- Activists from around the globe are happy to sit behind the superior security of hardware 2FA, but not those from Syria or Iran.
- US sanctions and export regulations have made tech giants like Google refrain from protecting people in risk.
- Still, there are some alternatives that could work for them like the Android 2SV and the YubiKeys.
Google is helping groups of activists from around the world stay safe against oppressive governments, keep their Gmail account secured and above all, private. These hardware security tokens work by providing an encrypted security key through the USB input of the device, like a form of two-factor authentication that hackers can’t bypass unless they actually steal it. Titan keys are not only used for securing Google accounts anymore, as more platforms and even Twitter has added support for them, making them especially valuable for activists.
According to a Motherboard report, however, Google is not being equally generous to all activists out there, as they are excluding several groups, leaving them in a risky situation. More specifically, activists who are based on Iran, Sudan, Syria, Cuba, Crimea (annexed former part of Ukraine), and North Korea cannot receive a Titan key. Google is even actively preventing the word of the very availability of Titan keys from reaching to these groups, and they instruct activists from other locations not to share this information with people from the “blacklisted” countries and regions. Weird as this may sound, it’s all a matter of US legislation.
The US has numerous sanctions and export controls in place, and the authorities are very strict with what business they allow with countries that are not their best allies in the geopolitical field. Google may be over-complying just to stay safe from trouble, but Amazon and Microsoft don’t seem to worry that much about product and services exporting legislation. Could this mean that Google is following more specific instructions from the US government? According to a Google spokesperson, they are not, as the company has even gone to the trouble of sending warning messages to people who are at an elevated risk of attack by their government. Moreover, the most recent Android Phone use as 2SV security keys is plugging the hole for activists who can’t get their hands on a Titan key.
While we can’t confirm that the Android device 2SV works in North Korea, we would assume that it is a robust alternative to using a Titan key. Other options for activists in blocked countries could be the SoloKeys or the YubiKey; both FIDO2 certified and compatible with Google, Facebook, and other popular platforms and services.