To make this more NANOGy, what is OUR role in all of this?
Two questions that relate here:
How does NANOG make inbound network abuse easier to stop and harder or
costlier for networks and clouds to ignore?
How do NANOG operators attempt to keep private things private?
For the latter, IMHO most NANOG members likely also run, manage, or interact
with
businesses that hold data.
Three of the NANOG Principles apply here:
Security within our digital platforms
Sustainability of Internet technology professions
Innovation within the community
We all should be doing whatever we can within our own organizations to
improve end user privacy and security. I'm going to make another go at it
within my own.
And anything we can do to make it harder for networks and cloud providers
to ignore abuse reports and stop it is an Innovation that might move the
burden of network attacks off of the recipients and onto the sources.
Beckman
On Tue, 16 Aug 2022, richey goldberg wrote:
“thought that google fi was a neutral pipe.”
There is nothing neutral about Google or any of companies that are their
competitors. They all have some sort of agenda which is to do what’s best
for them or what they *think* is best for everyone else. Even if it’s not.
“are google, like fb, recording and retaining direct messages and sms/mms
contents”
They may tell you they are not but there is no doubt in my mind they are and if
they got caught their response would be “Oopsie, my bad”.
-richey
From: NANOG <nanog-bounces+richey.goldberg=gmail....@nanog.org> on behalf of Mark
Seiden <m...@seiden.com>
Date: Tuesday, August 16, 2022 at 3:48 PM
To: Jon Lewis <jle...@lewis.org>
Cc: nanog@nanog.org <nanog@nanog.org>
Subject: Re: Google Abuse
well, that isn’t exactly true.
ALL of the fraudsters, business email compromisers, spoofing accounts are now
from gmail and as far as i can tell,
there is no evidence that they do ANYTHING about them. i recently gave a
talk on fraudulent restaurant reviews
in google maps. easy for humans to spot. (hundreds of machine learning
engineers at google. what are they doing?)
but here’s a counterexample… not that it serves anyone particularly well:
a colleague of mine (ex googler, superb engineer, with a brother who is a
current googler) had ALL of his google accounts
deactivated recently. a google fi customer, he used it to send an mms photo of
a rash on his toddler’s crotch to his wife,
so she could upload it (using https) to their pediatrician’s portal for
diagnosis.
a few days later the cops were at the door with a search warrant. the cops
agreed it was a false positive, but despite that,
the accounts were deactivated (including gmail), seemingly permanently, despite
multiple attempts to revive it and attempts
at escalation.
i was actually surprised. i thought that google fi was a neutral pipe.
who knew that google mines mms images for pink parts?
do the other cell phone companies do the same? (not that i particularly need
to test it…)
(is there any transparency here regarding the scanning and retention policy for
sms and mms contents?)
which raises, in the post-boggs world, another question:
are google, like fb, recording and retaining direct messages and sms/mms
contents, so they can turn them over
to law enforcement who have become “interested" in who was pregnant and who
stopped being pregnant?
https://www.vice.com/en/article/n7zevd/this-is-the-data-facebook-gave-police-to-prosecute-a-teenager-for-abortion
(once again, there ain’t no sanity clause.)
On Aug 16, 2022, at 10:43 AM, Jon Lewis <jle...@lewis.org> wrote:
On Tue, 16 Aug 2022, Cristian Cardoso wrote:
Hi
I'm receiving thousands of requests from a Google Clou VM on my network, I've
already sent reports to Abuse from GCP, but without success, does anyone happen
to have a Google abuse
contact to indicate?
There is no Google abuse. It's just traffic you don't want that they don't
care about. Block it at your edge and move on.
----------------------------------------------------------------------
Jon Lewis, MCP :) | I route
StackPath, Sr. Neteng | therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
---------------------------------------------------------------------------
Peter Beckman Internet Guy
beck...@angryox.com https://www.angryox.com/
---------------------------------------------------------------------------
