Google’s Project Zero security team found multiple Intelligent Tracking Prevention flaws in Safari that let users be tracked anyway.
Google updated its Smart Lock app on iOS to let iPhones be used for two-factor authentication. But it will only work inside Chrome. Now your only choices for Google two-factor authentication are this Smart Lock app, or a phone number (an insecure method). You can also use a physical security key but not an app like Authy.
After installing the update, users are asked to select a Google account to set up their phone’s built-in security key. According to a Google cryptographer, the feature makes use of Apple’s Secure Enclave hardware, which securely stores Touch ID, Face ID, and other cryptographic data on iOS devices.
Update. So I made a mistake and you can use an app like Authy, but you first have to surrender your phone number to Google. Which I’m obviously loathe to do so I use a disposable number.
Sonos launched legal action against Google, alleging that the search giant stole its multiroom speaker technology.
A new privacy law comes into force in California tomorrow, January 1st 2020 and retailers are scrambling to make sure they comply.
The UK competition regulator may impose tougher regulations on Google and Facebook over concerns about their dominance of online advertising.
Google started an initiative called Project Understood. It’s partnering with the Canadian Down Syndrome Society to ask people with Down syndrome help train its voice recognition algorithms to understand them better.
“Out of the box, Google’s speech recognizer would not recognize every third word for a person with Down syndrome, and that makes the technology not very usable,” Google engineer Jimmy Tobin said in a video introducing the project. Google is aiming to collect 500 “donations” of voice recordings from people with Down syndrome, and is already more than halfway toward its goal.
A worthy project.
The Federal Trade Commission is considering a revamp of the Children’s Online Privacy Protection Act (COPPA). Google wants to help them change the rules, and asked the agency to eliminate rules that categorizes anyone watching kids content online as actual kids.
In September, Google agreed to pay US$170 million to the FTC to resolve claims that YouTube violated COPPA by serving targeted advertisements to children under 13…After the FTC settlement, YouTube told creators that they would have to identify when videos are aimed at children under 13. When that happens, YouTube now turns off ads that rely on web browsing behavior and other targeting data, which earn more for YouTube and creators.
Apple lets you go into iOS settings and change your default search engine. But Google is still the default engine when you search via Spotlight.
Siobhan O’Flynn writes about all the ways that companies like Google collect data from kids in violation of the Children’s Online Privacy Protection Act. It starts when schools increasingly turn to Google services in education.
Alphabet Inc. dominates child-directed and child-featured content online through YouTube Kids and has now colonized online educational spaces through Google Docs, G-Suite, Chromebooks and the associated Gmail accounts for children that are required for use. This means that Google’s access to children’s data spans entertainment (YouTube and YouTube Kids), search and purchase histories (via associated parental accounts), and educational sectors.
Alex Cranz reviewed Google Stadia, a game service where games are streamed to you instead of you loading them onto your device.
With Stadia, you can slip into a game typically found on a PC or console using almost any device. It makes you wonder why we’ve tethered ourselves to hardware for so long when the internet can give us all of that power at a considerably lower cost (and smaller energy bill). The problem is that Stadia rarely works perfectly. Instead, it offers us a glimmer of the future before crashing back down into the muddy present.
”It makes you wonder why.” Here’s why we’re still tethering ourselves: Because arguably you own physical copies of media like games, books, and movies. The “future” that Mr. Cranz’s headline alludes to is the Ideal Corporate World in which no one owns anything because it’s all a subscription.
Teaming up with Ascension, Project Nightingale aims to collect health data from millions of Americans, without telling patients or doctors.
According to YouTube’s new terms of service, your YouTube account can be terminated if it isn’t commercially viable enough. The phrasing is broad enough that some people think this means Google will take action against people using adblockers.
YouTube may terminate your access, or your Google account’s access to all or part of the Service if YouTube believes, in its sole discretion, that provision of the Service to you is no longer commercially viable.
I’m personally not sure if that’s the case. You don’t need a Google account to watch YouTube, nor does Google need you to have an account for it to track you.
Charlotte Henry and Bryan Chaffin join host Kelly Guimont to discuss Google announcing better malware scans and Apple’s updated family leave.
Google wants Android to have better security so it’s teaming up with other firms to create the App Defense Alliance.
Andrew Orr and Charlotte Henry join host Kelly Guimont to discuss Google’s secure enclave, and how streaming services can retain subscribers.
Google wants Android phones to have a Secure Enclave chip like iPhones. Its OpenTitan project aims to help design an open source one.
OpenTitan is loosely based on a proprietary root-of-trust chip that Google uses in its Pixel 3 and 4 phones. But OpenTitan is its own chip architecture and extensive set of schematics developed by engineers at lowRISC, along with partners at ETH Zurich, G+D Mobile Security, Nuvoton Technology, Western Digital, and, of course, Google.
The consortium will use community feedback and contributions to develop and improve the industry-grade chip design, while lowRISC will manage the project and keep suggestions and proposed changes from going live haphazardly.
You can view the OpenTitan Github repo here, but it’s not fully fleshed out yet.
Google recently bought Fitbit, and if you don’t want an ad company using your personal health data, here’s how to delete your account.
Everyone is talking about a new messaging standard the Big Four carriers have agreed upon. It’s called RCS and it’s meant to replace SMS. But your RCS conversations won’t be end-to-end encrypted.
The CCMI neatly fixes both the first and the second problem. Garland says the carriers believe there are some implementation issues with the Universal Profile that the CCMI can address more elegantly, but it will follow the standard to ensure interoperability.
As for encryption, Garland wouldn’t commit. He emphasizes that the CCMI intends to make sure that the chats are “private” and that the app it’s making is “an experience [customers] can trust.”
Having Apple join the project would certainly legitimize RCS, but if it doesn’t have encryption I don’t think Apple will partake.
A leak shows that Comcast is lobbying against plans to encrypt web traffic that would make it harder to collect your browsing history.
Redditor u/stephenvsawyer found that HEIC photos were given unlimited backups to Google Photos because they are smaller than JPGs. If Google tried to compress them the files would actually get bigger, which would be a waste of storage space. But Google calls it a bug and says it will fix it.
However, what that means remains unclear. Would Google start charging for HEIC images stored in Photos, even if they’re small and don’t take up much space? Would it forcibly re-convert those pics to compressed JPEG, or compress them further under the HEIC format? And will the fix apply to all HEIC images or just iPhones?
I’m not sure how Google will fix it unless they just check if the file extension is .HEIC and arbitrarily limit these files (arbitrary since converting them would increase their size).