Home Open Sauce Google unveils its latest bit of security theatre

Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Google unveils its latest bit of security theatre Featured

From time to time, Google makes an attempt to try and convince the world at large that it takes security seriously. Its latest stunt is to announce that from July 2018 onwards it will be marking all pages that are not using secure protocols as insecure when viewed in its Chrome browser.

If only the company showed a fraction of the efforts it puts into PR into making its ubiquitous properties actually secure!

Google is extremely good at what security expert Bruce Schneier calls security theatre. Schneier coined the term to describe the over-abundant security measures that the US adopted after the 9/11 attacks – all of which do little to actually enhance people's security.

The search engine giant is very good at security theatre.

Given its profile and wide usage — Chrome, for reasons best known to its users, enjoys something like a 56% share of the browser market — any action that the company takes necessarily appears prominent. The announcement, by the way, is titled "A secure Web is here to stay", indeed a laughable headline if ever there was one.

But what is the point when SSL encrypted threats are rising by the day? That little lock on a browser bar before the URL means little these days.

Recently, the removal of about 700,000 malicious apps from the Google Play store was touted by the search behemoth as some kind of indication that it is concerned about security.

When this was announced, there were some stupid lines spoken by the Google Play product manager, Andrew Ahn, that “you have a lower probability of being infected by malware from Play than being hit by lightning".

theatre large

There was no statement about how so many malicious apps came to be in the Play store in the first place. Android, remember, is almost 10 years old. By now if there is no proper security structure, then when it will ever be put in place?

Back in 2011, Google's Chris Di Bona posted a rant on Google+, using the argument about open source being more secure to try and argue that Android was in the same bucket.

Of course, Di Bona did not tell people that Android is only open source as far as the kernel goes – which is a modified Linux kernel that is under the GNU General Public Licence. That licence ensures that if anyone changes the source and then distributes it along with the changes, then that changed source in its entirety has to be made available to anyone who wants it.

The rest of Android is under various licences that allow Google to lock up the code and never provide it to anyone.

Every company that uses Android has to license the Google apps that are part of its ecosystem. They have no choice, else they can build their own.

Open source may be secure, but that has nothing to do with Google. Yet who questions it?

Android security is so bad that security professionals are now starting to compare it with Windows, the operating system produced by a company that has often been called the Typhoid Mary of the Internet.

From time to time, Google finds some security flaw or the other in another company's products and makes a big song and dance about it. This does wonders for Google as it embarrasses its rivals and deflects people's attention from all the snooping that Google does through its various Web properties.

Today, as iTWire  reported, India has become the latest to fine Google for anti-competitive practices. One doubts it will be the last country to do so.

But given the manner in which Google is treated by the US mainstream and other media, who put on kid gloves whenever they discuss the company and its affairs, it is unlikely that there will be any change.

Only when it is exposed for the charade that it puts on and put to shame will there be change. Let's hope the rest of the world joins the EU in making the company pay for its anti-people practices.

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

10 SIMPLE TIPS TO PROTECT YOUR ORGANISATION FROM RANSOMWARE

Ransomware attacks on businesses and institutions are now the most common type of malware breach, accounting for 39% of all IT security incidents, and they are still growing.

Criminal ransomware revenues are projected to reach $11.5B by 2019.

With a few simple policies and procedures, plus some cutting-edge endpoint countermeasures, you can effectively protect your business from the ransomware menace.

DOWNLOAD NOW!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the sitecame into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

 

Popular News

 

Telecommunications

 

Sponsored News

 

 

 

 

Connect