« I'm Good With That | Main | Separate and Unequal Replaces Separate, But Equal »

May 01, 2014

Well, Ain't That Funny

Why is Google censoring my Yahoo email?
Ever since the Heartbleed security hole was discovered, and subsequently patched, Gmail has been censoring all mail coming from Yahoo. Since Google doesn't have any support tech at all, the only way to attempt to get an answer about this, is to go to one of their myriad forum pages and *hope* that someone from Google actually sees your complaint. Seems kinda, I don't know, un-customer friendly to me. Especially given the number of bloggers who use Gmail addresses, and the even larger number of everyday Yahoo email addresses out there.

Now, the Heartbleed security hole wasn't one that was directly associated with any specific virus, trojan or malware, so there wasn't any chance of anything being spread. It was simply a flaw in the security socket programming that became the norm for providing secure connections to places like banks, etc. where important transactions, ie, money, personal information, etc., is being transmitted back and forth between two computers. A flaw that apparently was never exploited [To'S:Cloudeight] even though it had been in existence for almost two years before a Google employee stumbled upon it.

"For the last week, researchers at the Berkeley National Laboratory and the National Energy Research Scientific Computing Center, a separate supercomputer facility, have been examining Internet traffic they recorded going in and out of their networks since the end of January, looking for responses that would indicate a possible Heartbleed attack.

They found none, said Vern Paxson, a network researcher at Berkeley Lab and associate professor of electrical engineering and computer science at the University of California, Berkeley."

So, after all this time there hadn't been any discernable use of the Heartbleed flaw...well, that is, until it was made public:

"But security researchers and law enforcement are growing concerned that hackers are trying to exploit the flaw now that it has been public for more than a week.

[snip]

Meanwhile, four computer scientists at the University of Michigan, Zakir Durumeric, David Adrian, Michael Bailey and J. Alex Halderman, have been monitoring stashes of fake data on the Internet — called honeypots — to see if hackers would try to retrieve them using the Heartbleed bug. It worked.

To date, they’ve witnessed 41 unique groups scanning for and trying to exploit the Heartbleed bug on three honeypots they are maintaining. Of the 41, the majority of those groups — 59 percent — were in China.

But the attacks began only after the Heartbleed bug was discovered on April 8. The computer scientists have also found no evidence of any attacks before the disclosure, and they say it’s impossible to tell if the scans came from real hackers or other security researchers trying to look at the problem."

Now that the flaw has been found, patched and is being constantly monitored, why is Google still censoring Yahoo email?
And, as a follow up, on what grounds does Google - or any provider for that matter - believe it can censor any email in the first place?

Posted by DL Sly at May 1, 2014 02:04 PM

Trackback Pings

TrackBack URL for this entry:
http://www.villainouscompany.com/mt/mt-tb.cgi/5081

Comments

And, as a follow up, on what grounds does Google - or any provider for that matter - believe it can censor any email in the first place?

It's called blacklisting, and it happens all the time. Businesses get blacklisted, organizations get blacklisted, any given domain can be blacklisted, and the reasons vary. It could be because the blacklister was receiving a vast amount of spam from a sender under a particular domain. It could be that protocols used by a particular mail client are insecure, and the blacklister wants to prevent infection from that domain. In many cases, the blacklistee does not even know they've been blacklisted until users complain (and describe the problem well enough to allow the pattern to emerge).

The company I used to work for previously got blacklisted several times by various mailservers. Once even by AOL. And generally it was because of an unsecured mail script placed by one of our customers that spammers found and exploited. Eventually, we'd find out that no email sent to an AOL address was received (it doesn't go to a spam folder, and it doesn't bounce back, it just... disappears), and we'd ask them nicely to stop blacklisting us.

As for the "why do they believe they can censor", the answer is quite simple. It's their mailserver. They can block anything and everything they want from entering. They are under no legal obligation to allow emails from a given domain in, and if it's to protect their customers, you can bet they'll do it in a heartbeat. And heck, in some circumstances, I wouldn't even be surprised to discover that the authority that made the decision to blacklist a given domain wasn't a person at all, but an anti-spam/anti-virus algorithm. Sure, there SHOULD be human oversight into what gets blacklisted, but "should" and "is" are two different animals.

Posted by: MikeD at May 1, 2014 02:45 PM

While I know that it's their server, Mike, I also know that they have an End User License Agreement that they have to abide by, as well as the indivual account holders. I'm one of those really weird people who actually reads their EULA's all. the. way. through. And, while I haven't checked their EULA's lately, the one I agreed to mentioned nothing about them selectively censoring my email.
0>;~}

Posted by: DL Sly at May 1, 2014 02:54 PM

Does it say that they may not block inbound email? I'm almost 100% willing to bet it does not. The EULA is primarily to bind you, not them. And if nothing else, they can chalk it up to protecting you (their customer) from spam/virus/whatever, and likely no one will say a word about it.

Posted by: MikeD at May 1, 2014 04:02 PM

IIRC, neither Yahoo nor Google charge a fee for the email service they provide, and as a bright Techie once told me:
'if you're not paying for a [software] product, then YOU* are the product!'

*your personal data, and info about you gathered from your use of the software product/service provided.

Posted by: CAPT Mike at May 1, 2014 04:09 PM

Actually, Google's TOS does allow them to block emails from senders.

OTHER THAN AS EXPRESSLY SET OUT IN THESE TERMS OR ADDITIONAL TERMS, NEITHER GOOGLE NOR ITS SUPPLIERS OR DISTRIBUTORS MAKE ANY SPECIFIC PROMISES ABOUT THE SERVICES. FOR EXAMPLE, WE DON’T MAKE ANY COMMITMENTS ABOUT THE CONTENT WITHIN THE SERVICES, THE SPECIFIC FUNCTIONS OF THE SERVICES, OR THEIR RELIABILITY, AVAILABILITY, OR ABILITY TO MEET YOUR NEEDS. WE PROVIDE THE SERVICES “AS IS”.
SOME JURISDICTIONS PROVIDE FOR CERTAIN WARRANTIES, LIKE THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. TO THE EXTENT PERMITTED BY LAW, WE EXCLUDE ALL WARRANTIES.

They give you want they want to give you, take it or leave it. Right or wrong, this is pretty standard. They own the software and can make it do what they want. You can use it or not.

Posted by: Yu-Ain Gonnano at May 1, 2014 04:39 PM

'if you're not paying for a [software] product, then YOU* are the product!'

Absolutely 100% accurate. If you can not immediately see how you are paying for a product or service, then the safest thing to assume is that they are selling the information you provide to them to third parties. Now, generally, it's nothing more sinister than advertisers, but occasionally that data finds itself in the hands of spammers. And, while I have no proof of this, I'm near convinced that unsubscribing from a "notification" email or group of emails (which does obligate them to stop sending emails to you) verifies that the email address they've purchased has a valid human behind it, and they resell those to other companies at a markup.

Posted by: MikeD at May 1, 2014 04:41 PM

I haven't been able to work the NYT crossword in the website's competitive timed version for ages, apparently because Apple is unhappy with the security of Java again. I'm willing to believe they're motivated by security concerns rather than a quarrel with whoever's associated with Java (is that crowd-sourced or commercially produced? I don't even know), but it's still irritating.

To be fair, of course I could quit using Apple products, but I'm completely in the tank for them, and they can quite accurately conclude that it would take a lot more than this for me to switch providers.

Posted by: Texan99 at May 2, 2014 10:23 AM

Apple's problem with Java is that Jobs believed it to be inelegant, ugly, and "tasteless". Jobs was a big believer that function takes a back-seat to form when it came to users.

It's also why you'll never see a live wallpaper on an Apple product. Jobs found it to be garish and low-brow.

This kind of sneering condescention is one (of several) of the reasons I won't choose Apple products for myself.

Posted by: Yu-Ain Gonnano at May 2, 2014 11:10 AM

Java is a product of Sun Microsystems, who used to be quite famous for making excellent computer workstations. Interestingly enough, Sun workstations utilized RISC architecture CPUs just as the Apple computers did (as opposed to the 8088 architecture used by PCs and modern Macs). The RISC chips were faster and more capable than the 8088 chips, but also much more expensive. So I also wonder if there was not some competitive element to Jobs' dislike of Sun Microsystems.

But once again, YAG is 100% on the ball. Steve Jobs was an elitist, condescending snob, and that attitude filtered down to his devoted (almost cult-like) followers. And frankly, I find it almost humorous that every single dedicated snobby Mac-stereotype fanboy I've ever known is also a die hard liberal who had the most incredible blinders on about their hero Jobs, and how he treated employees (or indeed about the near slave labor conditions of the Foxconn factory in China).

Posted by: MikeD at May 5, 2014 09:13 AM

Post a comment

To reduce comment spam, comments on older posts are put into moderation 5 days after the last activity. Comments with more than one link also go into moderation. If you don't see your comment after posting it, try refreshing the screen. If you still don't see it, your comment is probably in the moderation queue.




Remember Me?

(you may use HTML tags for style)