Staying Private While Using Google Docs for Legal & Mutual Aid Work

Electronic Frontier Foundation

Regardless of your opinion about Google, their suite of collaborative document editing tools provides a powerful resource in this tumultuous time. Across the country, grassroots groups organizing mutual aid relief work in response to COVID-19 and legal aid as part of the recent wave of protests have relied on Google Docs to coordinate efforts and get help to those that need it. Alternatives to the collaborative tools either do not scale well, are not as usable or intuitive, or just plain aren’t available. Using Google Sheets to coordinate who needs help and how can provide much-needed relief to those hit hardest. But it’s easy to use these tools in a way Google didn’t envision, and trigger account security lockouts in the process.

The need for privacy when doing sensitive work is often paramount, so it’s understandable that organizers often won’t want to use their personal Google accounts. But administering aid documents from a single centralized account and sharing the password amongst peers is not recommended. If one person accessing the account connects from an IP address Google has marked as suspicious, it may lock that account for some time (this can happen for a variety of reasons—a neighbor piggybacking off of your WiFi and using it to hack a website, for example). The bottom line is: the more IPs that connect to a single account, the more likely the account will be flagged as suspicious.

In addition, sharing a password makes it easy for someone to change that password, locking everyone else out. It also means that you can’t protect the account with 2-step verification without a lot of difficulty. 2-step verification protects accounts so that you have to use an app that displays a temporary code or an authentication key every time you sign in to an account.  This protects the account from various password-stealing attacks.

Full article