A modest thumb's-up to Google for having belatedly done the right thing. CPUs and networks are fast these days, I think I'd be willing to put up with the overhead pretty much everywhere.
Just hours after Google disclosed it and at least 20 other large companies were the targets of highly sophisticated cyberattacks, the online giant said it would enhance the security of its email service by automatically encrypting entire web sessions. The change, which Google is in the process of rolling out now, means Gmail …
"https can make your mail slower since encrypted data doesn't travel across the web as quickly as unencrypted data," Gmail Engineering Director Sam Schillace wrote
I noticed this as well. Especially as director of engineering, his words were poorly chosen. Though in his defense, maybe he was thinking that deep packet inspection at the ISPs would throttle the traffic because it was encrypted?
As for end to end HTTPS, that's a big duh. Plain HTTP has always been vulnerable to man in the middle, even if HTTPS is used to authenticate the HTTP session. Frankly we all should have know that well before the China incident.
In some cases he's correct, due to compression.
Sure, if the webserver does gzip compression on the document before encryption, then the compression holds out, but many places use compresssion on a link, vpns, etc. and some networks, so therefore it would take longer in those cases.
Also, local caching of objects doesn't exist with https, and he might simply be describing this in a less technical way.
Both of these situations, in layman terms does mean "https is slower than http"
translation: "China based hackers" == "Chinese government". But I guess one has to be polite to the new 500lb gorilla on the playing field.
Now to get email vendors to implement "always on" encryption of ALL email. Have people setup a public key as part of the email setup or something.
Someday, I personally hope to see the death of http:// (replaced by https://) and of unsecured, unencrypted pop/imap/smtp/etc. sessions. I won't hold my breath though.
Next week, Google will announce their "selected partner" program that (for a fee, of course) will allow "inspection" of the encrypted data going in/out of Google's servers. Their first customer? A small nation sitting roughly between Russia and India....
this is the ... step in Google's "South Park" plan:
1. Get people to use your e-mail service
2. Tell your customers the service cannot be hacked
I can no longer login in to ANY google service using my browser of choice Opera. I've not been able to login to my blogger account for nearly 2 weeks.
It works in fine firefox but I don't want to have to have two browsers open just to access google services.
I have used Opera for years and all my bookmarks, special site settings, customised options and "muscle memory" of the various keyboard shortcuts are just too much effort to move over. Plus Opera has just too many features firefox cannot match.
I'd rather not use google services than change browser.
They just lost a user, but as I never had to pay for any of it I guess I can't complain.
Google is winding down its messaging app Hangouts before it officially shuts in November, the web giant announced on Monday.
Users of the mobile app will see a pop-up asking them to move their conversations onto Google Chat, which is yet another one of its online services. It can be accessed via Gmail as well as its own standalone application. Next month, conversations in the web version of Hangouts will be ported over to Chat in Gmail.
Updated Another kicking has been leveled at American tech giants by EU regulators as Italy's data protection authority ruled against transfers of data to the US using Google Analytics.
The ruling by the Garante was made yesterday as regulators took a close look at a website operator who was using Google Analytics. The regulators found that the site collected all manner of information.
So far, so normal. Google Analytics is commonly used by websites to analyze traffic. Others exist, but Google's is very much the big beast. It also performs its analysis in the USA, which is what EU regulators have taken exception to. The place is, after all, "a country without an adequate level of data protection," according to the regulator.
After offering free G Suite apps for more than a decade, Google next week plans to discontinue its legacy service – which hasn't been offered to new customers since 2012 – and force business users to transition to a paid subscription for the service's successor, Google Workspace.
"For businesses, the G Suite legacy free edition will no longer be available after June 27, 2022," Google explains in its support document. "Your account will be automatically transitioned to a paid Google Workspace subscription where we continue to deliver new capabilities to help businesses transform the way they work."
Small business owners who have relied on the G Suite legacy free edition aren't thrilled that they will have to pay for Workspace or migrate to a rival like Microsoft, which happens to be actively encouraging defectors. As noted by The New York Times on Monday, the approaching deadline has elicited complaints from small firms that bet on Google's cloud productivity apps in the 2006-2012 period and have enjoyed the lack of billing since then.
China's internet regulator has launched an investigation into the security regime protecting academic journal database China National Knowledge Infrastructure (CNKI), citing national security concerns.
In its announcement of the investigation, the China Cyberspace Administration (CAC) said:
China's government has outlined its vision for digital services, expected behavior standards at China's big tech companies, and how China will put data to work everywhere – with president Xi Jinping putting his imprimatur to some of the policies.
Xi's remarks were made in his role as director of China’s Central Comprehensively Deepening Reforms Commission, which met earlier this week. The subsequent communiqué states that at the meeting Xi called for "financial technology platform enterprises to return to their core business" and "support platform enterprises in playing a bigger role in serving the real economy and smoothing positive interplay between domestic and international economic flows."
The remarks outline an attempt to balance Big Tech's desire to create disruptive financial products that challenge monopolies, against efforts to ensure that only licensed and regulated entities offer financial services.
A former Google video producer has sued the internet giant alleging he was unfairly fired for blowing the whistle on a religious sect that had all but taken over his business unit.
The lawsuit demands a jury trial and financial restitution for "religious discrimination, wrongful termination, retaliation and related causes of action." It alleges Peter Lubbers, director of the Google Developer Studio (GDS) film group in which 34-year-old plaintiff Kevin Lloyd worked, is not only a member of The Fellowship of Friends, the exec was influential in growing the studio into a team that, in essence, funneled money back to the fellowship.
In his complaint [PDF], filed in a California Superior Court in Silicon Valley, Lloyd lays down a case that he was fired for expressing concerns over the fellowship's influence at Google, specifically in the GDS. When these concerns were reported to a manager, Lloyd was told to drop the issue or risk losing his job, it is claimed.
Google has added API security tools and Workspace (formerly G-Suite) admin alerts about potentially risky configuration changes such as super admin passwords resets.
The API capabilities – aptly named "Advanced API Security" – are built on top of Apigee, the API management platform that the web giant bought for $625 million six years ago.
As API data makes up an increasing amount of internet traffic – Cloudflare says more than 50 percent of all of the traffic it processes is API based, and it's growing twice as fast as traditional web traffic – API security becomes more important to enterprises. Malicious actors can use API calls to bypass network security measures and connect directly to backend systems or launch DDoS attacks.
The US Department of Defense said it's investigating Chinese disinformation campaigns against rare earth mining and processing companies — including one targeting Lynas Rare Earths, which has a $30 million contract with the Pentagon to build a plant in Texas.
Earlier today, Mandiant published research that analyzed a Beijing-linked influence operation, dubbed Dragonbridge, that used thousands of fake accounts across dozens of social media platforms, including Facebook, TikTok and Twitter, to spread misinformation about rare earth companies seeking to expand production in the US to the detriment of China, which wants to maintain its global dominance in that industry.
"The Department of Defense is aware of the recent disinformation campaign, first reported by Mandiant, against Lynas Rare Earth Ltd., a rare earth element firm seeking to establish production capacity in the United States and partner nations, as well as other rare earth mining companies," according to a statement by Uncle Sam. "The department has engaged the relevant interagency stakeholders and partner nations to assist in reviewing the matter.
The Cyberspace Administration of China has announced a policy requiring all comments made to websites to be approved before publication.
Outlined in a document published last Friday and titled "Provisions on the Administration of Internet Thread Commenting Services", the policy is aimed at making China's internet safer, and better represent citizens' interests. The Administration believes this can only happen if comments are reviewed so that only posts that promote socialist values and do not stir dissent make it online.
To stop the nasties being published, the policy outlines requirements for publishers to hire "a review and editing team suitable for the scale of services".
Democrat lawmakers want the FTC to investigate Apple and Google's online ad trackers, which they say amount to unfair and deceptive business practices and pose a privacy and security risk to people using the tech giants' mobile devices.
US Senators Ron Wyden (D-OR), Elizabeth Warren (D-MA), and Cory Booker (D-NJ) and House Representative Sara Jacobs (D-CA) requested on Friday that the watchdog launch a probe into Apple and Google, hours before the US Supreme Court overturned Roe v. Wade, clearing the way for individual states to ban access to abortions.
In the days leading up to the court's action, some of these same lawmakers had also introduced data privacy bills, including a proposal that would make it illegal for data brokers to sell sensitive location and health information of individuals' medical treatment.
Biting the hand that feeds IT © 1998–2022