Google Abuse

Hi

I’m receiving thousands of requests from a Google Clou VM on my network, I’ve already sent reports to Abuse from GCP, but without success, does anyone happen to have a Google abuse contact to indicate?

Google is pretty unresponsive when it comes to this stuff. I wasted a lot of time trying to report attacks against our networks that turned out to be a futile exercise. It’s an issue that’s all too common to the large providers. Microsoft, Digital Ocean, Amazon, etc, all of them make you jump through hoops to report issues that are rarely handled. When it’s the other way and they are reporting issues with a user on your network they can get pretty demanding that you address it right away.

We just have to block and move on if you want anything done in a timely manner.

-richey

There is no Google abuse. It's just traffic you don't want that they don't care about. Block it at your edge and move on.

well, that isn’t exactly true.

ALL of the fraudsters, business email compromisers, spoofing accounts are now from gmail and as far as i can tell,
there is no evidence that they do ANYTHING about them. i recently gave a talk on fraudulent restaurant reviews
in google maps. easy for humans to spot. (hundreds of machine learning engineers at google. what are they doing?)

but here’s a counterexample… not that it serves anyone particularly well:

a colleague of mine (ex googler, superb engineer, with a brother who is a current googler) had ALL of his google accounts
deactivated recently. a google fi customer, he used it to send an mms photo of a rash on his toddler’s crotch to his wife,
so she could upload it (using https) to their pediatrician’s portal for diagnosis.

a few days later the cops were at the door with a search warrant. the cops agreed it was a false positive, but despite that,
the accounts were deactivated (including gmail), seemingly permanently, despite multiple attempts to revive it and attempts
at escalation.

i was actually surprised. i thought that google fi was a neutral pipe.

who knew that google mines mms images for pink parts?

do the other cell phone companies do the same? (not that i particularly need to test it…)

(is there any transparency here regarding the scanning and retention policy for sms and mms contents?)

which raises, in the post-boggs world, another question:

are google, like fb, recording and retaining direct messages and sms/mms contents, so they can turn them over
to law enforcement who have become “interested" in who was pregnant and who stopped being pregnant?

(once again, there ain’t no sanity clause.)

“thought that google fi was a neutral pipe.”

There is nothing neutral about Google or any of companies that are their competitors. They all have some sort of agenda which is to do what’s best for them or what they think is best for everyone else. Even if it’s not.

“are google, like fb, recording and retaining direct messages and sms/mms contents”

They may tell you they are not but there is no doubt in my mind they are and if they got caught their response would be “Oopsie, my bad”.

-richey

To make this more NANOGy, what is OUR role in all of this?

Two questions that relate here:

     How does NANOG make inbound network abuse easier to stop and harder or
     costlier for networks and clouds to ignore?

     How do NANOG operators attempt to keep private things private?

For the latter, IMHO most NANOG members likely also run, manage, or interact with
businesses that hold data.

Three of the NANOG Principles apply here:

     Security within our digital platforms
     Sustainability of Internet technology professions
     Innovation within the community

We all should be doing whatever we can within our own organizations to
improve end user privacy and security. I'm going to make another go at it
within my own.

And anything we can do to make it harder for networks and cloud providers
to ignore abuse reports and stop it is an Innovation that might move the
burden of network attacks off of the recipients and onto the sources.

Beckman

Well put, bro.

-mel via cell

It’s a pretty serious claim to say that cell providers were selectively not delivering messages based on content.

Unless you have some more concrete evidence beyond “I sent a few texts” , this list is no place for such things, nor the insinuation of political agendas.

I wouldn't call it a serious claim. By their own admission T-Mobile
filters messages based on content.

Now, there is no indication I'm aware of, that it is political in
nature. But they do, factually, throw away messages based on their
content.

Spam filtering is clearly not the accusation that was laid out.

Sure, that's why I said that in my third paragraph.

But once we know that they do, in fact, filter messages, we can
understand why it might *seem* like they filter based on political
content.
For example, if a left-leaning news outlet uses bit.ly URLs, and a
right-leaning one uses goo.gl URLs, and T-Mo filters all goo.gl URLs,
some might conclude that "T-Mobile filters links to right-leaning news
outlets."

some might conclude that "T-Mobile filters links to right-leaning news
outlets.

That conclusion, based on the methodology described, would be wrong, and that should be called out.

Someone in this discussion has a good mindset for security.

Everyone in it has responsibilities towards protecting users from harm.

Thank you.

Jason

Jason Kinney
Ethical Technologist
Surrey, BC, Canada
jkinney23@yahoo.ca

some might conclude that "T-Mobile filters links to right-leaning news
outlets.

That conclusion, based on the methodology described, would be wrong, and that should be called out.