Google published a six-part report this week detailing a sophisticated hacking operation that the company detected in early 2020 and which targeted owners of both Android and Windows devices. From a report: The attacks were carried out via two exploit servers delivering different exploit chains via watering hole attacks, Google said. "One server targeted Windows users, the other targeted Android," Project Zero, one of Google's security teams, said in the first of six blog posts. Google said that both exploit servers used Google Chrome vulnerabilities to gain an initial foothold on victim devices. Once an initial entry point was established in the user's browsers, attackers deployed an OS-level exploit to gain more control of the victim's devices. The exploit chains included a combination of both zero-day and n-day vulnerabilities, where zero-day refers to bugs unknown to the software makers, and n-day refers to bugs that have been patched but are still being exploited in the wild.

Read more of this story at Slashdot.

Video-sharing site Rumble accused Google in a lawsuit of abusing the power of its search engine and mobile operating system to boost its YouTube video service over rivals, the latest allegation of anticompetitive conduct against the Alphabet unit. From a report: Toronto-based Rumble, which has become popular among conservative pundits, on Monday filed an antitrust suit in federal court in California arguing that Google is "unfairly rigging its search algorithms" to place YouTube above Rumble in its search results. Rumble said Google's behavior cost it significant numbers of viewers and advertising dollars. The lawsuit also argues that Google's deals to pre-install a YouTube app on mobile devices running Google's Android operating system have unfairly deprived Rumble of viewers. "Google, through its search engine, was able to wrongfully divert massive traffic to YouTube, depriving Rumble of the additional traffic, users, uploads, brand awareness and revenue it would have otherwise received," the lawsuit states. "We will defend ourselves against these baseless claims," a Google spokeswoman said.

Read more of this story at Slashdot.

Google is planning to release a new Nest Hub in 2021 that will feature sleeping tracking powered by the company's Soli radar technology. 9to5Google reports: Google's Advanced Technology and Projects group first unveiled Soli in 2015, but it did not launch on a consumer device until 2019. The sensor lets you perform air gestures over the Pixel 4 to play/pause and skip/rewind tracks, as well as snooze alarms and silence phone calls. It's also used to speed up face unlock by detecting when users reach for their phone and turning on the components needed for recognition. Third-party Android developers can incorporate the tech, which emits radar waves, into games and other interactive experiences. Meanwhile, the new Nest Thermostat also leverages it for improved motion sensing to wake the screen when you walk by. Soli will soon be used to track sleep. Embedded into this upcoming Nest Hub, Google is embracing how Smart Displays are often placed on bedside tables as alarm clocks and speakers. The original Nest Hub is more likely to be used in sensitive areas since it lacks a camera, with sleep tracking serving as another incentive to place this device on your nightstand. The FCC filing at the start of this week revealed that the Soli sensor placed in the Nest Hub will have technical capabilities identical to the Pixel 4. Google has long touted precise and fine gesture recognition, like spinning a virtual dial or adjusting a slider. This should translate to detecting any body movements you make at night. For comparison, the Nest Thermostat uses a more limited version of Soli to detect general motion. It's possible that Google will also use Soli on this Nest Hub for gestures to control content. The Nest Hub Max today already uses its camera to play/pause tracks when you hold up a hand.

Read more of this story at Slashdot.

A duo of French security researchers has discovered a vulnerability impacting chips used inside Google Titan and YubiKey hardware security keys. From a report: The vulnerability allows threat actors to recover the primary encryption key used by the hardware security key to generate cryptographic tokens for two-factor authentication (2FA) operations. Once obtained, the two security researchers say the encryption key, an ECDSA private key, would allow threat actors to clone Titan, YubiKey, and other keys to bypass 2FA procedures. However, while the attack sounds disastrous for Google and Yubico security key owners, its severity is not what it seems. In a 60-page PDF report, Victor Lomne and Thomas Roche, researchers with Montpellier-based NinjaLab, explain the intricacies of the attack, also tracked as CVE-2021-3011. For starters, the attack won't work remotely against a device, over the internet, or over a local network. To exploit any Google Titan or Yubico security key, an attacker would first need to get their hands on a security key in the first place.

Read more of this story at Slashdot.

Google is the U.K.'s first big post-Brexit antitrust target as regulators opened a probe into the company's planned changes to curb publishers' collection of advertising data. From a report: The Competition and Markets Authority said it's investigating Google's so-called privacy sandbox changes that could "undermine the ability of publishers to generate revenue and undermine competition in digital advertising, entrenching Google's market power." The probe adds to Google's legal headaches around the world. The Mountain View, California-based company faces lawsuits from the U.S. Department of Justice and multiple states over allegedly anticompetitive practices. The U.K. probe focuses on Google's decision last year to phase out third-party cookies that help advertisers monitor customers' browsing habits and pinpoint the effectiveness of different advertising. Google's Chrome is the dominant web browser and the changes will be followed by rival products based on Google technology, such as Microsoft's Edge.

Read more of this story at Slashdot.

Digital services taxes adopted by India, Italy, and Turkey in recent years discriminate against U.S. companies, the U.S. Trade Representative said on Wednesday. From a report: USTR, which began investigations into the three nation's digital services taxes in June last year, said it found them to be inconsistent with international tax principles, unreasonable, and burdening or restricting U.S. commerce. In its detailed reports, which the office has made public, USTR studied how these digital taxes affected companies including Amazon, Google, Facebook, Airbnb, and Twitter. USTR said it conducted these investigations on the ground of Section 301 of the U.S. Trade Act of 1974.

Read more of this story at Slashdot.

Not a single one of Google's iOS apps have been updated in almost a month -- an unusually long period for a tech behemoth not to release, at the very least, even a minor bug fix or stability update for one of its dozens of insanely popular iPhone and iPad apps. From a report: And after reviewing the latest release dates for all of Google's iOS apps, one reason for this lack of updates seems more likely than others: It could be related to Apple's new App Store privacy labels. The last time any Google iOS app was updated was on December 7. This includes updates to major Google apps like Google Drive, YouTube, Google Docs, Google Sheets, YouTube Music, Google Duo, Google Authenticator, and Gboard. Why is December 7 a significant date? Because starting on December 8, Apple mandated that any new apps or app updates submitted to the App Store would require the developer to fill out the privacy label information for the app it was submitting. This privacy label reveals exactly what data the app is collecting about the user and how that user data is being used. The label can then be viewed on an app's App Store listing page. The feature is part of Apple's push to make developers be more transparent in the ways they collect and use user data, so users can make more informed choices about the apps they choose to download.

Read more of this story at Slashdot.

Employees of Google and parent company Alphabet announced the creation of a union on Monday, escalating years of confrontation between workers and management of the internet giant. From a report: The Alphabet Workers Union said it will be open to all employees and contractors, regardless of their role or classification. It will collect dues, pay organizing staff and have an elected board of directors. The unionizing effort, a rare campaign within a major U.S. technology company, is supported by the Communications Workers of America as part of a recent tech-focused initiative known as CODE-CWA. Googlers who join the Alphabet Workers Union will also be members of CWA Local 1400. The group, which represents more than 200 workers in the U.S., plans to take on issues including compensation, employee classification and the kinds of work Google engages in. "We will hire skilled organizers to ensure all workers at Google know they can work with us if they actually want to see their company reflect their values," Dylan Baker, software engineer at Google, said in a statement. A letter from the union organizers published in the New York Times said workplace concerns at the company have been dismissed by executives for too long. Google has clashed with some employees in recent years over contracts with the military, the different treatment of contract workers and a rich exit package for an executive ousted for alleged sexual harassment.

Read more of this story at Slashdot.

One of the biggest disappointments from CES 2021 going virtual will be the lack of a splashy booth by Google. Whether you cared about the company's bevy of Google Assistant-related announcements, it was hard to deny the stagecraft employed by the tech giant. From a report: For the last few years, Google boasted some of the most eye-catching CES booths, from a theme park ride in 2019 to an escape room back in January's show. Unlike other CES heavy hitters, like Samsung or LG, Google opted to place its typically massive "activations" in the parking lot in front of the Las Vegas Convention Center, suddenly making that a trendy spot to place a booth. Google's booths largely pushed the benefits of Google Assistant, underscoring the importance of the digital assistant as it scrambled to claw back market share from Amazon's Alexa, which had a head start in the area thanks to Amazon's array of Echo speakers. Indeed, Google and its Assistant were part of a battle waged over digital assistants at past CES shows, with extravagant booths and with partners announcing that their respective assistants would come embedded in a new television, car or some other gadget. But with CES going virtual, a move dictated by the ongoing coronavirus pandemic, many of the show's biggest names are opting to skip the show. Google will hold partner meetings, but it won't have a large presence at the show, according to a spokesman. It's not alone -- the Consumer Technology Association said it expects about 1,000 exhibitors at the virtual show, less than a quarter of the total from the January confab.

Read more of this story at Slashdot.

Google is testing a new feature that will surface Instagram and TikTok videos in their own dedicated carousel in the Google app for mobile devices -- a move that could help the company retain users in search of social video entertainment from fully leaving Google's platform. From a report: The feature itself expands on a test launched earlier this year, where Google had first introduced a carousel of "Short Videos" within Google Discover -- the personalized feed found in the Google mobile app and to the left of the home screen on some Android devices. To be clear, this "Short Videos" carousel is different from Google's Stories, which rolled out in October 2020 to the Google Search app for iOS and Android. Those "Stories" -- previously known as "AMP Stories" -- consist of short-form video content created by Google's online publishing partners like Forbes, USA Today, Vice, Now This, Bustle, Thrillist and others. Meanwhile, the "Short Videos" carousel had been focused on aggregating social video from other platforms, including Google's own short-form video project Tangi, Indian TikTok competitor Trell, as well as Google's own video platform, YouTube -- which has also been experimenting with short-form content as of late.

Read more of this story at Slashdot.

Google chief Sundar Pichai has warned that "regulation can get it wrong" as his firm is increasingly targeted by antitrust moves. From a report: Last week, the European Commission set out new regulation to curb the power of big tech. The Digital Services Act hopes to increase transparency and competition for tech firms. The legislation will force firms, such as Google, to publish the algorithms used for rankings, as well as to police their own content. Big firms could be fined between six per cent and 10 per cent of global annual turnover if they fail to comply. In the interview with the FT, Pichai gave a guarded welcome to the regulation. He said: "I think it's an important regulation to think through and get right." However, he warns that "Governments need to think through these important principles. Sometimes we can design very open ecosystems, they can have security implications." He added that the failure of GDPR to break down the monopoly of big tech "shows that for a lot of these things, the answers are nuanced, and regulation can get it wrong."

Read more of this story at Slashdot.

Tech giants, including Microsoft and Google, have joined Facebook's legal battle against hacking company NSO, filing an amicus brief in federal court that warned the Israeli firm's tools were "powerful, and dangerous." From a report: The brief, filed before the U.S. Court of Appeals for the Ninth Circuit, opens up a new front in Facebook's lawsuit against NSO, which it filed last year after it was revealed that the cyber surveillance firm had exploited a bug in Facebook-owned instant messaging program WhatsApp to help surveil more than 1,400 people worldwide. NSO has argued that because it sells digital break-in tools to police and spy agencies, it should benefit from "sovereign immunity" -- a legal doctrine that generally insulates foreign governments from lawsuits. NSO lost that argument in the Northern District of California in July and has since appealed to the Ninth Circuit to have the ruling overturned. Microsoft, Alphabet-owned Google, Cisco, Dell Technologies-owned VMWare, and the Washington-based Internet Association joined forces with Facebook to argue against that, saying that awarding sovereign immunity to NSO would lead to a proliferation of hacking technology and "more foreign governments with powerful and dangerous cyber surveillance tools."

Read more of this story at Slashdot.

Facebook and Google agreed to "cooperate and assist one another" if they ever faced an investigation into their pact to work together in online advertising, according to an unredacted version of a lawsuit filed by 10 states against Google last week. From a report: The suit, as filed, cites internal company documents that were heavily redacted. The Wall Street Journal reviewed part of a recent draft version of the suit without redactions, which elaborated on findings and allegations in the court documents. Ten Republican attorneys general, led by Texas, are alleging that the two companies cut a deal in September 2018 in which Facebook agreed not to compete with Google's online advertising tools in return for special treatment when it used them. Google used language from "Star Wars" as a code name for the deal, according to the lawsuit, which redacted the actual name. The draft version of the suit says it was known as "Jedi Blue." The lawsuit itself said Google and Facebook were aware that their agreement could trigger antitrust investigations and discussed how to deal with them, in a passage that is followed by significant redactions. The draft version spells out some of the contract's provisions, which state that the companies will "cooperate and assist each other in responding to any Antitrust Action" and "promptly and fully inform the Other Party of any Governmental Communication Related to the Agreement." In the companies' contract, "the word [REDACTED] is mentioned no fewer than 20 times," the lawsuit says. The unredacted draft fills in the word: Antitrust.

Read more of this story at Slashdot.

Browser makers Apple, Google, Microsoft, and Mozilla, have banned a root certificate that was being used by the Kazakhstan government to intercept and decrypt HTTPS traffic for residents in the country's capital, the city of Nur-Sultan (formerly Astana). From a report: The certificate had been in use since December 6, 2020, when Kazakh officials forced local internet service providers to block Nur-Sultan residents from accessing foreign sites unless they had a specific digital certificate issued by the government installed on their devices. While users were able to access most foreign-hosted sites, access was blocked to sites like Google, Twitter, YouTube, Facebook, Instagram, and Netflix, unless they had the certificate installed. Kazakh officials justified their actions claiming they were carrying out a cybersecurity training exercise for government agencies, telecoms, and private companies. Officials cited that cyberattacks targeting "Kazakhstan's segment of the internet" grew 2.7 times during the current COVID-19 pandemic as the primary reason for launching the exercise. The government's explanation did, however, make zero technical sense, as certificates can't prevent mass cyber-attacks and are usually used only for encrypting and safeguarding traffic from third-party observers. After today's ban, even if users have the certificate installed, browsers like Chrome, Edge, Mozilla, and Safari, will refuse to use them, preventing Kazakh officials from intercepting user data.

Read more of this story at Slashdot.

This week Google "quietly acquired a company called Neverware Inc. that sells software to transform old personal computers and Macs into Chromebook devices," reports SiliconANGLE: The acquisition was announced by Neverware on Twitter, and Google later confirmed the news in a statement. Google had taken part in the company's Series B funding round three years ago. Neverware's software is called CloudReady OS, and though it's primarily aimed at schools and enterprises that want to transform fleets of machines into Chromebooks, there's also a free Home edition that anyone can use... Google's plan is to make CloudReady an official product. "We can confirm that the Neverware team is joining the Google Chrome OS team," Google said in a statement.

Read more of this story at Slashdot.

Terence Eden: I am concerned that -- despite the hard work of the AC -- Google has limited interest in that goal. When I joined, I wondered whether I could make a difference. I hope that I have been a critical friend. The AC has encouraged AMP to think more about user needs -- rather than Google's needs. And changes to the search carousel were also a concern of the committee which have been partly addressed. Google's thesis is that the mobile-web is dying and people prefer to use apps -- therefore making the web faster and more app-like will retain users. Google doesn't publish data about this, so I can't directly criticise their motives. But I do not think AMP, in its current implementation, helps make the web better. I remain convinced that AMP is poorly implemented, hostile to the interests of both users and publishers, and a proprietary & unnecessary incursion into the open web. I am glad that I tried to make it better, but I'm sad to have failed.

Read more of this story at Slashdot.

A bipartisan coalition of states sued Alphabet's Google Thursday alleging broad antitrust violations in the online search market, marking the third U.S. case against the search giant in two months. From a report: The lawsuit, led by Colorado, Iowa and other states, marks the latest escalation of the antitrust battle against Google. It comes a day after 10 Republican state attorneys general led by Texas sued the company for anticompetitive practices, and follows an October complaint by the Justice Department. "Combined with the other recent lawsuits filed against Google, never before have so many states and the federal government come together to challenge a company with such power," Iowa Attorney General Tom Miller said a statement. "Google has more data on consumers, and more variety of information, than perhaps any entity in history." The lawsuit, filed by 38 attorneys general, accuses Google of illegally monopolizing internet search and search advertising through a series of anticompetitive contracts and conduct, hurting consumers and advertisers in the process.

Read more of this story at Slashdot.

Google won European Union approval for its $2.1 billion takeover of health tracker Fitbit, days after regulators proposed tougher rules to curb powerful technology firms' push into new services. From a report: The European Commission said Google's pledge to maintain access for rival health and fitness apps and device makers for 10 years removed its concerns about the U.S. tech giant's move into health data and devices. Smaller rivals previously complained that the company's promises might not go far enough to stop Google shutting off access in future to rival products or services. "The commitments will determine how Google can use the data collected for ad purposes, how interoperability between competing wearables and Android will be safeguarded and how users can continue to share health and fitness data, if they choose to," Margrethe Vestager, the EU's antitrust chief, said in a statement Thursday. Approval comes in a harsh climate when Google and others are facing mounting scrutiny of acquisitions that help them push into new areas. Google announced its plans to buy Fitbit in November 2019, describing the bid for the smartwatch maker as a boost to its lagging hardware business.

Read more of this story at Slashdot.

Texas Attorney General Ken Paxton announced Wednesday that he will soon file a multistate antitrust lawsuit against Google and its advertising business, alleging that the company has stifled competition and enjoys "monopolistic power." From a report: In a tweet, Paxton said the lawsuit will be filed on Wednesday. "This goliath of a company is using its power to manipulate the market, destroy competition and harm you, the consumer," Paxton said in a video accompanying the tweet. The text of the complaint was not immediately available. But a court record shows that nine other states are participating in the suit, including Kentucky, South Dakota, Arkansas, Idaho, Indiana, Mississippi, Missouri, North Dakota and Utah. The lawsuit marks the second antitrust suit by government officials to hit Google in the US this year. The Justice Department took the search giant to court over similar allegations in October. Eleven states joined the suit at the time. It also follows a lawsuit by more than 40 attorneys general against Facebook alleging it has abused a monopoly in social media.

Read more of this story at Slashdot.

Daniel Miessler, a widely respected infosec professional in San Francisco, writes about design and user experience choices Google has made across its services in recent years: I've been writing for probably a decade about how bad Google's GUI is for Google Analytics, Google Apps, and countless of their other properties -- not to mention their multiple social media network attempts, like Google+ and Wave. Back then it was super annoying, but kind of ok. They're a hardcore engineering group, and their backend services are without equal. But lately it's just becoming too much. 1. Even Gmail is a cesspool at this point. Nobody would ever design a webmail interface like that, starting from scratch. 2. What happened to Google Docs? Why does it not look and behave more like Notion, or Quip, or any of the other alternatives that made progress in the last 5-10 years? 3. What college course do I take to manage a Google Analytics property? 4. Google just rolled out Google Analytics 4 -- I think -- and the internet is full of people asking the same question I am. "Is this a real rollout?" [...] My questions are simple: 1. How the hell is this possible? I get it 10 years ago. But then they came out with the new design language. Materialize, or whatever it was. Cool story, and cool visuals. But it's not about the graphics, it's about the experience. 2. How can you be sitting on billions of dollars and be unable to hire product managers that can create usable interfaces? 3. How can you run Gmail on an interface that's tangibly worse than anything else out there? 4. How can you let Google Docs get completely obsoleted by startups? I've heard people say that Google has become the new Microsoft, or the new Oracle, but damn -- at least Microsoft is innovating. At least Oracle has a sailing team, or whatever else they do. I'm being emotional at this point. Google, you are made out of money. Fix your fucking interfaces. Focus on the experience. Focus on simplicity. And use navigation language that's similar across your various properties, so that I'll know what to do whether I'm managing my Apps account, or my domains, or my Analytics. You guys are awesome at so many things. Make the commitment to fix how we interact with them.

Read more of this story at Slashdot.