Slashdot Mirror
Google Warning Gmail Users On Spying From China
Trailrunner7 writes "Google is using automated warnings to alert users of its Gmail messaging service about widespread attempts to access personal mail accounts from Internet addresses in China. The warnings may indicate wholesale spying by the Chinese government a year after the Google Aurora attacks, or simply random attacks. Victims include one leading privacy activist. Warnings appeared when users logged onto Gmail, encountering a red banner reading, 'Your account was recently accessed from China,' and providing a list of IP addresses used to access the account. Users were then encouraged to change their password immediately. Based on Twitter posts, there doesn't seem to be any pattern to the accounts that were accessed, though one target is a prominent privacy rights activist in the UK who has spoken out against the Chinese government's censorship of its citizens. A Google spokesman declined to comment on the latest warnings specifically. The company has been issuing similar warnings since March, when it introduced features to identify suspicious account activity."
And what the hell do you think the US does? We do everything that China does only because we're "the west" we aren't scared about it. See, the thing is, the US government can basically force Google to access your account. I much rather have a Chinese attack where I'm alerted about it than a US attack that happens stealthily.
Yeah, China has human rights abuses and so does the US. There are people detained by US authorities who don't even have a fucking clue why they are detained because the US won't tell them!
This idea that China is a super-villain and the US is a superhero is based off of myth, nationalism and ignorance, we are no better than the Chinese.
Taxation is legalized theft, no more, no less.
I got the warning about being accessed from China. Unfortunately, it came 2 days after I became aware of my gmail account and World of Warcraft account both being compromised. By that time I had already changed the password, and had Blizzard restore my stuff.
Let's see - I have never been in China and don't plan to go in the near future - maybe if Google added a feature that allows me to CONTROL what countries I can access it from, it could alleviate a lot of this problem.
I'm sure those crafty hackers will find a way around it and divert through a US waypoint, but there's no need for my account to have broad access from countries I am never going to access it from.
Go ahead and comply with government demands, but tell the common people what the government is doing to them. I like it.
Yea, except when China detains you they throw you in the Laogai (Chinese gulag - forced labor prison) and harvests your organs to sell to rich westerners whose children are dying of non-functioning organs for which there is normally a giant waiting list.
And, keep in mind, China does that if you are nothing more than a political opponent, dissenter, or critic. Your fair trial consists of, "You are guilty."
When the U.S. (wrongly) detained the friend of Assange, leader of WikiLeaks, earlier this year they had to let him go. Our laws have been designed to protect human rights from abuse by even our own government. You can't say the same thing about the Chinese.
I hate to admit it, but I still love buying cheap crap from them, though.
I'm sort of afraid to post this comment now. *breathes deeply and pressing the submit button*
I use a Chinese proxy server!
Set your phasers on "funky"!
I'm not worried about China, I'm worried about my own government spying on me with Google's cooperation.
Yeah, China has human rights abuses and so does the US. There are people detained by US authorities who don't even have a fucking clue why they are detained because the US won't tell them!
Please point to a case where this has happened in modern US history, as this is a very clear violation of our sixth amendment in the Bill of Rights.
Parsing your data for profit, et cetera...
Or is that okay in free market halfassery?
What he can't kill, he has sex on. Trent.
I'm not American or even European btw.
Given the recent situation with Japan, I don't know how else to see China.
Vietnam have been complaining about China's bully tactics for a while now, it's just that no one paid attention.
China has been gaining a lot of power, the US might not even be able to restraint them any more.
Frankly it scares me.
I hate to say this but the moron Bush might actually be right, China has to be contained.
If I could turn back time and somehow stop China from joining the WTO I would.
As for the US, the things you guys do in the middle east is one hell of a clusterfuck.
But I don't know.
I think would rather live under the thumb of the US government than the PRC.
From my point of view, maybe it's because I'm from a country friendly towards the US, US in general have been relatively benevolent "rulers" in comparison to what China could be capable of.
Are you that blind that you haven't heard of Gitmo? http://civilliberty.about.com/od/lawenforcementterrorism/tp/Boumediene-v-Bush.htm Yeah, the supreme court struck it down fairly quickly but note that a single vote in the opposite direction would have kept it.
Taxation is legalized theft, no more, no less.
Uh, you know those "foreign combatants" kept in dog kennels in Guantanamo Bay, and not charged because we don't even know why we captured them in the first place? Those guys? According to those filthy liberal peacenik commies in the Supreme Court, apparently they're actually "people"!
If you were blocking sigs, you wouldn't have to read this.
I don't ever expect to use my Gmail from China.
I very rarely use my Gmail from anywhere outside the US.
I'd like to block ALL COUNTRIES from my Gmail, except the US. Then when I travel, I can add the country I am going to visit - for as long as I'm there.
Ideally, this function could tie in to my World Mate app on the BlackBerry - it knows when I am out of the country or not.
Specifically you are confusing privacy and anonymity. Many geeks seem to think the right to privacy is the same as the right to remain anonymous and they aren't at all. The government has rules that there is a right to privacy implied in the Constitution, but they have never ruled there is a right to anonymity best that I know.
So what's the difference? Privacy means being able to shield what you are doing from others, if you choose. I currently have complete privacy. I am alone, in my home. That means what I am doing is not something anyone can find out, unless I let them. My actions and thoughts are as private as I wish them to be. However I'm not anonymous. Anyone who did even cursory (and fully legal) surveillance could determine what house is mine and that I am presently at home. I am in no way anonymous in my actions, just private.
The flipside of that would be a couple having sex in a park, wearing full face masks. They would have no privacy, but would have anonymity. There would be no doubt in anyone's mind what was going on if they looked over. However as to who was doing it, well that would be a mystery. The people doing it would be anonymous, but not private.
Of course you can easily find other situations that you have both or neither.
So as it applies to these activists that they are known doesn't mean they aren't successful at being private. They aren't anonymity activists, they are privacy activists. They advocate that you should be able to do things and not have the government (or others) spy on you. they are not advocating you should be unknown, a cipher to all.
There are GPG plugins for most e-mail clients. E.g. there's Enigmail for Thunderbird. People just need to use them.
I fail to see how this would help at all. Part of the problem with someone gaining access to your e-mail account is that it can be used to gain access to all of your accounts. The other problem is that it can be used to send spam/viruses. Neither of those would be fixed by encryption. If you want encrypted e-mail, use servers under your control.
The right to protest the State is more sacred than the State.
Going through a proxy (crowded, busy, high traffic, concentrated) makes hack attacks that much more difficult. From the defense standpoint, proxies may be known (lists of know proxies are widely available), detectable (reverse operations), or identifiable via patterns (large volumes of traffic or attack from a single or narrow IP band not otherwise known).
You do highlight the point, however, that patterns of behavior are what are critical. You want to see who's coming in, from what IP ranges, whether or not they're suddendly having a great deal of trouble with their passwords, etc.
I've had more than a little success identifying sources of abuse via CIDR block or ASN using the Routeviews reverse IP-to-BGP Router Data lookup (the txt record is the CIDR block and ASN of an IP). Not just in spam, as indicated in the linked paper, but for apache logs, aggregating ranges of IPs to a single identifiable source.
Sure, someone using a widely distributed botnet across multiple ASNs isn't going to turn up in that analysis (or rather, it will be more weakly distributed), but in that case, you're going to want to find other patterns of behavior to track.
What part of "gestalt" don't you understand?
not only all countries but my own, I would like to be able to whitelist to
- my work IP
- my home internet provider
and that's it, if I travel I can always stop restrictions temporarily, but there should be no reason why any location but the two above should be able to access my email account on a regular basis.
If Google wanted to make things simpler for users, you could also have the option to restrict by geolocation, given how good it is nowadays it should be trivial to say 'allow connections only from this city'
-- the cake is a lie