On 24 February, Google and its parent company Alphabet opened the doors to Project Shield, a service designed to protect independent news websites with controversial geopolitical messages from distributed denial-of-service (DDoS) attacks.
The project, which originates from the Google Ideas branch that was recently extended and rebranded as Jigsaw, has come out of an invite-only beta and is now freely available to any website not owned by a government or political party that passes through the application process.
According to a Wired report, sites that have successful applications to the project will then be able to change their site’s domain name configuration which so that it redirects to a Google server. This server effectively creates a “reverse-proxy”, which then filters out malicious traffic.
Google claims in an accompanying video (below) that decision to help independent websites from suffering the wrath of hackers is to reduce forced censorship, via online blackouts, for those sites that are delivering sensitive news in regions of political turmoil and/or upheaval.
An example given for an early case of Project Shield’s use covers how Yahyanejad, the editor-in-chief of, managed to take advantage of Google’s system to effectively null a swathe of DDoS digital strikes presumed to be intended to suppress the site’s coverage of the 2009 Iranian presidential election.
“Just about anyone who’s published anything interesting has come under an attack at some point,” said Project Shield lead George Conard. “The smaller and more independent voices often don’t have the resources, whether technical or financial, to really put good protections in place…That’s where we come into the picture.”
The catch, however, could be a deal breaker for some, despite the obvious positives of the service. While Alphabet executive director Eric Schmidt talks of using Jigsaw-produced schemes as being purpose-built to enable “technology to tackle the toughest geopolitical challenges,” any website making use of Project Shield is required to give Google access to its raw data logs on who is accessing the site itself.
While this may cause privacy concerns, the company confirmed to Wired that the data logs will only be kept for a maximum of two weeks. Project Shield product manager CJ Adams said: “We’ve made it very explicit we don’t have the rights to commercialise anything that comes through.”