From time to time, Google makes an attempt to try and convince the world at large that it takes security seriously. Its latest stunt is to announce that from July 2018 onwards it will be marking all pages that are not using secure protocols as insecure when viewed in its Chrome browser.
If only the company showed a fraction of the efforts it puts into PR into making its ubiquitous properties actually secure.
Google is extremely good at what security expert Bruce Schneier calls security theatre. Schneier coined the term to describe the over-abundant security measures that the US adopted after the 9/11 incident - all of which do little to actually enhance people's security.
The search engine giant is very good at security theatre.
{loadposition sam08}Given its profile and wide usage — Chrome, for reasons best known to its users, enjoys something like a 56% share of the browser market — any action that the company takes necessarily appears prominent. The announcement, by the way, is titled "A secure Web is here to stay", indeed a laughable headline if ever there was one.
But what is the point when SSL encrypted threats are rising by the day? That little lock on a browser bar before the URL means little these days.
Recently, the removal of about 700,000 malicious apps from the Google Play store was touted by the search behemoth as some kind of indication that it is concerned about security.
When this was announced, there were some stupid lines spoken by the Google Play product manager, Andrew Ahn, that “you have a lower probability of being infected by malware from Play than being hit by lightning".
There was no statement about how so many malicious apps came to be in the Play store in the first place. Android, remember, is almost 10 years old. By now if there is no proper security structure, then when it will ever be put in place?
Back in 2011, Google's Chris Di Bona posted a rant on Google+, using the argument about open source being more secure to try and argue that Android was in the same bucket.
Of course, Di Bona did not tell people that Android is only open source as far as the kernel goes – which is a modified Linux kernel that is under the GNU General Public Licence which keeps it free.
The rest of Android is under various licences that allow Google to lock up the code and never provide it to anyone.
Every company that uses Android has to license the Google apps that are part of its ecosystem. They have no choice, else they can build their own.
Open source may be secure that has nothing to do with Google. Yet who questions it?
Android security is so bad that security professionals are now starting to compare it with Windows, the operating system produced by a company that has often been called the Typhoid Mary of the Internet.
From time to time, Google finds some security flaw or the other in another company's products and makes a big song and dance about it. This does wonders for Google as it embarrasses its rivals and deflects people's attention from all the snooping that Google does through its various Web properties.
Today, as iTWire reported, India has become the latest to fine Google for anti-competitive practices. One doubts it will be the last country to do so.
But given the manner in which Google is treated by the US mainstream and other media, who put on kid gloves whenever they discuss the company and its affairs, it is unlikely that there will be any change.
Only when it is exposed for the charade that it puts on and put to shame will there be change. Let's hope the rest of the world joins the EU in making the company pay for its anti-people practices.