Information sharing for more efficient network utilization and management

Andreas Terzis is a Software Engineer at Google. This post originally appeared on the Google Research Blog.

As Internet traffic has grown and changed, Google and other content and application providers have worked cooperatively with Internet service providers (ISPs) so that services can be delivered quickly, efficiently and cost-effectively. For example, rather than content having to traverse a long distance and many different networks to reach an Internet access provider’s network, a content provider might store (cache) the data close by and interconnect (“peer ) directly with the access provider. Google has invested billions of dollars in the network and infrastructure necessary to bring our services as close to your Internet access provider’s front door as possible, for free—which both reduces ISPs’ costs and improves the user experience.

Content and application providers can also tune their services for congested and/or lower bandwidth environments. For instance, YouTube detects how smoothly a video is playing and adjusts the quality to account for temporary fluctuations in bandwidth or congestion. In the Google Video Quality Report, we transparently reveal the speeds YouTube is experiencing on different networks.

As more of Internet traffic becomes encrypted, some network operators have expressed concern about the effect encryption might have on their ability to manage their networks. We don’t think there has to be a trade-off here—there are ways to do effective network management of encrypted traffic today, and, through further cooperation between content and application providers and ISPs, we believe this could be made easier while still respecting encryption.

To spur discussion and collaboration on this front, we recently submitted a paper to a workshop organized by the Internet Architecture Board outlining some ideas. We advocate for a model where ISPs selectively share network state to content and applications providers, enabling them to adapt to available network resources.

For example, we recently proposed to the Internet Engineering Task Force the concept of Throughput Guidance (TG), whereby mobile network operators could share information about the throughput of a radio downlink. Preliminary field tests in a production LTE network showed that TG reduces YouTube join latency, defined as the amount of time until the video starts playing, by 8% on average, rebuffering time by 20% on average, and rebuffer count by 2% on average. In addition to improving quality of experience for users, this mechanism improves the utilization of providers’ networks. Encryption of traffic would have no impact on the efficacy of this approach; it works equally well with encrypted and unencrypted traffic.

Throughput Guidance is one possible solution and many questions remain unanswered. It’s still relatively early days in our exploration of this and the other measures in our short paper, and we’re looking forward to getting feedback and collaborating with network operators and others.

Continua a leggere

The Price of Data Localization

Forced data localization laws require data be stored in a specific country, rather than in a distributed “cloud” spread across global networks. As we see the development of more cloud-based products and services, these laws run counter to the direction of technological innovation.

In fact, many studies have shown that forced data localization could negatively impact privacy as well as security and integrity of data. Other studies, like one by the European Centre for International Political Economy, have shown that data localization has negative impacts on the economies that require it.

Adding to the mounting evidence against data localization, new research by Leviathan Security Group shows the harms at a smaller scale: direct cost of forced data localization to local businesses, rather than whole economies. The costs can be pretty dramatic:

…[W]e find that for many countries that are considering or have considered forced data localization laws, local companies would be required to pay 30-60% more for their computing needs than if they could go outside the country’s borders.

Leviathan looked at the major public cloud providers who allow on-demand self-service provisioning through their infrastructure. The group includes Amazon Web Services, DigitalOcean, Google Compute Engine, HP Public Cloud, Linode, Microsoft Azure, and Rackspace Cloud Servers. Consumers in affected countries might be able to find other cloud providers, but many of these providers don’t allow self-service provisioning, instead requiring a confidentiality agreement, a full business-to-business agreement, or other paperwork. In many countries, cloud providers won’t be available at all, so businesses must make major capital investments in computer hardware and infrastructure, rather than being able to take advantage of flexible and cost-saving per-use models.

Leviathan created an interactive visualization that allows anyone to compare all the cloud vendors by location and price around the world. You can check out this study and the visualization, along with their previous work on cloud security, at valueofcloudsecurity.com.

Continua a leggere

New research on security and cloud computing

Ross Schulman is a Policy Manager at Google

Earlier this week, Leviathan Security Group released three white papers that explore cybersecurity in cloud computing versus local storage. Each paper examines a different aspect of security and storage, including availability, cost, and talent acquisition. In general, Leviathan finds that cloud solutions are generally more secure, resilient, and redundant than local equivalents.

A few data highlights:

  • Cloud services provide much better resiliency and redundancy than local services in the face of disasters of all sizes—from small transformer explosions that affect 30,000 users to superstorms the size of Thaiphoon Haiyan. This means quicker data recovery and the ability to keep communications infrastructure like email up and running, which is essential in a post-disaster environment.

  • Even with increasing emphasis on STEM education and growth of computer science programs, organizations—private and public—will not be able to acquire all of the talent necessary to satisfy the demands of local storage infrastructure. For example, there are currently over a million open security positions worldwide, but beginning in 2017, all of the GCHQ-led cybersecurity programs together will graduate just 66 PhD’s per year.
  • Of note for numbers lovers, the paper titled “Value of Cloud Security: Vulnerability” lays out a thorough analysis of storage needs for companies of different sizes and compares cost of cloud versus local storage solutions. They find that cloud solutions are cheaper for small organizations in the near term and provide better security because of the expertise, which is concentrated in large organizations.

So what do these findings mean from a public policy point of view? Many countries, including Brazil and Russia, have proposed laws requiring that companies keep the data of that country’s users within national borders. This idea, known as “data localization,” purports to keep citizen users safer and out of the hands of spying governments and hackers.

However, forced data localization prevents companies, governments, and organizations from realizing many of the benefits afforded by cloud services. For example, if a local data center is impacted by a natural disaster, that data is not replicated elsewhere and thus is lost. And given the shortage of security expertise, there’s simply no way that every organization’s security infrastructure for locally stored data can keep up with the state of the art. Finally, preventing small enterprises like startups from using cloud services means that they must take on additional costs in terms of talent and infrastructure, and will likely end up with systems that are less secure than what cloud infrastructure would provide. In the end, data localization reduces opportunities, results in weaker security, and, in some instances, compromises the availability of data.

To learn more about data localization proposals around the world, check out Anupam Chander’s paper, “Breaking the Web: Data Localization vs. the Global Internet.”

Continua a leggere

Privacy, security, surveillance: getting it right is important

Whilst visiting Bavaria for the Munich Security Conference, Rachel Whetstone, Senior Vice President Communications and Public Policy at Google, gave a speech at the Bavarian Parliament about Google’s views on surveillance, security and privacy. The following is the full text of her speech.

Thank you for inviting me here today. It’s a great honor to be with you this afternoon: in a state with such a long history of invention–Siemens, Audi, BMW, Adidas; and in a city that has been such a wonderful partner to Google.

Just down the road, we signed our first major books digitization project with the Bavarian State Library. The village of Oberstaufen was our first Street View launch in Germany. Minister-President Seehofer was the first German politician to do a live interview on YouTube. Even the model locomotive in your Stone Hall represents a shared love of technology and excitement about the future.

Happily, it’s a future with more investment in Munich. Our new engineering center here will be home to several hundred employees–in addition to the three hundred who already live here. It happens to be located, appropriately enough, next to the Hacker Bridge–though, we don’t plan to hire any additional security.

Now I must admit to being a little bit nervous. US tech companies are front and center of the European political debate today: not always for the right reasons. And frankly some of the criticism is fair. As an industry we have sometimes been a little too high on our own success.

With that as my starting point, I wanted to talk about three important issues facing us all today:

  • First, government surveillance and the role technology companies have in the fight against crime and terrorism;
  • Second, the growing need to keep people’s information safe and secure online; and
  • And third, privacy in the digital age.

Government surveillance

One of the most basic duties of any government is to protect its citizens. It’s always been true that technology can be used for good, and bad. Since humankind discovered fire, there’s been arson. And today, the technologies we all use to find information or chat with loved ones, are also being co-opted by the criminal minority for their own purposes.

It’s why companies like Google have a responsibility to work with law enforcement. And we do–regularly providing account details, as well as the contents of private communications, like email, to the authorities as they investigate crime and terrorism.

For example, in the first six months of 2010, Google received almost 15,000 government requests for user data. By 2014, that number had risen to just under 35,000. We look carefully at every request and provide information in the majority of these cases–over 65 percent.

Why, you may ask, didn’t we comply in every case? Well, we have a duty to our users, as well. When people sign-up for an email account, they trust Google to keep that information private. So we need to be certain law enforcement requests are legitimate–not targeted at political activists or incredibly broad in their scope. In these cases we always push back. And we never let governments just help themselves to our users’ data. No government–including the US government–has backdoor access to Google or surveillance equipment on our networks.

This is why encryption is also important–because it requires governments to go through the proper legal channels. There’s simply no other way for them to get encrypted data, save hacking into our systems or by targeting individual users–issues I’ll touch on later. In fact, Gmail was the first email service to be encrypted by default, and we now encrypt Google Search, Maps, and Drive (our cloud-based storage service).

In the last few months, a number of governments have voiced their concern about the time it takes to process requests for user data when investigating crime, encryption and the storage of data, as well as the use of the Internet by terrorists. These concerns are entirely understandable, especially after last month’s horrific attacks in Paris and the barbaric murders of hostages by ISIS. So let me address each one in turn, starting with the time taken to process requests for user data.

When it’s a threat to life situation, Google is able to provide information to the authorities within hours–this is incredibly important given the increased terrorist threat many governments face today. But in most other situations, law enforcement requests–especially for private communications, such as Gmail–must be made through diplomatic channels, typically Mutual Legal Assistance Treaties, or MLATs for short. For example, if the US Government wants user information from a company based in Germany–say GMX or Xing–it works through the German government. It’s the same when the German government wants information from a US company, like Google. This creates checks and balances, preventing potential abuse.

That said, the MLAT process is too slow, too complicated and in need of reform. It’s why we’ve pressed to increase funding for the US Department of Justice so they can hire more people to process more requests, more quickly. And there’s good news here. For the first time, they’ve dedicated 90 staff and $20 million to process MLAT requests, and President Obama’s latest budget proposal asks for more.

When it comes to reform, it would save time if we moved beyond paper, fax machines and diplomatic pouches to web forms that are quick and easy to process. Europe is leading the way here. We now need the US to follow suit.

However, even with reform, some intergovernmental oversight will always be necessary. If government X wants information on its own citizens, that’s one thing. But when it’s asking for information about country Y’s citizens, surely that country should have a say in the decision as well. This process will always take some time.

Next: government concerns about encryption and the storage of data. Encryption helps prevent hackers from getting access to sensitive information like bank details–keeping the web safe and secure for everyone. It’s the same with the deletion of data. Snapchat, for example, automatically deletes photos and videos. It’s the ultimate right to be forgotten for the millions of young people using the service everyday. Given most people use the Internet for the reasons it was intended, we shouldn’t weaken security and privacy protections for the majority to deal with the minority who don’t.

Finally, terrorism. All of us have been horrified by ISIS and their use of the media to spread propaganda. At YouTube, the world’s most popular video sharing platform, we’re acutely aware of our responsibilities.

  • Last year alone we removed 14 million videos because they broke YouTube’s policies prohibiting gratuitous violence, incitement to violence and hate speech.
  • We automatically terminate the accounts of any terror group, and hand over the account information to the authorities.
  • We allow law enforcement, for example the UK Home Office, to flag videos containing terrorist content, which we review and remove as a priority. We hope to work with law enforcement in other countries on similar efforts.
  • And, we work with dozens of non-governmental organizations on counter speech–helping provide an alternative viewpoint to vulnerable young people.

Of course there is always more to be done and we welcome your ideas.

Over the last three years, first with Edward Snowden and now ISIS, we’ve seen the political debate about government access to information swing from one end of the spectrum to the other. Indeed, the race to encrypt was driven in large part by Snowden’s revelations, which uncovered some pretty outrageous behavior on the part of the US Government. The emergence of ISIS is now leading some governments to question encryption entirely, as well as to call for increased data retention. The solution, we believe, lies in a principled yet practical approach: one that restricts indiscriminate surveillance and supports valid law enforcement efforts while also protecting people’s privacy.

Privacy and security of personal information

Which brings me to my next subject: keeping people’s information safe and secure. In many ways, privacy and security are two sides of the same coin–if your data is not secure it’s not private, as last year’s celebrity hacks showed. While the target that time was Hollywood, it could just as easily have been you or me. So it’s not surprising that a recent Gallup poll showed people are more concerned with theft online than having their house broken into.

In the last four years, we’ve been able to cut in half the number of Google accounts that are hijacked. For example, we block suspicious attempts to log into accounts–perhaps because they come from an unusual device or location. If you’ve ever traveled abroad and got an email questioning a recent login, that’s Google working to keep you safe. And we also offer two-factor authentication so people are no longer rely only on their passwords for protection. Instead people confirm their identity not just with a password but also a code generated by their phone. If you’re at this conference and you’re not using two-factor authentication, you really should be–please talk to Wieland afterwards!

Now, we’re under a lot of scrutiny in Europe because of our size. But it is precisely our size that enables us to invest a lot in security, which helps our users as well as the wider web. For example, our Safe Browsing technology identifies sites that steal passwords or contain malware. If you’re using Chrome, we show very visible warnings–20 million per week–when you try to visit a malicious webpage. And because we make this data publicly available, Apple’s Safari and Mozilla’s Firefox browsers can use it as well. This helps protect over one billion people all around the world. We can also help move things forward in other ways: for instance, we now rank encrypted websites slightly higher in our search results, encouraging everyone to encrypt their services. And any company can take advantage of Google’s security expertise by using our corporate versions of Gmail and Drive. The fact that we employ 500 security and privacy experts means they don’t have to.

Corporate attacks are on the increase–and they highlight the interconnected nature of the web. The Sony hack, for example, not only exposed their own employees, but also the business plans of a high-profile tech CEO. In fact, the hack affected more than just egos–it hit the studio’s bottom line, too, when cinemas decided not to show The Interview. (Luckily, we were able to stand up for creative expression while helping Sony recoup some of that lost revenue by releasing the movie on YouTube and Google Play.)

These kinds of complexities are why security should be a team effort–companies working together, and governments working with companies. In 2010, Google disclosed that we had been subject to a significant cyberattack from China. At the time we were surprised that so few of the other companies targeted were willing to talk publicly. They were understandably afraid that doing so would frighten customers, provoke lawsuits, or worry investors. This is still the case for many companies today.

When individual companies keep attacks under wraps, it can make it harder for other companies to improve our defenses. It’s why we should all be to share best practices and the threats we see. We also believe that governments could be more forthcoming about the cybersecurity intelligence they have, so everyone can better protect themselves. This information often seeps out slowly, not least because it tends to get over-classified. We’re all stronger when security is a shared responsibility.

Privacy and trust

Finally, let me turn to privacy. I want to start by making clear Google hasn’t always got this right. It’s not just about the errors we have made–with products like Buzz or the mistaken collection of WiFi data–but about our attitude too. These have been lessons learned the hard way. But as our swift implementation of the Right to be Forgotten has shown, they are indeed lessons we have learned.

Now privacy means different things for different people, in different situations. For example, I may share photos only with my loved ones–others may feel comfortable posting them on the web. I may be happy for my friends to keep my shared photos forever–others may want them to disappear soon after. In the end, privacy is closely tied to our sense of personal identity: it’s not “one size fits all”. That’s why people want to be in control of the information they share and have real choices about the services they use. And that’s what we focus on at Google.

Keeping a record of what people search for can improve the quality of their results over time. But if you want to search without your queries being stored, turn off Search History. It’s really easy. Cookies help Google remember people’s preferences, like the language they use, for example. But if you want to browse the web and have your cookies disappear, use Chrome’s Incognito mode. If Google has someone’s location, we can give directions without them having to type in their start point each time. That’s useful for people like me with fat fingers on a mobile phone. But you can always turn that off too.

In addition, you can see all the information stored by Google and access all your privacy settings from one place, your Dashboard–which by the way was developed right here in Munich by our German engineers. People are using these tools and understand the choices they make. Ten million people check out their Account History settings each week–and make over 2.5 million changes. These are split evenly between people turning settings off and turning them on.

We also take pride in letting people leave Google easily. Data portability matters. So we’ve built a Takeout tool that enables you remove data stored by Google and put it elsewhere. We want people using our services because they love them, not because we hold their data hostage.

Now some of you are doubtless thinking: wait a minute–Google still collects all that information to serve me ads. Well actually no. Most of the data we collect is used to provide and improve our services. For example we store hundreds of billions of emails because hundreds of millions of people globally want unlimited storage. Gmail has become their digital filing cabinet. In fact, our Google search ads–the core of our business–actually require very little personal information. If you type flowers into Google search–the chances are you want … well … flowers! It doesn’t take a rocket scientist or a ton of data to work that one out.

Of course it is true that most of our services today are supported by advertising. But we view that as a positive because ads enable us to offer our products for free to everyone. Without ads, the poorest would not have access to the same search results, the same maps, the same translation tools, the same email service as the richest people on earth. And it’s important to remember that even though we are in the advertising business, Google does not sell your information–nor do we share it without your permission except in very limited circumstances, like government requests for data.

Now some people argue that Google’s collection of data is no different than government surveillance. “Google has the data so why shouldn’t we” is an argument used by many intelligence services in the press. But we believe there is a significant difference. Government surveillance uses data that was collected for an entirely separate purpose; it’s conducted in secret; its targets are unaware their data is being collected, and they are unable to stop or control it. Google, by contrast, collects data to provide and improve our products. And we give our users the ability to control or stop the collection of their data, or leave entirely.

The potential of science and technology

I was reading about the history of this building. I was amazed to see how long the project took: King Maximilian first started construction in 1857. It wasn’t completed until 1874, 17 years later. They actually had to change the style of architecture, mid-build, to keep up with the times.

In those 17 years, though, we saw the invention of the gasoline engine, the sewing machine, dynamite, and the typewriter. Darwin wrote the Origin of Species, and Mendeleev created the periodic table. That’s a pretty good 17 years. Technology was moving fast–probably faster than people wanted it to.

Similarly, just 17 years ago, you couldn’t instantly share photos of your children with friends… or talk to anyone, wherever they are in the world. The idea of not having a landline telephone seemed absurd.

The point is, just as in the 1850s, technology is moving fast. It’s changing the way we live. It’s raising new questions all the time. And, just as in the past, it’ll take many of us coming together to come up with the right answers. We look forward to working with all of you on that. Because this building was constructed from a profound optimism about the potential for science and technology to improve lives. That optimism is in your history. It’s in your DNA. And it’s an optimism that Google shares with you.

Danke.

Posted by Al Verney, Corporate Communications Continua a leggere

Take a Security Checkup on Safer Internet Day

Online security is on everyone’s mind these days. According to a recent Gallup poll, more people are worried about their online accounts being hacked than having their home broken into.

Security has always been a top priority for Google. Our Safe Browsing technology identifies unsafe websites and warns people before they visit them, protecting more than one billion Chrome, Firefox, and Safari users everyday. 2-Step Verification adds an extra layer of security, beyond your password, to your Google account; it’s like a second padlock on your account’s door. And our research teams regularly release new findings about nefarious online activity, like Gmail account hijacking attempts, so people can stay informed.

We have many protections in place to keep people, and their information, secure, but there’s also a lot that you can do to protect yourself. Today, on Safer Internet Day, take a quick Security Checkup, an easy way to review and manage your Google Account’s security settings.

Here are some of the important items you can review during your Security Checkup:

  • Recovery information: Adding a phone number can help us get in touch if you’re locked out of your account. We’ll only use your phone number to protect your account, unless you say otherwise.
  • Recent activity: This is a quick overview of your recent sign-ins to Google. If you see any activity from a location or device you don’t recognize, change your password immediately.
  • Account permissions: These are the apps, websites and devices connected to your Google account. Take a look and make sure you trust—and actually use—all of them. You might want to remove an old phone, or that dusty app you never use.

It takes just a few minutes to make sure your information is accurate and up to date. Visit your Account Settings and take your Security Checkup today.

Posted by Andreas Tuerk, Product Manager Continua a leggere

Don’t get locked out: set up recovery options for your Google Account

Posted by Diana Smetters, Software Engineer


This summer we’re posting regularly with privacy and security tips. Knowing how to stay safe and secure online is important, which is why we created our Good to Know site with advice and tips for safe and savvy Internet use. -Ed.

Strong passwords help protect your accounts and information on the web. But forgetting your password is like losing your keys—you can end up locked out of your own home. It gets worse if your password gets compromised or stolen. Sometimes the thief will change your password so you can’t get back into your own account—kind of like someone stealing your keys and then changing the lock.

If you’ve lost your Google password, you need a way to get back into your Google Account—and back to all of your stuff in Gmail, Maps, Google+ and YouTube. To help you, Google needs to be able to tell that you’re the rightful account owner even if you don’t have the right password. There are a few easy steps you can take right now to make it easy for you—and no one else—to get into your Google Account if you forget or don’t know the password.


1. Add a recovery email address. By registering an alternate email address with your Google Account settings, you’re giving Google another way to reach you. If you forget your password, Google can send a link to that recovery email address so you can reset your password. Google can also use that email address to let you know if we detect something suspicious happening with your account.

Setting up your recovery options can help you get back in
if you get locked out of your Google Account



2. Add a phone number to your Google Account. Your mobile phone is the best way to regain access to your account if you forget your password. It’s like the “fast lane” for account recovery: we text a code to the phone number you’ve registered with us, and you’re back in business in no time. Your phone is more secure and reliable than other means of recovering your account. Methods like “secret” questions (asking your mother’s maiden name or city where you were born) may have answers that are easy to remember, but they are also possible for bad guys to uncover. And we’ve consistently seen that people who register a recovery phone are faster and more successful at getting their accounts back than those recovering their accounts via email.

You can also get a text message if Google detects that something suspicious is going on with your account. Giving a recovery phone number to Google won’t result in you being signed up for marketing lists or getting more calls from telemarketers.

3. Keep your recovery options up to date. It’s a good idea to check your recovery options every so often. For example, if you change your phone number after setting up your recovery options, take just a minute to update your recovery settings to match. We’ll remind you of your current settings every so often to make it easier for you to keep them up to date.

That’s it! You can either update your recovery options next time you’re prompted, or you can take two minutes to do it right now on our Account recovery options page. For more advice on how to protect yourself and your family online, visit our Good to Know site, or check out some of the other posts in our series on staying safe and secure.


Continua a leggere

Dude, where’s my phone? Protecting your Android device

This summer we’re posting regularly with privacy and security tips. Knowing how to stay safe and secure online is important, which is why we created our Good to Know site with advice and tips for safe and savvy Internet use. -Ed.

With summer vacation in full swing, you’re likely out and about, using your smartphone or tablet to get answers on the go or check out the latest cool apps and games. But you don’t have to leave safety at home! In this post, we’re sharing a few tips and tools that you can easily set up if you’re on an Android phone or tablet to keep your device—and the contents inside—safe and secure, including a new service that makes it easy to locate a misplaced device.

1. Lock your device screen. Whether you’re on a phone or a tablet, it’s easy to set up a screen lock. This is important to do in case your device gets left in the back of a car, or you’re worried about someone picking up your phone and scrolling through your stuff. You can lock your device with a pin, password, pattern (or even your face!) by going to Settings > Personal > Security > Screen Lock.

2. Protect your phone from suspicious apps. We automatically scan Google Play to block and remove harmful apps. That makes Google Play the safest place to get Android apps. But Google Play can also help protect you even for apps you get elsewhere, like the web or a third-party app store. The first time you start to install an app from an unknown source, a message will pop up asking if you’d like Google to scan the file to make sure it’s not harmful. Tap “OK” to let Google help protect you from harmful apps.

3. Locate, ring and wipe a misplaced device. Have you ever lost your phone in between the couch cushions or left it in a restaurant? Later this month, you will be able to use a new service called Android Device Manager, which can quickly ring your phone at maximum volume so you can find it (even if it’s been silenced), or locate it on a map, in real time, using Android Device Manager. If your phone can’t be recovered, or has been stolen, you can quickly and securely erase all of the data on your device to keep your data from ending up in the wrong hands. The Android Device Manager will be available for devices running Android 2.2 and above, as part of Google Play. You can read the full announcement on the Android blog.

For more advice on how to protect yourself and your family online, visit our Good to Know site, and stay tuned for more posts in our security series.

Posted by Adrian Ludwig, Android Security Engineer
Continua a leggere

A few easy tools the whole family will love

Posted by Matthias Helier, Staff Software Engineer

This summer we’re posting regularly with privacy and security tips. Knowing how to stay safe and secure online is important, which is why we created our Good to Know site with advice and tips for safe and savvy Internet use. -Ed.

Summer is here, and with kids out of school it is a great time for families to explore the web together—from learning what makes fireflies glow to playing online games together. But while there is a lot of entertaining, educational content online, there are also materials I’d rather not see when I’m surfing the web with my family. Google has built a number of tools that parents can use to help keep content they would rather not see from popping up on the family computer. It takes less than five minutes to turn them on, so follow the steps below to help make your search results more family-friendly this summer.

1. Turn on SafeSearch in Google Search
Turning on SafeSearch is an easy way to help you hide images, search results and videos intended just for adults. It’s especially helpful if you’re concerned about the content that might pop up on your family computer, and it’s easy to turn on. Just visit the Google Search Settings page, go to the “SafeSearch filters” section, and check the box to filter mature content from Google Search result pages. These preferences will apply for any searches done using that browser on your computer. If you have multiple browsers on your family computer, you might want to turn SafeSearch on for each one.

You can turn SafeSearch on or off from the Search Settings page

2. Save and lock your preferences
Once you’ve set your preferences, make sure to click the Save button at the bottom of the page. And if you’re signed in to your Google Account, you can also lock the SafeSearch filter so others can’t change your preferences—just click “Lock SafeSearch.” Now the setting is protected with your Google Account password. While no filter is 100 percent perfect, with SafeSearch on you can feel more confident browsing the web with your family.

3. Turn on YouTube Safety Mode
YouTube Safety Mode helps you and your family avoid videos that might be OK with our Community Guidelines, but you might not want popping up on your family computer. Turning on Safety Mode in YouTube takes just one step. Scroll down to the bottom of any YouTube page and click on the button that says “Safety” at the bottom of the page—now you can choose your preferences for Safety Mode.

Click the button that says “Safety” at the bottom of any YouTube page, and then choose your preferences

4. Lock your Safety Mode preferences
Just like with Safe Search, you can also log in with your Google Account and lock YouTube Safety Mode on each one of your computer’s browsers. It will filter videos with mature content, so they won’t show up in video search results, related videos, playlists, shows or films. YouTube Safety Mode will also help hide objectionable comments.

5. Turn on SafeSearch on mobile
SafeSearch is available on your phone or other mobile device, as well as the web. You can turn on SafeSearch for Google on your mobile device by opening your phone’s browser and visiting google.com/preferences. Scroll to the SafeSearch Filters section to select what level of filtering you would like to enable. Be sure to tap “Save Preferences” after you’ve made your selection.

To enable SafeSearch on YouTube’s mobile app, first open your settings, then press “Search.” From there, select “SafeSearch Filtering” and select moderate or strict filtering.

Helping your family have a positive and safe experience with Google is important to you, and it’s important to us, too. That’s why we’ve partnered with parents and experts on free and easy to use tools and resources to help your family stay safe and secure when browsing online. If you’re interested in even more of our tools and tips, please see our Good to Know site, and stay tuned for more security tips throughout the summer.

(Cross-posted from the Official Google Blog)


Continua a leggere

Securing your WiFi network

Posted by John Munoz, Technical Program Manager 


This post is part of a regular series of privacy and security tips to help you and your family stay safe and secure online. Privacy and security are important topics—they matter to us, and they matter to you. Building on our Good to Know site with advice for safe and savvy Internet use, we hope this information helps you understand the choices and control that you have over your online information. -Ed. 


More than a quarter of Internet users worldwide use WiFi at home to connect to the web, but many aren’t sure how to protect their home network, or why it is important to do so. The best way to think of your home WiFi network is to think of it like your front door: you want a strong lock on both to ensure your safety and security. 


When data is in transit over an unsecured WiFi network, the information you’re sending or receiving could be intercepted by someone nearby. Your neighbors might also be able to use the network for their own Internet activities, which might slow down your connection. Securing your network can help keep your information safe when you’re connecting wirelessly, and can also help protect the devices that are connected to your network. 

If you’re interested in improving your home WiFi security, the steps below can help make your home network safer. 

1. Check to see what kind of home WiFi security you already have.
Do your friends need to enter a password to get on your network when they visit your house for the first time and ask to use your WiFi? If they don’t, your network isn’t as secure as it could be. Even if they do need to enter a password, there are a few different methods of securing your network, and some are better than others. Check what kind of security you have for your network at home by looking at your WiFi settings. Your network will likely either be unsecured, or secured with WEP, WPA or WPA2. WEP is the oldest wireless security protocol, and it’s pretty weak. WPA is better than WEP, but WPA2 is best. 

2. Change your network security settings to WPA2.
Your wireless router is the machine that creates the WiFi network. If you don’t have your home network secured with WPA2, you’ll need to access your router’s settings page to make the change. You can check your router’s user manual to figure out how to access this page, or look for instructions online for your specific router. Any device with a WiFi trademark sold since 2006 is required to support WPA2. If you have a router that was made before then, we suggest upgrading to a new router that does offer WPA2. It’s safer and can be much faster.



3. Create a strong password for your WiFi network.
To secure your network with WPA2, you’ll need to create a password. It’s important that you choose a unique password, with a long mix of numbers, letters and symbols so others can’t easily guess it. If you’re in a private space such as your home, it’s OK to write this password down so you can remember it, and keep it somewhere safe so you don’t lose it. You might also need it handy in case your friends come to visit and want to connect to the Internet via your network. Just like you wouldn’t give a stranger a key to your house, you should only give your WiFi password to people you trust. 



4. Secure your router too, so nobody can change your settings.
Your router needs its own password, separate from the password you use to secure your network. Routers come without a password, or if they do have one, it’s a simple default password that many online criminals may already know. If you don’t reset your router password, criminals anywhere in the world have an easy way to launch an attack on your network, the data shared on it and the computers connected to your network. For many routers, you can reset the password from the router settings page. Keep this password to yourself, and make it different from the one you use to connect to the WiFi network (as described in step 3). If you make these passwords the same, then anyone who has the password to connect to your network will also be able to change your wireless router settings. 



 5. If you need help, look up the instructions.
If you’ve misplaced your router’s manual, type the model number of your base station or router into a search engine—in many cases the info is available online. Otherwise, contact the company that manufactured the router or your Internet Service Provider for assistance.

Please check out the video below to learn more about the simple but important steps you can take to improve the security of your Internet browsing.


 




For more advice on how to protect yourself and your family online, visit our Good to Know site, and stay tuned for more posts in our security series.


Continua a leggere

Transparency Report: Making the web a safer place

Two of the biggest threats online are malicious software (known as malware) that can take control of your computer, and phishing scams that try to trick you into sharing passwords or other private information.

So in 2006 we started a Safe Browsing program to find and flag suspect websites. This means that when you are surfing the web, we can now warn you when a site is unsafe. We’re currently flagging up to 10,000 sites a day—and because we share this technology with other browsers there are about 1 billion users we can help keep safe.

But we’re always looking for new ways to protect users’ security. So today we’re launching a new section on our Transparency Report that will shed more light on the sources of malware and phishing attacks. You can now learn how many people see Safe Browsing warnings each week, where malicious sites are hosted around the world, how quickly websites become reinfected after their owners clean malware from their sites, and other tidbits we’ve surfaced.

Sharing this information also aligns well with our Transparency Report, which already gives information about government requests for user data, government requests to remove content, and current disruptions to our services.

To learn more, explore the new Safe Browsing information on this page. Webmasters and network administrators can find recommendations for dealing with malware infections, including resources like Google Webmaster Tools and Safe Browsing Alerts for Network Administrators.

Posted by Lucas Ballard, Software Engineer

Continua a leggere