Google Data

Posted by John Munoz, Technical Program Manager 

This post is part of a regular series of privacy and security tips to help you and your family stay safe and secure online. Privacy and security are important topics—they matter to us, and they matter to you. Building on our Good to Know site with advice for safe and savvy Internet use, we hope this information helps you understand the choices and control that you have over your online information. -Ed. 

More than a quarter of Internet users worldwide use WiFi at home to connect to the web, but many aren’t sure how to protect their home network, or why it is important to do so. The best way to think of your home WiFi network is to think of it like your front door: you want a strong lock on both to ensure your safety and security. 

When data is in transit over an unsecured WiFi network, the information you’re sending or receiving could be intercepted by someone nearby. Your neighbors might also be able to use the network for their own Internet activities, which might slow down your connection. Securing your network can help keep your information safe when you’re connecting wirelessly, and can also help protect the devices that are connected to your network. 

If you’re interested in improving your home WiFi security, the steps below can help make your home network safer. 

1. Check to see what kind of home WiFi security you already have. Do your friends need to enter a password to get on your network when they visit your house for the first time and ask to use your WiFi? If they don’t, your network isn’t as secure as it could be. Even if they do need to enter a password, there are a few different methods of securing your network, and some are better than others. Check what kind of security you have for your network at home by looking at your WiFi settings. Your network will likely either be unsecured, or secured with WEP, WPA or WPA2. WEP is the oldest wireless security protocol, and it’s pretty weak. WPA is better than WEP, but WPA2 is best. 

2. Change your network security settings to WPA2.Your wireless router is the machine that creates the WiFi network. If you don’t have your home network secured with WPA2, you’ll need to access your router’s settings page to make the change. You can check your router’s user manual to figure out how to access this page, or look for instructions online for your specific router. Any device with a WiFi trademark sold since 2006 is required to support WPA2. If you have a router that was made before then, we suggest upgrading to a new router that does offer WPA2. It’s safer and can be much faster.

3. Create a strong password for your WiFi network.To secure your network with WPA2, you’ll need to create a password. It’s important that you choose a unique password, with a long mix of numbers, letters and symbols so others can’t easily guess it. If you’re in a private space such as your home, it’s OK to write this password down so you can remember it, and keep it somewhere safe so you don’t lose it. You might also need it handy in case your friends come to visit and want to connect to the Internet via your network. Just like you wouldn’t give a stranger a key to your house, you should only give your WiFi password to people you trust. 

4. Secure your router too, so nobody can change your settings.Your router needs its own password, separate from the password you use to secure your network. Routers come without a password, or if they do have one, it’s a simple default password that many online criminals may already know. If you don’t reset your router password, criminals anywhere in the world have an easy way to launch an attack on your network, the data shared on it and the computers connected to your network. For many routers, you can reset the password from the router settings page. Keep this password to yourself, and make it different from the one you use to connect to the WiFi network (as described in step 3). If you make these passwords the same, then anyone who has the password to connect to your network will also be able to change your wireless router settings. 

 5. If you need help, look up the instructions.If you’ve misplaced your router’s manual, type the model number of your base station or router into a search engine—in many cases the info is available online. Otherwise, contact the company that manufactured the router or your Internet Service Provider for assistance. Please check out the video below to learn more about the simple but important steps you can take to improve the security of your Internet browsing.

 

For more advice on how to protect yourself and your family online, visit our Good to Know site, and stay tuned for more posts in our security series.

Two of the biggest threats online are malicious software (known as malware) that can take control of your computer, and phishing scams that try to trick you into sharing passwords or other private information.

Posted by Allan Thygesen, Vice President, Global SMB Sales

(Cross-posted from the Official Google Blog)

• Since 2010, we’ve only permitted U.S.-based online pharmacies accredited under the National Association Boards of Pharmacy “VIPPS” program to run pharma ads in our AdWords program.  We were the first online search provider to require this certification – there are less than 40 VIPPS certified pharmacies operating in the U.S.

• We partner with LegitScript, an independent company with deep knowledge about online pharmacies, to conduct weekly “sweeps” of ads on Google to help ensure that we are keeping our ads safe.

• According to LegitScript, the number of illegal drug and pharmacy ads on major search engines like Google and Bing has declined by 99.9% percent since 2010.
• In the last two years alone, Google has blocked or removed from its systems more than 3 million ads by suspected rogue pharmacies.

Posted by Eric Grosse, VP Security Engineering

Cross-posted from the Google Online Security Blog

For almost three weeks, we have detected and disrupted multiple email-based phishing campaigns aimed at compromising the accounts owned by tens of thousands of Iranian users. These campaigns, which originate from within Iran, represent a significant jump in the overall volume of phishing activity in the region. The timing and targeting of the campaigns suggest that the attacks are politically motivated in connection with the Iranian presidential election on Friday.

Our Chrome browser previously helped detect what appears to be the same group using SSL certificates to conduct attacks that targeted users within Iran. In this case, the phishing technique we detected is more routine: users receive an email containing a link to a web page that purports to provide a way to perform account maintenance. If the user clicks the link, they see a fake Google sign-in page that will steal their username and password.

Protecting our users’ accounts is one of our top priorities, so we notify targets of state-sponsored attacks and other suspicious activity, and we take other appropriate actions to limit the impact of these attacks on our users. Especially if you are in Iran, we encourage you to take extra steps to protect your account. Watching out for phishing, using a modern browser like Chrome and enabling 2-step verification can make you significantly more secure against these and many other types of attacks. Also, before typing your Google password, always verify that the URL in the address bar of your browser begins with https://accounts.google.com/. If the website’s address does not match this text, please don’t enter your Google password.

This morning we sent the following letter to the offices of the Attorney General and the Federal Bureau of Investigation. Read the full text below. -Ed. 

Dear Attorney General Holder and Director Mueller

Google has worked tremendously hard over the past fifteen years to earn our users’ trust. For example, we offer encryption across our services; we have hired some of the best security engineers in the world; and we have consistently pushed back on overly broad government requests for our users’ data.

We have always made clear that we comply with valid legal requests. And last week, the Director of National Intelligence acknowledged that service providers have received Foreign Intelligence Surveillance Act (FISA) requests.

Assertions in the press that our compliance with these requests gives the U.S. government unfettered access to our users’ data are simply untrue. However, government nondisclosure obligations regarding the number of FISA national security requests that Google receives, as well as the number of accounts covered by those requests, fuel that speculation.

We therefore ask you to help make it possible for Google to publish in our Transparency Report aggregate numbers of national security requests, including FISA disclosures—in terms of both the number we receive and their scope. Google’s numbers would clearly show that our compliance with these requests falls far short of the claims being made. Google has nothing to hide.

Google appreciates that you authorized the recent disclosure of general numbers for national security letters. There have been no adverse consequences arising from their publication, and in fact more companies are receiving your approval to do so as a result of Google’s initiative. Transparency here will likewise serve the public interest without harming national security.

We will be making this letter public and await your response.

David Drummond
Chief Legal Officer

• Don’t reply if you see a suspicious email, instant message or webpage asking for your personal or financial information. Identity thieves can steal your information and then use it to withdraw money from your bank account.
• Never enter your password if you’ve arrived at a site by following a link in an email or chat that you don’t trust.
• If you see a message from someone you know that doesn’t seem like them, their account might have been compromised by a cyber criminal who is trying to get money or information from you. Think before responding!
• Don’t send your password via email, and don’t share your password with others. Legitimate sites won’t ask you to send them your passwords via email, so don’t respond if you get requests for your passwords to online sites.
• Report any suspicious emails and scams. Many email providers, including Gmail, provide an easy way for you to report fishy emails and scams, and it can help our teams stop similar mail from being sent to you and others.

Stopping bad actors who target seniors and preventing the rise of identity theft is a shared mission for all of us. Google is committed to making the Internet safer, and protecting our users of all ages.

Robert Kyncl, Vice President, Global Head of Content Partnerships for YouTube

Posted by Susan Infantino, Legal Director 

Three years ago when we launched the Transparency Report, we said we hoped it would shine some light on the scale and scope of government requests for censorship and data around the globe. Today, for the seventh time, we’re releasing new numbers showing requests from governments to remove content from our services. From July to December 2012, we received 2,285 government requests to remove 24,179 pieces of content—an increase from the 1,811 requests to remove 18,070 pieces of content that we received during the first half of 2012.

As we’ve gathered and released more data over time, it’s become increasingly clear that the scope of government attempts to censor content on Google services has grown. In more places than ever, we’ve been asked by governments to remove political content that people post on our services. In this particular time period, we received court orders in several countries to remove blog posts criticizing government officials or their associates. You can read more about these requests by looking at the annotations section of the Transparency Report. Of particular note were three occurrences that took place in the second half of 2012:

• There was a sharp increase in requests from Brazil, where we received 697 requests to remove content from our platforms (of which 640 were court orders—meaning we received an average of 3.5 court orders per day during this time period), up from 191 during the first half of the year. The big reason for the spike was the municipal elections, which took place last fall. Nearly half of the total requests—316 to be exact—called for the removal of 756 pieces of content related to alleged violations of the Brazilian Electoral Code, which forbids defamation and commentary that offends candidates. We’re appealing many of these cases, on the basis that the content is protected by freedom of expression under the Brazilian Constitution.
• Another place where we saw an increase was from Russia, where a new law took effect last fall. In the first half of 2012, we received six requests, the most we had ever received in any given six-month period from Russia. But in the second half of the year, we received 114 requests to remove content—107 of them citing this new law.
• During this period, we received inquiries from 20 countries regarding YouTube videos containing clips of the movie “Innocence of Muslims.” While the videos were within our Community Guidelines, we restricted videos from view in several countries in accordance with local law after receiving formal legal complaints. We also temporarily restricted videos from view in Egypt and Libya due to the particularly difficult circumstances there.

We’ve also made a couple of improvements to the Transparency Report since our last update:

• We’re now breaking down government requests about YouTube videos to clarify whether we removed videos in response to government requests for violating Community Guidelines, or whether we restricted videos from view due to local laws. You can see the details by scrolling to the bottom of each country-specific page.
• We’ve also refreshed the look of the Traffic section, making it easier to see where and when disruptions have occurred to Google services. You can see a map where our services are currently disrupted; you can see a map of all known disruptions since 2009; and you can more easily navigate between time periods and regions.

The information we share on the Transparency Report is just a sliver of what happens on the Internet. But as we disclose more data and continue to expand it over time, we hope it helps draw attention to the laws around the world that govern the free flow of information online.

This is an important moment for all Internet users, and we’re deeply appreciative of Senators Leahy and Lee’s leadership in advancing this bill. We’ve also been working closely with the House Judiciary Committee on this issue and we look forward to continuing to work with Congress to update ECPA.

Posted by Kent Walker, Senior Vice President & General Counsel, Google
 
Cross-posted from the Official YouTube Blog 

Today is an important day for the Internet. For the second time, a federal court correctly rejected Viacom’s lawsuit against YouTube. This is a win not just for YouTube, but for the billions of people worldwide who depend on the web to freely exchange ideas and information.

In enacting the Digital Millennium Copyright Act, Congress effectively balanced the public interest in free expression with the rights of copyright holders. The court today reaffirmed an established judicial consensus that the DMCA protects web platforms like YouTube that work with rightsholders and take appropriate steps to remove user-generated content that rightsholders notify them is infringing.

The growing YouTube community includes not only a billion individual users, but tens of thousands of partners who earn revenue from the platform — from independent musicians and creators to some of the world’s biggest record labels, movie studios, and news organizations. Today’s decision recognizes YouTube as a thriving and vibrant forum for all these users, creators and consumers alike. Today is an important day for the Internet.

Posted by David Lieber, Public Policy Team Just like burglars and thieves, cyber criminals have many different ways to steal personal information and money. Consumers and technical experts alike are awakening to the reality that passwords – even t…