Out of 100 people who lose access to their Google accounts, how many read Hacker News, and how many will make a post about it? Probably fewer than one.
For the security lockouts, which were almost all people posting about their own experience, the denominator would be HN readers, not all Google account holders, no?
For policy lockouts, it looks to me like HN is casting a wider net, but even if you figures of denominator is just HN users it’s still very rare.
the risk is not distributed uniformly … I would expect professors to be at greater risk than students, and IT people to be at greater risk than non-IT people.
I do think IT people are at somewhat higher risk than typical: many of the security lockouts were from people who used TOR, always clear cookies, or do other unusual technical things. But to figure out how likely this was I went by HN, and if IT people are at elevated risk then they would be overrepresented in my sample as well.
I’m not clear on why you would expect professors to have higher risk than students?
things change, the risk may be low today, but what about 10 years later? If I set up things today to use “sign in with Google”, I will probably procrastinate on changing that even if I notice some warning signs.
I do think that could happen, but I think it’s much more likely to change in the direction of fewer lockouts than more:
Security lockouts should decrease as deployment and understanding of hardware tokens increase.
Policy lockouts should decrease because they represent a mismatch between what Google (and it’s automated systems) think is acceptable use and what a user does: for the ones where I could find details, they were generally gray areas. This sort of thing tends to become less gray over time as the company communicates more about where they are drawing their line.
I’m not clear on why you would expect professors to have higher risk than students?
How many people know you by name and may have a reason to be angry at you. How likely you are to become a target of a coordinated attack. (They may either try to get you cancelled, or try to hack your account which may be misinterpreted by some algorithm as you doing something suspicious.)
For the security lockouts, which were almost all people posting about their own experience, the denominator would be HN readers, not all Google account holders, no?
For policy lockouts, it looks to me like HN is casting a wider net, but even if you figures of denominator is just HN users it’s still very rare.
I do think IT people are at somewhat higher risk than typical: many of the security lockouts were from people who used TOR, always clear cookies, or do other unusual technical things. But to figure out how likely this was I went by HN, and if IT people are at elevated risk then they would be overrepresented in my sample as well.
I’m not clear on why you would expect professors to have higher risk than students?
I do think that could happen, but I think it’s much more likely to change in the direction of fewer lockouts than more:
Security lockouts should decrease as deployment and understanding of hardware tokens increase.
Policy lockouts should decrease because they represent a mismatch between what Google (and it’s automated systems) think is acceptable use and what a user does: for the ones where I could find details, they were generally gray areas. This sort of thing tends to become less gray over time as the company communicates more about where they are drawing their line.
How many people know you by name and may have a reason to be angry at you. How likely you are to become a target of a coordinated attack. (They may either try to get you cancelled, or try to hack your account which may be misinterpreted by some algorithm as you doing something suspicious.)