Google unveils another step in its much-needed privacy boost

Google has announced that its Privacy Sandbox proposal is one step closer to becoming reality as the company is preparing its next stage of trials which will focus on ads relevance and measurement.

For those unfamiliar, the search giant first unveiled its Federated Learning of Cohorts (FLoC) plan to replace third-party browser cookies before announcing Google Topics as part of its Privacy Sandbox initiative as a replacement following backlash on the move. 

TechRadar needs you!

We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a £100 Amazon gift card (or equivalent in USD). Thank you for taking part.

>> Click here to start the survey in a new window <<

As the name suggests, Google Topics splits the web into different topics and divides users into groupings depending on their interests. Meanwhile, FLEDGE is dedicated to facilitating remarketing or showing ads on websites based on a user’s previous browsing history.

Now though, Google is moving ahead with testing its Privacy Sandbox and developers will be able to begin testing the Topics, FLEDGE and Attribution Reporting APIs in Chrome Canary.

Privacy Sandbox testing

Google plans to begin testing Topics and Fledge with a limited number of Chrome Beta users before making API testing available in the stable version of Chrome once things are working smoothly in Beta according to a new blog post.

The company also plans to begin testing its updated Privacy Sandbox settings and controls that will allow users to see and manage the interests associated with them or turn off the trials altogether.

Product director for Privacy Sandbox, Vinay Goel also provided some sample images of the settings the search giant plans to test in his blog post. In the Privacy Sandbox Beta menu, users will be able to toggle the trials on or off as well as customize their choices for Browser-based ad personalization, Ad measurement and Spam & fraud reduction. Here they’ll be able to remove interests from Topics and edit the list of sites that Privacy Sandbox users to infer their interests.

While Chrome users in the US will be opted in to the latest Privacy Sandbox trials, those in the EU will have to opt in by changing the position of the toggle in settings. This is due to GDPR and other data protection laws that apply to Europeans.

We’ll likely hear more from Google once its initial trials are complete and the company expands them to the stable version of Chrome.

Via TechCrunch

TechRadar – All the latest technology news

Read More

Office 365 unveils major email security boost

Microsoft has added a new security layer to its Office 365 email service as it looks to improve the integrity of the messages going in and out. 

The company says its new protection, SMTP MTA Strict Transport Security (MTA-STS), a feature it first announced in H2 2020, will solve problems such as expired TLS certificates, problems with third-party certificates, or unsupported secure protocols.

“We have been validating our implementation and are now pleased to announce support for MTA-STS for all outgoing messages from Exchange Online,” Microsoft said in an announcement. 

Extra protection

In practice, the new security layer means all emails that are sent through Exchange Online will only be delivered through connections that have both authentication and encryption. 

That should render downgrade, and man-in-the-middle attacks impossible, or at least – a lot harder to pull off.

“Downgrade attacks are possible where the STARTTLS response can be deleted, thus rendering the message in cleartext. Man-in-the-middle (MITM) attacks are also possible, whereby the message can be rerouted to an attacker's server,” the announcement added.

“MTA-STS (RFC8461) helps thwart such attacks by providing a mechanism for setting domain policies that specify whether the receiving domain supports TLS and what to do when TLS can't be negotiated, for example stop the transmission.”

Those interested in adopting MTA-STS should refer to this link, where Microsoft explains the process in detail.

The company is already working on further strengthening the security of Office 365 email. DANE for SMTP (DNS-based Authentication of Named Entities), which is said to provide even better protection than MTA-STS, will be rolled out in the coming months. 

“We will deploy support for DANE for SMTP and DNSSEC in two phases. The first phase, DANE and DNSSEC for outbound email (from Exchange Online to external destinations), is slowly being deployed between now and March 2022. We expect the second phase, support for inbound email, to start by the end of 2022,” BleepingComputer cited the Exchange team.

“We've been working on support for both MTA-STS and DANE for SMTP. At the very least, we encourage customers to secure their domains with MTA-STS,” Microsoft added.

“You can use both standards on the same domain at the same time, so customers are free to use both when Exchange Online offers inbound protection using DANE for SMTP by the end of 2022. By supporting both standards, you can account for senders who may support only one method.”

Via: BleepingComputer 

TechRadar – All the latest technology news

Read More