October is Cybersecurity Awareness Month and Google is announcing a slew of new features related to the sign-in process and account usage. New Google Account security protections include requiring JavaScript to be enabled when logging in and removing harmful apps during Security Checkup with Play Protect.
On the Account login page, Google runs a risk assessment that only allows the "sign-in if nothing looks suspicious." This analysis to protect against phishing requires that JavaScript be enabled, with Google noting that only .1% of users have it disabled. If that is the case, you will be prompted to enable it before signing in.
Chances are, JavaScript is already enabled in your browser; it helps power lots of the websites people use everyday. But, because it may save bandwidth or help pages load more quickly, a tiny minority of our users (0.1%) choose to keep it off. This might make sense if you are reading static content, but we recommend that you keep Javascript on while signing into your Google Account so we can better protect you
Once users are signed in, the Security Checkup feature now takes into account nefarious applications installed on Android devices, with Google Play Protect leveraged. You might be prompted to uninstall any harmful apps found on your phone, while Google recently beginning to recommend that users removed unused, but logged in devices.
(Score: 0) by Anonymous Coward on Friday November 02 2018, @12:43AM
Bloat is a different thing. Of course investing time in bloat causes less time available for security improvements, but bloated software still can be maintained well with significant manpower. The problem is in other parts.
I see the bugs in the GUI and in backend and this happens in a software made by giants. A few years ago I was doing a reverse of some distributed PIM format and found terrible errors which resulted from really bad programming practice. This was a management software used by quite large amount of companies. Even Thunderbird has notorious problems with opening files causing false errors.
I also see Internet connections performed by programs and I consider metadata which is an underestimated source of information.
Additionally, for matter of safety, an important thing is to avoid creating risky situations, and JS engines are software of a high risk.