Connect with us

Internet

Google Chrome Update — ‘A Threat To Children, Cybersecurity And Government Snooping’

Published

on

The way we access websites is about to change. As a result, crisis talks have now been scheduled between the U.K. government and the internet industry to discuss the risks. The primary concern is a proposed but as yet unconfirmed update to Google’s popular Chrome web browser, one that would hit many of the techniques used to monitor internet content for both safety and snooping. It isn’t just Google that will change. But the market-leading position of its Chrome browser has focused governmental minds.

These days, almost everyone is familiar with the concept of internet domain names and the fact that memorable, human-readable addresses are translated into machine-readable IP addresses. But most people have likely never heard of DNS over HTTPS or DOH, and so will be unaware of a planned change to how all this works.

However, DOH is now being fast-tracked, and it has agitated U.K. child safety and intelligence agencies enough to convene a crisis meeting on 8 May, citing child safety, cybersecurity and even terrorism as concerns.

DOH will encrypt the addresses of the websites we visit, potentially bypassing local Internet Service Providers (ISPs), and connecting directly to central nameservers that could well be managed by the companies behind the browsers themselves. This means that many of the filtering and protection tools in place today, usually administered by ISPs, would no longer work.

The new approach brings definite security advantages, notwithstanding that we’ll be entrusting Google and its peers with even more data on us. If the addresses of the websites you want to visit can’t be seen, they can’t be filtered or policed. And campaigners claim that this has implications for the fights against terrorism and extremism, as well as for child safety.

Coming at a time when the monitoring of online content has never been more in the news, and when cybersecurity breaches are reported weekly, the clear need to improve online security is driving welcome change. But the unintended consequences of those changes are apparently now a major concern.

All change

The Internet’s Domain Name System (DNS) is one of its greatest strengths and also one of its greatest weaknesses. The internet is easy to use, but that comes with the risk of the manipulation of DNS names, with snooping on open traffic, and, in many parts of the world, with local monitoring and filtering. So it’s little surprise that the Internet Engineering Task Force (IETF) has been working on a revised approach.

As open traffic, your IP address and browsing activities can be profiled and your requests can potentially be intercepted and manipulated. Who you are and what you’re looking at can be monitored. But with more and more of what is done online being encrypted, the very act of accessing specific websites can be encrypted as well. This is what DNS over HTTPS is all about, bypassing locally held DNS nameservers, sending encrypted traffic to a central server instead.

The change would see web browsers (or other central services) handling domain queries, transparently to users, rather than fielding these as open internet traffic through the ISP. More secure and less open to interception, yes, because all of this would be encrypted HTTPS traffic, but it means that you would be serviced from a central location and not by an operator under your country’s legislative control. Think of it as a built-in, always-on VPN.

presentation from BT on the ‘Potential ISP Challenges with DNS over HTTPS’ earlier this month, acknowledged that “DOH could be a game changer in operator/application dynamics” with fast-tracked standards bringing potentially adverse implications on cybersecurity and on safety from online harms. BT cited a reduced ability to derive cybersecurity intelligence from malware activity and DNS insight, significant new attack opportunities for hackers, and the inability to fulfill government mandated regulation or court orders as potential concerns.

Online responses to the ‘crisis’ suggested that this latter point, the impact on government snooping, was much more of a concern for the authorities than any impact on online safety filters.

Crisis meeting scheduled

According to the Sunday Times, a crisis meeting has now been convened for 8 May to bring together the country’s major ISPs, including BT, Virgin, Sky and TalkTalk, with the country’s National Cyber Security Centre (NCSC) to discuss the implications. The primary concern is that it will be impossible for the country’s ISPs to filter out illegal or inappropriate material. This could have implications for terrorism, extremism, child safety and, of course, password-protecting the U.K.’s countrywide porn habits from July 15, as announced last week.

Because DOH is expected to be largely centralized, and (at least initially) managed by the major browsers, this is where Google comes in. Chrome is the U.K.’s most popular browsing application. With DNS queries not being serviced by an ISP’s nameservers, the ISPs would have no way of tracking, filtering or policing browsing. It would invalidate child safety locks and render useless the planned porn filter. For the ISPs, it could also mandate a rethink in the ways content is cached through efficient and cost-effective content delivery networks.

The well-populated databases of dangerous sites held by ISPs would be bypassed. But, it would also make government online snooping much more difficult. According to the Sunday Times, “BT, which has 9m broadband customers, said in a statement that parental controls, the first line of defense for millions of households, could be rendered ‘ineffective’ by the new system. It added that it could ‘hamper our ability to protect customers from online harms’.”

A spokesperson for the U.K.’s Internet Services Providers’ Association, the trade association representing more than 200 ISPs, including BT, Sky and Virgin, told me that “U.K. broadband providers are actively involved at a national and international level in ensuring that encrypted DNS is implemented in a way that does not break existing protections provided to U.K. internet users. If internet browser manufacturers switch on DNS encryption by default, they will put users at serious risk by allowing harmful online content to go unchecked. Internet browser companies must ensure that parental controls and cybersecurity protections offered by broadband companies continue to work and protect users. We would expect internet browsers to provide the same protections, uphold the same standards and follow the same laws as U.K. ISPs currently do.”

No need to panic?

The encryption of DNS name traffic is not the issue. The central management of the system, bypassing local controls, is the issue. There’s no reason that the new ecosystem cannot work in the existing framework. But it won’t start out that way, and it puts significant control in the hands of the device browsers. Theoretically, there could be device- or even application-specific DOH datasets accessed. And any user filtering would need to be at a device level instead of relying on the ISP. These changes need to be fully communicated and documented in how-to guides before being made.

For their part, Google has confirmed that an encrypted version of Chrome is already available but is not yet included as standard. In a statement, the company said that “Google has not made any changes to the default behavior of Chrome.”

Source: https://www.forbes.com/sites/zakdoffman/2019/04/22/crisis-as-changes-to-google-chrome-threaten-child-safety-and-cybersecurity/#7d0977f05704

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Internet

Twitter finally allows several locked users regain control

Published

on

By

After a year of locking out some accounts, Twitter is finally allowing several of the users regain control of their accounts once again.

Accounts created by those under 13, were frozen owing to the General Data Protection Regulation (GDPR) that came into force on May 25 last year.

The GDPR stipulates that the age of consent for using online services should not be lower than 13.

Twitter had locked down several accounts owing to the age restriction; also locked out users who said they were now old enough to use Twitter’s service legally.

“Starting today, we’ll email those eligible with details on how to unlock your account. Emails will be sent in waves, so don’t worry if you don’t hear from us right away.

“No email? Log in to your account and look for a Get Started button. You’ll have 30 days to finish the process.

“If you don’t have an email tied to your Twitter account and you’re eligible, you can log in to your account and you’ll see instructions on screen when it’s your turn,” said Twitter.

Twitter said users of affected accounts would be notified in phases, and that it may take a few weeks for every affected user to get notified.

“Typically, being eligible means you must meet our minimum age requirement and your account must not be locked for other reasons, such as for violating Twitter Rules,” Twitter said.

Source: https://www.thenewsguru.com/technology/internet/article/twitter-finally-allows-several-locked-users-regain-control/

Continue Reading

Internet

Google’s latest app, Rivet, uses speech processing to help kids learn to read

Published

on

By

Rivet, a new app from Google’s in-house incubator, wants to help children struggling to read. The app hails from Area 120 — Google’s workshop for experimental projects — and includes more than 2,000 free books for kids, as well as an in-app assistant that can help kids when they get stuck on a word by way of advanced speech technology.

For example, if the child is having difficulties with a word, they can tap it to hear it pronounced or they can say it themselves out loud to be shown in the app which parts were said correctly and which need work.

There are also definitions and translations for more than 25 languages included in the app, in order to help kids — and especially non-native speakers — to better learn reading.

For younger readers, there’s a follow-along mode where the app will read the stories aloud with the words highlighted so the child can match up the words and sounds. When kids grow beyond needing this feature, parents can opt to disable follow-along mode so the kids have to read for themselves.

While there are a number of e-book reading apps aimed at kids on the market today, Rivet is interesting for its ability to leverage advances in voice technology and speech processing.

Starting today on Android and (soon) iOS, Rivet will be able to offer real-time help to kids when they tap the microphone button and read the page aloud. If the child hits a word and starts to struggle, the assistant will proactively jump in and offer support. This is similar to how parents help children to read — as the child reaches a word they don’t know or can’t say, the parent typically corrects them.

Rivet says all the speech processing takes place on the device to protect children’s privacy and its app is COPPA-compliant.

When the child completes a page, they can see which words they read correctly, and which they still need to work on. The app also doles out awards by way of points and badges, and personalizes the experience using avatars, themes and books customized to the child’s interests and reading level.

Other surprises and games keep kids engaged with the app and continuing to read.

According to Rivet’s head of Tech and Product, Ben Turtel, the team wanted to work on reading because it’s a fundamental skill — and one that needs to be mastered to learn just about everything else.

“Struggling readers,” he says, “are unlikely to catch up and four times less likely to graduate from high school. Unfortunately, 64% of fourth-grade students in the United States perform below the proficient level in reading,” Turtel explains.

Rivet is not the first app from Google aimed at tackling reading. An app called Bolooffers a similar feature set, but is aimed at kids in India.

While Bolo was not an Area 120 project, others from the incubator have focused on education, like learn-to-code app Grasshopper, or used speech processing technology, like customer service phone system CallJoy.

Rivet was previously spotted in the wild during beta trials this year, but is now publicly available and a free download on both Google Play and the Apple App Store across 11 countries, including the U.S.

Source: https://techcrunch.com/2019/05/14/googles-latest-app-rivet-uses-speech-processing-to-help-kids-learn-to-read/

Continue Reading

Internet

Google promises to give users more control of data

Published

on

By

Tech group pledges greater privacy as it unveils products that will know more about you

Google’s most ambitious new products and services, on display at its annual conference for developers this week, rely on getting to know customers in ever greater detail. A new version of its digital assistant, for example, tries to construct a “graph” of a user’s interests and preferences, while a “smart screen” for the home is equipped with cameras so that it can learn to recognise users when they come into sight. But the world’s largest internet company also wants to reassure the billions of people who rely on its services that they can trust it. “We think privacy is for everyone,” said Sundar Pichai, Google chief executive, at the conference, as he outlined two main ways in which the company would change its approach. Users can now choose how long data are stored Google said it is working to give users more control over their personal information, and will now allow people to select how long they want personal data about their web and app activity to be retained by Google before it is deleted. The company has also extended “incognito mode” — which for a decade has allowed internet browsing without Google being able to record a user’s online activity — to other services, like searching and navigating using Google Maps. This points to what Google executives concede has become a lightning rod for privacy worries: the mass collection of data about users’ locations. Along with information about what they search for, this is the most valuable data Google has to target advertising, according to one. But it is also some of the personal information most ripe for abuse. In a concession to those worries, the company is extending new tools to let users limit how much location data are captured and how long it is kept. Critics are dismissive of such controls, claiming few people use them or even know they exist. Also, promising “granular” controls that give ever more precise ways of fine tuning privacy settings rings hollow after the failures of recent years, said Marc Rotenberg, head of privacy group Epic. “The irony is, that’s exactly what Facebook said a decade ago about their privacy settings,” he said. More data to stay on devices Google’s chief said the company now has a language processing algorithm that could operate with only half a gigabyte of memory, meaning it could be run on a handset, allowing user data to stay on the device The second approach to enhancing privacy protections is technological. Today’s main AI technology, machine learning, relies on training algorithms with large amounts of data and then using them to make inferences based on a user’s particular circumstances. Recent advances have made it possible to run some of these algorithms on mobile handsets and other devices — meaning that private user data need never be sent to Google’s own data centres to be processed. Mr Pichai said Google now had a language processing algorithm that could operate with only half a gigabyte of memory, compared with the 100 gigabytes that a predecessor algorithm needed. That meant it could be run on a handset, he said — making it operate far faster, but also allowing user data to stay on the device. Many of the new AI technologies are still at an early stage of development, and Google executives are wary about promising how many situations they will be used in. One such AI technology on display this week, called federated learning, is designed to train an algorithm by analysing what users do on their own devices, without shipping any of the personal behavioural data back to the company’s own data centres. Promises like these have not been enough to silence critics, who argue that they cannot substitute for direct regulation of AI. “This is one area we need the oversight of government,” said Mr Rotenberg. “The day has passed when internet companies can decide what kind of policies they want to follow. That is particularly the case when it comes to automated decisions.” Critics unimpressed by pledges Google’s latest attempt to show it is serious about user privacy comes at an important time. With politicians on both sides of the aisle in Washington starting to show support for national privacy legislation, setting clearer limits around its own data-handling practices could be one way to discourage government over-reach. Its competitors, Apple, Facebook and Microsoft, have all also recently promised to prioritise privacy. But if Google was hoping to win over longstanding critics of its mass data-collection practices, its executives would have been disappointed. “This is a drop in the digital bucket,” Jeff Chester, director of the Center for Digital Democracy, said of the new privacy-protection ideas the company unveiled this week. “It would take a wholesale reinvention, along with Facebook, of how they make money” to make a real difference, he said. Mr Rotenberg added that few people were likely to be persuaded by attempts at self-regulation by the big internet companies, and that only government action could make a difference. “The focus of any meaningful commitments by US companies lies with the Federal Trade Commission,” he said. “In the absence of enforcement by the government, [the commitments from Google] have very little value.” Impact on advertising Meanwhile, Google had one more concession over privacy to make to its critics, although it is one that is likely to hurt others in the online advertising world far more than the search giant itself. Users of its Chrome browser — used by around two-thirds of personal computer owners to browse the web — have already been able to block “cookies”, the pieces of code planted by websites and others to track their online behaviour. These blanket bans, however, have also cut off the cookies placed by companies to do things like record passwords, making life cumbersome for users. On Tuesday, Google said it would let users block just the invasive type of cookies. The move is likely to be devastating for many of the companies that have made a living by planting cookies to collect data about web browsing habits and selling them on to advertisers, said Mark Bullard, director of digital development at Lee Enterprises, which owns a collection of local newspapers across the US. By contrast, he added, publishers who seek to charge a premium for advertising around their content should benefit in the long run, as advertisers are forced to rely on them more to target users. But many publishers are still likely to suffer in the short term, he added, because they have also profited from methods of data collection targeted by the new browser plug-in. This was only part of an apparent attempt by Google to show it is intent on cleaning up some of the most criticised parts of the online advertising world. It also revealed a new tool designed to lift the lid on the opaque “adtech” world — the complex ecosystem of data gatherers and other tech companies that profit from collecting and processing personal data to enhance advertising. The technology takes the form of a browser plug-in that displays the names of all the companies who have had a hand in getting an advert to a user, along with disclosure about the particular data about a user that caused the ad to be displayed. The sheer complexity of the adtech world may make it hard to bring much transparency. But just being able to see how many companies have had a hand in delivering an advert, and had sight of their personal data, is likely to repel many internet users, said Mr Bullard.

Source: https://www.ft.com/content/65a20d1c-7159-11e9-bf5c-6eeb837566c5

Continue Reading
Advertisement

Trending

%d bloggers like this: