Slashdot Mirror
Google Warning Gmail Users On Spying From China
Trailrunner7 writes "Google is using automated warnings to alert users of its Gmail messaging service about widespread attempts to access personal mail accounts from Internet addresses in China. The warnings may indicate wholesale spying by the Chinese government a year after the Google Aurora attacks, or simply random attacks. Victims include one leading privacy activist. Warnings appeared when users logged onto Gmail, encountering a red banner reading, 'Your account was recently accessed from China,' and providing a list of IP addresses used to access the account. Users were then encouraged to change their password immediately. Based on Twitter posts, there doesn't seem to be any pattern to the accounts that were accessed, though one target is a prominent privacy rights activist in the UK who has spoken out against the Chinese government's censorship of its citizens. A Google spokesman declined to comment on the latest warnings specifically. The company has been issuing similar warnings since March, when it introduced features to identify suspicious account activity."
We are now see their true colours.
They are like evil villains you see in the movies but for real.
We the world just made them into a very dangerous Superpower.
Well at least SOMEONES doing something about this, kudos to Google for being the ones to point out to the users themselves and warn them!
I hate to break it to you.
You are not the world.
And what the hell do you think the US does? We do everything that China does only because we're "the west" we aren't scared about it. See, the thing is, the US government can basically force Google to access your account. I much rather have a Chinese attack where I'm alerted about it than a US attack that happens stealthily.
Yeah, China has human rights abuses and so does the US. There are people detained by US authorities who don't even have a fucking clue why they are detained because the US won't tell them!
This idea that China is a super-villain and the US is a superhero is based off of myth, nationalism and ignorance, we are no better than the Chinese.
Taxation is legalized theft, no more, no less.
Google already keeps track of all kinds of data around my Gmail account, why does it not warn me whenever *irregular* patterns of access occurred, based on implausibly localized IPs?
Thank you for your consideration
- You already know I love you, Google.
Sincerely, a concerned GMail customer.
Sergey must be feeling lonely and left behind again, time to make some news.
Let's just say google has not been the most reliable and trustworthy of corporate citizens lately.
Sure China is the location of a lot of servers. To extrapolate this is the work of Chinese hackers is like blaming Cadillac for a rash of drive-by shootings.
I got the warning about being accessed from China. Unfortunately, it came 2 days after I became aware of my gmail account and World of Warcraft account both being compromised. By that time I had already changed the password, and had Blizzard restore my stuff.
Let's see - I have never been in China and don't plan to go in the near future - maybe if Google added a feature that allows me to CONTROL what countries I can access it from, it could alleviate a lot of this problem.
I'm sure those crafty hackers will find a way around it and divert through a US waypoint, but there's no need for my account to have broad access from countries I am never going to access it from.
I got this warning a while ago, on a gmail account i never used to sign up for anything, and was very careful with. WTF china...also makes me mad at google for not being able to stop these attacks
Go ahead and comply with government demands, but tell the common people what the government is doing to them. I like it.
Yea, except when China detains you they throw you in the Laogai (Chinese gulag - forced labor prison) and harvests your organs to sell to rich westerners whose children are dying of non-functioning organs for which there is normally a giant waiting list.
And, keep in mind, China does that if you are nothing more than a political opponent, dissenter, or critic. Your fair trial consists of, "You are guilty."
When the U.S. (wrongly) detained the friend of Assange, leader of WikiLeaks, earlier this year they had to let him go. Our laws have been designed to protect human rights from abuse by even our own government. You can't say the same thing about the Chinese.
I hate to admit it, but I still love buying cheap crap from them, though.
I'm sort of afraid to post this comment now. *breathes deeply and pressing the submit button*
I guess they're not very successful at it.
I don't believe in time. It's a grand conspiracy designed to sell watches.
A couple months ago, out of the blue. I changed my password of course
And you talk just like the stupid people in the movies: We are good and they are evil.
relativistic assessments such as the parents are merely intellectual laziness and false humility.
I use a Chinese proxy server!
Set your phasers on "funky"!
http://gnupg.org/
Palm trees and 8
I was one such victim, but for me the hijacking occurred about two months ago. Lucky for me it wasn't used to send millions of malware-laden spam messages; only several dozen messages were sent (all in Chinese), and it didn't look like any attempt was made to filch information from my archives. Google did warn me at the time, and there have been no obvious consequences since I regained control of the account.
I'm not worried about China, I'm worried about my own government spying on me with Google's cooperation.
Yeah, China has human rights abuses and so does the US. There are people detained by US authorities who don't even have a fucking clue why they are detained because the US won't tell them!
Please point to a case where this has happened in modern US history, as this is a very clear violation of our sixth amendment in the Bill of Rights.
This idea that China is a super-villain and the US is a superhero is based off of myth, nationalism and ignorance, we are no better than the Chinese.
May I suggest that this belief that there are significant people who believe in your hyperbolized dichotomy is also a myth. I'm confident the majority of people in the US see it as a flawed country but on the whole comparatively better than most.
your thin skin doesn't make me a troll
Parsing your data for profit, et cetera...
Or is that okay in free market halfassery?
What he can't kill, he has sex on. Trent.
I'm not American or even European btw.
Given the recent situation with Japan, I don't know how else to see China.
Vietnam have been complaining about China's bully tactics for a while now, it's just that no one paid attention.
China has been gaining a lot of power, the US might not even be able to restraint them any more.
Frankly it scares me.
I hate to say this but the moron Bush might actually be right, China has to be contained.
If I could turn back time and somehow stop China from joining the WTO I would.
As for the US, the things you guys do in the middle east is one hell of a clusterfuck.
But I don't know.
I think would rather live under the thumb of the US government than the PRC.
From my point of view, maybe it's because I'm from a country friendly towards the US, US in general have been relatively benevolent "rulers" in comparison to what China could be capable of.
I agree. If your dad is an abusive jerk, you don't deserve to be protected from other abusive jerks. They're no worse than what you get at home, so what are you bitching about?
If you were blocking sigs, you wouldn't have to read this.
I've been receiving a lot of spam from some chinese servers for the last 3 weeks. I don't remember giving my email to anyone but collegues, is this related?
I'm not seeing the bit where GP said that "we" were good, just that "they" are bad. Can you clarify?
If you were blocking sigs, you wouldn't have to read this.
Are you that blind that you haven't heard of Gitmo? http://civilliberty.about.com/od/lawenforcementterrorism/tp/Boumediene-v-Bush.htm Yeah, the supreme court struck it down fairly quickly but note that a single vote in the opposite direction would have kept it.
Taxation is legalized theft, no more, no less.
Maybe because they added a lot of random targets to disguise the real target(s). I'd definitely do more than 100 distractions attacks per real attack just to confuse my opponents.
Why do we even need them on the internet?
Uh, you know those "foreign combatants" kept in dog kennels in Guantanamo Bay, and not charged because we don't even know why we captured them in the first place? Those guys? According to those filthy liberal peacenik commies in the Supreme Court, apparently they're actually "people"!
If you were blocking sigs, you wouldn't have to read this.
...Because your dad who is an abusive jerk making an organization to prevent child abuse wouldn't be hypocritical in the least. And then him being lauded for being a great dad despite the fact he is still an abusive jerk, wouldn't come up as slightly hypocritical to you?
Taxation is legalized theft, no more, no less.
Not my cup of tee. General's chicken needs more garlic.
Send more dandan noodle.
Fuck systemd. Fuck Redhat. Fuck Soylent, too. Wait, scratch the last one.
There's a really easy way google can mitigate a lot of these problems. They could cooperate a little bit with someone who wants to make a firefox plugin that would encrypt people's email.
I know that goes against their business model, which lets them use people's emails to tailor search results and target ads. And it would probably piss off a number of governments. But in reality, almost no one would actually take the trouble to encrypt their mail, and it would allow people who really needed the privacy to take care of themselves.
It's such an easy, simple solution. I wish they'd consider it.
I don't ever expect to use my Gmail from China.
I very rarely use my Gmail from anywhere outside the US.
I'd like to block ALL COUNTRIES from my Gmail, except the US. Then when I travel, I can add the country I am going to visit - for as long as I'm there.
Ideally, this function could tie in to my World Mate app on the BlackBerry - it knows when I am out of the country or not.
When those anti-government activists use easy-to-guess passwords like "FreeTibet" and "FalunGong4evah", of course their Google accounts are going to get hacked...
#DeleteChrome
Specifically you are confusing privacy and anonymity. Many geeks seem to think the right to privacy is the same as the right to remain anonymous and they aren't at all. The government has rules that there is a right to privacy implied in the Constitution, but they have never ruled there is a right to anonymity best that I know.
So what's the difference? Privacy means being able to shield what you are doing from others, if you choose. I currently have complete privacy. I am alone, in my home. That means what I am doing is not something anyone can find out, unless I let them. My actions and thoughts are as private as I wish them to be. However I'm not anonymous. Anyone who did even cursory (and fully legal) surveillance could determine what house is mine and that I am presently at home. I am in no way anonymous in my actions, just private.
The flipside of that would be a couple having sex in a park, wearing full face masks. They would have no privacy, but would have anonymity. There would be no doubt in anyone's mind what was going on if they looked over. However as to who was doing it, well that would be a mystery. The people doing it would be anonymous, but not private.
Of course you can easily find other situations that you have both or neither.
So as it applies to these activists that they are known doesn't mean they aren't successful at being private. They aren't anonymity activists, they are privacy activists. They advocate that you should be able to do things and not have the government (or others) spy on you. they are not advocating you should be unknown, a cipher to all.
Sure. I said GP talked like something, but I didn't say what you said I did. Is that clear enough for you?
About 50% of the spam I get is WoW and other MMOG account phishing. Apparently lots of people use the same WoW account pw as for their gmail account since you see "i got hacked" posts in the forums every day. Blizzard then made the brilliant move of making your WoW account username your email address.
There's a Facebook option whereby you get an email sent to you when someone accesses your account on a PC that hasn't been used for that before. I thought it was cool also.
But GMail has had the "active sessions" and "last activity on this account" options for a while, so I guess it's only working on a behaviour pattern and warning people when that pattern changes.
There are GPG plugins for most e-mail clients. E.g. there's Enigmail for Thunderbird. People just need to use them.
Four dead in Ohio. There's also the Civil Rights marches of the 1960s, the labor movement, the Trail of Tears, and a few other odd highlights. I'd suggest picking up a copy of Lies My Teacher Told Me or Howard Zinn's A People's History of the United States.
What part of "gestalt" don't you understand?
Going through a proxy (crowded, busy, high traffic, concentrated) makes hack attacks that much more difficult. From the defense standpoint, proxies may be known (lists of know proxies are widely available), detectable (reverse operations), or identifiable via patterns (large volumes of traffic or attack from a single or narrow IP band not otherwise known).
You do highlight the point, however, that patterns of behavior are what are critical. You want to see who's coming in, from what IP ranges, whether or not they're suddendly having a great deal of trouble with their passwords, etc.
I've had more than a little success identifying sources of abuse via CIDR block or ASN using the Routeviews reverse IP-to-BGP Router Data lookup (the txt record is the CIDR block and ASN of an IP). Not just in spam, as indicated in the linked paper, but for apache logs, aggregating ranges of IPs to a single identifiable source.
Sure, someone using a widely distributed botnet across multiple ASNs isn't going to turn up in that analysis (or rather, it will be more weakly distributed), but in that case, you're going to want to find other patterns of behavior to track.
What part of "gestalt" don't you understand?
XKCD puts it well: http://xkcd.com/792/
How often do you reuse passwords?
What financial or other control information transits your email account?
What blackmail or other information could be gained via your email account(s)?
I've utilized this myself in legal cases for fun and profit (lawful access to data, natch).
What part of "gestalt" don't you understand?
I wonder if that's at all irritating to users living in places like, you know - China.
I think I know what the next Slashdot poll will be...
This is a good reason for google to start supporting client identification through SSL certificates.
I think would rather live under the thumb of the US government than the PRC. From my point of view, maybe it's because I'm from a country friendly towards the US, US in general have been relatively benevolent "rulers" in comparison to what China could be capable of.
That's because you are currently under the spell of the US. If you are instead under the spell of China, believe me, China can appear much more of a benevolent ruler. Actually the Chinese government (and past dynasties) is the expert at creating a big happy family in which you would totally forget what individualism is (assuming you knew it in the first place).
not only all countries but my own, I would like to be able to whitelist to
- my work IP
- my home internet provider
and that's it, if I travel I can always stop restrictions temporarily, but there should be no reason why any location but the two above should be able to access my email account on a regular basis.
If Google wanted to make things simpler for users, you could also have the option to restrict by geolocation, given how good it is nowadays it should be trivial to say 'allow connections only from this city'
-- the cake is a lie
Sure. I said GP talked like something, but I didn't say what you said I did. Is that clear enough for you?
I'm not seeing the bit where GP said that "we" were good, just that "they" are bad. Can you clarify?
And you talk just like the stupid people in the movies: We are good and they are evil.
That's supposed to be in the movies. Is this the nitpicking day on Slashdot or what?
While we don't do many atrocities to people here at home, the "third world" is open game.
Guess that depends on the definition of many. The US has the highest number of children in prison for life without parole. Puts some people whom appear to be Mexican in prison for that reason alone, for years, without access to attorneys or judges, before deportation. Puts a substantial percentage of people with varying shades of skin in prison for minor reasons, and keeps them there for life thanks to a baseball mentality of 3 strikes and bigoted sentencing. Just a sampling of the atrocities that occur in the US thanks to having biased people working in government and positions of authority. As you note, the atrocities the US government and its big business boss commit in other countries are worse and the scale larger, but there's enough to have some at home too.
Google has had these warnings for every country that you're not usually in, something that the summary very carefully omits. It's got sweet fuck-all to do with the China spying episode.
Of course you don't know how else to see China since you are rather ignorant. What else can China do when their citizen was illegally captured in Chinese territory by a far superior military alliance of Japan/US Navy force? Retreat like a coward like 1930s? Japan is the bully here, not China. And guess what forced Japan to release the the captain? Obama told Japan to stop playing game, not China.
And guess what forced Japan to release the the captain? Obama told Japan to stop playing game, not China.
I think it was because China detained four Japanese. In the 1930s, that's give Japan the excuse to invade China. Not any more.
Wait, is that the Supreme Court of the United States?
Why is it when the US is criticized, responses in the vein of "other countries do it too" is unacceptable and often labeled troll, yet when a different country is under the radar, responses in the vein of "the US does it too" is the first and greatest comeback, and in this case labeled "Insightful"?
Because the US has presented itself as a moral high ground and example for the rest of the world, or tried to. When the role model does wrong excuses don't fly.
I am in Australia and have no connections with Chinese interests. My account has been accessed twice - even though I had a strong password. The second time the account was only accessed through Chrome and all other web access was via firefox running noscript. The first time a spam email was sent to all my contacts. I couldnt identify any thing done the second time.
Id love to know how to stop these hacks but I cant work out how they do it.
Benevolent Rulers are only benevolent when the subjects are doe-eyed submissives.
And the subjects that are not good? Well, just wait till father gets home.
In post Patriot Act America, the library books scan you.
I got the warning, after my account was cracked.
I went away for the weekend of September 10-14th. When I got back I opened my mail (all gmail accounts) in Evolution and there were over 100 "Delivery Status Notification" warnings. They listed an email address that I have never seen before and said "The recipient server did not accept our requests to connect."
The message it was trying to send was
Start of message. (I'd use =...= but /. is giving me a hassle about "junk characters"
Hello,
This is an automated notification regarding your World of Warcraft account. Your account options was recently modified through the Account Management website.
*** If you did NOT make any changes to your account or subscription, we recommend you login to Account Management at the following link to review your account settings:
http://www.worldofwarcraft.com/account/billing/
If you cannot sign into Account Management using the link above, or if unauthorized changes continue to happen, please contact Blizzard Billing & Account Services for advanced assistance.
Account security is solely the responsibility of the accountholder. Please be advised that in the event of a compromised account, Blizzard representatives will typically lock the account. In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play.
Regards,
The World of Warcraft Support Team
Blizzard Entertainment
End of message.
I have never played WOW.
I changed my password immediately. I got the warning message from Google the other day. I changed my password again. I have no idea how they got or are getting my password. I do not use that email account for any transactions. I don't do anything in China, except that I did buy 2 items from Deal Extreme.
See how you're able to talk about those events, write books and songs about them, and view photographs? Those isolated incidents are views as public black marks on American history and are not standard operating policy, nor are they hidden by the government. In fact, many politicians have ridden to office on their outspoken criticisms of America's past.
Perhaps its been mentioned before, but I thought there was a pretty simple solution.
Google need to add exclusions of countries to your accounts.
So you would set your "Home" as Australia for example which you can change if you wanted to move overseas.
Then that would block all countries except Australia from accessing your account.
Then you could have Holiday mode where you can enable America from 1/10/2010 to 1/11/2010.
It does have some minor flaws, but it should solve most issues with hacked accounts.
Does Google track my normal usage pattern? If so, they should warn me of any anomaly, not just from China but any other country that is outside the norm for my account.
I am in China. I access my Gmail every day from here. I have never seen this message. Somehow, they must know that is the norm for me. Will I get a warning if my account is suddenly accessed from the US?
~A~
Uh, when you travel, you only visit *one* country? It appears that you are indeed living in North America.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
You seem to have deep seated daddy issues. Still wondering who yours was, eh?
If you were blocking sigs, you wouldn't have to read this.
They're just being modest. Obviously, it's really the Supreme Court of the World, and if you don't acknowledge that, well, you're either with Us or with The Terrorists.
If you were blocking sigs, you wouldn't have to read this.
And then you won't be able to search for conspiracy theories in the USA. It's really no different from China in terms of how government acts. All modern governments generally act the same. Yes North Korea may be the exception, but capitalist governments generally are similar.
Individuals don't matter anymore in any government that I know of. You are either a tax payer or a consumer.
China won't let you speak at all. Honestly what difference does it make? Or did you not hear about the raids on anti war protesters around the country? Or have you not heard about Cointel Pro?
The USA has no moral high ground over any other developed nation. The moral high ground was lost when the USA started torturing people.
While you are hyping the "freedoms" of the USA, the FBI is busy raiding US citizens.
http://www.myfoxchicago.com/dpp/news/metro/feds-raid-homes-in-chicago-minnesota-in-terror-probe-20100924
Theres a time to defend the US government, this isn't the time. Morally the US government cannot be defended. In fact morality and government don't even belong in the same sentence. Governments fight and win wars, if you want morality go to church.
See how you're able to talk about those events, write books and songs about them, and view photographs? Those isolated incidents are views as public black marks on American history and are not standard operating policy, nor are they hidden by the government. In fact, many politicians have ridden to office on their outspoken criticisms of America's past.
The only reason the US government allows him to talk about it is because the FBI is probably tapping his phone and watching his every move. China might not be as efficient at spying on it's citizens but the USA is efficient enough to do it and if people speak out then they just watch you even more closely.
So while there is a mock election, there is no way to know who really won. Probably the winner is whichever side has the best hackers. How is that any better or worse than China?
They got jailed for doing something similar. In fact it was exactly the same kind of thing, only slightly more organized and a bit more vocal.
Please do not throw phrases like that around applying it to China when it can just as easily apply to the USA. Our country is just as power hungry and authoritarian, perhaps more so if you look around the globe.
Did you forget about this: http://www.salon.com/news/opinion/glenn_greenwald/2010/01/27/yemen/index.html
Can change someones status from civilian to domestic terrorists overnight.
http://www.dailykos.com/storyonly/2010/9/25/905259/-UPDATEDWheres-the-Change-FBI-Raids-Peace-Activists,-Confiscates-MLK-Photo
How many times has my account been accessed by NSA, FBI or other agencies from other "trusted nations"?
As I said, I'm from a country friendly with the US.
IMO, while the US has been a bully at times, the most they do is apply economic pressure, and if the their target simply refuses to budge and the matter isn't that big a deal, they either compromise or just let it go.
Only in the worst case does military force gets used.
In summary, again from my subjective PoV, the US at least has some respect for the sovereign and rights of the nations they interact with.
China? They don't seem to respect anyone.
They feel just because they are bigger, they can force their will on anyone - to them might is always right 100% of the time.
Strength and military percussions are the only thing they response to.
Now I wish my country didn't have to live under the thumb of superpower states.
But I have to say, living under the thumb of the US appears to be better then living under the rule of the PRC.
You seem to be un-aware of the nature of proxies, tunnel end-points and trojaned machines.
This idea that China is a super-villain and the US is a superhero is based off of myth, nationalism and ignorance,
Correct.
we are no better than the Chinese.
Wrong (and hence a non sequitur as a bonus).
Just happened to me. I only found out once the bounce backs started to hit my phone 5 hours later.
Was sending WOW spam, alphabetically.
Ip of 59.174.113.114 access type "Unknown"
Ip traces back ok but ports are closed according to nmap.
My passwords are fairly secure too :(
Yup. As usual, end-to-end encryption is the only valid solution to be sure that no one along the transmission chain could snoop on your e-mail. For anything private or sensitive, that's the only solution.
With anything else, there are still weak point along the chain, like the mail being stored in clear on the server and being accessed there.
And I don't think offering GPG with Webmail is acceptable. If you have to let GMail handle your GPG keys it defeats the whole purpose.
As for the webmail part, that could be actually doable it the decryption is actually done on the client side :
- the webmail servers stores and transmits email in encrypted form
- the javascript running on the reciever's Firefox does the decryptions
- as such no un-encrypted copy exists anywhere on the web
- the key remains locally stored and accessed only by the locally running Javascript. Not uploaded.
- as a bonus, as the Javscript is delivered in plain text, users can run checks to be sure that nothing shady happens (like the local app using the local GPG service to decrypt the messages, but then uploading them back to the mail server).
In fact, that could probably be done today with a combination of Userscripts and/or Plugins.
From what I've understood that partly what Meebo is doing, to avoid overloading their server and having the whole webapp running over HTTPS. Instead online login is HTTPS and then only the messages are transmitted encrypted (except it's server-to-client encryption, not end-to-end encryption).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Wouldn't illegal attempts to access our G-mail accounts be a lot harder if everyone changes their password regularly. http://randomkeygen.com/
sense of security, like pockets jingling...
If push comes to shove...
...the US will either default or print money to pay its debt, rest assured.
For everyone who has an online account, here's the issue: There's no anti-fraud checking for your "forgot my password" tools. So that means, if you are in China, and hacking an account, you go to the "I forgot my password" link for that account, and answer the question. voila! You are in. Sure, might take a few times, but who cares? I asked someone I know with a relationship with Google and Yahoo to do something with the info, and the response was un-flattering. So please, if your question is "what is my favorite color" and it is red, white, or blue, come up with a better answer. Like "red-blooded American" or "white like the stars" or "blue a shade after midnight" This will foil the Chi-coms so they can't use a dictionary attack. Longer the better. 20 characters, and Google itself would have a hard time doing a brute-force rainbow attack.
It's funny how in the last month the Financial Times reported that in Europe the number of people who fear China outnumbers the number that fear terrorists 3 to 1. Whereas here in the US we are all about Islamic terrorists.
Anyway we have so many companies here in the US which are blindly running to China for more profit. So if you are living in the US you might as well start welcoming our new overlords.
In the mean time , I am concerned that within the next 10 to 20 years China might ignite a spark that sets off a war, a big one.
Currently they are stealing (basically we are giving it to them ) technology as fast as we can create it. I've sat in my company and watched DOD development money fund projects for systems, while the Chinese looked over our shoulders and watched every step of development.
Right now the US cannot contain China in no way shape of form. We can't match them militarily or economically, we just don't have a big enough stick to swing anymore.
I think you will see Japan back step as gracefully as possible here in the near future once they realize there isn't a damn thing the US could do for them if China wanted to start fishing in Tokyo harbor.
But if China wasn't really ready for a fight they wouldn't have stopped the shipment/sale of "rare earths" to Japan. It didn't work out that well for us when we stopped shipment of oil to Japan in 1941. But I think by that time Japan was already itching for a fight.
That is not really true. China is doing all the things that USA used to do back in the 40's/50's. They are helping a number of dictators and spreading some wealth, but most of it remains with the dictators.
Timberland boots and Timberland shoes are very popular all over the world at present. Timberland 2011 fashionable designs attract so many people. In addition, Timberland boots sale especially well. You can get Cheap Timberland boots at our website.
The whole point of Webmail is that you can check your e-mail anywhere you can access a Web browser, be it your computer, a friend's computer, a public computer, a Web kiosk, etc.
If you access the mail from an unkown computer, you can't trust that computer for security.
2 requires portable storage of both the keys and possibly the browser, severely limiting where one can check mail, or at least making it so inconvenient that most people won't even bother with the system.
Theoretically, the keys could also be stored on the web, as long as they are password protected, and the client could be entirely javascript or java. Thus don't require USB access or rights to run external software.
Now practically, you still have the problem that you are running it on some untrusted machine. Which could be infected and do some snooping itself (and given the high infection rate among Windows machine that is really a possibility).
Again, only one single way to be sure about privacy and secrecy : end-to-end encryption.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Me being Gmail, and seeing this would block all incoming attempts from china into whatever server that held the american accounts,
say anyone not living in the us, can not access their us account, they would have to set up a foreign account (.ch for china i guess)
Seriously, we need to worry about this now? Google has done such an awesome job,
I would hate to think they have to start wasting money and resources to these types of problems.
I guess there will always be a way to hack, and there will always be ways to protect against....but my gmail is really only for me, and I guess if i travel overseas, and i am no longer on the american continent, then I should not have to worry about reaching my gmail from china. This could also force them to start using a lot more proxies like tor and such, but this would raise flags all over, and let you see more and more which are the proxy control centers coming out of china, then you cold shut them down...or ddos them or something...