Would be nice if...
...Google also warned you that any country's court ordered mandate had required access to your Gmail logs, also.
Hey ho.
Several Burmese journalists and foreign correspondents have been warned by Google that their Gmail accounts may have been compromised by “state-sponsored attackers”. The writers, when logging into the webmail service, were confronted with a warning message stating “we believe state-sponsored attackers may be attempting to …
It reminds me of those PBS TV shows that are "underwritten" or "sponsored" by companies and organisations...
"This hacking attempt is brought to you by - North Korea! For all your nuclear testing needs you can rely on North Korea! Part of the Axis of Evil group of countries."
The "government" always censored everything, and the only way to browse the web was to use a VPN. When I went there regularly in 2006/2007, I used to use Your Freedom (a tunnel service).
All web access had to go through "government" proxies, so the tunnel was the only way to go.
The biggest problems we had was actually with the power constantly going down. I can only hope that things have improved over the intervening years.
'Several Burmese journalists and foreign correspondents have been warned by Google that their Gmail accounts may have been compromised by “state-sponsored attackers”.'
How different from our own home life in Britain and the USA, where we KNOW that ALL our accounts have been compromised by state-sponsored attackers.
http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/
http://www.dailymail.co.uk/news/article-2124821/Will-NSAs-new-2bn-spy-center-monitoring-you.html
http://www.guardian.co.uk/technology/2012/sep/15/data-whistleblower-constitutional-rights
Let's look at "what if" differently. What if there is no attempted hack? What if Google just wants your phone number (more personal data) under the guise of "you need more security"? Everybody want's my damn cell phone number for "security". I gave it one time and suddenly I was riddled with spam calls. pffffftttttttttt....
When Google talks about "two-factor authentication", I assume they mean "wonky SMS auth" as their second factor, as opposed to actual secure tokens? (yeah, yeah, I know that even those have been pwned, see SecurID but at least it's much harder to do)
If you're wary of your government, they're sure as HELL going to read your incoming SMS. So that kind of 2FA is useless for them.
I did actually activate 2FA with Google for one of my Gmail accounts. There were several flavours, depending on what you were going for. One was printing a list of one-off authentication numbers and putting it in your wallet. The other was (you are right) sending a number to your mobile phone (for which Google bears the whole cost here in Oz at least). The third one was downloading a Google App which generates a number every 30-odd seconds.
"One was printing a list of one-off authentication numbers and putting it in your wallet."
"The third one was downloading a Google App which generates a number every 30-odd seconds."
Interesting.
Neither seem to need your actual phone number.
But I wonder what else that friendly, helpful Google app does?
Suspicious. Moi?
I got a warning from them yesterday morning that someone/something with a california ip had got hold of my password somehow. Either they are pushing 2FA for their own sinister reasons or there has been a big leak of passwords e.g. via people using the same pwd for facebook and gmail (which I did, like an arse). Or its a concidence.