Richard Blech comments on Google One-Stop Privacy Shop
Google Creates One-Stop Privacy and Security Shop
Google on Monday rolled out “My Account,” a hub that lets users manage their Google settings, along with a new site that answers questions about its privacy and security practices.
In addition to letting users manage their password and account-access settings, My Account allows them to review their security settings and activity. Users can take Privacy and Security checkups to ensure their settings match their intentions.
My Account also lets users manage personal information about themselves — from name and email address to account history, location history, and which apps and sites are linked to their account.
Further, they can use the Ads Settings tool — which has been around for a while — to control which ads they are served.
There is a downside to restrictive settings, of course. Without sufficient data, Google’s services will be affected. Turning off location history, for example, means Google Maps and Google Now won’t be too helpful if used while driving.
A Mixed Blessing Having all of a user’s settings in one place could have a downside.
“Centralizing and simplifying security and privacy for the user makes everything easier — legislation, management, monetization — maybe even attacks,” observed Jon Rudolph, principal software engineer at Core Security.
“If an attacker gets access to this security control center, this simplicity works for them too,” he told the E-Commerce Times.
The security features “are mainly about multifactor authentication and SSO, and linking all of your devices so Google knows it’s you,” pointed out Ethan Davidoff, vice president, ad security, at RiskIQ.
My Account will give Google “more information about you as the consumer, and reduce operational overhead of dealing with customer breaches,” he told the E-Commerce Times.
Scrabbling for Users’ Approval Google has drawn fire over the years for its security and privacy policies, and it could be that the launch of My Account is an attempt to win back consumers’ favor — especially at a time when the European Union has the company in its sights.
The EU recently filed antitrust charges against Google over its search practices, and its antitrust regulator, Margrethe Vestager, also opened a formal antitrust investigation into Android.
Ninety-three percent of Americans think it’s important to retain control over who can get information about them, Google noted, referring to a recent Pew Research study.
Wishful Thinking? Google’s services are prevalent and pervasive across search, email, maps and YouTube, so the hub “should help empower consumers to take back some control,” said RiskIQ’s Davidoff.
“Putting in the time to control the flow of my personal information across Google services sounds like it might be worth it,” he added.
However, the success of this initiative depends on how well Google markets the new feature to the public, as well as the actual user experience it provides, Davidoff cautioned.
Stop the Buck Here! It’s an inescapable fact that the user is the weakest link in the security chain. Users tend not to update or patch their systems, and they’re inclined to take risky actions, such as clicking on embedded links or documents. That said, security systems need to take user behavior into account.
“The user should be in control of their privacy, but security is technology’s job,” said Richard Blech, CTO of Secure Channels.
“Google has a responsibility to be agnostic to privacy and data,” he told the E-Commerce Times. “Security should be applied giving full assurance to sensitive data in light of human failure.”
Find the original article here.