Mark Zuckerberg: “It’s Not Sustainable to Offer the Whole Internet for Free”
Debate over net neutrality has raged in the United States for years, but the controversy isn’t just for developed countries with high connectivity rates. In countries like India, where Facebook has been offering its free Internet.org service to people who otherwise wouldn't have Web access, net neutrality has come up in a new way. Facebook's service only offers access to certain websites, so is this a blow to net neutrality? Mark Zuckerberg says no ... but not as vehemently as he did last month.
In mid-April, Indian publishers started criticizing Internet.org for limiting the parts of the Internet that its users could access. At the time Zuckerberg was defensive. He wrote that:
Some people have criticized the concept of zero-rating that allows Internet.org to deliver free basic internet services, saying that offering some services for free goes against the spirit of net neutrality. I strongly disagree with this. ... Net neutrality is not in conflict with working to get more people connected. These two principles—universal connectivity and net neutrality—can and must coexist.
But in the weeks since, Zuck seems to have recognized that it's not so easy to reconcile free connectivity with net neutrality. On Monday Facebook released a statement about its plans to open Internet.org so any developer who wants to can partner with it to offer free services. Instead of just working with companies Facebook was able to negotiate with, like Wikipedia, companies and developers will be able to step forward and initiate inclusion. The idea is to create a situation in which Facebook isn't the one directly curating what an Internet.org user can do or see.
In a video statement, Zuckerberg explained that Internet.org doesn't pay other services or get paid when a another company is involved. And he emphasized that Internet.org doesn't show ads to its users. He said, “As we’re having this debate, remember the people this affects most: the 4 billion unconnected have no voice on the Internet. They can’t argue their side in the comments below or sign a petition for what they believe, so we decide our character and how we look out for them.”
And in that paternalism lies the crux of the problem. As Zuck admits, "It’s not sustainable to offer the whole Internet for free." But should that mean that projects like Internet.org cease operation rather than offer a limited free version? By definition, a program like Internet.org compromises net neutrality, but in the developing world, we accept other compromises. Some medical care is better than none at all;any food is better than no food. These may sound like absurd, even inappropriate, comparisons, but Internet access is increasingly debated as a human right. Then again net neutrality advocates say it should be an inherent Internet right. It's not Zuckerberg's job to solve this quandary on his own, but he's apparently trying.
Extremely Hopeful and Incredibly Freaked Out: How We Feel About Designer Babies
Sit down America, and let’s talk about making babies. Specifically, designer babies. Because ever since in vitro fertilization made it possible for parents to select embryos with the best genetics, precisely engineered progeny have been a big fear. And now that a powerful gene-editing technique has been used on human embryos, it’s fine to get a little freaked out. So let’s talk about 21st-century trust-fund babies with privilege notarized onto their DNA, medical mutants with genetic mistakes that will be passed on for generations, and armies of super soldiers with genetically engineered immunity to arsenals of chemical and biological weapons.
But—here’s the important bit—let’s not leave out the hope of eradicating thousands of diseases, and the potential to make many pharmacological treatments obsolete.
Before we fear and hope too far into the future, let’s go back to April 18, when a group of Chinese scientists announced they’d edited the DNA of some 80 fertilized (but nonviable) eggs. They were trying to eliminate a recessive sequence of code that causes ß-thalassemia, a type of anemia that requires sufferers to get lifelong blood transfusions. The news caught the public by surprise, but biologists had been bracing for it. In the months prior, several groups had published letters urging genetic researchers to exercise caution, and even suggesting an outright moratorium on embryonic gene editing. But the most concrete action came after, on April 29, when the director of the National Institutes of Health assured us that none of his agency’s federally allocated money would pay for scientists meddling with DNA in a human zygote.
The scientists are right to call for caution, but all those feet pumping on the brakes kind of makes it look like genetic research is skidding out of control. But very few of the scientists want a firm embargo on editing human embryos. In reality, the signatories of those commentaries in Science and Nature have a broad spectrum of opinions on the risks of this new technology. Some think gene editing for therapeutic purposes will inevitably lead to the creation of genetic classism. Others believe this could be the most important medical breakthrough of the century. But most fall somewhere between the two extremes.
Collectively, scientists threw up a flag because they wanted a timeout. According to most, the public needs to get educated on all the potential consequences of gene editing, as well as all the safety and efficacy benchmarks researchers need to meet before they’re anywhere near comfortable enough to start diving into human embryo editing. “This is still an incredibly young area of science,” says Debra Mathews, a geneticist and bioethicist at the Johns Hopkins Berman Institute of Bioethics. Long before we get to “Ought we,” she says, we need to know the answers to “What can we do?” and “Is it safe?”
This technology could change the future of the human race. ß-thalassemia is only one of many inherited conditions that gene editing could target. And though some of these conditions—like ß-thalassemia—trace back to mutations in a single gene, any edits could have unforeseen consequences. And even though scientists are the most well-informed on a technical level, many agree that society should be telling them how far it’s comfortable with them taking that technical expertise. The biggest fear of these scientists is that average citizens—and the governments that serve them—will make their rules about gene editing without thinking things through.
Poorly conceived policy has led science astray before. In the 1990s, embryonic stem cell research got caught up in the great abortion debates. Ideologues on both sides lobbed incendiary factoids at each other, until the territory between them was too wasted for reasonable discussion. The result was the Dickey–Wicker amendment, which makes embryonic stem cell work off-limits for federal research dollars.
It also put the legality question in the states’ hands, which led to stem cell laws that are patchy. “There are some states where it is OK to do embryonic stem cell research; there are others that make it a felony,” says Mathews.
The NIH announcement raises the same fears of shortsighted and fragmented legislation. Instead of preserving the sanctity of human heritage, the country could prevent itself from eradicating the most inhumane heritable diseases. And legislation could potentially affect other types of gene editing that have nothing to do with unborn babies.
The point being, science needs room to figure out exactly what this technology is capable of doing. Right now, researchers have a ton of potential on their hands, but not a lot of agreement about how far that potential reaches.
Figuring out the efficacy and safety of embryonic gene editing means years and years of research. Boring research. Lab-coated shoulders hunched over petri dishes full of zebrafish1 DNA. Graduate students staring at chromatographs until their eyes ache. Western blot. Occasionally a paper will come along with some exciting news, with caveats that the results are too species-restricted and laboratory-dependent to mean much more than, “Hey guys, still working on it, and making progress!”
Only then (if we agree we’re cool with it) come clinical trials on human zygotes. “This medical tech should be treated equally to all other medical tech,” says George Church, a geneticist from Harvard. “It’s guilty until treated innocent: You don’t move on to the general public until you go through clinical trials.”
So what’s there to be afraid of? Plenty. Even after years of perfecting techniques on bacteria, bird, mouse, and other model organism DNA, side effects are always possible. “Even if everything went entirely perfectly, an edit might change something else—like expression of some nearby gene—or change epigenetic states,” says Paul Knoepfler, a stem cell biologist at UC–Davis.
Knoepfler also worries that the gene-editing technology will create a slippery slope: that gene editing will—at least at first—only be accessible by the privileged, even if the law deems that we only use gene editing to cull harmful DNA. The elite might not get enhanced with more smarts, better looks, or bigger muscles, but they would be generally healthier.
But it’s important to temper those fears with other considerations. For instance, by the time embryonic gene editing makes its way through clinical trials, some scientists think it could be affordable for anyone. And side effects might not be a factor. “If I change a single cystic fibrosis allele back to normal form, it’s extraordinarily unlikely that would have a debilitating side effect,” says Church. “If I change your brown eyes to blue, it’s unlikely that you’ll fall down from a stroke.”
And don’t forget the hope. That gene editing might be the most important medical discovery of the century. That it could genetically vaccinate our species against thousands of harmful diseases—everything from Alzheimer’s to cystic fibrosis. That it could usher in a new epoch of health care.
So be afraid, be hopeful, and above all be educated. Let’s not fall back into cable news parapets, and let’s not let this conversation get chewed up by the 140 character outrage industrial complex. But mostly, let’s not have gene editing fall prey to science-deaf legislation. At least, let’s not pass those laws without taking a good hard look at the real risks—and real possibilities—of human gene editing.
Also in Wired:
Obama Administration Puts $20 Million Toward Police Body Cams
On Friday the Justice Department announced a $20 million body camera program that will fund grants for purchasing devices, offering training, and evaluating implementation. The money is part of $75 million that President Obama proposed earmarking for body cams over three years.
Body cams are costly, but their use has become a high priority as more controversial incidents of police violence occur around the country. The Los Angeles Police Commission approved body cam rules on Tuesday, as the city prepares to equip officers with the devices. Baltimore has also been working on a body cam pilot, which is being expedited in the wake of Freddie Gray’s death. On Wednesday, presidential nominee Hillary Clinton said every police department should use body cams.
“Body-worn cameras hold tremendous promise for enhancing transparency, promoting accountability, and advancing public safety for law enforcement officers and the communities they serve,” Attorney General Loretta Lynch said in a statement.
The $20 million will supplement local funding and is targeted at police departments that already have body cam policies settled. As Reuters points out, departments that receive part of the $20 million will be supervised by the Bureau of Justice Statistics to collect information about how the cameras are implemented in the field and how effective they are.
Body cams are complicated tools and certainly won't solve all policing problems, but putting real funding behind them is the best way to evolve their role.
Take Two and Skype Me In The Morning
The country’s largest health insurer is putting telemedicine on par with a regular trip to the doctor’s office, effectively saying a video visit is as good as brick-and-mortar medicine.
UnitedHealthcare announced on April 30 a partnership with three telemedicine companies to cover video-based doctor visits just as it covers in-person visits. The tech set has for decades predicted that we would one day get our medical care via video chat, but it wasn’t until recently that forward-thinking physicians started taking the promise of telemedicine seriously. The decision by so influential a player in the health care industry to telemedicine is the strongest sign yet that the technology is entering the mainstream.
United says it will cover virtual doctor visits offered through NowClinic, Doctor on Demand, and American Well. These platforms connect patients with thousands of doctors—albeit not the patient’s usual doctor—via video chat. These consultations typically cost $40 to $50 a pop, but now that United is covering these visits, members will only have to pay their usual co-pay, making virtual medicine much more affordable for more people. For now, these virtual visits will be available only to UnitedHealth’s self-funded customers, but the feature will expand to most members by next year.
According to Peter Mueller, a health care industry analyst at Forrester, United’s embrace of doctor visits by video is a major step for the healthcare industry. “There are a lot of pros to telemedicine,” he says. “Convenience is one. Access is another. Then there’s the immediacy of it, too.”
In a statement, the insurer said the goal is to give people, especially those in rural areas, access to affordable quality care. Telemedicine providers said the deal validates their approach to medicine. “The consumer may not have known if we were going to help or if they’d have go to urgent care anyway,” says Adam Jackon, CEO of Doctor on Demand, who says the app has been downloaded 1 million times in 18 months. “Now that we’re part of United, it’s like, ‘Ok, United stuck their neck out and vetted these guys.”
Of course, helping others isn’t the only motivation. By offering telemedicine services, health insurers stand to substantially lower their costs, because virtual visits are significantly cheaper than urgent care or even primary care visits. Much as online retailers did to brick-and-mortar shopping, telehealth companies have used technology to eliminate most of the overhead that contributes to the high cost of health care.
And United is not the only company that’s noticed. Newer insurers like Oscar as well as established ones like WellPoint and some BlueCross BlueShield plans have also adopted telemedicine programs in recent years.
Another contributing factor to the move toward telemedicine is the Affordable Care Act. As people look to exchanges for insurance, they’re better able to shop around for insurers who promise to deliver more perks, says Mueller. “Now, these carriers are up on the shelf with other carriers,” he says. “And in the business-to-consumer world they need to offer people a lot more.”
Then there’s the fact that the Affordable Care Act brought many more people into a health care system already facing a shortage of primary care physicians. According to Jackson, virtual visits can help hospitals and urgent care centers offload some of their more easily treated cases in order to focus on patients who really need in-person care. “These visits keep the colds and flus and allergies and bumps and bruises out of the offline settings,” Jackson says. “That frees up the waiting rooms, so doctors can treat more pressing issues.”
Still, telemedicine will only take off with insurers’ support if patients actually trust their insurance companies, which far too many Americans do not. There will be those who view what United is doing as an attempt to cut costs at the expense of more personalized care. But Mueller says that type of criticism misses one important point: “It’s not mandated, so if it’s not for you or you don’t trust it, you have other options.”
Jackson, for one, says Doctor on Demand’s biggest users are working mothers, who have lots of questions about their kids’ health but can’t take a day off of work to bring them to the doctor whenever they have the sniffles. Instead, they can fire up their phones, wait a couple minutes, and have access to one of 1,400 licensed physicians who can provide them with a diagnosis and a prescription all by video. According to Jackson, around 92 percent of cases on Doctor on Demand require no in-person follow up.
And this type of telemedicine treatment is only the beginning, says Dr. Roy Schoenberg, CEO of American Well. Already, his company has been working with large hospital systems like Cleveland Clinic and Massachusetts General, which have been using their technology to treat even serious conditions like cancer and heart disease.
“These organizations are beginning to understand that the care they can extend to you can be dramatically different if they can continuously see you at home, when you’re undergoing long-term treatment,” Dr. Schoenberg says. He expects this type of use case to grow. Meanwhile, he says we may soon see a day when services like American Well can connect you not just to any old doctor, but to your own doctor.
That type of around-the-clock care may take a while to catch on, but Dr. Schoenberg says that the United partnership will help nudge these ideas forward. “It really cements the place of technology-based healthcare in commercial markets,” he says. “And we strongly believe this is the first step.”
Also in Wired:
Climate Change Joins Terrorism, the Economy as a Top Diplomatic Issue
For the first time, climate change has received full treatment in an important State Department planning document, joining terrorism, democracy, and the global economy among the nation’s top diplomatic priorities. It’s the clearest sign yet that the warming climate has the full attention of the Obama administration.
Earlier this week, Secretary of State John Kerry released the Quadrennial Diplomacy and Development Review, the once-every-four-years strategic planning document for America’s diplomatic corps. The QDDR is a wonky initiative begun by Hillary Clinton when she was Secretary of State and modeled off a similar process that the Defense Department uses. At that time, her team prioritized energy diplomacy and frequently mentioned climate change in a list of complex challenges, but this week’s document ups the ante significantly.
In the latest QDDR, climate change is used as a centerpiece of a 21st-century rethink of the entirety of American foreign policy. In an op-ed for the Hill coinciding with the document’s launch, Kerry referred to the administration’s climate change strategy as “a model for ‘next generation’ diplomacy.” That could mean a subtle shift toward de-emphasizing tough-to-negotiate global treaties, which in the climate context have squandered decades of precious time. Instead, Kerry said the U.S. would focus efforts on “Congress, mayors, CEOs, faith leaders, and civil society to address this existential issue.” Recent bilateral agreements with China and India on climate are good examples of this new “think globally, act locally” strategy.
This is a very smart move from Kerry, who’s shown repeatedly that he understands how important climate change is, not only to the United States and its interests, but also to humanity as a whole. If the world is going to halt the business-as-usual slow boil toward climate apocalypse, it’ll have to do it at the city level, where most of the world’s population lives. To help with this effort, Kerry instructed his cadre of diplomats to recruit new staff with climate as a “core competency.”
It’s easy enough for the State Department to put into words a greater emphasis on global warming, which is already destabilizing fragile nation-states like Iraq and Syria. It’s another matter entirely to act like it. Though America’s steady efforts on climate change are gradually starting to pay off, we’re still far from leading the world.
To get a sense as to what a full-fledged American diplomatic strategy on climate might (someday) look like, I spoke with Frank Femia, founding director of the Center for Climate and Security, who also co-wrote a longer response to the new document on his center’s website. Femia said the new QDDR “clearly and unambiguously demonstrates what the secretary’s priorities are.”
To illustrate this point, Femia pointed to a single word in the 87-page document: all. In the chapter on climate change, the QDDR says the State Department will begin to “integrate climate change into all of our diplomacy and development efforts.” Femia thinks that’s a sign that the days of thinking of climate as a separate, largely environmental issue are over.
Take Pakistan, for example. Femia believes it’s an example of a place where climate change is complicating an already messy situation:
Pakistan is a country that’s fed primarily by glacial waters, as are many of the other countries in that region. It’s already a very volatile place for a number of reasons: You have international terrorist organizations that operate out of Pakistan, you have nuclear materials that have proliferated throughout Pakistan, and on top of that, you have significant climate and environmental stress in the region.
What’s more, “climate change might create additional security risks in places we might not be paying enough attention to today,” Femia said. “This is not an issue you deal with with low-level ministers.”
Femia pointed out that this is a “planning” document, not an official policy document. Still, “I think it’s a door-opener,” he said.
Given that the QDDR process was started by Hillary Clinton, Femia speculated that a Hillary administration would likely continue to prioritize climate change at the highest level. Indeed, Clinton tweeted a congratulatory note to Kerry earlier this week:
Microsoft’s Age-Guessing Tool Vastly Underestimated the Internet’s Narcissism
You know what people never really think about: age. That’s why no one ever lies about it, or buys wrinkle cream, or surgically alters themselves. So it makes sense that Microsoft was “shocked” when an age-guessing tool it put online went viral. Who would have thought that people would be into something like that??
Corom Thompson and Santosh Balasubramanian are engineers in Microsoft’s Information Management and Machine Learning division. They created How-Old.net to test out new face-detection APIs Microsoft recently released. Users can come to the site and watch it guess the age of people in photos. So who do you think people (Internet users) are going to want to test the algorithm with? If you're thinking random people from stock images ... that’s what the researchers thought, too!
“We assumed that folks would not want to upload their own pictures but would prefer to select from pre-canned images such as what they found online,” the researchers wrote in a blog post. “But what we found out was that over half the pictures analyzed were of people who had uploaded their own images.”
Part of the reason the tool seems to have spread so far is that it’s not very accurate. Nothing makes people feel more calm and disinterested than being mistaken for a person 20 years older than them. To be fair, there’s real machine-learning research going on behind the scenes, but it’s probably classic Internet narcissism—not devotion to scientific inquiry—that’s making How Old? blow up.
“This is a fun story of how we were expecting perhaps 50 users for a test but—in the end—got over 35,000 users and saw the whole thing unfold in real time,” the researchers wrote. Yes, this is a funny story.
NIH Won’t Fund Research That Involves Editing DNA in Human Embryos
Stem cell research and three-parent babies have been in the news lately for pushing bioethical boundaries, but at the frontiers of science there are always new quandries. The latest comes from Chinese researchers who say they have edited specific genes in human embryos. The work is, ahem, controversial, to say the least.
Rumors about the Sun Yat-sen University work circulated for weeks before Nature News confirmed them last week. (The relevant study was published April 18 in the journal Protein & Cell.) The researchers used nonviable embryos from fertility clinics to test a gene-editing method called CRISPR/Cas9 that is already widely used to create genetically altered organisms like yeast, zebra fish, and mice for scientific and medical testing. The Chinese researchers were attempting this DNA engineering to see if they could target a gene that can cause a serious blood disorder called β-thalassaemia.
"I suspect this week will go down as a pivotal moment in the history of medicine," the influential science journalist Carl Zimmer wrote on his National Geographic blog after the research's existence was confirmed. But the rumors alone prompted sides to form for the debate. A group of scientists, including some who worked to develop CRISPR and other genetic engineering tools, wrote in Science, “At present, the potential safety and efficacy issues arising from the use of this technology must be thoroughly investigated and understood before any attempts at human engineering are sanctioned, if ever, for clinical testing.”
On Wednesday, the National Institutes of Health Director Francis Collins wrote in a statement that he agreed:
Research using genomic editing technologies can and are being funded by NIH. However, NIH will not fund any use of gene-editing technologies in human embryos. The concept of altering the human germline in embryos for clinical purposes ... has been viewed almost universally as a line that should not be crossed.
Collins said the agency has ethical concerns about funding genetic alterations that could be passed to future generations of people who can't consent to being born with modified DNA. He also cited NIH and FDA guidelines and legislation like the 1996 Dickey-Wicker amendment (which forbids government funding for research that destroys human embryos or creates them soley for science) as reasons that the NIH is banning genetic engineering of human embryos.
Some researchers are already pushing back against the supposed consensus the NIH references. “I am not in favor of the NIH policy and I believe that the Chinese paper shows a responsible way to move forward,” David Baltimore, a biologist at the California Institute of Technology in Pasadena, told Nature News.
Dieter Egli, a researcher at the New York Stem Cell Foundation, told MIT Tech Review last week, “These authors did a very good job pointing out the challenges. ... They say themselves this type of technology is not ready for any kind of application.”
Maybe they can move ahead in China, but in the U.S., gene-editing in human embryos won't be funded any time soon.
Netizen Report: Jailed Ethiopian Blogger Asks John Kerry for Justice
The Netizen Report offers an international snapshot of challenges, victories, and emerging trends in Internet rights around the world. It originally appears each week on Global Voices Advocacy. Ellery Roberts Biddle, Lisa Ferguson, Weiping Li, Hae-in Lim, and Sarah Myers West contributed to this report.
It has been one year since Ethiopian authorities arrested nine bloggers and journalists in association with the Zone9 blogging collective, a group of recent university graduates who wrote about political challenges in their country and worked to help Ethiopians understand their constitutional rights. The government’s case against the bloggers, who were charged under the Anti-Terrorism Proclamation, focuses on their use of secure communications tools and online platforms in what the government called an attempt to “overthrow, modify or suspend the Federal or State Constitution by violence, threats or conspiracy.”
Ethiopia has a mandate (and large amounts of aid money) from the United States and other Western governments to maintain a security stronghold in the Horn of Africa, where the threat of violent extremist groups such as Al-Shabaab is a persistent concern. But apart from countering these threats, the Ethiopian government has also used this scenario as a justification for punishing its most vocal critics, among them journalists like Eskinder Nega, Reeyot Alemu, and the Zone9 bloggers.
Although they have been behind bars since last April, the Zone9 bloggers’ voices have not been quelled: With the help of friends, they have smuggled out multiple accounts of their experiences in prison. Last week, the Guardian published a letter from Zone9 blogger Natnael Feleke addressed to Secretary of State John Kerry, whom he met at a student forum prior to his arrest. Feleke, an economics student at Addis Ababa University, writes:
To be honest with you, how much time I will be spending in prison is not the most pressing issue on my mind right now. ... It is not that I don't appreciate the earnest assistance being forwarded to the development process in my country. It is just that I strongly believe effective monitoring of such assistance can only be employed where there is a government accountable to its people. It is ironic that the world's top recipient of development assistance is without effective monitoring and accountability. …
I understand the difficulty you face in striking a balance between maintaining security and stability and promoting democratization in your foreign policy. ... As US national interests are built on core values of liberty and democracy, I have hope and confidence that you will adopt a new stance that forges a clearer relationship between any form of assistance and the democratization process.
Natnael’s original letter can be read on Global Voices. Global Voices writers and advocates from Azerbaijan, Croatia, Cuba, Iran, Kenya, Mexico, and beyond created a video to mark the anniversary of the bloggers’ arrest:
Signals drop as Guatemalans call for president’s resignation
Tens of thousands of Guatemalans demonstrated in the nation’s capital last Saturday demanding the resignation of President Otto Perez Molina and Vice President Roxana Baldetti, in the wake of a massive corruption scandal that allegedly involved Baldetti’s secretary. Multiple protesters posted photos of strange devices set up around the capital, which several local sources say are high-resolution cameras used to monitor the protests. Mobile phone signals were blocked, preventing protesters from communicating over social media. It remains unclear whether the outage was a strategic move to diminish their efforts or merely a system overload.
Vietnam’s social networks are lively, despite strict Internet laws
According to a report by pro-democracy party Viet Tan, Vietnamese netizens are increasingly turning to social networks to express their views on social and political issues, despite stringent restrictions on free expression in the country.
- “Attacks on the Press, 2015 Edition”—Committee to Protect Journalists
Google Chrome Wants to Save Careless Password Users From Themselves
No matter how much Google does to harden its servers, hire the world’s best security engineers, and root out hackable bugs in its products, it can’t stop dummies like you and me from handing our Gmail passwords over to the first cybercriminal who slaps a Google logo on a fake login page. But now, for users of its Chrome browser at least, it’s trying a new method to protect our passwords from ourselves.
On Wednesday, Google released a new extension for Chrome it calls Password Alert, designed to deal with the stubborn problem of phishing sites that impersonate login pages to steal passwords. Any time you type your Gmail password into a login page that’s not an actual Google login, the new extension shows you an alert and gives you a chance to immediately reset your Gmail password before it can be used to compromise your account. For corporate users, the extension can even be configured to automatically alert a company’s incident response team.
“In the security industry we expect users to know when it’s ok to type their password. That accounts.google.com is OK, and accountsgoogle.com isn’t. That’s an unreasonable demand,” says Google security engineer Drew Hintz. “This helps you make that decision as to whether the place you just typed your password was a fine place to type it or not.”
Password Alert also helps to tackle another problem that internet services have often considered outside their control: careless users who reuse the same password across many different sites. Sign up for any other service with your Gmail password, and all of Google’s expensive security is reduced to the security of that other service. Hackers learned long ago that passwords and usernames spilled by one security breach often work on other sites, too. But reuse a Gmail password with Password Alert installed, and it triggers the same alert as a phishing attempt, an annoyance that could lead users to give up the bad habit of sharing passwords between sites.
Phishing remains one of the most serious and intractable problems in information security, and is often the initial breach point for hacker schemes ranging from mass credit card harvesting to sophisticated, state-sponsored targeted attacks. Google estimates that as many as 45 percent of some well-crafted phishing emails can successfully trick users, and that 2 percent of all Gmail messages it sees are phishing attempts. A Verizon report published earlier this month found that a phishing campaign launched against a target corporation or agency can find a gullible user and gain an initial point of compromise within as little as 80 seconds.
Google itself has been battling phishing attacks for years, says Hintz. He’s “refereed” Google’s own internal penetration tests, which showed again and again that password phishing was “a vulnerability you can’t patch,” he says. So three years ago, Hintz says Google began implementing a version of the Password Alert Chrome extension internally. It turned out to be effective enough that the company decided to roll out a version to users.
Hintz says that upcoming versions of Password Alert will give users the option to monitor other passwords, too, such as those for their banking or corporate accounts. In the current version, it immediately asks the user to log back into their Google account when it’s installed. Then it records and stores a cryptographically hashed version of the password locally on the user’s machine—a scrambled version of the password that the extension can check for matches but can’t in theory be used by anyone who accesses it. (Although Password Alert requests on installation the rather disturbing permission to “read and change all your data on the websites you visit,” Hintz says the extension never communicates anything back to Google’s servers.)
This is hardly the first step Google has taken to try to protect users from phishing scams. It already offers users two-factor authentication, and Chrome includes a “Safe Browsing” feature. In its constant crawls of the entire visible Web, Google seeks out sites that seem to be infected with malware or phishing attempts, and Chrome issues a warning if a user visits one. Firefox and Safari also use Google’s Safe Browsing data to flag those malicious sites.
Password Alert adds another layer to those protections, though it doesn’t yet share that safeguard with other browsers as Google does with Safe Browsing. Hintz points out that the extension is open-source and available on Github, ready to easily port to other browsers.
If Google’s approach catches on with other internet services and browsers, it could serve as an broad new form of password hygiene, keeping your most sensitive character combinations off the sketchy websites that have been a scourge of internet security. If only the password Post-its stuck to the wall of your cubicle could be so easily eradicated.
Also in Wired:
The Ghost of Internet Explorer Haunts Microsoft’s New Browser
We knew that the Internet Explorer era was coming to a close, but up until now Microsoft had only referred to its replacement browser as “Project Spartan.” Wednesday, though, during the company’s Build conference, Microsoft finally shared the real name: Edge.
Microsoft Edge will be the default browser in Windows 10, complete with built-in Cortana functionality, note-taking and reader features, and a new way to render pages called EdgeHTML. It’s all radically new and exciting. Except Microsoft still just couldn't bear to let Internet Explorer go. Instead of throwing its weight behind a bold, new product, the company made Edge's logo a conspicuous nod to the IE logo.
A promotional video (below) for the new browser boasts that, “It’s time to open that window and blur the edge between consumption and creation,” which is apt, because the other thing that's blurry is Microsoft’s vision for this product. The company said in March that it was doing extensive market research into what the name and brand of the new browser should be. Looking back it seems like Microsoft could have probably just saved that time and money.
It took a lot of work to rein IE in, but we already know that Microsoft has separation anxiety when it comes to killing its old products. So after all that, here's Edge: the Internet Explorer you didn’t know you missed.