4 essential safe web browsing tips from Google’s ‘security princess’

Gelo Gonzales
Parisa Tabriz engineers Google Chrome's security and safety features. Here she shares how Google keeps users safe – and how users can tweak their behavior to keep their information safe

SECURITY PRINCESS. Parisa Tabriz handles the security and safety of Google's ubiquitous web browser, Chrome. Photo by Gelo Gonzales/Rappler

MANILA, Philippines – A week ago, the world celebrated Safer Internet Day, a day that encourages people and communities in participating nations to help make the internet a safer place. 

In line with this, Google corralled some members of the press to a video conference with their “security princess,” Parisa Tabriz, on Tuesday, February 14. In case you were wondering, yes, “security princess” is an official designation and it’s the title you’ll see on her business card, which kind of lightens things up as to what this information security engineer actually does for Google.

Tabriz keeps Google Chrome’s 2 billion users safe. That’s more than the number of users that Facebook has, making it ripe for the picking for digital evil-doers. The engineer notes that majority of these users are now on mobile, Android and iOS, which brings with it a unique set of threats and opportunities. 

Tabriz also has the experience to make life just a little bit harder for these unscrupulous folks: she’s helped make the Obama administration and the White House more digitally secure, and she has half a decade’s worth of strengthening Chrome’s safety features under her belt.

Securing the web

Tabriz, and her team of over 100, seeks to provide Chrome users the most secure way to use the web and to make the internet generally safer with the practices they learn from securing Chrome.

For one, Google has a transparency report that includes a running list identifying which of the world’s top sites have adopted or have yet to adopt the encrypted HTTPS protocol (as opposed to HTTP, which essentially transports information in easily readable text). When the report was published last year, around 50% of the world’s top 100 websites have not adopted HTTPS yet. 

The report puts extra pressure on the sites to migrate to the newer, more secure HTTPS platform. More than ever, the migration to HTTPS for websites has become cheaper and less complex, says Tabriz. Implementation also presents less of a strain on a website’s performance than before. Websites now have less of an excuse to delay the adoption of the more secure web standard. 

HTTPS GROWTH. Google says they're happy that there's a positive adoption rate for HTTPS. Chart from Google.

Along with this, Chrome also has a feature that labels websites that are suspicious, and warns incoming visitors to stay away. The user has the option to still proceed but at the very least, they are made aware of the risk they’re taking. Google has a blacklist for unscrupulous websites that they update regularly and share with other developers – even competing browsers such as Mozilla Firefox. 

Securing yourself

While Google and its Chrome browser have done a number of things to keep information secure, the user also has a part to do, stresses Tabriz.

To most users, it feels safe to use the web because it’s so fast and so immediate. It’s as if you’re talking to a website face-to-face. But it’s an illusion, warns Tabriz. In reality, your computer or your mobile phone represents just one point in an interconnected jumble of devices. Anyone motivated enough can basically listen in on your “conversation,” and jump in and intercept whatever information you’re sending out. These are called “man-in-the-middle” attacks.

Hackers aren’t the only ones to look out for, Tabriz says. Internet service providers, telcos, and the government can be the aforementioned men-in-the-middle, gathering information about users. It’s up to the user to ensure that they’re behaving securely online. 

Tabriz offers her top security tips for users: 

1) Don’t reuse or share the same password. Hackers are very much aware that majority of people use the same password across different services. Once they crack one password, they’ll be able to use that password in multiple places. Use a password manager or write them down to keep track of the many different passwords you should use. 

2) Don’t log in on shared computers and verify your account security settings. Attackers know that people log in to shared computers. There’s a good chance that these computers have a key-logger, a software that records what you’re typing. Tabriz also suggests making use of two-factor authentication. Google options include SMS-based authentication codes, one-time-use passwords, and a third-party USB-based hardware key you can buy. 

3) Be mindful of all software or applications you install on your computer and phone. It’s a basic tip but one that’s easy to forget. Stick to legitimate software in order to lessen the chance that you install software that hides malware in it.  

4) Keep your software up to date. Updates include security patches. If you’re not installing those updates, you leave yourself vulnerable to new threats that pop up constantly.

As seen here, true web safety requires the participation of the browser, the websites, and the users themselves. The websites and the browsers can continually adopt the best practices, but if the user remains careless, all the best security features won’t be able to protect them. – Rappler.com

Gelo Gonzales

Gelo Gonzales is Rappler’s technology editor. He covers consumer electronics, social media, emerging tech, and video games.