Google’s ‘Good to Know’ campaign: Public service announcement or just PR?

Google Good to Know

Google has launched a new “Good to Know” campaign, offering simple tips on how users can maintain their online security and privacy and stay safe while they’re using Google services as well as the Internet in general. The Good to Know campaign spans both the online and traditional media world: Google has put up a website with its tips, but will also be running ads in newspapers and buying sign space in places like New York City. The idea is to educate even non-technical users on the basics of cyber-security, so they’re less likely to become victims of online scams, account hijacking, or other forms of fraud.

“Technology can be confusing, and the industry often fails to explain clearly enough why digital literacy matters,” wrote Google’s director of privacy Alma Whitten, in the company blog. “So today in the U.S. we’re kicking off Good to Know, our biggest-ever consumer education campaign focused on making the Web a safer, more comfortable place.

But…wait a second. Google develops and operates some of the Internet’s most-used online services: Google Web search, Google Maps, YouTube, Google Docs, the Chrome Web browser, and Gmail among them. It would be pretty easy to argue Google has done more to erode online privacy and security than perhaps any other company in the industry—and has been doing it for years.

Does Google’s “Good to Know” campaign amount to a band-aid on a gaping wound, designed to placate critics and policy makers concerned about Google’s reach? Or is it an honest and sincere effort to help people use the Internet and Google services more safely?

Or, more likely, is it both?

What does Google think is “good to know?”

Google has broken down its Good to Know offerings into four main categories: tips for Stay safe online, Your data on the Web, Your data on Google, and Manage your data. The last two are almost exclusive to using Google services, while the first two offer more-general information with links about how the concepts apply to Google offerings.


Each topic contains a range of short sub-topics (about two dozen in total) dealing with particular aspects, from how to manage and configure specific Google services (like Gmail, Google Latitude, and Chrome) to better meet your needs, to general topics like outlining how malware, phishing, and Wi-Fi security can impact Internet users.

Google has further simplified its message down to four top tips:

  • Use two-factor authentication
  • Lock your computer when you step away from it
  • Use different, strong passwords for every site and service you use
  • Make sure your connection to the Internet (especially Wi-Fi) is secure

Two-factor authentication has become perhaps Google’s primary message about security: Users who aren’t signed up to use it will be regularly nagged to opt in to two-factor authentication, and Google is making it less and less obvious how to avoid participating. In essence, Google’s two-step verification requires Google to also have your mobile phone number. When you sign into your Google account, Google will send a one-time passcode to your phone via SMS. Once users receive that code, they can then use it to sign in to Google services. The idea is that even if attackers, fraudsters, or other unsavory individuals somehow get ahold of your Google password, they would also have to have physical possession of your phone to get into your account.

Google is also increasingly fond of requiring users provide them with a mobile phone number for other things. Sometimes this is tied directly to fraud-prevention efforts, like trying to constrain easy creation of throwaway Google accounts used to spam or distribute pirated material.

Screen locking means more than just activating a screensaver or closing the lid on a notebook when you step away, it means requiring a password to start using a computer or phone. Although these kinds of precautions are commonplace in businesses, many everyday computer users have their devices configured to log them in automatically when they wake or boot up. Google (correctly) equates that to leaving the front door of your house wide open when you leave for a few hours. An unlocked device is just an invitation for someone to come along and read your email, steal your passwords, look for credit card information, install spyware, or otherwise take advantage. Requiring a password to wake or boot a computer (as well as deactivate a screensaver) is a good common-sense security precaution, so long as it’s a strong password.

Google’s advice on passwords is complex, involving no fewer than six separate sub-tips (one of which is two-factor authentication, above). First, Google recommends using a unique passwords for all important accounts: that means online banking would have a different password than a social networking account, and those in turn would be different from password you use for email services, online games, media services (iTunes, Netflix, etc.), as well as accounts you maintain with online retailers (like Amazon). Similarly, none of those passwords would match one for your computer or a Google account. The idea is simple: even if someone gets their hands on a password for one of your services, they don’t get passwords for all your services. You might have to reset one account and undo some damage, but you won’t have to redo everything at once.


Google also recommends long passwords, noting that a ten-character password is 4,000 times harder to guess than an eight-character password. Google also recommends using a mix of capital letters, numbers, symbols, and letters to make passwords even more complex, noting that a full range of symbols and numbers enables up to 6 quadrillion possible eight-character passwords, some 300,000 times more than using just lowercase letters. And it should go without saying that using passwords like “password,” “12345678” or “qwerty” are particularly bad ideas: so are the other 22 most-cracked passwords, according to SplashData.

Another solid Google recommendation is keeping passwords in a secure location. Google recommends keeping passwords out of sight in a non-obvious place, and if you keep them in a file on your computer don’t name the file something like “my passwords.” In fact, don’t have the term “password” in the file at all: full-disk search technologies (like Apple’s Spotlight and Windows Search) will turn it up instantly.

Using a secure Internet connection really applies to using any network, but Google focuses on Wi-Fi hotspots. It’s important to remember that whoever runs a Wi-Fi hotspot can theoretically monitor all communications on that hotspot, and that can include passwords, email messages, credit card numbers, images, and a myriad of other things you might not want to be public. And, if the hotspot isn’t secured (preferably using WPA2), then anyone using the network can monitor all the traffic. Internet power users can do a lot to protect themselves in situations like this; it usually involves using VPNs and secure HTTPS connections to encrypt all communication the conduct on an insecure network. For the most part, those techniques are too fiddly for everyday Internet users—particularly those using smartphones or other Wi-Fi enabled devices that might have very few (or no) additional security capabilities. Google’s advice on using Wi-Fi hotspots amounts to “be extra careful” with no specific recommendations on how to be careful. The bottom line: Always treat public Wi-Fi hotspots as if they were a public square, and assume anything you do on using an unsecured Wi-Fi network is being broadcast to the world.

“Technology can be confusing”

Google admits that the tech industry often doesn’t do a good job of communicating security and privacy concerns to Internet users. After all, most technology companies are in the business of selling a product or service, and they’d much rather get consumers excited about buying that product or service than potentially turn off buyers by warning of potential downsides.

Companies that offer free products and services — including Google — are often in the business of collecting information about their users to sell to advertisers and third parties. These companies are interested in helping users maintain their accounts securely, to avoid abuse and make sure that information they collect is accurate. However, they also often have a conflict of interest when it comes to telling users how to maintain their privacy. The less information they can collect about their users and their activities, the less valuable the information is to advertisers and others. These companies encourage their users to share, rather than encourage users to be safe.

That conflict of interest is just below the surface of Google’s Good to Know campaign. Although the basic information about passwords and security practices is reasonably solid, the rest of Google’s “Good to Know” campaign is mostly intended to make users feel comfortable sharing information with Google.

google-good-to-know-you're-welcomeFrom Google’s point of view, the company uses information it collects about users (their profile info, their previous searches, their location data, and more) to do things like personalize search results and provide advertising that’s more likely to be relevant. For instance, if Google believes a users is in New York, it’s not going to offer up restaurant choices in San Francisco; similarly, if a user has a search history that includes lots of automotive terms, when a user searches for “Mercedes” Google is more likely to offer up links to Mercedes-Benz and local dealerships than to a famous Janis Joplin song or fantasy author Mercedes Lackey. To further personalize search results, Google recently started integrating data from its Google+ social networking service.

From the point of view of someone concerned about privacy and security, Google’s “Good to Know” campaign is a different kind of eye opener: It reveals a bit of what Google is tracking about its users, and how much of it is out of users’ control.

To Google’s credit, “Good to Know” highlights a few little-known Google services, including Google Takeout and Google Web History. Google Takeout enables users to get a copy of data Google has stored for a user—the idea is to both let users see what Google has stored about them, as well as assist with moving data into (and out of) Google services. Google Web History records all Google searches and pages visited while users are signed in to a Google account. Most people have no idea Web History exists, let alone that Google has been collecting that information, so it’s nice to see the company call it out — albeit as a brief item amid two dozen sub-points in the “Good to Know” materials.

However, Google makes a few other things painfully clear. Even if you’re not signed in to Google, the company uses a browser cookie in your Web browser to track your search history. Users can opt-out, but rather than offering actual privacy, the mechanism amounts to telling Google “don’t track this” for every search. Users just have to trust Google isn’t collecting the information — except, oops, Google admits they collect the information anyway, just that they don’t use it to personalize results for that non-signed-in search session.

Something that didn’t make Google’s “Good to Know” campaign: Google doesn’t allow anybody, signed-in or not, to opt out of location tracking, whether it be via services like Google Latitude or geo-location via IP address.

Good to Know = Lots to Know

Overall, Google deserves respect for going out of its way to highlight reasonable security and privacy practices for everyday Internet and mobile users, and trying to present that information in an unintimidating, accessible way. Although many of the tips are old hat to experienced Internet users, there are plenty of people using the Web and their smartphones who just go with the flow and hope for the best. If Google can convince a few of them to up their privacy and security game by a notch or two, that’s all to the good.

However, it’s perhaps just as telling that so much of Google’s simplified and streamlined guide to safe Internet use amounts to little more than a feel-good piece for Google’s most-used services. Further, even in this limited context, many everyday Internet users will find the array of information presented by Google to be confusing and bewildering. Four primary topics might seem comprehensible for non-technical folks, but when they crack open to some two dozen sub-topics (some with their own sub-sub-topics), a jargon dictionary, and an array of videos that are little more than marketing pieces, most folks are going to tune out.

Unfortunately, even with cute line drawings and straightforward, declarative prose, the bottom line is that safe Internet use and secure, informed use of Google services is a tremendously complicated topic. Google’s Good to Know campaign just scratches the surface, and much of that scratching is really just polishing Google’s own offerings to a nice friendly sheen. And that’s a pity.


Marriott asking guests for data to see if they were victims of the Starwood hack

Marriott has created an online form to help you find out if your data was stolen in the massive Starwood hack that came to light toward the end of 2018. But take note, it requires you to submit a bunch of personal details.

Don't use streaming apps? Try the best free media players for your local music

Rather than using music-streaming apps, you may want something for playing your local music. Good news! There are some good alternatives. These are the best media players you can download for free on Windows.

You're not a true fan without these Nintendo Switch exclusives

Who doesn't love a good Nintendo game? If you're looking for great first-party titles for your Nintendo Switch, take a look at our list of the very best exclusives available right now.

Wi-Fi helps connect all of our devices at high-speed, but what exactly is it?

What is Wi-Fi? It's a technology we all use everyday to connect all of our portable devices, but understanding how it works and how far it's come from its humble beginnings is another thing entirely.

Take a gander at the best deals on 4K TVs for February 2019

There's no doubt that a good 4K smart TV is the best way to take your home entertainment setup to the next level to enjoy all your favorite shows, movies, and games in glorious Ultra HD. We've got the best 4K TV deals right here.

Are you one of the billions who have watched these super-popular YouTube videos?

Viral videos can quickly garner millions upon millions of views, but even they fall well behind the view counts on the most watched YouTube videos ever. Those have been watched billions of times.

New Chrome feature aimed at preventing websites from blocking Incognito Mode

A new Chrome feature will prevent websites from blocking Chrome users as they browse using Incognito Mode. The feature is supposed to fix a known loophole that allows websites to detect and block those using Incognito Mode.

Reluctant to give your email address away? Here's how to make a disposable one

Want to sign up for a service without the risk of flooding your inbox with copious amounts of spam and unwanted email? You might want to consider using disposable email addresses via one of these handy services.

Chrome is a fantastic browser, but is is still the best among new competitors?

Choosing a web browser for surfing the web can be tough with all the great options available. Here we pit the latest versions of Chrome, Opera, Firefox, Edge, and Vivaldi against one another to find the best browsers for most users.

Microsoft extension adds Google Chrome support for Windows Timeline

The Windows Timeline feature is now much more versatile thanks to the added support for Google's Chrome browser. All you need to do to increase its functionality is to download the official Chrome extension.
Movies & TV

Here’s how to watch the 2019 Oscars livestream online

The 91st Academy Awards will air live on ABC, but there are also a number of ways to watch Hollywood's biggest night online using your mobile device, desktop, or set-top streamer. Here's how to catch the Oscars livestream.

YouTube changes its strikes system, offers softer first-offense penalty

YouTube announced changes to its strikes system for its content creators. The changes include a softer first-offense penalty for creators who violate YouTube's guidelines and more consistent penalties for further violations.

An experimental feature could help reduce memory usage in Google Chrome

Google Chrome might be the most popular web browser, but it also is a resource hog. Google is currently working on an experimental feature for Chrome which sets out to reduce its overall memory usage. 

Need a free alternative to Adobe Illustrator? Here are our favorites

Photoshop and other commercial tools can be expensive, but drawing software doesn't need to be. The best free drawing software is just as powerful as some of the more expensive offerings.