Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Friday, 09 February 2018 12:09

Google unveils its latest bit of security theatre Featured


From time to time, Google makes an attempt to try and convince the world at large that it takes security seriously. Its latest stunt is to announce that from July 2018 onwards it will be marking all pages that are not using secure protocols as insecure when viewed in its Chrome browser.

If only the company showed a fraction of the efforts it puts into PR into making its ubiquitous properties actually secure!

Google is extremely good at what security expert Bruce Schneier calls security theatre. Schneier coined the term to describe the over-abundant security measures that the US adopted after the 9/11 attacks – all of which do little to actually enhance people's security.

The search engine giant is very good at security theatre.

Given its profile and wide usage — Chrome, for reasons best known to its users, enjoys something like a 56% share of the browser market — any action that the company takes necessarily appears prominent. The announcement, by the way, is titled "A secure Web is here to stay", indeed a laughable headline if ever there was one.

But what is the point when SSL encrypted threats are rising by the day? That little lock on a browser bar before the URL means little these days.

Recently, the removal of about 700,000 malicious apps from the Google Play store was touted by the search behemoth as some kind of indication that it is concerned about security.

When this was announced, there were some stupid lines spoken by the Google Play product manager, Andrew Ahn, that “you have a lower probability of being infected by malware from Play than being hit by lightning".

theatre large

There was no statement about how so many malicious apps came to be in the Play store in the first place. Android, remember, is almost 10 years old. By now if there is no proper security structure, then when it will ever be put in place?

Back in 2011, Google's Chris Di Bona posted a rant on Google+, using the argument about open source being more secure to try and argue that Android was in the same bucket.

Of course, Di Bona did not tell people that Android is only open source as far as the kernel goes – which is a modified Linux kernel that is under the GNU General Public Licence. That licence ensures that if anyone changes the source and then distributes it along with the changes, then that changed source in its entirety has to be made available to anyone who wants it.

The rest of Android is under various licences that allow Google to lock up the code and never provide it to anyone.

Every company that uses Android has to license the Google apps that are part of its ecosystem. They have no choice, else they can build their own.

Open source may be secure, but that has nothing to do with Google. Yet who questions it?

Android security is so bad that security professionals are now starting to compare it with Windows, the operating system produced by a company that has often been called the Typhoid Mary of the Internet.

From time to time, Google finds some security flaw or the other in another company's products and makes a big song and dance about it. This does wonders for Google as it embarrasses its rivals and deflects people's attention from all the snooping that Google does through its various Web properties.

Today, as iTWire  reported, India has become the latest to fine Google for anti-competitive practices. One doubts it will be the last country to do so.

But given the manner in which Google is treated by the US mainstream and other media, who put on kid gloves whenever they discuss the company and its affairs, it is unlikely that there will be any change.

Only when it is exposed for the charade that it puts on and put to shame will there be change. Let's hope the rest of the world joins the EU in making the company pay for its anti-people practices.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments