Tracking your own GMail account usage.
So I finally got around to reading the TechCrunch article on the document leaks at Twitter and came across this:
Not too long later there was obvious activity in the email [Google Mail] account from the account owner - incoming email read, replies sent and new messages drafted. The account owner never would have noticed that a complete stranger was lurking in the background. The second domino falls.
... [N]ever would have noticed ...
Google Mail has this amusing feature that tells you when and from where your GMail account was last accessed:
Last account activity: 2 hours ago at IP 206.53.157.48. Details
Click on Details and you can see information about the last 5 times your GMail account was accessed. That IP address there is from RIM aka Blackberry since I installed the GMail app on my Blackberry. Also in that list are the IP addresses that get assigned to my laptop on the wireless at work and the IP address it gets from the wireless at my home. If I really cared about whether someone other than me was accessing my GMail account, I could keep track of accesses from unfamiliar IP addresses whenever I looked at GMail (or have some single-purpose program check for me and report back - no, I haven't written such an application but maybe someone else has.).
This does breakdown in a few obvious cases.
- Hopping around a lot
If one is the sort who uses wireless at a bunch of different places, it might be easy to lose track of that last-5 list before the oldest accesses are cycled off the list. A decent app could 1) get that information before it falls off the bottom of the list and 2) check to see what public IP address GMail see you using in case you're behind NAT. - Use of TOR or other such anonymizing or similar IP proxies
(Bah, okay, now I have to explain TOR) The whole point of TOR is to obfuscate where you are on the network - from GMail's point of view, you might appear to be in Belgium or Singapore when really you are sitting in Starbucks on Market Street in SF, at least for next ten or so minutes and then you might appear to GMail to be in Germany or Malaysia even though you are still in Starbucks. The problem is that if someone other than you is accessing your GMail account, using TOR can make it harder to differentiate your accesses from those made by someone else who may be using TOR and sitting right next to you in Starbucks or not using TOR and actually sitting in Belgium accessing your account (or, just for completeness, using TOR in at a Starbucks in Belgium - do they have Starbucks in Belgium?). Again, a good application can help to minimize these risks, but not completely.
Granted, this is at the bottom of the page, and 3 out 7 people I asked (I asked the first 7 people whom I saw today - by no means scientific) had no idea that was there and perhaps most people wouldn't know whether an IP address was in France, Singapore, Algeria, Germany, or Canadia, but the information is there.