Slashdot Mirror
'Google Just Made Gmail the Most Secure Email Provider on the Planet' (vice.com)
Google announced on Tuesday that it would offer stronger online security for "high risk" users who may be frequent targets of online attacks. The company said anyone with a personal Google account can enroll in the new "advanced protection," while noting that it will require users to "trade off a bit of convenience" for extra security. Motherboard reports: The main advantage in terms of security is the need for a key or token to log in as the second factor, instead of a code sent via SMS or via app. This is much better because there's no way for hackers to steal or phish this key from afar (there have been isolated incidents of hackers using social engineering to gain access to someone's cell phone number by getting the provider to issue a new SIM card, for instance). Thanks to these new features, Gmail is now the most secure email provider available on the internet if you are worried about hackers breaking into your private correspondence. "This is a major step in the right direction in offering the same kind of protection available to high-profile figures to everyday people," Kenneth White, a Washington D.C. based security consultant to federal agencies, told Motherboard. "They have really thought this through, and while it may not make sense for everyone, for those that need it, it's a much needed option."
I specify that Congress should make broad legislation allowing a regulatory agency to select the most-appropriate, affordable, and effective technology of today; and today, that is the FIDO U2F Security key with RSA or ECC encryption. That's how I'm going to defeat identity theft once and for all.
Support my political activism on Patreon.
somehow I wish the reverse, I hate it google block me access to their web site everytime I change my location, I would like to somehow turn off whatever they had till now. As a user want to have the choice to access my email account as it fits to me, from whenever I want to, is missing with Google.
That is great if you are worried about "hackers." (Whatever that means.) If, on the other hand you are worried about your information being sold or used in other ways then it is one of the least secure. It is not clear how share information with various governments so the whole transparency thing is problematic, but that has as much to do with the legal system as anything else.
My job already requires smartcardauthentication for email.
And no Google spying & building a shadow profile for advertising.
Is it secure from Google?
Hi sir! please enter your gmail password here: ____________
Oh i see, google doesn't protect against this. This seems super secure.
I think you missed the point. It's two factor authentication. If I know your password I still need to know the key to log in.
Sent from my TARDIS
Well, yeah, it's "secure" if by "secure" you mean only Google gets to strip-mine your privacy.
Good options. But think before enabling such high security for things that don't need it. Forgetful parents for example -- give them these things and if they ever lose them or forget one piece of information, their accounts are gone forever.
Some things just need "good enough" security and the likelihood that anyone cares enough to hack them is a risk you accept for the practical real-world usability of the thing.
I skimmed Google's write-up of their new offering, and was seriously considering looking into this. I bear no delusions of self-grandeur, or that anyone would have any reason to be interested in sorting through all the confirmation e-mails for the coffee I buy off Amazon; but I do have some key data tied up in the Googleverse, and the cost of an extra keyfob would not exactly break the bank. However, then I came to this:
Google services on the web
You will only be able to use the Chrome browser to access signed-in services like Gmail or Photos.
That breaks the deal for me, since I don't use Chrome, and it would not be convenient for me, for a few reasons. I can't really think of any valid technical reason why this results in any actual security, unless Chrome pins Google's CA; but the same thing can be done in any other browser too.
Yup, indeed.
My reaction too was "Nope, not the most secure. Just slightly more secure than before, and never as secure as any random provider as long as you use PGP implementation such as GPG" (or eventually if you use S/MIME, as long as you trust enough the authority that certified the keys).
Again people, in terms of privacy and security, it's hard to beat full end-to-end encryption.
For the webmail-using crowd : Mailvelope is an extension that allows you to use openPGP in the "TextArea" field used by webmail client (e.g.: gmail's website)
It just sucks that unlike desktop clients (e.g.: Thunderbird), the built-in default smartphone e-mail clients very often don't PGP or S/MIME encryption.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Hi sir! Please enter your password: ___________
Hi sir! Please also enter your key _________ ....?
Profit!
So they're now encrypting all the emails being stored on their servers and don't hold the key themselves?
Because if they're not doing that, then they're not anything close to "the most secure email provider on the planet".
if Google has access to it.
Except the key rotates every 30 seconds or the key is a physical hardware token that must be plugged into the computer itself and cannot be replicated (think universal 2nd factor).
If you'd like to use this on your phone, tablet, etc. You are beat. Google sign up for this links to this item to purchase - https://www.amazon.com/Feitian... Amazon reports it's not available and does not know when it will be in stock.
Sent from my TARDIS
Paint a target on your back or insinuate-instant-defeat!
How is a separate physical bluetooth key better than the existing option of using Google's Authenticator app for 2FA?
But your not fooling everyone.
Security is now a buzzword.
You are being ripped off every second of every day, so that advertisers can help rip you off even more tomorrow.
...challenge accepted!
To elaborate more :
- 2 factor identification (like the suggested bluetooth and usb dongles) only solve 1 single problem : identity.
Making sure that when Alice receives an e-mail from "bob@gmail.com" it's indeed written by Bob, and not by Eve trying to steal bob's gmail credential by hacking the SMS 2 factors.
But any exchange between Alice and Bob can still be read on Google servers 100% for sure (that's how GMail's Ads work), and maybe by any goverment agency that has agreements (or plain just did an inside jobs without Google's knowledge) and eventually on any mail transmitting node (or, worse case scenario : on any internet router, if some of the mail transmitting nodes use un-encrypted traffic).
- public keys systems (like PGP implementation, and like S/MIME standard) on the other hand solve 2 problems : identity and privacy.
Identity : well, Eve could try to hack bob's Gmail credentials all she likes, she still won't have access to Bob's private key, and thus cannot sign any new e-mail with the same key.
Basically, the private key stored on bob's computer acts as a second factor for establishing the authenticity of the writer.
(On the other hand, if bob uses gmail's access on any other site, e.g.: as OAuth provider, or as recovery e-mail, then those sites will be toast - e.g.: because no site currently uses GPG or S/MIME encryption when clicking on "forgoten password".
It's not a fault of GPG nor S/MIME, it's a fault of most other providers not using it for the password reset e-mails, and Google's fault of not supporting client certs as an additional security measure when doing OAuth).
Privacy :
Without access to Alice's private key, nobody could either read the message : it stay encrypted on the whole trajectory - on Google's servers, on all relaying nodes and even on router, no matter if non encrypted protocols are used.
(On the other hand, if non encrypted protocols are used, Eve could at least guess that Alice and Bob are communicating, even if she can't read the content of the encrypted e-mails. GPG S/MIME encryption only hides the content - that's their limitation. Use HTTPS or even better Tor if you want to hide traffic).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
WTF? How is this anywhere near as secure as simple generic postfix and dovecot, combined with encrypting your fucking email?
If someone is "high profile" then it is totally common sense for them to start handing out their PGP fingerprint and telling people that they're going to auto-delete any sensitive correspondence that isn't properly encrypted. If you're "high profile" then you can get away with making people do their jobs, can't you?
Look at what these assholes are bragging about. They are calling something "most secure" that everyone would have laughed at 25 years ago. The amount of extra work, insecurity, money, self-deception and failure that people are willing to endure to avoid securing email is getting ridiculous. The answer is right in your face: upgrade to early 1990s technology. This problem is "solved" except for (and who knew this was would be such a big problem) persuading people to allow it.
Yes, I know key exchange is hard. But is it even possible that any system which tries to avoid it, can possibly be correct? NO.
If you can't do key exchange, then you can't have private communications, period. In EVERY system where they tried to avoid it, the system failed. (e.g. HTTPS.) You're going to have to meet someone, at least once. Sorry. But you want people to think you're "high profile" and need "advanced protection," so fucking get some advanced, futuristic(1992) protection!
BTW, know why Google doesn't want you to secure your email? Because they want to read it; i.e. exploit your lack of security. If you secure your email, you're no longer any good to them, Mister "High Profile" person. You fucking tool. You fucking naive, willing tool. Bend over.
So they're using technology offered by other services, and consider themselves most secure email provider on the planet. No, you're just catching up if anything.
What about Lavabit? I hear they are up and running again.
One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
My first thought after even reading the summary was ROFLCOPTER.
In related news, the fox has made the hen house safer from outside predators. Hens everywhere are rejoicing!
GMail is the worst email provider I've ever seen because they don't accept a dot in it, which is the most important thing in an email address apart from the @ sign. I still find it hard to believe I'm not seeing things when I see a gmail address without a dot. Not only does it look totally hideous having your name merge intoabigcontinuousunreadablemess, but it makes people's names become other names e.g. Paul Smith already exists, so Paul uses his middle initial and becomes paul.a.smith@domain in a proper email system. In gmail he/she becomes paulasmith. Is this Paul or Paula? The number of combinations of names is also massively reduced. I hate gmail with a passion because of this. You wouldn't actually believe how much I hate it. It's breaking email. I'm actually pounding my keyboard typing this as I'm so annoyed by it.
I'll stop now. And calm down.
I just switched from Gmail to ProtonMail because I wanted the most secure email provider. This little feature change by Google does nothing to change any of the important factors - one being that with ProtonMail all my emails are stored using client side encryption.
You cannot, ever, trust a US company where National Security Letters come into play.
it's in my head
or do most posts anymore sound like advertisements for half a dozen companies? The same ones every day.
> I specify that Congress should make broad legislation allowing a regulatory agency to select the most-appropriate, affordable, and effective technology of today;
They did. The federal government requires MD5. SHA256 is not acceptable for many federal uses (though it is now FIPS), because they haven't updated the relevant federal standards. Our system of government was designed to be fair, transparent, and flexible. It was not designed to be fast and efficient.
Dare I say the more aggressive reader of other people's email may be THE Google itself.
Who will protect me from them?
Oh, and law enforcement does not have "backdoor access", at least not the way that I would interpret the phrase.
And you have what evidence for this? Unless you actually work at Google in a fairly technically privileged position you would have no way to know if they do or do not have backdoor access under any definition of the term you care to use. You would have to be daft to presume that organizations like the NSA or law enforcement agencies don't have or cannot get access to your communications with or without Google's permission. While you are correct that in general they would need to jump through hoops, there is substantial evidence to suggest that these hoops aren't much of an obstacle.
If law enforcement or other authorized agents of the courts present a valid and duly authorized document which legally compels Google to hand over your data, Google will hand over your data. If it's not correctly executed, is overly broad or has some other legal defect, Google will refuse.
No, Google MIGHT refuse at their discretion. You have no way to be certain of their behavior and you should adjust your own behavior accordingly.
Congress is even slower than regulatory boards.
SHA256 is not an identification protocol.
Support my political activism on Patreon.
If it's still hosted on US soil, it's still not safe or secure from US laws.
Does Google use an open source encryption standard that can't be cracked?
Would this measure work in all browsers without limitations?
Is Google completely left out of the equation not being able to collect any data or metadata from e-mails?
If the answer is no for any of those questions, Gmail is not the most secure e-mail provider on the planet, and in fact it's worse than many freely available options out there.
Want extra protections involving USB keys for your devices? Get a Yubikey.
You know how passwords are stored hashed?
With the TOTP 2FA, a shared secret is stored in plaintext: the server and client must both know a secret string, which seeds a PRNG, and generates a time-based numeric output. That means the server doesn't take your 6-digit code and "verify" it; it calculates the same code and compares it. If you hack the server, you can grab the secret key and generate the same codes. It has the same at-rest security as a database of plaintext passwords.
With FIDO U2F devices, the device establishes trust by generating a key pair and sending the public key out. The private key stays on-device and is used to sign challenges. The secret required to prove your identity physically exists in one place: the FIDO device. You can't hack Google's servers and steal it.
Support my political activism on Patreon.
Not that there is any way to get that SMS code, or spoof it
deleting the extra space after periods so i can stay relevant, yeah.
The Google ad machine is the outfit I am trying to secure the email from in the first place. So, um, no. Not secure to store the email in the email system of the perpetrator.
See subject: Via APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/
Ads/script/malware rob speed/security/privacy/bandwidth.
Hosts add speed (via hardcodes/adblocks), security (vs. bad sites/malware/poisoned dns), reliability (vs. dns down), & anonymity (vs. dns requestlogs/trackers).
Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity & faster vs. addons/routers/remote dns!
Avoids DNSChangers in routers/IP settings & dns redirect (99.999% of ISP DNS != patched vs. it) + DNS tracking & lighten DNS load & resolve faster from local RAM!
* Via what u NATIVELY have in a FASTER kernelmode IP stack!
APK
P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/ (self checking code vs. infection of program built-in)
So, Gmail has had this ability for quite a while since you can lock your Google Account to a 2FA device, or even to Google Authenticator codes as a 2FA tool. However, the biggest issue is Apps on Android not being able to use the more secure authentication mechanisms.
Yeah - I turned it on over a year ago. Thunderbird uses 2FA to access my Google Account (via their App Passwords); but for normal logics I still have to keep it at just Passwords b/c too many apps - even by big app providers - don't support using your Google Account in the more secure modes. IIRC even Google's own PlayStore might have been problematic.
Truth is like the sun. You can shut it out for a time, but it ain't goin' away. - Elvis Presley (source: imdb.com)
So in the absence of evidence, you declare the existence of a backdoor?
No, in the absence of evidence you assume there may be one and behave accordingly. I presume no knowledge for or against the existence of a back door.
I think you, being the one making the claim, needs to provide the evidence.
I don't need to present evidence of anything. I have no idea if there is or is not a backdoor and neither do you. What I do know is that I have no reasonable way to audit Google on the matter so the only safe course of action is to presume a backdoor exists which will keep you safe even if it does not exist. Unless you control a system it is idiotic to presume it to be secure.
"Google Just Made Gmail the Most Secure Email Provider on the Planet"
Pretty sure that BlackBerry Enterprise Server (BES) is still more secure than this.
"Last year, hackers working for the Russian government tricked John Podesta, one of Hillary Clinton's top advisers, into giving away his Gmail password."
Any evidence that has been released (not alleged) points to Seth Rich as the leak of Podesta's emails and that leak got plugged.
Which is exactly why the "key" in proper two-factor authentication is something you physically have, and not a piece of information you can share. Whether it's a constantly changing "password" that can only be used once, or a bit of challenge-response encryption where the encryption key never leaves a secured dongle, the effect is the same - without having the device in-hand, social engineering and man-in-the-middle attacks can grant, at most, one-time access.
--- Most topics have many sides worth arguing, allow me to take one opposite you.
Google Just Made Gmail the Most Secure Email Provider on the Planet
Slashvertizement much?
Next story from Shilldot, if the price is right:
Microsoft Just Made Windows the Most Secure OS on the Planet
Fair enough, but if Google's servers can be hacked to steal the server-side portion of the Authenticator password then it's possible they can also be hacked to get into your gmail account by other means.
This was the title of a ReplyAll podcast episode a while back. Since they use the Google platform themselves they dove into this question after several kinds of attacks surfaced in the media. Most interestingly those with Google Authenticator keys could be attacked through social engineering (using methods similar to the Google docs attack). Therefore, having an "idiot proof" key exchange sounds like a great and necessary method to secure our stuff. While this is Google only now - I'm willing to bet it will expand in the future. I also use Microsoft's authenticator for work access - and a message pops up on my iWatch asking "are you trying to login" and requires a simple Yes/No tap. Google also has a similar feature in the Google app. No more typing codes.
https://gimletmedia.com/episod...
Of course the attacks of the future will be to steal the current key value off your device.
Meh... I'm unimpressed. None of this security stuff will keep the NSA out of my Gmail, so why should I bother? My email is going to be out there, and when the Russians are meandering through US Security Agency Networks at will, I have no reason to believe the addition of yet another way to lose access to my account will increase my privacy at all.
If they're so secure, why am I able to "impersonate" Google from my own mail server at home ?
As many people have I guess, I've been receiving, but also sending mails directly from home, from my own Debian Postfix server for years.
Few months ago, I tried a very light configuration change, to make my Postfix server behave as if it were my company's domain server (which is handled by Google in fact).
I'm now able to send mails as/from anybody from my company, to anybody in the company, from home ! May be to anybody in the world.
I checked the full message content and found that Google thinks something is suspicious, but, ok, don't mind, let it go. Something related to SPF:
Received-SPF: softfail (google.com: domain of transitioning ... does not designate ... as permitted sender) client-ip=... ; Authentication-Results: mx.google.com ...
I did not tried, but may be I can send a mail as/from anybody in the world to anybody in the world ! (may be just as long as their domain is handled by Google).
I explained that to the IT guys. I scared them, but so far, nothing changed !
I'm not a sysadmin (only at home), so imagine what real professionals / criminals would do, or are already doing.
Totof
What is wrong with the Gmail?
Seriously. THAT is the reason I can't take Gmail seriously, and why every conversation past one reply goes fubar!!!
GOOGLE DO THE RIGHT THING!
What happens when your wonderful token eventually desyncs (they ALWAYS desync, don't let anyone tell you it never happens).
Chas - The one, the only.
THANK GOD!!!
It is more likely that your device ends up being hacked than the server, and then your shared secrets are stolen.
On a U2F device the private key is permanently stored in the hardware and designed to be inaccessible from outside of the device. There is no feasible read access to the keys, so there is little opportunity for somebody else to copy those keys - even if your computer or phone is infected with malware.
It is much like any HSM (in fact, the Yubikey allows you to copy keys onto it for other purposes - but you can't get them back out). The OS knows what keys are on the key, and it can use them but it does not actually have access to read them, the key does the crypto processing.
This is true. However, the technology is applicable in other ways.
I'm running for Congress, and have detailed a solution to identity theft which essentially involves banks and everyone else not opening new credit accounts without a hard credit check (which is today's situation), and those same entities validating your ID (Driver's ID, passport, etc.) face-to-face by proxy to establish identity with the CRAs via FIDO U2F. In this way, a credit check can only succeed if you have the equivalent of face-to-face photo ID validation (because the U2F credential proves that you passed this test at some point).
The weaknesses in that validation are a hacker taking control of the CRAs (all three) to approve hard credit checks; a hacker cracking RSA or ECC by using the public key to derive the private key (currently-impossible); a hacker hacking into your U2F device (not feasible—it shouldn't always be connected anyway, and many run EL5 verified code); stealing the U2F device; or a hacker replacing the keys at the CRAs with their own. The first and last require hacking all three CRAs simultaneously and are detectable (active interference or changing of credential), and you can cut down the attack surface for the last. If you've lost your U2F device, you can call your bank and have them cancel the trusts--your accounts work, but nobody can open new accounts as you until you physically enter a bank once.
I envision Congress passing a law requiring regulatory agencies to use the most up-to-date and affordable technology. NIST always has current technology listed as the standard, so tying these requirements to NIST published recommendations (meaning the credit regulators must clear their regulations with NIST and must jump when NIST says jump) may be a good way forward.
As you can see, a TOTP key is a stealable shared secret, and ineffective for this sort of protection; whereas the FIDO U2F security keys offer cryptographic verification at low cost and complexity, without sharing the identifying secret. That's why the difference matters: it's not that someone could hack your Gmail and paradoxically not be able to hack your Gmail, but that they could hack Equifax or Social Security and still not be able to apply for credit accounts, rental cars, and Government benefits as you. Knowing that such technology exists allows us to bring these protections to the American people.
The best part? These devices can hold over a thousand identities each, and select which to use based on the challenge. You don't need 14 different dongles; you need everyone to standardize around a single protocol and interface with your own personal device. You can walk into your bank for the credit check stuff (everyone checks you by the CRAs anyway), and walk into the DMV or a Social Security branch to establish individual identity trusts with every Government agency in that state and the Federal agencies. Two physical stops, two federation groups (Banks and CRAs; all Government agencies), one credential to carry. Note that every trust is a different key pair, and they're random: there's no standardized ID here, so we still need a separate Government identification standard if we want a real ID. This is a security device to identify a person when they can't present their actual ID--replacing the current method of asking them a bunch of questions.
Support my political activism on Patreon.
My email server is the most secure email provider on the planet. That is because I am its only customer and I know exactly what its security status is. And because it is not web based. No web based email provider cannot ever be secure.
"Really, the most important thing is to use client-side SMIME or PGP encryption..."
I haven't found a client-side encryption system that is easy to install, or one that gives me confidence in its design.
Advice? We need it for ourselves and we support many people who use the Windows OS.
I am using protonmail.
When I login, user id, password, and pass phrase for my mailbox to decrypt it.
If I wanted, I can use google authenticator to add 2FA.
Also in Switzerland, so US subpoena is more meaningless.
You also set your PGP keys so you can send and receive encrypted emails as part of the service.
I would call this pretty secure.
They also have a service protonVPN that is nice.
So the only way to authenticate your iphone is with the single existing bluetooth dongle from a Belgian company that is sold out on Amazon with no known availability. They appear to have no other outlet in the states.
So no iphone, at least for now.
Yubico says effectively that bluetooth looks interesting for U2F but they aren't ready to implement.
Unrelated: U2F is great, but when will we see this tool extended beyond just the web browser? I'd enjoy using this in place of 2fa in lots of applications, even windows login. I know that's not the design goal, but this seems to have been done right (no shared keys etc.)
Assembly is the reverse of disassembly.
Shortly after getting a Gmail account a few years ago, I noticed that a few times a week, I'd get emails meant for other people. Emails from their banks, phone accounts, cable accounts, and most recently Gmail added flight info to MY calendar, and I've never even flown before. A day later, in Gmail, I got a confirmation request from Asia Air for the flights that showed up in the Google Calendar.
I managed to get into that persons Asia Air account, by using the "Forgot Password" feature and canceled his flights. I do the same, when I can, for other erroneous emails I get in Gmail. I'll continue to do this until Gmail fixes their broken algorithm.
Because of this, I will NEVER trust Gmail with anything "important". No telling where emails meant for ME would end up!
"A Bird In The Hand Will Poop On Your Wrist"-Benny Hill,1982
When men from three letter agencies holding thousands of pages of information from you acquired from Google, I would call it insecure. Until they by default no longer hold unencrypted personal information from users, I have no interest in using the service for anything other then a junk mail repository.
Google's own spying and data mining more than make up for breaches from outside sources. I'll pass, thanks.
It's ironic to see this the day after the Infineon flaw was widely announced.
Fastmail has had better options for some time. Their OTPs are quite handy. Been a Fastmail user since 2002 and have never experienced bad customer service or bad tech issues. Use Gmail at work and hate it.
hardly google read all your mail and hence the NSA do so to.
Still quite valuable in that account access typically gives not only allows spoofing and surveillance, but also retroactive surveillance of all non-deleted communications,
Neither Mailveloppe plugin for webmails, nor any standard PGP and S/MIME enabled client (e.g.: Thunderbird (S/MIME) with Enigmail plugin (PGP) ) will ever store the clear text e-mails.
E-mails are kept encrypted in all storages (remote IMAP folders on the server, local mail folder storage, HTML sent by the webmail) and only decrypted on-the-fly before displaying.
Thus it also prevents retroactive suveillance as long as the private keys are kept secret.
and the ability to revoke the legitimate user's access.
Which is not a limitation of public keys (like PGP and S/MIME) per se, but a limitation of google not using user-certs.
(Unlike some enterprises or cacert.org who can require the user to log using a client certificate on their browser).
One major nitpick - "2 factor authentication" typically involves both "something you have" and "something you know", for the specific reason that stealing a "thing you have" is *far* different challenge than stealing a "thing you know". And Bob's private key, as a passive piece of information, is still firmly in the "things you know" territory. Easily stolen, especially in a time when it's pretty safe to assume that at least a couple major governments already have covert control of your computer, and quite possibly a few criminal organizations as well.
Depends on how paranoid you are.
- Private key stored (perhaps even un-encrypted) on your on-line device ?
Yes, it is hackable. (And as much as a lot of OTP smartphone apps used by banks are).
- Separate "encryption laptop" ? (e.g.: see the opsec used by journalists during the Snowden files)
That is going to be rather hard for the government to hack into (they'll be needing methods that work on an air-gapped laptop - e.g.: the various ultra-sound based communications - and hope that a networked device is within range of the anti-air-gap method. And they need the method to have been hacked in advance into the laptop before it was taken offline - basically they need the exploit to have been available in Tails for quite some time)
Still possible, but a hell lot more complicated. At that point hiring a burglar becomes the simpler solution (or using dictatorial abuse of power, if local government can manage it).
(Note that even USB dongle device are still limited to how much their firmware is secure).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Google changed gmail a few months ago so that it no longer logs you out when you close your browser (or when the browser crashes, or the computer powers off), and worse, *they've removed all options to enable this auto-logout behavior*. It used to be that you could choose between convenience (remember me so I don't need to login again) and security (always require a password to get into gmail), but they removed the choice! They've decided that they don't care about your security needs. So this claim of being "the most secure email provider" is laughable. They've already shown they don't care about security by disabling even the most basic protection of logging someone out if the browser should close, or crash, or the computer loses power, etc.
Okay, then.
What do you recommend for some other OS, such as Linux or BSD?
plan to protect users from itself?
Running with Linux for over 20 years!
Only you, Google's adbots and the US spooks will have access to your email contents.
Google is lying. They aren't secure when they can read your e-mails. Who cares if you're encrypted from here to the spy server? What matters is that the spy server forwards your data as-is and lets you have the only key.
In my case, $DAYJOB now uses gmail-hosted "G Suite" email, and has configured it to require either the web interface, or OAUTH2-based POP/IMAP/SMTP authentication. No app passwords or other options are available.
As mentioned by others, it generally seems really low security to trust your data to a server not directly under your control, regardless of whatever access controls it supposedly enforces.
It is debatable if all the extra hoops needed for OAUTH2 actually improve or degrade security, especially if you use a strong password (long randomly generated), protect it carefully (e.g. password manager), and also treat recovery questions the same way as the password (long randomly generated, stored securely).
To actually have usable, email, I wrote up some instructions, patches, and scripts to allow me to use any local email client while relaying through google with OAUTH2. In my case, I prefer mutt, but with this infrastructure, I could use any email client I wanted. Perhaps other people might find my instructions useful.
If you want secure, you use one of the European services like Startmail, Posteo, or Protonmail. American services are not secure, period.
Yup, I agree that we should try to move to large-scale encryption (no matter the form).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
I do work for Google, in security. And I don't have to be in a "privileged" position to know that. The internal architecture is such that providing such a backdoor would require willing collusion by multiple teams, and I know many of the people who would have to be involved.
Ok fair enough. Even if I take you at your word though it still doesn't solve the problem for most of us. There simply is no way to verify Google's security to any reasonable degree so the only reasonable course of action is to assume that my data will be exposed in ways you might not prefer.
I don't actually believe you when you claim that you wouldn't need to be in a privileged position to know if there was no back door. Unless you are actually involved in that code it's hard to believe that you can be sure it hasn't be compromised in some subtle (or not so subtle) way. I understand what you are saying and separation of roles is an important tool in security but it isn't a cure all either.
That means nothing to you of course. Just the word of some random guy on on the Internet who may be lying about working for Google, and could possibly even be lying about what Google does, since obviously he has a vested interest.
Well said.
Sure. What I do know is that Google does often refuse, and that Google's lawyers claim to be extremely picky about validating requests
I don't actually doubt this since I can see Google's self interest but like I said, I cannot be certain of Google's behavior so I should adjust my own behavior to appropriately compensate. While I don't distrust Google per se, I cannot actually rely on the company to be or remain trustworthy. That's not unique to Google of course nor is an indictment of Google or the people there. It's simple logic regarding security. You assume systems you don't control are insecure as a default practice.
protected me *from google*, I would be very interested.