. Now, with federated learning, Gboard can also learn new words after thousands of people start using them, without Google ever seeing what you’re typing.

We’ve also invested in differential privacy protections, which enable us to train machine learning models without memorizing information that could reveal specific details about a user. We published early research on this topic in 2014, and since then we’ve used it in Chrome, in Gmail with Smart Compose, and in Google Maps to show you how busy a restaurant is. And with the release of the TensorFlow Privacy open-source project, ML developers can now more easily use differential privacy technology.

The strongest security across our products and platforms

Your data is not private if it’s not secure. We’ve always invested in systems to keep our users safe—from our Safe Browsing protection that protects nearly 4 billion devices every day to blocking more than 100 million spam and phishing attempts in Gmail every day. Security keys provide the strongest form of 2-Step Verification against phishing attacks, and now they are built into phones running on Android 7.0 and above, making it available to over one billion compatible devices.

And beginning this summer, anyone with a Nest Account will have the option to migrate their Nest Account to a Google Account, which comes with the added benefits of tools and automatic security protections, like 2-Step Verification, notifications that proactively alert you about unusual account activity and access to Security Checkup.

We strongly believe that privacy and security are for everyone. We’ll continue to ensure our products are safe, invest in technologies that allow us to do more for users with less data, and empower everyone with clear, meaningful choices around their data.