Lately I am a bit displeased with Google way of getting feedback from Gmail users.
This is maybe for another day. This is one of the reasons I opened this blog, feeling that there is no good place for Gmail users' feedback.
so - let's keep it short, it should be a 5 minutes edit post,
these are two features i will be happy to see in Gmail.
1) Ad-Hok mail-thread mailing list.
a mailing list that you can create.
- all the addressee can reply to it - including the BCC
- all the addresse will get the response including the BCC ones.
- the AdHok mailing list is not accessible to senders from outside,
- and cannot be used on other mail threads
What is it good for - mostly to allow a flexible mailing list, free of CC/BCC inconveniences.
in regular mailing list you have problem excluding parts of the list.
with normal addressees - no pun intended - the addresses are seen.
with BCC - they will not be included in others' replies, and have to be exposed if they want to reply.
Ad Hok thread based mailing list is cool elegant way to overcome the caveats above.
there are quite a few corners to polish here, but this is even more fun.
2) sort addressees list Alphabetically
this is a small request, can be implemented as a labin a day.
i sent a mail out recently with about 15 or so addressees - most of then know each other.
BCC was not a respectable option here, the order of addressees appearance
could be an issue. Each one of Charlize Angelina & Brigitte may want to see her name appear
before the others. The only way to make it right, so they won't complain is to sort it Alphabetically
I want Gmail to sort it for me.
Thanks.
I think it can make a small cute Lab feature.
That's all for today.
Thursday, July 29, 2010
Monday, July 12, 2010
Streetview vans WiFi capture scandal - Enough with the conspiracy BS
Google Maps lovely StreetView feature is implemented with rather funny looking vans with cameras.
Those vans apparently collect WiFi hot-spots information.
This makes sense. Taking vans out all over the place is an operation Soooo expensive and complex, you want to preform as many tasks as you can.
WiFi AP locations is just another important layer of information on the map.
It turns out that google didn't just map the APs but also grabbed some traffic, and saved it on files.
OMG - what cries about Google using the SV vans for espionage etc, this is simply crap.
for two important reasons
1) the quality of the information collected by SV VANs is low.
2) Google has infinite amount of information they can dig into, endlessly superior to the captured WiFi traffic.
Those vans apparently collect WiFi hot-spots information.
This makes sense. Taking vans out all over the place is an operation Soooo expensive and complex, you want to preform as many tasks as you can.
WiFi AP locations is just another important layer of information on the map.
It turns out that google didn't just map the APs but also grabbed some traffic, and saved it on files.
OMG - what cries about Google using the SV vans for espionage etc, this is simply crap.
for two important reasons
1) the quality of the information collected by SV VANs is low.
2) Google has infinite amount of information they can dig into, endlessly superior to the captured WiFi traffic.
Tuesday, July 6, 2010
Balancing - security vs. flexibility richness and usability
A few weeks ago I was at Park Hayarkon Rosh Tzipor area running after a few kids of mine, and a few of their friends.
Suddenly I received an email to my cell phone - an unusual spam message from a usually solid email user. It looked like her Gmail account was compromised, and a short phone call indicated it indeed had been.
It turns out that not only she was compromised, but so were many Gmail users.
Hacking into Gmail account is, apparently, too easy.Not because Gmail isn't implementing security protocols correctly but because of other weaknesses and vulnerabilities, mostly in the area of human factors. We use google account credentials on a rather large number of services and tools - mail notifier, toolbar, smartphone, browser, pop3 client - to name a small number of the mail related applications, there are many such for the other services too. They all rely on the same Google Account credentials! It takes only one of those tools, applets, applications or extensions to be hacked, and your entire Google account - Gmail of course included - is hacked. Other obvious weaknesses of Gmail password are:- The password never expires.
The user can choose to change password, but this is not likely. We all have so many passwords all over the cyberspace,
we say grace we can log in to all that we need,
the last thing we want is to break it. changing the password,
will make us probably lose access. that's bad. Google wisely doesn't force users to change passwords regularly.
- Other services (not related to Google) with email address as user name, chances are the same password will be used. It is too easy for at least two other - Cross services connect to Gmail on our behalf Many Internet services suggest you to give your account details - including passwords - such that they can stick to your friends too. stick it hard and deep, that is.
Well, I think a user that gives his account credential, including passwords, to dubious services,
is too naive to use the Internet. Now, Since it is too easy to phish for Gmail accounts - Google has to make an effort to limit this,
so that it happens less, and that when it does happen, the impact will be minimal.The do perform many checks that the account usage is reasonable:- as far as concurrency (i.e. you can't be at London, and at Madrid at the same time).- machine - it doesn't make sense that your machine is used not only for your account, but also for additional 10,000 accounts
when such "positive" hacking indication happens, either you're thrown to a CAPTCHA page,
or you're even temporarily blocked. All this is rather "old news". But not long after my solid friend was ironically hacked,
Gmail introduced a new measure to reduce overall hacking impact.
They limited forwarding capabilities.
Until two months ago, you could simply forward mails to other mail addresses,either your entire mail stream, or as a filter action. This is a great feature of Gmail. Auto-forwarding for free is fabulous as most/all other free internet email services support that only for premium.Filter action mail forwarding is fantastic, allows you great flexibility.
Really powerful, a BIG BIG differentiator. The problem with auto forwarding, when related to accounts being hacked, is that it's kind of a back door. a bad guy hacks your account, put a number of filters to forward mail
elsewhere, and days later, so that no account usage irregularity can be detected, start acting on that filter,
pushing Viagra from your account like life s not hard enough as it is.as a reaction - Gmail decided to cripple one of the best feature they have - mail forwarding.
Google made a decision, to bite some of the usability, richness and flexibility of Gmail,
so that it is less prawn to be used for spamming.
What did they do?now, when you perform forwarding (either of all-mail or of filtered) you must select the address from a list.I don't know how big this list can be, I guess it's cannot be too big.
Moreover, in order to add a new address - there is a verification code that is being sent to that address, and you have to get that code, and punch it back in, to activate that address as eligible as a forward target. At first it sounds not that bad (at least it sounds not that bad to others. I was appalled).But, for experienced, Seasoned, Gmail users like we are, who actually use this feature - it's really bad.It makes the auto forward features to be limited to addresses you own, or "almost own" (How many addresses are such that we can tell the owner - hey, log in, read the mail and tell me the code. and do it now, because I am now editing the rule, and have to rush out to the FIFA Wolrd Cup game at the local pub. not many.) I can live happily with verification of all-mail forwarding target addresses, forwarding of my entire email stream reasonable should be done to another address I either own or "almost own".
But forwarding as a filter rule is dramatically different! Filters are created, and deleted quickly, upon need,
and having to wait for someone to read his mail and send you the code makes it really dogy, at best.sometime it even blocks you entirely a few examples - - we survived that, and now you want to send to them, but with an address modifier REMO_AWAY to let them have an easy filtering on that.(e.g. myboss+REMO_AWAY@gmail.com ). now, for the address with a modifier - you have to start all over the verification process. come on. This should be fixed regardless of the verification, if the address is with a trivial decorator and the real address (without the decorator) is already approved - the address should be allowed. - filter mail and forward to someone you can't really ask for the code.
It may be that you're not situation or a position to ask for the code. - filter mail to addresses with limitationsmailing lists, groups, gateways, RSS feed, SMS gateway -
the code is not sent from your mail, and may be blocked in the way, or truncated (e.g. if only the subject line gets through the gateway). I think Google over reacted. They should have put other means to limit the impact of the auto-fwd post hacking.For example, - limit the number of filters- limit filter creation rate e.g. - to 10 filters a day, detect filter-fwd attack- block the spam in the first place (the inbound spam that would be outbound forwarded from the hacked account). I hope Google will rethink it and will put the lovely flexibility back into Gmail filters.It's just too good a feature to cripple.
is too naive to use the Internet. Now, Since it is too easy to phish for Gmail accounts - Google has to make an effort to limit this,
so that it happens less, and that when it does happen, the impact will be minimal.The do perform many checks that the account usage is reasonable:- as far as concurrency (i.e. you can't be at London, and at Madrid at the same time).- machine - it doesn't make sense that your machine is used not only for your account, but also for additional 10,000 accounts
when such "positive" hacking indication happens, either you're thrown to a CAPTCHA page,
or you're even temporarily blocked. All this is rather "old news". But not long after my solid friend was ironically hacked,
Gmail introduced a new measure to reduce overall hacking impact.
They limited forwarding capabilities.
Until two months ago, you could simply forward mails to other mail addresses,either your entire mail stream, or as a filter action. This is a great feature of Gmail. Auto-forwarding for free is fabulous as most/all other free internet email services support that only for premium.Filter action mail forwarding is fantastic, allows you great flexibility.
Really powerful, a BIG BIG differentiator. The problem with auto forwarding, when related to accounts being hacked, is that it's kind of a back door. a bad guy hacks your account, put a number of filters to forward mail
elsewhere, and days later, so that no account usage irregularity can be detected, start acting on that filter,
pushing Viagra from your account like life s not hard enough as it is.as a reaction - Gmail decided to cripple one of the best feature they have - mail forwarding.
Google made a decision, to bite some of the usability, richness and flexibility of Gmail,
so that it is less prawn to be used for spamming.
What did they do?now, when you perform forwarding (either of all-mail or of filtered) you must select the address from a list.I don't know how big this list can be, I guess it's cannot be too big.
Moreover, in order to add a new address - there is a verification code that is being sent to that address, and you have to get that code, and punch it back in, to activate that address as eligible as a forward target. At first it sounds not that bad (at least it sounds not that bad to others. I was appalled).But, for experienced, Seasoned, Gmail users like we are, who actually use this feature - it's really bad.It makes the auto forward features to be limited to addresses you own, or "almost own" (How many addresses are such that we can tell the owner - hey, log in, read the mail and tell me the code. and do it now, because I am now editing the rule, and have to rush out to the FIFA Wolrd Cup game at the local pub. not many.) I can live happily with verification of all-mail forwarding target addresses, forwarding of my entire email stream reasonable should be done to another address I either own or "almost own".
But forwarding as a filter rule is dramatically different! Filters are created, and deleted quickly, upon need,
and having to wait for someone to read his mail and send you the code makes it really dogy, at best.sometime it even blocks you entirely a few examples - - we survived that, and now you want to send to them, but with an address modifier REMO_AWAY to let them have an easy filtering on that.(e.g. myboss+REMO_AWAY@gmail.com ). now, for the address with a modifier - you have to start all over the verification process. come on. This should be fixed regardless of the verification, if the address is with a trivial decorator and the real address (without the decorator) is already approved - the address should be allowed. - filter mail and forward to someone you can't really ask for the code.
It may be that you're not situation or a position to ask for the code. - filter mail to addresses with limitationsmailing lists, groups, gateways, RSS feed, SMS gateway -
the code is not sent from your mail, and may be blocked in the way, or truncated (e.g. if only the subject line gets through the gateway). I think Google over reacted. They should have put other means to limit the impact of the auto-fwd post hacking.For example, - limit the number of filters- limit filter creation rate e.g. - to 10 filters a day, detect filter-fwd attack- block the spam in the first place (the inbound spam that would be outbound forwarded from the hacked account). I hope Google will rethink it and will put the lovely flexibility back into Gmail filters.It's just too good a feature to cripple.
Subscribe to:
Posts (Atom)