Securing your WiFi network

 

This post is part of a regular series of privacy and security tips to help you and your family stay safe and secure online. Privacy and security are important topics—they matter to us, and they matter to you. Building on our Good to Know site with advice for safe and savvy Internet use, we hope this information helps you understand the choices and control that you have over your online information. -Ed. 

More than a quarter of Internet users worldwide use WiFi at home to connect to the web, but many aren't sure how to protect their home network, or why it is important to do so. The best way to think of your home WiFi network is to think of it like your front door: you want a strong lock on both to ensure your safety and security. 

When data is in transit over an unsecured WiFi network, the information you’re sending or receiving could be intercepted by someone nearby. Your neighbors might also be able to use the network for their own Internet activities, which might slow down your connection. Securing your network can help keep your information safe when you’re connecting wirelessly, and can also help protect the devices that are connected to your network. 

If you’re interested in improving your home WiFi security, the steps below can help make your home network safer. 

1. Check to see what kind of home WiFi security you already have. Do your friends need to enter a password to get on your network when they visit your house for the first time and ask to use your WiFi? If they don’t, your network isn’t as secure as it could be. Even if they do need to enter a password, there are a few different methods of securing your network, and some are better than others. Check what kind of security you have for your network at home by looking at your WiFi settings. Your network will likely either be unsecured, or secured with WEP, WPA or WPA2. WEP is the oldest wireless security protocol, and it’s pretty weak. WPA is better than WEP, but WPA2 is best. 

2. Change your network security settings to WPA2.Your wireless router is the machine that creates the WiFi network. If you don’t have your home network secured with WPA2, you’ll need to access your router’s settings page to make the change. You can check your router’s user manual to figure out how to access this page, or look for instructions online for your specific router. Any device with a WiFi trademark sold since 2006 is required to support WPA2. If you have a router that was made before then, we suggest upgrading to a new router that does offer WPA2. It’s safer and can be much faster.

3. Create a strong password for your WiFi network.To secure your network with WPA2, you’ll need to create a password. It’s important that you choose a unique password, with a long mix of numbers, letters and symbols so others can’t easily guess it. If you’re in a private space such as your home, it’s OK to write this password down so you can remember it, and keep it somewhere safe so you don’t lose it. You might also need it handy in case your friends come to visit and want to connect to the Internet via your network. Just like you wouldn’t give a stranger a key to your house, you should only give your WiFi password to people you trust. 

4. Secure your router too, so nobody can change your settings.Your router needs its own password, separate from the password you use to secure your network. Routers come without a password, or if they do have one, it’s a simple default password that many online criminals may already know. If you don’t reset your router password, criminals anywhere in the world have an easy way to launch an attack on your network, the data shared on it and the computers connected to your network. For many routers, you can reset the password from the router settings page. Keep this password to yourself, and make it different from the one you use to connect to the WiFi network (as described in step 3). If you make these passwords the same, then anyone who has the password to connect to your network will also be able to change your wireless router settings. 

 5. If you need help, look up the instructions.If you’ve misplaced your router’s manual, type the model number of your base station or router into a search engine—in many cases the info is available online. Otherwise, contact the company that manufactured the router or your Internet Service Provider for assistance. Please check out the video below to learn more about the simple but important steps you can take to improve the security of your Internet browsing.

 

For more advice on how to protect yourself and your family online, visit our Good to Know site, and stay tuned for more posts in our security series.

Transparency Report: Making the web a safer place

Posted by Lucas Ballard, Software Engineer

Two of the biggest threats online are malicious software (known as malware) that can take control of your computer, and phishing scams that try to trick you into sharing passwords or other private information.

So in 2006 we started a Safe Browsing program to find and flag suspect websites. This means that when you are surfing the web, we can now warn you when a site is unsafe. We're currently flagging up to 10,000 sites a day--and because we share this technology with other browsers there are about 1 billion users we can help keep safe.

But we're always looking for new ways to protect users' security. So today we're launching a new section on our Transparency Report that will shed more light on the sources of malware and phishing attacks.  You can now learn how many people see Safe Browsing warnings each week, where malicious sites are hosted around the world, how quickly websites become reinfected after their owners clean malware from their sites, and other tidbits we’ve surfaced.



Sharing this information also aligns well with our Transparency Report, which already gives information about government requests for user data, government requests to remove content, and current disruptions to our services.

To learn more, explore the new Safe Browsing information on this page. Webmasters and network administrators can find recommendations for dealing with malware infections, including resources like Google Webmaster Tools and Safe Browsing Alerts for Network Administrators.

Home connectivity is coming 4Q 2014 and there are 11,000 Nauta accounts

EFE reports that ETECSA plans to offer home Internet connectivity in the fourth quarter of 2014. They also hinted that some mobile connectivity may be offered at that time.

The connections will use DSL, not dial up, according to Jorge Legrá, Director of Strategic Programs ETECSA.

There was no mention of the costs of the home service or the places it would be available. It is clear that Cuba's poor domestic Internet infrastructure is hampering wider usage.

Legrá also discussed the new Nauta access centers, saying that ETECSA sold about 11,000 accounts in the first 15 days they were offered. He acknowledged that prices were high and would be adjusted over time.

Legrá also gave a glimpse of the surveillance in the centers -- users must present identity documents to get online and a session can be suspended for "any violation of the standards of ethical behavior that promotes the Cuban state."

-----

Update 7/11/2013

The New York Times has an article on the new access centers -- anecdotes and opinion as to what they foretell.

America’s businesses are growing. The web is helping.

Posted by Allan Thygesen, Vice President, Global SMB Sales

(Cross-posted from the Official Google Blog)


Michael Edlavitch was a middle school math teacher in Minnesota when he started a website with free math games to engage his students. With free online tools, a passion for math and an initial investment of just $10 to register his domain, www.hoodamath.com was born. Eventually Michael’s website became popular with more than just his students. So Michael gave Google AdSense a try as a way to earn money by placing ads next to his content. As word spread and traffic grew, the revenue generated from his site allowed Michael to devote himself full time to Hooda Math. Today, www.hoodamath.com has more than 350 educational games and has had more than 100 million unique visitors to the site. Beyond building a business for himself, Michael is helping students everywhere learn math while having fun.

Over in New York, Roberto Gil designs and builds children’s furniture—loft beds, bunk beds and entire custom rooms. Casa Kids’ furniture is custom designed for the family to grow along with the child. Roberto works out of his Brooklyn workshop and doesn’t sell to large furniture stores, which means the Casa Kids website is an essential tool for him to connect with potential customers.To grow even further, Roberto began using AdWords in 2010. In the first few months traffic to his site went up 30 percent. Today, two-thirds of his new customers come from Google. Meet Roberto and learn more about how he is making the web work for Casa Kids:


These are just two examples of how the web is working for American businesses. According to a McKinsey study, small businesses that make use of the web are growing twice as fast as those that are not on the web.  That’s because the web is where we go for information and inspiration—from math games to practice over the summer to someone to design and build that perfect bunk bed for your kids. Ninety-seven percent of American Internet users look online for local products and services. Whether we’re on our smartphones, tablets or computers, the web helps us find what we are looking for.

Here at Google, we see firsthand how the web is helping American businesses grow and thrive. Through our search and advertising programs, businesses like Casa Kids find customers, publishers like Hooda Math earn money from their content, and nonprofits solicit donations and volunteers. These tools are how we make money, and they’re also how millions of other U.S. businesses do, too.  

In 2012, Google's search and advertising tools helped provide $94 billion of economic activity for more than 1.9 million American businesses—advertisers, publishers and nonprofits. This represents a 17 percent increase from 2011. Check out the impact made in each state, along with stories of local businesses using the web to grow.

Whether it’s building skills or building furniture, Google helps to build businesses. We're thrilled to be part of such a vibrant industry and are committed to continuing to help make the web work for people and businesses everywhere.

Combating rogue online pharmacies


Posted by Adam Barea, Legal Director

Editor’s note:  Over the years, we have run a series of blogposts detailing our efforts to remove bad ads from our systems, and describing our approach to handling controversial content on our services.  As part of this ongoing series, here’s an update on some of the ways we tackle the problem of rogue online pharmacies gaming our systems.

For the last several years, Google has worked closely with a number of organizations, government agencies, and businesses to combat rogue online pharmacies from all angles.  

Collectively, we are making it increasingly difficult for these operators to effectively promote their rogue pharmacies online. A variety of websites and web services are refusing ads from suspected rogue pharmacies. Domain name registrars are removing suspect rogue pharmacies from their networks.  Payment processors are blocking payments to these operators, and social networking sites are removing them from their systems too.

As a result, rogue pharmacies continually adapt their online marketing practices, meaning this is an ongoing battle.  We wanted to share some of the steps Google takes to combat them.

Keeping ads safe

Making sure ads appearing on Google and our partner sites are safe continues to be a top priority.  We have extremely stringent ads policies, and use sophisticated automated systems, along with some human review, to identify, block and remove ads suspected of linking to rogue pharmacies.  We disrupt their marketing efforts by making it difficult for rogue pharmacies to abuse our services and evade our filters.

  • Since 2010, we’ve only permitted U.S.-based online pharmacies accredited under the National Association Boards of Pharmacy “VIPPS” program to run pharma ads in our AdWords program.  We were the first online search provider to require this certification - there are less than 40 VIPPS certified pharmacies operating in the U.S.
  • We partner with LegitScript, an independent company with deep knowledge about online pharmacies, to conduct weekly “sweeps” of ads on Google to help ensure that we are keeping our ads safe.
  • According to LegitScript, the number of illegal drug and pharmacy ads on major search engines like Google and Bing has declined by 99.9% percent since 2010.
  • In the last two years alone, Google has blocked or removed from its systems more than 3 million ads by suspected rogue pharmacies.

Search results

Our stance on filtering our search results is well-publicized. We do not remove content from search results except in narrow circumstances (e.g., child sexual abuse imagery, certain links to copyrighted material; spam; malware).

Search results reflect the web and what’s online - the good and the bad.  Filtering a website from search results won’t remove it from the web, or block other websites that link to that website.  It's not Google's place to determine what content should be censored - that responsibility belongs with the courts and the lawmakers.

Google will abide by court decisions deciding which content on the web is and is not legal.   We have always removed from our search results any page found by a legitimate court to be unlawful, whether an online rogue pharmacy or otherwise.

Rogue pharmacies are clearly a matter of public concern. This is why we work closely with the Center for Safe Internet Pharmacies (“CSIP”), a 501(c)(3) organization dedicated to stopping rogue online pharmacies and keeping consumers safe on the web.  If a user searches on Google for terms related to online pharmacies or buying pharmaceuticals, a prominent advertisement from CSIP will often appear on the search results page, urging caution and linking to the LegitScript pharmacy verification tool.


CSIP’s ad campaign on Google is funded by a Google Grant, which provides non-profits like CSIP with financial and technical assistance to promote their important missions online.  Campaigns like these help users to better understand the risks involved with rogue pharmacies and fake drugs, at the moment they’re searching for them, and provides users with a simple way to check if any pharmacy they find online is legitimate.

Updating autocomplete predictions

Autocomplete helps our users search faster.  While a user types, autocomplete predicts the user’s most likely search queries based on what the user has already typed. These predictions are an algorithmic reflection of the search terms that are popular with users and on the Internet.  We occasionally tweak autocomplete to prevent shocking or offensive entries from being displayed, but don’t otherwise decide which entries appear in autocomplete.  

Because the feature is algorithmic, some autocomplete entries may include phrases that potentially relate to rogue pharmacies.  We’re evaluating how best to address this issue, have already started running tests on the subject, and always welcome feedback.  

It is still important to understand that - whether or not a predicted query is shown in autocomplete - people can still search for objectionable content that might exist on the web.

Enforcing YouTube guidelines

YouTube has implemented robust community guidelines governing uploaded content and user activity on YouTube.  These guidelines prohibit spam, which includes the posting of large amounts of untargeted, unwanted, and repetitive content. YouTube's guidelines also prohibit the sale of illegal goods or promotion of dangerous activities. Our teams respond around the clock when such content is reported to us. To make the notification process as effective as possible, YouTube provides a flagging tool under every video on the site that lets users and law enforcement easily alert us whenever a video contains content that violates YouTube’s policies regarding pharmaceuticals or illegal drugs.



Earlier this month, YouTube was notified of a number of videos promoting pharmaceuticals that violated its guidelines, and immediately removed them.  YouTube will continue doing so when notified.

Working together with regulators and the industry

In 2010, following discussions with the White House, Google teamed-up with organizations across different industries — including GoDaddy, Microsoft, Visa, Yahoo! —  and took the important step of founding the industry group CSIP. In addition to its public awareness campaigns (such as the one mentioned above), CSIP recently highlighted some industry initiatives by its member companies against rogue pharmacies, and specifically called out the efforts of companies like Google here.

Over the last few years, Google has made thousands of referrals to law enforcement concerning suspected rogue online pharmacies, and will continue to do so.  

In October 2012, we participated in the successful Operation Pangea, in which the U.S. Food and Drug Administration, in partnership with international regulatory and law enforcement agencies, took action against more than 4,100 Internet pharmacies worldwide. We also regularly keep officials up to date on our efforts - in writing and in person.   For example, when the National Association of Attorneys General Intellectual Property Committee invited multiple search engines to participate in discussions with the Committee on November 28, 2012, Google was the only search engine to do so.

*****

The industry as a whole has made significant strides in the fight against rogue pharmacies.  Working together, companies in the private sector, non-profit organizations, and law enforcement have made it increasingly difficult for rogue pharmacies to effectively market their illegal products online, and operators of these sites are being forced to turn to much less effective marketing techniques from the outskirts of the Internet.  

This is great progress, and Google remains committed to working with others in this important fight to protect our users.

Iranian phishing on the rise as elections approach



Cross-posted from the Google Online Security Blog

For almost three weeks, we have detected and disrupted multiple email-based phishing campaigns aimed at compromising the accounts owned by tens of thousands of Iranian users. These campaigns, which originate from within Iran, represent a significant jump in the overall volume of phishing activity in the region. The timing and targeting of the campaigns suggest that the attacks are politically motivated in connection with the Iranian presidential election on Friday.


Our Chrome browser previously helped detect what appears to be the same group using SSL certificates to conduct attacks that targeted users within Iran. In this case, the phishing technique we detected is more routine: users receive an email containing a link to a web page that purports to provide a way to perform account maintenance. If the user clicks the link, they see a fake Google sign-in page that will steal their username and password.

Protecting our users’ accounts is one of our top priorities, so we notify targets of state-sponsored attacks and other suspicious activity, and we take other appropriate actions to limit the impact of these attacks on our users. Especially if you are in Iran, we encourage you to take extra steps to protect your account. Watching out for phishing, using a modern browser like Chrome and enabling 2-step verification can make you significantly more secure against these and many other types of attacks. Also, before typing your Google password, always verify that the URL in the address bar of your browser begins with https://accounts.google.com/. If the website's address does not match this text, please don’t enter your Google password.

Asking the U.S. government to allow Google to publish more national security request data


This morning we sent the following letter to the offices of the Attorney General and the Federal Bureau of Investigation. Read the full text below. -Ed. 

Dear Attorney General Holder and Director Mueller

Google has worked tremendously hard over the past fifteen years to earn our users’ trust. For example, we offer encryption across our services; we have hired some of the best security engineers in the world; and we have consistently pushed back on overly broad government requests for our users’ data.

We have always made clear that we comply with valid legal requests. And last week, the Director of National Intelligence acknowledged that service providers have received Foreign Intelligence Surveillance Act (FISA) requests.

Assertions in the press that our compliance with these requests gives the U.S. government unfettered access to our users’ data are simply untrue. However, government nondisclosure obligations regarding the number of FISA national security requests that Google receives, as well as the number of accounts covered by those requests, fuel that speculation.

We therefore ask you to help make it possible for Google to publish in our Transparency Report aggregate numbers of national security requests, including FISA disclosures—in terms of both the number we receive and their scope. Google’s numbers would clearly show that our compliance with these requests falls far short of the claims being made. Google has nothing to hide.

Google appreciates that you authorized the recent disclosure of general numbers for national security letters. There have been no adverse consequences arising from their publication, and in fact more companies are receiving your approval to do so as a result of Google’s initiative. Transparency here will likewise serve the public interest without harming national security.

We will be making this letter public and await your response.

David Drummond
Chief Legal Officer

Yoani online near Playa Siboney -- slow and filtered, but a start

Yoani Sánchez has written a post on her visit to Siboney, the city where the ALBA-1 undersea cable lands.

Siboney was hard hit by Hurricane Sandy, destroying property, causing environmental damage and reducing toursim. Sánchez suggests that improved Internet connectivity would have been relatively cheap and helped with recovery, but that has not happened.

Sánchez visited one of the new Internet access centers in Santiago de Cuba, less than 10 miles from the Siboney landing point. The center was an air-conditioned room with four computers and an attendant, who she suspects is keeping an eye on the users.
She was able to access several blogs, but the classified ad site Revolico was blocked as were Cubaencuentro and Cubanet. She ran a speed test and saw she was getting 1.77 Mbps download and .56 Mbps upload with a ping time of 234 ms.

In spite of these discouraging observations, she concludes on a positive note -- this is a crack in the Internet wall, and it may widen.

Yoani Sánchez tweets from a new Internet access center

The Nuevo Herald newspaper wrote about initial experience with the new Internet centers.  The say that connectivity is expensive and slow, but faster than before -- no surprises.  The Herald article notes that Yoani Sánchez visited one of the centers, where she accessed her blog and the Nuevo Herald Web site and viewed an unintentionally ironic warning that others might see information you send to the Internet.

Check the photos she tweeted below.





Google Plus community on the Internet in Cuba

I invite you to join our Google Plus community on the Internet in Cuba.

This blog is pretty much a one-way street -- I write the posts and a few people comment.

Hopefully all members of the community will post and discuss material relevant to the Internet -- technology, applications and implications -- in Cuba.