Jump to content

Search the Community

Showing results for tags 'google'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 884 results

  1. Google gives Android users in Europe more search, browser options To comply with a European Commission ruling, Android users in Europe will be presented with new screens offering alternatives to Chrome and Google Search. Google on Thursday outlined how it plans to give Android users in Europe more search app and browser options, in order to comply with a European Commission anti-trust ruling against it. Back in July 2018, the European Commission hit Google with a record €4.34 billion fine for its restrictions on Android device makers and network operators, charging the restrictions were meant to "cement its dominant position in general internet search." Google appealed the fine in October but a week later announced steps it would take to comply with the ruling. Then in March, the company announced it would offer more search and browser options for Android users in Europe. In a blog post Thursday, Google product manager Paul Gennai explained how it would do so: Over the next few weeks, Google will start rolling out new screens that will pop up the first time a European Android user opens Google Play after receiving an incoming update. One screen will present five options for search apps, and one screen will present five options for browsers. The lists will include any search apps or browsers that are already installed. Apps that aren't installed will be chosen based on their popularity and shown in a random order. The new screens will show up on both new and existing Android phones in Europe. If a user does choose to download any new search apps or browsers, Google will then help the user set them up. If a user downloads a search app from the screen, Google will also ask them whether they want to change Chrome's default search engine the next time they open Chrome. Meanwhile, the European Commission last month fined Google yet again, this time hitting the company with a €1.49 billion fine over contracts with third-party websites that locked out rivals from placing search ads on these sites. Source
  2. Google bans logins from embedded browser frameworks to prevent MitM phishing Google previously banned logins initiated from browsers where JavaScript had been disabled. Google announced today a security update for the Google user login system that the company hopes will improve its overall security protections against MitM-based phishing attacks. According to Jonathan Skelker, Product Manager and Account Security for Google, the company plans to block any user login attempts initiated from an embedded browser framework technology. This includes any logins attempted from tools like the Chromium Embedded Framework (CEF), XULRunner, and others. EMBEDDED BROWSERS FRAMEWORKS ABUSED FOR MITM PHISHING Over the past year, cyber-criminals have been using these tools as part of man-in-the-middle (MitM) attacks. Crooks that manage to place themselves in a position to intercept the user's web traffic for the Google login page will often use an embedded browser framework to automate the login operation. The user enters their Google login credentials on a phishing page, and then the crooks operating the page use an embedded browser framework to automate the login operation on the real Google server. They use this technique to bypass two-factor authentication systems, and embedded browser frameworks are usually the component that interacts with Google servers on the cyber-criminal's behalf. GOOGLE CAN'T TELL EMBEDDED BROWSERS FROM REAL USERS "Because we can't differentiate between a legitimate sign in and a MITM attack on these platforms, we will be blocking sign-ins from embedded browser frameworks starting in June," Skelker said. This is just Google's latest security update the company has rolled out for its user login system. Last October, the company banned any login attempts from browsers where JavaScript was disabled. In June 2016, Google banned any login attempts initiated from embedded browsers such as WebView. As for the developers who will now have to rip out embedded browser frameworks like CEF from their apps, Google is recommending that they use browser-based OAuth authenticationinstead --a solution that isn't prone to phishing attacks. "Aside from being secure, it also enables users to see the full URL of the page where they are entering their credentials, reinforcing good anti-phishing practices," Skelker said. "If you are a developer with an app that requires access to Google Account data, switch to using browser-based OAuth authentication today." Source
  3. NOTE: I have included two articles here since they are related. At the end of each article is the link to it. Google’s Sensorvault Is a Boon for Law Enforcement. This Is How It Works. Investigators have been tapping into the tech giant’s enormous cache of location information in an effort to solve crimes. Here’s what this database is and what it does. Law enforcement officials across the country have been seeking information from a Google database called Sensorvault — a trove of detailed location records involving at least hundreds of millions of devices worldwide, The New York Times found. Though the new technique can identify suspects near crimes, it runs the risk of sweeping up innocent bystanders, highlighting the impact that companies’ mass collection of data can have on people’s lives. Why does Google have this data? The Sensorvault database is connected to a Google service called Location History. The feature, begun in 2009, involves Android and Apple devices. Location History is not on by default. Google prompts users to enable it when they are setting up certain services — traffic alerts in Google Maps, for example, or group images tied to location in Google Photos. If you have Location History turned on, Google will collect your data as long as you are signed in to your account and have location-enabled Google apps on your phone. The company can collect the data even when you are not using your apps, if your phone settings allow that. Google says it uses the data to target ads and measure how effective they are — checking, for instance, when people go into an advertiser’s store. The company also uses the information in an aggregated, anonymized form to figure out when stores are busy and to provide traffic estimates. And those who enable Location History can see a timeline of their activities and get recommendations based on where they have been. Google says it does not sell or share the data with advertisers or other companies. Does Google collect other forms of location data? Yes. Google can also gather location information when you conduct searches or use Google apps that have location enabled. If you are signed in, this data is associated with your account. The Associated Press reported last year that this data, called Web & App Activity, is collected even if you do not have Location History turned on. It is kept in a different database from Sensorvault, Google says. To see some of the information in your Location History, you can look at your timeline. This map of your travels does not include all of your Sensorvault data, however. Raw location data from mobile devices can be messy and sometimes incorrect. But computers can make good guesses about your likely path, and about which locations are most important. This is what you see on your timeline. To review all of your Location History, you can download your data from Google. To do that, go to Takeout.Google.com and select Location History. You can follow a similar procedure to download your Web & App Activity on that page. Your Location History data will appear in computer code. If you can’t read code, you can select the “JSON” format and put the file into a text editor to see what it looks like. Can I disable the data collection? Yes. The process varies depending on whether you are on a phone or computer. In its Help Center, Google provides instructions on disabling or deleting Location History and Web & App Activity. How is law enforcement using the data? For years, police detectives have given Google warrants seeking location data tied to specific users’ accounts. But the new warrants, often called “geofence” requests, instead specify an area near a crime. Google looks in Sensorvault for any devices that were there at the right time and provides that information to the police. Google first labels the devices with anonymous ID numbers, and detectives look at locations and movement patterns to see if any appear relevant to the crime. Once they narrow the field to a few devices, Google reveals information such as names and email addresses. Article Tracking Phones When detectives in a Phoenix suburb arrested a warehouse worker in a murder investigation last December, they credited a new technique with breaking open the case after other leads went cold. The police told the suspect, Jorge Molina, they had data tracking his phone to the site where a man was shot nine months earlier. They had made the discovery after obtaining a search warrant that required Google to provide information on all devices it recorded near the killing, potentially capturing the whereabouts of anyone in the area. Investigators also had other circumstantial evidence, including security video of someone firing a gun from a white Honda Civic, the same model that Mr. Molina owned, though they could not see the license plate or attacker. But after he spent nearly a week in jail, the case against Mr. Molina fell apart as investigators learned new information and released him. Last month, the police arrested another man: his mother’s ex-boyfriend, who had sometimes used Mr. Molina’s car. The warrants, which draw on an enormous Google database employees call Sensorvault, turn the business of tracking cellphone users’ locations into a digital dragnet for law enforcement. In an era of ubiquitous data gathering by tech companies, it is just the latest example of how personal information — where you go, who your friends are, what you read, eat and watch, and when you do it — is being used for purposes many people never expected. As privacy concerns have mounted among consumers, policymakers and regulators, tech companies have come under intensifying scrutiny over their data collection practices. The Arizona case demonstrates the promise and perils of the new investigative technique, whose use has risen sharply in the past six months, according to Google employees familiar with the requests. It can help solve crimes. But it can also snare innocent people. Technology companies have for years responded to court orders for specific users’ information. The new warrants go further, suggesting possible suspects and witnesses in the absence of other clues. Often, Google employees said, the company responds to a single warrant with location information on dozens or hundreds of devices. Law enforcement officials described the method as exciting, but cautioned that it was just one tool. “It doesn’t pop out the answer like a ticker tape, saying this guy’s guilty,” said Gary Ernsdorff, a senior prosecutor in Washington State who has worked on several cases involving these warrants. Potential suspects must still be fully investigated, he added. “We’re not going to charge anybody just because Google said they were there.” It is unclear how often these search requests have led to arrests or convictions, because many of the investigations are still open and judges frequently seal the warrants. The practice was first used by federal agents in 2016, according to Google employees, and first publicly reported last year in North Carolina. It has since spread to local departments across the country, including in California, Florida, Minnesota and Washington. This year, one Google employee said, the company received as many as 180 requests in one week. Google declined to confirm precise numbers. The technique illustrates a phenomenon privacy advocates have long referred to as the “if you build it, they will come” principle — anytime a technology company creates a system that could be used in surveillance, law enforcement inevitably comes knocking. Sensorvault, according to Google employees, includes detailed location records involving at least hundreds of millions of devices worldwide and dating back nearly a decade. The new orders, sometimes called “geofence” warrants, specify an area and a time period, and Google gathers information from Sensorvault about the devices that were there. It labels them with anonymous ID numbers, and detectives look at locations and movement patterns to see if any appear relevant to the crime. Once they narrow the field to a few devices they think belong to suspects or witnesses, Google reveals the users’ names and other information. ‘‘There are privacy concerns that we all have with our phones being tracked — and when those kinds of issues are relevant in a criminal case, that should give everybody serious pause,” said Catherine Turner, a Minnesota defense lawyer who is handling a case involving the technique. Investigators who spoke with The New York Times said they had not sent geofence warrants to companies other than Google, and Apple said it did not have the ability to perform those searches. Google would not provide details on Sensorvault, but Aaron Edens, an intelligence analyst with the sheriff’s office in San Mateo County, Calif., who has examined data from hundreds of phones, said most Android devices and some iPhones he had seen had this data available from Google. In a statement, Richard Salgado, Google’s director of law enforcement and information security, said that the company tried to “vigorously protect the privacy of our users while supporting the important work of law enforcement.” He added that it handed over identifying information only “where legally required.” Mr. Molina, 24, said he was shocked when the police told him they suspected him of murder, and he was surprised at their ability to arrest him based largely on data. “I just kept thinking, You’re innocent, so you’re going to get out,” he said, but he added that he worried that it could take months or years to be exonerated. “I was scared,” he said. A Novel Approach Detectives have used the warrants for help with robberies, sexual assaults, arsons and murders. Last year, federal agents requested the data to investigate a string of bombings around Austin, Tex. Uncharted Legal Territory The practice raises novel legal issues, according to Orin Kerr, a law professor at the University of Southern California and an expert on criminal law in the digital age. One concern: the privacy of innocent people scooped up in these searches. Several law enforcement officials said the information remained sealed in their jurisdictions but not in every state. In Minnesota, for example, the name of an innocent man was released to a local journalist after it became part of the police record. Investigators had his information because he was within 170 feet of a burglary. Reached by a reporter, the man said he was surprised about the release of his data and thought he might have appeared because he was a cabdriver. “I drive everywhere,” he said. These searches also raise constitutional questions. The Fourth Amendment says a warrant must request a limited search and establish probable cause that evidence related to a crime will be found. Warrants reviewed by The Times frequently established probable cause by explaining that most Americans owned cellphones and that Google held location data on many of these phones. The areas they targeted ranged from single buildings to multiple blocks, and most sought data over a few hours. In the Austin case, warrants covered several dozen houses around each bombing location, for times ranging from 12 hours to a week. It wasn’t clear whether Google responded to all the requests, and multiple officials said they had seen the company push back on broad searches. Last year, the Supreme Court ruled that a warrant was required for historical data about a person’s cellphone location over weeks, but the court has not ruled on anything like geofence searches, including a technique that pulls information on all phones registered to a cell tower. Google’s legal staff decided even before the 2018 ruling that the company would require warrants for location inquiries, and it crafted the procedure that first reveals only anonymous data. “Normally we think of the judiciary as being the overseer, but as the technology has gotten more complex, courts have had a harder and harder time playing that role,” said Jennifer Granick, surveillance and cybersecurity counsel at the American Civil Liberties Union. “We’re depending on companies to be the intermediary between people and the government.” In several cases reviewed by The Times, a judge approved the entire procedure in a single warrant, relying on investigators’ assurances that they would seek data for only the most relevant devices. Google responds to those orders, but Mr. Kerr said it was unclear whether multistep warrants should pass legal muster. Some jurisdictions require investigators to return to a judge and obtain a second warrant before getting identifying information. With another warrant, investigators can obtain more extensive data, including months of location patterns and even emails. Mixed Results Investigators in Arizona have never publicly disclosed a likely motive in the killing of Joseph Knight, the crime for which Mr. Molina was arrested. In a court document, they described Mr. Knight, a 29-year-old aircraft repair company employee, as having no known history of drug use or gang activity. Detectives sent the geofence warrant to Google soon after the murder and received data from four devices months later. One device, a phone Google said was linked to Mr. Molina’s account, appeared to follow the path of the gunman’s car as seen on video. His carrier also said the phone was associated with a tower in roughly the same area, and his Google history showed a search about local shootings the day after the attack. After his arrest, Mr. Molina told officers that Marcos Gaeta, his mother’s ex-boyfriend, had sometimes taken his car. The Times found a traffic ticket showing that Mr. Gaeta, 38, had driven that car without a license. Mr. Gaeta also had a lengthy criminal record. While Mr. Molina was in jail, a friend told his public defender, Jack Litwak, that she was with him at his home about the time of the shooting, and she and others provided texts and Uber receipts to bolster his case. His home, where he lives with his mother and three siblings, is about two miles from the murder scene. Mr. Litwak said his investigation found that Mr. Molina had sometimes signed in to other people’s phones to check his Google account. That could lead someone to appear in two places at once, though it was not clear whether that happened in this case. Mr. Gaeta was arrested in California on an Arizona warrant. He was then charged in a separate California homicide from 2016. Officials said that case would probably delay his extradition to Arizona. A police spokesman said “new information came to light” after Mr. Molina’s arrest, but the department would not comment further. Months after his release, Mr. Molina was having trouble getting back on his feet. After being arrested at work, a Macy’s warehouse, he lost his job. His car was impounded for investigation and then repossessed. The investigators “had good intentions” in using the technique, Mr. Litwak said. But, he added, “they’re hyping it up to be this new DNA type of forensic evidence, and it’s just not.” Article
  4. Google and Apple asked to remove China’s TikTok in India: Report The decision follows reports that Foxconn is looking to expand manufacturing operations in India. India's Ministry of Electronics and Information Technology (MeitY) has reportedly asked for the removal of China's video and live-streaming app TikTok, with the Economic Times claiming the government asked Apple and Google to remove it from their respective app stores. Citing people familiar with the matter, the reportsaid MeitY's order will stop further downloads of the application, but those already possessing the app will be able to continue using it on their device. The move follows the Indian Supreme Court on Monday refusing to stay an earlier order by the Madras High Court to ban the app. It is expected the matter will be heard by the Madras High Court on April 22. As the Economic Times explained, the Madurai bench of the Madras High Court passed an order earlier this month directing the government to prohibit TikTok from being downloaded in India. It also restricted media companies from telecasting any videos that are made using the application. The ban follows reports that China's Foxconn is expanding its manufacturing operations in India. Foxconn is Apple's largest and most well-known assembler and iPhone manufacturer. According to the South China Morning Post, Foxconn will start mass producing Apple products in India this year. The report also said that Foxconn's 69-year-old founder and chairman Terry Gou Tai-ming will decrease his workload during the day-to-day operations, hoping to pass down his 45 years of experience to younger management. It was detailed in November that Foxconn was planning to cut operational costs by 20 billion yuan ($2.9 billion) following a "very difficult and competitive year". At the time, it was said roughly 10% of non-technical staff would be eliminated from the payroll in 2019. The reduction of expenses in the iPhone manufacturing sector to the tune of six billion yuan, roughly a third of Foxconn's current expenditure in the business, was also flagged in an internal memo. It was also revealed in January that Foxconn had shed around 50,000 contract jobs since October. Source
  5. Former Mozilla exec: Google has sabotaged Firefox for years Former and current Mozilla engineers are reaching their boiling points. A former high-ranking Mozilla executive has accused Google of intentionally and systematically sabotaging Firefox over the past decade in order to boost Chrome's adoption. He is not the first Firefox team member to come forward and make such accusations in the past eight months; however, his allegations span far beyond current events and accuse Google of carrying out a coordinated plan that involved introducing small bugs on its sites that would only manifest for Firefox users. OOPS AFTER OOPS Johnathan Nightingale, a former General Manager and Vice President of the Firefox group at Mozilla, described these issues as "oopses." "When I started at Mozilla in 2007 there was no Google Chrome, and most folks we spoke with inside [Google] were Firefox fans," Nightingale recollected in a Twitter thread on Saturday. "When Chrome launched things got complicated, but not in the way you might expect. They had a competing product now, but they didn't cut ties, break our search deal - nothing like that. In fact, the story we kept hearing was, 'We're on the same side. We want the same things'," the former Mozilla exec said. "I think our friends inside Google genuinely believed that. At the individual level, their engineers cared about most of the same things we did. Their product and design folks made many decisions very similarly, and we learned from watching each other. "But Google as a whole is very different than individual googlers," Nightingale said. "Google Chrome ads started appearing next to Firefox search terms. Gmail & [Google] Docs started to experience selective performance issues and bugs on Firefox. Demo sites would falsely block Firefox as 'incompatible'," he said. "All of this is stuff you're allowed to do to compete, of course. But we were still a search partner, so we'd say 'hey what gives?' And every time, they'd say, 'oops. That was accidental. We'll fix it in the next push in 2 weeks.' "Over and over. Oops. Another accident. We'll fix it soon. We want the same things. We're on the same team. There were dozens of oopses. Hundreds maybe?" "I'm all for 'don't attribute to malice what can be explained by incompetence' but I don't believe Google is that incompetent. I think they were running out the clock. We lost users during every oops. And we spent effort and frustration every clock tick on that instead of improving our product. We got outfoxed for a while and by the time we started calling it what it was, a lot of damage had been done," Nightingale said. NOT THE FIRST ACCUSATIONS And Nightingale is not the first Firefox team member to come forward and make such accusations. In July 2018, Mozilla Program Manager Chris Peterson accused Google of intentionally slowing down YouTube performance on Firefox. He revealed that both Firefox and Edge were superior when loading YouTube content when compared to Chrome, and in order to counteract this performance issue, Google switched to using a JavaScript library for YouTube that they knew wasn't supported by Firefox. Source
  6. Google Releases the First Android System Update on Google Play Store Google has started testing out a new Android system update distribution system that relies on the Google Play Store and not on the built-in update feature of each device. The most recent Android Q beta update for the Google Pixel is thus available from the Google Play Store, just like a typical app update, as per this reddit discussion. Android uses different update mechanisms for apps and the operating system. While firmware and system updates are shipped to devices through a dedicated update tool implemented (and customized) by each manufacturer, app updates are delivered via the Google Play store and are managed by Google. Beginning with this update, and possibly with the stable release of Android Q later in the summer, Android system updates could also make their way to the Google Play Store. This technically means that OS updates could be released to Android devices faster than before, though it remains to be seen how Google would manage carrier and manufacturer policies for each update.Dealing with slow updatesTimely updates on Android is currently one of the biggest problems of the platform, as companies typically release system updates and the monthly security patches several weeks or even months after Google makes them available for its devices. With the Google Play Store model, the search giant could try to tackle this problem, though again, it’ll certainly be interesting to see how this strategy aligns with the plans of other manufacturers. The new implementation is still in its early days, and users claim their devices are rebooted automatically after the updates are downloaded. No prompt is displayed to require permission for a device restart, but there’s no doubt such a feature would be added by the time the new feature makes its way to production devices. Further details are expected to be shared by Google in just a few weeks at Google’s I/O developer conference, and in the meantime, you can try out the new update distribution system by entering the Android Q beta program. Source
  7. Blow for Google, Facebook as EU approves tougher copyright regulations Google and other online platforms will have to sign licensing agreements with musicians, performers, authors, news publishers and journalists to use their workREUTERS | April 16, 2019, 07:40 IST Google will have to pay publishers for news snippets and Facebook filter out protected content under new copyright rules aimed at ensuring fair compensation for the European Union's $1 trillion creative industries. EU governments on Monday backed the move launched by the European Commission two years ago to protect Europe's creative industries, which employ 11.7 million people in the bloc. "When it comes to completing Europe's digital single market, the copyright reform is the missing piece of the puzzle," the Commission's president Jean-Claude Juncker said in a statement. Under the new rules, Google and other online platforms will have to sign licensing agreements with musicians, performers, authors, news publishers and journalists to use their work. The European Parliament gave a green light last month to a proposal that has pitted Europe's creative industry against tech companies, internet activists and consumer groups. Wikipedia blacked out several European sites in protest last month, while the change was opposed by Finland, Italy, Luxembourg, the Netherlands, Poland and Sweden. But 19 countries, including France and Germany, endorsed the revamp, while Belgium, Estonia and Slovenia abstained. Under the new regime Google-owned YouTube, Facebook's Instagram and other sharing platforms will have to install filters to prevent users from uploading copyrighted materials. Google said the new rules would hurt Europe's creative and digital economies, while critics said it would hit cash-strapped smaller companies rather than the tech giants. Poland said the overhaul was a step backwards as the filter requirement may lay the foundation for censorship. EU lawmaker for the European Pirate Party Julia Reda, who had campaigned against the reforms, said critics could take their case to court but it would be slow and difficult and that the best thing would be to monitor fair implementation. The European Magazine Media Association, the European Newspaper Publishers' Association, the European Publishers Council, News Media Europe and independent music labels lobbying group Impala welcomed the move. EU countries have two years to transpose the copyright directive into national laws. ($1 = 0.8835 euros) Source
  8. Google’s chief diversity officer, Danielle Brown, has left the company. Brown, who became Google’s CDO in June 2017 after serving in a similar role at Intel, announced today that she’s joined payroll and benefits startup Gusto to lead its chief people operations. In Brown’s LinkedIn post announcing the job change, she noted that she will have the opportunity to “engage and support an internal team” as well as “influence how we build our product to drive positive change around critical issues like diversity, compliance, and employee engagement for millions of workers in the U.S.” For Google, this means Melonie Parker will step into the role of CDO, following a nine-month stint as Google’s head of diversity. In a statement to TechCrunch, Google VP of People Operations Eileen Naughton said: "We’re grateful to Danielle for her excellent work over the past two years to improve representation in Google’s workforce and ensure an inclusive culture for everyone. We wish her all the best in her new role at Gusto. We’re fortunate to have a deep bench of experienced leaders and are delighted that Melonie Parker, who has been our Head of Diversity, Equity and Inclusion, will step up to become Google’s Chief Diversity Officer and Director, Employee Engagement. Melonie has 20 years of HR experience, and a passion for improving workforce representation and inclusion. We’re deeply committed to this work and have made progress, but there’s more we need to do." Perhaps it’s no surprise that, following one diversity-related issue after another (anti-diversity manifesto, sexual harassment allegations, employee-led walkouts, etc.), Google’s chief diversity officer has decided to seek potential greener pastures. It’s also worth noting that Google has been through its fair share of diversity leads. In 2016, then-Google head of diversity Nancy Lee left the company, saying she was retiring. However, Lee has since joined electric scooter startup Lime as its chief human resources officer. Google is currently 68.4 percent male, 54.4 percent white, 39.8 percent Asian, 3.3 percent black, 5.7 percent Latinx and 0.8 percent Native American, according to its most recent diversity report. Source
  9. The Electronic Privacy Information Center (“EPIC”), a civil liberties group based in Washington D.C., filed an amicus brief in the United States vs. Wilson case concerning Google scanning billions of users’ files for unlawful content and then sending that information to law enforcement agencies. Bypassing the Fourth Amendment EPIC alleges that law enforcement is using Google, a private entity, to bypass the Fourth Amendment, which requires due process and probable cause before “searching or seizing” someone’s property. As a private entity, Google doesn’t have to abide by the Fourth Amendment as the government has to, so it can do those mass searches on its behalf and then give the government the results. The U.S. government has been increasingly using this strategy to bypass Fourth Amendment protections of U.S. citizens and to expand its warrantless surveillance operations further. Image Hashes vs. Image Matches Google and a few other companies have “voluntarily” agreed to use a database of images hashes from the National Center for Missing and Exploited Children (NCMEC) to help the agency find exploited children. More than that, the companies would also give any information they have on the people who owned those images, given they are users of said companies’ services and have shared the images through those services. Image hash values are unique alphanumerical strings of characters that can be associatedwith images. These values are then used to match one image to another and see if the files are 100% identical. EPIC alleges that Google has gone even beyond this voluntary commitment to help NCMEC find criminals who exploit children by using image hash matching, and it’s now also using image matching techniques that can look at different files to see whether or not they contain a certain image. EPIC said this is very different from the first case of hash matching because image matching can result in many false positives (the algorithm can say that a certain file contains the original image, even though it doesn’t). Referring Innocent People to Law Enforcement EPIC noted that neither Google nor the government has revealed how the image matching algorithm works nor have they revealed accuracy, reliability, or validity of the technique, all of which are required for scientific evidence in court. EPIC argues that Google or other companies could use similar algorithms to scan not just for images of exploited children, but also for other purposes such as determining if files contain religious views, political opinions, or “banned books.” Google was recently involved in a controversy about its development of a censored search engine for China, called “Project Dragonfly.” The search engine would enable the identification of material that the Chinese government considers “sensitive,” which likely goes much further than images of exploited children. A Need for Algorithmic Transparency In the Carpenter vs. United States case, the Supreme Court recognized that the existing Fourth Amendment standards need to be reexamined in the new digital age. The Court ruled that the government couldn’t automatically track individuals’ locations everywhere they go for long periods of time without a warrant. If the equivalent of the digital surveillance translated to the physical world meant that the government would have to deploy costly surveillance operations that would rarely happen, then the much cheaper automated digital surveillance shouldn’t be permitted without a warrant, either. EPIC argued in its new briefing that automated scanning of files for various “crimes” falls into the same category. Even if the scanning of files can be cataloged as “private search,” the government would need to have “virtual certainty” that the files it intends to open are the same ones that were scanned by the private company, and this may not be possible. The government can’t guarantee that the files identified by Google are the same ones that the user uploaded. This is also why EPIC believes that algorithmic transparency is critical for software that interacts with the justice system and provides information that incriminates users of various services. Source
  10. Does Google meet its users’ expectations around consumer privacy? This news industry research says no A significant majority of consumers do not expect Google to track their activities across their lives, their locations, on other sites, and on other platforms. Numerous privacy scandals over the past couple of years have fueled the need for increased examination of tech companies’ data tracking practices. While the ethics around data collection and consumer privacy have been questioned for years, it wasn’t until Facebook’s Cambridge Analytics scandal that people began to realize how frequently their personal data is shared, transferred, and monetized without their permission. Cambridge Analytica was by no means an isolated case. Last summer, an AP investigation found that Google’s location tracking remains on even if you turn it off in Google Maps, Search, and other apps. Research from Vanderbilt professor Douglas Schmidt found that Google engages in “passive” data collection, often without the user’s knowledge. His research also showed that Google utilizes data collected from other sources to de-anonymize existing user data. That’s why we at Digital Content Next, the trade association of online publishers I lead, wrote this Washington Post op-ed, “It isn’t just about Facebook, it’s about Google, too” when Facebook first faced Capitol Hill. It’s also why the descriptor surveillance advertising is increasingly being used to describe Google and Facebook’s advertising businesses, which use personal data to tailor and micro-target ads. Consumers are on alert. DCN surveyed a nationally representative sample1 to find out what people expect from Google — and, as with a similar study we conducted last year about Facebook, the results were unsettling. Our findings show that many of Google’s data practices deviate from consumer expectations. We find it even more significant that consumer’s expectations are at an all-time low even after 2018, a year in which awareness around consumer privacy reached peak heights. The results of the study are consistent with our Facebook study: People don’t want surveillance advertising. A majority of consumers indicated they don’t expect to be tracked across Google’s services, let alone be tracked across the web in order to make ads more targeted. Nearly two out of three consumers don’t expect Google to track them across non-Google apps, offline activities from data brokers, or via their location history. There was only one question where a small majority of respondents felt that Google was acting according to their expectations. That was about Google merging data from search queries with other data it collects on its own services. They also don’t expect Google to connect the data back to the user’s personal account, but only by a small majority. Google began doing both of these in 2016 after previously promising it wouldn’t. Google’s personal data collection practices affect the more than 2 billion people who use devices running their Android operating software and hundreds of millions more iPhone users who rely on Google for browsing, maps, or search. Most of them expect Google to collect some data about them in exchange for use of services. However, as our research shows, a significant majority of consumers do not expect Google to track their activities across their lives, their locations, on other sites, and on other platforms. And as the AP discovered, Google continues to do some of this even after consumers explicitly turn off tracking. With new laws in Europe and California and with federal discussions about how to bring similar protections to the rest of America, it’s critical to understand what consumers actually demand, align expectations to those demands, and rebuild trust in our industry. Consumers expect nothing less. Source
  11. Google makes billions from its cloud platform. Now it’s using those billions to buy up the internet itself — or at least the submarine cables that make up the internet backbone. Above: An operator works during the mooring of an undersea fiber optic cable near the Spanish Basque village of Sopelana on June 13, 2017. In February, the company announced its intention to move forward with the development of the Curie cable, a new undersea line stretching from California to Chile. It will be the first private intercontinental cable ever built by a major non-telecom company. And if you step back and just look at intracontinental cables, Google has fully financed a number of those already; it was one of the first companies to build a fully private submarine line. Google isn’t alone. Historically, cables have been owned by groups of private companies — mostly telecom providers — but 2016 saw the start of a massive submarine cable boom, and this time, the buyers are content providers. Corporations like Facebook, Microsoft, and Amazon all seem to share Google’s aspirations for bottom-of-the-ocean dominance. I’ve been watching this trend develop, being in the broadband space myself, and the recent movements are certainly concerning. Big tech’s ownership of the internet backbone will have far-reaching, yet familiar, implications. It’s the same old consumer tradeoff; more convenience for less control — and less privacy. We’re reaching the next stage of internet maturity; one where only large, incumbent players can truly win in media. Consumers will soon need to decide exactly how much faith they want to place in these companies to build out the internet of tomorrow. We need to decide carefully, too; these are the same companies that are gaining access to a seemingly ever-increasing share of our private lives. Walling off the garden If you want to measure the internet in miles, fiber-optic submarine cables are the place to start. These unassuming cables crisscross the ocean floor worldwide, carrying 95-99 percent of international data over bundles of fiber-optic cable strands the diameter of a garden hose. All told, there are more than 700,000 miles of submarine cables in use today. While past cable builders leveraged cable ownership to sell bandwidth, content providers are building purposefully private cables. The internet is commonly described as a cloud. In reality, it’s a series of wet, fragile tubes, and Google is about to own an alarming number of them. The numbers speak for themselves; Google will own 10,433 miles of submarine cables internationally when the Curie cable is completed later this year. The total shoots up to 63,605 miles when you include cables it owns in consortium with Facebook, Microsoft, and Amazon. Including these part-owned cables, the company has enough submarine infrastructure to wrap around the earth’s equator two-and-a-half times (with thousands of cable miles to spare). The impetus for Google’s submarine projects This submarine cable boom makes more sense when you look at the growth of traffic that’s taken place in the past decade. In the Atlantic and Pacific, content providers accounted for over half of total demand in 2017. Content provider data use has skyrocketed from less than eight percent to near 40 percent in the past 10 years. It should be noted here that stats are significantly lower in Africa and the Middle East, suggesting that developed nations hunger for video content and cloud apps are a driver of the trend. This is supported by overall international bandwidth use between countries. In 2017, India only used 4,977 Mbps of international bandwidth. The U.S. used a staggering 4,960,388 Mbps that same year. The cost of privatized infrastructure Like the removal of Net Neutrality, privatizing internet infrastructure has only reduced prices for consumers. The problem we now face is a moral one: Do we want a private internet? Or do we want to preserve the “Wild West” web that we’ve had to this point? Unfortunately, the question isn’t as simple as drawing a line between “good” and “bad” network optimizations. Practices like edge networking and zero-rating are critical to the business models of companies like Netflix and AT&T — they also don’t technically violate the rules, and ultimately deliver much better services to consumers. As we look to the future, we need to start asking ourselves what the internet is really going to look like whenever the content services that already command so much of our attention are in control of the internet backbone as well. Privatized infrastructure may bring untold benefits for consumers in the short run, but is there a cost we aren’t considering? Source
  12. Google has finally planned to introduce what iPhone users were enjoying for years. According to Android Q documentation, Android Q to natively support the 3D Touch-like feature called “deep press.” Although they both mean pretty much the same, the name “deep press” makes more sense as compared to the 3D-Touch. The feature will allow you to perform various actions such as bring up the context menu without having to tap here and there multiple times. Just tell your fingers to put some extra pressure and it’ll do the trick for you. It’s early days and the feature is yet to make its way to the Android Q Build, therefore, we haven’t been able to see the feature in action. Assuming the feature works more or less the same as the iOS, there is one major concern and that is compatibility. It’s not clear whether the existing smartphones running Android Q will be able to cash in on the new feature or they will be left out. It’s been four years(almost) since Apple launched 3D-Touch feature in iPhone 6s and with every new iPhone, the 3D-Touch got more feature-rich. That said, I think this year’s Google I/O will see Google talking extensively about the feature and you might see the company taking a dig at iPhone but for that to happen it has to deliver. Source
  13. Google's product support has become a joke, and the company should be very concerned. Enlarge / An artist's rendering of Google's current reputation. Aurich Lawson It's only April, and 2019 has already been an absolutely brutal year for Google's product portfolio. The Chromecast Audio was discontinued January 11. YouTube annotations were removed and deleted January 15. Google fibre packed up and left a fibre city on February 8. Android Things dropped IoT support on February 13. Google's laptop and tablet division was reportedly slashed on March 12. Google Allo shut down on March 13. The "Spotlight Stories" VR studio closed its doors on March 14. The goo.gl URL shortener was cut off from new users on March 30. Gmail's IFTTT support stopped working March 31. And today, April 2, we're having a Google Funeral double-header: both Google+ (for consumers) and Google Inbox are being laid to rest. Later this year, Google Hangouts "Classic" will start to wind down, and somehow also scheduled for 2019 is Google Music's "migration" to YouTube Music, with the Google service being put on death row sometime afterward. We are 91 days into the year, and so far, Google is racking up an unprecedented body count. If we just take the official shutdown dates that have already occurred in 2019, a Google-branded product, feature, or service has died, on average, about every nine days. Some of these product shutdowns have transition plans, and some of them (like Google+) represent Google completely abandoning a user base. The specifics aren't crucial, though. What matters is that every single one of these actions has a negative consequence for Google's brand, and the near-constant stream of shutdown announcements makes Google seem more unstable and untrustworthy than it has ever been. Yes, there was the one time Google killed Google Wave nine years ago or when it took Google Reader away six years ago, but things were never this bad. For a while there has been a subset of people concerned about Google's privacy and antitrust issues, but now Google is eroding trust that its existing customers have in the company. That's a huge problem. Google has significantly harmed its brand over the last few months, and I'm not even sure the company realizes it. Google products require trust and investment Enlarge / The latest batch of dead and dying Google apps. Google is a platform company. Be it cloud compute, app and extension ecosystems, developer APIs, advertising solutions, operating-system pre-installs, or the storage of user data, Google constantly asks for investment from consumers, developers, and partner companies in the things it builds. Any successful platform will pretty much require trust and buy-in from these groups. These groups need to feel the platform they invest in today will be there tomorrow, or they'll move on to something else. If any of these groups loses faith in Google, it could have disastrous effects for the company. Consumers want to know the photos, videos, and emails they upload to Google will stick around. If you buy a Chromecast or Google Home, you need to know the servers and ecosystems they depend on will continue to work, so they don't turn into fancy paperweights tomorrow. If you take the time to move yourself, your friends, and your family to a new messaging service, you need to know it won't be shut down two years later. If you begrudgingly join a new social network that was forced down your throat, you need to know it won't leak your data everywhere, shut down, and delete all your posts a few years later. There are also enterprise customers, who, above all, like safe bets with established companies. The old adage of "Nobody ever got fired for buying IBM" is partly a reference for the enterprise's desire for a stable, steady, reliable tech partner. Google is trying to tackle this same market with its paid G Suite program, but the most it can do in terms of stability is post a calendar detailing the rollercoaster of consumer-oriented changes coming down the pipeline. There's a slower "Scheduled release track" that delays the rollout of some features, but things like a complete revamp of Gmail eventually all still arrive. G Suite has a "Core Services" list meant to show confidence in certain products sticking around, but some of the entries there, like Hangouts and Google Talk, still get shut down. Developers gamble on a platform's stability even more than consumers do. Consumers might trust a service with their data or spend money on hardware, but developers can spend months building an app for a platform. They need to read documentation, set up SDKs, figure out how APIs work, possibly pay developer startup fees, and maybe even learn a new language. They won't do any of this if they don't have faith in the long-term stability of the platform. Developers can literally build their products around paid-access Google APIs like the Google Maps API, and when Google does things like raise the price of the Maps API by 14x for some use cases, it is incredibly disruptive for those businesses and harmful to Google's brand. When apps like Reddit clients are flagged by Google Play "every other month" for the crime of displaying user-generated content and when it's impossible to talk to a human at Google about anything, developers are less likely to invest in your schizophrenic ecosystem. Hardware manufacturers and other company partners need to be able to trust a company, too. Google constantly asks hardware developers to build devices dependent on its services. These are things like Google Assistant-compatible speakers and smart displays, devices with Chromecast built in, and Android and Chrome OS devices. Manufacturers need to know a certain product or feature they are planning to integrate will be around for years, since they need to both commit to a potentially multi-year planning and development cycle, and then it needs to survive long enough for customers to be supported for a few years. Watching Android Things chop off a major segment of its market nine months after launch would certainly make me nervous to develop anything based on Android Things. Imagine the risk Volvo is taking by integrating the new Android Auto OS into its upcoming Polestar 2: vehicles need around five years of development time and still need to be supported for several years after launch. Google’s shutdowns cast a shadow over the entire company With so many shutdowns, tracking Google's bodycount has become a competitive industry on the Internet. Over on Wikipedia, the list of discontinued Google products and services is starting to approach the size of the active products and services listed. There are entire sites dedicated to discontinued Google products, like killedbygoogle.com, The Google Cemetery, and didgoogleshutdown.com. I think we're seeing a lot of the consequences of Google's damaged brand in the recent Google Stadia launch. A game streaming platform from one of the world's largest Internet companies should be grounds for excitement, but instead, the baggage of the Google brand has people asking if they can trust the service to stay running. In addition to the endless memes and jokes you'll see in every related comments section, you're starting to see Google skepticism in mainstream reporting, too. Over at The Guardian, this line makes the pullquote: "A potentially sticky fact about Google is that the company does have a habit of losing interest in its less successful projects." IGN has a whole section of a report questioning "Google's Commitment." From a Digital Foundry video: "Google has this reputation for discontinuing services that are often good, out of nowhere." One of SlashGear's "Stadia questions that need answers" is "Can I trust you, Google?" Enlarge / Google's Phil Harrison talks about the new Google Stadia controller. Google One of my favorite examples came from a Kotaku interview with Phil Harrison, the leader of Google Stadia. In an audio interview, the site lays this whopper of a question on him: "One of the sentiments we saw in our comments section a lot is that Google has a long history of starting projects and then abandoning them. There's a worry, I think, from users who might think that Google Stadia is a cool platform, but if I'm connecting to this and spending money on this platform, how do I know for sure that Google is still sticking with it for two, three, five years? How can you guys make a commitment that Google will be sticking with this in a way that they haven't stuck with Google+, or Google Hangouts, or Google fibre, Reader, or all the other things Google has abandoned over the years?" Yikes. Kotaku is totally justified to ask a question like this, but to have one of your new executives face questions of "When will your new product shut down?" must be embarrassing for Google. Harrison's response to this question started with a surprisingly honest acknowledgement: "I understand the concern." Harrison, seemingly, gets it. He seemingly understands that it's hard to trust Google after so many product shutdowns, and he knows the Stadia team now faces an uphill battle. For the record, Harrison went on to cite Google's sizable investment in the project, saying Stadia was "Not a trivial product" and was a "significant cross-company effort." (Also for the record: you could say all the same things about Google+ a few years ago, when literally every Google employee was paid to work on it. Now it is dead.) Harrison and the rest of the Stadia team had nothing to do with the closing of Google Inbox, or the shutdown of Hangouts, or the removal of any other popular Google product. They are still forced to deal with the consequences of being associated with "Google the Product Killer," though. If Stadia was an Amazon product, I don't think we would see these questions of when it would shut down. Microsoft's game streaming service, Project xCloud, only faces questions about feasibility and appeal, not if Microsoft will get bored in two years and dump the project. How did we get here? Google's love of product shutdowns is mostly just a side effect of Google's love for developing products. Calling anything a "Google Product" is usually a gross simplification—Google rarely does anything as a singular company. Instead, the industry giant is made up of autonomous product groups that develop and launch things on their own schedule. This is why Google often ends up making "Two of everything:" different teams don't communicate and end up tackling the same problem with different ideas. Google's strategy of having multiple teams throw things against the wall to see what sticks leads to lots and lots of products and services launching all the time, all with varying levels of quality, integration with other Google products, and varying lifetimes. It also leads to lots and lots of product cancellations. A better way to frame launches and other decisions inside of Google is try to figure out which team inside of Google has built a product, and to view each product team as a separate entity. The Google Assistant does well, because it is run by the Google Search team. On the other side of the spectrum, we have the Google Messaging team, which—after Hangouts, Hangouts Chat, Allo, Duo, Google Voice, and Android Messages—has pretty much no credibility left at all. The Android Team is easily one of the steadiest, most reliable groups at Google. Having various teams launch whatever hardware they want was a mess until all the hardware was put under the control of a new Google Hardware division. The Gmail team lives under the "Google Apps" umbrella, and it's responsible for developing and shutting down Inbox. Google Apps, with its enterprise focus, is usually a stalwart group, and Inbox is the first big shutdown from the Google Apps team in a long time. Google Fiber is not even part of Google; instead, it's a separate company under Google's parent company, Alphabet. Every shutdown has a story Google+ was created as a brand-new division inside of Google, led by Vic Gundotra. Back in 2011, success in social was considered critical to Google's survival, and Gundotra was given the title of "Senior Vice President." That made him one of eight or so people that regularly reported to then-CEO Larry Page. From here Google+ followed a pattern we see a few times with Google product launches and cancellations: Gundotra, the driving force behind Google+, left Google (or perhaps was compelled to leave Google) in 2014, which signaled the beginning of the end for Google+. Google+ was immediately stopped, Plus' more successful features were spun off, and eventually Google killed Google+ after a revelation of data security issues was made public. Any website with traffic analytics will tell you that Google+ usage has been continually declining, but shutting down a major product due to a data leak is certainly a strange decision. I could understand if the product was being abandoned entirely, but the enterprise version of Google Plus will continue to live on. Google has even promised a redesign and new features for the enterprise version. Hangouts was a product that never quite found a solid home inside Google. It was cooked up by the Google+ team as a way to combine all of Google's other messaging services into a single app. When Plus started its death spiral, Hangouts didn't have an obvious home in another division at Google. Eventually, the standalone messaging team was created, but it seemed more interested in starting its own (numerous) projects than supporting a messaging app created by someone else. Google Play Music is dying due to pretty much the same situation as Hangouts. Back in 2011, iOS had a great music solution (iTunes), while Android didn't. So Google Music was created by the Android team as part of the "Android Market" content store. With Web clients and plans to branch out onto iOS, the "Android Market" branding didn't make a ton of sense, so eventually the "Google Play" brand was born, and eventually Google Play became separate from the Android division. Now we have Google's YouTube taking over a lot of Google's media content strategy with all new apps, and just like Hangouts, it seems like a solid product is dying due to "not invented here" syndrome. I could go on forever about the explanations behind Google's many shutdowns. The shutdowns are all from independent teams making independent decisions, with products, employees, and divisions shifting around as time goes by. The rationale behind each shutdown doesn't really matter though—the problem is the cumulative effect of all these individual shutdowns on Google's reputation and Google's customers that, time and time again, have products taken away from them. Maybe it’s time for a public roadmap With all of the shutdowns already announced, I'm not sure there's anything Google can do to help its reputation at this point. The amount of people I see still bringing up Google Reader's shutdown is incredible—having a frequently used Web service snatched away from you sticks with people. If people lose confidence in Google's ability to host a stable lineup of services, more and more users will move out of the Google ecosystem. Then, like we're already seeing with Stadia, the company would face an uphill battle to get people to use its new products. I've been promoting a "wait and see" approach for most new Google products since at least 2016. But to see Google's support now become the subject of punchlines on the Internet should be extremely concerning for Google. One thing that could placate Google users is for the company to just tell us what is going on. Google already makes support promises for some of its products. Pixel phones and Chromebooks both have dashboards that show promised support windows and public end-of-life dates. Meanwhile, Google already hosts various uptime pages and other statistics. I want communication from Google that says which products will be around for a long time and which are a low priority at the company. Would it be so hard to publicly commit to running Stadia for five years no matter what? For its more successful products, Google could commit to 10 years of running a service and update the dashboard from time to time with later dates. I realize most companies don't do this, but most companies don't have the reputation Google has for killing products. It makes sense to counter the memes of "haha, how long until Google discontinues this product?" with a public statement of "not for at least seven years." We just want to see a damn product roadmap, Google. Give us a list of "Long Term Support (LTS)" products. Enlarge / Google posts public support timelines for Pixel phones, why not products and services, too? Google Google likes to experiment, but it needs to be better at communicating what products will be around for a while and which ones will be thrown against the wall to see what sticks. Sometimes Google is good with this kind of communication. The recent launch of Google's Reply app was handled well, for example. Google called the service "an experiment," and it was from a new skunkworks inside Google called "Area 120." Everything about the service made it sound like a temporary testing ground, and when the product was shut down, Google's messaging was great: "Reply was an experiment, and that experiment has now ended." This was a fine way to go about things. By contrast, nothing about the launch of Google Inbox made it sound like a product that would only stick around for a few years. Inbox was "years in the making," and the blog post made it seem like Google's email client for the future. As it stands now, products that were the center of the company a few years ago (RIP, Google+) are on the chopping block in 2019, and Google seems ready to kill any product that doesn't have a billion daily active users. Without knowing the reason behind this wave of shutdowns (was there some new mandate inside the company to trim down?), nothing from Google seems safe anymore. Google neglected to mention Google Voice in its last big messaging update. Should we read into that? Waze's features are slowly being moved over to Google Maps. Is that a bad sign? (Android) Wear OS is basically in last place in the smartwatch wars. Nest doesn't make a profit and recently was stripped of its Google independence. Google's Fuchsia OS is staring down an expensive multi-year development cycle, and the supposed plan to replace Android will be a steep uphill battle. How confident are you that all of these products will be around in a few years? Every time Google shuts down a product, its reputation is harmed. A shutdown makes users feel betrayed, it makes trusting other Google services harder, and it makes it harder for Google to pitch new products to users. With so many shutdowns happening lately, I've got to wonder if Google users will start to seek similar services from companies that simply seem more stable. Source: Google’s constant product shutdowns are damaging its brand (Ars Technica)
  14. After 4 months of waiting, that is the response I got from Widevine, Google’s DRM for web browsers. For the last 2 years I’ve been working on a web browser that now cannot be completed because Google, the creators of the open source browser Chrome, won’t allow DRM in an open source project. The browser I’m building, called Metastream, is an Electron-based (Chromium derived), MIT-licensed browser hosted on GitHub. Its main feature is the ability to playback videos on the web, synchronized with other peers. Each client runs its own instance of the Metastream browser and transmits playback information to keep them in sync. If someone is creating a browser that wants to playback media, they’ll soon discover the requirement of DRM for larger web media services such as Netflix and Hulu. There are a few DRM providers for the web including Widevine, PlayReady, and FairPlay. As far as I’m aware, Widevine is the only available DRM for a Chromium-based browser, especially so for Electron. Chromium accounts for roughly 70% market share of all web browsers, soon to include Microsoft’s upcoming Edge browser rewrite. Waiting 4 months for a minimal response from a vendor with such a large percentage of the market is unacceptable. This isn’t something I’m alone in either, several Electron users have waited months for a response. More prominently, the creators of Brave Browser also had issues waiting for replies from Google Widevine. “This is a prime example for why free as in beer is not enough. Small share browsers are at the mercy of Google, and Google is stalling us for no communicated-to-us reason.” - Brian Bondy, Co-founder & CTO of Brave I’m now only left with two options regarding the fate of Metastream: stop development of a desktop browser version, or pivot my project to a browser extension with reduced features. The latter requiring publishing to the Google Chrome Web Store which would further entrench the project into a Google walled garden. If you know of any way to help out, please get in touch. See post on Hacker News for discussion thread. Source
  15. Google Releases Android Security Patch for April 2019 with 89 Security Fixes Google released the Android Security Patch for April 2019 in an attempt to further improve the overall security and stability of Android devices. Android Security Patch for April 2019 consists of the 2019-04-01 and 2019-04-05 security patch levels, which address a total of 89 vulnerabilities across several components, including the Android framework, Media framework, Android system, and Qualcomm components. The most sever of them all could allow a remote attacker to execute arbitrary code by using a malicious file. “The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device,” reads the security bulletin.Improvements for Pixel devices In addition to patching security flaws, the Android Security Patch for April 2019 update also improves the performance and reliability of supported Pixel devices. For Pixel 3 and Pixel 3 XL users, it improves the voice-unlocking performance for Google Assistant and the Wi-Fi connectivity during eSIM activation for some mobile carriers. For some Pixel 3 and Pixel 3 XL devices, the update removes the screen flash when ambient display wakes. On the other hand, Pixel and Pixel XL users will notice better Bluetooth connectivity after installing the Android Security Patch for April 2019, which is now rolling out worldwide and will complete in the next few days. It is recommended that you update your Android devices to Android Security Patch for April 2019 as soon as possible. To update, simply access the system updates section in the settings of your device. If you don’t see the update yet, try again in a few hours or days. Android Security Patch for April 2019 is available now for all Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3, and Pixel 3 XL users. Source
  16. Google Finally Addresses The Troublesome ‘Evil Cursor’ Bug In Their Chrome Browser Google Chrome has rolled-out a patch for a critical bug that caused repeated issues for some users Allegedly, Google have finally fixed the infamous evil cursor flaw in the Chrome browser that was under active exploit in the wild. About The Evil Cursor Flaw The infamous evil cursor flaw first surfaced online in 2010. However, at that time, the design flaw could not be established as a security bug. Hence, it eventually remained unaddressed. Nonetheless, criminal hackers didn’t miss the chance to exploit this bug for malicious purposes. Thus, there rose a flurry of tech support scams exploiting “evil cursor” together with “browlock” technique. In September 2018, a researcher from Malwarebytes unveiled a hacking strategy by scam group “Partnerstroka”, employing these two techniques together to hijack Chrome browsers. They revealed that the hackers used to direct users towards fake tech support browser-lock pages. They did so by hijacking the victim’s mouse cursor using the evil cursor technique. Google Patched The Bug Upon discovering the scam, Malwarebytes Labs reported the matter to Google. However, it took them a while to figure out a solution to protect the users from falling prey to tech support scams exploiting evil cursor. Nonetheless, as disclosed in a recent bug report, Google engineers have now devised a way to tackle the evil cursor bug. This involves resizing the mouse cursor the moment the mouse leaves the web content. That is, once the user hovers the mouse from the page content to the Chrome browser interface, the browser will revert the cursor to the standard graphics of the operating system. In this way, it enables anyone accidentally landing on a malicious tech support scam page to leave the site. The fix is presently not available though. The developers will roll-out the fix first for the Canary users in the upcoming version. After that, Google may release the fix for Chrome browser – most likely within Chrome 75, coming this spring. Source
  17. Google's most secure login system now works on Firefox and Edge, too Better hardware security key support means our post-password future is one step closer to reality. Yubico's hardware security keys let you log on without a password on sites, apps and devices that support the FIDO2 authentication technology. Stephen Shankland/CNET Google has updated its support for hardware security keys so you no longer need to rely on its Chrome browser to log into websites like Gmail, YouTube and G Suite. Hardware security keys, small devices that connect to devices wirelessly or with USB, offer better logon security than passwords alone or passwords combined with short-lived numeric codes sent to your phone. But until now, Google's support was limited to an earlier standard called U2F that came with a lot of confines. But now Google updated its login with the newer, broader standard of FIDO2 and its incarnation for websites, WebAuthn. The change means people using Mozilla's Firefox and Microsoft's Edge will be able to log into Google websites with hardware security keys -- though for now they'll still need Chrome to enroll in the system. And later, embracing FIDO2 opens the door for Google to move beyond passwords entirely, since FIDO2 enables authentication with a combination of security key and biometric data like faces or fingerprints. That would be a victory for those who want to move beyond today's plague of problems with passwords. U2F, short for Universal Second Factor, is limited to uses that combine the hardware key with a password. Browsers like Firefox, Edge and Apple Safari don't support it. FIDO2, which like U2F was developed by a consortium called the Fast Identity Online Alliance, encompasses U2F and other options, including just the hardware security key alone. Christiaan Brand, product manager for identity and security, announced Google's move to WebAuthn in a tweet Thursday. On Friday, Mark Risher, director of identity platform and account security, added: "FIDO2 rolling now!" Google didn't immediately comment on when people would be able to use other browsers to enable hardware security key login or whether Google plans to move to passwordless authentication. Google in February embraced FIDO2 for its Androidsoftware, a move that lets people use fingerprints to log into apps. Microsoft has embraced passwordless logon with Windows and online services like Outlook, Skype and Xbox Live. Source
  18. Google Announces New 2-Step Verification Interface Google has recently announced a new 2-step verification interface for G Suite, and it’s believed that the same design could be expanded to other services later this year. First and foremost, Google says that the 2-step verification interface has been refined to be easier to use, especially when customers use a Bluetooth or USB security key. Furthermore, Google says it’s expanding Bluetooth security key support to other models, though no specifics in this regard are provided. Previously, Google only supported its very own Titan key for 2-step verification in G Suite. However, it’s worth knowing that these will need to be manually enabled by administrators with a flag on Linux. The more interesting tidbit is that Google’s new approach allows for different screens on different browsers, as the company itself explains, especially because each web browser can come with a design of its own. “You may see different flows on Chrome, Safari, Firefox, Edge, and other browsers. Previously the service provider (Google) was responsible for showing these dialogs. Now the web browser is responsible. As a result, the flow may be different on each browser,” Google explains.Rollout already under wayAccording to Google’s plans, the update user interface will be turned on by default for customers when it becomes available. The schedule indicates that Rapid Release domains are getting the new 2-step verification interface in stages beginning with March 26, and the release should be finalized in approximately 14 days. The same schedule applies to Scheduled Release domains, Google says. “We hope that these updates make 2-Step Verification easier to use. 2-Step Verification puts an extra barrier between your business and cybercriminals who want to access business data. Turning on 2-Step Verification is the single most important thing you can do to make your accounts more secure and protect your business,” Google says. The company hasn’t shared any details as to a possible rollout for other services, but expect further news in this regard in the coming months. Source
  19. Google Will Let Android Users Choose Their Browser Out of the Box Google has announced a series of changes for Android users in Europe in response to the latest antitrust concerns raised by the European Commission. Users will be allowed to choose what browser and search engine they want to use on Android out of the box. Currently, Android devices come with Google Chrome pre-installed and Google set as the default search engine, but in the near future, this is all going to change, Google says. While details on the browsers that would be offered to users haven’t been provided, today’s announcement is clearly good news for other browser developers, like Mozilla.Change possibly coming later this yearAt the same time, Microsoft is likely to significantly benefit from this change, as the company has launched an Android version of Microsoft Edge browser and is also the owner of Bing, the main alternative to Google search. “Now we’ll also do more to ensure that Android phone owners know about the wide choice of browsers and search engines available to download to their phones. This will involve asking users of existing and new Android devices in Europe which browser and search apps they would like to use,” Kent Walker, SVP of Global Affairs, explains. There are no specifics as to when this change is going to take place for Android, but Google says both new and existing users will be asked to choose their preferred browser and search engine. Google is the second tech giant to provide users with a choice of browsers out of the box after Microsoft was forced by the European Commission to do the same in Windows. Internet Explorerwas pre-installed in all versions of Windows, but following this decision, European users were also allowed to set other browsers as default when running the operating system the first time. Source
  20. Rightholders Have Asked Google to ‘Remove’ 4 Billion Pirate Links Copyright holders have asked Google to remove four billion links to 'pirate' search results over the years. The vast majority of these requests were honored. This includes hundreds of millions of URLs which are not yet indexed. These end up on a preemptive blacklist instead. For most people, search engines such as Google are an essential tool to enjoy the web in all its glory. With clever algorithms, the company offers a gateway to billions of sites, many of which would otherwise remain undiscovered. This also includes many ‘pirate’ sites. While there are plenty of people who don’t mind seeing these show up in search results, their presence is a thorn in the side of copyright holders. At the beginning of this decade, this problem was hardly recognized. When Google published its first transparency report, it received just a few thousand requests per day. Today, that number has grown to well over two million. For years this number kept going up and up. While that trend was broken recently, the total now adds up to an impressive figure. Google’s transparency report shows that copyright holders have asked the company to remove four billion links to alleged copyright-infringing content. The majority or these requests, more than 90%, were indeed removed or put on a preemptive blacklist. The four billion links were reported by 168,180 copyright holders who identified 2,283,811 separate domains. These domains also include false positives, including websites of The White House, the FBI, Disney, Netflix, the New York Times, and even TorrentFreak. 4 Billion… Most reported links do indeed point to copyrighted material, however. Google typically takes these out of their search engine softly after a request comes in. This means that the takedown process works as intended. However, it remains controversial. Several major copyright groups see the huge number of reported links as evidence that their efforts are futile. No matter how many links they submit, there are always new ones to find the next day. “Every day we have to send new notices to take down the very same links to illegal content we took down the day before. It’s like ‘Groundhog Day’ for takedowns,” RIAA CEO Cary Sherman described the situation previously. Ideally, the major copyright groups would like Google to remove all results from known pirate sites. However, the search engine believes that this goes a step too far, warning that it could lead to overbroad censorship. “When it comes to entire websites, Google may demote a site in our search results if we receive enough copyright removal notices for it, but we do not remove full sites from search results for copyright infringement.” “Although this would reduce our operational burden, whole-site removal is ineffective and can easily result in the censorship of lawful material,” Google wrote in its latest overview of anti-piracy measures, published late last year. Google itself is not completely apathetic to the piracy issue. It does ‘demote’ sites for which it has received a substantial number of takedown notices. These will then appear lower in search results. The demotion ‘signal’ can weigh even stronger for specific keywords, such as recently released films. This demotion strategy gives copyright holders a “powerful tool against rogue sites,” Google notes. When new pirates sites appear, copyright holders can target these with takedown notices, after which Google will demote them. As such, the four billion reported links will likely be five billion by the end of next year. Source
  21. Google patches ‘evil cursor’ bug in Chrome exploited by tech support scammers A threat group named ‘Partnerstroka’ exploited this bug by replacing the standard mouse cursor (OS 32-by-32 pixels) with 128 or 256 pixels in size. The fix to this ‘evil cursor’ bug is currently live for Google Canary users and is scheduled for the Chrome 75 stable branch soon. Google has patched a bug in Chrome dubbed ‘evil cursor’ that was exploited by the tech support scammers to create an artificial mouse cursor and lock users inside browsers. A security researcher from Malwarebytes, Jerome Segura, who detected this ‘evil cursor’ bug noted that the tech support scammers relied on custom images to replace the system’s standard mouse cursor. The big picture According to Segura, a threat group named ‘Partnerstroka’ exploited this bug by replacing the standard mouse cursor (OS 32-by-32 pixels) with 128 or 256 pixels in size. Even after replacing the standard mouse cursor, it would still appear on the screen, but in the corner of a transparent bounding box. This would trick users into clicking on the area the cursor appears. However, the cursor would click on another area of the screen, preventing users from closing or leaving browser tabs. Why Google took a long time to patch - The security researcher reported this bug to Google last year. However, it took longer for Google to patch this bug. Browsers support custom mouse cursor images for web games, therefore, disabling custom images would impact thousands of gaming sites. Since it is complex to patch the bug without impacting the existing sites, Google developers tested this bug for months and have now come up with a patch. The fix to this bug in Chrome will automatically revert the cursor back to the standard OS graphics when hovering over parts of the Chrome browser interface thereby preventing users from getting locked in browser pages. Worth noting - The fix to this ‘evil cursor’ bug is currently live for Google Canary users and is scheduled for the Chrome 75 stable branch soon. Source
  22. Google Unlocked Aims to ‘Uncensor’ Google Search Results Google Unlocked is a new extension for Chrome and Opera that attempts to 'uncensor' Google search results affected by DMCA notices. While it tends to work as advertised overall, it suffers from - surprise, surprise - an inability to distinguish between infringing and non-infringing URLs. For many years, Google has been bombarded with requests from copyright holders to remove allegedly-infringing content from its indexes. As reported here on TF last week, those requests have now reached astronomic levels – four billion links reported by 168,180 copyright holders against 2,283,811 separate domains. Google honors most of the requests but rejects a fair few too, often due to the reported activity not actually being copyright infringement. However, when links are removed, users are informed of the fact via a note at the bottom of Google’s search results. As the image above shows, when results are removed the associated DMCA notice which caused the removal can be found on the LumenDatabase, the online repository where some Internet companies file complaints for transparency purposes. Anyone can click through and view the notices for themselves but this can be time-consuming, especially when researching a large number of links. It’s a problem the folks at ibit tried to solve this week with the release of a new browser extension. Compatible with Chrome and Opera, Google Unlocked is open source and available via its Github repo. Its developer offers this simple introduction. “The extension scans hidden links that were censored on Google search results due to complaints. The tool scans those complaints and extracts the links from them, puts the links back into Google results, all in matter of seconds,” he writes. TF tested the extension (which isn’t available on the Chrome store) with a clean Opera install and found that it only asks for minimal permission to access Google domains, something confirmed by its developer. “Please take a look at the code on Github, it is just a few lines of Javascript code. The extension is completely open source and you install it after unpacking the zip file so no hidden secrets there,” he told TF. “It only needs permission to access www.google.* domains so that it can inject the missing links back in the page. Under the hood, the extension checks the Google results for the word “complaint” and fetches the URL behind it with a simple XMLHttpRequest. It then parses those URLs and puts them back on the same page.” Since by its very nature the tool searches for allegedly infringing links, we aren’t going to demonstrate those here. Safe to say, however, the tool does scan LumenDatabase as advertised and all the removed links do get embedded in the search result page itself, very large numbers of links in some instances. However, we also discovered that Google Unlocked is helpful when researching invalid DMCA notices too, but that (and indeed its ability to concisely display URLs from legitimate takedown complaints) then uncovers a flaw in the system, one that cannot be solved easily – if at all. Readers will perhaps recall that a poet by the name of Shaun Shane issued a heap of false DMCA notices against sites (this one included) that legitimately reported on his efforts to stop people writing about his poem. So, for fun, we typed the phrase “If only our tongues were made of glass” into Google, which informed us that a single result had been removed. However, after pressing the Google Unlocked button, we were confronted with eight URLs injected by the extension, as shown below. Google’s search results, augmented with Google Unlocked links While these are indeed all of the URLs present in the notice advised by Google under the “read the DMCA complaint” link provided, most of them were either rejected by Google or are actually legitimate links provided by Shaun Shane himself. Most DMCA notices filed with the company also include locations where the original source material can be found, so these are also parsed by Google Unlocked and presented as removed content, as the image below illustrates. An extract from the original notice So, while Google Unlocked is very capable when it comes to ‘reinstating’ links removed by Google following a copyright complaint, it has some of the same issues suffered by many anti-piracy crawlers – it simply cannot differentiate between infringing and non-infringing content. Given the simplicity of the extension and the complexity of the situation, this is not a problem Google Unlocked will ever be able to completely solve. So, while it does work as advertised in many scenarios, the reinstated URLs will nearly always contain links pointing to legitimate sources or links that Google has thrown out due to them being non-infringing. That being said, Google Unlocked’s developer is inviting others to contribute to this interesting project, which may improve its performance over time. “I put the source on Github and I hope to get more programmers to do pull requests to keep the extension up to date, since I know a lot of geeks will love this extension,” he concludes. Source
  23. Google Launches New Policy Manager To Tackle Bad Ads Every year, Google shares updates about how they handle malicious and scam advertisements. This year, Google announced the launch of a new Policy Manager for a customized and secure Google Ads ecosystem. They also disclosed the removal of 2.3 billion bad ads in the previous year. 2.3 Billion Bad Ads Removed In 2018 According to the details shared in their recent blog post, Google took down 2.3 billion bad ads in 2018. This includes scam ads related to online tech support, addiction treatment services, cryptocurrency, and others. Google devised new policies to handle fraudulent ads linking back to scammers, as they spotted malicious use of Google Ads by those advertisers. They created a dedicated policy to ban ads from for-profit bail bond services as they targeted ‘vulnerable communities’. In August 2018, Google announced another policy limiting third-party tech support ads to fight back scammers. Likewise, they implemented several new policies to tackle other sorts of bad ads. As stated in their report, “In all, we introduced 31 new ads policies in 2018 to address abuses in areas including third-party tech support, ticket resellers, cryptocurrency and local services such as garage door repairmen, bail bonds and addiction treatment facilities.” Consequently, they took down roughly 58.8 million phishing advertisements, around 207,000 ticket resellers ads, and more than 531,000 ads for bail bonds – summing up to 2.3 billion malicious ads in all. This also includes the fraudulent 3ve Ad Campaign. Launch Of New Policy Manager This year, they have announced the launch of a dedicated new Policy Manager to manage Google Ads. Google will release this Policy Manager in April, which will facilitate ‘well-meaning advertisers’ in launching ‘compliant ads’. Allegedly, Google will allow the advertisers to appeal the decision in case of rejection of their ad(s). Moreover, they will also provide real-time feedback to the advertisers for potential policy violations to avoid conflicts at later stages. Besides, they will continue to provide details to the advertisers in case of ad rejections. Source
  24. Google hit with €1.49 billion antitrust fine by Europe over online advertising UPDATED: Europe hits Google with another fine - this time costing the firm more than one percent of its turnover for breaching antitrust rules. The European Commission (EC) has fined Google €1.49bn for breaching EU antitrust rules. The EC said Google has abused its market dominance by imposing a number of restrictive clauses in contracts with third-party websites which stopped Google's rivals from placing their search adverts on these websites. The EC said the fine of €1,494,459,000 -- 1.29% of Google's turnover in 2018 -- takes account of the duration and gravity of the infringement. The fine has been calculated on the basis of the value of Google's revenue from online search advertising intermediation in Europe. It's not the first time the EC has fined Google: in June 2017, the Commission fined Google €2.42bn for abusing its dominance as a search engine by giving an illegal advantage to Google's own comparison shopping service, and in July last year the Commission fined Google €4.34bn for illegal practices regarding Android mobile devices to strengthen the dominance of Google's search engine. This latest fine brings the total in fines to over €8bn. Commissioner Margrethe Vestager, in charge of competition policy, said that in this case Google was fined for illegal misuse of its dominant position in the market for the brokering of online search adverts. A graphic published the European Commission to explain its case. Image: European Commission Google has cemented its dominance in online search adverts and shielded itself from competitive pressure by imposing anti-competitive contractual restrictions on third-party websites, she said. "This is illegal under EU antitrust rules. The misconduct lasted over 10 years and denied other companies the possibility to compete on the merits and to innovate - and consumers the benefits of competition." Websites often have a search function embedded; when a user searches this can return both search results and search adverts. Google provides these search adverts to owners of websites via AdSense for Search, acting as an advertising broker, between advertisers and website owners. Google held more than a 70% market share in online search advertising intermediation across the European Economic Area from 2006 to 2016, according to the EC. In 2016 Google also held market shares generally above 90% in the national markets for general search and above 75% in most of the national markets for online search advertising. Because Google's rivals like Microsoft and Yahoo can't sell advertising space in Google's own search engine results pages, third-party websites represent an important entry point for these other suppliers. Google's provision of online search advertising intermediation services to the most commercially important publishers took place via agreements that were individually negotiated. The Commission has reviewed hundreds of such agreements in the course of its investigation. It found that starting in 2006, Google included exclusivity clauses in its contracts. This meant that publishers were prohibited from placing any search adverts from competitors on their search results pages. The decision concerns publishers whose agreements with Google required such exclusivity for all their websites. As of March 2009, Google gradually began replacing the exclusivity clauses with so-called "Premium Placement" clauses. These required publishers to reserve the most profitable space on their search results pages for Google's adverts and request a minimum number of Google adverts. As a result, Google's competitors were prevented from placing their search adverts in the most visible and clicked on parts of the websites' search results pages, the EC said. As of March 2009, Google also included clauses requiring publishers to seek written approval from Google before making changes to the way in which any rival adverts were displayed. This meant that Google could control how attractive, and therefore clicked on, competing search adverts could be. Google's practices covered over half the market by turnover throughout most of the period. Google's rivals were not able to compete on the merits, either because there was an outright prohibition for them to appear on publisher websites or because Google reserved for itself by far the most valuable commercial space on those websites, while at the same time controlling how rival search adverts could appear, the EC said. The EC ruled that Google's practices amount to an abuse of Google's dominant position in the online search advertising intermediation market by preventing competition on the merits. It said Google is dominant in the market for online search advertising intermediation and has abused this market dominance by preventing rivals from competing in the online search advertising intermediation market. The EC said Google ceased the illegal practices a few months after the Commission issued in July 2016 a Statement of Objections concerning this case. "Based on a broad range of evidence, the Commission found that Google's conduct harmed competition and consumers, and stifled innovation. Google's rivals were unable to grow and offer alternative online search advertising intermediation services to those of Google. As a result, owners of websites had limited options for monetizing space on these websites and were forced to rely almost solely on Google. Google did not demonstrate that the clauses created any efficiencies capable of justifying its practices." Kent Walker, SVP of global affairs at Google said: "We've always agreed that healthy, thriving markets are in everyone's interest. We've already made a wide range of changes to our products to address the Commission's concerns. Over the next few months, we'll be making further updates to give more visibility to rivals in Europe." Source
  25. The AchieVer

    Google bans VPN ads in China

    Google bans VPN ads in China Google cites "local legal restrictions" as the cause for its Chinese VPN ads ban. Google has banned ads for virtual private network (VPN) products targeting Chinese users, ZDNet has learned today. The company cited "local legal restrictions" as the cause of the VPN ad ban. "It is currently Google Ads policy to disallow promoting VPN services in China, due to local legal restrictions," Google said in an email today. The email was received and shared with ZDNet by VPNMentor, a website offering advice, tips, and reviews of VPN products. The company said Google prevented its employees from placing Google search ads for the Chinese version of its site. A Google spokesperson didn't respond to a request for comment seeking information if the VPN ad ban was set in place on Google's own decision or after a request from Chinese officials. Chinese officials have been on an all-out war against censorship-thwarting software, such as web proxies and VPN apps, for years. The government recently tightened its grip on the local VPN landscape in January 2017, when it started requiring that all VPN providers active in China register for an authorization from the Chinese government. Officials continued their VPN crackdown in July 2017, when the Chinese government forced Apple to remove all VPN apps from its App Store. A full-out ban on all VPNs was imposed on March 31, 2018, although some apps continued to function after it. Nonetheless, Chinese officials are now using the ban to go after users caught using VPNs. The first fine for using a VPN product was issued earlier this year to a Guangdong. Despite banning consumers from using VPN apps, China remains one of the top sellers of VPN technologies. A November 2018 studyfound that almost 60 percent of the top free mobile VPN apps are run by companies with Chinese ownership or based in China. Source
  • Create New...