Tech-Science | Ned Hamson's Second Line View of the News

Posted by Gerhard Eschelbeck, VP, Security and Privacy

[Cross-posted from the Official Google Blog]

Today is Safer Internet Day, a moment for technology companies, nonprofit organizations, security firms, and people around the world to focus on online safety, together. To mark the occasion, we’re rolling out new tools, and some useful reminders, to help protect you from online dangers of all stripes—phishing, malware, and other threats to your personal information.

1. Keeping security settings simple

The Security Checkup is a quick way to control the security settings for your Google Account. You can add a recovery phone number so we can help if you’re ever locked out of your account, strengthen your password settings, see which devices are connected to your account, and more. If you complete the Security Checkup by February 11, you’ll also get 2GB of extra Google Drive storage, which can be used across Google Drive, Gmail, and Photos.

Safer Internet Day is a great time to do it, but you can—and should!—take a Security Checkup on a regular basis. Start your Security Checkup by visiting My Account.

2. Informing Gmail users about potentially unsafe messages

If you and your Grandpa both use Gmail to exchange messages, your connections are encrypted and authenticated. That means no peering eyes can read those emails as they zoom across the web, and you can be confident that the message from your Grandpa in size 48 font (with no punctuation and a few misspellings) is really from him!

However, as our Safer Email Transparency Report explains, these things are not always true when Gmail interacts with other mail services. Today, we’re introducing changes in Gmail on the web to let people know when a received message was not encrypted, if you’re composing a message to a recipient whose email service doesn’t support TLS encryption, or when the sender’s domain couldn’t be authenticated.

Here’s the notice you’ll see in Gmail before you send a message to a service that doesn’t support TLS encryption. You’ll also see the broken lock icon if you receive a message that was sent without TLS encryption.

If you receive a message that can’t be authenticated, you’ll see a question mark where you might otherwise see a profile photo or logo:

3. Protecting you from bad apps

Dangerous apps that phish and steal your personal information, or hold your phone hostage and make you pay to unlock it, have no place on your smartphone—or any device, for that matter.

Google Play helps protect your Android device by rejecting bad apps that don’t comply with our Play policies. It also conducts more than 200 million daily security scans of devices, in tandem with our Safe Browsing system, for any signs of trouble. Last year, bad apps were installed on fewer than 0.13% of Android devices that install apps only from Google Play.

Learn more about these, and other Android security features — like app sandboxing, monthly security updates for Nexus and other devices, and our Security Rewards Program—in new research we’ve made public on our Android blog.

4. Busting bad advertising practices

Malicious advertising “botnets” try to send phony visitors to websites to make money from online ads. Botnets threaten the businesses of honest advertisers and publishers, and because they’re often made up of devices infected with malware, they put users in harm’s way too.

We’ve worked to keep botnets out of our ads systems, cutting them out of advertising revenue, and making it harder to make money from distributing malware and Unwanted Software. Now, as part of our effort to fight bad ads online, we’re reinforcing our existing botnet defenses by automatically filtering traffic from three of the top ad fraud botnets, comprising more than 500,000 infected user machines. Learn more about this update on the Doubleclick blog.

5. Moving the security conversation forward

Recent events—Edward Snowden’s disclosures, the Sony Hack, the current conversation around encryption, and more—have made online safety a truly mainstream issue. This is reflected both in news headlines, and popular culture: “Mr. Robot,” a TV series about hacking and cybersecurity, just won a Golden Globe for Best Drama, and @SwiftOnSecurity, a popular security commentator, is named after Taylor Swift.

But despite this shift, security remains a complex topic that lends itself to lively debates between experts…that are often unintelligible to just about everyone else. We need to simplify the way we talk about online security to enable everyone to understand its importance and participate in this conversation.

To that end, we’re teaming up with Medium to host a virtual roundtable about online security, present and future. Moderated by journalist and security researcher Kevin Poulsen, this project aims to present fresh perspectives about online security in a time when our attention is increasingly ruled by the devices we carry with us constantly. We hope you’ll tune in and check it out.

Online security and safety are being discussed more often, and with more urgency, than ever before. We hope you’ll take a few minutes today to learn how Google protects your data and how we can work toward a safer web, for everyone.