Google’s new security rules come into play on Feb. 16
For many people, Google is the internet. After all, it’s where billions go to search for stuff, to get their email, to navigate the web using its Chrome browser. It’s also the go-to for cybercriminals, hackers and scammers looking to exploit the uniquely ubiquitous platform it represents. While reports of Chrome double-click attacks, VPN backdoor threats, two-factor authentication bypass and Gmail attacks dominate the headlines; privacy issues are never far from reach either. Such has been the case in recent weeks as the deadline for the latest ad platform program policy update draws ever closer, with warnings about the fingerprinting dangers this brings a-plenty. However, also included in the policy changes are a number of security rule updates that seem to have been overlooked by most reporters. Here’s what you need to know.
Google Confirms Changes To Platform Program Policies—The Clock Is Ticking
A brief announcement posted Dec. 18 kickstarted the interest and privacy concern over the changes that Google is bringing, starting Feb. 16, to the Ads platform program policies. “The changes reflect advances in privacy-enhancing technologies,” Google said, “and the broader range of surfaces on which ads are served.” This quickly brought scrutiny from the likes of Mashable which noted that the Google flip-flopping over digital fingerprinting meant it would be “reintroducing a data collection process that ingests all of your online signals (from IP address to complex browser information) and pinpoints unique users or devices.”
What was less well-reported is that the same announcement also confirmed that Google is set to “clarify the activities that we prohibit to better protect the ads ecosystem from harmful activities,” and that’s what I’ll focus on here as there are plenty of other sources for the privacy perspective if you, erm, do a quick Google search.
The Security Policy Changes Google Is Making On Feb. 16
The Google Ads platforms program policies will change on Feb. 16 and Google has provided a complete overview of what these will entail, including the prohibited activity that will, hopefully, contribute to making Google a safer online ecosystem to inhabit.
- Cookies must not be set on Google domains.
- Users must not modify, intercept, or delete cookies that are set on Google’s domains.
- Users must not distribute, or link to pages that do distribute, malware or other software that is in violation of the Google unwanted software policy.
- Users must not engage in “practices that circumvent or interfere with Google’s advertising systems and processes,” or make attempts to do so.
- Ads must not impersonate the user interface of any web, app, or device feature, such as notifications or warning elements of a browser or operating system.
- It must be clear to all Google users which app, site, or property is serving any given ad.
- Systems that overlay ad space on a given site, app or property without express permission of the owner are prohibited.
Let’s be clear: I’m not giving Google a free pass when it comes to digital fingerprinting and matter software user privacy, but the security implications of the policy changes coming in just a matter of weeks are equally as important, in my opinion. Let’s applaud Google when it makes changes that impact positively on security, just as we criticize when it encroaches on user privacy.