The IT Nerd

In 2020, Chrome announced the deprecation of third party cookies; and as the deadline approaches, Google ads platforms have been experimenting with serving interest based ads with privacy-preserving signals (including the Privacy Sandbox’s Topics API) instead of third party cookies.

The results showed that when using IBA solutions with privacy-preserving signals, Google Ads advertising spend on IBA decreased by between 2 and 7% compared to third-party-cookie-based results. For conversions per dollar [proxy for return on investment] the decrease was 1-3%. It also showed that click through rates (CTR) remained within 90% of the status quo. 

It’s worth noting that the results were derived from a combination of privacy-preserving signals such as contextual information, the Topics API from the Privacy Sandbox and first-party identifiers such as Publisher Provided IDs.

You can read the blog post here.

Google is reporting that weak passwords accounted for almost half of security breaches affecting Google Cloud customers. Google is seeing nation state actors finding success exploiting “weak identity verification practices” according to Chris Porter, head of threat intelligence for Google Cloud “The percentage that’s a software issue or a zero-day, you know, it’s not zero, but it goes down and down and down. That’s a trend we generally expect to continue,” Porter said.
 
Google reports that compromise of API’s to gain permissions into a company systems is the second most common avenue of attack on their cloud systems and accounted for nearly one fifth of all reported incidents. They point out that ransomware attacks in the cloud, threatening to release stolen data, have become common events.

I have three comments on this. The first is from Willy Leichter, VP, Cyware:
    
   “This report seems depressingly familiar, that our oldest security problems – poor password practices and leaked API credentials, lead to the majority of attacks. But we must move beyond our typical response – trying to train and cajole end-users to be more careful. We need to assume that users will be careless, design better defense-in-depth, and leverage the explosion of AI tools to detect poor security practices, and advanced attacks that will always find weak points to exploit.”

The next is from Roy Akerman, Co-Founder & CEO, Rezonate:

   “This confirms the same exact information we have seen for the past decade. Identity was and remains the biggest risk, and the true “zero-day”, organization must address with priority. Current identity security approaches are fragmented across many tools and teams and does not fit today’s reality of a constantly changing infrastructure. Identity security hasn’t evolved for the past decade for the purpose of detecting identity exploitation. We were too busy managing and allowing access vs monitoring and detecting unauthorized access behaviors and a true end-to-end view across all stages of the identity lifecycle.”

The final comment is from George McGregor, VP, Approov:

   “The combination of weak passwords and careless API key management is a dangerous cocktail which opens up APIs as an attack surface for hackers. Better discipline in general is of course important, but developers should also put in place runtime solutions to prevent stolen keys being exploited. This can be done effectively by using app and device attestation combined with secret management solutions which allow keys to be rotated immediately if compromised or changed.”

This is depressing and hopefully this report from Google serves as a wake up call to do better on the security front. Because we live in a time where not doing better will end badly more often than not.

Starting in early 2024, Google has announced a new Play Store data deletion policy that will require Android developers to provide users the ability to delete their accounts and in-app data both within the app and on-line.
 
Every store listing will display links in the “Data deletion” area where developers will provide an in-app account deletion experience as well as a web-based option so users do not have to re-install the app. Developers will be required to delete the data associated with the account deletion. Finally, users are also provided with more options such as the ability to delete specific data while maintaining account. Google acknowledged that some developers may be legally required to retain certain data.
 
Developers may request an extension, but non-compliant apps will no longer be able to publish new apps or release app updates and may face removal from Google Play.
 
This announcement follows Apple’s move requiring developers of apps with an account creation option to also provide the users with a way to delete their accounts from within the apps starting June 2022.

Ted Miracco, CEO of Approov had this comment:

   “It is important for companies like Google and Apple to prioritize user privacy and security, and this new policy is a step in the right direction. The new Play Store data deletion policy is a positive development from a mobile security perspective and can help reduce the risk of data breaches by giving users more control over their personal data. In the event of a data breach, the ability to delete specific data and account information can be critical in preventing further damage and protecting sensitive information. With this new policy, users will have more control over their data and will be able to delete it in a more efficient and effective way, which can help reduce the risks associated with a data breach. App developers still need to do more to secure their apps and make sure they cannot be tampered with, and consumers should only install apps from legitimate app marketplaces.”

I like this as my data belongs to me. Thus I should have control over whom I share it with including if I no longer want to share it with a third party. Good on Google for doing the right thing for a change.

Today, Google released the 2023 edition of their annual Ads Safety Report, which takes a deeper look at how Google created a safer experience for users in the ad ecosystem in the past year. Google also launched a brand new transparency tool called the Ads Transparency Center, which will be a fully searchable repository of global ads we serve from verified advertisers. 

Here’s a link to the full report, as well as blog posts about the Ads Safety Report and new Ads Transparency Center for more information, along with some highlights below:

Key Insights from the 2023 Ads Safety Report:

• Google blocked or removed over 5.2 billion ads for violating Google’s policies. That’s more than 9,000 ads per minute.
• Google restricted over 4.3 billion ads. 
• Google blocked over 17 million ads related to the war in Ukraine under our sensitive event policy.
• Google suspended more than 6.7 million advertiser accounts for egregious  policy violations.
• Google removed ads from over 1.5 billion pages last year. 
• Google added or updated 29 policies for both advertisers and publishers in 2022. 

New fact-checking tools on Google Search

With International Fact Checking Day (April 2) approaching, it’s an important time to consider information literacy and misinformation online. Everyone should be empowered with the tools they need to find information they can trust, that’s why we’re highlighting tools and features available on Search to help people evaluate the information they come across online. You can read more details about the new Search features in this blog post.

• About this page, is a new Search results page experience. Now when you search for a URL on Google.ca, About this page will appear below the top navigational results on the Search page. It provides quick, important context about the webpage you searched for, to help you evaluate the credibility of the page.
• About this result will now be available for all Canadians. Through the feature, you can quickly find more context about the sources and topics you’re searching for. This includes information like a description of the source (if available), when the site was first indexed, and whether your connection to a site is secure. You’ll see Information about some of the factors used to connect a result to the query, and whether a result is personalized for you. 
• Fact Checking Fund (GNI), back in November, Google and YouTube announced a $13.2M grant to the International Fact Checking Network to provide indirect funds to 135 fact-checking organizations across 65 countries covering 80 languages. The fund will be opening very soon, building on our previous work to address misinformation, and is Google and YouTube’s single largest grant in fact-checking.

Today Google Cloud announced the next step in their AI journey, bringing generative AI benefits to individuals, businesses, and communities. 

Among the updates comes new Google Workspace features, with AI supporting everyday tasks like: 

• draft, reply, summarize, and prioritize your Gmail
• brainstorm, proofread, write, and rewrite in Docs
• bring your creative vision to life with auto-generated images, audio, and video in Slides

Other highlights in Google’s new generative AI capabilities include:

• Empowering all developers through PaLM API, a new developer offering that makes it easy and safe to experiment with Google’s large language models. Alongside the API, Google Cloud is releasing MakerSuite, a tool that lets developers start prototyping quickly and easily. 
• Generative AI support in Vertex AI to offer a simple way for data science teams to take advantage of foundation models like PaLM. This includes the ability for businesses to address use cases such as content generation and chat summarization all with enterprise-level safety, security, and privacy.
• Generative AI App Builder which allows organizations to build their own AI-powered chat interfaces and digital assistants.
• As part of Google’s commitment to openness, they’re unveiling new partnerships, programs, and resources for each segment of theAI Ecosystem. 

For an overview of the news, check out the blog post from Google Cloud CEO Thomas.

A total of 12 startups from across Canada will be participating in our 2023 Google for Startups Accelerator Canada program. Supporting the next generation of Canadian founders and kicking-off our first accelerator cohort of the year, the 10-week, equity-free program is designed to bring the best of Google’s programs, products, people and technology to Canadian startups – at a time when AI continues to advance.

Now in its fourth year, the Google for Startups Accelerator builds on Google’s continued support for Canada’s startup ecosystem. The program is one of five accelerators developed specifically for Canadian companies, others include the Cloud Accelerator,Women Founders Accelerator, Black Founders Accelerator, and the Climate Change Accelerator. 

The participating startups are:

• Bidmii (Toronto) is an online marketplace that quickly connects homeowners and contractors for home improvement projects, guaranteeing payment security for each party by holding payments in trust.
• Chimoney (Toronto) enables businesses to send payments to phones, emails and Twitter, regardless of scale, currency, country and other factors.
• Clavis Studio (Edmonton) is an AI and /machine learning (ML)-driven design, visualization, and sourcing platform that provides a marketplace for designers and decorators to source new clients and use supporting tools to deliver their projects.
• Foqus Technologies (Toronto) is an AI and quantitative imaging technology company that designs and develops software solutions to enhance the speed and quality of MRI scans.
• Gryd Digital Media (Winnipeg) is a PropTech company that has developed a suite of products and services designed to deliver increased efficiencies, increased asset value, and reduced costs to property owners, managers, and REITs nationwide.
• Morpheus.Network (Burlington) focuses on helping companies and government organizations eliminate inefficiencies and remove barriers to optimize and automate their supply chain operations.
• Moves (Toronto) is building the collective of the gig economy, solving financial challenges associated with being a gig worker, and the lack of representation and ownership gig workers experience.
• My Choice (Toronto) is an insurance aggregator that partners with insurance companies and brokerages to bring customers the power of choice and transparency through seamless, personalized user experiences and automation.
• SalonScale Technology Inc. (Saskatoon) is the salon industry’s leading B2B SAAS provider in professional goods management, providing solutions that address the rising cost of salon supplies.
• ShareWares (Vancouver) Has developed a platform that pairs technology with current city infrastructure to allow reusable cups and food containers to be bought, returned, tracked, and processed for resale. Stay tuned as food packaging is just the beginning.
• Tablz (Ottawa) is a 3D bookings platform that lets diners upgrade to the seat of their preference, while generating net new profit for restaurants.
• TrojAI (Saint John) helps enterprises manage AI risk through stress testing and audit of AI/ML models.

You can read the blog post here.

Via a blog post today, Google announced that their Privacy Sandbox Beta is coming to Android. Specifically, Android 13 devices at first and expanding over time. If you’re one of the users selected for the beta, you’ll receive an Android notification letting you know that you’ve been selected.

Here’s what this means for you via the blog post:

The Privacy Sandbox Beta provides new APIs that are designed with privacy at the core, and don’t use identifiers that can track your activity across apps and websites. Apps that choose to participate in the Beta can use these APIs to show you relevant ads and measure their effectiveness.

You’ll be able to control your Beta participation by going to the Privacy Sandbox section of Settings. From this screen you’ll be able to see and manage the interests that apps can use to show you relevant ads. For example, you could see that Android has estimated that you’re interested in topics like Movies or Outdoors, and you can block any topics if they don’t fit your interests. And if you change your mind about participating in the Beta, you can turn it off or back on in Settings.

If you’re an Android user, I’d keep an eye out for that notification as from my perspective, Google appears to be starting to take privacy seriously.