Tag: Security

  • Strengthen Your Google Ads Security with New Passkey Guide

    Strengthen Your Google Ads Security with New Passkey Guide

    I recently discovered that Google has released a new guidance document for passkeys in Google Ads. This move couldn’t have come at a better time, considering how frequent account hacks have become.

    How to tell if Google Ads automation helps or hurts your campaigns
    Understanding how passkeys work within Google Ads is crucial, particularly with the uptick in phishing attempts targeting advertisers like us.

    What’s Happening. According to the new help page, passkeys offer a password-free and phishing-resistant login method in Google Ads. Google outlines when these keys are essential, such as during user access changes and account linking updates.

    The document guides us through the necessary device requirements, setup steps, and other security considerations to ensure we’re fully protected.

    ```json
{
  "alt": "Google Ads account passkey information page with benefits and requirements.",
  "caption": "Unlock the potential of your Google Ads account with secure passkeys. Learn more about the benefits and setup in this informative guide.",
  "description": "This image displays a webpage about Google Ads account passkeys, highlighting their benefits and explaining requirements. It includes links to resources on how to use passkeys, troubleshoot issues, and optimize account security. Passkeys offer a secure alternative to traditional passwords, protecting against phishing by being unshareable and uncopiable."
}
```

    Why We Care. In today’s digital age, our ad accounts are prime targets for cyber attackers. These threats can lead to budget theft, disruptions in campaigns, and even data loss. Having clear guidance from Google is incredibly valuable, offering us a straightforward path to fortify our account security just when it’s needed the most.

    The Bottom Line. With the increasing frequency of account takeovers, learning how to effectively use security tools like passkeys is a smart move. It’s all about securing our access and minimizing risks.

    Dig Deeper. If this intrigues you, check out the detailed guide on About Google Ads account passkey.


    Inspired by this post on Search Engine Land.


    crushpress.ai community screenshot
  • TikTok’s New U.S. Venture Ensures Compliance and Security

    TikTok’s New U.S. Venture Ensures Compliance and Security

    I’ve always been fascinated by how companies navigate complex regulatory landscapes. Recently, TikTok made headlines with the launch of a new U.S.-controlled joint venture, a decisive move aimed at aligning with American national security rules.

    To ensure that TikTok can continue serving its vast user base of over 200 million Americans, the company established TikTok USDS Joint Venture LLC. This step was officially taken following an executive order from President Trump on September 25, 2025.

    The big picture. This joint venture stands out because it’s primarily owned by American interests, functioning independently concerning U.S. user data, content moderation, and algorithm security. While ByteDance maintains a 19.9% stake, this remains under the level that’s often scrutinized for national security.

    This initiative leverages TikTok’s already established U.S. Data Security (USDS) program, aiming to protect sensitive information from foreign interference.

    Why it matters to me. As someone who appreciates the dynamic between technology and regulation, this joint venture is a significant test of whether TikTok can continue its operations in the U.S. without facing bans or demands to sell its U.S. assets. It effectively transfers control of key operational areas to American oversight, addressing long-standing security concerns.

    For creators and advertisers like me who rely on TikTok, this development signifies a potential blueprint for future regulations of foreign tech by the U.S.

    Understanding the safeguards. User data from the U.S. will be securely stored in Oracle’s cloud infrastructure in the U.S., with rigorous audits and third-party cybersecurity certifications to ensure adherence to federal and industry standards like NIST, ISO 27001, and CISA.

    The content recommendation algorithm for U.S. users will also be adapted and tested using U.S. data within Oracle’s systems, ensuring robust security through continuous source code evaluations under software assurance protocols.

    Trust, safety, and content moderation at the forefront. The joint venture now holds the decision-making power over trust, safety policies, and content moderation for U.S. users, further reducing foreign influence over crucial decisions.

    Balancing global reach with U.S. control. While U.S.-based security and safety controls are tightened, TikTok’s global entities still handle interoperability and commercial activities like advertising and e-commerce, supporting worldwide visibility for American creators and businesses.

    Governance and leadership. The joint venture is led by a seven-member board predominantly composed of Americans, including executives from Silver Lake, Oracle, Susquehanna International Group, and MGX. Adam Presser serves as CEO, with Will Farrell as Chief Security Officer, and Raul Fernandez, CEO of DXC Technology, chairs the board’s security committee.

    Ownership details. Silver Lake, Oracle, and MGX are the cornerstone investors, each with a 15% stake. Other investors include entities linked to Michael Dell, General Atlantic, Dragoneer, and Xavier Niel. These safeguards also cover CapCut, Lemon8, and other TikTok-associated apps in the U.S.

    What comes next. TikTok USDS Joint Venture positions itself as a definitive response to U.S. regulatory pressures. It remains to be seen whether it will fully placate lawmakers and security agencies, ultimately securing TikTok’s future in the U.S. as scrutiny begins.

    Catch-up. A $14 billion arrangement keeps TikTok operational in the U.S.


    Inspired by this post on Search Engine Land.


    crushpress.ai community screenshot
  • Google Warns of Risks in Sharing Search Index and Data

    Google Warns of Risks in Sharing Search Index and Data

    As I delve into the recent statements from Google, I am struck by the urgency in Elizabeth Reid’s affidavit. She warns us that if Google is compelled by the court to share its search index and ranking data, it could seriously jeopardize user privacy, potentially inviting spam abuse.

    Reid, who heads Google’s Search department, presented her affidavit as part of Google’s motion to pause the implementation of some antitrust remedies. Her warning highlights the potential “immediate and irreparable harm” that such data sharing could cause to both Google and its users.

    What strikes me is how Reid articulates the danger of exposing Google’s sensitive Search assets, which could lead to reverse engineering and an escalation in spam.

    Imagine, for a moment, how revealing the web search index could become problematic. Under the court’s Section IV ruling, Google might have to provide competitors with crucial web index data. This includes every URL in Google’s index, a DocID-to-URL map, and more. For us at Google, this just seems like handing over the results of 25 years of meticulous work.

    Reid explains that the web index is born from proprietary systems that decide the inclusion of pages in Google Search. Knowing which URLs are indexed by Google could allow potential competitors to bypass comprehensive crawling, thereby gaining undue advantage.

    Further adding to the complexity, metadata like crawl frequency offers insight into how Google prioritizes content, which again, could provide competitors with unfair advantages if unveiled.

    ```json
{
  "alt": "Pie chart showing Google's web indexing with a large section for spam, duplicates, and low quality pages.",
  "caption": "A glimpse into Google's web indexing shows a vast sea of spam and low-quality pages, with only a sliver of pages indexed.",
  "description": "This image displays a pie chart illustrating Google's web crawling and indexing process. The chart has a large red section labeled 'Spam, Duplicates, & Low Quality Pages' and a small green section for 'Indexed Pages.' It highlights the small proportion of pages that are indexed compared to the vast number of low-quality pages. Useful for understanding Google's filtering process. Keywords: Google, web crawling, indexing, spam, low-quality pages."
}
```

    Reid’s affidavit includes images illustrating Google’s processes. One notably shows most webpages labeled as “Spam, Duplicates, & Low Quality Pages,” an insight into how meticulous our web crawling is. It’s fascinating to think that as of 2020, Google’s index boasted around 400 billion documents.

    There is also a dire warning about exposing spam scores. Such a leak could greatly weaken Google’s spam-fighting mechanisms, making it harder to protect users from low-quality content.

    In terms of user data, the transparency required by the judgment would mean sharing extensive search logs used by Google’s Glue and RankEmbed models, including detailed user interactions. This suggests a large-scale disclosure of Google’s proprietary data signals, something Reid is quite concerned about.

    Finally, the requirement to syndicate Google’s core search results to competitors for five years poses a significant challenge. Despite contractual limits, our control over our systems would diminish, with possible data misuse or leaks.

    Reid’s testimony underscores her knowledge and dedication as she stands by Google’s motion to stay antitrust remedies while the appeal is pending. If you’re interested, you can explore Reid’s affidavit further.


    Inspired by this post on Search Engine Land.


    crushpress.ai community screenshot
  • Cloudflare’s AI Defense: Blocking Billions of Bot Requests

    Cloudflare’s AI Defense: Blocking Billions of Bot Requests

    Since July 1, I’ve been closely following Cloudflare’s battle against AI bots. Our CEO, Matthew Prince, recently shared that we have successfully blocked 416 billion AI bot requests for our customers during this time.

    This insight sheds light on Google’s significant advantage in AI. They’re currently capable of viewing 3.2 times more web pages than OpenAI, underlining the challenge smaller AI companies face.

    Why this matters. The flood of AI systems consuming vast amounts of web content is concerning, especially without a mechanism for publishers to counteract this. Our statistics at Cloudflare show just how aggressively these AI bots are searching for data.

    The current scenario. Ever since we launched our pay-per-crawl initiative on July 1, our clients have been automatically blocking AI crawlers. At the recent WIRED Big Interview event, Prince highlighted that so far, 416 billion AI bot requests have been turned away.

    Analyzing Cloudflare’s data reveals that Google sees:

    • 3.2 times more webpages than OpenAI.
    • 4.6 times more than Microsoft.
    • 4.8 times more than Anthropic or Meta.

    As Prince mentioned, Google enjoys “this incredibly privileged access.”

    The bigger picture. As it stands, Google offers publishers a difficult choice: either block AI training and risk disappearing from Google Search or allow it and accept AI scraping.

    • Prince said, “You can’t opt out of one without opting out of both, which is crazy. You shouldn’t get to use your monopoly of yesterday to secure a monopoly of tomorrow.”

    The AI landscape. Prince believes:

    • AI signifies a major shift in platforms that could reshape the web’s business model.
    • Cloudflare aims to prevent market consolidation, ensuring the web remains open while assisting creators and businesses in adapting to this shift.
    • Encouragingly, publishers that already block AI crawlers report positive results, Prince noted.

    Looking ahead. As AI models pursue superior training data, the worth of “creative, original human thought” will climb, potentially leading to opportunities in paid licensing, Prince forecasted. Meanwhile, Cloudflare is advocating for AI giants, particularly Google, to distinguish between search and AI crawling.

    • Prince asserted, “Google is the problem here. It is the company that is keeping us from going forward on the internet, and until we force them – or hopefully convince them – that they should play by the same rules as everyone else and split their crawlers up between search and AI, I think we’re going to have a hard time completely locking all the content down.”

    The story. To explore further, check out WIRED’s article on Cloudflare Has Blocked 416 Billion AI Bot Requests Since July 1 (subscription required).


    Inspired by this post on Search Engine Land.


    crushpress.ai community screenshot