Google has a major impact on our online lives, whether it’s using Gmail to send emails, Chrome and Search to hunt things down, or even just accessing a website that’s powered by Google’s Cloud platform.
What you may not realise is all the millions of actions that happen when you sign in to your Google account, or the features intrinsic to Chrome that have been created to keep you safe and secure as you navigate about the internet.
We spoke to two women at Google, Chrome’s director of engineering Parisa Tabriz and software engineer Janina Voigt, to hear what goes into protecting the billions of people who use Google every single day.
Parisa Tabriz, director of engineering at Chrome: “It’s a huge responsibility and a privilege”
It was a “random” decision to select computer engineering as her university degree that led Parisa Tabriz down the path that would bring her to Google. Whilst her early computer usage was limited to Encarta and AOL Instant Messenger, she felt that computers may become important in the future so decided to study them.
Her interest in security came about when one of the websites she built after teaching herself how to code was hacked. “It wasn’t a targeted attack,” she explains [on the phone from California]. “I realised I had introduced some bugs into my own code and a drive-by spammer had exploited it to serve Viagra ads. But it was a weird experience – realising someone has defaced my website.”
Tabriz decided to join a security group in college to learn more about hacking and how the attack had occurred, which eventually led to an internship at Google in 2007, working with a team making things like Gmail and Search more secure. As well as standard software engineering, the role included teaching the Google product teams how to think like a hacker in order to make it more secure.
“Software engineers tend to have a very optimistic view of the world,” she explains.
Tabriz helps other Googlers to “think like a hacker” so they “know how to make their products secure.”
Thinking like a hacker is a useful way to frame Tabriz’s work. As well as being the director of engineering at Chrome where she oversees 400 people, she also leads Project Zero, an offensive security research team in Google. They root through software across the Internet to discover vulnerabilities – a recent project uncovered issues with iOS which allowed malicious websites to hack iPhones, a tool that was used by China to target its minority Muslim community.
At the moment, Tabriz’s team has been looking at combatting tracking on the web, and it’s advanced protection programme which offers “targeted users”, such as activists and business leaders extra protections on their online accounts. Tabriz says they have been looking at how to offer additional security measures to the other billions of users of Chrome. “It’s always a challenge in our time – how do we make a product that’s useable and secure both for people that are political dissidents or tech experts who want to customise every control, but also for somebody who has never used the web before and doesn’t know what a URL is? There’s always this spectrum of how do we make the product both useable as well as give you as much control as possible.”
Speaking of URLs, this is another focus for Tabriz, in terms of finding an alternative to the URL. “Right now, there’s a lot of URL hijinks and shenanigans that phishers and scammers use so we’re thinking about the way we change how we present URLs so that users can easily know what site they’re on.”
This is often deemed controversial in the security industry, as the URL is often considered to be a security indicator. “We’re sort of challenging that and saying hey, it’s not sufficient and we need to challenge that.”
Tabriz says her work is full of surprises and risks but it’s a privilege to get to work on Chrome. “When you’re the window to the web it’s a huge opportunity to protect people from a lot of risks and threats. It’s a huge responsibility and a privilege.”
Janina Voigt – software engineer at Google: “Don’t share your passwords with anyone”
Janina Voigt was initially studying journalism when she decided to learn how to programme, with the help of her boyfriend. She enjoyed it so much, she decided to switch to studying computer science full time. The transition wasn’t the easiest though. “It was terrifying at first. I didn’t really know what an operating system was and it freaked me out,” she says. “But then I realised there is so much more to being a software engineer. It’s about being creative, and being able to build anything you can imagine. It’s really cool.”
After growing up in New Zealand, Voigt returned back to her native Germany before embarking on an internship at Google’s office in Munich in 2011, prior to studying a PhD at Cambridge. The internship focused on Dashboard, one aspect of Google’s My Account product. This is the one that shows all the information Google knows about you. Voigt enjoyed this so much, she returned to Google after finishing her studies in 2014 and has been there ever since.
“Privacy is a very complicated topic and it’s very personal. Everyone has different needs and understandings – it’s about making it work for everyone and giving people the options, controls and information in order to find what works for them.”
At the moment, Voight works on ensuring that every new Google feature or update goes through privacy checks so it is safe when it goes out into the world. “Something like completely new products or privacy topics we haven’t seen before can get quite complicated. Our job is about having the expertise and experience to help the team through the process, so we can help them step by step and clear it for launch.”
Right now, Voight’s team is working on something called differential privacy. It’s a relatively new technique of ensuring that the data you use doesn’t give away information about the people it was collected from. Differential privacy quantifies how much information is being put out so Voight’s team can mathematically guarantee the risks they’re taking.
One way you will experience it is in Google Maps, in the chart that tells you how busy a restaurant or museum is at certain times of the day. “This is something where we’re putting data into the public domain and we want to be really careful that we don’t have anything that can be identified or tied to an individual so this is where we apply differential privacy.”
Personal privacy is also very important to Voight. She says she used to be a bit lazy around things like passwords but working in the industry has changed that. “I use incognito mode in Chrome when I go to certain websites I don’t trust. I don’t share my passwords with anyone, I haven’t shared my phone passcode with my partner,” she says.
Her ultimate privacy tip? Use two-factor authentication. This adds an extra layer of security so when you type your password in, a unique verification code is sent to your phone so you can prove it’s you accessing your account. “It’s so much more secure,” says Voigt. “Sometimes people don’t want to use it because it’s a bit inconvenient, it takes a bit longer to log in when you need your phone. But it’s such a boost to security.”
Stay safe out there, folks.
Women in tech podcast returns