Google Archive

Google adds “real-time, privacy-preserving URL protection” to Chrome

For more than 15 years, Google Safe Browsing has been protecting users from phishing, malware, unwanted software and more, by identifying and warning users about potentially abusive sites on more than 5 billion devices around the world. As attackers grow more sophisticated, we’ve seen the need for protections that can adapt as quickly as the threats they defend against. That’s why we’re excited to announce a new version of Safe Browsing that will provide real-time, privacy-preserving URL protection for people using the Standard protection mode of Safe Browsing in Chrome. ↫ Jasika Bawa, Xinghui Lu, Jonathan Li, and Alex Wozniak on the Google blog Reading through the description of how this new feature works, it does indeed seem to respect one’s privacy, but there could be so many devils in so many details here that you’d really need to be a specialist in these matters to truly gauge if Google isn’t getting its hands on the URLs you visit through this feature. But even if all that is true, it doesn’t really matter because Google has tons of other ways to collect more than enough data on you to build an exact profile of you are, and what advertisements will work well no you. Any time Google goes out of its way to announce it’s not collecting some type of data – like here, the URLs you type into the Chrome URL bar – it’s not because they care so much about your privacy, but because they simply don’t need this data to begin with.

Secure by design: Google’s perspective on memory safety

Google’s Project Zero reports that memory safety vulnerabilities—security defects caused by subtle coding errors related to how a program accesses memory—have been “the standard for attacking software for the last few decades and it’s still how attackers are having success”. Their analysis shows two thirds of 0-day exploits detected in the wild used memory corruption vulnerabilities. Despite substantial investments to improve memory-unsafe languages, those vulnerabilities continue to top the most commonly exploited vulnerability classes. In this post, we share our perspective on memory safety in a comprehensive whitepaper. This paper delves into the data, challenges of tackling memory unsafety, and discusses possible approaches for achieving memory safety and their tradeoffs. We’ll also highlight our commitments towards implementing several of the solutions outlined in the whitepaper, most recently with a $1,000,000 grant to the Rust Foundation, thereby advancing the development of a robust memory-safe ecosystem. ↫ Alex Rebert and Christoph Kern at Google’s blog Even as someone who isn’t a programmer, it’s impossible to escape the rising tide of memory-safe languages, with Rust leading the charge. If this makes the software we all use objectively better, I’ll take the programmers complaining they have to learn something new.

Google’s changes to comply with the DMA

The European Union’s Digital Markets Act (DMA) comes into force this week for companies who have been designated. Today, we are sharing some more details about the changes we are making to comply, following product testing we announced earlier this year. ↫ Oliver Bethell on the official Google blog This is Google’s overview of the changes it’s implementing to comply with the DMA, some of which the company already announced months ago. Google’s changes don’t have as much of a direct, noticeable impact as some other company’s changes, mostly since a lot of the more impactful consequences of the DMA, such as allowing sideloading and alternative application stores, were already allowed on Android. Other changes, like to Search, will take longer to be noticed. The one thing that stands out is the tone – compared to Apple’s communication around the DMA. Whereas Apple sounds like a petulant whiny toddler, Google sounds constructive, to the point, and, well, like an adult. That doesn’t mean Google’s post isn’t also full of shit in places, but at least they’re being grown-ups about it.

Google announces measures to fight spam in its search results

Every day, people turn to Search to find the best of what the web has to offer. We’ve long had policies and automated systems to fight against spammers, and we work to address emerging tactics that look to game our results with low-quality content. We regularly update those policies and systems to effectively tackle these trends so we can continue delivering useful content and connecting people with high-quality websites. Today we’re announcing key changes we’re making to improve the quality of Search and the helpfulness of your results. ↫ Elizabeth Tucker on the official Google blog Low-quality SEO spam has been a problem on Google for years, but the recent advent of “AI” tools has wreaked absolute havoc in the search results. It’s a damn blood bath out there. It’s now up to Google to fix its own mess, so let’s wait and see if these changes will do anything to reverse the downward spiral Google Search has been in for years now.

Google Search’s cache links are officially being retired

Google has removed links to page caches from its search results page, the company’s search liaison Danny Sullivan has confirmed. “It was meant for helping people access pages when way back, you often couldn’t depend on a page loading,” Sullivan wrote on X. “These days, things have greatly improved. So, it was decided to retire it.” ↫ Jon Porter at The Verge Google Search continues to become ever more useless.

Google to optionally ingest your Google Messages history into its “AI”

Researchers have just unveiled a pre-release, game-changing AI upgrade for Google Messages. But it’s one with a serious privacy risk—it seems that Bard may ask to read and analyze your private message history. So how might this work, how do you maintain your privacy, and when might this begin. ↫ Zak Doffman As long as this “AI” hoovering is an optional ‘feature’, I don’t really have any issues with it – it’s a free world, and if you want to spice up your autocomplete like this, go ahead. The real danger, of course, is that this won’t be optional for long, and eventually Google’s “AI” will just ingest your messages and emails by default, consent or no.

Introducing Android emulators, iOS simulators, and other product updates from Project IDX

Six months ago, we launched Project IDX, an experimental, cloud-based workspace for full-stack, multiplatform software development. We built Project IDX to simplify and streamline the developer workflow, aiming to reduce the sea of complexities traditionally associated with app development. It certainly seems like we’ve piqued your interest, and we love seeing what IDX has helped you build. We’re bringing the iOS Simulator and Android Emulator to the browser. Whether you’re building a Flutter or web app, Project IDX now allows you to preview your applications without having to leave your workspace. When you use a Flutter or web template, Project IDX intelligently loads the right preview environment for your application — Safari mobile and Chrome for web templates, or Android, iOS, and Chrome for Flutter templates. ↫ Google’s IDX team I’ve seen some articles state that this makes it possible to develop for iOS without a Mac, but this isn’t really true – as far as I know, you must have a Mac to submit anything to the App Store or Testflight, so while you can write and test code using IDX, you can’t actually deploy is in any meaningful way without getting a Mac.

Chrome for Windows and macOS gets experimentel “AI” features

Starting with today’s release of Chrome (M121), we’re introducing experimental generative AI features to make it even easier and more efficient to browse — all while keeping your experience personalized to you. You’ll be able to try out these new features in Chrome on Macs and Windows PCs over the next few days, starting in the U.S. Just sign into Chrome, select “Settings” from the three-dot menu and navigate to the “Experimental AI” page. Because these features are early public experiments, they’ll be disabled for enterprise and educational accounts for now. ↫ Parisa Tabriz Chrome will automatically suggest tab groups for you (a sorting algorithm, very advanced technology), you can generate themes (mashing other people’s real art togerher and picking a dominant colour from the result), and Chrome can generate text in text fields (spicy autocomplete). “AI” sure is changing the world as we know it.

Google to restricts access to IMAP, SMTP, POP to OAuth this year

As part of our commitment to user safety, Google Workspace will no longer support the sign-in method for third-party apps or devices that require users to share their Google username and password. This antiquated sign-in method, known as Less Secure Apps (LSAs), puts users at an additional risk since it requires sharing Google Account credentials with third-party apps and devices that can make it easier for bad actors to gain unauthorized access to your account.  Instead, you’ll need to use the option to Sign-In with Google, which is a safer and more secure way to sync your email to other apps. Sign-in with Google leverages industry standard and more secure OAuth method of authentication already used by the vast majority of third-party apps and devices. ↫ Google Workspace Updates What this means is that “all third-party apps that require password-only access to Gmail, Google Calendar, Contacts via protocols such as CalDAV, CardDAV, IMAP, SMTP, and POP” will no longer work. Crucial to note, however, is that App Passwords will continue to work, which is good news, because without App Passwords, older IMAP email clients without OAuth support, such as the ones often used on legacy or minor operating systems, would cease to work with Gmail.

Mourning Google

On March 15, 2010, I started a new job at Google. The fourteen years since that day feel like a century. The title of my announcement was Now A No-Evil Zone and, OK, I can hear the laughing from ten timezones away. I tried, then, to be restrained, but there are hardly words to describe how happy and excited I was. I had escaped from the accretion disk the former Sun Microsystems was forming around Oracle, that blackest of holes. And Google, in 2010, was the coolest place in the world to work. Let me quote myself from a little bit further into that piece, on the subject of Google: “I’m sure that tendrils of stupidity and evil are even now finding interstitial breeding grounds whence they will emerge to cause grief.” Well, yeah. This is in my mind these days as I’m on a retired-Googlers mailing list where the current round of layoffs is under discussion and, well, it really seems like the joy has well and truly departed the Googleplex. ↫ Tim Bray The honeymoon phase with the technology sector is well and long over, and we’re deep into an unhappy, unpleasant, joyless marriage now – and the fault lies entirely with the big technology companies themselves. They promised they’d change the world for the better, but they lied – and still lie – about the price.

Google introduces Google Takeout API

Google has detailed more of the changes it’s implementing to comply with the European Union’s Digital Markets Act. We already covered the changes to linked services, but Google is also changing how results related to shopping and booking results are displayed. We will introduce dedicated units that include a group of links to comparison sites from across the web, and query shortcuts at the top of the search page to help people refine their search, including by focusing results just on comparison sites. For categories like hotels, we will also start testing a dedicated space for comparison sites and direct suppliers to show more detailed individual results including images, star ratings and more. These changes will result in the removal of some features from the search page, such as the Google Flights unit. ↫ Oliver Bethell Google is also releasing its promised Google Takeout API, allowing developers to programmatically deal with users wanting to take their data out of Google to another service. This one in particular I’m interested in, since I’m curious if, say, a competing email service will make it easier and automatic to move away from Gmail.

Google allows EU citizens to unlink certain services

The Digital Markets Act (DMA) is an EU law that takes effect on March 6, 2024. As a result of the DMA, in the EU, Google offers you the choice to keep certain Google services linked. ↫ Google’s support site So what does linking services really do for you? When linked, these services can share your data with each other and with all other Google services for certain purposes. For example, linked Google services can work together to help personalize your content and ads, depending on your settings. It doesn’t seem like unlinking will mean much, but but at least the option is there now – but only for EU/EEA citizens.

Google Groups ending support for Usenet

Starting on February 22, 2024, you can no longer use Google Groups (at groups.google.com) to post content to Usenet groups, subscribe to Usenet groups, or view new Usenet content. You can continue to view and search for historical Usenet content posted before February 22, 2024 on Google Groups. In addition, Google’s Network News Transfer Protocol (NNTP) server and associated peering will no longer be available, meaning Google will not support serving new Usenet content or exchanging content with other NNTP servers. ↫ Google Groups Help According to Google, the reason for removing Usenet support is the declining popularity of Usenet, claiming that “much of the content being disseminated via Usenet today is binary (non-text) file sharing, which Google Groups does not support, as well as spam”. I can’t validate that claim, but regardless, relying on Google to access Usenet was never a good idea in the first place. There’s countless proper Usenet clients out there that won’t perform a classic Google rug pull.

Google to move location data and Maps history to your device

The Timeline feature in Maps helps you remember places you’ve been and is powered by a setting called Location History. If you’re among the subset of users who have chosen to turn Location History on (it’s off by default), soon your Timeline will be saved right on your device — giving you even more control over your data. Just like before, you can delete all or part of your information at any time or disable the setting entirely. If you’re getting a new phone or are worried about losing your existing one, you can always choose to back up your data to the cloud so it doesn’t get lost. We’ll automatically encrypt your backed-up data so no one can read it, including Google. ↫ Marlo McGriff, Director of Product, Google Maps, at Google’s official blog All else being equal, moving location data from residing unencrypted in the cloud to on your device is a good thing. That being said, if Google is giving up access to this data, it most likely means they’ve gotten really good at estimating your whereabouts using other data instead.

Google partially staged their Gemini “AI” video

It turns out that fancy video Google made to show off its new “AI” was… Well, not “faked”, but definitely a bit staged. Google also admits that the video is edited. “For the purposes of this demo, latency has been reduced and Gemini outputs have been shortened for brevity,” it states in its YouTube description. This means the time it took for each response was actually longer than in the video. In reality, the demo also wasn’t carried out in real time or in voice. When asked about the video by Bloomberg Opinion, a Google spokesperson said it was made by “using still image frames from the footage, and prompting via text,” and they pointed to a site showing how others could interact with Gemini with photos of their hands, or of drawings or other objects. In other words, the voice in the demo was reading out human-made prompts they’d made to Gemini, and showing them still images. That’s quite different from what Google seemed to be suggesting: that a person could have a smooth voice conversation with Gemini as it watched and responded in real time to the world around it. ↫ Parmy Olson for Bloomberg Companies always lie. It’s in their nature.

Introducing Gemini: Google’s largest and most capable AI model

This promise of a world responsibly empowered by AI continues to drive our work at Google DeepMind. For a long time, we’ve wanted to build a new generation of AI models, inspired by the way people understand and interact with the world. AI that feels less like a smart piece of software and more like something useful and intuitive — an expert helper or assistant. Today, we’re a step closer to this vision as we introduce Gemini, the most capable and general model we’ve ever built. Gemini is the result of large-scale collaborative efforts by teams across Google, including our colleagues at Google Research. It was built from the ground up to be multimodal, which means it can generalize and seamlessly understand, operate across and combine different types of information including text, code, audio, image and video. ↫ Demis Hassabis on Google’s official blog It’s no secret I’m not particularly impressed by “AI”, not least because its ability to autocomplete complete nonsense based on copyrighted works it’s drawing from without permission and the dangers this might represent to our society. That being said, Google’s new “AI” thing, as demonstrated in this video, actually seems a tiny bit impressive. It still looks like to me like it’s just blurting out random information using fairly mundane things like object and speech recognition, but the fluidity of it all definitely feels a lot more natural than whatever OpenAI and Microsoft have shown so far. I’m still not even remotely interested in any of this stuff, but this at least seems slightly more possibly useful than other examples I’ve seen so far.

YouTube says new 5-second video load delay is supposed to punish ad blockers, not Firefox users

Firefox users across the internet say that they are encountering an “artificial” five-second load time when they try to watch YouTube videos that exists on Firefox, but not Chrome. Google, meanwhile, told 404 Media that this is all part of its larger effort against ad blockers, and that it doesn’t have anything to do with Firefox at all. I’m sure it doesn’t, Google.

Google resumes transition to Manifest V3

With these changes in place, we’ve seen support for Manifest V3 increase significantly among the extension developer community. Specifically, we are encouraged by our ongoing dialogue with the developers of content blocking extensions, who initially felt Manifest V3 could impact their ability to provide users with the features they’ve come to expect. Google has made several changes to Manifest V3 specifically to ease concerns among developers of content blocking extensions, and it seems those changes have been positively received. The maximum number of active rulesets has been increased, as well as the number of dynamic rules, which are rules ad blocker developers can change and update without having to update the extension as a whole. Regardless of these changes, I would still advise everyone to get a Raspberry Pi or whatever and run Pi-Hole – this will block ads for your entire network, and all devices, regardless of browser or operating system.

Google drops Web Environment Integrity proposal

Google has announced it’s going to drop the Web Environment Integrity proposal – the controversial proposal that set the internet on fire a few months ago. Instead, the company intends to offer a much more limited version of the proposal that only targets Android WebViews embedded in applications, targeting only media streams running inside Android applications. We’ve heard your feedback, and the Web Environment Integrity proposal is no longer being considered by the Chrome team. In contrast, the Android WebView Media Integrity API is narrowly scoped, and only targets WebViews embedded in apps. It simply extends existing functionality on Android devices that have Google Mobile Services (GMS) and there are no plans to offer it beyond embedded media, such as streaming video and audio, or beyond Android WebViews. I might be ye of little faith, but this feels a lot like a case of proposing something overtly horrible first, to pave the way for something that now seems benign in comparison. On top of that, that scope might be limited now, but does anyone have any faith left that Google won’t just… Widen the scope later, once we’re all not looking?