Stories
Slash Boxes
Comments

SoylentNews is people

Google Takes Further Steps to Eliminate Third-Party E-Mail

posted by martyb on Wednesday July 25 2018, @03:58PM   Printer-friendly
from the [un]intended-consequences? dept.

canopic jug writes:

Brian Krebs has written a blog post about how Google has been using security keys to neutralize phishing of their employees. It stops the phishing quite well but comes at a high cost. No, not the hardware cost of a security dongle, it's the cost of losing third-party mail applications like Thunderbird and their add-ons like Enigmail.

I have been using Advanced Protection for several months now without any major issues, although it did take me a few tries to get it set up correctly. One frustrating aspect of having it turned on is that it does not allow one to use third-party email applications like Mozilla’s Thunderbird or [others]. I found this frustrating because as far as I can tell there is no integrated solution in Gmail for PGP/OpenGPG email message encryption, and some readers prefer to share news tips this way. Previously, I had used Thunderbird along with a plugin called Enigmail to do that.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Google Takes Further Steps to Eliminate Third-Party E-Mail | Log In/Create an Account | Top | 23 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Interesting) by VLM on Wednesday July 25 2018, @04:26PM (2 children)

    by VLM (445) on Wednesday July 25 2018, @04:26PM (#712454)

    It stops the phishing quite well but comes at a high cost.

    I once worked for a place where the regular employees were all up in arms because corporate policy was all email should be assumed scam until proven otherwise and to enforce the IT security training they had other consultants (not me) periodically send phishing emails to all the employees and then discipline employees who did not react per the corporate policy checklist (which I think was forward all phishing to some mailbox, and people who were like "fuck this" and simply deleted the phishing emails were getting written up for violating corporate security policy, which sounds kinda rough).

    Anyway, yeah, if google wanted to eliminate phishing, shoving all gmail using victims thru some machine learning to either torture the user with fake phishing into eternity thus keeping them away from real dangerous work, or verifying they're not idiots, would be a very "google" way to do it. Some machine learning algorithm inserts fake phishing to a goog controlled domain and follows up based on your actions to prove you're an idiot or not. Kind of a Gom Jabbar test for email. Actually a real Gom Jabbar would be an effective way to enforce comsec, although knowing corporate HR they'd instead mandate it (womandate it?) for diversity training and bullshit like that.

    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 2) by Fnord666 on Wednesday July 25 2018, @07:21PM (1 child)

    by Fnord666 (652) on Wednesday July 25 2018, @07:21PM (#712592) Homepage

    Anyway, yeah, if google wanted to eliminate phishing, shoving all gmail using victims thru some machine learning to either torture the user with fake phishing into eternity thus keeping them away from real dangerous work, or verifying they're not idiots, would be a very "google" way to do it.

    One thing to point out, at least in the context of this article, is that this only pertains to Google employees, not your everyday GMail user.