Tag Archives: Google

Google Hit with Biggest Ever GDPR Fine

The biggest GDPR fine was recently issued by France’s National Data Protection Commission (CNIL) to Google  for multiple GDPR violations, the regulator recently announced. The fine? A whooping 50 million euros (about $57 million).

Two Types of GDPR Violations

First, CNIL found that Google provided information to users in a non-transparent way, saying, “The relevant information is accessible after several steps only, implying sometimes up to 5 or 6 actions,” according to the CNIL.

Second, CNIL concluded that Google was not validly obtaining users’ permission for data processing and ads personalization purposes. The users’ consent, CNIL claims, “is not sufficiently informed,” and it’s “neither ‘specific’ nor ‘unambiguous’.”

Confirming Customer Sentiment

The CNIL’s findings echo what many users have felt when dealing with privacy settings of large online companies, such as Google and Facebook; essentially stating that while it may be possible to opt out of various ads personalization and data processing schemes, the process and settings are too convoluted for many users to understand.  Continue reading Google Hit with Biggest Ever GDPR Fine

Gmail Alerts: State-Sponsored Attacks

Google is pretty good at letting users know in a practical way when they are in danger online. Google has been warning Gmail users since 2012 when they become the target of a state-sponsored attack.

google-alert-old

 

 

 

But now the alerts will be a little more ‘in-your-face’ as you can see below.

warn-gmail

 

 

 

 

 

 

 

“The users that receive these warnings are often journalists, activists, and policy-makers taking bold stands around the world,” says Gmail’s Nicolas Lidzborski. Nevertheless, based on Google’s stats, the number of users targeted could be as high as 1 million.

Kudos to Google, as well as other websites like Facebook and Twitter, for playing a part in keeping users safe against cyber attacks.

Google: Warning for Social Engineering Sites

Google is launching a new warning page for Google Chrome users that will appear when they visit a website with social engineering content.

According to the Google blog post, “The threat landscape is constantly changing—bad actors on the web are using more and different types of deceptive behavior to trick you into performing actions that you didn’t intend or want, so we’ve expanded protection to include social engineering.”

If Google has flagged a website as one with social engineering content, the following warning page will be displayed.

google SE warning

How Security Experts Stay Safe Online

experts vs non experts security practicesWith the many security “best practices” floating around for online activity, it can be daunting to recognize what the most effective practices really are to increasing your security. Google Online Security Blog published an article based on two surveys that compares the top security practices from security experts as well as non-experts. The surveys asked both groups what actions they take to maximize safety online.

The good news is that all of the top practices mentioned makes a user less secure. It’s refreshing to see proper password management show up on both lists. Experts rely more on password managers that protect and store a user’s passwords in one place. The reasoning for non-experts using password managers less frequently seems to be the lack of education about the benefits of the tool.

The key difference lies in the non-expert reliance on antivirus programs and the expert usage of software updates. Antivirus programs have benefits, but also leave gaps for malware that hasn’t been detected in the wild. On the other hand, software updates are the “seatbelts of online security, they make you safer, period.”

Take note of the experts’ top security practices and how you can implement them into your organization’s online activities.

You can find the full research paper here.

Google Simplifies CAPTCHA

Google has recently presented its latest rendition of its reCAPTCHA program. CAPTCHA (Completely Automated Public Turing test to tell Computers and Human Apart) basically determines whether or not the user is a human, protecting websites from robots and other abusive agents.

In the past, Google has required users to confirm their status through a process of reading distorted text and typing it into a box.

reCAPTCHA_OldAPI

 

 

 

 

The new reCAPTCHA interface is called No CAPTCHA reCAPTCHA. Now users must simply confirm their status by clicking a box next to the phrase “I’m not a robot.”

Recaptcha_anchor@2x

 

 

The old method relied on the failure of robots to solve distorted text. However, Google recently cited that algorithms exist that decipher distorted text from reCAPTCHA with over 99% accuracy. “To counter this, last year we developed an Advanced Risk Analysis backend for reCAPTCHA that actively considers a user’s entire engagement with the CAPTCHA—before, during, and after—to determine whether that user is a human,” explains Vinay Shet, Product Manager at Google’s reCAPTCHA.

reCAPTCHA is tracking metrics such as IP addresses, cookies, and mouse movements as users move to click the box, as well as other relevant clues. If it cannot confidently determine whether the user is human or robot, it will force the user to answer a traditional CAPTCHA to gather more clues. This increases the amount of security measures involved to confirm the user’s identity. For a short demo video of the new program click here.

“Early adopters, like Snapchat, WordPress, Humble Bundle, and several others are already seeing great results with this new API. For example, in the last week, more than 60% of WordPress’ traffic and more than 80% of Humble Bundle’s traffic on reCAPTCHA encountered the No CAPTCHA experience—users got to these sites faster,” notes Shet.

reCAPTCHA is a free service to protect websites from spam and abuse. It’s available by clicking the “Get reCAPTCHA” button here.