Google Abuse

Peter Beckman beckman at angryox.com
Wed Aug 17 04:06:20 UTC 2022 

To make this more NANOGy, what is OUR role in all of this?

Two questions that relate here:

     How does NANOG make inbound network abuse easier to stop and harder or
     costlier for networks and clouds to ignore?

     How do NANOG operators attempt to keep private things private?


For the latter, IMHO most NANOG members likely also run, manage, or interact with
businesses that hold data.

Three of the NANOG Principles apply here:

     Security within our digital platforms
     Sustainability of Internet technology professions
     Innovation within the community


We all should be doing whatever we can within our own organizations to
improve end user privacy and security. I'm going to make another go at it
within my own.

And anything we can do to make it harder for networks and cloud providers
to ignore abuse reports and stop it is an Innovation that might move the
burden of network attacks off of the recipients and onto the sources.

Beckman

On Tue, 16 Aug 2022, richey goldberg wrote:

> “thought that google fi was a neutral pipe.”
>
> There is nothing neutral about Google or any of companies that are their competitors.    They all have some sort of agenda which is to do what’s best for them or what they *think* is best for everyone else.  Even if it’s not.
>
> “are google, like fb, recording and retaining direct messages and sms/mms contents”
>
> They may tell you they are not but there is no doubt in my mind they are and if they got caught their response would be “Oopsie, my bad”.
>
> -richey
>
>
> From: NANOG <nanog-bounces+richey.goldberg=gmail.com at nanog.org> on behalf of Mark Seiden <mis at seiden.com>
> Date: Tuesday, August 16, 2022 at 3:48 PM
> To: Jon Lewis <jlewis at lewis.org>
> Cc: nanog at nanog.org <nanog at nanog.org>
> Subject: Re: Google Abuse
> well, that isn’t exactly true.
>
> ALL of the fraudsters, business email compromisers, spoofing accounts are now from gmail and as far as i can tell,
> there is no evidence that they do ANYTHING about them.    i recently gave a talk on fraudulent restaurant reviews
> in google maps.  easy for humans to spot.  (hundreds of machine learning engineers at google.  what are they doing?)
>
> but here’s a counterexample… not that it serves anyone particularly well:
>
> a colleague of mine (ex googler, superb engineer, with a brother who is a current googler) had ALL of his google accounts
> deactivated recently.  a google fi customer, he used it to send an mms photo of a rash on his toddler’s crotch to his wife,
> so she could upload it (using https) to their pediatrician’s portal for diagnosis.
>
> a few days later the cops were at the door with a search warrant.  the cops agreed it was a false positive, but despite that,
> the accounts were deactivated (including gmail), seemingly permanently, despite multiple attempts to revive it and attempts
> at escalation.
>
> i was actually surprised.  i thought that google fi was a neutral pipe.
>
> who knew that google mines mms images for pink parts?
>
> do the other cell phone companies do the same?  (not that i particularly need to test it…)
>
> (is there any transparency here regarding the scanning and retention policy for sms and mms contents?)
>
> which raises, in the post-boggs world, another question:
>
> are google, like fb, recording and retaining direct messages and sms/mms contents, so they can turn them over
> to law enforcement who have become “interested" in who was pregnant and who stopped being pregnant?
>
> https://www.vice.com/en/article/n7zevd/this-is-the-data-facebook-gave-police-to-prosecute-a-teenager-for-abortion
>
> (once again, there ain’t no sanity clause.)
>
>
>> On Aug 16, 2022, at 10:43 AM, Jon Lewis <jlewis at lewis.org> wrote:
>>
>> On Tue, 16 Aug 2022, Cristian Cardoso wrote:
>>
>>> Hi
>>> I'm receiving thousands of requests from a Google Clou VM on my network, I've already sent reports to Abuse from GCP, but without success, does anyone happen to have a Google abuse
>>> contact to indicate?
>>
>> There is no Google abuse.  It's just traffic you don't want that they don't care about.  Block it at your edge and move on.
>>
>> ----------------------------------------------------------------------
>> Jon Lewis, MCP :)           |  I route
>> StackPath, Sr. Neteng       |  therefore you are
>> _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
>

---------------------------------------------------------------------------
Peter Beckman                                                  Internet Guy
beckman at angryox.com                                https://www.angryox.com/
---------------------------------------------------------------------------

More information about the NANOG mailing list