Google has made its Project Shield denial-of-service attack mitigation technology available for free to news organizations around the world.
Publishers that meet the company’s definition of a news Website can submit an application to sign up for the service. Human rights organizations and Websites that monitor elections-related content also are eligible to sign up for Project Shield. Sites that are approved will be able to set up in about 10 minutes by making the appropriate changes to their Domain Name System records, Google said.
Google launched Project Shield several years ago to protect news Websites from the effects of denial-of-service (DoS) attacks. Up to now, it has only been available on a trial basis to a limited number of test sites.
“Now we’re expanding Project Shield beyond our trusted testers, and opening it up to all the world’s news sites,” Jared Cohen, president of Jigsaw and an adviser to the executive chairman of Google’s parent company Alphabet Inc., wrote this week in a blog post. With the expansion, tens of thousands of news sites now have access to the free service, he said.
Google has said that its motivation in launching Project Shield is to ensure that news organizations around the world are not hampered in their efforts to deliver news and other content by those seeking to censor and silence them. “Unfortunately, there are some out there who want to prevent this kind of reporting—to silence journalism when it’s needed most,” Cohen said.
DoS attacks are a preferred mechanism in many cases because they are simple and inexpensive to launch. Almost anyone with access to a computer can launch such an attack and take a site offline before the owners are aware of an attack, he said.
In a DoS attack, threat actors try to knock a Website offline or make it hard to reach by directing a very large volume of useless traffic at it from thousands of previously compromised computers. With Project Shield, news sites that sign up for the service will have traffic to their sites routed through Google’s massive cloud infrastructure, where attack traffic, if any, will be blocked, while legitimate traffic will be allowed to flow through.
Most sites should see improved performance, according to a company FAQ, but in some instances, Websites could experience a “small increase” in latency, Google said. It is possible that some attacks will be so completely absorbed by Project Shield that a targeted Website may not know it was attacked, Google claimed. Users may be notified in the event of large-scale attacks that require more active mitigation measures, the company said.
Project Shield is designed as a DoS attack-mitigation mechanism only and will not protect against other malware and other online threats.
As with almost everything Google does, Project Shield will collect and store some of the data flowing through its infrastructure. According to Google, the company will store user configuration settings and logs for all traffic that is routed through its infrastructure. The company maintains that it will not use data collected from Project Shield for advertising purposes or to improve its own services.