Project Shield (opens in new tab)

(projectshield.withgoogle.com)

159 pointsashishbharthi12y ago86 comments

86 comments

devx12y ago

Serious question: what happens if say Wikileaks or Snowden or the next important whistleblower uses this service, and then the head of DHS, FBI, DOJ, etc (not a Court) "gives a call" to Google? Will Google "protect their free expression", or comply with the order within hours, like Amazon did [1]?

Google may have great lawyers and a lot of money, but what if they tell them "hey, you know that tax-free money you're sending to the Bermuda [2]? Yeah, FTC will be knocking on your door tomorrow to ask you about that".

So I guess what I want to know is if Google will actually stand their ground and protect their users till the end by doing the right thing, or they'll "compromise" if the potential cost to their business is too great. Maybe in the past it was easy to believe Google would actually do the right thing, but it's becoming increasingly harder to believe that.

[1] http://www.theguardian.com/media/2010/dec/01/wikileaks-websi...

[2] http://www.cnbc.com/id/101104483

packetslave12y ago

Google has been pretty explicit about the circumstances in which it will hand user data over to governments or law enforcement. Even if it is required to be done in secret (e.g. a NSL or FISA request), it still requires a valid court order or other legal process.

http://www.google.com/transparencyreport/userdatarequests

If you think any U.S.-based company is able to do better, I'd love to hear how.

workhere-io12y ago

Snowden mentioned Google as one of the companies that provides direct access to its backend to NSA - meaning that NSA can access information on Google users without needing a court order.

http://www.youtube.com/watch?v=ZLrPquNK1Mc

1 more reply

chadwickthebold12y ago

They could get attempt to fight the court orders in a court more open than the FISC? I'm not sure how this could practically be accomplished, but it would be a good first step towards protecting the rights of users, instead of blindly complying with court orders that Google would hopefully have some moral problems with. I always find it so fascinating that tech giants will lobby for increased access to their services worldwide, but not more secure services here at home.

1 more reply

res0nat0r12y ago

Probably handle the TOS violation/comply with the law just like Amazon did with Wikileaks previously.

srhngpr12y ago

On an unrelated note, I had never seen the withgoogle.com domain before and I did some searching and found all these other projects, initiatives, landing pages, and even online courses:

- Chromebook mobile site: http://us.chromebook.withgoogle.com

- Developer Bus: http://developerbus.withgoogle.com

- Full Value of Mobile: http://www.fvm.withgoogle.com

- Google Analytics Academy: https://analyticsacademy.withgoogle.com

- Google Expert: http://expertbrasil.withgoogle.com

- Google Wallet Instant Request Form: http://getinstantbuy.withgoogle.com

- Mapping: https://mapping.withgoogle.com

- Online Marketing 101: https://onlinemkt101.withgoogle.com/preview

- Royal Baby Congrats Card: https://royalbabycard.withgoogle.com

- Tour Builder: https://tourbuilder.withgoogle.com

- Web Accessibility: https://webaccessibility.withgoogle.com

- YouTube Creator Academy: https://creatoracademy.withgoogle.com

- Your Tour (Tour de France): http://yourtour.withgoogle.com

Non-English:

- http://vpered.withgoogle.com

- http://docchinogame.withgoogle.com/pc/

- http://minchizu.withgoogle.com

- http://ennovate.withgoogle.com

- http://brasilfreewifi.withgoogle.com

jcampbell112y ago

My guess is that everything on a .google.com domain requires loads of security testing. This let's them put up a marketing site with out tons of auditing.

sprizzle12y ago

Yeah that's absolutely correct. Google has more initiatives than they can produce internally and so a lot of work is contracted to external vendors/agencies, which can have security concerns. The withgoogle.com domain allows Google to host externally-created sites that do not have any access whatsoever to internal user data.

Systemic3312y ago

Seems like its just a straight up competitor to Cloudflare. There doesn't' appear to be any direct revenue gain from this, maybe this is more of a mafia protection kinda thing (as in protecting its interests, the websites hosting its ads).

Does anyone know what it takes to mitigate DDoS, at this kind of scale?

jamroom12y ago

I see big time indirect revenue - with all of a sites actions/users moving through Google, they can gather way more (potentially private) information about a user - all the better to sell targeted ads on. Call me cynical, but that was the first thing I thought of when I saw this.

workhere-io12y ago

Call me cynical

Cynicism is warranted when it comes to Google. The fact that they gave NSA direct access to their systems; the fact that their Street View cars collected personal information through wi-fi networks, etc. means that "Don't be evil" is just a facade.

4 more replies

snowwrestler12y ago

That was my impression too.

The simplest way to mitigate a DDOS is to just have way more resources than your attacker. If you're getting hit with 10Gbps, and your site can handle 100Gbps, you're not going to go down. Google obviously has plenty of capacity.

On top of that there are filtering technologies that can block obviously fake traffic or well-known signatures like the LOIC.

The most sophisticated attacks occur at the application level. A Google service would not be able to help configure your install of Wordpress to resist this. But they could probably serve a static cache of your site. Interactive features like login or search would not work though.

Cloudflare does all of these things and more.

The way I read this, Google would not charge for this service. They would select "worthwhile" sites to protect out of the goodness of their heart.

The cynical take is that it is a PR project to help repair their "defenders of the Internet" brand. They built it up with SOPA, but it's been damaged by PRISM.

packetslave12y ago

Did you seriously just accuse Google of "a mafia protection kinda thing"? Seriously?

jere12y ago

I'm assuming the OP was referring to a protection racket: http://en.wikipedia.org/wiki/Protection_racket

>A protection racket is an operation where criminals provide protection to persons and properties, settle disputes and enforce contracts in markets where the police and judicial system cannot be relied upon.

Of course, Google isn't threatening anyone with DDoS, (even assuming that they somehow make money of you).

Otherwise though, it's somewhat of an interesting analogy. This is a form of protection (of online property). And you can't really rely on the police to protect you from DDoS. I suppose it would be more reasonable to just compare it to a security firm though.

2 more replies

IanCal12y ago

> There doesn't' appear to be any direct revenue gain from this, maybe this is more of a mafia protection kinda thing (as in protecting its interests, the websites hosting its ads).

What? These websites are unlikely to be hosting their ads ("election sites" is one of the examples ffs). It's free while they're beta testing it with humanitarian/similar websites, it may be a driver for people to pay for the Page Speed service in the future when they roll it out to more people although they say they'd like to keep it free for non-profits.

All of which you'd know if you'd read the site rather than making ludicrous comparisons to the mafia.

mariusz7912y ago

I can already see the headlines: "Beginning January 1st 2016 Google will discontinue Project Shield"

MrZongle212y ago

You beat me to it. My first thought was, "now what sub-industry is Google trying to kill off and subsequently force the resurrection of in a couple of years when their product gets pulled?"

saraid21612y ago

You make them sound like a forest fire.

dexen12y ago

Guess this is how it's done in the SaaS world? Watch out for repeat of RSS's story -- market got dominated, then the dominating service got plug pulled.

Microsoft really should have patented the `Embrace, Extend, Extinguish' business method back in the day ;-)

outside123412y ago

2016? You are an optimist.

1 more reply

jjoe12y ago

Based on the wording, technology used is going to be a mixture of IP Anycast (traffic sharding) and cache proxying (serve content through), which is what CF does. Except google has all the cash and resources to throw at the problem without putting a dent on their bottom line.

But the interesting tidbit coming out of this project's going to be the internal packet/traffic scrubbing system they've developed. Will it be commercialized or will it spawn a new startup. So many positive outcomes however it ends up.

United85712y ago

NVidia already has something named Project Shield -- although it has nothing to do with this. Wonder if this is confusing enough for a trademark case.

swang12y ago

Project Shield was the code name, NVidia Shield is the real name.

opinali12y ago

Not to mention the S.H.I.E.L.D. Nick Fury will be pissed.

atestu12y ago

not to be mistaken with… The Shield! http://www.imdb.com/title/tt0286486/

malkia12y ago

There is Blue Shield (medical insurance company) in US

Geee12y ago

Isn't it a clear that they set this up to track users to those kinds of sites and feed NSA with that information? Also, they get to control what information they want to let out. Call me paranoid, but I don't trust Google a bit here.

MisterWebz12y ago

You don't have to be paranoid to realize that information given to a third party can be abused or leaked to other parties. I'd like to believe that most of us are already past the whole "trusting an organization" thing and have already moved on to deciding whether the benefits of using a service outweigh the downsides of said service sharing your information with other people.

saraid21612y ago

If you were really paranoid, you wouldn't post on the Internet where your data traces could be analyzed.

chanux12y ago

I think protect free expression online is too precious of an idea to be used there. But that's just my opinion.

ck212y ago

Every time I see a new google product launch, in the back of my mind I start to wonder when it will be shut down.

snird12y ago

"protect free expression online"? and who will protect us from google itself?...

clebio12y ago

Whoa, interesting Captcha (sorry to go on a tangent). Looks a bit like crowd-sourcing their street-view work (though could of course be sourced from all sorts of other things).

fsckin12y ago

This started last year. Pretty smart usage, in my opinion.

http://techcrunch.com/2012/03/29/google-now-using-recaptcha-...

znowi12y ago

> Project Shield is an initiative to use Google's infrastructure to protect free expression online

How peculiar. The tech is DDoS mitigation, but the PR focus is on "free expression online", Syrian gas attacks, and evil Iran.

Wonderfully executed. The internet crowd is cheering the "free speech", the government approves of the Middle East angle.

Meanwhile, PRISM keeps working and very few care about it.

car12y ago

How will Google determine which opinions to protect?

As wonderful as Project Shield sounds, there is a fundamental risk of it being undemocratic.

thethimble12y ago

Why won't it protect all sites regardless of content? Isn't that the point of free speech?

jkscm12y ago

No, Google will decide what will be protected or the people that have the power to control Google in these regards.

Content that will certainly not be protected: - Content that violates the Digital Millennium Copyright Act

- Illegal pornography, snuff videos ...

- sedition,incitement

- confidential NSA stuff (you know, because it helps terrorist )

Theodores12y ago

I am not being funny, however, shouldn't this form be https? Or did I miss something?

lnanek212y ago

Kind of a bad name choice with NVIDIA Shield being a popular topic in tech and gaming circles right now.

pearjuice12y ago

Good goy, come host your government neglecting data with us, we promise we won't hurt you!

neves12y ago

Great! Now the NSA can monitor every dissident of the world without the need to search for them.

TeMPOraL12y ago

Well, that's what Google is all about - providing good search solutions ;).

daljeetv12y ago

One more step toward Google creating a complete and comprehensive end to end solution

daljeetv12y ago

Which provides GOOGLE with even more connected data points about a user when he/she is surfing the net.

lazylizard12y ago

so this is like cloudflare but for people whom google like?

chadwickthebold12y ago

Hopefully this project will come with increased openness about Googles complicity in the PRISM scandal. It would be rather ironic if this ends up protecting free speech everywhere except in America.

Systemic3312y ago

It is quite ironic how the country that class itself the land of the free, and home of democracy, etc. exudes no fight for freedom within its own borders. Kinda ruins the whole freedom facade, when freedom is only given when it is inline with the government strategic plan.

krapp12y ago

There have been protests, haranguing in the news, even an attempt to defund the NSA's metadata collection program which almost passed. What do you expect, molotov cocktails to be thrown at Congress? It's a big country and most people simply don't care.

tharshan0912y ago

github needs this.

Fando12y ago

Wow, what a load.

j / k navigate · click thread line to collapse

86 comments

devx12y ago

[1] http://www.theguardian.com/media/2010/dec/01/wikileaks-websi...

[2] http://www.cnbc.com/id/101104483

packetslave12y ago

http://www.google.com/transparencyreport/userdatarequests

If you think any U.S.-based company is able to do better, I'd love to hear how.

workhere-io12y ago

Snowden mentioned Google as one of the companies that provides direct access to its backend to NSA - meaning that NSA can access information on Google users without needing a court order.

http://www.youtube.com/watch?v=ZLrPquNK1Mc

1 more reply

chadwickthebold12y ago

1 more reply

res0nat0r12y ago

Probably handle the TOS violation/comply with the law just like Amazon did with Wikileaks previously.

srhngpr12y ago

On an unrelated note, I had never seen the withgoogle.com domain before and I did some searching and found all these other projects, initiatives, landing pages, and even online courses:

- Chromebook mobile site: http://us.chromebook.withgoogle.com

- Developer Bus: http://developerbus.withgoogle.com

- Full Value of Mobile: http://www.fvm.withgoogle.com

- Google Analytics Academy: https://analyticsacademy.withgoogle.com

- Google Expert: http://expertbrasil.withgoogle.com

- Google Wallet Instant Request Form: http://getinstantbuy.withgoogle.com

- Mapping: https://mapping.withgoogle.com

- Online Marketing 101: https://onlinemkt101.withgoogle.com/preview

- Royal Baby Congrats Card: https://royalbabycard.withgoogle.com

- Tour Builder: https://tourbuilder.withgoogle.com

- Web Accessibility: https://webaccessibility.withgoogle.com

- YouTube Creator Academy: https://creatoracademy.withgoogle.com

- Your Tour (Tour de France): http://yourtour.withgoogle.com

Non-English:

- http://vpered.withgoogle.com

- http://docchinogame.withgoogle.com/pc/

- http://minchizu.withgoogle.com

- http://ennovate.withgoogle.com

- http://brasilfreewifi.withgoogle.com

jcampbell112y ago

My guess is that everything on a .google.com domain requires loads of security testing. This let's them put up a marketing site with out tons of auditing.

sprizzle12y ago

Systemic3312y ago

Does anyone know what it takes to mitigate DDoS, at this kind of scale?

jamroom12y ago

workhere-io12y ago

Call me cynical

4 more replies

snowwrestler12y ago

That was my impression too.

On top of that there are filtering technologies that can block obviously fake traffic or well-known signatures like the LOIC.

Cloudflare does all of these things and more.

The way I read this, Google would not charge for this service. They would select "worthwhile" sites to protect out of the goodness of their heart.

The cynical take is that it is a PR project to help repair their "defenders of the Internet" brand. They built it up with SOPA, but it's been damaged by PRISM.

packetslave12y ago

Did you seriously just accuse Google of "a mafia protection kinda thing"? Seriously?

jere12y ago

I'm assuming the OP was referring to a protection racket: http://en.wikipedia.org/wiki/Protection_racket

Of course, Google isn't threatening anyone with DDoS, (even assuming that they somehow make money of you).

2 more replies

IanCal12y ago

> There doesn't' appear to be any direct revenue gain from this, maybe this is more of a mafia protection kinda thing (as in protecting its interests, the websites hosting its ads).

All of which you'd know if you'd read the site rather than making ludicrous comparisons to the mafia.

mariusz7912y ago

I can already see the headlines: "Beginning January 1st 2016 Google will discontinue Project Shield"

MrZongle212y ago

You beat me to it. My first thought was, "now what sub-industry is Google trying to kill off and subsequently force the resurrection of in a couple of years when their product gets pulled?"

saraid21612y ago

You make them sound like a forest fire.

dexen12y ago

Guess this is how it's done in the SaaS world? Watch out for repeat of RSS's story -- market got dominated, then the dominating service got plug pulled.

Microsoft really should have patented the `Embrace, Extend, Extinguish' business method back in the day ;-)

outside123412y ago

2016? You are an optimist.

1 more reply

jjoe12y ago

United85712y ago

NVidia already has something named Project Shield -- although it has nothing to do with this. Wonder if this is confusing enough for a trademark case.

swang12y ago

Project Shield was the code name, NVidia Shield is the real name.

opinali12y ago

Not to mention the S.H.I.E.L.D. Nick Fury will be pissed.

atestu12y ago

not to be mistaken with… The Shield! http://www.imdb.com/title/tt0286486/

malkia12y ago

There is Blue Shield (medical insurance company) in US

Geee12y ago

MisterWebz12y ago

saraid21612y ago

If you were really paranoid, you wouldn't post on the Internet where your data traces could be analyzed.

chanux12y ago

I think protect free expression online is too precious of an idea to be used there. But that's just my opinion.

ck212y ago

Every time I see a new google product launch, in the back of my mind I start to wonder when it will be shut down.

snird12y ago

"protect free expression online"? and who will protect us from google itself?...

clebio12y ago

Whoa, interesting Captcha (sorry to go on a tangent). Looks a bit like crowd-sourcing their street-view work (though could of course be sourced from all sorts of other things).

fsckin12y ago

This started last year. Pretty smart usage, in my opinion.

http://techcrunch.com/2012/03/29/google-now-using-recaptcha-...

znowi12y ago

> Project Shield is an initiative to use Google's infrastructure to protect free expression online

How peculiar. The tech is DDoS mitigation, but the PR focus is on "free expression online", Syrian gas attacks, and evil Iran.

Wonderfully executed. The internet crowd is cheering the "free speech", the government approves of the Middle East angle.

Meanwhile, PRISM keeps working and very few care about it.

car12y ago

How will Google determine which opinions to protect?

As wonderful as Project Shield sounds, there is a fundamental risk of it being undemocratic.

thethimble12y ago

Why won't it protect all sites regardless of content? Isn't that the point of free speech?

jkscm12y ago

No, Google will decide what will be protected or the people that have the power to control Google in these regards.

Content that will certainly not be protected: - Content that violates the Digital Millennium Copyright Act

- Illegal pornography, snuff videos ...

- sedition,incitement

- confidential NSA stuff (you know, because it helps terrorist )

Theodores12y ago

I am not being funny, however, shouldn't this form be https? Or did I miss something?

lnanek212y ago

Kind of a bad name choice with NVIDIA Shield being a popular topic in tech and gaming circles right now.

pearjuice12y ago

Good goy, come host your government neglecting data with us, we promise we won't hurt you!

neves12y ago

Great! Now the NSA can monitor every dissident of the world without the need to search for them.

TeMPOraL12y ago

Well, that's what Google is all about - providing good search solutions ;).

daljeetv12y ago

One more step toward Google creating a complete and comprehensive end to end solution

daljeetv12y ago

Which provides GOOGLE with even more connected data points about a user when he/she is surfing the net.

lazylizard12y ago

so this is like cloudflare but for people whom google like?

chadwickthebold12y ago

Hopefully this project will come with increased openness about Googles complicity in the PRISM scandal. It would be rather ironic if this ends up protecting free speech everywhere except in America.

Systemic3312y ago

krapp12y ago

tharshan0912y ago

github needs this.

Fando12y ago

Wow, what a load.

j / k navigate · click thread line to collapse