Last month's The Atlantic has a (very long) story about a man's wife's gmail being hacked and deleted. It goes through what happened, how they recovered, the difference between users' expectation of service and cloud providers capability and he interviews many people at google and other experts on cloud services and security.

After the first page, which recounts what happened, it becomes very interesting. Some things I took from it:

using google's recovery page they restored 1,000 emails up to 12 months old, out of 4gb+ of email she had over several years. Had the deletion happened last year nothing would have been recovered because google didn't have the technology in place. The recovery took a very long time, and google engineers believe that many other email providers would recover even less.

you can say that your emails and correspondence aren't really important, but when it is actually gone you may think differently

gmail accounts are taken over at several thousand per day, at the moment few are destructive. The people doing so are very skilled. Your exposure can be more than just your email account.

google are constantly improving processes to detect hacked accounts, but strongly recommend using their two factor authentication system and ensuring your recovery options are up to date.

they encourage the correct horse battery staple approach to passwords.

You have instilled enough fear for me to go checkout the two step auth process and it does look interesting.

when people ask me to recover their emails because they were too stupid to use a decent password or because they gave their password out, I generally just lol at them and continue on my merry way
its pretty much completely unreasonable to expect your email provider to continue to store messages after they've been deleted using your username & password

Speaking of which, I know at least one of you (teq?) runs some sort of email grabber thing from home & uses it to filter out the spam, who are you and what do you use? PM plz so we don't derail this thread :)

not me, I do host my own domains and I only use gmail for gchat, but the only scrubbing I do is via RBLs/Spamassassin/ClamAV etc etc
Thunderbird automatically takes messages marked as spam via Spamassassin and deletes them based on a rule, which "removes" them from all of my devices (imap)

if you are prepared to run your own email service because you think you can do it better and cheaper than email providers, or security is such a concern to you to warrant that cost and effort, then this article isn't for you.

if you think that only stupid people have their accounts hacked, then you should read the article.

its pretty much completely unreasonable to expect your email provider to continue to store messages after they've been deleted using your username & password

But you would expect your bank to return your money that someone stole from faking your CC, right? Unauthorised access is unauthorised access.

But you would expect your bank to return your money that someone stole from faking your CC, right? Unauthorised access is unauthorised access.

Does google say they guarantee anything when you use their service? What guarantees does your bank provide when you sign up? Compare apples to apples man, they're 2 different services.

if you are prepared to run your own email service because you think you can do it better and cheaper than email providers, or security is such a concern to you to warrant that cost and effort, then this article isn't for you.

if you think that only stupid people have their accounts hacked, then you should read the article.

1. I don't run it because its cheaper or easier, security is my main concern
2. If your account is hacked because your username and password were easy to crack or guess, you're an idiot
The only time it should be the hosting providers problem is when their own security systems didn't keep the hackers at bay.
Ie. they had some compromised web form, SQL injection susceptibility, root kitted or something

But you would expect your bank to return your money that someone stole from faking your CC, right? Unauthorised access is unauthorised access.

If I lost my ATM card and someone guessed my pin, it's my own fault
I like that the bank will replace the money, but it's Apples and Oranges - emails can't just be "replaced", they're not something you can replicate
You don't have to "Back up" money

anyway, the article is interesting, I'm just completely jaded because I work in the industry and all I see is idiots all day every day who think "it will never happen to me" and then rant and carry on like children when their password (which was "password1") is used to fuck them over

anyway, the article is interesting, I'm just completely jaded because I work in the industry and all I see is idiots all day every day who think "it will never happen to me" and then rant and carry on like children when their password (which was "password1") is used to fuck them over

my gmail got hacked, it was because i used the same password on another site with that gmail address. anything "really important" like money has a different username / password to it, but its still quite a shock to see your account accessed by someone using a USA ip address.

In the end though, GMAIL is a service provided for free, from a company whose jurisdiction is halfway across the globe. this is why you PAY for LOCAL services so you can make them accountable to this sort of thing.

I got done as well, like captain lateral, lazy passwords etc, fortunately as well I separated money matters with email matters.

Now its 2 step auth for me for gmail and facebook which seems pretty bulletproof unless i lose my phone

Same with origin, no full stop characters, how in the hell...

look i realise there are super techo nerds on here that know better than everyone else. But if your family or your friends or anyone you know that might defer to you for advice on tech related things, if they may, just may, have a "free" email service from one of the many providers, then you should encourage them to read that article.

Anyone who is techno noob enough they need someone to tell them why "password1" isn't a good password is going to either be too stupid to understand that article, or simply too ignorant and one of the "meh who cares" crowd.

Yeah what the fuck up is with "YOU MUST USE ATLEAST 1 CAPITAL and 1 NUMBER". How about fuck off.

i enjoyed reading your summary enough. don't be so good at summarising if you want me to read the link!

This and this:

Aye, just enabled it myself. Have been thinking about it for a while.

in relation to 2 step authentication.

2 step google authentication locked down!!@!

I migrated to 2 step a while ago. It was a bit of a pain but worth the added security

Any of you folks with google apps hosted mail backup your mail locally? If so, what you using? There's good ole outlook cache mode but thats more of a sync than a backup.

heh, turned PC off for the night and had to authenticate g-talk this morning... interesting...

It's quite a few hurdles but worth it.