Google likes to celebrate special events. Christmas was the inspiration for a dedicated Santa tracker, Martin Luther King Jr. Day was marked with a doodle, and this year's Safer Internet Day was commemorated with a quick glimpse at how Google tries to protect its users while they browse the web.
Safer Internet Day debuted in 2005 "to raise awareness of emerging online issues" and each year it "chooses a topic reflecting current concerns." This year's theme is "Be the change: Unite for a better internet," and it asks "stakeholders to join together to make the internet a safer and better place for all, and especially children and young people." Google qualifies, of course, because it runs some of the most popular online services in the world.
The company explained how it tries to thwart phishing attempts or malicious websites in a way that even children might be able to understand. It didn't bog down the conversation with technical mumbo jumbo--which is likely to confuse many of the people who rely on these protections--and instead used simple language to convey the same ideas. Just look at how it explained the way it tries to figure out if a sign-in attempt is legitimate or malicious:
The secret sauce is the systems that detect these subtler signals—clues—billions and billions of times every day to help paint the picture of a safe log-in. Think of these like Sherlock Holmes’ magnifying glass...if it were powered by a few data centers. The clues scammers may not even know they’re leaving behind help us inspect each new log-in attempt and compare it with the picture of a safe log-in that our systems have painted based on billions and billions of other log-ins. If something looks fishy, we’ll require more verifications designed to thwart bad guys, send notifications to your phone, or email you so you can quickly act on anything that looks unfamiliar.
Easy! The company used similarly basic language to explain how Safe Browsing (and similar tech used in Android apps) works:
Detecting the obvious badness—sites well-known for phishing scams, ransomware that locks your device until you pay a fraudster—is relatively easy. But the stealthier badness is only detectable by measuring billions of signals across sites and apps. If this sounds similar to the way we approach spam protections on Gmail or suspicious logins into Google, that’s because it is! The ability to understand badness on a large scale enables us to find the clues bad guys don’t even know they were leaving behind.
Some might balk at comparing these services to Sherlock Holmes' magnifying glass or describing malware, phishing traps, and other harmful aspects of websites as "badness." They'll want more in-depth explanations of how Google wants to make the web safer or how it detects malicious apps. Further, many need to know about questionable decisions like introducing always-on DRM, problematic APIs, or hosted S/MIME encryption for services like Gmail.
Yet many people have no idea how any of this stuff works. That's part of why Americans don't try to defend themselves even though they know they've been affected by data breaches and don't trust companies or government agencies to keep their information safe. Google's effort to explain these concepts in a simple way--and to raise awareness of efforts like Safer Internet Day--could help make cybersecurity seem a lot more approachable.