This might convince Donald Trump that Google’s not conspiring against him

Democratic presidential candidate Hillary Clinton pauses while speaking at New Mount Olive Baptist Church in Fort Lauderdale, Florida, on Oct. 30.
Image: AP Photo/Andrew Harnik

Donald Trump called Google a member of the “dishonest media” on Sunday, but he might tone down his criticism going forward if he spent some time googling his rival last night.

Someone hijacked the Wikipedia page for “pathological lying” late on Sunday and uploaded a picture of Hillary Clinton. They also linked the Democratic presidential nominee’s name to the term throughout the article.

As a result, Clinton’s photo briefly popped up when Google users searched “pathological lying,” according to the Huffington Post. Google often pulls Wikipedia images during searches.

Searches for “45th us president” also reportedly showed a picture of Trump for a short time.

The revision history for the Wikipedia’s “pathological lying” page shows moderators quickly reverted the page back to normal and then locked it on account of “persistent vandalism.”

Clinton’s image briefly appeared on the Wikipedia page for “pathological lying.”

Image: screenshot/wikipedia

Trump has continually linked Clinton’s name with lying on the campaign trail. He often calls her “crooked Hillary,” and his supporters often chant “lock her up” at rallies for the Republican presidential nominee. More than once, his supporters have dressed up as Clinton in a prison jumpsuit.

During the second presidential debate, Trump threatened to jail Clinton if he is elected, and he’s repeatedly called her a criminal for her use of a personal email server while she was secretary of state.

That issue has dogged Clinton throughout the campaign, though the FBI found after an investigation that neither she nor her staff had committed any crime. The agency did, however, find that Clinton had been far too careless with regard to email security.

Maybe this little blip will convince Trump that Google search results aren’t conspiring against him.

Read more: http://mashable.com/

Google’s new Android Auto app makes any old vehicle a smart car

SAN FRANCISCO, CA – MAY 28: Attendees look at cars featuring Android Auto during the 2015 Google I/O conference
Image: Justin Sullivan/Getty Images

Google just introduced a new way to bring your jalopy into the future.

Android Auto can now function entirely from your phone, the company announced in a blog post Monday, meaning you no longer need a special dashboard or an entirely new car to use it.

“Whether your phone is connected to a compatible car display, or placed in a car mount on the dashboard, Android Auto brings your favorite apps and services into one place, making them accessible in safer and seamless ways,” Gerhard Schobbe, Android Auto product manager, wrote in the post.

These apps include Spotify, Pandora, Google Play Music and Google Maps. Waze, which is owned by Google, is not yet supported by the Android Auto app but will probably be integrated into the Android Auto app eventually, as it was mentioned in the Google I/O developer conference earlier this year.

Image: Google

As you’d expect, the Android Auto app can also “make calls or send messages with hands-free voice commands.” You’ll be able to read and send text messages by simply talking to the app.

The auto app also works to tailor your notifications to avoid unnecessary distractions while you’re behind the wheel.

The new update is rolling out now in over 30 countries and is free. Visit the Android Auto website to see when it’ll be available on your device.

Read more: http://mashable.com/

Google finds ‘serious’ Windows vulnerability

File photo – A Microsoft logo is seen at a pop-up site for the new Windows 10 operating system at Roosevelt Field in Garden City, New York July 29, 2015. (REUTERS/Shannon Stapleton)

A serious security vulnerability in Windows code is currently being exploited, Google researchers said on Monday.

Google discovered the flaw, which also affects Adobe’s Flash media player, on Oct. 21. Adobe issued a fix a few days later, but Microsoft still has not issued its own, according to a Google blog post. Google said its policy is to publish actively exploited critical vulnerabilities seven days after it reports them to the software’s creator.

The flaw, which exists in the Windows kernel, can be used as a “security sandbox escape,” according to Google. Most software contains sandboxes in order to stop malicious or malfunctioning programs from damaging or snooping on the rest of the computer.

It’s unclear how extensively the Windows flaw has been exploited. Google said only that it is being “actively exploited.” In a statement, Microsoft acknowledged the security flaw and criticised Google for disclosing it before a fix was ready.

Read more: http://www.foxnews.com/tech/2016/11/01/google-finds-serious-windows-vulnerability.html

Google announces on-sale date for its Daydream View VR headset

Image: jason henry/mashable

You’ll soon be able to buy one of Google’s VR headsets.

Daydream View, the virtual reality headset Google launched alongside its Pixel phones last month, will be available in stores and online beginning Nov. 10, the company announced.

The headset will sell for $79 in the U.S. where it will be available at Best Buy and Verizon, in addition to Google’s online store. (Google is also partnering with retailers in the UK, Canada, Australia and Germany.)

Of course, you’ll need one of Google’s Pixel phones in order to take advantage of the headset at least for now. Though most major Android manufacturers have committed to making Daydream-ready devices, Google’s pair of new flagships are the only ones currently available.

If you do have a Pixel, Google already has a decent amount of VR content lined up, including virtual reality versions of Hulu and YouTube as well as games and experiences from the New York Times and the Wall Street Journal. Daydream View also has the unique distinction of being the first headset to offer a Harry Potter VR experience (based on the upcoming Fantastic Beasts and Where to Find Them.)

Read more: http://mashable.com/2016/11/01/daydream-vr-launch-date/

Girl Uses Google Translate To Invite Her New Classmate Who Was Isolated To Sit With Her At Lunch

Elementary school student Rafael Anaya had just moved from Mexico to California, and, not knowing English, was having a hard time finding new friends – until one girl used google translate to reach out and write a letter to him. A 10-year-old classmate Amanda Moore saw the boy eating lunch alone, and didn’t think it was right. See, Amanda is a girl who believes that everyone should have a buddy, so she used technology to invite Rafael to have lunch with her. Her letter reads: ‘Would you like to sit with me today? Look for me and I will show you where I sit. We can color or simply tell scary stories. Thank you for your time, signed Amanda.’


Show Full Text

The girl’s mother Kindard told ABC7 News that since her daughter gave Rafael the note, the two have become friends. The classmates who proved that friendship is stronger than language barrier, they even went trick-or-treating together on Halloween. Rafael told the news channel that Amanda and him would be friends ‘forever.’

(h/t: huffpost)

Watch the video below:

Read more: http://www.boredpanda.com/girl-google-translate-asks-classmate-lunch/

Google is making sure Gmail users remember to vote

Early voters stand in a line that stretches out the door of the Southeast Atlanta Library, Friday, Nov. 4, 2016,
Image: Bob Andres/Atlanta Journal-Constitution via AP

If you’re registered vote and ready to cast your ballot on Tuesday, chances are you already know where to vote. But Google’s Gmail isn’t taking any chances, and has started showing some U.S. users an automatic banner message reminding them to vote when they log into their Gmail accounts.

The initial message is short and to the point: “It’s almost Election Day, know where to vote.”

Image: gmail

That message is accompanied by a “no thanks” or “show me” option. If you click “show me,” you’re taken to another page that offers a search field that will show you your polling address based on where you registered to vote.

Image: gmail

Based on a quick survey of social media, the feature is a welcome surprise to most Gmail users.

Back in October, Google made a big push to show how users could harness the power of Google to learn how to register to vote.

This new campaign, with just around 48 hours before the election, is likely too late for those who haven’t already registered to vote. Nevertheless, it serves as a powerful reminder for anyone in the U.S. who might be thinking of passing on their right to vote on Tuesday.

Read more: http://mashable.com/2016/11/06/gmail-where-to-vote-message/

OK, Alexa: A Google Home Versus Amazon Echo IQ Test

Reviewing a product designed to learn over time is like reviewing a newborn baby. So much functionality is dependent on artificial intelligence and machine learning, the only certainty is that it’ll get smarter over time. Who knows what it’ll end up being: A jack-of-all-trades? A specialized savant? Or maybe just a creeper that records everything you say?

Consider the Amazon Echo. At birth, it didn’t have the ability to order you Domino’s, play Spotify playlists, or get things from Amazon Prime. In the past year, its capabilities and intelligence have evolved significantly. That’s thanks to hundreds of “skills” created by developers with the Alexa Skills Kit, partnerships with major companies such as Uber and Sonos, and Amazon’s new Music Unlimited service, which offers deep voice-control features.

At the ripe old age of two, Amazon’s Echo already has offspring in the form of the Echo Dot and Echo Tap. And now it has a neonate arch-rival in the form of Google Home. In the long term, the competition between the two platforms will be great for users of both devices: Two heavyweights in the tech world will be trying to make their voice assistants smarter, more versatile, and more useful than the other one.

As of now, they’re more like twins than not: They both tell decent jokes, they both stream NPR if you ask for news, they both do IFTTT, and they spout recipes and random facts with ease. Because it’s had more time in the world, Amazon’s platform has the advantage in many key areas. But Google Home ($130) trumps the full-size Echo ($180) in a few ways too—and not just in terms of price. They’re both really good, and they’re both going to get smarter. A lot smarter.

Google Home’s Big Advantages

Audio quality: Up until about 75 percent of volume, Google Home sounds really, really good. The bass has surprising bump, and it doesn’t muddy up the midrange or high-end. Things start distorting at the top two volume levels, but audio quality is so impressive through most of its range that it’s really disappointing it can’t be used as a normal Bluetooth speaker (seriously, Google?). Perhaps more importantly, the Google Home Assistant’s voice sounds more natural and warm. She even says complimentary things about Alexa.

Aesthetics: While the full-size Amazon Echo looks like Darth Maul’s spaghetti canister, the Home will look good—or at least inoffensive—in any home. It has an elegant vase-meets-lipstick design, and there are swappable base grilles for customizing its color and texture. The multicolored light show under the top touchpad is noice, too.

Multi-room audio: Using the Home app, you set up a music service for Google Home to use. Your choices are Spotify if you have a premium account, Pandora, Google Play Music, or YouTube Music. Then you ask for a song, artist, playlist, or just “music,” and the speaker streams tunes directly over Wi-Fi. But the big advantage to having a few Google Homes in your abode compared to a multi-Echo setup is that multiple Google units sync up for home-blanketing audio. Set speakers as a group in the Home app, say “OK Google, play ‘Informer’ by Snow on Home Group,” and the song plays on all your dang speakers. By default, if you make a request to a single speaker, it only plays on that speaker unless you ask for group playback. You can also control what plays on other speakers by asking a nearby Google Home unit to play something on another speaker. It’s neat-o.

Does a better job with crowd noise: In an unscientific test that annoyed my neighbors, I played loud audio of crowd noise in the same room as a Google Home speaker and an Amazon Echo Dot. Then, I tried using voice commands with both speakers. The Google Home unit didn’t have a problem picking my voice up over the din, while the Echo Dot only heard me once out of five tries. Google Home’s far-field microphone array worked more consistently for me, even though both Home and Echo had the same impressive range when I spoke without a bunch of background noise at normal volume: About 25 feet down the hall, around the corner, without line of sight.

Chromecast controls: There are Alexa voice controls built into the Fire TV Stick and box remotes, but you can’t bark commands to a tabletop Echo or Dot to play things on TV. (At least not yet.) During the setup process, Google Home recognizes if you have a Chromecast or Cast-capable TV in the house, and you can play YouTube videos on TV by asking the speaker. The options are limited: A recommended YouTube playlist starts rolling if you say “Play YouTube on Chromecast”, and you can request a playlist of topical clips by saying “Play sloth videos on Chromecast”. But you have to specify the “Chromecast” each time. And you can’t search YouTube for a keyword, then pick a single video to play by voice. Google Home just serves up keyword-driven playlists.

A better app: One of the drawbacks of the Echo’s more-developed skill set is that the Alexa app has to cover a lot of bases. As a result, the Alexa app can be confusing to navigate, and its dull white-on-black color scheme doesn’t help much. The Google Home app, where you can tinker with options, set your preferences, and see a feed of all your requests, is a much more lively companion. It serves up useful links for some of your voice requests, and it has a simpler, more vibrant interface.

Translations: Simply put, Alexa doesn’t do translations. At least not spoken-word translations: It’ll only send a translated word or phrase to the Alexa app, but that won’t help you pronounce . Google Home gives spoken-word translations for both individual words and phrases, so you can ask it how to say “meatball” in Japanese, “I have a ballpoint pen” in German, or “dj vu” in French. Google Home also one-ups Alexa by telling you what certain animals sound like.

Alexa’s Superior Smarts

Supports Bluetooth, aux-in, and aux-out: This is a pretty big one if you want to play music stored on your phone or if you’re a subscriber to Apple Music. While Google Home only does the voice-request-over-Wi-Fi thing, you can wirelessly stream tunes the old-fashioned way over Bluetooth with the Echo lineup. You can even go older-school with the 3.5mm-in port on the Echo Tap or the 3.5mm-out jack on the Echo Dot.

Amazon

Handles multiple accounts: Another possible dealbreaker for multi-user homes is that Google Home only supports a single account. You choose a Google account to link your Home to during the setup process, and all the Home interactions and calendar requests are associated with that account. Echo is much better for multiple users, as you can register several users in a household and switch between profiles by asking Alexa.

A lot more third-party support: There’s a vast universe of Alexa skills already out there, and they’re growing by the day. You can control your home-security system with Alexa, check on your car’s vitals, and open and close your garage door. Given Google’s popularity and the appeal of the Home speaker, it’s practically a sure thing that the Home platform will get all kinds of third-party support soon. Until then, Amazon’s platform has a huge edge in interoperability.

You can order things on Amazon Prime: Both Google Home and Amazon Echo will give you recipes for meatloaf and mashed potatoes, and both will convert measurements on the fly, but only one of them will place an order on Amazon Prime when you run out of Worcester sauce. Guess which one that is?

Deep controls for Amazon Music Unlimited: Even though the deep contextual understanding is limited to Amazon Music Unlimited—which is a really good deal at $4 a month for Echo-only listening—Alexa is the best voice assistant by far at picking the music you want to hear. It’ll bring up a song if you only know some of the lyrics, if you request “the latest” song or album from an artist, or create an on-the-fly playlist based on boolean genre and era combinations. Amazon has essentially created a voice-only music interface from scratch, and it’s a glimpse at the future.

Cheaper entry point: While the full-size Echo costs $50 more than Google Home, you can get the Alexa experience in the $50 Echo Dot and the $40 Fire TV Stick. The Echo Tap, which is the only one of these devices that runs on a rechargeable battery and is designed for portable use, costs the same as a Google Home speaker.

Both Platforms Have Weaknesses

Directions: While the Google Assistant does a good job at giving you turn-by-turn directions on a phone, that skill hasn’t been passed on to the Google Home version of the helper. It’ll tell you estimated commute times and nearby attractions, but it won’t tell you to take your first left, walk three blocks, and then hang a right. Of course, Alexa doesn’t do that either, but given Google’s mapping prowess, it’s a bit surprising that Home won’t tell you where to go. It also won’t send direction or map requests to your phone.

Editing lists: Both Google Home and Amazon Echo let you create lists with ease and add to them over time: Google’s automatically appear in the underrated Keep list app, while your Alexa lists appear in the Alexa app. Unfortunately, the only way to edit those lists is to jump in the app and delete completed tasks manually. Asking to delete items from your list only confuses Alexa and the Assistant.

Timers: Initially, it seemed Google Home addressed one of Amazon Echo’s major weaknesses in the kitchen: You can set a kitchen timer on the Echo, but you can’t assign a name like “meatloaf” or “green bean casserole” to the countdown clock to keep track of what’s done and what needs another 10 minutes or so. When you set a timer on Google Home, it asks you to name it, so you can assign “meatloaf” to your timer. However, when the timer goes off, it doesn’t repeat what you’ve named it. That smell in the air is my burnt imaginary meatloaf. And my imaginary green bean casserole is really undercooked.

Read more: https://www.wired.com/2016/11/ok-alexa-google-home-versus-amazon-echo-iq-test/

Googles Chrome Hackers Are About to Upend Your Idea of Web Security

In a show of hacker team spirit in August of last year, Parisa Tabriz ordered hoodies for the staff she leads at Google, a group devoted to the security of the companys Chrome browser. The sweatshirts were emblazoned with the words Department of Chromeland Security,” along with Chromes warning to users when they visit insecure websites that leave them open to surveillance or sabotage: a red padlock crossed out with an X.

But when one of Tabrizs team members, Adrienne Porter Felt, donned the hoodie later that month, her sister looked at that lock icon—a simple rectangle with an arch over it—and asked an innocent question: Why did the sweatshirt have a red purse on it?

For Tabrizs team, the mistaken assumption that an average person on the internet can tell the difference between the symbol for a purse and a padlock has come to represent a fundamental problem with modern browsers.

Google’s head of Chrome security Parisa Tabriz.Amy Harrity for WIRED

Theyre responsible for helping billions of people gauge the security of the sites they visit, but there’s only an inscrutable icon to signal the difference between an encrypted site that locks its connections and unprotected sites that leave them vulnerable to threats—which can range anywhere from a hacker sniffing passwords at the next Starbucks table to a hacked home router eavesdropping on emails to an internet provider surreptitiously injecting ads. The confusing collection of hieroglyphics used by most browsers today to draw that line are misleading at best; at worst they’re negligently silent or even dishonest about a sites lack of security.

That’s why, for the first time, the Chrome team is about to start naming and shaming the nearly half of the worlds websites that dont use strong encryption, putting a clear Not secure warning next to thousands of popular online destinations that use unencrypted HTTP connections rather than encrypted HTTPS connections. In the process, they may just change the standard for security online.

People say we cant make half the web look scary, that people will be afraid of it, Tabriz says. But for us, its a problem of trying to be honest with users. Without HTTPS, a user or web service can have no expectation that anything on a site hasnt been tampered with or eavesdropped. And thats crazy.

Tightening the Crypto Ratchet

Starting in January, Chrome will flip the webs security model: Instead of warning users only about HTTPS-encrypted sites with faulty or misconfigured encryption, as Chrome currently does, it will instead flag as “not secure” any unencrypted sites that accept a username and password or a credit card. That unmistakable alert will appear to the left of Chrome’s address bar.

Google’s new warning scheme for Chrome, indicating an HTTPS-encrypted site (top), a non-HTTPS site (middle), and a site with faulty HTTPS (bottom).Google

Soon after, the team also plans to announce another category of sites that will be flagged for not using HTTPS by a deadline later in 2017. Among the candidates theyre considering: any unencrypted page visited through Chrome’s Incognito mode and any non-HTTPS site that offers downloads. Check your daily tour of web forums, download sites, and registration-enabled media outlets for the telltale lack of a green padlock, and you’ll see many are set for an unpleasant wakeup call when they fail those tests. And over the coming years, Chrome plans to hold more and more types of sites to that HTTPS standard.

“This is really important,” says Josh Aas, the founder of the HTTPS-focused nonprofit Let’s Encrypt. “There’s no more effective motivator for websites to switch to HTTPS than the browser’s user interface.”

For many web administrators, Google’s encryption-shaming may not be so welcome. Turning on HTTPS isn’t quite as easy as flipping a switch: Many complex media sites with elements like ads and video, for instance, are dependent on those outside data sources to encrypt every piece of content before they can meet Google’s bar. WIRED, for instance, announced in April that it would be turning on HTTPS for all of Wired.com, but it took five months to iron out issues like insecure third-party content and, ironically, maintaining the site’s high rankings in search results while changing all of its web addresses. The New York Times, for its part, issued a challenge in late 2014 to news sites to switch to HTTPS by the end of 2015, but still hasn’t achieved that standard itself.

Riling web admins, however, is a small price to pay for the security benefits HTTPS will bring, says Aas. “There are going to be people who feel like they’re forced into this too early,” he concedes. “But that’s true of every change on the web. And this is the direction we need to go.

Google has solid business reasons to be aggressive in its HTTPS campaign. In contrast to closed-off environments like Apple’s App Store, Google loves the open web, where its search engine reigns supreme and its ads rake in the vast majority of the company’s $80 billion a year in revenue. To compete with mobile apps, Tabriz explains that Google wants web pages to be able to reach deeper into your computer’s resources, accessing the same sensitive information, like location and offline data, that apps routinely use. But if the web’s tendrils are going to extend further into our private lives, they first need to be secure. “You wouldnt want a man-in-the-middle to be able to access those things,” says Tabriz, using the cryptographer’s term for hackers who intercept and eavesdrop on HTTP data as its traveling from your computer to a web server and back.

As a kind of progress bar for the webs security evolution, Tabriz’s team today released a new set of data on Google’s website that displays the exact fraction of sites visited through Chrome that are encrypted, broken down by country and operating system. It shows that around 51 percent of Windows’ Chrome traffic is encrypted and 60 percent for MacOS. Android lags behind at 43 percent, perhaps because many of users’ most sensitive smartphone connections are made through apps instead of the web. The report also breaks down encryption on a country-by-country basis and shows that while 60 percent of Windows users Chrome connections are encrypted in the US, only 47 percent are protected in Turkey and only a third in Japan.

Until their graphs near 100 percent across global operating systems, Tabriz says, they’ll keep ratcheting up Chromes HTTPS requirements. Eventually they aim to make web encryption so ubiquitous that a lock icon symbolizing HTTPS is hardly necessary—that users can rightly assume their traffic is encrypted unless they see an alert to the contrary. “Im determined to make the web go there,” Tabriz says. “Because if we cant have HTTPS, we cant have real security.

Percentage of HTTPS pages viewed in Chrome over time.Google

Fixing Human Problems

Since she started as a security engineer at Google nearly a decade ago, Tabriz has approached her job as a white-hat hacker with an understanding that security problems are not merely technical but human. After repeatedly finding and fixingthe same bugs in the company’s code, for instance, she says she became determined to instead fix Google’s coders. So in 2010 she and a fellow Googler started Google’s “Resident Hacker” program, a crash course in information security training for programmers so they could learn to find, exploit, and patch bugs in their own work.

Tabriz’s interest in HTTPS in particular was piqued in 2011, when her colleagues on the security team discovered that the certificate authority DigiNotar—one of the companies tasked with handing out the certificates that authenticate the identity of an HTTPS website—had been breached by hackers. The attackers then used their access to fake encrypted connections to Google sites like Gmail and eavesdropped on visitors. The attack appeared to be the work of the Iranian government, affecting more than 300,000 mostly Iranian victims. For Tabriz, whose father is an Iranian who periodically returns to his hometown of Tehran, the attack carried personal resonance. She remembers reading a comment from one Iranian on a blog post about the incident: “For you guys, a fake certificate means a stolen password or personal information,” he wrote. “For me and thousands of other Iranians, it leads to jail, torture or even death sentence.”

So when Tabriz took over the Chrome security team in 2014, she put a new focus on not just locking down Chrome but the entire web that users see through it. Google has long fought to advance Chrome’s security beyond that of other browsers. Chrome was the first popular browser to implement a rigorous “sandbox”—a security measure that limits how deeply a malicious web page can reach into a users computer—to automatically install security updates, and to pay bounty rewards in the hundreds of thousands of dollars for information about the browser’s security flaws. But Tabriz’s HTTPS push meant looking beyond Chrome’s own code and pulling up the rest of the web’s security to meet its standards.

Adrienne Porter Felt, who’s leading the Chrome security team’s push for HTTPS.Amy Harrity for WIRED

The Chrome teams most powerful lever to move the webs security is arguably the trusty padlock you see by the URL, which signals a site’s encryption. But Chrome and other browsers today use a counterintuitive and even perverse system to guide users towards secure web sites, issuing a warning only if an encrypted connection looks suspect; for example, if a site’s certificate—the data proving it is who it claims —is invalid or expired. But if you visit a completely unencrypted site—no matter what credit cards, passwords, or other sensitive data the page asks for—your browser shows no warning at all as you spill your guts to eavesdroppers.

As Tabrizs team considered how to redesign that faulty system, they started from scratch. Porter Felt took the lead on Chromes encryption push, and along with fellow Googlers and researchers at Berkeley, surveyed more than 1,300 people about how they perceive security warnings in web browsers. Over two years, they went so far as to travel to India, Brazil, and Indonesia to test peoples understanding of security indicators like the red lock icon that confused Porter Felts sister. In India, for instance, Porter Feltinterviewed more than a dozen internet newcomers, and the majority couldn’t even guess what the lock symbol meant. “This goes beyond cryptography,” Tabriz says. “Trying to present this to users who are colorblind or dont speak English or think a lock is a purse is a very human problem.

No More Red Purses

Porter Felt and her fellow researchers presented the survey results at the USENIX Symposium on Usable Privacy and Security last summer, showing how Chrome’s security symbology was failing. When users viewed an unencrypted HTTP page in Chrome, only about one in five interpreted the white page icon to the left of the address bar as “not secure.” When they were asked to choose a symbol to indicate that a site was secure, they chose a red lock just as often as they chose a green one. But when users were shown a black circle with an exclamation point in it, accompanied by the word “HTTP,” 38 percent regarded the site as unsafe and said they’d leave the page immediately. Change that symbol to a red triangle with an exclamation point and “HTTP” to “not safe,” and over two-thirds of respondents said they’d flee.

Some of the security indicators Google considered to represent a site’s encryption (top row) or lack of encryption. (bottom row)Google/Berkeley

Ultimately, Porter Felt and the Chrome team settled on a system that tries to educate users without alarming them into a state of numbness. For now, when someone lands on a typical unencrypted site, Chrome shows a white circle with an “i” in it rather than the exclamation point, meant to serve as an invitation to click for more information. Starting in January, the “i” will in many cases be accompanied by the blunt words “Not secure.” In a few years, Tabriz says, she hopes HTTPS will have progressed to the point that they can unleash the red triangle exclamation point icon on all remaining HTTP sites. “In our impatient moments, we just want to mark everything as insecure,” Tabriz says. “A huge fraction of the web isnt HTTPS, and thats embarrassing to me. It’s not going to solve itself.

The team, however, is taking a carrot-and-stick approach: Punishing laggards with its revamped security warnings while also working to make HTTPS easier to adopt. It’s created tools for assessing the components of an HTTPS site, digging up and explaining to developers the flaws that trigger Chrome’s warnings.And it’s donated $350,000 to the non-profit Let’s Encrypt, which has distributed millions of encryption certificates for free, rather than charge annual fees like other certificate authorities.

Even so, Porter Felt and Tabriz say they’ve gotten emails and developer forum comments accusing them of moving too fast, breaking sites, and even ruining lives. But Tabriz has resolved to stick to Chrome’stimeline of a slow, inexorable push towards greater security for all.

“It’s easy to convince yourself not to do something, to not move forward,” says Tabriz. “But I’ve developed a thick skin.” If the world’s websites don’t want to get left behind, they’d better toughen up, too.

Read more: https://www.wired.com/2016/11/googles-chrome-hackers-flip-webs-security-model/