It's incredibly Kafka-eqsue that you get banned for a supposed violation that you're supposed to appeal, but you don't know what you're being accused of doing.
This is exacerbated by the fact that 9 out of 10 times a story like this appears it's an algorithm gone rogue which its billion-dollar shepherd assumes is infallible.
The remaining 1 time it's because someone knows how to abuse reporting systems to get someone locked out on purpose.
The only reason these tech companies managed to get so big is because they'll cheat at anything that requires human scale. Support, moderation, taking responsibility for the content they host. They somehow managed to skirt on that just as the web was transitioning from a wild west to a somewhat ingrained, regulated place and the world is worse off for it.
Because they skirted on all this, they are now somehow the world's gatekeepers on modern communications. If you don't play ball with them, you're cut off from almost everyone. Their recklessness and callousness ironically put them in the position to rule over the rest.
I don't think the internet was ever going to become regulated. What did occur post-2007 was that what made the internet work as a disparate ecosystem of loosely connected destinations (news groups, message boards, blogs, misc websites) that all played their own very important role, controlled and owned by their own communities became one platform under Facebook, Twitter, Reddit, etc... and was controlled and owned by people who had no identity-based connection to the people using those platforms.
This is largely based on my own observations and could be wrong, but it's my theory. Tech companies robbed an internet culture they didn't even realize or appreciate existed, and then shoved a bunch of people who had never used the internet before on it and convinced them that Facebook was the internet. Or rather, that the standards, norms, and culture on Facebook was somehow reflective of everything outside of Facebook. Just replace Facebook with the growing list of companies who engage in "platforms" in varying degrees.
tldr: this obsession with centralization made no sense to the way we do things as a human species, any of our values, any of our culture, and we let it happen anyway. The chickens have come home to roost.
I definitely think that what you're saying is true, and is part of the explanation. But another part is that the Wild West internet also had its own major issues -- roving bandits, to carry the analogy -- and these big companies did solve real problems that were only growing with time.
Gmail's spam filtering. Recaptcha's bot rejection. Facebook's identity verification. Paypal's secure credit card processing. Google de-ranking link farms. Youtube's hosting costs. All of these very effectively solved real problems with the old web, and those problems were growing as bad actors became more sophisticated.
I like the old web too, but I do appreciate that an attempt to return to it would still require very effective tools to solve at least some of these problems, and they'd require constant improvement to keep the roving bandits at bay.
I believe this is an overly rosy-glasses view of the current heavily centralized internet.
Gmail spam filtering? Isn't particularly good. I run my own email infrastructure and I get way less spam through it than on my gmail address. And I don't do anything particularly special other than configure postfix correctly.
Recaptcha? Was there ever a more hated piece of user abusive technology? Plenty of rage against it here in many discussions. I won't do business anymore with any site that won't let me buy without identifying 27 traffic lights in slow motion (looking at you adorama). We're all better off if this dies.
Facebook verification? Don't know what value this brings to anyone other than FB.
Youtube? Granted.. Hopefully with bandwidth costs reducing over time, decentralization becomes more viable.
Paypal? Always pay with credit card directly. The regulatory consumer protection for that was well in place before internet commerce even took off.
The original potential of the internet was in its fully decentralized functionality. Usenet being a great example (owned by nobody, hosted peer to peer) which should be studied a bit more now that we have generations of developers coming up never having known it. Of course, it was (mostly) overrun by spam. But unlike email where spam is pretty much defeated, there was never a meaningful effort in addressing spam on Usenet (forums and mailing lists took over instead). Applying the same techniques to NNTP could well be equally successful.
If there is any desire to avoid the internet becoming fully a new cable-tv controlled by just a few major player we need to pursue research into decentralized services as a priority.
(If nothing else, consider at least running your own email infrastructure if you're technically capable. Keep the foot in the door so it doesn't close permanently.)
It's more of an attempt at a steelman. Just for the record, I don't like the current centralized internet; I've all but deactivated my facebook account; when a site requires a Google or Facebook verified login ID without their own "create account" option I avoid them at all costs; I avoid Paypal now because there are better alternatives (but in the early '00s, I would not have trusted most sites enough to pay with a card). And so on. I'm not trying to advocate for their position, but just understand the problems that they solve and why we got here.
And while I hate using recaptcha, I also had the even more unpleasant experience of watching a forum that I moderated die under a crushing assault of spam bots that were smart enough to make it past the built-in CAPTCHA. Recaptcha isn't there to solve problems for the people who interact with it, it's solving problems for the people who chose to put it on their site.
I wrote in a sibling comment what value Facebook's login brings to the sites that opt into it. (Offload all the work of password handling, claims about stolen accounts, preventing sockpuppetry and catfishing, etc).
I don't know offhand of an open-source captcha library that's nearly as effective as reCAPTCHA. All the old "wavy lines through slanted text" ones are completely broken with current OCR techniques.
The alternative is nothing. There is no justifiable reason for a CAPTCHA for looking up voting locations. It can be a static HTML page served to anyone in the world.
in real life, do you need to know the real name of the cashier and see their contract so you can trust them with your payment? You don't, you use common sense.
> Google de-ranking link farms
hey, haha, and what do we get instead? Monopoly on ad-driven search engine, great, I'd rather have link farms since I can easily filter those out with little brain-power. I can't do that with paid-for-propaganda
Now imagine we'd leave the way it was, people would learn how to deal with it, the same way you learned you can't leave unlocked bicycle in a city. It's a price to pay for anonymity, and we should all have right to be anonymous on internet.
100%, I agree, going back to the Wild Wild West probably isn't the thing to do, but I think we can look at decentralization through the lens of modern tools for a brighter and more equitable future for the internets new and old denizens.
A couple of ideas I've had:
- Leverage PGP and trust rings for identity without a need for non-anonymity. This could be structured in a nuanced manner so that we respect pseudo-anonymity while also maintaining the integrity that real identity brings.
- A wholesale education of the populace, instead of an education by fear, of the power of anonymity and services which further anonymity.
- A move away from the advertising and services-exploitation business model. Not that we can't have service oriented businesses, but those businesses cannot be exploiting people to do labor and a bottom line price.
- A data ownership model which establishes a monetary value for different types of data. We already do data classification inside mega-corps, and we're able to establish and correlate it's sensitivity. Extrapolating this to value would not be stretch. Users consent which data they give up in exchange for services. The price for the service is adjusted based on what data they give up, and how they choose it will be used (Data for marketing may be more valuable than say data for behavior research, or even vice versa!)
The ability to choose an identity online not connected to your legal or in-person name, to make it more difficult to find and stalk you in person, is a feature, not a bug.
I don't disagree, but a lot of websites these days choose to offload their login systems to Google and Facebook to certify that a unique human is on the other end. It solves real problems for them like password management, bot detection, astroturfing, sockpuppetry, stolen accounts, and so on.
For these purposes, an actual Real Verified Name is overkill, and a unique identity number would be enough. But Facebook offers that service for Free(TM) so there's not much incentive to the site operator to aim for something more minimal. And with GPT-3 and other systems inching closer to passing the Turing test, this only makes alternatives more challenging for them.
Those are problems in the Wild West that would need solutions if we were to reclaim the net from Facebook and Google.
What links those accounts is not special, it's OAuth2. I don't think there's anything stopping different groups from running open OAuth2 endpoints that just provide a PGP based identity service. I actually wondered why Keybase didn't start an OAuth2 endpoint, because it'd put a big dent in some of the services you described.
I see GitHub OAuth logins in some programmer-centric websites. I prefer that over Google login (and god forbid Facebook). It's just as bad from a login-centralization perspective, but GitHub allows you to control your identity freely, instead of mandating (and more-or-less enforcing) your legal name like Facebook.
(Google no longer rejects or bans you for fake-sounding names, ever since the Google+ controversy, but it still enforces a Western-style first/last name instead of other cultures' name formats or single-part usernames.)
imo the need for 'centralization' comes from the fact that in order for different people to understand each other, they must use the same dictionary (so to say). So the 'dictionary' is a centralized construction. It must be the same for everybody.
If our dictionaries vary to much in their definitions then our communication becomes more and more difficult.
Maybe dictionary is not the best analogy (this is just an analogy) but I hope I'm getting my point across with this example.
I used the internet without facebook before it existed. I had a Facebook account for over a decade. I haven't had a Facebook account in two years.
To the extent that what you are saying is true, it is only true because these companies have walled themselves off. You used to be able to chat with Facebook users over XMPP even.
Yeah, I agree. If I remember XMPP was dropped while using that old adage of "scale", which maybe was real, but in the end the net effect is the same. Advanced users know a broader breadth of the internet while most internet users only know the depth of Facebook and other various platforms.
I guess once they got big enough there was no longer a point in interoperability, it seems like a pretty big phase transition got hit about a decade ago where suddenly each walled garden got big and valuable enough that isolation was a better strategy for them.
It just sucks for the internet. I don't think, if those companies ceased to exist, that they would automatically get recreated because of some inevitable niche or market law. I think that they got where they are because of a fluke of the times they were created in -- people could not grasp how they make money.
I understand the motivation. I work on platforms teams internally for companies (and have for a number of years). In smaller scale, this concept largely makes sense because developers at a single company come from a single culture which those developers largely have already bought into or are actively being shoveled into by corporate work. This is the role a lot of developer advocates play at companies who don't have external developer customers.
In large scale, what you're asking is more dubious. If you concede that the United States alone has 11 major cultures, then you have to begin a process of "on-boarding" everyone onto your new, structured culture that your platform is designed around. That's why these debates about who is represented in the building of the platform come about, because under that model those concerns take center stage and they should.
I guess what I'm saying is the whole problem never needed to exist. There's better ways to share information than being on one platform.
> This is exacerbated by the fact that 9 out of 10 times a story like this appears it's an algorithm gone rogue which its billion-dollar shepherd assumes is infallible.
This. And it happens in all businesses Google is part of. As a website owner who monetized with AdSense for a decade, this year their algorithms suddenly decided that 33% of the ad revenue was from "invalid clicks". The month before this happened, I was experimenting with a different ad provider. My suspicion is when I returned to AdSense the month-over-month increase in revenue tripped up the algo. Talking to Google reps was of no use because they have no control over the algo.
I lost ~$12K in revenue over 2.5 months and eventually just stopped using Adsense.
It took 6 months for Facebook to get to an appeal of mine to unban a page. I was happy it was unbanned, but the ticket said "1-2 business weeks" in the turn around...I was never contacted for an entire 6 months. If that had been a crucial page for me that brought in revenue for me, I'd have been completely screwed. Google is also hard to get a hold of for anything unless you're a partner.
I worked at a startup where we used Google Cloud. Even as a paying customer, when I'd try to talk to their "support" all they would do is try to upsell their consulting partners to answer a question about their own services.
That's wild, we're a fairly small Azure customer (compared to others) and I get calls and emails every month from a rep asking us what they can do, if anything. I think Microsoft is maybe a bit smarter at this by connecting sales to CSMs, because they can up sell and get you to support if you need it. While with Google it's a big shell game.
From hearsay Azure has better customer support because they know that in cloud and server environments they are a relative newcomer, traditionally many data center people would run away when they hear Microsoft.
Google has the ego of a market leader. They don't care for their customers, that's nothing new.
Despite the (apparently) good support, the decision to "run away" when you hear Microsoft is still justified unfortunately. I've recently had the displeasure to work with Azure and not only the console UI is even worse than AWS but every single service, despite looking similar to the competition, is actually different in subtle ways (which you often don't realize until you get started implementing against it) and forces you to waste time working around some Microsoft dev's attempt at being smart[0].
[0]: as an example, obtaining root on a container in an Azure DevOps CI pipeline. You have to bind-mount the Docker management socket into the container, then use that to gain initial root access and install sudo, then use sudo to run all your commands. I don't recall ever having to do that on any other CI service.
Yeah, I was probably a bit spoiled at the time. I was at startups that leveraged AWS in the early days and their reps and support people were at least somewhat accessible but at the very least knowledgeable. That flew in complete contrast to my experience with GCP.
Microsoft is a company born in selling physical products. Their software used to come on floppies and CDs. Google hasn't really sold anything real their entire existence.
Azure was down in Australia one night and I randomly sent a tweet to microsoft. To my pleasant surprise they acted on it and resolved it in few minutes. this is the same microsoft that was the villain around 10 years ago
Microsoft's "villian" nature in my experience was never in their products but in their Legal and Licensing teams
While the rest of MS is improving those 2 teams are still a problem, the "cloud" is ripe with ways to obfuscate and needlessly complicate licensing to over charge companies and MS excels at that
Same experience, we spend less than 10k on Azure. The customer service people have been phenomenal. Though they need to move to some modern ticketing system.
The whole thing is based on anecdotal numbers. We have no idea how often false positives happen or at what rate. And even in those that are apparently false positives and complain, it's not always 100% clear if they're saying the truth.
> The remaining 1 time it's because someone knows how to abuse reporting systems to get someone locked out on purpose.
My Twitter account got disabled many months ago due to "suspicious activity". I did not do anything. At the time I talked to someone with whom I disagreed respectfully on a CS-related subject and was not political. Next thing that happens is that it asks me to verify via phone and only then I am able to use my account. I am not going to do that, so yeah.
What I believe happened is that he attempted to login to my account a few times, which triggered their bullshit...
Twitter routinely disables accounts for "suspicious activity" as a scummy way to harvest phone numbers (despite the account supposedly being considered dangerous and in breach of the ToS, simply providing a phone number immediately restores it without any human review).
Presumably the known providers such as Twilio, etc are blocked, but there are small companies that provide numbers from the same number ranges as the big cellular carriers so those are completely undetectable.
I suspect if there would be enough demand for this service, a "grey" industry of people buying prepaid SIMs and renting access to them would appear.
Phone number risk scoring models would heavily weigh against behavior like that. Prepaid numbers are typically scored worse than post paid numbers as well, but that sort of behavior would quickly be identified as fraudulent.
> Prepaid numbers are typically scored worse than post paid numbers as well, but that sort of behavior would quickly be identified as fraudulent.
This assumes there is a way to tell which numbers are prepaid or not. To the best of my knowledge they both originate from the same pool of numbers and it is impossible for an outsider to tell whether a given carrier's number is prepaid or postpaid.
I once got locked out of my Veeva Vault account because I couldn't remember who I put as "who was your best friend in kindergarten?" (I had like 8 best friends then!). After putting in a ticket and hearing nothing back I finally braved the phone system and called support line. The rep who unlocked my account and reset my password assigned me 4 different modules of 60-question EACH mandatory training in order to get back into my "dashboard."
Not "somehow". Our national leaders in the US since Google was created have been fabulously pro-business, to the extent that they have never updated our laws governing privacy for the computer age (IE, limiting what businesses can do with data) and they've gutted consumer protections along the way.
Since the US government is so thoroughly corrupted by money, once a corporation is large enough they can effectively write their own laws. Google and others have done this, so there's no law stating that they must give consumers rights in a dispute, must provide their data, or even must be fair.
You would think that with congress seriously talking about breaking up monopolistic tech companies, the big players would have tried to _tone down_ the monopolistic behavior, not amp it up...
Is it that easy to have someone locked out of Google? Just by reporting them for fake abuse? I'm sort of shocked if that is indeed true. It ought to be hard to do that. Otherwise, people who disagree with others may use that to get even or settle an online quarrel, etc.
I had a small website few years ago and I placed Google Ads on it. After few weeks my Google Ads account got banned forever (no appeal available) for fraudulent clicks. There is no way to reverse this ban. I am 100% sure I didn't click on my own ads. I guess someone could easily do some suspicious activity on your ads (or just extract your Ads ID from Android APK) and then get your account banned. Fortunately, they only blocked me from Google Ads for life, but not from the rest of the account. Also - never ever open a Google Play developer account with your personal Google email. Create a new one for this.
> never ever open a Google Play developer account with your personal Google email. Create a new one for this.
That means having another phone number, right? I tried to make a Google account for this kind of purpose, but had no way to receive the text they insist on without linking the new account directly to the old one.
Though less serious, my wife has a similar problem with Amazon. She tried to review a product (first review for a very long time) and was greeted with this message:
"! We apologize but Amazon has noticed some unusual reviewing activity on this account. As a result, all reviews submitted by this account have been removed and this account will no longer be able to contribute reviews and other content on Amazon. If you would like to learn more, please see our community guidelines. To contact us about this decision, please email reviews - help@amazon.co.uk."
The 'community guidelines' link goes to a page with what the rules are, but doesn't say what rules have been broken.
We emailed Amazon, using the email address in the post and got this reply:
"I relayed your information to the team trained to handle this scenario regarding your inability to post reviews. They are not able to provide an exact date or time when they expect this issue to be resolved.
For more information about our policies, please see our Community Guidelines (http://www.amazon.co.uk/review-guidelines)
We appreciate your patience in this matter.
Warmest regards,"
'Warmest Regards'? Really - you just told me she's locked out and it's gonna stay like that for the foreseeable future. :(
Really? The world is worse off because of the Internet?
The Internet has been the single best thing that has happened to the world ever. Information is effectively free now. It's given limitless opportunity to billions of people everywhere in the world, regardless of class or wealth or social status. Largely, the Internet itself is not discriminatory.
Sure, it has its downsides, like misinformation, and 1 in 10m people getting locked out of their accounts.
I lost my Google account, which was tied to my phone number (Google Voice), a few years ago. It sucked. But, honestly, it wasn't even as bad as losing my license.
"This is exacerbated by the fact that 9 out of 10 times a story like this appears it's an algorithm gone rogue which its billion-dollar shepherd assumes is infallible."
The "facts" are a bit misleading though. You won't hear stories like this when it isn't framed as a case of an algorithm gone rogue, and of course whether the billion-dollar shepherd assumes it is infallible or not is something being projected onto the story.
One thing that is tough about these stories is that there a class of US enforcement responses for which it is illegal to disclose why you responded.
For instance, it is a prison-time offence for an individual employee of a financial institution to tell a customer they filed a SAR on them.
The way you get kafka is BSA compliance officers have personal liability for this reporting, so they prefer not to have customers that trigger reporting, but they cant tell a customer why they are dumping them, so the word comes from ‘on high’ or an algorithm and thats it. Nobody internally can help because for their own good they do not know the reasons for account termination.
This may be that or it may not, but probably its not that google is being dicks to its own employees. It is an outcome of a pernicious set of government and institutional dynamics.
Filing an SAR usually comes (99.99%) along with suspending the account. Suspension of account usually comes before filing the SAR as to stop any further illegal actions.
Its only 9 times out of 10 when the story is escalated to the front page of Hacker News. For all we know, 99,999 times out of 100,000 its a case of fraud or law enforcement action that is completely correct and valid, and you do not give those actors information on how you detected them.
It absolutely is, which is why what they're doing looks fine on internal metrics.
Imagine I make a laser bug zapper and install them at every fast food joint in the US. 9999 out of 10000 times it zaps an insect. 1 out of 10000 times the laser fires it blinds a child.
I could wax all I want want about the 99.99% accuracy, the _relative_ accuracy won't mean a thing to the million people blinded by it.
When there is a mix of spambot garbage and human beings that being harmed the right metric isn't the ratio. Blinding a million children wouldn't go from unacceptable to acceptable just because the level of insects swarming around a restaurant increased by a factor of 10. The harm stands alone, and there is a level of harm which could not be justified by any amount of boring spambot influx.
Something about this argument doesn't smell right.
I care about the crime rate, or car accident rate, or botched surgery rate, because it tells me the odds that something bad will happen to me.
Given a stable rate of bad things, population growth alone causes more bad things to happen.
If we took your argument about absolute harm seriously, then we should, say, encourage population reduction until there are only 10k human beings on the planet. That would surely minimize the number of bad things that continue happening to people.
Make fraud impossible through technical means or make "abuse" impossible by just not providing any incentive to do so (for example, make the service paid so that there is no longer any incentive to "abuse" the free service)?
Humans are notorious for under estimating routine hazards, and overestimating things that are rarer. We worry about strangers in deep dark alleys trying to rob/rape/beat/kill us, when in fact, most crime is perpetrated by someone the victim is familiar with.
Usually cost/benefit arguments do consider the benefits. If I kill millions of mosquitos and reduce malaria fatalties by 100 per million population while blinding 1 per million, then unless there is a better way to kill the bugs we should consider this approach.
I don't really see how this line of argument really translates to this issue with Google. First of all I should have acknowledged that imprisoning data is almost assuredly unacceptable and that unless Google is acting directly in response to a law enforcement action they should give you a way to download your data when they tell you that they have chosen not to continue the business relationship they have with you.
But there will be cases where they cannot do that, and in some cases it will be a mistake but the reason they cannot solve this problem cheaply is because usually it is not a mistake and so litigating 99,999 cases to find the one worthy of saving is a hard case to make, why should Google pay for that?
I should have mentioned up-front that this article scared the hell out of me and I'm probably moving to Fastmail. I've had my own domain for going on two decades and am still grandfathered into the free gsuite for it but I'd much rather pay someone who will support me than use a free service that could cost me access to data that I might want again in the future. I also realized I could be vulnerable to a trap where my DNS account is disabled at the same time my email is, meaning I couldn't even move the DNS without first recovering access to my mailbox.
I think you would agree that there is no plausible amount of spam traffic which would justify google murdering a user to cut the spam down. That it's just incomparable, right? Even though the cost of being dead would be borne by the user and their family and not part of google's bottom line-- murder for spam reduction would be right out.
I don't think it's that big a leap to say that it is unlikely that there is any plausible reduction in spam from an automated facility that justifies the kind of extreme harm and disruption created by locking an honest user out of their decades long email-- which might be more damaging to them then a home fire--, with zero effectual recourse. Yet it happens because the cost of the spam is on google's 'balance sheet' while the damage to the user is not.
So that is the sort of argument that I'm making. I think google is creating damages wildly out of proportion to any plausible benefit, but it works out for them currently because the damages are externalities.
Were Google a more conventional company the threat of litigation (even litigation they'd ultimately win) would help internalize some of these costs, but Google has grown to such a size and scope that even the federal government finds prosecuting them to be extremely daunting.
An externality is a cost borne by an unrelated third party. That is not the case here. These are two party arrangements. You and Google have engaged in a contract; Google is providing you email in exchange for your eyeballs, and there are terms and agreements.
There should still be a solution though. Maybe this is a terrible idea, but one idea: Google could sell a service where you pay them $200 and they thoroughly review your case, tell you what happened and work with you to restore access to data, maybe even setup email forwarding for 90 days or something that comes reasonably close to making you whole even if they can't restore service.
If in the course of doing this work they figure out they screwed up closing the account in the first place, the money is refunded. Of course fraudsters would not generally want to sign-up and pay this money as - even if the information of how they were caught was worth $200 - that would create a paper-trail. And it could still be the case that Google is under a FISA letter or something and can't fulfill this service, and in that case they'd refund your money as well.
Bullshit. Maybe 99.999 are successfully identified, but one is mistakenly banned/suspended for no reason and it often has significant impact on his/her business. Google automation is a broken system. A system made by people who never have to deal with the actual users.
> you do not give those actors information on how you detected them.
Not about how you detected them, but you should tell them what you detected. E.g. if you're using a spam filter, you don't want spammers to know which exact keywords triggered the classification, but it wouldn't hurt much to let people know that their account was locked for sending spam instead of some other reason.
If it were spam I think they'd tell them that. If they don't tell you the reason, almost certainly its fraud, and the only way to win against fraudsters is not to play with them. Anything you tell them is just an invitation for them to argue with you and waste your time, or infer detection methods. It is very hard to control fraud costs without alienating your users, especially for a free service with low barriers to entry. That isn't an excuse for Google to be so terrible, but I do think people lack appreciation for the actual problems here.
> The only reason these tech companies managed to get so big is because they'll cheat at anything that requires human scale. Support, moderation, taking responsibility for the content they host. They somehow managed to skirt on that just as the web was transitioning from a wild west to a somewhat ingrained, regulated place and the world is worse off for it.
People willingly chose the free option and chose to not pay companies that would have offered support.
The argument that customers chose to be ripped off by opting for 'free' is not supported by evidence that paid services are any more accountable.
Anyone who's had to deal with Google support for paid business accounts will tell you that the situation is barely any different for paying customers. Things might be different for very large businesses who are spending millions per month, but that's hardly relevant to how Google might handle email customers hypothetically paying $9.95 a month for a personal mailbox.
.
.
.
I do not understand why anyone defends consumer abuse by businesses. Unless they work for said businesses, or own their stock, there is absolutely nothing to gain by siding with an abusive business over an abused customer. The business isn't going to reward their supporters' loyalty by treating them better.
Collaborating with hostile entities is not a redeeming quality.
> Anyone who's had to deal with Google support for paid business accounts will tell you that the situation is barely any different for paying customers. Things might be different for very large businesses who are spending millions per month, but that's hardly relevant to how Google might handle email customers hypothetically paying $9.95 a month for a personal mailbox.
Then don’t pay google $10 a month. I don’t. I do the work of supporting businesses that I think deserve it. I know some businesses have monopolies that customers can’t fix by voting with their wallet, but email isn’t one of them.
> Collaborating with hostile entities is not a redeeming quality.
Using their free services and not voting for the right candidate in the market by paying for the service is collaborating with hostile entities (in the example of email where there is no monopoly and almost zero cost to switching).
I get support from apple when I walk into their store, or I open up a chat window on their website. I received it in April when my phone died and they helped me try to revive it.
I get support from Fastmail, and Migadu and Target and banks and plenty of other companies. I also provide support for my businesses.
Support usually sucks with monopolies, such as ISPs who know you have no alternative. But even then, I’ve always been able to get someone on the line to fix my issue.
Doesn't GDPR have some sort of clause against "algorithmic decision making"? So in situations like this you can deny Google automated decisions? Probably not - can anyone explain, who knows the topic?
I'll play the devils advocate: moderating any platform is a challenging endeavor, mostly because of malicious users. Having all the rules broken down in detail allows bad actors to either get close to the line but not cross it, or abuse the system while technically not breaking any rules. As such, having very broad rules (read TOS) helps. Additionally, not having to explain exactly what was violated means that people can't probe the system to figure out the rules in detail as well as the limits of acceptable behavior.
The problem with such opaque systems is that it can go terribly wrong, but the answer is to not centralize anything important; always keep a backup. After all, the cloud is someone else's computer.
If you want to become a platform that everyone in the world uses and reap those billions in profits that come with that, maybe... just maybe you should be responsible for sane, humane moderation as well. Don't build something that's manageable and then complain when people ask you to manage it.
I've said this before here, I'm pretty libertarian, and very much in favor of small gov, but at this point its become clear that anyone who strives to become an internet platform where market dominance equals monopoly or duopoly, should be held to strict regulatory standards, re: free speech, appeals, etc. similar to what a gov entity is held to.
> I've said this before here, I'm pretty libertarian, and very much in favor of small gov, but at this point its become clear that anyone who strives to become an internet platform where market dominance equals monopoly or duopoly, should be held to strict regulatory standards, re: free speech, appeals, etc. similar to what a gov entity is held to.
About that - the government can be pretty opaque. I too would like some strict regulatory standards to apply to the CBP.
Perhaps - but it has always been prudent to keep redundant copies of anything important since before computing platforms existed. Frequently backup your data and test the backups.
The bigger problem here is not really about the content, but the means. If all e-mail communication goes through Gmail (and maybe a bit via Outlook and some remnants of Yahoo), at some point you may lose your ability to communicate with the rest of the population unless you subscribe to one of these services. This is already happening to some degree but is definitely getting worse.
What seems novel here is that the author _actually works_ at Google and still can’t help despite being an insider. Although, not sure if that says more about Google or more about the banned account.
Getting your account unbanned shouldn't require having an insider.
---
There should be a clear reason for why an account is banned. When you're accused of a crime in a society, we don't just tell you to read abstract law. We tell you exactly what you've been accused of, such that you can defend yourself appropriately. There is this basic principle in English law that states:
- It is better that ten guilty persons escape than that one innocent suffer.
What's been happening with many of these companies is that many guilty actually do escape, whilst many innocent actually still do suffer.
If Google insiders had special access, wouldn't that be similar to exactly how the recent Twitter vulnerability was exploited?
Although, in this case, I guess the guy was just looking for any qualitative explanation for how to fix the situation, not specifically asking for exceptions to policies to be made.
As a Google employee, I don't expect to have any special privileged access to Google customer support and I think if we did have it, wouldn't you think that would be unjust?
Disclaimer: not saying anything about the qualities of said services.
> moderating any platform is a challenging endeavor, mostly because of malicious users. Having all the rules broken down in detail allows bad actors to either get close to the line but not cross it, or abuse the system while technically not breaking any rules.
Couldn't that same argument be used to support secret laws and secret courts enforcing those secret laws? After all, we're definitely seeing the problem of people going as close as possible to the line without overstepping.
I think those laws would help tremendously, but mostly by forcing everyone to be overly cautious not to break them, creating strong chilling effects. They'd stifle freedom, and so does Google's secret law system.
To minimize fallout, I think it's more useful to split up Google along services (Search, Youtube, Gmail, Office/Suite etc). You could search for double plus ungood things on Google Search then without running the risk to loose access to your emails.
> I think those laws would help tremendously, but mostly by forcing everyone to be overly cautious not to break them, creating strong chilling effects. They'd stifle freedom, and so does Google's secret law system.
No need to have new secret laws - there are already enough obscure laws that I guarantee you have broken many of them whose statute hasn't expired. That is why you shouldn't speak to cops without a lawyer.
That said - it's not a Google problem as it's the norm. Most services, banks or even potential employers will tell you the reason for declining service - not because they want a chilling effect, but because there are so many ways it can get wrong (for them).
I'll be honest here: move moderation to AI/robots and sent automatic messages "go out here! we're so sorry.." in loop is completely bullshit and main reason to avoid Google.
That’s just unfair business practice that works against ill educated. Way to keep it to nice people, but nice in the context ultimately means established.
Because it is necessary to develop a "theory of mind" to figure out why some entities behave the way they do. You'll encounter fewer surprises that way :)
edit: also, I have the battle scars from moderated a few niche online forums/properties that were mildly popular. People who abuse services are surprisingly tenacious and creative. If there is the potential to make money - even a little - you get abusers who are tenacious, creative and sophisticated
I don’t think anyone suggested moderating shouldn’t happen or that it isn’t hard. This situation isn’t the result of unpaid mods of a web forum - Google has incredibly vast resources at its disposal.
Unfortunately the devil’s advocate has brought us no closer to an understanding of the problems posed by OP: how to appeal an unknown violation, how to regain access to ones data, etc.
My point was not that I was overwhelmed or under-resourced: it's just that trolls/assholes/rule breakers force you to regress to "I know it when I see it" because they can break the spirit of the granular rules without breaking the letter. The solution is to make the "spirit" the rules (i.e. be super-broad about what constitutes abuse)
I had a Google Pixel phone. Less than a year old old. Treated with kid gloves. Always kept in a case. Pristine condition.
An approved Google software update bricked it. This was, by all accounts, a known issue.
The phone was under warranty. I sent it back.
They shipped me a scratched up refurbished phone. It ran fine for a week then bricked itself due to the same software update. I sent that back.
They sent me another, even worse scratched up refurbished phone. That too bricked after a week due to the software update.
I've got $3,000 worth of hold charges on my CC whilst Google are playing footsie with my phones. I sent that phone back.
They "lost" it and claimed I sent back a different phone. Then that became that I sent back a phone with a different serial number. Then a different model of phone. I pressed for details but they could never tell me any details about the phone I had allegedly sent back.
They wanted me to pay for all the phones, then eventually just the one phone that was missing. Finally Google admitted "we lost the phone but that's your problem."
After a month I said "fine, you fix this shit or I am doing a charge back." They didn't fix it. I did a credit card charge back for the thousands of dollars currently on hold on my card.
Google decided to disable my Google payments account so I couldn't use the Playstore. Or buy groceries using Google Pay. Or process any subscription items attached to the Google payments account. Or access my store rewards cards stored in my Google Pay wallet.
Google still owed me for the cost of the original phone that was a brick that I no longer possessed after it was sent to Google.
I took Google to small claims, and won.
Google decided that wasn't to their liking and disabled the Google account attached to the phone.
Fuck Google.
P.S. Please stop up-voting. This is not a vote-worthy post. It is simply a "this is what happened." Save your attention for something that is worthy. Save your anger for things that matter.
That's honestly unacceptable. Google deserves whatever anti-trust action comes their way. It's absolutely insane that they can lock you out of your phone, email, youtube, password manager, business, and everything you've ever used sign in with google for on the whims of some buggy algorithm.
I agree with everything except for the fact you are treating gmail, YT and other google services users as "consumers"
remember if you do not pay for a service you are the product, and 90% of google services and algorithm's are deigned to control their product (aka the users)
This is the root of the problem; to google and their devs you the user are not a person, are not a human, you are just raw ore for them to mine, refine, pack and resell to their consumer the advertisers
I think you're confusing customers and consumers, which are related but different. Google users may not be their customers, but they are absolutely consumers.
> Did you decide to go for Round 2 in small claims court and get the account un-disabled?
Sadly, you cannot do it in Small Claims Court. SCC cannot provide injunctive relief -- you can only sue for monetary relief.
To get an injunction to have the account unblocked, you'd have to sue Google in the big-boys Superior Court, and/or federal court, which may cost more and require having a proper lawyer.
> They shipped me a scratched up refurbished phone.
This was me and my Nexus 5, like you I baby my phones and exercise care. An update bricked it, they sent me a scratched refurb with shaky buttons and a creaking case as a replacement. :-/
Litigation and actually hitting the scum in the wallet (the only thing they care about) is the proper and only way to discourage such behavior in the future.
If every consumer wronged by a supplier did this we wouldn't be having this discussion at all because suppliers would never let such problems happen or escalate that far.
This is event for event what happened to me with a Pixel 3 XL, except I chickened out and ate the charge. I filed an FTC complaint and emailed my AG, though.
Could you share your process and arguments? I'd really like to pursue it while I still can.
I don't really know if you have a legal remedy under your state's "Unfair Trade Practices" law, but this might be one worth a complaint to your state attorney general's office or maybe a consultation with a consumer affairs attorney, if you have the money. I am pessimistic that this would go anywhere, though.
Sue in small claims court. Costs about $50 to file, plus $100 or so for a process server.
Check Google's terms of service.[1] They're not too bad.
There's no forced arbitration. You can go to Small Claims Court in Santa Clara County, CA.
Google lists the reasons they can terminate an account. It's not a "sole discretion" thing; they have specific reasons listed. So Google will have to show in court that you violated those terms.
Definitely go. Google will have to send someone, or they lose.
In practice, you'll probably have your problem fixed shortly after your process server delivers the subpoena to 1600 Amphitheater Parkway.
That actually serves as a good example for the difference between Small Claims Court and Superior Court.
It might also have been a good idea to wait out until it was no longer possible to appeal the decision, before going public with the outcome.
IANAL, but I think there was still a good chance that the guy could have won an appeal if he had appropriate counsel represent his case, using appropriate discovery and other instruments to properly mount a defence.
AdSense issues are harder to win. Google has more discretion there. But their terms for ordinary accounts don't seem to allow arbitrary cancellation. That would attract unwanted attention from consumer protection agencies.
Small claims only provides monetary relief, you can't get equitable relief. How exactly are you going to calculate your monetary damages? And quite frankly, why would Google reinstate your account over losing a maximum of potentially $7,500?
Correct. In order to get injunctive relief of having account access restored, you'd have to sue Google in a Superior Court.
The difference between Small Claims and Superior is that in the former you're generally not allowed to bring an attorney, whereas in the latter you may actually be required to bring one.
Does anyone know whether account suspension without a reason is actually something that a pro-se litigant has any chance of suing these big companies for, and winning at all?
> in the former you're generally not allowed to bring an attorney
That only applies to individuals.
Corporations are not only allowed, but in fact required to be represented by an attorney in court. Even small claims. Corporations do not have pro se representation rights, and only an attorney can represent another person.
It is not true in all states that corporations must be represented by an attorney in small claims court. In California, corporations must be represented by a non-attorney employee for small claims actions.
The idea is that a Small Claims judge in Cali does not expect a lawyer, so, there is no need or expectation to any legal lingo, which by itself can be confusing to normal people, plus the rules of evidence are not nearly as strict as in Superior Court, plus, not that much money is at stake.
The thing that may be daunting about Superior Court is that the judge is supposed to take it easy on pro-se litigants, but at the same time, they are still supposed to be impartial, and can't really act as your own lawyer.
Being in the same small claims venue as the company is actually a nice side benefit to living in the Bay Area, otherwise you potentially be looking at thousands to hire a lawyer in normal court.
> Most large national businesses can be sued in any state, but smaller businesses that are headquartered in another state, do no business in your state, and have no physical presence in your state can be sued only in the states where they operate.
In California, you're not allowed to bring an attorney to a SCC -- only to Superior Court -- so, obviously, there's no attorney fees when attorneys are not allowed.
Some other states do allow attorneys in SCC, however.
They send a representative, probably someone from their legal department if they have one. The important thing is that both you and the company are arguing on much more level footing. You don't need to be thoroughly versed in court procedure, and the whole process is generally a little more lax than in superior court.
With that said, the company can still pump tons of money into things behind the scenes, but because the stakes are so low, and not necessarily precedent-forming, they're not likely to actually invest that much money into fighting you. And even if they do and you lose, since you brought the lawsuit and there are no attorney fees, the most you'd end up spending is the court fees (potentially the company's court fees, but those are minimal too.)
To level the playing field. The idea of Small Claims Court is to have a cheap way to resolve monetary disputes, without having to rely on complex procedures and expensive lawyers. So, since you as an individual wouldn't have a lawyer when you sue someone for $300, it wouldn't quite be fair if the company was afforded one.
Keep in mind that anything you take to a Small Claims Court you can also take to to a Superior Court, where only lawyers are allowed, unless you're an individual, and are representing yourself.
Not every state bans lawyers from SCC. But in California, you'd only face a lawyer in SCC if you sue them for not returning your money, or they sue you for not paying them their fees.
I would have thought ensuring that workers at google, getting absolutely no special access to specific other accounts, is pretty much the most sacrosanct rule.
i.e. Google's unlikely to hand over the dossier they've assembled on 'what your husband has been up to that we considered bad enough to shut down their account'
Most definitely not saying this isn't a false positive - but the handling process for it it must assume it's a positive.
Now why the poster's husband can't get the info - that is somewhat worrysome.
- it's weird to be mistreated by your employer's own product (just the irony bend to it)
- if you want to appeal after a dead end, your choice is to make a huge public PR nightmare, or try to make an internal post/plea that gains traction. you'd be doing your own employer a service if you could have this issue resolved without a PR nightmare
I guess Google's ToS is between the employee's husband and Google and not the employee, the employee's husband, and Google. So there is no authorization for some random employee to "check up" on their partner, even though it sounds like escalating internally should help. (It should at least trigger, "we'd better look into this very carefully", though. If it didn't, that sounds like a problem. If it did, and the result is "yeah, this is legit", that's a very awkward position for everyone.)
I was in a similar situation when I worked at Google. My brother kind of disappeared, and my family asked if we could at least check if he logged into Gmail. I asked and was told no, and I understood why -- it's up to my brother to share what he's up to, not Google. (My brother was fine; just didn't like replying to email or answering his phone.)
I don't think it was a rule before, and I don't think it should be a rule now. This is missing an important opportunity to debug the process, since you have a separate way of finding out what's going on.
If you're not going to use that data when you get an opportunity like this to fix something, what's dogfooding and "trusted testers" all about?
It's sticking in your head in the sand out of a misguided attempt at being unbiased, instead of fixing things.
When i worked there i got my blocked payment acc unblocked with an apology pretty easily. I cant recommend using google payments (or anything other than gmail) anymore though
Someone posted a video on YouTube showing them bullying and humiliating one of my friends. I helped her report it. YouTube ignored it. I worked at Google at the time. I filed an internal ticket and YouTube ignored that, too. Years later, the video is still online.
Companies serve the shareholders. Shareholders want to spend as little money as possible on user support. I think new regulations are a good way to solve this problem for everyone. US consumer protection laws need updating for the Internet age.
That's why you should have email on your own domain. If they lock you out you can quickly-ish migrate to a different provider without losing your email address. Not a solution but definitely softens the blow.
That is my arrangement and I've had it in place so long I don't even have to pay the $5, I have a free private GSuite on my own domain (yes they offered this to everyone 10+ years ago). What I realized today though while reading this story, is that my DNS account is backed by this same GMail account. What if I'm attacked and someone locks out my DNS account at the same time they take the sort of criminal actions in my account that that would get Google to shut it down? I could lose my domain and all my email forever. I think I'm moving to Fastmail.
i actually think it's useful to create a flow graph of all your most critical accounts, and how you might recover them if lost.
If you find many of them flow back to an account you cant control and may be shut down for arbitrary reasons, may want to reconsider your recovery/hierarchy.
yeah I have ProtonMail with 2 custom domains. It's decent I have gotten blocked from sending emails to Google custom domains. Total bullshit IMO, I think they do it on purpose.
Well IMO it kinda makes sense that internally of all places you might actually make it hard to address it along that specific path to avoid any kinda of local shenanigans.
We were spending around $800k/yr just for a single group of car dealerships through AdWords. We registered Google accounts for each dealership, we added them to each dealerships' AdWords account so they could see where and how their money was being spent.
One account from the middle of the batch, while I was the _only_ one with access and definitely had not done anything unusual with it (and certainly nothing we hadn't done with the other half dozen accounts) was banned before we could provide it to the client.
I opened a ticket with the accounts team and didn't get a reply. I escalated through our AdWords contact since account support was, as expected, useless. Figured given overall our company spent millions a year maybe they could at least get this looked at. They were apologetic, but realistic in telling us that there was basically nothing that could be done and it was unlikely anyone would ever respond to the ticket so we should probably just register another Google account and cross our fingers that one didn't get banned.
Found the old email the other day. Just passed 6 years with no response from the accounts team.
I've read so many AdSense horror stories that, whenever I thought to use AdSense, I just gave up out of fear of "tainting" my account. Between the fraud false-positives and accounts getting locked (or even lost), it never looked like it was worth the trouble.
Same here, and they owe me quite some money. They absolutely know it because they then had the audacity to send to my physical address a voucher for adsense after banning me for allegedly clicking on ads, which I never did.
Now every time I have the opportunity to make a case against using any Google service in a business I'm working in... and I worked in a few big Telecom and IT businesses for the past 15 years, like the first internet provider in my country.
It's so incredibly frustrating that no one at Google seems to care about this. They don't even acknowledge this as an issue to be addressed. It amazes me that their callousness still hasn't backfired further.
I was on the receiving end of a similar issue with Google Pay Support for Android and it took weeks for Google to unblock in-app-purchase transactions, even via internal escalations from friends who work there. I guess I should count my blessings that it got cleared up at all.
The casual cruelty and opacity is just ridiculous. Surreal and bizarre that this extends even to their own employees. I really do hope this finally serves as a wakeup call for Google, but I'm not holding my breath.
I have a good friend at Google. The motto they go by is that unless 10000 people are impacted by an issue, it's really not worth their time to investigate.
Just create a new account - no one is ever going to care.
I remember, long, long ago (2011) there was a similar story about a Google account that was banned, and Matt Cutts himself looked into it and came back with a boring, corporate, legalease answer that was most unlike him.
I have been thinking about this for a while. Considering I prefer to keep the important data/emails on Gmail or Google drive for security and I really consider it important. Would it help if Google had a paid tier?
Say, if you can get into an annual plan, similar to what's there for hardware devices like Apple Care+. Just that, in this there is someone to help you through issues.
We used to pay 10% of our AWS bill for the AWS support plan because when you needed the help, it really made sense to have someone looking at it with some SLAs.
A second option is, Google can just make consumer Gmail as an ad free paid service and then provide support for it as well. Plenty of people are paying $10/month for email services, so we have a price point that works for people. Email is very crucial to online identity, and I would trust Google the most with security among the other providers so I would happily pay for it.
Edit: As someone pointed out, they have Google One at least for storage. It has proper support. Maybe it makes sense to extend it for other services as well. https://one.google.com/about
> I have been thinking about this for a while. Considering I prefer to keep the important data/emails on Gmail or Google drive for security and I really consider it important. Would it help if Google had a paid tier?
It wouldn't, because Google is averse to any kind of customer support even for paying services. Even the "support" people that get attached to highly paid YouTube, GSuite, and other accounts get regularly stonewalled like this person and cannot help.
The only solution? Make sure all of your data is always backed up somewhere else.
That's a partial solution. The author noted that account logins tied to the google account would no longer be usable either. The sites can do nothing to help that situation, since most sites do not have a way to "transfer account". I could not imagine losing access on a potential grand scale like that.
True, the full solution is to NEVER rely on Google as a single point of failure for anything. Which means backing up all photos/documents elsewhere and never using your Google account to auth with another service. I've always avoided tying my Google account to non-google services for just this reason and haven't ever had it be a problem.
At this point we've all got these 10 year old gmail accounts that we've used as the recovery email on 1,000 websites, and while... I guess it isn't really a big deal to lose a reddit or ycombinator account, it'd be nice if there was some other option to use as the recovery email for online banking that had the stability of google.
I'd happily pay for some sort of assurance -- "if you violate our TOS, we'll just put your email in receive-only mode" or something like that.
Buy a cheap domain from Gandi for 10 years. They provide free email and DNS. Use that email for anything you care about. Stop using your gmail account and forward your gmail to your domain's email account. Gradually, you'll switch your recovery emails to the domain that you own and control.
The other nice thing about this is you can be bob@domain.com rather than bob2746293@gmail.com and you can provide email accounts to your family and friends.
That's still a SPOF though. Over the years I've had various letters from registrars and registries threatening my account due to missing information or new requirements.
GANDI themselves once accused me of ToS violation because one account uses my initials ( as on my bank account ) instead of my forenames that they demanded. I migrated everything out of that account ASAP.
Ideally you need two completely different domains ( to avoid potential trademark issues ) in two different TLDs at two registrars.
The service is a tool. I would not "never" use a battery powered drill upon it's first power loss. It has it's use case. It is important to understand the limitations of any tool. This author helps us all understand the limitations of google.
Have you not seen all the similar things that happened over the years? This is not a new thing, it’s SOP. And though I think Google is especially bad, don’t ever have important data with a single company.
Start sooner rather than later. It's extremely hard to get off of them once you're tied to their services.
I'm basically down to email and some old Google Drives I need to clean out. Found a project in this thread that should help me with the Drives, just working on email now..
Fully agree. I have a small business that spends 2k/y on Adwords, and support is an absolute joke. I have a significant stake in another that spends 50k/y, and support is the same - terrible. And it's even a challenge to get the bad support - you've got to hunt and jump through hoops to get to communicate with an actual human.
I've heard support is much better for GCP - but for me, the whole Google brand is tarnished, and because of my experiences with Adwords, I always choose Azure and/or AWS over GCP.
We were spending a couple million a year (admittedly, this was probably 5 years ago now I was dealing with this -- so could have been the dollar amount, could have been the timeframe) and never really had a hard time getting a hold of a human. And the ones we got a hold of were generally pretty attentive and actually understood what we were talking about, and could even help most of the time.
However the reps were pretty up front that as soon as a support issue crossed the line onto any other team at Google... you best just figure out a workaround, because even once we'd already crossed the threshold and had someone inside Google working on our behalf, there was just nothing that could be done.
And yeah, this has led me to be extremely resistant to moving _any_ infrastructure we care about to GCP. I have zero faith my account won't just be suddenly banned one day with no effective recourse. And I'd also never recommend any "paid support" option they offered like some people are suggesting they provide, because I'd have no faith in their support team being able to actually solve the sorts of issues that are hard for people to solve on their own.
> The only solution? Make sure all of your data is always backed up somewhere else.
Whenever there is a systemic problem, fixing the system is always a better solution than trying to fix individual behaviors. Backing things up is a good idea but that doesn’t fix the problem, it just helps mitigate some of the effects of the problem.
No. You should be backing up your Google digital artifacts to local storage or an object store you have access to and can control access to (for example, my partner knows how to get to our Backblaze B2 storage buckets and request a USB drive of all the data if needed, which contains a lifetime of documents, emails, voicemails, iCloud photo backups, etc).
If you insist on using Google, keep backups elsewhere. You cannot rely on them for support (although you might be able to get it, don’t count on it).
What is weird to me, is that you can't really back up Google Docs, Sheets, etc. because as far as I know, the document format is closed. I understand you can use Google Takeout, but documents export to Word, drawings to JPG, etc. You cannot continue with the original elsewhere.
That's right. What you can do is use Microsoft Office formats, but Google makes that rather difficult. You have to download as Excel/Word then upload the file and delete the original Google Docs document. You can then edit the Office document in Google Docs/Sheets (with some limitations on collaboration I think).
I found it easier to move everything to Office 365. Google Takeout can export all data directly to OneDrive without having to download anything.
> What you can do is use Microsoft Office formats, but Google makes that rather difficult.
This right here is amazing and describes very well the moment in time we are living in. When using a Microsoft file format is [righly] considered the "open", "friendlier" option it really means the alternative [Google] is terrible. Microsoft used to be the Evil Borg that had everything proprietary.
Several years ago Microsoft (rightly) saw the writing on the wall that the way they were going to compete was to be the open solution to everyone else's walled garden. It has been a strategy that has worked out fantastically well for them and honestly MS is one of the very few tech companies I still have any respect for.
I've been a Google customer paying thousands per month and support was nothing more than lipservice. None of the support agents could do anything and I had to wait for an "account specialist" to reply every 24-48 hours with non-answers and requests for documents that I'd already sent 3-4 times again and again.
Support and customer experience is an afterthought for Google. They probably don't set out to be cruel, but they're very cavalier about incidental casual cruelty.
If Google won't do it, why hasn't a 3rd party stepped up to provide the service? I'd gladly pay a trustworthy company a few dollars a month to automatically backup my gmail, google photos, and google docs. I don't want to do it locally, since that puts me on the hook for assuring physical safety and backups of my backups.
I suppose I could roll my own solution, but frankly I get tired of maintaining my one-off projects like that after a year or two.
> I don't want to do it locally, since that puts me on the hook for assuring physical safety and backups of my backups.
Regardless of where you store your personal data, the proverbial buck always stops at your desk when it comes to assuming responsibility.
Paying someone else to store your data gives you someone to hold accountable to what happens to your data. But that accountability is always limited and doesn't dismiss you from managing that relationship. For instance, the other party is still entirely free to bring terms and conditions to the table, which are meant to mitigate liablity as far as the party which will host your content is concerned.
Put more succinctly, even when you rely on a cloud service, you're still on the hook to assure safety and backups of your own data.
> I suppose I could roll my own solution, but frankly I get tired of maintaining my one-off projects like that after a year or two.
Yeah, I'm gonna prod you on that one. :-)
For e-mail, you could run an script once a month that harvest all your e-mails over IMAP and roll them into TXT, HTML, EML,... whatever. You could go for one big file, or discrete files. You could even pain yourself and fit everything in an mbox file. Roll everything in a ZIP or TAR ball. Then you'd store output file in whatever service you want.
You could spin up a VPS, provision the entire thing and set up a script that does all that as some service or cron job or whathaveyou. Now you've got an entire stack to take care off. Not what you want.
Maybe this is a good use case to go serverless. You could string something together using AWS serverless. Write an AWS Lambda in Python or Java. Should be one single script. Store your e-mail backups in S3 or somewhere else.
The idea of such a solution is that it just runs in the background and it runs in a robust fashion with not too many moving parts. So, here you have something running indefinitely as long as the bill gets paid. Or amazon doesn't cut you off. But at least you've now got your e-mail mirrored on two independent services, which is marginally better then where you are right now. The only other major constraint here is being able to restore your e-mail from that backup in case of disaster.
This is a project I started working on but never finished. The problem is that people didn't care enough to pay for backups because they (are conditioned to) believe that Google is already safe and won't go away. The cloud is this magical thing that saves everything and unfortunately they don't realize otherwise until it stops working.
Because it costs more than a few dollars a month. The net cost to users for Google is zero (or a token amount) because Google makes their money from data mining and selling your meta data.
Email addresses and inboxes are important to people. They are critical to our online identity.
Wiki mentions Gmail having 1.5 billion users. Imagine even 100M of them paying $100 per year. Makes Gmail a $10B product just on paid subscriptions, that is not a small amount.
You need stable business with at least few people employed, to make sure the lights don't go out, and that people fix issues when they come up. Storage cost is probably only small part of the price.
You also don't want it to be VC backed because such businesses will not be worth billions. (and if it will try to become such you will have similar problems as google)
For a competing service maybe, but they're talking about backups. I find the bigger issue is that not enough people believe they need a backup for the "cloud".
> since that puts me on the hook for assuring physical safety and backups of my backups
Only in the event that Google locks you out, at which point you can create a new backup elsewhere. If Google has a copy and you have a physical copy, then Google would have to lock you out at the very same moment your house burns down for you to lose any data.
Google One was absolutely a nightmare experience for me. I signed up at launch, the service had severe issues syncing things. Took almost a week to sync backups that took Dropbox maybe a day. Then it kept flagging a ton of errors that basically said a bunch of my files couldn't be backed up. I talked to support and you do connect to a real person, but there was nothing they could do. then requested a refund, they didn't have the power to do that either. So it got escalated. I was told someone would reach out to me. That never happened. I contacted support again. Rinse, wash, and repeat I don't know how many times over a few weeks before the refund finally processed. During this time I talked to a manager who similarly had no authority to do anything. I was convinced support, though is a live person, has very limited authority and is really other there to relay basics on the product.
Google One is $20/year for the base 100GB plan. I pay primarily so that there's a direct line to support in case something happens.
Otherwise I recommend using your own cloud storage buckets and/or a local NAS to store your data. It's easy enough to backup and sync across all of them now with various tools and services.
For the first time in my life, I was able to talk to an honest to god support person over Chat for Google One support (I was trying to link my wife's storage w/ mine and it wasn't obvious how I'd do it).
Storage is paid, so I assume support is available.
Thanks for reminding about that. Seems like a no brainer to me that they should extend it. Google has so many tools that I depend on that I will happily pay extra for them in such plans.
I think the hope is that you'll have better customer support options if you're actually paying them money, rather than the block hole that is the support for their free tier of products.
To be honest, I don't understand this. Why should someone paying for a product get better support than someone who doesn't? I understand companies which sell plans so that some users can have priority support, but quality should not change according to how much money you give. It's absurd. Everyone should be in the same boat.
Maybe there was a TOS violation here but it would help if someone can explain what went wrong with some SLA unless there is a reason they can't reveal it.
I’m guessing here, but if one were to write that one is unaware of which transgression against the hallowed TOS one has committed it’s possible that a dialogue may ensue... though considering everything I’ve read so far in this thread and others like it, I seriously doubt that.
There was a story a while back where someone had Google One, had their account disabled, and couldn't use Google One's support because they needed a Google Account (that was disabled).
I probably could try to bisect if there is a specific type of data that prevents Takeout on my account, but I haven't bothered as I think I have all the important data otherwise backed up.
If you live in the EU just send them a GDPR request, they'll have to give you a dump within some timeframe. If their bots redirect you to their download UI, contact your regulator.
I do. Seems like that would not be too much work, so I think I'll do just that. I'll try Takeout one more time, and after it fails (it takes a few days) I'll submit a request via their data access request form.
You can now link the takeout to another cloud provider (e.g. Dropbox or Microsoft OneDrive). And configure the takeout to take place every two month (for up to 6 times).
So you just need to configure the takeout once a year and you'll automatically receive a backup once every two month.
This helps mitigate some risk but if you're using OAuth or rely on receiving future emails via your @gmail.com account you're still out of luck regardless
Do Google employees realize how disgustingly evil their customer service is? Forget their free services for a second: you can even be spending big bucks with them every month and be randomly blocked by algorithm with no human recourse.
I understand that Google can’t feasibly provide free tech support for the entire Internet as they’d probably have to have a million employees just answering phones and emails all day long.
What they need to do is find some number (whether it’s $5, $25, $50, or more I have no idea) where they can charge for real customer service. Businesses get shut down and people lose their jobs because of some ad issue they can never find a way to get a solvable problem resolved. It’s sick that Google has gotten away with this for so long.
When I've talked to google employees what I get is they think customers that have issues are trying to scam something. And that allowing a human to try and sort the problem would just enable that.
The amount of money you need to pay google a year to change that attitude runs in the six digits.
I can understand being wary of social engineering and scams, and at Google’s scale it’s almost impossible to imagine how many problems they have to deal with every day, but I think that’s an excuse to duck out of solving the problem because it’s not sexy enough for a Google employee to get a promotion for solving. Google wants to provide
Here’s the reality. Cable companies have methods of verifying their customers identity when they deal with support requests for private services. Banks have a very good verification process. Phone providers use tools like pin codes and other methodology (see https://www.removemyphone.com/learn/prevent-your-phone-numbe... for instance) to solve this problem. Domain name services (even Godaddy and the like) have figured out how to largely solve this verification problem despite their numerous other shady business practices.
Are you telling me that Google with their many geniuses can’t find a technical approach to dealing with this? We have multi-factor authentication and other tools. People are willing to pay money for human support.
I can’t believe that Google can’t figure out some means of providing this. Their refusal to me is one of the most evil business practices on the Internet while they pretend that they’re the paragon of virtue. It’s really sick to me and hopefully this case is a wake up call to at least one Google employee how backward and customer unfriendly their overall practices are.
Your problem isn't Google customer service. Your problem is that your business is, if the case is such, wholly dependent on Google and you can't switch to a different vendor.
I hate that they don't even tell you what you violated, like I'm sure this just causes more escalation and worse negative feelings for basically getting no additional information.
Illegal? Unlikely. A bad business move? Definitively.
As far as I know, the reason no company divulges information like this is to stop the endless protests and appeals from people. Dealing with people who believe they've done nothing wrong even though they have is tiresome and expensive and the more information you give them, the more ammunition they have to protest.
The result is innocent people like (presumably) OP's husband getting shafted by a short email without any details, but it's finanicially unattractive to change the system so without court or legislative action I doubt Google will improve their services any time soon.
The Sixth Amendment applies to criminal action by the government. Google isn’t the government, and even if we were to pretend they were, they are neither applying a criminal law nor imposing the kind of punishments which are inherently criminal no matter how the law authorizing them is characterized, so the Sixth Amendment is far from applicable.
Were they the government, either 5th (federal) or 14th (state) Amendment due procesos rights might be an issue, but, again, Google is not the government.
This is one of the reasons why I've finally began migrating to a custom domain + proton mail. Can't imagine the time it would take me to get back all the accounts registered to my email, not to mention those to which access would be lost forever.
I looked into this a bit a year or two ago, and wasn't happy with the alternatives. The main issue for me is that I never delete anything, and so I have nearly 500GB of email, dating back over 20 years (sadly I've lost earlier email due to the cost of even local storage back in those days). I don't want to deal with the data in any way, sorting through it, splitting it up, etc. I just want to dump it all into an email account and have it forever. Many of the alternatives that offer good privacy top out at 20GB or so for their most expensive plan (or less).
Tutanota was the one service I found that let you add (IIRC) arbitrary amounts of storage to your plan, but I found their web interface to be kinda clunky, and let the account expire. I keep wanting to look into this again, but never get around to it.
OneDrive is pretty damn cheap _and_ comes with access to Office on the web. 1tb per family member, with Office? Goodly.
There's no official Linux client, but there are open source ones that perform well.
You could drop your mbox onto a OneDrive sync and then use fetchmail or similar to rip it out of your provider. Each email could be individually encrypted, so you won't have to deal with a 500gb blob to sync.
I'm surprised Outlook held up. In my experience the program starts crapping itself after the first 3-4GiB of emails, and it only gets worse after that. I wouldn't rely on the file remaining intact for long with such a setup...
I remember services available 5+ years ago that would help you with this kind of thing (scanning through email archives by sender), but the ones I remember have all morphed into "tame your inbox" apps, which doesn't solve the same problem.
What is the advantage of using a provider like Proton Mail versus using a client to make a local back up of important Gmail labels (or regularly using Takeout to back up a email label with your most important stuff in it)?
Unfortunately Protonmail is not good for long term mail storage. Their web mail app has hardly improved in years, and it is abysmal in terms of search and handling thousands of emails. If you depend on PM, you may find some years later that your emails are trapped and incredibly difficult to access except painfully individually, with much manual effort.
I’ve been using Protonmail for years, with many tens of thousands of emails, and this does not match my experience at all. It is far, far easier for me to find old emails sent to my Protonmail account than to my old Gmail account, which seems to randomly decide that some emails shouldn’t be searchable.
Interesting, because I had exactly the opposite experience. My 70,000+ gmail account from 2004 is still easier to find things in than my 10k email account on PM was before I gave up.
I use my own domain and gmail for phone access, but I download all my emails to Outlook via imap. I have about 20GB of emails in outlook (my entire life's emails basically) which are instantly searchable.
Indeed if you are willing to have all your emails downloaded to local disk, but that's really inconvenient if you want to live with disposable hardware and cloud-based storage.
I agree 100%. Used ProtonMail for a while and this is an issue that's made me think about looking to migrate elsewhere. Tutanota had similar problems when I messed around with it last year. It is hard to find one with good UI, my needed functions, while still having a solid security reputation.
I use Outlook to access it on my work PC, the Android app on my phone, and the web interface elsewhere. Seems quite usable and painless, to me; even search.
But then, I fastidiously organize my email and so I don't need to rely on "smart" , privacy violating, deeply intrusive search.
I remember that long time ago I thought that using Google account to authenticate in other services is nice because, hey, I don't need to remember some many passwords. Luckily after so time I decided that it may not be such a good idea ;).
Somehow related - long, long time ago in one of Google services I've used an account bound to my 'external' email that I've been using actively back then. Just few days ago I had a need to login to this service. I know my login (and I still have access to those e-mail), I know my password, but since I haven't used that account for a few years Google wants to send me a verification code on some phone number. Even that the last 2 digits displayed by Google on the verification screen match my phone number apparently I've made a mistake back then and provided a wrong phone number. There is a zero possibility to contact a human person at Google support and their docs in general provide a gentle 'fuck off'. I understand (somewhat...) the scale they operate at, security concerns and hey, I'm not a customer really here. Still it is rather infuriating that I cannot do anything. Fortunately the account and that service is not that important... :/
I've started to untangle myself from Google services some time ago and this incident will only accelerate this. Unfortunately - in general - our dependency on digital services will only increase anyway. With so many services providing some kind of 'free' tiers and all the effort needed to backup your stuff spread across so many accounts it will only get worse.
I am not fond of suggestions to break up big companies, but I do believe that FAANG should be treated as utility companies and not be allowed to deny service to anyone; any termination decision should be left to an independent 3rd party, ideally a public authority, so the big company will not be liable for any account misconduct.
At least if a US public authority decided to suspend his husband's account, he could issue a FOIA request to get the documentation explaining why it happened. If the FOIA is rejected for national security reasons, that'll be explicit. Public records laws and regulations don't apply to a big company like Google, so they can stonewall you forever and not have to explain what their policies are or how they were enforced.
Public authorities are at least theoretically accountable to the public, unlike a billion-dollar megacorp which isn't accountable to any force on this planet.
The spoon might be the most extreme part of that picture, but I wouldn't blink at seeing 90% of those in a kitchen - how are brits supposed to cut meat?
It's hard to keep track because they keep encroaching on knife ownership.
It's illegal to sell a knife to someone under 18! As a Canadian, I owned a half dozen pocket knives by the time I was 10, and took them camping and so forth.
It's illegal for an adult to carry a knife without good reason! I carry one on me all the time, because I often need one.
It blows my mind how far down the authoritarian rabbit hole they're going, rather than addressing the root causes of violence.
OK. And when the public authority is the one that issues the gag order to the company, which is what usually happening in these stonewall cases, then what?
Currently the companies never explain their decisions, so we cannot know if there was a gag order.
A public authority is required to reply to requests unless there is explicitly a gag order. Of course the reply may be _the account is disabled as part of ongoing criminal investigation_ but again, once everything's done they will be required to disclose information.
Fastmail. But the key thing is using my own domain name. You can actually use Gmail safely... as long as you are using your own domain name. If Google (or Fastmail) terminated my account, I could point my domain name to another mail service, and not lose access to any of my other services.
But as long as you're using an @gmail.com address as your digital identity, your access to all of your online accounts is tied up in that single arbitrary point of failure, to a company that does not view you as a valuable customer.
Then the trust is placed in your registrar. Maybe that's where the trust should be placed from your perspective, but do note that you're still choosing to trust another organization who's interests may not totally align with yours.
Atleast where I live, and I choose local registrars, I can sue a registrar for the ownership of a domain, even if it was bought by someone else in the meantime, I can get it back.
The likelihood of loosing a domainname in my country (Germany) is fairly low unless you used it to actively (and provably) spread malware or commit other crimes (and your registrar will have to prove it and better hope they filed a police report, or their cancellation goes poof).
It's definitely not the cheapest option, but if you don't have a large storage requirement, 25 Mail St. is a good option. I host my own personal email, but have set a couple clients up with 25 Mail St. and it's been excellent. By far the best part is the support - all support is done by the engineers instead of customer support staff following a script. They're incredibly transparent about things like support statistics, and are understandably proud of their metrics. The main downside is the low amount of storage offered for the price.
It's run by the same company as Rimuhosting and Zonomi, if you're familiar with either.
I don't really use google for anything; I never did, which probably made it easier than for those who had to switch. For e-mail I run a standard dovecot and postfix set up. For drive, I just scp files to a server. I don't take many photos or care. If I did, I suppose I'd just copy them over to my server as well. I run all of this stuff on a few old boxes at home (ancient laptops, old towers, what-have-you).
As a side question, to those who use google drive or similar, how do you stand it? I hate having to click through a bunch of dialogues to do stuff. Just being able to use a plain HTTP link is much better. I put stuff I want private in a directory that requires HTTP basic auth and it's so much easier. I can copy to/from on a phone by VPNing into my house and using a samba client. So much easier.
Don't use Gmail to signup for stuff. If you lose the account, you lose all the forgot password links, the email 2FA codes, and the communication with support.
Preferably, you should use your own domain (atleast for signing up).
Or use something like Tutanota [0], only for signing up for stuff. They have a very generous free plan. You should open it only to verify new accounts, and for 'forgot password' links.
I use Google Apps but with my own domain. My own domain gives me the opportunity to take my business elsewhere with limited impact. The caveat is that I pay $6 / month (instead of free).
Yep! This is exactly what I do. With Google Takeout, I don't have to worry about data loss if I get locked out of my account or other issues like that.
I have my own domain, and run exim+dovecot on a Linux machine for E-mail. This setup has run solidly for years. I serve E-mail for family and friends. No reliance on some cloud account for what is essentially the gateway to all of your password reset functions. When I first set it up, I had some deliverability problems, but once I had DKIM and SPF set up, it's been rock solid.
I moved my email + contacts + calendar to Fastmail, for files I use dropbox or iCloud it depends on the purpose and I use Apple Photos for photos. All services are much better than Google services.
I would never again trust Google with anything important on consumer services, I had similar experience as the OP.
I would love to see a step-by-step guide on how to move away from centralized services entirely. Maybe in favor of the various federated services that are popping up.
People post guides to HN periodically about how to do exactly this. But it will require a lot of effort and a carefully designed backup/failover plan for when your self-hosted things tank (or get hacked).
When this topic comes up periodically, some people comment about the difficulty of having their outgoing mail often blacklisted or automatically marked as spam when being sent to major email hosts (such as Google, MS, etc.) Have you found this to be a problem?
>When this topic comes up periodically, some people comment about the difficulty of having their outgoing mail often blacklisted or automatically marked as spam when being sent to major email hosts (such as Google, MS, etc.) Have you found this to be a problem?
I had this issue a couple of times (with Comcast IIRC) in the early oughts (somehow I found myself on a RBL/DNSBL). I resolved that fairly quickly.
I haven't had problems since. Just to make sure, I implemented SPF/DKIM/DMARC in my DNS zones. And I'm sure implementing DNSSec didn't hurt either.
And except for those few times 15-20 years ago, my environment has worked like champ.
I use a more privacy-focused email provider, their lowest tier
costs 1 Euro/month and is enough for me, which means I still have near
free email with calendar sync.
I don't upload any photos or other files anymore, though. The
problem is that you can never fully trust those cloud providers
to keep the data safe, so you need other backups anyways. I was
thinking about using a more trustworthy service for off-site
backups though.
Currently I am trying to figure out how to move e-mail away from google, not my personal one, but my company e-mail.
Couldn't figure out yet...
The reason is that despite being a corporate costuemer we don't pay enough to have access to support, and some issues we had, the only thing the FAQ and documentation did was redirect us to a page behind payment.
We already use thunderbird. In fact that is part of the reason we want to move away from Google, they declared Oauth 2 will be mandatory, and thunderbird last I checked didn't had all the certifications needed, and we had a scare when suddenly all our company thunderbirds couldn't login on gmail-based accoutns at all, and we needed them to, to send urgently some documents to the government.
I left Gsuite for Zoho (mail) a couple of years ago after reading so many of these Google account closure scares. I cannot speak to the quality of the Zoho office apps, but their email seems reliable and allows me to have over a dozen domains tied to one account at a tiny cost per month. Fastmail, as I recall, couldn't or wouldn't allow many domains tied to one account (otherwise I would have chosen them).
I don't know if your account was different, but I have 15 domains on my Fastmail account and almost a hundred specific aliases (in addition to the catch-all) and they've not complained one bit.
I don't know why this got downvoted, I use 365 (in addition to other non-Google providers) and am quite happy with them for the accounts I use them for.
This is why having email service using your own domain is important. Should Gmail decide to suddenly terminate your account you can point the MX records to a new provider and be up and running in an hour or two. I would argue that any free email service is a liability. It's one of the things that's very important & worth paying for.
I run my own mail servers on my own domains. I use my own private "cloud" server for storing photos, documents, file sync, contacts, emails, events and everything else. I have minimized my contact with anything Google as much as I can. I have a couple of different Google accounts because I _need_ to have those accounts for work, or a developer account, but I have reduced any connection with Google to just background noise at this point.
Owning and running an email server is a great undertaking. However a lot of email providers will give you the option to use your own domain with their service. Gmail (Workspace) and Fastmail have it and it's pretty straightforward to setup. Even setting up DKIM and SPF is pretty easy.
Also having a backup of the email messages is very handy.
Agreed, it isn't for most people. I have a mail server running on my main hosting server that I have complete control over, with certificates and so forth to make it trustworthy. Then I have an in-home mail server that acts as a proxy, which pulls in all the email from the main server, so that when I type in mail.justinlloyd.domain I end up on a page that looks very much like Google's gmail. And of course, multiple backups of the servers in multiple locations. But this isn't for everyone.
Before laying down judgement on Google, this is standard procedure for any kind of legal matter / fraud.
I work at a bank and it's absolutely critical that we do not let anyone know of our reasons for banning/suspending accounts while there's fraud investigations on the account.
Investigations take a long time since we need to determine if the fraud/criminal actions were 100% done by the user of the account, or if the account was compromised and was used as a proxy. 90% of the times we find it's a third party takeover and the user is cleared. There's a good chance his husband's account was taken over and someone was using his Drive to host pirated movies.
Think about the other side when thinking about a situation like this. I'm sure Google is taking this very seriously.
Mob doesn't care about reason. They don't care about real possibility that Google has banned the account for the right reason and not divulging is the correct thing to do. It is entirely possible that this is due to a much more severe issue like production or distribution of child pornography or similarly egregious criminal activity that they can't divulge other than to the authorities.
Another example of why we need public internet services that aren't run by private companies. Imagine if your mailing address was run by a private company and they could take your mailbox, erase your address, and forever prevent you from receiving mail sent to that address ever again.
Every human deserves an email account, linked to if not publicly exposing their real identity, access to which is not revocable except by court order.
> linked to if not publicly exposing their real identity, access to which is not revocable except by court order.
Not too sure about that. There are some pretty poorly behaved people in the world that like hurting people for various reasons (including none.) I'd rather things stay on the anonymity side.
Every time this happens I think about reducing my dependence on google, however I'd love to be able to make this decision by evaluating the actual risk of this happening.
Does anyone know an estimate of how likely this is to happen to an individual on a per year basis?
Obviously that risk will change as the organization changes, but if it's happening to a couple hundred good faith accounts a year I'd probably put it off for quite some time.
Do you pay them or any of their subsidiaries for anything?
I have cell service on Google Fi. Long, painful (still-ongoing) story short, they shipped me a Pixel 4a that had no cell service. I went back and forth with support for ten days. Then they shipped me a replacement phone. I confirmed my current address. They sent me a shipping notification for my current address. FedEx ended up delivering the package, no signature required, to a town I used to live in five years ago. I double checked and my current address is the only one on the account.
Going back and forth with support has been useless. I paid for a phone that doesn't work, and I'm being charged for service that I can't use. My last recourse is to refute the payments with my CC company....but that also seems like the quickest way to get my entire Google/YT/Google Fi account locked up because it's all tied together.
7 billion people use Google. If you look at the likeliness of it happening to one guy out of 7 billion, it would be very, very small. But the problem is, once it is banned, you will probably lose a lot of important stuff permanently.
It’s probably closer to 70M but that’s probably absurdly off too. I bet there’s 70M people in the US alone who use Google services for valuable information. GMail alone is massive.
More likely you'll get locked out because account recovery now uses a heuristics based algorithm. This is what happened to me, thankfully I had nothing important on it.
There is a simple three-step process to resolving these recurring problems: (1) Surface the complaint on the front page of Hacker News; (2) Stimulate at least 100 comments on the submission; (3) Wait for someone at Google to sheepishly revert the change, possibly without comment.
This is a fine example of why one should NEVER use a free closed (source or company) service for critical life or business functions.
They can and sometimes will shut you off with no reason given, no access to your data, and no recourse (& NO, appealing when no charges are specified, and no info or reasoning for their decision other than "yup we confirmed you violated our TOS", is not recourse, even in a Kafka world).
This guy can get nothing even though he works at Google.
It isn't like these major companies are short of funds to provide actual customer service, they just refuse to do so, basically saying "what are you going to do about it?".
If someone wants to move away from a Google free account, is there a way to see of list of all sites/apps that they have previously granted OAuth access to?
I found a way to view this if you have a paid admin account for your organization, but I don't see a way to view a list of previous OAuth granted requests for a free Google account.
Thanks for this. My list of sites that I have used my Google account to sign in instead of creating a dedicated account is over 4 pages long! I didn't realize that I use "sign in with Google" for so many sites. :-(
Phone numbers are just sequential numbers, that are assigned to carriers, when consumers transfer numbers the carriers just re-assign ownership via an assignment swap.
An email address by contrast is an undefined/minimally defined identifier in front of an @ and the message is just thrown to the domain to do something with.
Which is to say, mobility is impossible, because there's no cross-vendor standard for the identifier part and even if there was, both parts make up an email address which would send it to the wrong vendor anyway.
It is like having a phone number that ended with a network specific postfix and using it to route at the network level. It would make phone numbers non-transferable too.
At least here in the UK, phone numbers are generally network specific - including mobile numbers. Companies don't just reassign ownership, the original owner of the number has to actively forward calls. This causes some issues when a provider goes out of business and Ofcom or whoever have to call around and ask nicely for someone to take on forwarding for their number ranges. (There's talk about fixing this with a big central database, but I don't think it's come to fruition yet.)
Well, Google would be required to eternally hold your email address available for you and forward any incoming mail to another email of your choosing while also allowing you to send email via another provider (SMTP relay).
Every time something like this comes up either with Dropbox, Google, or whatever big corp who owns your data, I suggest everybody to try out Nextcloud!
I use it for years, because it's a very liberating feeling to OWN YOUR DATA and not be in a risk of something like this. It's even more convenient than any cloud drive I tried.
My Dad has all his photos on a PC and HD backup. If something happens to him I know I can recover it all, I'm glad he doesn't rely on Google Photos, dropbox or similar.
Unless the disk is stored offsite then better install him some simple automated backup anyway. I keep such in case of theft or fire, hope it is never needed.
I was very happy to get one of the first Gmail accounts in my country, when it was by invitation only.
But this is a distant memory, and nowadays I avoid relying on any single big corporation for anything. Particularly I avoid Google.
My main email is in my own domain(s) (paid in intervals of ten years) with gandi.net.
Using Duck duck go everywhere I can.
I have an Android phone by necessity and because there is no real alternative. I download all my pictures and store them with pCloud instead. No G-drive or Dropbox, as I can't trust these services at all.
My Gmail account is used for things that can get spam. All important accounts are in the email of my domain(s).
If Google decides to cancel my Google account, it would be a minor nuisance, mainly related to reinstalling the smartphone apps with another account, and that's it.
Issues like this- are why I jump’d through hoops to have a somewhat secure , somewhat reliable, and somewhat consistent- on-Prem back up of my Google (gsuite) data.
It’s not as easy and robust as it should be, but it helps me sleep a tad bit better at night.
I just had that same panic realization. Turns out it is pretty easy to do manually.
From GSuite click the 9 grid dot application menu and choose Account. Go to "privacy & personalization". Find "Download or delete your data" section and click the "Download your data" link. Seems to be a comprehensive download system including everything I could imagine (including my gmail history which is probably most important).
If anyone knows how to automate this, (e.g. to my local machine using a script, or iCloud/Dropbox) I would love to hear it.
I've been slowly trying to decouple myself from google in the last few years (/decades) ... but I have stuff that goes back at least 2 decades that I have been lazy / hesitant, e.g. contacts on the phone (since I doubt I would have the necessary patience to import / export / sync contacts manually anymore).
But ... seeing this kind of thing, I need to reconsider and at least keep a monthly backup or something ... as far as you know, it's not even going to be your fault when you get locked out, so you shouldn't assume it just won't happen to you.
Local backup and sync for contacts and calendar can be made using vdirsyncer. mbsync or offlineimap does the same for mail. All of them can be deployed as services to do automatic sync. Some client software can use these local copies directly.
> In the meantime I tried to escalate internally and they're being a brick wall even tho I work there
> And this is how it ends. No one fucking tells me to assume good intent ever again. Fuck all of this. Our lives are in a bind because of this BULLSHIT
Tiniest violin.
Too many Googlers like him (and here on HN) mistakenly believe they're not evil, just because of that motto (which Google removed) and because the workforce is full of progressive agitators.
The entire thread is full of people jumping on the hate train, did anyone even stop to consider that Google is right on this?
https://support.google.com/accounts/answer/40695?hl=en There are two points here: first, they claim to provide a reason for closing your account when you log in to your google account (not google service). The OP provided what looks like google service notification on his mobile, but could be on desktop (thanks to reply for noticing this). Second, after escalating the issue internally, decided to email (internally) people saying this is an attack on his family. He is also publicly looking for a job. This seems like a severe overreaction for a google account ban... I think there is reasonable doubt here to suspect something is wrong here more than "Google decided to arbitrarily ban a specific account among billions in order to target one of their employees."
The OP is claiming that. It is the purpose of their most recent tweets.
What I'm saying is there shouldn't be outrage until we figure out that the OP isn't lying, which there seems like there is reasonable doubt for. Because for very evil circumstances I wouldn't expect there to be transparency either for legal reasons.
That's my bad. Because the gmail link later in the thread is very likely to be mobile, I assumed as the first screenshot was so centered that it was also mobile. But it could be on desktop, so I edited my response
This is a good reminder to always backup your photos/docs elsewhere - if you have one Synology has a good Google integration that will do this automatically (I then send it up to Glacier for off-site). And also - eschew the convenience of OAUTH - just create an account at every site - it's annoying but at least you avoid you're entire life being locked out.
This is a reminder to get away from google services. It’s just not worth it. Give a few bucks Each month to a company where you are the customer and not the product.
Synology also allows you to run your own contacts, calendar service and has a Google Photos equivalent called Moments (which includes the mobile app to autobackup photos).
The difference? You own the data on your own drive.
Synology also allows you to run your own mail server, with a web app similar to Gmail, if you want to go down that rabbit hole (MailPlus/MailPlus Server).
Reminds me of Amazon. After I listed my own book for sale there, the account can no longer go anywhere near any page related to sales of other products, returning a "Not Authorized". To even read about the subject, I have to log out first. My account with twenty years of trust history has been reduced to buy only. Should I abandon it? I'm not sure.
Has he done anything to raise the ire of the American intelligence services? The agencies that gave us https://en.wikipedia.org/wiki/COINTELPRO and the like still exist. Google is not ultimately in control over matters like that.
I have done this and it depends. There were several ways provided by Google how to export the pictures and upload them and they killed them all. The last good way was to link your Google Drive with Google Photos and then install it on desktop and let it download the whole library (and then install iCloud and let it upload everything). Google Takeout isn't without issues, a lot of people including me had problems generating the takeout link, it failed for several tries and took days. And then they break Live Photos take on iPhone which were backed up by Google Photos, Takeout doesn't export them in a proper way (maybe it does now, I don't know).
There is just no simple way how download Google Photos. Compare this with iCloud which does this by default.
So what I did was kind of stupid - but it allowed me to transfer all pictures from Photos to iCloud in full quality and including Live Photos. I downloaded Google Photos on iPhone and then I selected as many pictures as I could by dragging the finger and then click "Save to Photos". iCloud will back it up. Rinse and repeat. You can't select more than few hundred, so it took me a while to upload 70 GB.
Totally worth it - I am never going back to Google Photos.
Since you're bringing up the idea that perhaps the ban was legitimate, it really does need to be mentioned that one scenario here is that the user did actually fail to comply with the terms or policies.
But even if this were the case, it is pretty unfair to not at least know what you are being accused of.
I was planning to move away from Gmail, once I ran through 15GB of free quota. After reading this, I am thinking that I need to move to Fastmail sooner. I did not realized that my logins throughout the Internet depend on Google. I can not have anything critical in my life to depend on Google. I guess it’s just risk management.
Does Google also disable access to Google Takeout when they disable accounts? If so (and I assume they do), IMO that's really the worst of it. It's bad enough that they arbitrarily and capriciously disable accounts, but then to also deny you the ability to take out your personal data... that's reprehensible.
Everything is locked away. Happened to a movie director. Lost all of his YouTube, blogger, business email, everything. Never recovered any of it. It was why I switched away from them and will never trust them with anything important / irreplaceable.
I think whether or not takeout is disabled depends on what happened with the account. If the account has content with legal problems, it could be really really bad if someone used Takeout as a free image host with Dropbox/Onedrive integration
This is absolutely terrible. All these other companies deal with fraud and abuse in a more humane way. Why can't Google do the same.
If someone's actually in charge there, they need to really do a big shake up in whatever team deals with these fraud and account closures as they've been ruining the brand
This year I have completed by goal of being mostly google free. I have yet to replace the Chromecast. Other than that, the transition is complete. I don't want to be held hostage by a single monolithic company with more resources than most nation states.
My approach with Google and these other big companies is to use their free services but treat them as disposable. For example: I use Google Photos all the time, but my photos are also synced to OneDrive which, in turn, is synced to my computer giving me offline copies as well as another cloud-based backup. I use Gmail (and old Google Apps accounts) for email, but I have MS Outlook continually running on my desktop PC syncing all email accounts to offline PST files.
The key takeaway is to not to get reliant on any service (free or paid) without having a backup plan if it went away.
So all of his husband's data, including "very important and irreplaceable" personal photos, are inaccessible due to a presumed ToS violation. I wonder that violation could be...
No one will read this, but as a public service I have to say: Storing data you need without backup, or maintaining a channel of communication that you can't replace, with a company you don't pay money on a regular basis, is a recipe for disaster.
Tech companies love to be roach motels for your data. They want to lull you into dependence on their platform for mostly innocent reasons. If they have something you need make sure you have your own copy.
Yikes. This prompted me to quickly find a way to backup my years worth of photos on Google Photos. Was looking to move over to a self-hosted Piwigo instance anyway.
This is the part that everyone overlooks when they're basking in the glow if their fancy new free email account. You're not really a customer in the traditional sense, so you have very little leverage. Don't rely on such an account to be the center of your digital life. Don't rely that way on a paid account, either, but still, especially not a free one provided by a huge megacorp.
We, the users of Google's services, are not Google's customers, even though we think we are. The advertisers are google's customers. So when you reassess the 'relationship' this way, Google abusing users is totally fine- Google has billions of users they can treat poorly. They can't treat advertisers poorly.
My account at ads.google.com is suspended because of suspicious payments. I never did any payments.
I am running a full-scale business using admob and other Google services. I don't see any impact from the suspension on the other Google services luckily.
I send numerous appeals. Not even a single response. Already for 3 months now.
They show me a text saying that to log in, I have to give them my phone number. Well, I don't want to give my phone number to Google. When I signed up, it was not stated anywhere that one day they might hold all my data randsom and blackmail me to give them my phone number.
I honestly moved my main email to Microsoft outlook and I have a ProtonMail for more private communications.
Gmail is not that great anyway, it’s too heavy to use their webmail and using IMAP is a major pain due to their stupid labels and not having real folders.
Sure, there are standards for SSO, like OpenID Connect. Your biggest problem is just that most websites and apps refuse to support open standards, preferring to give people the choice of Google, Facebook, or Twitter.
So you can easily set up your own SSO, but nobody will let you use it to log in.
Yes. I don't see ANY advantage of SSO if you are using a password manager like 1Password which autofill strong passwords and even 2FA if you want. Why would I want to use Google Sign In in this case? It's a single point of failure and you are making it easy to link all your services to a single identity.
> Is there a technology that we should be driving adoption of that would allow me to host my own SSO?
OpenID was that technology, but it didn't really get any adoption. OpenID Connect seems to be the replacement based upon OAuth, and seems to be pretty easy to implement if you already support OAuth.
If you are using Google drive will you lose the data on your local as well? I have a huge amount of work, it would be devastating to lose access to it. I do have backups on storage disks, but still...
This is why I pay for Amazon Photos as well and use double the data/time to upload to both. I don't want google's AI or employees nerfing my entire family photos archive.
Fairly light evidence of a similar problem with Google. Even if so, at least I have photos in two clouds and I would guess there's little chance of losing both accounts concurrently. And Amazon customer support can be reached.
I use OneDrive, iCloud, a couple HD for backup of my stuff. I also have duplicate of my OneDrive and iCloud stuff on another storage in case both company does something unexpected.
This happened to me. Luckily on a gmail account I don't use much - but it's a wakeup call for sure. Moving out of Google, finally, after years of being on the fence.
seriously I just checked the google takeout page and saw a looong list of services. I would be devastated if somebody were to 'disable' my google account.
Because it just creates more problems and work. In our small SaaS we were saying to users why they are banned: spam, abuse, fraudulent cc, etc. and that created just more work for us because these users will then write ‘reviews’, emails, etc how they are not spammers and how we are bad company. Better to lock them out and move on.
Of course, we are small SaaS and not Google but sadly I’m not aware of a better solution.
Everybody not living under a rock knows that some day you might get banned/destroyed by some amok running script from Google. Are we supposed to be enraged that this can happen to buddies from Google employees also?
I remember my buddy using his gmail account as an SMTP server and spammed people with it then got locked out of Google and they cited this as violation of their terms.
Have they completed the official escalation procedure for resolving issues with Google products?
It sounds like they're at the point where they are supposed to contact a friend who writes for the New York Times, or similarly prominent outlet, to have a story written about their predicament.
This usually resolves the issue, but if it does not, they should run for and win a U. S. Senate seat, then forward the details of their issue on official Senate letterhead.
Wait, what? There are only 100 US senators and Google already spends tens of millions of dollars per year lobbying them. I'm not saying I agree with the GP point, but if Google wanted to give those senators free personal tech support it would not be prohibitively expensive.
I understand this is frustrating, but reading through this person's thread, it reads as an absolute temper tantrum. A few choice quotes:
> Our lives are in a bind because of this BULLSHIT
> I am out of office reconsidering whether I should work at a company that continuously escalates its attacks towards my family.
> [looking for]... A company that provides a steady salary and respects me, my nationality, culture, ethnicity, sexuality and my family
It's very hard to take this stuff seriously when someone is claiming lack of access to to their emails and photos is an attack on their life, family, sexuality, etc.
Not sure about the race / sexuality stuff but my life would be in turmoil if google took away my google account. I have possibly hundreds of accounts linked to it, as well as correspondence and billing info for 10s of physical services.
"Hey, I'm going to leave the control of all my personal files to a faceless third party who can arbitrarily lock me out of access without due process."
No. Don't use the cloud for that.
"But maybe we can fix the cloud by adding more cloud to the cloud, so that we can back up the cloud to the cloud?"
No. Stop using the cloud.
"But I have (hundreds of gigs of photos|twenty years of emails) there! I was going to pour a glass of nice Chablis and gingerly sift through them all on a Tuesday evening!"
No. Stop using the cloud.
"But I'm working on the next Great American Novel and I couldn't possibly be tasked with syncing a backup of it to a USB stick!"
No. Stop using the cloud, damnit! How hard is it to understand?
I will say that I can only imagine how annoying and frustrating this is, but the way he's approaching this on twitter is not going to win him any fans in his reporting chain. In a fight like this you need senior management as allies wanting to help, not as enemies as you stomp your feet and embarrass them.
Reporting chain wasn't helping him. This is obviously his last resort. I pay for Google services and stuff like this is motivating me to look into migrating away (the only thing I _actually_ care about is mail).
Some people care about more than just money. Not trying to brag, but I did get an offer from a FAANG company which I turned down, suspecting that I wouldn't be as happy there.
Personally ethics play a big role in my happiness, but I acknowledge and appreciate that being able to chose is a rare privilege.
This is exacerbated by the fact that 9 out of 10 times a story like this appears it's an algorithm gone rogue which its billion-dollar shepherd assumes is infallible.
The remaining 1 time it's because someone knows how to abuse reporting systems to get someone locked out on purpose.
The only reason these tech companies managed to get so big is because they'll cheat at anything that requires human scale. Support, moderation, taking responsibility for the content they host. They somehow managed to skirt on that just as the web was transitioning from a wild west to a somewhat ingrained, regulated place and the world is worse off for it.
Because they skirted on all this, they are now somehow the world's gatekeepers on modern communications. If you don't play ball with them, you're cut off from almost everyone. Their recklessness and callousness ironically put them in the position to rule over the rest.