I have just been put through the unfortunate experience of having my Gmail account hacked. I don’t know for sure how they got my original password, but I will discuss that bit and offer some of my lessons learned through this experience at the end of this article. First I want to warn everyone about the huge disappointment I felt at trying to resolve this issue when dealing with Google.
What is your Google Account Worth to You?
First of all, take a second to understand the impact of someone hacking into your Google account. For me, it was huge. I have 4 years of my personal life and business life in that email account – and now some arsehole has access to it all.Â They know everything about me. Worse than that, numerous websites which I have created accounts at have emailed me my username and password over the years – so they have access to several of my passwords (something I didn’t think about straight away which came back to bite me on the arse, and which I am still trying to deal with). And more than that, my Gmail account is linked to all of my other Google applications. My YouTube account. My adsense account, my Adwords account, my Analytics account, my google search history, google finance account…etc. Every google account that I have, was linked to that one email address, and they are all now under the control of a criminal with bad intentions towards me.
That is serious.
The Google Account Tug Of War
So what can you do? You click on the “I forgot my password” button – but the hacker has already changed the secondary email address and SMS phone number – now they just know that you are aware of them. So you use the obvious option and select “My Account Has Been Compromised” on this page and end up at this page: “Contact Us – Accounts Help”
Hooray. A solution! A way to get your account back! You fill in the form, answering a series of questions that only the account holder could know the answer to and you get your account back…right…? Wait a minute – what about someone who has simply had access to the account long enough to collect that appropriate information from the account?
Yeah, thats right – you use this form, get your account back under your control once “someoneÂ at Google” (almost certainly software) inspects your answers against the information in your account, and then sends a password reset link to whatever email address you chose while filling out the form – completely bypassing all of the security measures in your account. You get back into your account with your new password and while trying to deal with what damage the hacker has already done, they fill in the form again and before you know it, they have your account back under their control again.
I did this three times before I realised what was happening. I mean, the first time it happened, I was trying to figure out how this “Hacker” knew my new password so quickly. Did they have a keylogger on my computer? Were they watching my network? Ha. If only the person who hacked my account had such skill… No, it was just a retarded account recovery system that Google has in place, and NO accountability of the uselessness of it all.
The Lack of Support
Here is the real problem with this situation – remember above, just how IMPORTANT this account is to me? Well when I found my account had been compromised, all I wanted to do was pick up the phone and call someone and say “HACKER IN MY ACCOUNT, STOP THEM!!!!”. I mean seriously private information, financial information, financially contracted accounts and everything available to this criminal…I think some immediate support should be accessible. But no. You can find a phone number for your local Google office, but you get a message system designed to deal with questions relating to the Google brand, or employment options. There is an option for assistance with Google Mail etc, but when you select that, you get told that “Sorry, there is no live support available at this time, please see our online Help Centre”. A help centre, which is just a series of articles about how to keep your account secure – Not a bit of help once you are stuck in a tug of war with someone who has already compromised your account.
The only option available is the User Forums. Yeah, your whole life on the line, and you can go somewhere and kindly ask a stranger to help you – someone who is not employed by Google, has no access privileges, and essentially no power to actually do anything. But they can talk you through it…
I am not the only person to have suffered through this, as this thread on the help forums shows:
And there are a heap more posts out there by people incredibly dissatisfied with the lack of support (complete lack!) offered by Google when things go bad.
Two Suggestions for Google
So first of all, my suggestions to Google (wouldn’t it be nice if someone listened…)
At least ALLOW a heightened security option in Google accounts.
Heightened Security state should require that in order for any change in information of your google account, you have to enter a received SMS code, or received secondary email code. So if someone has your password, they still need access to your mobile phone or secondary email address in order to gain COMPLETE control of your account.
Not everyone needs heightened security, but some people (like myself) have a LOT on the line when it comes to their google accounts, and will happily tolerate a little more security in order to keep their information safe. So make it an option in account settings.
Have a real person step in if an account has had 2 account recovery forms submitted for it over the course of a few days.
Clearly, if a single account keeps having this form submitted for it, then there is a problem. It seems obvious to me that the form is currently handled completely by software, but a human looking at IP address of the people submitting the form (compared to historical ip address of the account user), combined with a combination of other evidence (and preferably combined with a text box on the form for “More information”), then a human could sort this out very easily in most cases (or at least LOCK the account – which is a great outcome for the account owner – much better than letting a criminal have control!)
Again, make the number of submissions a personal option in your google account settings. This account recovery form is too powerful as it currently stands, and needs to be controlled. Yet ironically, it is also too lacking, because it is easy to change the information in the account and block out the real owner, or, sometimes the owner really has no idea how long ago they opened their various accounts etc (while a hacker would actively seek out this information upon gaining access so they know they can get back in)
I think if just step one was implemented, then everything would be fine actually. Having a help desk would be brilliant, but it would be unnecessary if there was two layers of protection. You need the password to get in. You need the mobile phone in order to change the secondary email address. You need the secondary email address in order to change the mobile phone.Â You need one or the other to change the password.
Oh, and just to be clear, I mean you REQUIRE access to the secondary email account and/or phone in order to make changes – I am sick of watching all of my accounts email me and telling me “Your password has just been changed – you don’t have to do anything, we’re just letting you know”. Thanks. OK, its better than not telling me, but I think simply requiring a verification click would make that email so much more worthwhile – don’t you?
Use multiple passwords, divided Sensibly
As stated above, I don’t know how the ‘hacker’ got my password to begin with, but I used this one password too widely on too many websites which I should not have. So now I have numerous different passwords, and I have absolutely unique passwords to my vital accounts. Now, if someone steals my password from a second rate insecure website, then they cannot use that same password to gain access to my vital email and financial accounts.
I have always had multiple passwords, but they were not divided sensibly. Keep your vital accounts with unique, strong passwords!
Don’t let your email inbox be a password repository
I have HUNDREDS of accounts online. Online forums, email accounts, social media, video sites, photo sites, blog sites, my own websites, my admin accesses, my ftp accounts etc. It became easy to let my email inbox be my storage method for the passwords to all of these accounts. The problem with this, is that most people do not have a unique password for every single account. So if you sing up at some random online forum with one of your standard passwords, and that forum then ‘kindly’ emails you your username and password (yes, plenty of them do it), if you do not delete that email then a hacker now has one of your standard passwords.
So the advice here is to search your inbox for all of your own standard passwords – and DELETE them all.
A brilliant new talk has just been added to TED (Technology Entertainment Design) which I want to share with everyone. I think there is something of value in this talk for everyone and anyone, but if you are in internet marketing, or have your own product which you are trying to sell, then you will definitely get added value out of the talk!
This is the best engrish I have ever seen in my life. Found in a dock department store in Madagascar (Mananara), this hair care product was clearly confused. You have to read the text in the third image below…
(click on the image for full size)
It is possible to love more than one person at a time. Love is not a resource that needs to be carefully allocated. It is an emotion which can be felt completely, over and over again, without ever running out.
Following rules does not make you moral, it makes you lawful. Morality requires the ability to decide right and wrong for yourself based on valid reasoning – not on doing something because ‘you are supposed to’.
If you care enough about someone to interfere in their life (for their own good of course), at least take the time to understand what you are interfering in. Ignorance is dangerous at the best of time, but when wielded with absolute conviction it is nothing short of devastating.
This is something I was working on for a while in Madagascar. This is an early version – I want to write a more thorough, academic style article on the subject, but until that is completed, here is this:
I know I am not alone in the modern generation with my love of technology and the amazing benefits it brings with it, yet simultaneously dissatisfied with the world which provides us those technological innovations. The â€˜Developed Worldâ€™ â€“ our capitalist consumerist society. Driven by profits, marketing and constant competition, each individual is pushed into working longer and harder in order to satisfy â€˜needsâ€™ largely based on artificial manipulation by other workers. Thankful for my position as a member of the â€˜Developed Worldâ€™ I have always appreciated the privilege that comes with it. Science, information technology, luxury, entertainment and general abundance. I have appreciated these gifts of our modern world, loved them dearly yet also felt an overwhelming dissatisfaction with the modern â€˜developed worldâ€™ itself.
The 9-5 working day has never been appealing to me. Rush hour, traffic jams â€“ everyone doing the same thing at the same time everyday â€“ it has always bemused me. Spending the majority of your pay cheque â€“ usually earned from a job you hate â€“ on fads, well marketed gimmicks, hollow indulgences and image based products. I have never really partaken in this pointlessness. Excessive rules and regulations which seem to be designed for the lowest common denominator of human stupidity. Individual accountability is lost in our world as every possible way of idiots hurting themselves seems to be necessarily considered in advance before you can do anything â€“ otherwise it is somehow your fault when said idiot hurts themselves. Mass media selling us mindless rubbish stories. â€“ prioritising stories about the private lives of pop stars over stories that actually affect our world, like environmental catastrophes, change in governmental regulations and freedoms or the like. â€“spin- On top of all of these bizarre obsessions of our world is the perpetual â€˜Crisisâ€™ we are being sold. Whether it is the cold war, world war 3, Y2K, Terrorism or dramatic climate change, everyone in the developed world knows for sure that the end is near! (still) I donâ€™t put much stock in any of the doomsday prophecies anymore, but a small part of me still thinks that being out of the way of everyone else who does might save me one day.
So in order to distance myself from the over protection of my nation, avoid any semblance of a 9-5 job and maintain a well rounded perspective of â€˜what mattersâ€™, I have long desired to move myself and my loved ones to an essentially self-sufficient property on the outer edges of a large city. From this property, with our broadband internet access, we will be free to earn money (business activity or work from home jobs), educate ourselves, research topics of interest, entertain etc all while living a cheap non-commercial lifestyle.
Getting out of the city is not a new idea, but doing so used to involve significant compromise. For me, loss of employment options, lower income potential, isolation from family and friends and significantly fewer entertainment options were the most obvious costs of leaving the suburbs. Now, and even more so the coming years, widely available broadband internet is removing all of those compromises/costs. As such I have come to believe that more and more people will make the same move as I wish to make. As the number of these people increase, I believe it will warrant the naming of a new â€˜worldâ€™. This lifestyle does not exist within the developed world anymore â€“ too many of the attributes of that lifestyle have been discarded. Nor is the lifestyle anything like those in the undeveloped – or the developing (the 3rd and 2nd) â€“ indeed it is the exact opposite direction that the quality of life has progressed for people who make this change. I therefore think that the individuals who make this move will form the first physically-non-localised world; the Post-Developed world. The Zeroâ€™th World. Or perhaps in the spirit of â€˜The Naughtiesâ€™, the final few months of which I am currently in, â€˜The Naughtieth Worldâ€™.
The Post Developed World I believe the PDW is worthy of its own title for two main reasons. The individuals who make it up, although not physically localised, have essentially removed themselves from all 3 of the other normal â€˜worldâ€™ structures. Secondly, their unity comes through the internet â€“ they are the first virtual world, unbounded by geo-political borders and agendas.
So how is this world made? It emerges as the current internet culture continues to remove themselves from the mass media driven, popular culture, commercial world. It emerges as those individuals choose self sufficiency and personal accountability over governmental protection. Just as members of the Developed world enjoy the fruits of the Developing and Undeveloped world (cheap labour primarily), so too the members of the PDW will enjoy the fruits of the developed world without really exposing themselves to the problems of it. Self sufficiency in most areas protect them from first world economic fears, energy crisisâ€™s, water shortages etc. While their location outside of major cities protects them from terrorism, pandemics, pollution, and even wars to a large extent. All of the usual â€˜fearsâ€™ of the first world are simply removed by moving into the PDW.
The main limitation of moving into the PDW will be getting away from governmental constraints which no longer apply (or shouldnâ€™t). Developed world governments will continue to be a pain to all PDW individuals â€“ yet ironically still required. Undeveloped governments too.
While exorcising themselves from these problems they are still free to buy products locally, travel into the cities etc without hassle.
Becoming PDW Becoming PDW requires some success in the developed world and a strong desire to get out of it. Money is required to be able to buy the property and technology required to achieve sufficient self-reliance. But in the scheme of things, the entry requirements are quite modest. Certainly easier than getting out of an undeveloped world.
Mere power generation, supplemental food generation, and water catchment donâ€™t make you a PDW citizen though. It is also a freeing of the mind from one sided media, from fear and propaganda. It is the ability to genuinely take care of yourself within a communal society, rather than expecting a society to take care of you. Because online, borders fall away and sense of community is valuable.
Table 1: Comparison between Undeveloped World, Developed World and the Post-Developed World – Sorry I can’t figure out how to make Blogger display the table in a reasonable position!
Word of mouth news with little concern for the outside world
â€œThe Newsâ€™ from one or two dominant sources. Very little critical analysis present.
Internet based headlines and self directed research on topics of interest. No single source of information, much critical analysis.
Local food and some traded food. No concept of â€˜Nutritional requirementsâ€™ â€“ you eat what is available.
Huge variety. Much processed and mass produced food. Most â€œTry to be healthyâ€
Private Agriculture supplements DW supermarkets. Internet used to find optimal techniques, and best sources of seeds and livestock.
No hours or deadlines, simply a requirement to produce enough for survival. Seasonal variation and various in nature.
9-5 structure, rush hour, salary, OH&S, leave etc. Productivity at work is not directly related to survival.
Balance between income earning work and survival based work. All home based, no rush hour, no salary, no leave.
Basic entertainment, usually self made. Alcohol common.
Nightclubs, Pubs, Movies, Parties, Cultural, Computer Games, Home entertainment, Holidays.
Computer games, Home entertainment systems, The Outdoors, Holidays, Local Pub
Primarily fire based. Supplemented with oils, fats and waxes.
Government controlled and fee driven. Usually reliable. Centralised vulnerable distribution.
I returned from Madagascar a few days ago and I am already hard at work trying to catch up with all of the overdue work I had waiting for me back here, PLUS another few ideas I have had while I was away.
I will be working on actually arb trading primarily probably. Simply because I am broke and I need some immediate money and arb trading is the only means of immediate money available to me atm (other than a job of course, but that would really interfere with all of my other loftier goals)
So I am working on perfecting my arb spreadsheet while trying to update SAG and SBB – I need to make some changes to how SAG deals with the numerous alert services. I have several days worth of solid typing to do in order to put all of the articles I wrote in Madagascar into TDMSKP.
Probably most interesting new development though, is that I am going to create a website for Carmen, my friend that I travelled with. She has been travelling for over 16 years now (6-9 months every year) and has done a lot of writing in that time. So I am going to make a blog for her and start posting her travel stories, short stories, poems and other odds and ends for her.
She was actually the page 3 spread in the Sydney Morning Herald back in June: Article Multimedia
A quick mention for Klaus’ new website too. He has created a forum website to help people with scams. So if you have ever been scammed, or know of any scams which you want to warn people about, or even if you just feel like getting into some interesting political or religious discussions, then go to www.ScamsHelp.com and register and participate there!
Jon has volunteered to write a trip report for the two canyons, while Trev has volunteered to put together the video, so I really appreciate that. Meanwhile, I found out while I was away that two of my photos actually made it into the OzCanyons calendar for 2009, which was pretty cool. See the OzCanyons 2009 calendar here.
A common phenomenon that I have noticed over the past few years is people seeing someone else doing something strange, something a little abnormal or simply doing something a sub-optimal way, and upon seeing this asking their friends “Why would you do that?” or some similarly judgemental question. And it is always asked with such a condescending tone – there is no doubt that the question is not really a question, but an attempt to point out the ‘failing’ they see in the person in question. What they are really saying is “That is such a stupid thing to do/stupid way to do that, I would do it better than that”
It is interesting that I hear people ‘asking’ this question all the time, yet I never see any indication that the person ‘asking’ the question has ever bothered trying to ‘answer’ the question they have (not really) ‘asked’.
I don’t mean to make myself sound like I am above this phrase – I am sure I have said it myself many times. What I am interested in now though, is qualifying the statement by following it up with a genuine thought process. I want to think “Why would you do that?” then follow that with a genuine introspective questioning process: “No really, what reasons would a person have for doing that? Maybe they can’t do it the better way? Maybe there is more going on here than I can see, maybe they have some sort of disability, maybe they are actually smarter than myself and it is myself that doesn’t understand” etc.
I can’t really expect the population at large to pick up this method of introspective consideration, but I think it is more valuable to attempt to understand ‘why they would do that’, than it is to simply ask an empty rhetorical question designed to indicate how bad/stupid/uncoordinated/social inept someone else is.