Hacker News new | ask | show | jobs
by fauigerzigerk 5185 days ago
So we have two cases:

1) A suspected TOS violation by the legitimate owner of the account.

Trying to prevent this via obscurity is crazy and counter-productive as people cannot learn from honest mistakes. It also antagonizes people who become victims of bad algorithms. There is no reason why the kind of staged response I outlined couldn't work in this case.

2) A suspected security breach that puts ownership in doubt.

This should be handled by resetting the password and contacting the legitimate owner using contact information on file before the breach. It's really simple.
1 comments
andreasvc 5185 days ago
I imagine it goes like this:

1) attacker guesses your password or obtains it via phising.

2) attacker changes password, starts sending spam

3) google locks account

When you have arrived at 2), you have already lost the account for good, and 3) is only for damage control.

You should know that Google has no way to verify whether your account has been hacked, or whether you yourself are a spammer; therefore the best thing for them to do is just to lock the account.

link
fauigerzigerk 5185 days ago
That's not the best thing to do, that's the most unimaginative thing to do.

I would do it this way:

1) Make sure that only the legitimate owner has access to the account by using previously entered contact data to ask him/her change the password.

2) Check if the suspicious behavior stops, which it will in most cases.

3) If it doesn't stop, put the account in read-only mode. If the kind of behavior may be an honest mistake, explain to the user what happened. Just take that risk, it's going to be worth it.

4) If it's a statistically active user with lots of regular looking data, let a human sort things out.

5) If the issue remains unclear, tell the user to download any data he wants to keep and notify him/her that the account will be closed.

link
andreasvc 5185 days ago
Yes, that would be better for the user, but this is a free service, and Google has not much too gain from making the process more complicated (imaginative) and thus more error-prone. As a user you have the responsibility of keeping your password absolutely safe, if you do that (and better yet use 2-factor auth), nothing should go wrong.

Your option 1) boils down to adding more "passwords" by which the user can authenticate itself, so it's not a fundamentally better protection as they can be guessed by an attacker as well. Requiring a text message confirmation for password changes might be a better idea.

link
fauigerzigerk 5185 days ago
All steps on my list are either fully automated or optional, so it doesn't cost them more.

Google has a lot to gain from people entrusting them with their data, that's why they provide a free email service in the first place.

It would be a mistake to think that trust is linear. You can't just treat a few people very badly without risking a major backlash against your business model.

link