It has been in the news a lot. We are talking about the hacking of Google in China. If you are unfamiliar with the incident, the short version of the story is that hackers with Chinese IP addresses (that is, from computers physically located in China) gained access to Google Mail accounts. It seems the email accounts in question belonged to people speaking badly of the Chinese government.
How did this attack happen? Well, it has now been admitted by Microsoft that there is a vulnerability in Internet Explorer which allowed someone (the hacker) to remotely run programs on someone else's (a Google employee, for example) computer.
Now, people can blame Microsoft for having bugs in their software. However, finding any piece of software without bugs is quite a rare thing and there is no evidence that Microsoft knew of this bug so they were very unlikely to fix it.
People can blame the Chinese government (though it seems there is no evidence at this point that it was the Chinese government, nor is there evidence that it was not) for spying but it is the nature of governments to spy. The US and UK governments regularly spy on foreign nationals and even on their own citizens. Should we expect the Chinese government not to try to protect itself from those who would harm it? Please do not think we support the Chinese government. We do not support any government. We support the right to privacy. The point here is, right or wrong, governments will spy - it is their nature.
So, who do we blame? We must blame someone, right? After all, private messages were read therefore someone must be responsible.
Could we blame Google? Perhaps. However, Google has not explained all of the details on how the attack happened. So, it is possible that a Google employee was careless. It is also possible that every Google employee did everything they should, using reasonable standards.
So, back to who. Who can we blame? The best place to lay the blame would be with the email account holder himself or herself.
Are we blaming the victim here? Yes, we are. However, we are blaming them because they were reckless and careless. Let's explore this point in more detail.
Let's take a look at a fictional human rights activist. We'll call that person Jane Doe. Jane is opposed to China's stance on human rights. She spends time in China and also travels the world. She uses email as her main medium of communication. She corresponds with other human rights activists regularly and, most importantly, she keeps all of her old email stored on Google's servers.
What a great convenience it is for her to keep all of her email on Google's servers. No matter where she is in the world, as long as she has Internet access, she can access all of her old email with a sophisticated search engine. She trusts Google and she sees that her connection to Google Mail uses SSL so she feels her communicates are private.
The question is, are her communications private? Of course they are not.
Imagine that you have some electronic documents which you want to be kept private. Would you store them on a friend's computer? What if you really trust that friend? What if you know that friend has absolutely nothing to gain from sharing those documents with anyone else? Of course, you would be silly to keep your sensitive documents on someone else's computer. The reason is not that you do not trust your friend. It is that you are burdening that friend with a responsibility of which they may be completely unaware. So, someone breaks into your friend's home and steals his computer. On that computer, they find your documents. Now, someone you do not trust has your private documents. Who do you blame? Your friend? Blame yourself! What you should have done was keep your documents in your possession all the time. If you let your documents out of your direct control then you should encrypt your documents. However, leaving something private and sensitive in someone else's hands is simply careless.
Back to the story of Jane Doe. Jane kept all of her documents on a friend's computer (the friend is Google and the computer is Google's server). Someone 'took' her friend's computer (via hacking) and now has all of Jane's sensitive documents.
Yes, Jane could blame the spy but she clearly left herself vulnerable to such an attack. She was careless and now she must pay the price. Unfortunately, in the case of someone speaking against the Chinese government, the price to pay can be quite high, indeed.
Now, as we say, hindsight is 20-20 (that is, seeing things in the past, which you cannot change, is easy). What should Jane have done?
Of course, Jane should have taken all of her data with her. Jane should have never left her data on any server and anything on a server while in transit (such as messages sent to her but which she has not received, yet) should have been encrypted.
TrulyMail does all of this for her. If she used TrulyMail instead of Google Mail, her old messages would not have stayed on the server. Once her messages were downloaded, they would exist only on her computer (or USB drive).
Once again, we see that email is deeply flawed and that TrulyMail solves the problems. So, do yourself a favor; use TrulyMail and avoid email. You, and all of your contacts, will be a lot happier.
Subscribe