Web

Google’s ‘Good to Know’ campaign: Public service announcement or just PR?

Google Good to Know

Google has launched a new “Good to Know” campaign, offering simple tips on how users can maintain their online security and privacy and stay safe while they’re using Google services as well as the Internet in general. The Good to Know campaign spans both the online and traditional media world: Google has put up a website with its tips, but will also be running ads in newspapers and buying sign space in places like New York City. The idea is to educate even non-technical users on the basics of cyber-security, so they’re less likely to become victims of online scams, account hijacking, or other forms of fraud.

“Technology can be confusing, and the industry often fails to explain clearly enough why digital literacy matters,” wrote Google’s director of privacy Alma Whitten, in the company blog. “So today in the U.S. we’re kicking off Good to Know, our biggest-ever consumer education campaign focused on making the Web a safer, more comfortable place.

But…wait a second. Google develops and operates some of the Internet’s most-used online services: Google Web search, Google Maps, YouTube, Google Docs, the Chrome Web browser, and Gmail among them. It would be pretty easy to argue Google has done more to erode online privacy and security than perhaps any other company in the industry—and has been doing it for years.

Does Google’s “Good to Know” campaign amount to a band-aid on a gaping wound, designed to placate critics and policy makers concerned about Google’s reach? Or is it an honest and sincere effort to help people use the Internet and Google services more safely?

Or, more likely, is it both?

What does Google think is “good to know?”

Google has broken down its Good to Know offerings into four main categories: tips for Stay safe online, Your data on the Web, Your data on Google, and Manage your data. The last two are almost exclusive to using Google services, while the first two offer more-general information with links about how the concepts apply to Google offerings.

google-good-to-know-fireplace

Each topic contains a range of short sub-topics (about two dozen in total) dealing with particular aspects, from how to manage and configure specific Google services (like Gmail, Google Latitude, and Chrome) to better meet your needs, to general topics like outlining how malware, phishing, and Wi-Fi security can impact Internet users.

Google has further simplified its message down to four top tips:

  • Use two-factor authentication
  • Lock your computer when you step away from it
  • Use different, strong passwords for every site and service you use
  • Make sure your connection to the Internet (especially Wi-Fi) is secure

Two-factor authentication has become perhaps Google’s primary message about security: Users who aren’t signed up to use it will be regularly nagged to opt in to two-factor authentication, and Google is making it less and less obvious how to avoid participating. In essence, Google’s two-step verification requires Google to also have your mobile phone number. When you sign into your Google account, Google will send a one-time passcode to your phone via SMS. Once users receive that code, they can then use it to sign in to Google services. The idea is that even if attackers, fraudsters, or other unsavory individuals somehow get ahold of your Google password, they would also have to have physical possession of your phone to get into your account.

Google is also increasingly fond of requiring users provide them with a mobile phone number for other things. Sometimes this is tied directly to fraud-prevention efforts, like trying to constrain easy creation of throwaway Google accounts used to spam or distribute pirated material.

Screen locking means more than just activating a screensaver or closing the lid on a notebook when you step away, it means requiring a password to start using a computer or phone. Although these kinds of precautions are commonplace in businesses, many everyday computer users have their devices configured to log them in automatically when they wake or boot up. Google (correctly) equates that to leaving the front door of your house wide open when you leave for a few hours. An unlocked device is just an invitation for someone to come along and read your email, steal your passwords, look for credit card information, install spyware, or otherwise take advantage. Requiring a password to wake or boot a computer (as well as deactivate a screensaver) is a good common-sense security precaution, so long as it’s a strong password.

Google’s advice on passwords is complex, involving no fewer than six separate sub-tips (one of which is two-factor authentication, above). First, Google recommends using a unique passwords for all important accounts: that means online banking would have a different password than a social networking account, and those in turn would be different from password you use for email services, online games, media services (iTunes, Netflix, etc.), as well as accounts you maintain with online retailers (like Amazon). Similarly, none of those passwords would match one for your computer or a Google account. The idea is simple: even if someone gets their hands on a password for one of your services, they don’t get passwords for all your services. You might have to reset one account and undo some damage, but you won’t have to redo everything at once.

good-good-to-know-password

Google also recommends long passwords, noting that a ten-character password is 4,000 times harder to guess than an eight-character password. Google also recommends using a mix of capital letters, numbers, symbols, and letters to make passwords even more complex, noting that a full range of symbols and numbers enables up to 6 quadrillion possible eight-character passwords, some 300,000 times more than using just lowercase letters. And it should go without saying that using passwords like “password,” “12345678” or “qwerty” are particularly bad ideas: so are the other 22 most-cracked passwords, according to SplashData.

Another solid Google recommendation is keeping passwords in a secure location. Google recommends keeping passwords out of sight in a non-obvious place, and if you keep them in a file on your computer don’t name the file something like “my passwords.” In fact, don’t have the term “password” in the file at all: full-disk search technologies (like Apple’s Spotlight and Windows Search) will turn it up instantly.

Using a secure Internet connection really applies to using any network, but Google focuses on Wi-Fi hotspots. It’s important to remember that whoever runs a Wi-Fi hotspot can theoretically monitor all communications on that hotspot, and that can include passwords, email messages, credit card numbers, images, and a myriad of other things you might not want to be public. And, if the hotspot isn’t secured (preferably using WPA2), then anyone using the network can monitor all the traffic. Internet power users can do a lot to protect themselves in situations like this; it usually involves using VPNs and secure HTTPS connections to encrypt all communication the conduct on an insecure network. For the most part, those techniques are too fiddly for everyday Internet users—particularly those using smartphones or other Wi-Fi enabled devices that might have very few (or no) additional security capabilities. Google’s advice on using Wi-Fi hotspots amounts to “be extra careful” with no specific recommendations on how to be careful. The bottom line: Always treat public Wi-Fi hotspots as if they were a public square, and assume anything you do on using an unsecured Wi-Fi network is being broadcast to the world.

“Technology can be confusing”

Google admits that the tech industry often doesn’t do a good job of communicating security and privacy concerns to Internet users. After all, most technology companies are in the business of selling a product or service, and they’d much rather get consumers excited about buying that product or service than potentially turn off buyers by warning of potential downsides.

Companies that offer free products and services — including Google — are often in the business of collecting information about their users to sell to advertisers and third parties. These companies are interested in helping users maintain their accounts securely, to avoid abuse and make sure that information they collect is accurate. However, they also often have a conflict of interest when it comes to telling users how to maintain their privacy. The less information they can collect about their users and their activities, the less valuable the information is to advertisers and others. These companies encourage their users to share, rather than encourage users to be safe.

That conflict of interest is just below the surface of Google’s Good to Know campaign. Although the basic information about passwords and security practices is reasonably solid, the rest of Google’s “Good to Know” campaign is mostly intended to make users feel comfortable sharing information with Google.

google-good-to-know-you're-welcomeFrom Google’s point of view, the company uses information it collects about users (their profile info, their previous searches, their location data, and more) to do things like personalize search results and provide advertising that’s more likely to be relevant. For instance, if Google believes a users is in New York, it’s not going to offer up restaurant choices in San Francisco; similarly, if a user has a search history that includes lots of automotive terms, when a user searches for “Mercedes” Google is more likely to offer up links to Mercedes-Benz and local dealerships than to a famous Janis Joplin song or fantasy author Mercedes Lackey. To further personalize search results, Google recently started integrating data from its Google+ social networking service.

From the point of view of someone concerned about privacy and security, Google’s “Good to Know” campaign is a different kind of eye opener: It reveals a bit of what Google is tracking about its users, and how much of it is out of users’ control.

To Google’s credit, “Good to Know” highlights a few little-known Google services, including Google Takeout and Google Web History. Google Takeout enables users to get a copy of data Google has stored for a user—the idea is to both let users see what Google has stored about them, as well as assist with moving data into (and out of) Google services. Google Web History records all Google searches and pages visited while users are signed in to a Google account. Most people have no idea Web History exists, let alone that Google has been collecting that information, so it’s nice to see the company call it out — albeit as a brief item amid two dozen sub-points in the “Good to Know” materials.

However, Google makes a few other things painfully clear. Even if you’re not signed in to Google, the company uses a browser cookie in your Web browser to track your search history. Users can opt-out, but rather than offering actual privacy, the mechanism amounts to telling Google “don’t track this” for every search. Users just have to trust Google isn’t collecting the information — except, oops, Google admits they collect the information anyway, just that they don’t use it to personalize results for that non-signed-in search session.

Something that didn’t make Google’s “Good to Know” campaign: Google doesn’t allow anybody, signed-in or not, to opt out of location tracking, whether it be via services like Google Latitude or geo-location via IP address.

Good to Know = Lots to Know

Overall, Google deserves respect for going out of its way to highlight reasonable security and privacy practices for everyday Internet and mobile users, and trying to present that information in an unintimidating, accessible way. Although many of the tips are old hat to experienced Internet users, there are plenty of people using the Web and their smartphones who just go with the flow and hope for the best. If Google can convince a few of them to up their privacy and security game by a notch or two, that’s all to the good.

However, it’s perhaps just as telling that so much of Google’s simplified and streamlined guide to safe Internet use amounts to little more than a feel-good piece for Google’s most-used services. Further, even in this limited context, many everyday Internet users will find the array of information presented by Google to be confusing and bewildering. Four primary topics might seem comprehensible for non-technical folks, but when they crack open to some two dozen sub-topics (some with their own sub-sub-topics), a jargon dictionary, and an array of videos that are little more than marketing pieces, most folks are going to tune out.

Unfortunately, even with cute line drawings and straightforward, declarative prose, the bottom line is that safe Internet use and secure, informed use of Google services is a tremendously complicated topic. Google’s Good to Know campaign just scratches the surface, and much of that scratching is really just polishing Google’s own offerings to a nice friendly sheen. And that’s a pity.

Product Review

The Asus ZenBook 14 is a tiny notebook that gets lost in the crowd

The ZenBook 14 aims to be the smallest 14-inch notebook around, and it succeeds thanks to some tiny bezels. Performance and battery life are good, but the notebook lacks a standout feature other than size.
Movies & TV

The best new movie trailers: ‘Godzilla,’ Brightburn,’ ‘Triple Frontier,’ and more

Everyone loves a good trailer, but keeping up with what's new isn't easy. That's why we round up the best ones for you. This week, it's the first trailers for Brightburn and Triple Frontier, among other previews.
Gaming

You're not a true fan without these Nintendo Switch exclusives

Who doesn't love a good Nintendo game? If you're looking for great first-party titles for your Nintendo Switch, take a look at our list of the very best exclusives available right now.
Computing

New rumors say the Pixelbook 2 could show up at CES 2019

What will the Pixelbook 2 be like? Google hasn't announced it, but thanks to rumors and leaks, we think we have a pretty good idea of what the potential new flagship Chromebook will be like.
Computing

From beautiful to downright weird, check out these great dual monitor wallpapers

Multitasking with two monitors doesn't necessarily mean you need to split your screens with two separate wallpapers. From beautiful to downright weird, here are our top sites for finding the best dual monitor wallpapers for you.
Web

Google Translate updated to reduce gender bias in its translations

Google is changing how Google Translate offers translations. Previously when you entered a word like doctor, Translate would offer a masculine interpretation of the word. Now, Translate will offer both masculine and feminine versions.
Web

Encryption-busting law passed in Australia may have global privacy implications

Controversial laws have been passed in Australia which oblige tech companies to allow the police to access encrypted messages, undermining the privacy of encryption with potentially global effects.
Web

Can Microsoft’s Airband Initiative close broadband gap for 25M Americans?

A new report from the Federal Communications Commission (FCC) says that 25 million Americans do not have access to broadband internet. Of these, more than 19 million are living in rural communities. Can Microsoft help out?
Computing

Microsoft’s Chromium Edge browser may be adding your Chrome extensions

Fans sticking to Google Chrome because due to its vast extension library might be able to switch over to Microsoft's latest iteration of Edge, as a project manager confirms that the company has its eyes on Chrome extensions.
Computing

If you've lost a software key, these handy tools can find it for you

Missing product keys getting you down? We've chosen some of the best software license and product key finders in existence, so you can locate and document your precious keys on your Windows or MacOS machine.
Computing

Google+ continues to sink with a second massive data breach. Abandon ship now

Google+ was scheduled to shut its doors in August 2019, but the second security breach in only a few months has caused the company to move its plan forward a few months. It might be a good idea to delete your account sooner than later.
Social Media

‘YouTube Rewind 2018’ is about to become its most disliked video ever

YouTube is about to achieve a record it really doesn't want — that of "most-disliked video." Yes, its annual recap of featuring popular YouTubers has gone down really badly this year.
Computing

Want to save a webpage as a PDF? Just follow these steps

Need to quickly save and share a webpage? The best way is to learn how to save a webpage as a PDF file, as they're fully featured and can handle images and text with ease. Here's how.
Mobile

5G: Why everything is about to change

Curious about the many ways 5G will change and enrich your life? Here’s our guide to all things 5G.