Google is fighting with Symantec over encrypting the internet

 Google, which has accused Symantec and its partners of misissuing tens of thousands of certificates for encrypted web connections, quietly announced Thursday that it’s downgrading the level and length of trust Chrome will place in certificates issued by Symantec. Encrypted web connections — HTTPS connections like those on banking sites, login pages or news sites like this one… Read More

Google Play pilot test in U.S. introduces a “free app of the week” section

 Apple began offering a “free app of the week” back in 2012 as a means of highlighting some of the App Store’s best titles, and encourage users to start downloading. Google, belatedly, is following in Apple’s footsteps with its own newly launched “free app of the week” section on Google Play. However, we understand that Google has not yet committed to make… Read More

Social media firms facing fresh political pressure after London terror attack

 Yesterday UK government ministers once again called for social media companies to do more to combat terrorism. “There should be no place for terrorists to hide,” said Home Secretary Amber Rudd, speaking on the BBC’s Andrew Marr program. Read More

What to do about those ‘government-backed attack’ warnings from Google

 TOTALLY PANIC. Just kidding; please don’t do that. Google regularly issues warnings to people whose accounts are or have been targeted by state-sponsored attackers, and every time it does, users get really nervous that their emails are going to wind up on Wikileaks. Don’t freak out if you get one of these notices — it doesn’t necessarily mean that your account has… Read More

Google is working on a new social app for small groups to edit photos together

 While Google continues to add more features to its two social communication apps Allo and Duo, TechCrunch has learned that it has quietly been working on least one more social app. Google has been developing a new social app that lets small groups edit photos together and then organise them for future enjoyment: think Path meets Snapchat-style filters and edits meets Google’s… Read More

The days of Google Talk are over

 The days of Google Talk are quickly coming to an end. As the company announced today, the messaging service that allowed Gmail users to talk to each other since it launched in 2005, will now be completely retired. Read More

Google reportedly removing SMS texting from Hangouts on May 22

Google continues to shake up its messaging tools with the upcoming removal of a popular feature from Hangouts. According to an email sent to GSuite administrators and subsequently posted to Reddit, Google will remove the SMS messaging feature from Hangouts on May 22. Anyone using Hangouts as both a Google messaging app and their primary text messaging app won’t be able to send SMS texts after that date.

Hangouts users will be notified of this change via an in-app message starting March 27. You’ll be prompted to select a new default messaging app from your list of downloaded apps. If you don’t have anything other than Hangouts, you’ll be directed to the Google Play Store to download another messaging app. All of your existing SMS messages will not be affected and they will be available in your new default messaging app.

Google Voice users will also be affected, but not as much as Hangouts-only users. The rule only applies to messages sent and received with your carrier phone number—all SMS messages sent with your Google Voice number will remain unaffected. “For SMS users using Google Voice on Hangouts on Android Google Voice users who also send carrier SMS messages will need to choose another default messaging app. Their Google Voice messages will be unaffected and will still be available in Google Hangouts,” the email states. “For Google Voice users on Hangouts on Android Google Voice users who do not use carrier SMS text messaging will not be affected and no notification will be shown.”

Read 1 remaining paragraphs | Comments

Google takes Symantec to the woodshed for mis-issuing 30,000 HTTPS certs

In a severe rebuke of one of the biggest suppliers of HTTPS credentials, Google Chrome developers announced plans to drastically restrict transport layer security certificates sold by Symantec-owned issuers following the discovery they have issued more than 30,000 certificates.

Effective immediately, Chrome plans to stop recognizing the extended validation status of all certificates issued by Symantec-owned certificate authorities, Ryan Sleevi, a software engineer on the Google Chrome team, said Thursday in an online forum. Extended validation certificates are supposed to provide enhanced assurances of a site’s authenticity by showing the name of the validated domain name holder in the address bar. Under the move announced by Sleevi, Chrome will immediately stop displaying that information for a period of at least a year. In effect, the certificates will be downgraded to less-secure domain-validated certificates.

More gradually, Google plans to update Chrome to effectively nullify all currently valid certificates issued by Symantec-owned CAs. With Symantec certificate representing more than 30 percent of the Internet’s valid certificates by volume in 2015, the move has the potential to prevent millions of Chrome users from being able to access large numbers of sites. What’s more, Sleevi cited Firefox data that showed Symantec-issued certificates are responsible for 42 percent of all certificate validations. To minimize the chances of disruption, Chrome will stagger the mass nullification in a way that requires they be replaced over time. To do this, Chrome will gradually decrease the “maximum age” of Symantec-issued certificates over a series of releases. Chrome 59 will limit the expiration to no more than 33 months after they were issued. By Chrome 64, validity would be limited to nine months.

Read 7 remaining paragraphs | Comments