A Defensive Computing Checklist    by Michael Horowitz

NOTE: I gave a presentation on Defensive Computing at the HOPE conference in July 2022

HOME | Full Site Index | Domain Names | VPNs | iOS | Android | About | Rules of the Road | DC Presentation |

GMAIL

Consider your Gmail password critically important. Never tell it to anyone. Do not use your Gmail password for anything else. If there is a chance you might forget it, write it down on paper twice and store each copy in different secure places.

TECH SUPPORT

To me, the biggest issue with Gmail is that it is free. Any free service comes at the price of no technical support. If something goes wrong with Gmail (or your Google account) tough luck. In my opinion, email is important enough that it is worth paying for, just to get technical support.

• We saw a stark example of this in August 2022, when a father was banned by Google for taking pictures of the rash on his toddler to send to a doctor (A Dad Took Photos of His Naked Toddler for the Doctor. Google Flagged Him as a Criminal). There are many aspects to the story, but the one I want to emphasize here is that this was clearly a mistake by Google. The Police opened a case and closed it quickly as any person could easily tell it was a mistake. But there was no person at Google to talk to.
• In May 2023, Lauren Weinstein wrote about a 90 year old woman who forgot her Gmail password. TLDR: tough luck. This serves as a Defensive Computing warning to make sure the Gmail recovery email address for your account is valid. And, maybe, to have a recovery phone number too. The story again emphasizes that there are no people doing tech support at Google. An Example of a Very Sad Google Account Recovery Failure - and How It Affects Real People

ASSORTED

• The Best Gmail Settings You Might Not Have Used Yet by Eric Ravenscraft for Wired (March 2021). Some topics mentioned: Change Undo Send Time Limit, Confirm Actions on Mobile, Unread Message Icon and Customize Your Keyboard Shortcuts.
• To block email sent from a domain: starting at the gmail.com website, enter "from:badguys.com" in the search box (obviously just an example) and hit enter to insure the selection works. Then click on the icon on the search bar just to the right of the X (it is Search Options). Click Create Filter at the bottom of the window that pops up, then chose to either Delete all messages from the domain or archive them or assign them to a category. More here: How to block a domain in Gmail by Bryan Clark for Laptop Magazine (November 2022)
• If you get a malicious email from a Gmail user, you can report it here: I would like to report a Gmail user who has sent messages that violate the Gmail Program Policies and/or Terms of Use. The form asks for the full email header, which is normally hidden. In Thunderbird, use View -> Message Source. Or, forward the message to abuse@gmail.com.
• To change the time period when you can undo a Sent message: at gmail.com, click the gear in the top right corner -> See all settings -> General tab (should be the default) -> Undo Send.
• How to recover your Google Account or Gmail from Google. Hopefully, you never need this.
• If you use two factor authentication with Gmail, good for you. Should something go wrong with the second factor, Google offers a fallback using backup codes. See Sign in with backup codes from Google.
• May 2019: Google uses Gmail to track a history of things you buy by Todd Haselton and Megan Graham of CNBC. The story said you needed to delete the Gmail message to remove a purchase. However, later research found that there is no way to delete your purchase history. And Google also tracks your Reservations, Subscriptions and Payment Methods. See it all at myaccount.google.com/payments-and-subscriptions. From Google: See your purchases, reservations and subscriptions. The day before flying recently, Uber offered me a discount for getting to the airport. Gmail told Uber about my trip, I found it in the reservations and confirmations page.

CONFIDENTIAL MODE

What: It is an attribute of individual messages that lets you set an expiration date for sent messages, revoke access to sent messages, and optionally set a password for a sent message. In addition, recipients of confidential Gmail messages are prevented from forwarding, copying, printing and downloading the message. Invoke it while composing a message by clicking on a very small image of a padlock and a clock. The recipient does not need to use Gmail.

But: The recipient can take a screen shot. Message passwords require that you provide a cell phone number for the recipient because the password is texted to them. So, arguably less confidential than normal. Google does not say whether they can read the messages, which means they can.

1. Watch out for Gmail's new Confidential Mode by Mike Elgan for Computerworld (May 2018). Elgan says that this is neither secure nor email.
2. Send & open confidential emails from Google

AVOIDING GMAIL

1. 5 Reasons to Ditch Gmail for ProtonMail by David Nield for Gizmodo (March 2021). The article is wrong about End-to-end encryption. It only applies to messages between two ProtonMail users.
2. How to Migrate from Gmail to ProtonMail by ProtonMail (undated). The steps: Transfer existing emails, Set up email forwarding, Transfer contacts, Inform your contacts and Update online accounts.
3. Privacy-Conscious Email Providers from PrivacyTools.io
4. These 4 Gmail alternatives put your privacy first (Fastcompany Aug 2019)

Copyright 2019 - 2023