This is genuinely scary. Photos, Yale locks, Fi, WiFi and Nest thermostat can all be poof gone because I made a silly YouTube comment? How is this not regulated?
Google photos also 'helpfully' offers to delete your uploaded photos with 'some guarantee'!!!
If this isn't an indication of a giant shitty monopoly that doesn't care about its customers at all, I don't what is.
They have some AI ML fucking crap but can't figure basic user trust because that won't get anyone promoted nor grow some Director-level person's headcount.
Large promo-manufacturing teams that casually handle all your data. Pray to God that some L4 didn't get promoted doing some impactful work because they sure ain't gonna do maintenance work protecting your shit. Their motivations are not users, product nor team: manipulate some metrics to get promoted and move out. Horrible.
I got gmail accounts for my kids after they were born. My youngest, 12, attempted to sign in from a Windows PC in our house and was told that they could not verify that it was her.
Keep in mind, this is the same public IP address that we've had for ages. I am the recovery contact for the account since she is a minor, and have filled out the forms several times now, even giving the exact date and the "verification code" from when the account was created. We are now stuck in an endless loop.
She can still access her account from a macbook and from a linux desktop, but I fear once she is signed out that she will be locked out forever.
All of my important stuff (finance, etc) is in protonmail now, and I'm happy that I made that move.
The only thing worse than hanging your identity on @gmail.com is @comcast and the like.
If you can, your own domain backed by a fastmail or a proton is the sweet spot of easy and flexible, or at least an @fastmail, @proton or similar. With payment comes the possibility of human support, which I have received easily from fastmail.
I have my email going to my own domain, but can’t figure out how to ground it out in anything other than someone else’s tld.
So, now I’m in a situation where, if my gmail account gets banned, and the DNS provider decides to reset my password, then I’m permanently locked out of everything. I could point my DNS provider at my “real” email address, but that’s even worse, since needing to update the MX record could lock me out.
Does anyone have any creative solutions to this problem?
I would probably recommend two things: 1. Move away from Gmail as soon as possible, to a service like Fastmail or Proton Mail; 2. Have an email from that provider as the “last resort”, i.e. hedora@fastmail.com, while using your domain name based emails for most other things.
This doesn’t solve the “everything is in one basket” issue, but you don’t hear stories of these email providers just “closing” an account and causing immense trouble for the person, at least in part because they have actual support.
> I have my email going to my own domain, but can’t figure out how to ground it out in anything other than someone else’s tld.
What do you mean "ground it out"?
As a consumer, I suspect hosting a "holding" domain, and possibly email, with AWS Route53 DNS might be a sensible approach that wouldn't break the bank. AWS has policies on account and password recovery that even include a notarised affidavit.
It might help to further separate your AWS account from the Amazon account you use to shop with, since there's a chance Amazon might be trigger-happy with banning if you violate one of their shopping policies with too many returns.
> As a consumer, I suspect hosting a "holding" domain, and possibly email, with AWS Route53 DNS might be a sensible approach that wouldn't break the bank.
This is what I do.
Totally isolated AWS account that owns `my-account-recovery.com` in my country-code TLD (because I have legal rights and strong and easy access to appeals processes with that, so unlikely the domain could be wrestled from me and likely I could eventually regain ownership if lost).
I use Amazon SES for incoming email to simply drop all incoming messages as objects in a S3 bucket.
I have SNS notifications going out to my regular operational email whenever a new message comes in with the metadata (sender, subject, etc but not the body as that could contain actual reset/account recovery links) so I can keep an eye on what's coming in.
Haven't looked at my bills lately, but including domain renewal and stuff this is maybe $100/yr to establish this as a root of trust/access. Even if other accounts are breached/suspended/etc, I will still have access to this account and can recover my way down from there.
I'm putting all my eggs into the AWS basket here, but I've had a good experience with them in the past and I really can't find any examples of people being locked out of their accounts in the same way I can with Google. And I know from experience that it's not impossible to get in contact with a real live person when it's required to resolve an issue.
Shouldn't you still be able to prove your identity to your DNS provider through your name, address, birth date, security questions, past correspondence, bank statements etc.?
Without going to the step of moving photos, mail, contacts, etc. off of Google services. Are there automated tools available to periodically export that data?
You can use the "download your data" feature of Google to download a copy. However you have to manually trigger the export. Also no incremental download so it can be a lot of data being transferred.
Unfortunately, you still need to manually download the data each time. There's no way to automate this. There's also no way I know of to directly upload a takeout zip to another service and continue. There's also a (generally long enough, except when you forget) time limit on downloads, as well as a download limit (have a crappy internet connection, and lost access to a file? Start a new takeout, wait for it to be available, and try again)
If takeouts could be configured to download automatically through Google drive, that would be amazing.
I love protonmail! I made the switch a couple years back and haven't looked back, with one exception- my city's utilities company blacklists protonmail, so in the handful of times I've emailed them (specifically there were three times they've shut off my water because someone with a very similar looking address didn't pay their bill) with proof of something-or-other, it supposedly doesn't make it to their communal or "personal" inboxes. This is the only time I've had this kind of problem though- protonmail has served me well.
If they’re incorrectly shutting off your water, read up on your legal rights, and then send a polite letter to their legal department and the local utility regulatory board.
Public utilities are highly regulated, and do not have the right to interrupt your service.
> with one exception- my city's utilities company blacklists protonmail
Why do they do this? Did you contact them about it? I would say it seems, at face value, that your city's utilities company did not serve you while Protonmail did.
> that your city's utilities company did not serve you while Protonmail did.
That's fair- that's a better way of saying it. Every time I've had to email them (which admittedly has only been a handful of times) with proof of something, I always end up calling them up and they'll say "but protonmail isn't on the blacklist that IT posted, so you're lying or you sent it to the wrong place," then I'll send screenshots from a different email provider proving that I sent the protonmail email(s) to the right place, then they'll say "oh, I promise to talk to IT to get this straightened out."
There are a few things that protonmail is not good at, but I guess I've learned to live with them.
1. You can't search message content. gmail is very good at this, so I've had to become more organized to make sure that I can find a particular message in protonmail.
2. Notifications on mobile do not clear if I've read the message on another device. I have to open up the app and sync to stop them from popping up with outdated information.
3. I wish that there was a way to mark a message as archived and read from the mobile notification.
all these issues sound more like client issues than protonmail service issues. why not just use a different email client to connect to protonmail, such as Spark?
The only issue I've ever encountered with Protonmail was Digital Ocean. For some reason receiving a password reset email through Protonmail took forever. I thought I'd entered my email incorrectly, but nope. Eventually came through, but from what I could find, it was a known problem.
Of course not -- Family Link was introduced in 2017 and this account was created in 2008. I don't remember the specifics, but I do recall having to provide my information since she was under 13.
edit: Family Link is also for android devices and chromebooks. She doesn't have a phone / android device or a chomebook.
I did sign mine up using fake birthdates well over ten years ago, my children are 13 and 16 now.
Long story but fairly serious legal issues issues with their mother making false claims of care/activities etc and needed things like calander and location tracking services and this was just by far the easies way at the time. For safety reasons I put a forward to my gmail of all their incoming emails, once again best known option at the time.
I sense a problem possibly looming, but not seeing that coming clean and engaging with Google likely to be a happy experience.
Anyone got any advice, other than abandon current accounts?
God, the dreaded endless loops. I've had it in Music, Play and several others. More fun is when a human enters the "loop." Yes, I've cleared cache and cookies, yes I've rebooted. In fact, with Music I'd even bought a new computer in the meanwhile, since the loop happened for literally years.
Cue the "businesses can choose who they do business with!" and "if you don't like it, build your own!" people.
We signed up for many of those things individually and they've connected them more and more. Now we have a single point of failure that can take down everything across all your sytems.
And it's not just those. Don't forget about Google Voice, Android, and every service where you used "sign in with Google"
Business should be allowed to choose who they do business with, they already choose to do business with these people. The problem here is they want to unilaterally have the power to termination the business relationship
This is a problem with one sided none negotiable terms of service being considered valid contracts under the law
They should not be.
We need to change data ownership laws, and force companies to do vetting on Account Creation, and put in provisions on how accounts can be terminated once a company accepts a user owned data. i.e Accounts must have a human reviewed appeal process, with full and articulated reporting as to exactly which rules were violated, and exactly what activity was the violation. And have a View Only data Take-Out period
Exactly. This isn't so much an issue of "Companies have the right to do what they want (within reason)". It's a typical issue of monopolies and dealing with a large, faceless corporation. Anyone who's ever dealt with any corporation of any significant size can tell you similar stories to this.
One of the big problems is that if you have all of your eggs in one basket, there are much more chances to fuck up and get banned. If I post some shit on YouTube, that is unconnected to my Fastmail account. However, it is connected to my Gmail account. If I get Zucked from Facebook for posting dumb shit, and dependent on Messenger to communicate with people, I'm fucked. By diversifying your compartmentalise your risk.
This raises a question. If you're well marinated in Google services, like me, what do you do? Is there a comprehensive, simple, and easy way to port everything?
Perhaps there's some authoritative site about what exactly you need to do?
My two cents would be don't worry about a comprehensive degoogling plan. Just chip away at stuff until you feel like the risk level is acceptable to you.
For me, that started with email. Email is a root for a lot of your digital identity.
I can't guarantee access to @gmail addresses going forward, but I can at least _start_ fixing that problem. I picked up a new domain, hosted the email with someone else, and set all my other accounts to forward to it. I updated a few really critical things right away, but for the most part it's just as I go log into various accounts with the old email address, I update it.
I didn't really bother trying to migrate the email out of my gmail account. Instead I did a bulk download from Google Takeout so I know I _can_ access that old email if I really need to find something.
Six months or so in, the bulk of my identity is now tied to a domain that _I_ own, and email hosted with someone I can trust more than Google.
It's not perfect, but already the impact if Google were to suspend my account has dropped immensely.
Cutting Google completely is something you do on principle. Instead, just look at what the impact of losing access to various services would be and address those specifically. (E.g., losing drive? Switch to NextCloud if availability is a concern; or set up a regular Takeout download if data loss only is a concern but an interruption in availability is okay, etc)
I've never actually used it for editing documents, I just use it more as a Dropbox replacement for backing up / syncing files.
In that case, depending what your actual acceptable risk/goal is... continue using Google Docs and set up a regular backup? Your worst case is that Google Docs goes away tomorrow, and you still have all your data you just need to spend a bit of time restoring to a different account / setting up alternative software / etc and move forward from there. For most people I expect that's more than enough.
You can export a lot of your content at takeout.google.com. Debundling these into other services is the main challenge, you have to shop around.
If nothing else you should set up your own email address, even if it is just a simple forward to your gmail. Google blocking access to your mailbox would be pretty bad, having control of your MX record gives you an out.
I'm not sure there's an easy way to port everything (few services integrate across so many fields as seamlessly as Google does), but this Reddit post has a huge thread of alternatives to common Google services: https://www.reddit.com/r/degoogle/comments/g1yu01/google_alt...
For me, I've switched to DDG full-time for search and I'm veeery gradually swapping over to Protonmail for email (using Thunderbird as the client to ease the transition). Once email's over, I'll be able to rest a lot easier.
However, if you're a heavy Docs user, NextCloud is a Google-like suite with a few hosting options (self-hosted, third-party host, or enterprise).
One key point is that you do not want a single all-encompassing alternative, at least one that is a remote corporate-run service, as this simply replicates the risk elsewhere.
The principle options are:
- Integrated replacement services. Don't do this.
- Multiple independent free services. At least you've diversified risk. Mind that these may (and likely will) consolidate with time. Skype, WebMeeting, Instagram, YouTube, GitHub, and Blogger were once freestanding companies. They no longer are.
- Self-hosted solutions. NextCloud, FreedomBox, etc., or DIY service bundles on your home, office, and/or a hosted service can avoid the problem entirely at least for highly stateful services (email, contacts, files, documents)
It doesn't need to be (and shouldn't be). Just use an email provider that respects you as a customer and don't put all your eggs into one corporate basket (especially not one that treats you as nothing more than data cattle). Horror stories like this one will, over time, educate people that this behavior pattern is dangerous.
IMO self-hosting is the ideal because that aligns responsibility with incentive (and it can be done extremely cheaply), but if not, there are paid email services that actually treat the user as a customer.
This victim-blaming needs to stop before the tech industry backlash hits. This is exactly why we need regulation. I swear, if "just go somewhere else" were good advice (and it's not), we wouldn't be having this conversation. How many years has it been, though, that Google and other consumer-ignorant companies have been able to get away with this, helped along by people who tell victims to just "go somewhere else"?
Normal people will only put up with this for so long. Either regulate it intelligently now, or expect actually scary regulation a decade or two from now.
There's nothing wrong with a law that says: "You cannot close a customer's account with no remediation, no recourse, and no explanation." What is Silicon Valley so afraid of there? How is that unreasonable?
How do you change people's mindsets from 'free is good' to 'free is bad' though? They're not planning on being customers of Google.
>This victim-blaming needs to stop before the tech industry backlash hits. This is exactly why we need regulation.
Google will simply dilute the language of the regulation, to the point where they will simply add a "your account can be deleted at any time for any reason, proceed at your own risk" popup during sign-up, and people will happily hit continue/next.
Systemic reform can't exclusively happen top-down or bottom-up. There needs to be some of both. We need to stop giving Google free good-will on HN. Stop up-voting Google product launches, stop promoting Chrome, etc, etc.
I think it is reasonable to have the position that Google is big and powerful enough that it cannot and will not be regulated by, say, the US government. Or rather, that it has enough permanent influence such that any regulations will be watered down to be de-facto meaningless, or in most cases, strategically beneficial to Google themselves (substitute chosen megacorp here).
For real. If we don't do this ourselves, then the hammer is gonna come down much harsher and with much more reckless abandon in the future. It'll look closer to SOPA than anything reasonable. I don't want 80 year-old dinosaurs in Congress making these decisions 10-15 years from now because we couldn't get our shit together.
What do we expect to change between now and 10-15 years from now that will make regulation harsher? Assuming bad behavior from tech giants continues (and, crucially, continues to be publicized), I would assume by then a competitor will have come along to take the bad-behaver's business.
After all, 15 years ago we still thought Google was "not evil". A lot can change in that time.
> Normal people will only put up with this for so long.
Agreed. Then they will learn that Google is not to be trusted with email and move to a provider that is (sort of like how kids migrated away from Facebook when their parents showed up, even though Facebook remains a dominant brand). Disruption occurs when an incumbent is bad at something which the disruptor beats them at. In this case, there is an opportunity for an email provider to disrupt Google by providing actual customer service. Protonmail is already making waves in this space (in addition to the encryption).
The reason I'm anti-regulation is that every law is a headache waiting to happen (and one more barrier to entry) where to me -the- beauty of the internet is that there's almost no barrier to entry once you have an internet-capable device. The more we regulate the internet, the more difficult doing something as simple as running a personal discussion forum becomes. Regulation is, at its best, a necessary evil, to be avoided until no other solution has proven viable. And there are plenty of other solutions for this particular problem.
And to clarify, I'm anti-Silicon Valley (IMO venture capital's expectation of high returns is the direct cause of many of the "evils of tech"). But I do tend to agree with the anti-regulation stance. IMO the problems people want to solve with regulation (even including GDPR) are better solved by better tech and organizations that align their incentives with those of their users.
If you are a “customer”. How many people pay for google services? I know it’s kind of jerky but I still agree that if you aren’t paying for the service, you have no leg to complain about it.
Google isn't doing this out of the goodness of their heart. They're expecting to make money off of every signup in some way. Directly or indirectly. If they want to continue their dominant status, then they should be responsive in some way to their users.
Sure, they have the right to cut off users any time they like. But it's ultimately self-destructive. Once trust is lost, it's difficult to regain it. I've moved away from my Google dependencies as much as I can, and have urged friends and family to do so as well. I'm only influential with around two dozen people, but once you start multiplying people like me by the millions, then Google has a problem.
And I'd argue it's at least a little immoral. Their services, especially Gmail, were set up in a way to make users highly dependent upon them. Google wanted that dependency for their path to near-monopoly status. To suddenly cut them off without the option of support or a clean exit creates real world chaos as the users try to pick up the pieces. Your email address might not be used much socially these days, but it's crucial for business contacts. For logins and customer interactions. The loss of it can cause serious damage. Google may not be legally responsible for the damage caused by a user's loss of their free services, but they're arguably morally responsible. Maybe they should pop up a warning to everyone using Gmail: "Don't rely on us. We're not going to do anything to help you if you can't use it one day."
Or more precisely: Why do you think any outsider could understand Google's rational?
History is littered with the corpses of successful companies that lost their way.
Today's Google reminds me of General Motors. Utterly dominant, untouchable. But needed to keep making more money. So they bring auto loan financing in house, GMAC. Woot, more money. But they forgot how to make money making cars. So upstarts ate their lunch.
It's a rough analog. Maybe IBM is closer.
The point is Google's rolling in cash despite their antipathy towards their end users (note that I did not say "customers"). Which will continue to be fine, until it isn't. And then it'll be too late.
We do not pay for a home address, and yet people can still reach us there. Email is just as important as physical mail -- the problem is that the economic model changed. This means there is no incentive to maintain service, even though (in my mind) in the modern era an email address is possibly more important to a person for day-to-day communication.
I mean we do not pay the USPS or FedEx or UPS, etc. to agree to send mail to our address. I was making a comparison between mail and email services. Hopefully this clarifies what I meant.
Still makes no sense. We do not pay mail-providers for the address alone, but mainly for running the servers which deliver and store the mails. Which is the same for which USPS/Fedex/UPS/etc. are paid for.
You want a mail-address? Grab your own domain (thus pay "tax"), put a server there (build a "house") and you are there. Getting an address, be it physical or digital never comes for free, and there is not human right for having one.
Alright, then I take back what I said in my parent comment about how "we don't pay for a home address". I'll concede that we do pay for a home address.
However, that doesn't change the fact that the economic model has changed when it comes to email. We no longer pay with money, but we pay in other ways when we use Google. So it's actually worse than with mail, because there used to be a clear exchange of goods but it is now obfuscated. And thus, there is nothing mandating good service, which is why people can be randomly banned from using it.
Why should people have to pay money for a product to expect fair treatment? Is an exchange of services without money not subject to rules and regulations? Google chooses not to charge people because they've found it more beneficial to offer many of them for free. It's a model many tech companies have followed to great success. That doesn't mean they should have free reign to do whatever they please.
> Is an exchange of services without money not subject to rules and regulations?
A contract without consideration is not a valid contract. There are a few laws in some places that require companies to provide service outside of a contractual service agreement, but those are typically limited to public utilities, emergency services, etc.
GP said without money, not without consideration. Google derives a great deal of value by having your attention and data in its various products. The fact that users exchange attention and data rather than dollars doesn't give Google the right to stomp all over them.
People pay with their data. It suits Google very well. If they were able to make billions, lest they could do is to have a proper customer service. I see them now as a company exploiting their customers in every way possible and then giving them a middle finger if there is any problem they experience.
It should not be legal to respond to customer issues with bots or people not trained to deal with specific requests. If this means customers would have to pay extra, I am fine with that.
Also, there is no comprehensive opt-out. I cannot tell their ad networks to stop tracking all the devices I own.
(They have a page for stopping tracking of things I use my Google account for. That doesn’t count: They track me even when I am not logged into Google, and even on devices that cannot log into Google.)
Also, I can’t delete my gmail accounts. They were issued by third parties that decided to outsource email to Google.
There is nothing consensual about my use of Google services. I shouldn’t be bound by their EULA. I’m sure the courts would disagree.
The thing is - google makes more per user than users are willing to pay for google services. Also, their totaling vertical integration makes things hard to disentangle. If Google were to introduce paying subscription tomorrow (just shooting, 60 USD per month), what what I would be paying? Youtube? Search? Everything? What if I were willing to drop youtube and just pay for search?
Everyone pays with their data and the ads they and others are seeing. Just because you pay no cash, does not mean ther is no payment at all.
Addtionally, it's used to be quite hard to even pay in cash for googles services. Though, this changde in the last years, as there is now youtube premium and google one. But still not possible for all their services.
More than enough ,Please check average revenue per user figurs of Google at such a large scale. They are one of the most profitable companies. We are paying by our data, actual money using value added services (google one etc.) It is very bad to say that we have no leg to complain.
I'm trying to not make this sound harsh; but you really don't need a government regulator to tell you that centralising all your data with Google, who are providing largely free services, is risky.
It is like building a house on the edge of a cliff then falling off the cliff one day. It was always a real possibility. Being locked out of your stuff is quite a likely end of the story with Google.
You need a government regulator to stop large companies from buying up lots of small companies and adding them to this risk pool.
I bought 3 Nest thermostats long before Google bought them. I wouldn’t have done so after the buyout.
If google bricks my thermostats because my kid does something dumb on YouTube (through the linked tv accounts) that will suck.
I suppose regulators could also prevent companies from bundling lockouts in that shutting down gmail for YouTube problems. Or shutting down Nest for gmail problems, etc.
The phone company can’t just randomly cut off service and ghost me. Regulators are the reason for that, as I’m sure they’d love to if they could.
Nest sold you a poorly designed product. If they had sold you something that could be plugged into any network then you could reuse it. From the start the product had a big fault google buying it just highlights that design flaw.
For the record, there have been cases of companies (IIRC Cisco wifi routers) that attempted to do this retroactively - pushing a firmware update that "helpfully" made the hardware cloud managed only.
So indeed, buying open API stuff only is a good start, unfortunately one still needs to be vigilant.
> but you really don't need a government regulator to tell you that centralising all your data with Google, who are providing largely free services, is risky.
>You need a government regulator to stop large companies from buying up lots of small companies and adding them to this risk pool.
These two statements are not even close to arguing the same thing.
The previous commenter is saying that it's common sense that "centralizing all your data with Google" may not be a great idea, especially if you don't have any backup of that data and keep all of it in Google.
They are being downvoted, wrongly, by people who knee-jerk about the "don't need a government regulator" bit. But they only used that phrase as a kind illustration of the common sense that people should have about not having a backup of their data.
Yes, Google does need some government regulation. And yes, people shouldn't need a government regulator to tell them not to keep all their data in the cloud without any local backup at all.
The people on HN with ability to downvote are some the biggest assholes on the internet. Seriously worse than reddit. I guess I shouldn't be surprised.
>The phone company can’t just randomly cut off service and ghost me. Regulators are the reason for that, as I’m sure they’d love to if they could.
If you're paying your bill, why would they care?
Regulation is part of the answer, but it's also part of the problem. If a YouTube comment wasn't at risk of "being mean" or breaking arbitrary rules (pushed by regulators, Google isn't doing it on their own), you couldn't be locked out. Corporations don't gain by cancelling their customers.
> Corporations don't gain by cancelling their customers.
Sure they do. If a certain customer's behaviour is alienating or obstructing other customers, then that customer gets cancelled, because they are having a negative impact (on the business - not the users!) that is larger than the benefit they provide.
That's a net positive result.
Ignoring your whole concept of "mean", it is 100% up to the company to decide what the negative behaviour is, which is part of the problem.
Sure some of it might be "mean behaviour" and so we look at it as Google doing a good thing perhaps.
But what if you went around Google's services and informed people of better alternatives to their services, and you started to actual gain traction and cause people to stop using Google?
There's nothing mean about that, in fact you're providing a good service to those people. But in Google's eyes your actions are negative, and they could just cancel your account at their discretion because they don't like what you're saying.
That is the kind of thing that regulation protects from, when dealing with essential services - and I think there's a stronger and stronger case to be made that these large providers are in fact essential services.
p.s. Devil's advocate: the theoretical actions I described above (recommending alternatives) could so easily cross the line into spam. But who decides where that line is, if Google was to be regulated?
I was specifically addressing the other rather broad statement that I actually quoted.
To address your point too though, there are definitely customers that the phone company is required to serve that they would rather not serve, because the costs are higher than the revenue.
Remote rural customers, customers who need accessibility-related support, certain outdated services that people are grandfathered into and don't want to cancel, etc...
And again that's where regulation protects the customer from the corporation that doesn't care about the customer's needs, unless they align with their own needs or are forced to via regulation.
The blurring of and overlap/cooperation between corporation and gov't also shifts incentives. For example, you can skirt fiduciary responsibility by appealing to regulation.
There are a lot of stories of people paying for Google Services getting locked out too.
Personal experience, once I created an Adword ad using one of the image that Google Ad creator had suggested. It was nothing, just a woman in bikini. It was approved and then rejected with warning that I violated their guidelines. I wanted protest but thought probably not worth it. This could have perma banned me from Google, I stopped using AdWords.
Do you think Google really cares about this, or do they get pressure from "outside" forces to impose such rules?
I seriously doubt Google cares one wink about people posting bikini photos. These rules exist because activists put pressure on the company to enforce such rules, for better or worse.
Google is huge and they run a vast portion of the internet now. If they were to suddenly decide that all FastMail accounts should go to spam tomorrow, any users of FastMail would be SoL—they would be unable to communicate with a huge majority of the internet.
They could decide to randomly throw every 5th email that is not a gmail into spam and blame it on other providers having low reliability. Make it random enough to gently encourage you to get a gmail account again.
These are extreme examples, but Google could easily do these kinds of things and there is nothing any of us could do whether we use Gmail or not; it will affect us because they control so much.
Fear of leaks to the press from insiders discourage ideas that would leave a document trail -- plausible deniability is required. More likely then would be ever-tightening, subtly biased, anti-spam criteria.
> That would backfire spectacularly, and would probably kill gmail.
How would that kill gmail? It's not like they're going to lose any real part of their user base. Short of a press release from google confirming the behavior, the average user is not going to go through the hassle of finding a replacement provider and then changing every email address associated with every service they use (if it's even possible for the service) all for some nebulous and impossible-to-confirm conspiracy theory put forth by tech experts and security experts that don't get listened to even when there is proof. And it's not like other companies and services would take a stand by ceasing to offer service to customers with gmail accounts- that's an incredible way to lose a vast portion of your customer base.
I wish it weren't this way, but I just can't see that bringing down gmail. Especially not when every google service requires a gmail account- probably the same one most people have had for years.
A ton of online services, customer support services, government services, airlines, etc. etc. use e-mail but don't use gmail to send it.
They can't afford to let 20% of that go to spam without a backlash. And if they kept doing it despite the backlash, who knows what would have happened to gmail.
Lose a few thousand dollars or an entire vacation by google regularly blackholing messages from important and expensive services like airlines, when they send you email telling you your flight departure was changed, and you'll be looking for a better email service in no time.
Now imagine this happens to 1/5 of the customers of said airline, just because of google's 1/5 non-google mail go to spam policy. It would be a scandal.
If Google only locked you out of the functionality you seem to have violated somehow, it would still be a viable strategy to use their services.
Imagine losing the ability to comment or upload videos on YouTube because you wrote something offensive or published a video with copyrighted materials.
Potentially bad for YouTube creators, but definitely not dangerous for normal users which also use other services.
Reports like this were the reason why I removed almost all Google services from my life a few years ago, but I wouldn't have done it if the bans had been granular.
Global bans "seem" to be new. I've read many stories of shell scripts randomly permanently banning android developers for life from their platform, but those stories always involved being banned from the play console and so forth, not being banned from search / maps / gmail / youtube / etc.
It seems to be news that if you tell people in public youtube comments that you vote for Trump, or whatever it is they're enforcing today, google will fight back by disabling your thermostat or whatever.
I used to work at Google on stuff related to account bans.
Global bans are not new. They were standard a decade ago. The reason is due to the structure of the various spam/abuse industries that plague any service that allows user generated content. What happens is this:
1. Accounts get harder to create as signup security improves
2. Black/grey-market account sellers come in and start creating accounts that get bought by spammers/fraudsters.
3. Spammer/fraudster abuses an account on service X, it gets locked for service X. They sell the accounts _back_ to the seller, who then resells the account once again with a note that it can't be used for YouTube or whatever.
4. Different spammer/fraudster buys the account, abuses it on a different service, goto step 3.
Their systems have some notion of why accounts were suspended or blocked, and the tech does support individual service level blocks. But they weren't used much back then because the pattern of a user being bad on one service and then being bad on every other service was too strong.
The problem of false positives was well known a long time ago, and the noise:FP rate is very good - if a script accidentally disabled good users with even quite low volume the people in question would be on Twitter or HN within hours making articles like this one, which did get noticed. So false account blocks were pretty rare.
Back then and still now, I think Google need to make it easier to handle this situation. Strong end-user support in these situations is hard because genuine fraudsters will happily file support tickets and socially engineer support to get their accounts back - I even witnessed auto-generated pleas to support once. They were quite convincing individually, only when you saw a few thousand of them with re-arranged sentences all begging for help with identical language was it clear they were spam. However they could still make it a lot easier, and in particular, could improve Google Takeout to be easier to use (e.g. automatically uploading the backups to various non-Google services).
Why are accounts suspected of TOS violations not simply put into read-only mode instead of shutting out users completely? If the identity/authorisation of the user is not in doubt it makes zero sense to not let people download their data before closing the account.
This simple change would fix all the consumer related horror stories with zero cost to Google. In fact it would become cheaper for Google because people would stop pleading with them.
Also, why is there no one-off paid support option that covers the cost of a human checking evidence and is expensive enough to deter mass abuse by fraudsters? Why is there no option to provide a photo ID upfront so that there is always a last resort to check whether a user is who they say they are?
A lot of abuse is things like posted comments. The locks are retroactive and "account disabled" is a signal to each service to hide content generated by that user.
Read only mode would make sense for content that's truly private, or which can be made private. Nothing stops them allowing Google Takeout for disabled accounts, heck maybe they do these days.
Paid support:
1. the optics of false positives being held to ransom to get their account back is terrible. Giving the money back isn't always easy (credit cards support this sometimes but many users don't have them). And this is made worse by:
2. many accounts aren't easily verifiable. People imagine that every Google/FB user puts their entire life on these accounts. A very small number do. For those, expensive ad-hoc processes could maybe increase the account verification rate by a little bit. But most accounts that get disabled are accounts with fake names, that use exclusively one service, etc. It's extraordinarily difficult to come up with reliable ways to verify the identity of the holder of accounts that required no identity to sign up.
> Back then and still now, I think Google need to make it easier to handle this situation. Strong end-user support in these situations is hard because genuine fraudsters will happily file support tickets and socially engineer support to get their accounts back - I even witnessed auto-generated pleas to support once.
How much are accounts currently worth on the market? It seems that making the recovery procedure more expensive than the worth of the account should resolve that issue. At the same time legitimate users are probably willing to invest some money in order to recover their account.
For example offer a $20 option to send a registered letter to an address provided by the user. Then Google can check if: 1) The name on the credit card matches the name on the account, 2) a given address hasn't been used too often, 3) the identity check done by the postal service (checking if the recipient actually has a given name) succeeded.
This won't be a perfect solution and there are definitely edge cases for which it won't work (in countries without registered mail, if someone doesn't have a credit card, etc.). But it should be able to cover the majority of cases where legitimate accounts have been locked.
Most users don't have a credit card - they're not all in the USA. A big chunk don't even have bank accounts at all.
However that's basically what phone verification does. In case of suspicion someone has to provide their mobile phone number. It's texted with a code and a counter increased. The same number can't be used over and over. Unlike credit cards, the assumption of universal mobile phone access (amongst people who have internet access) is very strong. It works very well. In this case, the account was shut down without this being possible, which is only used normally for very clear cut cases. Don't assume the full story is public.
Then what you do is set up some sort of monetary charge, to verify that the person you are dealing with is real. Someone willing to pay for support is highly likely to be an actual customer, not a fraudster; and you can even have their local bank or notary to verify their identity, if you are worried about identity theft.
This is a problem that is largely solved at government scale, which is what Google is now, and there's no reason not to take advantage of existing infrastructure to do so.
The vast majority of Google accounts have no real identity associated with them. Also, this doesn't help if an account was NOT a false positive. You're assuming this guy is truly innocent of all problems, but from past experience, unfortunately I can say that sometimes when obviously non-spammy accounts go poof overnight and nobody is willing to explain why, it's because it's related to a criminal investigation.
I'm confused. The goal of my proposal was that someone who was wrongly flagged (a false positive) could identify themselves as such by being willing to put up a (cash) bounty, or identify themselves with a financial/government institution that is set to handle such things at scale. Someone who is committing fraud, or trying to steal anonymously, or is involved in other criminal activities, is extremely unlikely to do such things. Legitimate people, however would have a route out of this kafkaesque maze. That system could even be automated, and it would work better than what's going on now. At a certain point, some problems just cannot be solved with just code.
Google+ banned accounts globally if they discovered a fake name. Fun way to roll out a facebook killer. Kind of killed Google+ but that's a story for another day.
At some point companies are large enough that not having an account is an handicap. IIRC, the supreme court of Canada mentioned in a ruling that Facebook terms are unenforceable because they can't be negotiated and because not having an account in too consequential. In essence, it's not a agreement you freely enter in. It was about forced arbitration.
My point is there are limits that what private companies can do. Stretching the boundaries like that is sure to cause a strong regulatory reaction at some point.
When you have governments using Google logins or schools communicating with parents via Facebook groups, or state broadcasters reporting on Twitter as news, then the line between private company and public utility has been crossed.
That's not theft in the least. They kept the data that you gave them while using their service. Should banks throw out records for people who close accounts?
Why should a customer be punished for buying products that are not banned by the government and for tripping up on an invisible tripwire within said product?
If there were a definition for "set up to fail" it would be that customer... Or are we to assume google is a potentially hostile force, whenever it feels like being one.
We used to ban the sales of products that harmed customers.
What do you expect your average person to do? Set up their own mail provider?
A tiny number of companies set out to have an unbreakable joint monopoly over the Internet, and succeeded. Now you're blaming the average person for this - like the average person has the skills or the time to do anything about it.
The level of respect that someone like Andrej Karpathy is jarring: he should publicly apologize instead of being all saintly (oh look ma, I built a toy with 6 cameras, I am so proud of myself) while talking about deep learning or whatever crackpot stuff they are cooking over thinking they are solving world's "problems".
This is getting a bit ridiculous. Silicon Valley mindset being applied to critical safety focused products is really bad.
I hope they regulate the crap out of Tesla and God I hope comma.ai whose founder seems even more batshit crazy.
Comma.ai's system actually has an eyeball tracker that I think stops things if you are not looking where you are going which would likely prevent this kind of crash.
* Always be learning and doing. Never be stagnant. Even if you are in a very boring team you can still learn and supplement your skills / knowledge on the side. This may or may not help immediately but definitely helps long term.
* Really practice open/active listening and critical thinking: there are very smart people and it's really good to assume good intent when they talk. Critical thinking and question is more around 'where is the disconnect? How do I try and actively move towards and see their point of view'.
* Questioning authority and being able to say no.
* Don't use code reviews as a debate forum but instead as a learning forum. Granted time is of essence, so a timely resolution may be necessary but learning and actively listening through reviews helps your skills as a coder.
* Cut through heirarchy and organizational politics to achieve the larger goals for the team, the project and ultimately for Google.
