Google keeps saying that online safety shouldn’t be users’ concern, but the tech giants’.
Parisa Tabriz aka “Google’s Security Princess” is also the company’s director of engineering, and she delivered the keynote speech at the Black Hat cybersecurity conference in Las Vegas, where she addressed issues regarding cybersecurity.
Cyber attacks are present in our daily lives and hackers are targeting out emails, credit cards and more, so there’s plenty to worry about.
On the other hand, it’s true that such issues should only concern tech giants who should be able to protect users while they’re surfing the web, according to Tabriz.
She said that the ultimate goal for Google is to make sure that security becomes a second nature, not something that you would have to actively think about to achieve.
She also noted that this is up to the Internet’s architects to worry about.
“The end of the journey is for people creating content on the web, the vast majority of them don’t even have to think about it — it’s just by default,” Tabriz stated.
“I don’t know when that will happen, but I think things are moving in the right direction.”
These changes have been occurring for Google for the past years but users might not have noticed them.
New security features that don’t confuse users
Tabriz said Google’s approach has been to introduce new security features so that they don’t confuse users.
“A lot of security indicators related to HTTPS end up barfing out this ‘error, hey do you understand cryptography? Do you still want to go to where you want to go?’ and people just click through it,” Tabriz said.
“We’ve done a lot to make warning messages more comprehensible and to understand what is helpful to users.”
Chrome showed for a while a green lock with Secure written next to it so that people know that they’re on a secure page.
Tabriz said that Google ditched it because they wanted people to assume they’re safe by default.
That’s the reason for which back in July, Chrome started showing “Not Secure” in the browser if users visited a website that lacked HTTPS protection.